chore(events/k8saudit): cleanup and minor improvements

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

events/k8saudit/yaml/configmap-private-creds.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: private-creds-configmap
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: Create.Modify-Configmap-With-Private-Credentials
-    message: Creating-configmap-with-private-credentials
+    falco.org/rule: Create.Modify-Configmap-With-Private-Credentials
 data:
   ui.properties: |
     color.good=purple

events/k8saudit/yaml/disallowed-pod-deployment.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: disallowed-pod-deployment
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: Create-Disallowed-Pod
-    message: Creating-pod-with-image-outside-of-allowed-images
+    falco.org/rule: Create-Disallowed-Pod
 spec:
   replicas: 1
   selector:

events/k8saudit/yaml/hostnetwork-deployment.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: hostnetwork-deployment
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: Create-HostNetwork-Pod
-    message: Creating-deployment-with-hostNetwork-true-pod
+    falco.org/rule: Create-HostNetwork-Pod
 spec:
   replicas: 1
   selector:

events/k8saudit/yaml/nodeport-service.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: nodeport-service
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: Create-NodePort-Service
-    message: Creating-service-of-type-NodePort
+    falco.org/rule: Create-NodePort-Service
 spec:
   type: NodePort
   ports:

events/k8saudit/yaml/privileged-deployment.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: privileged-deployment
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: Create-Privileged-Pod
-    message: Creating-deployment-with-privileged-true-pod
+    falco.org/rule: Create-Privileged-Pod
 spec:
   replicas: 1
   selector:

events/k8saudit/yaml/role-pod-exec.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: pod-exec-role
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: ClusterRole-With-Pod-Exec-Created
-    message: Creating-role-that-can-exec-to-pods
+    falco.org/rule: ClusterRole-With-Pod-Exec-Created
 rules:
 - apiGroups:
     - ""

events/k8saudit/yaml/role-wildcard-resources.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: wildcard-resources-role
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: ClusterRole-With-Write-Privileges-Created
-    message: Creating-role-with-wildcard-resources
+    falco.org/rule: ClusterRole-With-Write-Privileges-Created
 rules:
 - apiGroups:
     - ""

events/k8saudit/yaml/role-write-privileges.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: write-privileges-role
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: ClusterRole-With-Write-Privileges-Created
-    message: Creating-role-with-write-privileges
+    falco.org/rule: ClusterRole-With-Write-Privileges-Created
 rules:
 - apiGroups:
     - ""

events/k8saudit/yaml/sensitive-mount-deployment.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: sensitive-mount-deployment
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: Create-Sensitive-Mount-Pod
-    message: Creating-deployment-with-pod-mounting-sensitive-path-from-host
+    falco.org/rule: Create-Sensitive-Mount-Pod
 spec:
   replicas: 1
   selector:

events/k8saudit/yaml/vanilla-configmap.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: vanilla-configmap
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: K8s-ConfigMap-Created
-    message: Creating-configmap
+    falco.org/rule: K8s-ConfigMap-Created
 data:
   ui.properties: |
     color.good=purple

events/k8saudit/yaml/vanilla-deployment.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: vanilla-deployment
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: K8s-Deployment-Created
-    message: Creating-deployment
+    falco.org/rule: K8s-Deployment-Created
 spec:
   replicas: 1
   selector:

events/k8saudit/yaml/vanilla-role-rolebinding-serviceaccount.yaml

@@ -22,8 +22,7 @@ metadata:
   labels:
     app.kubernetes.io/name: vanilla-role-binding
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: K8s-Role.Clusterrolebinding-Created
-    message: Creating-rolebinding
+    falco.org/rule: K8s-Role.Clusterrolebinding-Created
 roleRef:
   kind: Role
   name: vanilla-role
@@ -39,5 +38,4 @@ metadata:
   labels:
     app.kubernetes.io/name: vanilla-serviceaccount
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: K8s-Serviceaccount-Created
-    message: Creating-serviceaccount
+    falco.org/rule: K8s-Serviceaccount-Created

events/k8saudit/yaml/vanilla-service.yaml

@@ -5,8 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: vanilla-service
     app.kubernetes.io/part-of: falco-event-generator
-    falco.rules: K8s-Service-Created
-    message: Creating-service
+    falco.org/rule: K8s-Service-Created
 spec:
   type: ClusterIP
   ports:

events/k8saudit/yaml_loader.go

@@ -9,6 +9,8 @@ import (
 	"github.com/falcosecurity/event-generator/events"
 	"github.com/falcosecurity/event-generator/events/k8saudit/yaml"
 	"github.com/iancoleman/strcase"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/cli-runtime/pkg/resource"
 )
 
@@ -20,10 +22,12 @@ func init() {
 		reader := bytes.NewReader(b)
 		events.RegisterWithName(func(h events.Helper) error {
 			count := 0
+			// uidMap := cmdwait.UIDMap{}
+			// infos := []*resource.Info{}
 			r := h.ResourceBuilder().
 				Unstructured().
 				// Schema(schema).
-				// ContinueOnError().
+				ContinueOnError().
 				Stream(reader, fileName).
 				Flatten().
 				Do()
@@ -35,10 +39,25 @@ func init() {
 				if err != nil {
 					return err
 				}
-				// if err := util.CreateOrUpdateAnnotation(cmdutil.GetFlagBool(cmd, cmdutil.ApplyAnnotationsFlag), info.Object, scheme.DefaultJSONEncoder()); err != nil {
-				// 	return cmdutil.AddSourceToErr("creating", info.Source, err)
-				// }
 
+				log := h.Log().WithField("resource", info.Name)
+
+				h.Cleanup(func() {
+					if _, err := resource.
+						NewHelper(info.Client, info.Mapping).
+						DeleteWithOptions(info.Namespace, info.Name, &metav1.DeleteOptions{}); err != nil {
+						log.WithError(err).Error("delete k8s resource")
+					}
+				}, log)
+
+				if uo, ok := info.Object.(*unstructured.Unstructured); ok {
+					labels := uo.GetLabels()
+					if rule, ok := labels["falco.org/rule"]; ok {
+						log = log.WithField("rule", rule)
+					}
+				}
+
+				log.Info("create k8s resource")
 				obj, err := resource.
 					NewHelper(info.Client, info.Mapping).
 					Create(info.Namespace, true, info.Object, nil)
@@ -48,7 +67,6 @@ func init() {
 				info.Refresh(obj, true)
 
 				count++
-
 				return nil
 			})
 			if err != nil {

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/spf13/viper v1.6.2
 	github.com/stretchr/testify v1.5.1
 	golang.org/x/sys v0.0.0-20191026070338-33540a1f6037
+	k8s.io/apimachinery v0.17.3
 	k8s.io/cli-runtime v0.17.3
 	k8s.io/kubectl v0.17.3
 )