Merge branch 'main' into limit-flag

README.md

@@ -35,23 +35,25 @@ make install
 ```
 CLI Utility to help manage KubeArmor
 
+KubeArmor is a container-aware runtime security enforcement system that
+restricts the behavior (such as process execution, file access, and networking
+operation) of containers at the system level.
+
 Usage:
   karmor [command]
 
 Available Commands:
-  completion  generate the autocompletion script for the specified shell
+  completion  Generate the autocompletion script for the specified shell
+  discover    Discover applicable policies
   get         Display specified resources
   help        Help about any command
+  insight     Policy insight from discovery engine
   install     Install KubeArmor in a Kubernetes Cluster
   log         Observe Logs from KubeArmor
   sysdump     Collect system dump information for troubleshooting and error report
   uninstall   Uninstall KubeArmor from a Kubernetes Cluster
   version     Display version information
-  vm          VM commands
-
-Available VM SubCommands:
-  getscript   download vm installation script for nonk8s control plane
-  policy      policy handling for vm nonk8s control plane
+  vm          VM commands for kvmservice
 
 Flags:
   -h, --help   help for karmor

cmd/insight.go

@@ -13,8 +13,8 @@ var insightOptions insight.Options
 // insightCmd represents the insight command
 var insightCmd = &cobra.Command{
 	Use:   "insight",
-	Short: "Observe policy from the discovery engine",
-	Long:  `Observe policy from the discovery engine`,
+	Short: "Policy insight from discovery engine",
+	Long:  `Policy insight from discovery engine`,
 	RunE: func(cmd *cobra.Command, args []string) error {
 		if err := insight.StartInsight(insightOptions); err != nil {
 			return err
@@ -27,9 +27,12 @@ func init() {
 	rootCmd.AddCommand(insightCmd)
 
 	insightCmd.Flags().StringVar(&insightOptions.GRPC, "gRPC", "", "gRPC server information")
+	insightCmd.Flags().StringVar(&insightOptions.Source, "source", "all", "The DB for insight : system|network|all")
 	insightCmd.Flags().StringVar(&insightOptions.Labels, "labels", "", "Labels for resources")
 	insightCmd.Flags().StringVar(&insightOptions.Containername, "containername", "", "Filter according to the Container name")
 	insightCmd.Flags().StringVar(&insightOptions.Clustername, "clustername", "", "Filter according to the Cluster name")
 	insightCmd.Flags().StringVar(&insightOptions.Fromsource, "fromsource", "", "Filter according to the source path")
 	insightCmd.Flags().StringVarP(&insightOptions.Namespace, "namespace", "n", "", "Namespace for resources")
+	insightCmd.Flags().StringVar(&insightOptions.Type, "type", "", "NW packet type : ingress|egress")
+	insightCmd.Flags().StringVar(&insightOptions.Rule, "rule", "", "NW packet Rule")
 }

go.mod

@@ -11,7 +11,7 @@ replace (
 )
 
 require (
-	github.com/accuknox/auto-policy-discovery/src v0.0.0-20220412023742-5df1489d264b
+	github.com/accuknox/auto-policy-discovery/src v0.0.0-20220419113526-411a056ecebe
 	github.com/cilium/cilium v1.10.0
 	github.com/kubearmor/KVMService/src/types v0.0.0-20220228115540-2211247620dd
 	github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20220321102834-0971f727bd8a

go.sum

@@ -120,8 +120,8 @@ github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrU
 github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA=
 github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
-github.com/accuknox/auto-policy-discovery/src v0.0.0-20220412023742-5df1489d264b h1:r4Bw2IznyBivFgu0qrkls3vn+CowjXqtWagxp3qAHk4=
-github.com/accuknox/auto-policy-discovery/src v0.0.0-20220412023742-5df1489d264b/go.mod h1:PjyjUUBKD3cfU4a2FlUJfH3b+coUvOS8MovbZtf6xSk=
+github.com/accuknox/auto-policy-discovery/src v0.0.0-20220419113526-411a056ecebe h1:ngygWGYbUq5VqZy1ZUv5cOH11Q1Av/iIomhWlktOrug=
+github.com/accuknox/auto-policy-discovery/src v0.0.0-20220419113526-411a056ecebe/go.mod h1:PjyjUUBKD3cfU4a2FlUJfH3b+coUvOS8MovbZtf6xSk=
 github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=

insight/insight.go

@@ -11,7 +11,7 @@ import (
 	"log"
 	"os"
 
-	opb "github.com/accuknox/auto-policy-discovery/src/protobuf/v1/observability"
+	ipb "github.com/accuknox/auto-policy-discovery/src/protobuf/v1/insight"
 	"google.golang.org/grpc"
 )
 
@@ -23,6 +23,9 @@ type Options struct {
 	Clustername   string
 	Fromsource    string
 	Namespace     string
+	Source        string
+	Type          string
+	Rule          string
 }
 
 // Get insights on observability data
@@ -41,13 +44,16 @@ func StartInsight(o Options) error {
 
 	fmt.Println("gRPC server: " + gRPC)
 
-	data := &opb.Data{
+	data := &ipb.Request{
 		Request:       "observe",
+		Source:        o.Source,
 		Labels:        o.Labels,
 		ContainerName: o.Containername,
 		ClusterName:   o.Clustername,
 		FromSource:    o.Fromsource,
 		Namespace:     o.Namespace,
+		Type:          o.Type,
+		Rule:          o.Rule,
 	}
 
 	// create a client
@@ -57,10 +63,10 @@ func StartInsight(o Options) error {
 	}
 	defer conn.Close()
 
-	client := opb.NewObservabilityClient(conn)
+	client := ipb.NewInsightClient(conn)
 
 	// var response opb.Response
-	response, err := client.SysObservabilityData(context.Background(), data)
+	response, err := client.GetInsightData(context.Background(), data)
 	if err != nil {
 		return errors.New("could not connect to the server. Possible troubleshooting:\n- Check if discovery engine is running\n- Create a portforward to discovery engine service using\n\t\033[1mkubectl port-forward -n explorer service/knoxautopolicy --address 0.0.0.0 --address :: 9089:9089\033[0m\n- Configure grpc server information using\n\t\033[1mkarmor log --grpc <info>\033[0m")
 	}