Skip to content

Commit

Permalink
add actionner kubernets:delete (#172)
Browse files Browse the repository at this point in the history 
Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
  • Loading branch information
@Issif
Issif authored Feb 9, 2024
1 parent 6d4f874 commit 9efd5ca
Show file tree
Hide file tree
Showing 14 changed files with 362 additions and 96 deletions.
61 changes: 38 additions & 23 deletions actionners/actionners.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,17 @@ package actionners
import (
"fmt"

k8sDelete "github.com/Falco-Talon/falco-talon/actionners/kubernetes/delete"
"github.com/Falco-Talon/falco-talon/actionners/kubernetes/exec"
labelize "github.com/Falco-Talon/falco-talon/actionners/kubernetes/labelize"
logActionner "github.com/Falco-Talon/falco-talon/actionners/kubernetes/log"
networkpolicy "github.com/Falco-Talon/falco-talon/actionners/kubernetes/networkpolicy"
k8sLabelize "github.com/Falco-Talon/falco-talon/actionners/kubernetes/labelize"
k8sLog "github.com/Falco-Talon/falco-talon/actionners/kubernetes/log"
"github.com/Falco-Talon/falco-talon/actionners/kubernetes/networkpolicy"
"github.com/Falco-Talon/falco-talon/actionners/kubernetes/script"
terminate "github.com/Falco-Talon/falco-talon/actionners/kubernetes/terminate"
k8sTerminate "github.com/Falco-Talon/falco-talon/actionners/kubernetes/terminate"
"github.com/Falco-Talon/falco-talon/configuration"
"github.com/Falco-Talon/falco-talon/internal/events"
kubernetes "github.com/Falco-Talon/falco-talon/internal/kubernetes/client"
k8sChecks "github.com/Falco-Talon/falco-talon/internal/kubernetes/checks"
k8s "github.com/Falco-Talon/falco-talon/internal/kubernetes/client"
"github.com/Falco-Talon/falco-talon/internal/rules"
"github.com/Falco-Talon/falco-talon/metrics"
"github.com/Falco-Talon/falco-talon/notifiers"
Expand Down Expand Up @@ -53,27 +55,29 @@ func GetDefaultActionners() *Actionners {
Category: "kubernetes",
Name: "terminate",
DefaultContinue: false,
Init: kubernetes.Init,
Checks: []checkActionner{kubernetes.CheckPodExist},
CheckParameters: terminate.CheckParameters,
Action: terminate.Action,
Init: k8s.Init,
Checks: []checkActionner{
k8sChecks.CheckPodExist,
},
CheckParameters: k8sTerminate.CheckParameters,
Action: k8sTerminate.Action,
},
&Actionner{
Category: "kubernetes",
Name: "labelize",
DefaultContinue: true,
Init: kubernetes.Init,
Checks: []checkActionner{kubernetes.CheckPodExist},
CheckParameters: labelize.CheckParameters,
Action: labelize.Action,
Init: k8s.Init,
Checks: []checkActionner{k8sChecks.CheckPodExist},
CheckParameters: k8sLabelize.CheckParameters,
Action: k8sLabelize.Action,
},
&Actionner{
Category: "kubernetes",
Name: "networkpolicy",
DefaultContinue: true,
Init: kubernetes.Init,
Init: k8s.Init,
Checks: []checkActionner{
kubernetes.CheckPodExist,
k8sChecks.CheckPodExist,
},
CheckParameters: networkpolicy.CheckParameters,
Action: networkpolicy.Action,
Expand All @@ -82,9 +86,9 @@ func GetDefaultActionners() *Actionners {
Category: "kubernetes",
Name: "exec",
DefaultContinue: true,
Init: kubernetes.Init,
Init: k8s.Init,
Checks: []checkActionner{
kubernetes.CheckPodExist,
k8sChecks.CheckPodExist,
},
CheckParameters: exec.CheckParameters,
Action: exec.Action,
Expand All @@ -93,9 +97,9 @@ func GetDefaultActionners() *Actionners {
Category: "kubernetes",
Name: "script",
DefaultContinue: true,
Init: kubernetes.Init,
Init: k8s.Init,
Checks: []checkActionner{
kubernetes.CheckPodExist,
k8sChecks.CheckPodExist,
},
CheckParameters: script.CheckParameters,
Action: script.Action,
Expand All @@ -104,12 +108,23 @@ func GetDefaultActionners() *Actionners {
Category: "kubernetes",
Name: "log",
DefaultContinue: true,
Init: kubernetes.Init,
Init: k8s.Init,
Checks: []checkActionner{
k8sChecks.CheckPodExist,
},
CheckParameters: k8sLog.CheckParameters,
Action: k8sLog.Action,
},
&Actionner{
Category: "kubernetes",
Name: "delete",
DefaultContinue: false,
Init: k8s.Init,
Checks: []checkActionner{
kubernetes.CheckPodExist,
k8sChecks.CheckTargetExist,
},
CheckParameters: logActionner.CheckParameters,
Action: logActionner.Action,
CheckParameters: nil,
Action: k8sDelete.Action,
},
)
}
Expand Down
38 changes: 0 additions & 38 deletions actionners/checks/checks.go
View file

This file was deleted.

68 changes: 68 additions & 0 deletions actionners/kubernetes/delete/delete.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
package networkpolicy

import (
"context"
"fmt"
"strings"

Check failure on line 7 in actionners/kubernetes/delete/delete.go

View workflow job for this annotation

GitHub Actions / lint / lint 

File is not `goimports`-ed with -local github.com/Falco-Talon/falco-talon (goimports)
"github.com/Falco-Talon/falco-talon/internal/events"
kubernetes "github.com/Falco-Talon/falco-talon/internal/kubernetes/client"
"github.com/Falco-Talon/falco-talon/internal/rules"
"github.com/Falco-Talon/falco-talon/utils"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func Action(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
name := event.GetTargetName()
resource := event.GetTargetResource()
namespace := event.GetTargetNamespace()

objects := map[string]string{
"name": name,
"resource": resource,
"namespace": namespace,
}

client := kubernetes.GetClient()

var err error

switch resource {
case "configmaps":
err = client.Clientset.CoreV1().ConfigMaps(namespace).Delete(context.Background(), name, metav1.DeleteOptions{})
case "secrets":
err = client.Clientset.CoreV1().Secrets(namespace).Delete(context.Background(), name, metav1.DeleteOptions{})
case "deployments":
err = client.Clientset.AppsV1().Deployments(namespace).Delete(context.Background(), name, metav1.DeleteOptions{})
case "daemonsets":
err = client.Clientset.AppsV1().DaemonSets(namespace).Delete(context.Background(), name, metav1.DeleteOptions{})
case "statefulsets":
err = client.Clientset.AppsV1().StatefulSets(namespace).Delete(context.Background(), name, metav1.DeleteOptions{})
case "replicasets":
err = client.Clientset.AppsV1().ReplicaSets(namespace).Delete(context.Background(), name, metav1.DeleteOptions{})
case "services":
err = client.Clientset.CoreV1().Services(namespace).Delete(context.Background(), name, metav1.DeleteOptions{})
case "serviceaccounts":
err = client.Clientset.CoreV1().ServiceAccounts(namespace).Delete(context.Background(), name, metav1.DeleteOptions{})
case "roles":
err = client.Clientset.RbacV1().Roles(namespace).Delete(context.Background(), name, metav1.DeleteOptions{})
case "clusterroles":
err = client.Clientset.RbacV1().ClusterRoles().Delete(context.Background(), name, metav1.DeleteOptions{})
}

if err != nil {
return utils.LogLine{
Objects: objects,
Error: err.Error(),
Status: "failure",
},
err
}

return utils.LogLine{
Objects: objects,
Output: fmt.Sprintf("the %v '%v' in the namespace '%v' has been deleted", strings.TrimSuffix(resource, "s"), name, namespace),
Status: "success",
},
nil
}
4 changes: 2 additions & 2 deletions actionners/kubernetes/exec/exec.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import (
"github.com/Falco-Talon/falco-talon/utils"
)

var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
func Action(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {

Check warning on line 19 in actionners/kubernetes/exec/exec.go

View workflow job for this annotation

GitHub Actions / lint / lint 

unused-parameter: parameter 'rule' seems to be unused, consider removing or renaming it as _ (revive)
pod := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down Expand Up @@ -108,7 +108,7 @@ var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (
nil
}

var CheckParameters = func(action *rules.Action) error {
func CheckParameters(action *rules.Action) error {
parameters := action.GetParameters()
var err error
err = utils.CheckParameters(parameters, "shell", utils.StringStr, nil, false)
Expand Down
4 changes: 2 additions & 2 deletions actionners/kubernetes/labelize/labelize.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ const (
metadataLabels = "/metadata/labels/"
)

var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
func Action(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {

Check warning on line 28 in actionners/kubernetes/labelize/labelize.go

View workflow job for this annotation

GitHub Actions / lint / lint 

unused-parameter: parameter 'rule' seems to be unused, consider removing or renaming it as _ (revive)
pod := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down Expand Up @@ -92,7 +92,7 @@ var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (
nil
}

var CheckParameters = func(action *rules.Action) error {
func CheckParameters(action *rules.Action) error {
parameters := action.GetParameters()
if err := utils.CheckParameters(parameters, "labels", utils.MapInterfaceStr, nil, true); err != nil {
return err
Expand Down
4 changes: 2 additions & 2 deletions actionners/kubernetes/log/log.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import (
"github.com/Falco-Talon/falco-talon/utils"
)

var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
func Action(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
pod := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down Expand Up @@ -98,7 +98,7 @@ var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (
nil
}

var CheckParameters = func(action *rules.Action) error {
func CheckParameters(action *rules.Action) error {
parameters := action.GetParameters()
err := utils.CheckParameters(parameters, "tail_lines", utils.IntStr, nil, false)
if err != nil {
Expand Down
4 changes: 2 additions & 2 deletions actionners/kubernetes/networkpolicy/networkpolicy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import (
"github.com/Falco-Talon/falco-talon/utils"
)

var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
func Action(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
podName := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down Expand Up @@ -232,7 +232,7 @@ func createEgressRule(action *rules.Action) (*networkingv1.NetworkPolicyEgressRu
return &networkingv1.NetworkPolicyEgressRule{To: np}, nil
}

var CheckParameters = func(action *rules.Action) error {
func CheckParameters(action *rules.Action) error {
parameters := action.GetParameters()
if err := utils.CheckParameters(parameters, "allow", utils.SliceInterfaceStr, nil, false); err != nil {
return err
Expand Down
4 changes: 2 additions & 2 deletions actionners/kubernetes/script/script.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import (
"github.com/Falco-Talon/falco-talon/utils"
)

var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
func Action(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
pod := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down Expand Up @@ -165,7 +165,7 @@ var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (
nil
}

var CheckParameters = func(action *rules.Action) error {
func CheckParameters(action *rules.Action) error {
parameters := action.GetParameters()
var err error
err = utils.CheckParameters(parameters, "shell", utils.StringStr, nil, false)
Expand Down
4 changes: 2 additions & 2 deletions actionners/kubernetes/terminate/terminate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import (
"github.com/Falco-Talon/falco-talon/utils"
)

var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
func Action(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {

Check warning on line 18 in actionners/kubernetes/terminate/terminate.go

View workflow job for this annotation

GitHub Actions / lint / lint 

unused-parameter: parameter 'rule' seems to be unused, consider removing or renaming it as _ (revive)
podName := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down Expand Up @@ -125,7 +125,7 @@ var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (
nil
}

var CheckParameters = func(action *rules.Action) error {
func CheckParameters(action *rules.Action) error {
parameters := action.GetParameters()
err := utils.CheckParameters(parameters, "grace_period_seconds", utils.IntStr, nil, false)
if err != nil {
Expand Down
21 changes: 21 additions & 0 deletions internal/events/events.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,24 @@ func (event *Event) GetNamespaceName() string {
}
return ""
}

func (event *Event) GetTargetName() string {
if event.OutputFields["ka.target.name"] != nil {
return event.OutputFields["ka.target.name"].(string)
}
return ""
}

func (event *Event) GetTargetNamespace() string {
if event.OutputFields["ka.target.namespace"] != nil {
return event.OutputFields["ka.target.namespace"].(string)
}
return ""
}

func (event *Event) GetTargetResource() string {
if event.OutputFields["ka.target.resource"] != nil {
return event.OutputFields["ka.target.resource"].(string)
}
return ""
}
Loading

0 comments on commit 9efd5ca

Please sign in to comment.