From 7bd275c62bfb967d0e41ccceca6e8e0f4d08f618 Mon Sep 17 00:00:00 2001 From: Christian Zunker Date: Tue, 26 Sep 2023 13:47:49 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20k8s.ingress=20certificates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #1867 Signed-off-by: Christian Zunker --- providers/k8s/resources/ingress.go | 27 ++++++++++++++++++--------- providers/k8s/resources/k8s.lr | 7 ++++--- providers/k8s/resources/k8s.lr.go | 16 ++++++++++++++-- 3 files changed, 36 insertions(+), 14 deletions(-) diff --git a/providers/k8s/resources/ingress.go b/providers/k8s/resources/ingress.go index 832f5abdbe..ff66e148ca 100644 --- a/providers/k8s/resources/ingress.go +++ b/providers/k8s/resources/ingress.go @@ -20,8 +20,10 @@ import ( ) type mqlK8sIngressInternal struct { - lock sync.Mutex - obj *networkingv1.Ingress + lock sync.Mutex + obj *networkingv1.Ingress + objId string + mqlK8s *mqlK8s } func (k *mqlK8s) ingresses() ([]interface{}, error) { @@ -45,11 +47,6 @@ func (k *mqlK8s) ingresses() ([]interface{}, error) { return nil, err } - tls, err := getTLS(ingress, objId, k.MqlRuntime, k.GetSecrets) - if err != nil { - return nil, err - } - r, err := CreateResource(k.MqlRuntime, "k8s.ingress", map[string]*llx.RawData{ "id": llx.StringData(objId), "uid": llx.StringData(string(obj.GetUID())), @@ -60,16 +57,28 @@ func (k *mqlK8s) ingresses() ([]interface{}, error) { "created": llx.TimeData(ts.Time), "manifest": llx.DictData(manifest), "rules": llx.ArrayData(rules, types.Resource("k8s.ingressrule")), - "tls": llx.ArrayData(tls, types.Resource("k8s.ingresstls")), }) if err != nil { return nil, err } r.(*mqlK8sIngress).obj = ingress + r.(*mqlK8sIngress).objId = objId + r.(*mqlK8sIngress).mqlK8s = k return r, nil }) } +func (k *mqlK8sIngress) tls() ([]interface{}, error) { + ingress := k.obj + objId := k.objId + tls, err := getTLS(ingress, objId, k.MqlRuntime, k.mqlK8s.GetSecrets) + if err != nil { + return nil, err + } + + return tls, nil +} + func (k *mqlK8sIngress) id() (string, error) { return k.Id.Data, nil } @@ -296,7 +305,7 @@ func getTLS(ingress *networkingv1.Ingress, objId string, runtime *plugin.Runtime ingressTls, err := CreateResource(runtime, "k8s.ingresstls", map[string]*llx.RawData{ "id": llx.StringData(fmt.Sprintf("%s-tls%d", objId, i)), "hosts": llx.ArrayData(convert.SliceAnyToInterface(tls.Hosts), types.String), - "certificates": llx.ArrayData(secret.Certificates.Data, types.Resource("core.certificate")), + "certificates": llx.ArrayData(secret.Certificates.Data, types.Resource("network.certificate")), }) if err != nil { return nil, fmt.Errorf("error creating k8s.ingresstls: %s", err) diff --git a/providers/k8s/resources/k8s.lr b/providers/k8s/resources/k8s.lr index 9a00038a12..b9e5730250 100644 --- a/providers/k8s/resources/k8s.lr +++ b/providers/k8s/resources/k8s.lr @@ -2,6 +2,7 @@ // SPDX-License-Identifier: BUSL-1.1 import "../../os/resources/os.lr" +import "../../network/resources/network.lr" option provider = "go.mondoo.com/cnquery/providers/k8s" option go_package = "go.mondoo.com/cnquery/providers/k8s/resources" @@ -465,7 +466,7 @@ private k8s.secret @defaults("namespace name created") { // Secret type type string // Secret certificates - certificates() []certificate + certificates() []network.certificate } // Kubernetes ConfigMap @@ -583,7 +584,7 @@ private k8s.ingresstls { // List of hosts associated with TLS certificate hosts []string // Certificates data from TLS Secret - certificates []core.certificate + certificates []network.certificate } // Kubernetes Ingress @@ -611,7 +612,7 @@ private k8s.ingress @defaults("namespace name created") { // Ingress rules rules []k8s.ingressrule // Ingress TLS data - tls []k8s.ingresstls + tls() []k8s.ingresstls } // Kubernetes Service Account diff --git a/providers/k8s/resources/k8s.lr.go b/providers/k8s/resources/k8s.lr.go index a753e792ee..78b0cb6509 100644 --- a/providers/k8s/resources/k8s.lr.go +++ b/providers/k8s/resources/k8s.lr.go @@ -956,7 +956,7 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ return (r.(*mqlK8sIngresstls).GetHosts()).ToDataRes(types.Array(types.String)) }, "k8s.ingresstls.certificates": func(r plugin.Resource) *plugin.DataRes { - return (r.(*mqlK8sIngresstls).GetCertificates()).ToDataRes(types.Array(types.Resource("core.certificate"))) + return (r.(*mqlK8sIngresstls).GetCertificates()).ToDataRes(types.Array(types.Resource("certificate"))) }, "k8s.ingress.id": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlK8sIngress).GetId()).ToDataRes(types.String) @@ -5766,7 +5766,19 @@ func (c *mqlK8sIngress) GetRules() *plugin.TValue[[]interface{}] { } func (c *mqlK8sIngress) GetTls() *plugin.TValue[[]interface{}] { - return &c.Tls + return plugin.GetOrCompute[[]interface{}](&c.Tls, func() ([]interface{}, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("k8s.ingress", c.__id, "tls") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.([]interface{}), nil + } + } + + return c.tls() + }) } // mqlK8sServiceaccount for the k8s.serviceaccount resource