Merge pull request #20 from prachidamle/add_default_profiles_cm

Add default profiles cm, additional printer columns to the CRD, clusterscan status.display.state
rancher · Sep 4, 2020 · dd2fc07 · dd2fc07
2 parents c2ce062 + 8781d39
commit dd2fc07
Show file tree

Hide file tree

Showing 38 changed files with 406 additions and 84 deletions.
diff --git a/crds/clusterscan.yaml b/crds/clusterscan.yaml
@@ -3,6 +3,31 @@ kind: CustomResourceDefinition
 metadata:
   name: clusterscans.cis.cattle.io
 spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.display.state
+    name: Status
+    type: string
+  - JSONPath: .status.lastRunScanProfileName
+    name: ClusterScanProfile
+    type: string
+  - JSONPath: .status.summary.total
+    name: Total
+    type: string
+  - JSONPath: .status.summary.pass
+    name: Pass
+    type: string
+  - JSONPath: .status.summary.fail
+    name: Fail
+    type: string
+  - JSONPath: .status.summary.skip
+    name: Skip
+    type: string
+  - JSONPath: .status.summary.notApplicable
+    name: Not Applicable
+    type: string
+  - JSONPath: .status.lastRunTimestamp
+    name: LastRunTimestamp
+    type: string
   group: cis.cattle.io
   names:
     kind: ClusterScan
@@ -16,6 +41,7 @@ spec:
         spec:
           properties:
             scanProfileName:
+              nullable: true
               type: string
           type: object
         status:
@@ -24,21 +50,45 @@ spec:
               items:
                 properties:
                   lastTransitionTime:
+                    nullable: true
                     type: string
                   lastUpdateTime:
+                    nullable: true
                     type: string
                   message:
+                    nullable: true
                     type: string
                   reason:
+                    nullable: true
                     type: string
                   status:
+                    nullable: true
                     type: string
                   type:
+                    nullable: true
                     type: string
                 type: object
               nullable: true
               type: array
+            display:
+              nullable: true
+              properties:
+                error:
+                  type: boolean
+                message:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+                transitioning:
+                  type: boolean
+              type: object
+            lastRunScanProfileName:
+              nullable: true
+              type: string
             lastRunTimestamp:
+              nullable: true
               type: string
             observedGeneration:
               type: integer

diff --git a/crds/clusterscanbenchmark.yaml b/crds/clusterscanbenchmark.yaml
@@ -3,6 +3,16 @@ kind: CustomResourceDefinition
 metadata:
   name: clusterscanbenchmarks.cis.cattle.io
 spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.clusterProvider
+    name: ClusterProvider
+    type: string
+  - JSONPath: .spec.minKubernetesVersion
+    name: MinKubernetesVersion
+    type: string
+  - JSONPath: .spec.maxKubernetesVersion
+    name: MaxKubernetesVersion
+    type: string
   group: cis.cattle.io
   names:
     kind: ClusterScanBenchmark
@@ -16,14 +26,19 @@ spec:
         spec:
           properties:
             clusterProvider:
+              nullable: true
               type: string
             customBenchmarkConfigMapName:
+              nullable: true
               type: string
             customBenchmarkConfigMapNameSpace:
+              nullable: true
               type: string
             maxKubernetesVersion:
+              nullable: true
               type: string
             minKubernetesVersion:
+              nullable: true
               type: string
           type: object
       type: object

diff --git a/crds/clusterscanprofile.yaml b/crds/clusterscanprofile.yaml
@@ -3,6 +3,10 @@ kind: CustomResourceDefinition
 metadata:
   name: clusterscanprofiles.cis.cattle.io
 spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.benchmarkVersion
+    name: BenchmarkVersion
+    type: string
   group: cis.cattle.io
   names:
     kind: ClusterScanProfile
@@ -16,9 +20,11 @@ spec:
         spec:
           properties:
             benchmarkVersion:
+              nullable: true
               type: string
             skipTests:
               items:
+                nullable: true
                 type: string
               nullable: true
               type: array

diff --git a/crds/clusterscanreport.yaml b/crds/clusterscanreport.yaml
@@ -3,6 +3,13 @@ kind: CustomResourceDefinition
 metadata:
   name: clusterscanreports.cis.cattle.io
 spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.lastRunTimestamp
+    name: LastRunTimestamp
+    type: string
+  - JSONPath: .spec.benchmarkVersion
+    name: BenchmarkVersion
+    type: string
   group: cis.cattle.io
   names:
     kind: ClusterScanReport
@@ -16,10 +23,13 @@ spec:
         spec:
           properties:
             benchmarkVersion:
+              nullable: true
               type: string
             lastRunTimestamp:
+              nullable: true
               type: string
             reportJSON:
+              nullable: true
               type: string
           type: object
       type: object

diff --git a/go.mod b/go.mod
@@ -7,13 +7,13 @@ replace k8s.io/client-go => k8s.io/client-go v0.18.0
 require (
 	github.com/blang/semver v3.5.0+incompatible
 	github.com/rancher/kubernetes-provider-detector v0.0.0-20200807181951-690274ab1fb3
-	github.com/rancher/lasso v0.0.0-20200515155337-a34e1e26ad91
+	github.com/rancher/lasso v0.0.0-20200820172840-0e4cc0ef5cb0
 	github.com/rancher/security-scan v0.1.14
-	github.com/rancher/wrangler v0.6.2-0.20200802063637-28dae3c1fc1b
+	github.com/rancher/wrangler v0.6.2-0.20200829053106-7e1dd4260224
 	github.com/sirupsen/logrus v1.4.2
 	github.com/urfave/cli v1.22.2
-	k8s.io/api v0.18.0
+	k8s.io/api v0.18.8
 	k8s.io/apiextensions-apiserver v0.18.0
-	k8s.io/apimachinery v0.18.0
+	k8s.io/apimachinery v0.18.8
 	k8s.io/client-go v10.0.0+incompatible
 )
diff --git a/go.sum b/go.sum
@@ -95,6 +95,7 @@ github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
+github.com/evanphx/json-patch v0.0.0-20200808040245-162e5629780b/go.mod h1:NAJj0yf/KaRKURN6nyi7A9IZydMivZEm9oQLWNjfKDc=
 github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M=
 github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -228,6 +229,7 @@ github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ
 github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
 github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jinzhu/gorm v0.0.0-20160404144928-5174cc5c242a/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo=
 github.com/jinzhu/inflection v0.0.0-20170102125226-1c35d901db3d/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
@@ -344,14 +346,12 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T
 github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d/go.mod h1:7DPO4domFU579Ga6E61sB9VFNaniPVwJP5C4bBCu3wA=
 github.com/rancher/kubernetes-provider-detector v0.0.0-20200807181951-690274ab1fb3 h1:A6ZJlwasEPwXhw1zI+68QVEPM9LzkXwCVlT1n1oyXe4=
 github.com/rancher/kubernetes-provider-detector v0.0.0-20200807181951-690274ab1fb3/go.mod h1:ypuJS7kP7rUiAn330xG46mj+Nhvym05GM8NqMVekpH0=
-github.com/rancher/lasso v0.0.0-20200515155337-a34e1e26ad91 h1:p4VVl0tr6YAeUILFMCn+0DKzbUOS0ah9biSsL7Sy6S4=
-github.com/rancher/lasso v0.0.0-20200515155337-a34e1e26ad91/go.mod h1:G6Vv2aj6xB2YjTVagmu4NkhBvbE8nBcGykHRENH6arI=
+github.com/rancher/lasso v0.0.0-20200820172840-0e4cc0ef5cb0 h1:ng7i8n0kzTGnXyvVK+nkb+sLm06BBNdsbd2aqJAP3lM=
+github.com/rancher/lasso v0.0.0-20200820172840-0e4cc0ef5cb0/go.mod h1:OhBBBO1pBwYp0hacWdnvSGOj+XE9yMLOLnaypIlic18=
 github.com/rancher/security-scan v0.1.14 h1:JKqWJGonIL8EBpj60Axqag/FNdWK8OcLiOYkbxRjY6s=
 github.com/rancher/security-scan v0.1.14/go.mod h1:WlLAocVyVQs5J8r0IiQXsp0ajVZO6hYi/Vo6zxjo73s=
-github.com/rancher/swarm v0.1.0 h1:aCATlZ02JfbNjGr6sbucFNa9QWNC1vVRfqXrHEYaFow=
-github.com/rancher/swarm v0.1.0/go.mod h1:4p1ah+P/fAyv67C1IPyh+lQQPrH8AgDP1Qo87iFwfgI=
-github.com/rancher/wrangler v0.6.2-0.20200802063637-28dae3c1fc1b h1:PaNYMaPcn69H9zVef342JcViQJVAAI5jssDNZj3jh+o=
-github.com/rancher/wrangler v0.6.2-0.20200802063637-28dae3c1fc1b/go.mod h1:GSBsgNCMgSgpTXoyto5e35lTm5akYQVPzse5q3/rZ4w=
+github.com/rancher/wrangler v0.6.2-0.20200829053106-7e1dd4260224 h1:NWYSyS1YiWJOB84xq0FcGDY8xQQwrfKoip2BjMSlu1g=
+github.com/rancher/wrangler v0.6.2-0.20200829053106-7e1dd4260224/go.mod h1:I7qe4DZNMOLKVa9ax7DJdBZ0XtKOppLF/dalhPX3vaE=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
@@ -601,6 +601,8 @@ k8s.io/api v0.0.0-20191214185829-ca1d04f8b0d3/go.mod h1:itOjKREfmUTvcjantxOsyYU5
 k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4=
 k8s.io/api v0.18.0 h1:lwYk8Vt7rsVTwjRU6pzEsa9YNhThbmbocQlKvNBB4EQ=
 k8s.io/api v0.18.0/go.mod h1:q2HRQkfDzHMBZL9l/y9rH63PkQl4vae0xRT+8prbrK8=
+k8s.io/api v0.18.8 h1:aIKUzJPb96f3fKec2lxtY7acZC9gQNDLVhfSGpxBAC4=
+k8s.io/api v0.18.8/go.mod h1:d/CXqwWv+Z2XEG1LgceeDmHQwpUJhROPx16SlxJgERY=
 k8s.io/apiextensions-apiserver v0.0.0-20190918161926-8f644eb6e783/go.mod h1:xvae1SZB3E17UpV59AWc271W/Ph25N+bjPyR63X6tPY=
 k8s.io/apiextensions-apiserver v0.17.2/go.mod h1:4KdMpjkEjjDI2pPfBA15OscyNldHWdBCfsWMDWAmSTs=
 k8s.io/apiextensions-apiserver v0.18.0 h1:HN4/P8vpGZFvB5SOMuPPH2Wt9Y/ryX+KRvIyAkchu1Q=
@@ -611,6 +613,8 @@ k8s.io/apimachinery v0.0.0-20191216025728-0ee8b4573e3a/go.mod h1:Ng1IY8TS7sC44KJ
 k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
 k8s.io/apimachinery v0.18.0 h1:fuPfYpk3cs1Okp/515pAf0dNhL66+8zk8RLbSX+EgAE=
 k8s.io/apimachinery v0.18.0/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA=
+k8s.io/apimachinery v0.18.8 h1:jimPrycCqgx2QPearX3to1JePz7wSbVLq+7PdBTTwQ0=
+k8s.io/apimachinery v0.18.8/go.mod h1:6sQd+iHEqmOtALqOFjSWp2KZ9F0wlU/nWm0ZgsYWMig=
 k8s.io/apiserver v0.0.0-20190918160949-bfa5e2e684ad/go.mod h1:XPCXEwhjaFN29a8NldXA901ElnKeKLrLtREO9ZhFyhg=
 k8s.io/apiserver v0.17.2/go.mod h1:lBmw/TtQdtxvrTk0e2cgtOxHizXI+d0mmGQURIHQZlo=
 k8s.io/apiserver v0.18.0/go.mod h1:3S2O6FeBBd6XTo0njUrLxiqk8GNy6wWOftjhJcXYnjw=
@@ -641,6 +645,8 @@ k8s.io/kube-openapi v0.0.0-20190816220812-743ec37842bf/go.mod h1:1TqjTSzOxsLGIKf
 k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
 k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c h1:/KUFqjjqAcY4Us6luF5RDNZ16KJtb49HfR3ZHB9qYXM=
 k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
+k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 h1:Oh3Mzx5pJ+yIumsAD0MOECPVeXsVot0UkiaCGVyfGQY=
+k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
 k8s.io/kubectl v0.0.0-20191219154910-1528d4eea6dd/go.mod h1:9ehGcuUGjXVZh0qbYSB0vvofQw2JQe6c6cO0k4wu/Oo=
 k8s.io/metrics v0.0.0-20191214191643-6b1944c9f765/go.mod h1:5V7rewilItwK0cz4nomU0b3XCcees2Ka5EBYWS1HBeM=
 k8s.io/utils v0.0.0-20190801114015-581e00157fb1/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
@@ -653,6 +659,7 @@ modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03
 modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
 modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0=
+sigs.k8s.io/cli-utils v0.16.0 h1:Wr32m1oxjIqc9G9l+igr13PeIM9LCyq8jQ8KjXKelvg=
 sigs.k8s.io/cli-utils v0.16.0/go.mod h1:9Jqm9K2W6ShhCxsEuaz6HSRKKOXigPUx3ZfypGgxBLY=
 sigs.k8s.io/controller-runtime v0.4.0/go.mod h1:ApC79lpY3PHW9xj/w9pj+lYkLgwAAUZwfXkME1Lajns=
 sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU=

diff --git a/pkg/apis/cis.cattle.io/v1/types.go b/pkg/apis/cis.cattle.io/v1/types.go
@@ -13,14 +13,15 @@ const (
 	ClusterProviderAKS = "aks"
 	ClusterProviderK3s = "k3s"
 
-	CISV1NS                      = "security-scan"
-	ClusterScanNS                = "cis-operator-system"
-	ClusterScanSA                = "cis-serviceaccount"
-	ClusterScanConfigMap         = "cis-s-config-cm"
-	ClusterScanPluginsConfigMap  = "cis-s-plugins-cm"
-	ClusterScanUserSkipConfigMap = "cis-s-user-skip-cm"
-	ClusterScanService           = "service-rancher-cis-benchmark"
-	DefaultScanOutputFileName    = "output.json"
+	CISV1NS                            = "security-scan"
+	ClusterScanNS                      = "cis-operator-system"
+	ClusterScanSA                      = "cis-serviceaccount"
+	ClusterScanConfigMap               = "cis-s-config-cm"
+	ClusterScanPluginsConfigMap        = "cis-s-plugins-cm"
+	ClusterScanUserSkipConfigMap       = "cis-s-user-skip-cm"
+	DefaultClusterScanProfileConfigMap = "default-clusterscanprofiles"
+	ClusterScanService                 = "service-rancher-cis-benchmark"
+	DefaultScanOutputFileName          = "output.json"
 
 	ClusterScanConditionCreated      = condition.Cond("Created")
 	ClusterScanConditionRunCompleted = condition.Cond("RunCompleted")
@@ -49,10 +50,19 @@ type ClusterScanSpec struct {
 }
 
 type ClusterScanStatus struct {
-	LastRunTimestamp   string                              `yaml:"last_run_timestamp" json:"lastRunTimestamp"`
-	Summary            *ClusterScanSummary                 `json:"summary,omitempty"`
-	ObservedGeneration int64                               `json:"observedGeneration"`
-	Conditions         []genericcondition.GenericCondition `json:"conditions,omitempty"`
+	Display                *ClusterScanStatusDisplay           `json:"display,omitempty"`
+	LastRunTimestamp       string                              `yaml:"last_run_timestamp" json:"lastRunTimestamp"`
+	LastRunScanProfileName string                              `json:"lastRunScanProfileName,omitempty"`
+	Summary                *ClusterScanSummary                 `json:"summary,omitempty"`
+	ObservedGeneration     int64                               `json:"observedGeneration"`
+	Conditions             []genericcondition.GenericCondition `json:"conditions,omitempty"`
+}
+
+type ClusterScanStatusDisplay struct {
+	State         string `json:"state"`
+	Message       string `json:"message"`
+	Error         bool   `json:"error"`
+	Transitioning bool   `json:"transitioning"`
 }
 
 type ClusterScanSummary struct {

diff --git a/pkg/apis/cis.cattle.io/v1/zz_generated_deepcopy.go b/pkg/apis/cis.cattle.io/v1/zz_generated_deepcopy.go
diff --git a/pkg/crds/crd.go b/pkg/crds/crd.go
@@ -35,19 +35,30 @@ func WriteCRD() error {
 func List() []crd.CRD {
 	return []crd.CRD{
 		newCRD(&cisoperator.ClusterScan{}, func(c crd.CRD) crd.CRD {
-			return c
+			return c.
+				WithColumn("Status", ".status.display.state").
+				WithColumn("ClusterScanProfile", ".status.lastRunScanProfileName").
+				WithColumn("Total", ".status.summary.total").
+				WithColumn("Pass", ".status.summary.pass").
+				WithColumn("Fail", ".status.summary.fail").
+				WithColumn("Skip", ".status.summary.skip").
+				WithColumn("Not Applicable", ".status.summary.notApplicable").
+				WithColumn("LastRunTimestamp", ".status.lastRunTimestamp")
 		}),
 		newCRD(&cisoperator.ClusterScanProfile{}, func(c crd.CRD) crd.CRD {
-			return c
+			return c.
+				WithColumn("BenchmarkVersion", ".spec.benchmarkVersion")
 		}),
 		newCRD(&cisoperator.ClusterScanReport{}, func(c crd.CRD) crd.CRD {
-			return c
-		}),
-		newCRD(&cisoperator.ScheduledScan{}, func(c crd.CRD) crd.CRD {
-			return c
+			return c.
+				WithColumn("LastRunTimestamp", ".spec.lastRunTimestamp").
+				WithColumn("BenchmarkVersion", ".spec.benchmarkVersion")
 		}),
 		newCRD(&cisoperator.ClusterScanBenchmark{}, func(c crd.CRD) crd.CRD {
-			return c
+			return c.
+				WithColumn("ClusterProvider", ".spec.clusterProvider").
+				WithColumn("MinKubernetesVersion", ".spec.minKubernetesVersion").
+				WithColumn("MaxKubernetesVersion", ".spec.maxKubernetesVersion")
 		}),
 	}
 }

diff --git a/pkg/generated/controllers/cis.cattle.io/v1/clusterscan.go b/pkg/generated/controllers/cis.cattle.io/v1/clusterscan.go