From d4cac7a12f078b7a444b189df5cf6832faa54850 Mon Sep 17 00:00:00 2001
From: Saurabh Kumar <saurabh@deepfence.io>
Date: Mon, 16 Oct 2023 09:32:54 +0530
Subject: [PATCH] #1552 Posture Linux, Kubernetes to host, cluster

---
 .../{kubernetes => cluster}/nsa-cisa.json     |  0
 .../nsa-cisa_benchmarks.json                  |  0
 .../cloud_controls/{linux => host}/gdpr.json  |  0
 .../cloud_controls/{linux => host}/hipaa.json |  0
 .../cloud_controls/{linux => host}/nist.json  |  0
 .../cloud_controls/{linux => host}/pci.json   |  0
 deepfence_server/handler/cloud_node.go        |  2 +-
 deepfence_server/model/cloud_node.go          | 52 +++++++++----------
 deepfence_server/reporters/search/search.go   |  2 +-
 deepfence_utils/utils/structs.go              |  2 +-
 deepfence_worker/cronjobs/cloud_compliance.go | 18 +++----
 11 files changed, 38 insertions(+), 38 deletions(-)
 rename deepfence_server/cloud_controls/{kubernetes => cluster}/nsa-cisa.json (100%)
 rename deepfence_server/cloud_controls/{kubernetes => cluster}/nsa-cisa_benchmarks.json (100%)
 rename deepfence_server/cloud_controls/{linux => host}/gdpr.json (100%)
 rename deepfence_server/cloud_controls/{linux => host}/hipaa.json (100%)
 rename deepfence_server/cloud_controls/{linux => host}/nist.json (100%)
 rename deepfence_server/cloud_controls/{linux => host}/pci.json (100%)

diff --git a/deepfence_server/cloud_controls/kubernetes/nsa-cisa.json b/deepfence_server/cloud_controls/cluster/nsa-cisa.json
similarity index 100%
rename from deepfence_server/cloud_controls/kubernetes/nsa-cisa.json
rename to deepfence_server/cloud_controls/cluster/nsa-cisa.json
diff --git a/deepfence_server/cloud_controls/kubernetes/nsa-cisa_benchmarks.json b/deepfence_server/cloud_controls/cluster/nsa-cisa_benchmarks.json
similarity index 100%
rename from deepfence_server/cloud_controls/kubernetes/nsa-cisa_benchmarks.json
rename to deepfence_server/cloud_controls/cluster/nsa-cisa_benchmarks.json
diff --git a/deepfence_server/cloud_controls/linux/gdpr.json b/deepfence_server/cloud_controls/host/gdpr.json
similarity index 100%
rename from deepfence_server/cloud_controls/linux/gdpr.json
rename to deepfence_server/cloud_controls/host/gdpr.json
diff --git a/deepfence_server/cloud_controls/linux/hipaa.json b/deepfence_server/cloud_controls/host/hipaa.json
similarity index 100%
rename from deepfence_server/cloud_controls/linux/hipaa.json
rename to deepfence_server/cloud_controls/host/hipaa.json
diff --git a/deepfence_server/cloud_controls/linux/nist.json b/deepfence_server/cloud_controls/host/nist.json
similarity index 100%
rename from deepfence_server/cloud_controls/linux/nist.json
rename to deepfence_server/cloud_controls/host/nist.json
diff --git a/deepfence_server/cloud_controls/linux/pci.json b/deepfence_server/cloud_controls/host/pci.json
similarity index 100%
rename from deepfence_server/cloud_controls/linux/pci.json
rename to deepfence_server/cloud_controls/host/pci.json
diff --git a/deepfence_server/handler/cloud_node.go b/deepfence_server/handler/cloud_node.go
index 3af5ac436c..154f6c74b4 100644
--- a/deepfence_server/handler/cloud_node.go
+++ b/deepfence_server/handler/cloud_node.go
@@ -161,7 +161,7 @@ func (h *Handler) ListCloudNodeAccountHandler(w http.ResponseWriter, r *http.Req
 	}
 
 	if utils.StringToCloudProvider(req.CloudProvider) == -1 {
-		if req.CloudProvider != model.PostureProviderKubernetes && req.CloudProvider != model.PostureProviderLinux {
+		if req.CloudProvider != model.PostureProviderCluster && req.CloudProvider != model.PostureProviderHost {
 			err = fmt.Errorf("unknown Provider: %s", req.CloudProvider)
 			log.Error().Msgf("%v", err)
 			h.respondError(&BadDecoding{err}, w)
diff --git a/deepfence_server/model/cloud_node.go b/deepfence_server/model/cloud_node.go
index 850b745b86..f0a83f545f 100644
--- a/deepfence_server/model/cloud_node.go
+++ b/deepfence_server/model/cloud_node.go
@@ -16,17 +16,17 @@ import (
 )
 
 const (
-	PostureProviderAWS        = "aws"
-	PostureProviderAWSOrg     = "aws_org"
-	PostureProviderGCP        = "gcp"
-	PostureProviderGCPOrg     = "gcp_org"
-	PostureProviderAzure      = "azure"
-	PostureProviderLinux      = "linux"
-	PostureProviderKubernetes = "kubernetes"
+	PostureProviderAWS     = "aws"
+	PostureProviderAWSOrg  = "aws_org"
+	PostureProviderGCP     = "gcp"
+	PostureProviderGCPOrg  = "gcp_org"
+	PostureProviderAzure   = "azure"
+	PostureProviderHost    = "host"
+	PostureProviderCluster = "cluster"
 )
 
 var SupportedPostureProviders = []string{PostureProviderAWS, PostureProviderGCP,
-	PostureProviderAzure, PostureProviderLinux, PostureProviderKubernetes}
+	PostureProviderAzure, PostureProviderHost, PostureProviderCluster}
 
 type CloudNodeAccountRegisterReq struct {
 	NodeId              string            `json:"node_id" required:"true"`
@@ -77,9 +77,9 @@ type CloudNodeAccountInfo struct {
 
 func (v CloudNodeAccountInfo) NodeType() string {
 	switch v.CloudProvider {
-	case PostureProviderKubernetes:
+	case PostureProviderCluster:
 		return utils.NodeTypeKubernetesCluster
-	case PostureProviderLinux:
+	case PostureProviderHost:
 		return utils.NodeTypeHost
 	}
 	return utils.NodeTypeCloudNode
@@ -93,7 +93,7 @@ func (v CloudNodeAccountInfo) ScanType() utils.Neo4jScanType {
 	switch v.CloudProvider {
 	case PostureProviderAWS, PostureProviderGCP, PostureProviderAzure, PostureProviderAWSOrg:
 		return utils.NEO4J_CLOUD_COMPLIANCE_SCAN
-	case PostureProviderKubernetes, PostureProviderLinux:
+	case PostureProviderCluster, PostureProviderHost:
 		return utils.NEO4J_COMPLIANCE_SCAN
 	default:
 		return utils.NEO4J_CLOUD_COMPLIANCE_SCAN
@@ -104,7 +104,7 @@ func (v CloudNodeAccountInfo) ScanResultType() string {
 	switch v.CloudProvider {
 	case PostureProviderAWS, PostureProviderGCP, PostureProviderAzure, PostureProviderAWSOrg:
 		return "CloudCompliance"
-	case PostureProviderKubernetes, PostureProviderLinux:
+	case PostureProviderCluster, PostureProviderHost:
 		return "Compliance"
 	default:
 		return "CloudCompliance"
@@ -113,9 +113,9 @@ func (v CloudNodeAccountInfo) ScanResultType() string {
 
 func (v CloudNodeAccountInfo) GetPassStatus() []string {
 	switch v.CloudProvider {
-	case PostureProviderAWS, PostureProviderGCP, PostureProviderAzure, PostureProviderAWSOrg, PostureProviderKubernetes:
+	case PostureProviderAWS, PostureProviderGCP, PostureProviderAzure, PostureProviderAWSOrg, PostureProviderCluster:
 		return []string{"ok", "info", "skip"}
-	case PostureProviderLinux:
+	case PostureProviderHost:
 		return []string{"warn", "pass"}
 	default:
 		return []string{"skip", "ok", "info", "pass", "warn"}
@@ -158,7 +158,7 @@ type PendingCloudComplianceScan struct {
 
 type CloudNodeControlReq struct {
 	NodeId         string `json:"node_id"`
-	CloudProvider  string `json:"cloud_provider" required:"true" enum:"aws,gcp,azure,linux,kubernetes"`
+	CloudProvider  string `json:"cloud_provider" required:"true" enum:"aws,gcp,azure,host,cluster"`
 	ComplianceType string `json:"compliance_type" required:"true"`
 }
 
@@ -270,8 +270,8 @@ func GetCloudProvidersList(ctx context.Context) ([]PostureProvider, error) {
 		{Name: PostureProviderGCP, NodeLabel: "Accounts"},
 		// {Name: PostureProviderGCPOrg, NodeLabel: "Organizations"},
 		{Name: PostureProviderAzure, NodeLabel: "Accounts"},
-		{Name: PostureProviderLinux, NodeLabel: "Hosts"},
-		{Name: PostureProviderKubernetes, NodeLabel: "Clusters"},
+		{Name: PostureProviderHost, NodeLabel: "Hosts"},
+		{Name: PostureProviderCluster, NodeLabel: "Clusters"},
 	}
 	providersIndex := make(map[string]int)
 	for i, provider := range postureProviders {
@@ -291,14 +291,14 @@ func GetCloudProvidersList(ctx context.Context) ([]PostureProvider, error) {
 		if err == nil {
 			for _, record := range records {
 				if record.Values[0].(bool) == true {
-					postureProviders[providersIndex[PostureProviderLinux]].NodeCount = record.Values[1].(int64)
+					postureProviders[providersIndex[PostureProviderHost]].NodeCount = record.Values[1].(int64)
 				} else {
-					postureProviders[providersIndex[PostureProviderLinux]].NodeCountInactive = record.Values[1].(int64)
+					postureProviders[providersIndex[PostureProviderHost]].NodeCountInactive = record.Values[1].(int64)
 				}
 			}
 		}
 	} else {
-		log.Warn().Msgf("GetCloudProvidersList Linux : %v", err)
+		log.Warn().Msgf("GetCloudProvidersList Host : %v", err)
 	}
 
 	// Kubernetes
@@ -311,9 +311,9 @@ func GetCloudProvidersList(ctx context.Context) ([]PostureProvider, error) {
 		if err == nil {
 			for _, record := range records {
 				if record.Values[0].(bool) == true {
-					postureProviders[providersIndex[PostureProviderKubernetes]].NodeCount = record.Values[1].(int64)
+					postureProviders[providersIndex[PostureProviderCluster]].NodeCount = record.Values[1].(int64)
 				} else {
-					postureProviders[providersIndex[PostureProviderKubernetes]].NodeCountInactive = record.Values[1].(int64)
+					postureProviders[providersIndex[PostureProviderCluster]].NodeCountInactive = record.Values[1].(int64)
 				}
 			}
 		}
@@ -373,17 +373,17 @@ func GetCloudComplianceNodesList(ctx context.Context, cloudProvider string, fw F
 	} else if cloudProvider == PostureProviderGCPOrg {
 		cloudProvider = PostureProviderGCP
 		isOrgListing = true
-	} else if cloudProvider == PostureProviderKubernetes {
+	} else if cloudProvider == PostureProviderCluster {
 		neo4jNodeType = "KubernetesCluster"
-	} else if cloudProvider == PostureProviderLinux {
+	} else if cloudProvider == PostureProviderHost {
 		neo4jNodeType = "Node"
 		passStatus = []string{"warn", "pass"}
 	}
 	var res neo4j.Result
 	var query string
-	if cloudProvider == PostureProviderKubernetes || cloudProvider == PostureProviderLinux {
+	if cloudProvider == PostureProviderCluster || cloudProvider == PostureProviderHost {
 		nonKubeFilter := ""
-		if cloudProvider == PostureProviderLinux {
+		if cloudProvider == PostureProviderHost {
 			nonKubeFilter = "{kubernetes_cluster_id:''}"
 		}
 		query = `
diff --git a/deepfence_server/reporters/search/search.go b/deepfence_server/reporters/search/search.go
index 76b4ec13fc..bd593f1a6f 100644
--- a/deepfence_server/reporters/search/search.go
+++ b/deepfence_server/reporters/search/search.go
@@ -295,7 +295,7 @@ func searchCloudNode(ctx context.Context, filter SearchFilter, fw model.FetchWin
 		return res, err
 	}
 	defer tx.Close()
-	if cloudProvider == model.PostureProviderLinux || cloudProvider == model.PostureProviderKubernetes {
+	if cloudProvider == model.PostureProviderHost || cloudProvider == model.PostureProviderCluster {
 		filter.Filters.ContainsFilter.FieldsValues["agent_running"] = append(make([]interface{}, 0), true)
 		delete(filter.Filters.ContainsFilter.FieldsValues, "cloud_provider")
 	}
diff --git a/deepfence_utils/utils/structs.go b/deepfence_utils/utils/structs.go
index 9281a4a445..807cc8c0da 100644
--- a/deepfence_utils/utils/structs.go
+++ b/deepfence_utils/utils/structs.go
@@ -80,7 +80,7 @@ type ReportParams struct {
 type ReportFilters struct {
 	ScanId                string                `json:"scan_id"`
 	ScanType              string                `json:"scan_type" validate:"required" required:"true" enum:"vulnerability,secret,malware,compliance,cloud_compliance"`
-	NodeType              string                `json:"node_type" validate:"required" required:"true" enum:"host,container,container_image,linux,cluster,aws,gcp,azure"`
+	NodeType              string                `json:"node_type" validate:"required" required:"true" enum:"host,container,container_image,cluster,aws,gcp,azure"`
 	SeverityOrCheckType   []string              `json:"severity_or_check_type" enum:"critical,high,medium,low,cis,gdpr,nist,hipaa,pci,soc_2"`
 	IncludeDeadNode       bool                  `json:"include_dead_nodes"`
 	AdvancedReportFilters AdvancedReportFilters `json:"advanced_report_filters,omitempty"`
diff --git a/deepfence_worker/cronjobs/cloud_compliance.go b/deepfence_worker/cronjobs/cloud_compliance.go
index 3268c99736..dc6679e161 100644
--- a/deepfence_worker/cronjobs/cloud_compliance.go
+++ b/deepfence_worker/cronjobs/cloud_compliance.go
@@ -18,11 +18,11 @@ import (
 )
 
 var BenchmarksAvailableMap = map[string][]string{
-	"aws":        {"cis", "nist", "pci", "gdpr", "hipaa", "soc_2"},
-	"gcp":        {"cis"},
-	"azure":      {"cis", "nist", "pci", "hipaa"},
-	"kubernetes": {"nsa-cisa"},
-	"linux":      {"hipaa", "nist", "pci", "gdpr"}}
+	"aws":     {"cis", "nist", "pci", "gdpr", "hipaa", "soc_2"},
+	"gcp":     {"cis"},
+	"azure":   {"cis", "nist", "pci", "hipaa"},
+	"cluster": {"nsa-cisa"},
+	"host":    {"hipaa", "nist", "pci", "gdpr"}}
 
 type Benchmark struct {
 	BenchmarkId   string            `json:"benchmark_id"`
@@ -215,17 +215,17 @@ func CachePostureProviders(ctx context.Context, task *asynq.Task) error {
 		}
 		neo4jNodeType := "CloudNode"
 		nodeLabel := "Hosts"
-		if postureProviderName == model.PostureProviderKubernetes {
+		if postureProviderName == model.PostureProviderCluster {
 			neo4jNodeType = "KubernetesCluster"
 			nodeLabel = "Clusters"
-		} else if postureProviderName == model.PostureProviderLinux {
+		} else if postureProviderName == model.PostureProviderHost {
 			neo4jNodeType = "Node"
 		}
 		var account_count_query, resource_count_query, scan_count_query, success_count_query, global_count_query string
 		passStatus := []string{"ok", "info", "skip"}
-		if postureProviderName == model.PostureProviderLinux || postureProviderName == model.PostureProviderKubernetes {
+		if postureProviderName == model.PostureProviderHost || postureProviderName == model.PostureProviderCluster {
 			postureProvider.NodeLabel = nodeLabel
-			if postureProviderName == model.PostureProviderLinux {
+			if postureProviderName == model.PostureProviderHost {
 				passStatus = []string{"warn", "pass"}
 			}