Merge pull request #22 from 5GSEC/shivkb/add-field-intent-crd

fix(nimbus): add fromSource field  to network policy in SecurityIntent CRD

config/crd/bases/intent.security.nimbus.com_securityintentbindings.yaml

@@ -11,6 +11,8 @@ spec:
     kind: SecurityIntentBinding
     listKind: SecurityIntentBindingList
     plural: securityintentbindings
+    shortNames:
+    - sib
     singular: securityintentbinding
   scope: Namespaced
   versions:

config/crd/bases/intent.security.nimbus.com_securityintents.yaml

@@ -11,6 +11,8 @@ spec:
     kind: SecurityIntent
     listKind: SecurityIntentList
     plural: securityintents
+    shortNames:
+    - sit
     singular: securityintent
   scope: Namespaced
   versions:
@@ -114,6 +116,15 @@ spec:
                                   description: MatchProtocol defines a protocol for
                                     network policies
                                   properties:
+                                    fromSource:
+                                      items:
+                                        description: FromSource defines a source path
+                                          for directory-based policies
+                                        properties:
+                                          path:
+                                            type: string
+                                        type: object
+                                      type: array
                                     protocol:
                                       type: string
                                   type: object

pkg/api/v1/securityintent_types.go

@@ -83,7 +83,8 @@ type Port struct {
 
 // MatchProtocol defines a protocol for network policies
 type MatchProtocol struct {
-	Protocol string `json:"protocol,omitempty"`
+	Protocol   string       `json:"protocol,omitempty"`
+	FromSource []FromSource `json:"fromSource,omitempty"`
 }
 
 // MatchPath defines a path for process or file policies
@@ -127,6 +128,7 @@ type SecurityIntentStatus struct {
 
 // SecurityIntent is the Schema for the securityintents API
 // +kubebuilder:object:root=true
+// +kubebuilder:resource: shortName="sit"
 // +kubebuilder:subresource:status
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 

pkg/api/v1/securityintentbinding_types.go

@@ -54,6 +54,7 @@ type SecurityIntentBindingStatus struct {
 }
 
 //+kubebuilder:object:root=true
+// +kubebuilder:resource: shortName="sib"
 //+kubebuilder:subresource:status
 
 // SecurityIntentBinding is the Schema for the securityintentbindings API

pkg/controllers/utils/utils_policy.go

@@ -227,9 +227,16 @@ func extractToKubeArmorPolicyNetworkType(bindingInfo *general.BindingInfo) kubea
 	if len(intent.Spec.Intent.Resource) > 0 && len(intent.Spec.Intent.Resource[0].Network) > 0 {
 		for _, network := range intent.Spec.Intent.Resource[0].Network {
 			for _, matchProtocol := range network.MatchProtocols {
+				var fromSources []kubearmorv1.MatchSourceType
+				for _, source := range matchProtocol.FromSource {
+					fromSources = append(fromSources, kubearmorv1.MatchSourceType{
+						Path: kubearmorv1.MatchPathType(source.Path),
+					})
+				}
 				if matchProtocol.Protocol != "" {
 					networkType.MatchProtocols = append(networkType.MatchProtocols, kubearmorv1.MatchNetworkProtocolType{
-						Protocol: kubearmorv1.MatchNetworkProtocolStringType(matchProtocol.Protocol),
+						Protocol:   kubearmorv1.MatchNetworkProtocolStringType(matchProtocol.Protocol),
+						FromSource: fromSources,
 					})
 				}
 			}