Merge pull request #64 from anurag-rajawat/follow-up-56

fix(adapters): Update adapters to update their policies info

go.mod

@@ -47,7 +47,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.18.0 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.46.0 // indirect

internal/controller/util.go

@@ -51,9 +51,9 @@ func ownerExists(c client.Client, controllee client.Object) bool {
 	var objToGet client.Object
 
 	switch controllee.(type) {
-	case *v1.SecurityIntentBinding:
+	case *v1.NimbusPolicy:
 		objToGet = &v1.SecurityIntentBinding{}
-	case *v1.ClusterSecurityIntentBinding:
+	case *v1.ClusterNimbusPolicy:
 		objToGet = &v1.ClusterSecurityIntentBinding{}
 	}
 

pkg/adapter/nimbus-kubearmor/go.mod

@@ -3,7 +3,7 @@ module github.com/5GSEC/nimbus/pkg/adapter/nimbus-kubearmor
 go 1.21
 
 require (
-	github.com/5GSEC/nimbus v0.0.0-20240208070656-624660f34768
+	github.com/5GSEC/nimbus v0.0.0-20240220040009-4cc97b1338ad
 	github.com/go-logr/logr v1.4.1
 	github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20240125171707-8e6641511fe3
 	k8s.io/apimachinery v0.29.1

pkg/adapter/nimbus-kubearmor/go.sum

@@ -1,5 +1,5 @@
-github.com/5GSEC/nimbus v0.0.0-20240208070656-624660f34768 h1:v2fY3lWXydstfekQSHs9n0TpNnTteC7Iws3ojwGtFJk=
-github.com/5GSEC/nimbus v0.0.0-20240208070656-624660f34768/go.mod h1:yw79m9f1+f3tBSZCMQKbNVKL39Q71FyGyoa8nClo1Hs=
+github.com/5GSEC/nimbus v0.0.0-20240220040009-4cc97b1338ad h1:vr8/EtADzXyAYOsZbG8KhSO7ClELdQMjWEfHde5C3yA=
+github.com/5GSEC/nimbus v0.0.0-20240220040009-4cc97b1338ad/go.mod h1:YgeRR5ijLJHHeapCUekTfLJXMVrqOMVT2rCsqHlKLdU=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=

pkg/adapter/nimbus-kubearmor/manager/manager.go

@@ -145,17 +145,14 @@ func createOrUpdateKsp(ctx context.Context, npName, npNamespace string) {
 			logger.Info("KubeArmorPolicy configured", "KubeArmorPolicy.Name", existingKsp.Name, "KubeArmorPolicy.Namespace", existingKsp.Namespace)
 		}
 
-		// Due to adapters' dependency on nimbus module, the docker image build is
-		// failing. The relevant code is commented out below (lines 153-155). We shall
-		// uncomment this code in a subsequent PR.
-
 		// Every adapter is responsible for updating the status field of the
 		// corresponding NimbusPolicy with the number and names of successfully created
-		// policies. This provides feedback to users about the translation and deployment
-		// of their security intent.
-		//if err = adapterutil.UpdateNpStatus(ctx, k8sClient, "KubeArmorPolicy/"+ksp.Name, np.Name, np.Namespace); err != nil {
-		//	logger.Error(err, "failed to update KubeArmorPolicies status in NimbusPolicy")
-		//}
+		// policies by calling the 'adapterutil.UpdateNpStatus' API. This provides
+		// feedback to users about the translation and deployment of their security
+		// intent.
+		if err = adapterutil.UpdateNpStatus(ctx, k8sClient, "KubeArmorPolicy/"+ksp.Name, np.Name, np.Namespace); err != nil {
+			logger.Error(err, "failed to update KubeArmorPolicies status in NimbusPolicy")
+		}
 	}
 }
 

pkg/adapter/nimbus-kubearmor/watcher/kspwatcher.go

@@ -4,9 +4,7 @@
 package watcher
 
 import (
-	"bytes"
 	"context"
-	"encoding/json"
 	"time"
 
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -53,15 +51,8 @@ func WatchKsps(ctx context.Context, updatedKspCh, deletedKspCh chan common.Reque
 				return
 			}
 
-			oldSpec, errOld := oldU.Object["spec"].(map[string]interface{})
-			newSpec, errNew := newU.Object["spec"].(map[string]interface{})
-
-			if errOld && errNew {
-				oldSpecBytes, _ := json.Marshal(oldSpec)
-				newSpecBytes, _ := json.Marshal(newSpec)
-				if bytes.Equal(oldSpecBytes, newSpecBytes) {
-					return
-				}
+			if oldU.GetGeneration() == newU.GetGeneration() {
+				return
 			}
 
 			kspNamespacedName := common.Request{

pkg/adapter/nimbus-netpol/go.mod

@@ -3,7 +3,7 @@ module github.com/5GSEC/nimbus/pkg/adapter/nimbus-netpol
 go 1.21
 
 require (
-	github.com/5GSEC/nimbus v0.0.0-20240208070656-624660f34768
+	github.com/5GSEC/nimbus v0.0.0-20240220040009-4cc97b1338ad
 	github.com/go-logr/logr v1.4.1
 	k8s.io/api v0.29.1
 	k8s.io/apimachinery v0.29.1

pkg/adapter/nimbus-netpol/go.sum

@@ -1,5 +1,5 @@
-github.com/5GSEC/nimbus v0.0.0-20240208070656-624660f34768 h1:v2fY3lWXydstfekQSHs9n0TpNnTteC7Iws3ojwGtFJk=
-github.com/5GSEC/nimbus v0.0.0-20240208070656-624660f34768/go.mod h1:yw79m9f1+f3tBSZCMQKbNVKL39Q71FyGyoa8nClo1Hs=
+github.com/5GSEC/nimbus v0.0.0-20240220040009-4cc97b1338ad h1:vr8/EtADzXyAYOsZbG8KhSO7ClELdQMjWEfHde5C3yA=
+github.com/5GSEC/nimbus v0.0.0-20240220040009-4cc97b1338ad/go.mod h1:YgeRR5ijLJHHeapCUekTfLJXMVrqOMVT2rCsqHlKLdU=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
@@ -152,6 +152,7 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
+golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

pkg/adapter/nimbus-netpol/manager/netpols_manager.go

@@ -140,17 +140,14 @@ func createOrUpdateNetworkPolicy(ctx context.Context, npName, npNamespace string
 			logger.Info("NetworkPolicy configured", "NetworkPolicy.Name", netpol.Name, "NetworkPolicy.Namespace", netpol.Namespace)
 		}
 
-		// Due to adapters' dependency on nimbus module, the docker image build is
-		// failing. The relevant code is commented out below (lines 153-155). We shall
-		// uncomment this code in a subsequent PR.
-
 		// Every adapter is responsible for updating the status field of the
 		// corresponding NimbusPolicy with the number and names of successfully created
-		// policies. This provides feedback to users about the translation and deployment
-		// of their security intent.
-		//if err = adapterutil.UpdateNpStatus(ctx, k8sClient, "NetworkPolicy/"+netpol.Name, np.Name, np.Namespace); err != nil {
-		//	logger.Error(err, "failed to update NetworkPolicies status in NimbusPolicy")
-		//}
+		// policies by calling the 'adapterutil.UpdateNpStatus' API. This provides
+		// feedback to users about the translation and deployment of their security
+		// intent.
+		if err = adapterutil.UpdateNpStatus(ctx, k8sClient, "NetworkPolicy/"+netpol.Name, np.Name, np.Namespace); err != nil {
+			logger.Error(err, "failed to update NetworkPolicies status in NimbusPolicy")
+		}
 	}
 }
 

pkg/adapter/nimbus-netpol/watcher/netpolwatcher.go

@@ -4,9 +4,7 @@
 package watcher
 
 import (
-	"bytes"
 	"context"
-	"encoding/json"
 	"time"
 
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -53,15 +51,8 @@ func WatchNetpols(ctx context.Context, updatedNetpolCh, deletedNetpolCh chan com
 				return
 			}
 
-			oldSpec, errOld := oldU.Object["spec"].(map[string]interface{})
-			newSpec, errNew := newU.Object["spec"].(map[string]interface{})
-
-			if errOld && errNew {
-				oldSpecBytes, _ := json.Marshal(oldSpec)
-				newSpecBytes, _ := json.Marshal(newSpec)
-				if bytes.Equal(oldSpecBytes, newSpecBytes) {
-					return
-				}
+			if oldU.GetGeneration() == newU.GetGeneration() {
+				return
 			}
 
 			netpolNamespacedName := common.Request{