From c665bf1021b231a8d828aeaa9d31bdd17b11c357 Mon Sep 17 00:00:00 2001
From: Rahul Jadhav <nyrahul@gmail.com>
Date: Thu, 19 Sep 2024 12:11:19 +0530
Subject: [PATCH] allowing jobs to be deployed in different namespaces, save to
 s3

Signed-off-by: Rahul Jadhav <nyrahul@gmail.com>
---
 cis-k8s-job/README.md                                     | 2 +-
 k8s-risk-assessment-job/templates/clusterrole.yaml        | 2 +-
 k8s-risk-assessment-job/templates/clusterrolebinding.yaml | 4 ++--
 k8s-risk-assessment-job/templates/configmap.yaml          | 2 +-
 k8tls-job/templates/k8tls-cronjob.yaml                    | 8 ++++----
 k8tls-job/templates/k8tls-job.yaml                        | 2 +-
 kiem-job/templates/deployment.yaml                        | 2 +-
 kiem-job/templates/job.yaml                               | 2 +-
 kiem-job/templates/role.yaml                              | 2 +-
 kiem-job/templates/rolebinding.yaml                       | 4 ++--
 10 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/cis-k8s-job/README.md b/cis-k8s-job/README.md
index e9ab447..86097a6 100644
--- a/cis-k8s-job/README.md
+++ b/cis-k8s-job/README.md
@@ -64,7 +64,7 @@ cat <<<$(jq '. += {
 
  - Sending output file to AccuKnox SaaS
 ```sh
-curl --location --request POST 'https://cspm.demo.accuknox.com/api/v1/artifact/?tenant_id=$tenantId&data_type=KB&save_to_s3=false' --header 'Tenant-Id: $tenantId' --header "Authorization: Bearer $token" --form 'file=@"./results.json"'
+curl --location --request POST 'https://cspm.demo.accuknox.com/api/v1/artifact/?tenant_id=$tenantId&data_type=KB&save_to_s3=true' --header 'Tenant-Id: $tenantId' --header "Authorization: Bearer $token" --form 'file=@"./results.json"'
 ```
 > Replace value of `$tenantId` from AccuKnox Tenant ID & `$token` from AccuKnox Token
 
diff --git a/k8s-risk-assessment-job/templates/clusterrole.yaml b/k8s-risk-assessment-job/templates/clusterrole.yaml
index 73564d6..1adb9a6 100644
--- a/k8s-risk-assessment-job/templates/clusterrole.yaml
+++ b/k8s-risk-assessment-job/templates/clusterrole.yaml
@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: k8s-risk-assessment-job-clusterrole
+  name: {{ .Release.Namespace }}-k8s-assessment-crole
 rules:
   - apiGroups:
       - ''
diff --git a/k8s-risk-assessment-job/templates/clusterrolebinding.yaml b/k8s-risk-assessment-job/templates/clusterrolebinding.yaml
index 7009a19..f19a073 100644
--- a/k8s-risk-assessment-job/templates/clusterrolebinding.yaml
+++ b/k8s-risk-assessment-job/templates/clusterrolebinding.yaml
@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: k8s-risk-assessment-job-clusterrole-binding
+  name: {{ .Release.Namespace }}-k8s-assessment-crb
 subjects:
 - namespace: {{ .Release.Namespace }}
   kind: ServiceAccount
@@ -9,4 +9,4 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: k8s-risk-assessment-job-clusterrole
+  name: {{ .Release.Namespace }}-k8s-assessment-crole
diff --git a/k8s-risk-assessment-job/templates/configmap.yaml b/k8s-risk-assessment-job/templates/configmap.yaml
index 54b913c..d5c5b04 100644
--- a/k8s-risk-assessment-job/templates/configmap.yaml
+++ b/k8s-risk-assessment-job/templates/configmap.yaml
@@ -37,4 +37,4 @@ data:
     --header "Authorization: Bearer ${AUTH_TOKEN}" \
     --header "Tenant-Id: ${TENANT_ID}" \
     --form "file=@\"/data/report.json\"" \
-    "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KS&save_to_s3=false&label_id=${LABEL_NAME}"
+    "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KS&save_to_s3=true&label_id=${LABEL_NAME}"
diff --git a/k8tls-job/templates/k8tls-cronjob.yaml b/k8tls-job/templates/k8tls-cronjob.yaml
index 24546a5..4c7feb1 100644
--- a/k8tls-job/templates/k8tls-cronjob.yaml
+++ b/k8tls-job/templates/k8tls-cronjob.yaml
@@ -7,7 +7,7 @@ metadata:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: k8tls-cr
+  name: {{ .Release.Namespace }}-k8tls-cr
 rules:
 - apiGroups: [""]
   resources: ["services"]
@@ -16,11 +16,11 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: k8tls-crb
+  name: {{ .Release.Namespace }}-k8tls-crb
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: k8tls-cr
+  name: {{ .Release.Namespace }}-k8tls-cr
 subjects:
 - kind: ServiceAccount
   name: k8tls-serviceact
@@ -42,7 +42,7 @@ spec:
           containers:
           - image: accuknox/accuknox-job:latest
             command: ["/bin/sh", "-c"]
-            args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
+            args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
             name: k8tls-job
             resources: {}
             env:
diff --git a/k8tls-job/templates/k8tls-job.yaml b/k8tls-job/templates/k8tls-job.yaml
index ca52785..250e8d0 100644
--- a/k8tls-job/templates/k8tls-job.yaml
+++ b/k8tls-job/templates/k8tls-job.yaml
@@ -12,7 +12,7 @@ spec:
       containers:
       - image: accuknox/accuknox-job:latest
         command: ["/bin/sh", "-c"]
-        args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
+        args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
         name: k8tls-job
         resources: {}
         env:
diff --git a/kiem-job/templates/deployment.yaml b/kiem-job/templates/deployment.yaml
index c54fa50..b982671 100644
--- a/kiem-job/templates/deployment.yaml
+++ b/kiem-job/templates/deployment.yaml
@@ -26,7 +26,7 @@ spec:
                   mountPath: /data
           containers:
             - image: accuknox/accuknox-job:latest
-              command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
+              command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=true&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
               name: accuknox-kiem-cronjob
               resources: {}
               env:
diff --git a/kiem-job/templates/job.yaml b/kiem-job/templates/job.yaml
index 99407ff..55b8d36 100644
--- a/kiem-job/templates/job.yaml
+++ b/kiem-job/templates/job.yaml
@@ -21,7 +21,7 @@ spec:
               mountPath: /data
       containers:
         - image: accuknox/accuknox-job:latest
-          command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
+          command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=true&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
           name: accuknox-kiem-job
           resources: {}
           env:
diff --git a/kiem-job/templates/role.yaml b/kiem-job/templates/role.yaml
index bc21f2e..f93ae9e 100644
--- a/kiem-job/templates/role.yaml
+++ b/kiem-job/templates/role.yaml
@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: kiem-cluster-role
+  name: {{ .Release.Namespace }}-kiem-cluster-role
 rules:
   - apiGroups:
         - ""
diff --git a/kiem-job/templates/rolebinding.yaml b/kiem-job/templates/rolebinding.yaml
index a0ea35b..257803c 100644
--- a/kiem-job/templates/rolebinding.yaml
+++ b/kiem-job/templates/rolebinding.yaml
@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: api-cluster-role-binding
+  name: {{ .Release.Namespace }}-api-cluster-role-binding
 subjects:
 - namespace: {{ .Release.Namespace }} 
   kind: ServiceAccount
@@ -9,4 +9,4 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: kiem-cluster-role
\ No newline at end of file
+  name: {{ .Release.Namespace }}-kiem-cluster-role