Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/network scanner control #1592

Open
wants to merge 22 commits into
base: master
Choose a base branch
from
Open

Feature/network scanner control #1592

wants to merge 22 commits into from

Conversation

amitschendel
Copy link
Contributor

@amitschendel amitschendel commented Jan 25, 2024
edited by github-actions bot

User description

Overview

Type

enhancement, tests

Description

  • Implemented and tested network scanner functionality to identify unauthenticated services.
  • Added rego support for network scanner integration.
  • Updated dependencies to support new functionality.
  • Registered new rego function for network scanning in the processor handler.

Changes walkthrough

Relevant files
Tests
networkscanner_test.go
Adding Network Scanner Functionality Test                               

core/pkg/opaprocessor/networkscanner_test.go

  • Added a test for isUnauthenticatedService function.
  • Demonstrates handling of unauthenticated services using a mock Redis
    server.
    		• +78/-0   
    Enhancement
    networkscanner.go
    Implement Network Scanner Functionality                                   

    core/pkg/opaprocessor/networkscanner.go

  • Implemented isUnauthenticatedService to check for unauthenticated
    services.
  • Utilizes kubescape-network-scanner for scanning.
  • Handles timeout with a log error.
    		• +49/-0   
    utils.go
    Rego Support for Network Scanner                                                 

    core/pkg/opaprocessor/utils.go

  • Added rego function declaration and definition for network scanner.
  • Handles conversion of service, port, and namespace parameters for the
    scanner.
    		• +30/-0   
    processorhandler.go
    Register Network Scanner Rego Function                                     

    core/pkg/opaprocessor/processorhandler.go

    • Registered the network scanner rego function.
    		 +1/-0     
    Dependencies
    go.mod
    Update Dependencies for Network Scanner                                   

    go.mod

  • Updated several package versions including github.com/google/uuid and
    go.opentelemetry.io/otel.
  • Added new dependencies for network scanning and other functionalities.
    		• +68/-33 

    PR-Agent usage:
    Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

    @amitschendel
    Adding needed packages
    da2293d 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Adding rego registration function
    3075cc6 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Adding function defenition
    4412356 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Adding network scanner function
    7707c1d 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Adding network scanner test
    d977cfc 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Adding variable to function defention
    2ddf2a7 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Fixing variable type
    e24d96c 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Fixing network scanner rego
    cd476cd 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Adding namespace support
    c24eff3 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Updating packages
    97a5f33 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Adding a check to see if the service is detect before alerting
    79e7db3 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Removing grpc logger
    dde88e0 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Fixing function
    af8fde6 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Adding fixed packages
    a28c48d 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Fixing test
    a0fc4c6 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Adding timeout for service discovery
    d742b9f 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Bumping network scanner version to v0.0.11
    6c98c68 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Adding error log in case of a timeout
    39365f5 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel amitschendel marked this pull request as ready for review February 1, 2024 08:30
    @matthyx
    Copy link
    Contributor

    matthyx commented Feb 20, 2024

    can you rebase?

    @matthyx
    Copy link
    Contributor

    matthyx commented Feb 20, 2024

    /describe

    @github-actions GitHub Actions
    Copy link

    PR Description updated to latest commit (39365f5)

    dwertent
    dwertent reviewed Mar 3, 2024
    View reviewed changes
    core/pkg/opaprocessor/networkscanner.go Outdated
    // Check if the service is unauthenticated using kubescape-network-scanner.
    func isUnauthenticatedService(host string, port int, namespace string) bool {
    // Skip kube-system namespace.
    if namespace == "kube-system" {
    Copy link
    Contributor

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    @slashben Do we want to skip on the KS namespace as well?

    @amitschendel
    Resolving conflicts
    a96ce7e 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Fixing go.mod and go.sum
    57470eb 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Passing the service fqdn from outside
    bfd6886 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    @amitschendel
    Adding new network scanner
    af31ea5 
    Signed-off-by: Amit Schendel <amitschendel@gmail.com>
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers

    @matthyx matthyx Awaiting requested review from matthyx

    @amirmalka amirmalka Awaiting requested review from amirmalka

    @dwertent dwertent Awaiting requested review from dwertent

    At least 1 approving review is required to merge this pull request.

    Assignees
    No one assigned
    Labels
    Enhancement Tests
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.

    None yet
    3 participants
    @amitschendel @matthyx @dwertent