Add TemplateHash label (#165)

* Add TemplateHash label Signed-off-by: David Wertenteil <[email protected]> * fixed test Signed-off-by: David Wertenteil <[email protected]> --------- Signed-off-by: David Wertenteil <[email protected]>
kubescape · Dec 24, 2023 · 91d9b78 · 91d9b78
1 parent 6141124
commit 91d9b78
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 17 deletions.
diff --git a/go.mod b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/kinbiko/jsonassert v1.1.1
 	github.com/kubescape/backend v0.0.16
 	github.com/kubescape/go-logger v0.0.22
-	github.com/kubescape/k8s-interface v0.0.152
+	github.com/kubescape/k8s-interface v0.0.154
 	github.com/kubescape/storage v0.0.39
 	github.com/panjf2000/ants/v2 v2.9.0
 	github.com/spf13/viper v1.17.0

diff --git a/go.sum b/go.sum
@@ -315,8 +315,8 @@ github.com/kubescape/backend v0.0.16 h1:bkQGY39GSoNIeFfnAJ2zlcrGEyXk6LGYv1/MgS51
 github.com/kubescape/backend v0.0.16/go.mod h1:ug9NFmmxT4DcQx3sgdLRzlLPWMKGHE/fpbcYUm5G5Qo=
 github.com/kubescape/go-logger v0.0.22 h1:gle7wH6emOiGv9ljdpVi82pWLQ3jGucrUucvil6JXHE=
 github.com/kubescape/go-logger v0.0.22/go.mod h1:x3HBpZo3cMT/WIdy18BxvVVd5D0e/PWFVk/HiwBNu3g=
-github.com/kubescape/k8s-interface v0.0.152 h1:1tm2zPYVK7+1fewpca0/MCoK3TgUNButpM3F3uZz6yo=
-github.com/kubescape/k8s-interface v0.0.152/go.mod h1:5sz+5Cjvo98lTbTVDiDA4MmlXxeHSVMW/wR0V3hV4K8=
+github.com/kubescape/k8s-interface v0.0.154 h1:D6TRgSBjbD/eTf2FKswSB9rdd9dsW2AQJL0RUm3NPH8=
+github.com/kubescape/k8s-interface v0.0.154/go.mod h1:5sz+5Cjvo98lTbTVDiDA4MmlXxeHSVMW/wR0V3hV4K8=
 github.com/kubescape/storage v0.0.39 h1:zxdu6pQ/8Fdzp0Er0yX+KWApMYvNZh9y7ONWyJcbb08=
 github.com/kubescape/storage v0.0.39/go.mod h1:ObCIVOnVyWwRwU0iuKTzOnrJQScqPgkw0FgvSINwosY=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=

diff --git a/pkg/applicationprofilemanager/v1/applicationprofile_manager.go b/pkg/applicationprofilemanager/v1/applicationprofile_manager.go
@@ -61,6 +61,10 @@ func (am *ApplicationProfileManager) ensureInstanceID(ctx context.Context, conta
 		return
 	}
 	pod := wl.(*workloadinterface.Workload)
+
+	// get pod template hash
+	watchedContainer.TemplateHash, _ = pod.GetLabel("pod-template-hash")
+
 	// find parentWlid
 	kind, name, err := am.k8sClient.CalculateWorkloadParentRecursive(pod)
 	if err != nil {

diff --git a/pkg/relevancymanager/v1/testdata/nginx-spdx-filtered.json b/pkg/relevancymanager/v1/testdata/nginx-spdx-filtered.json
@@ -1,6 +1,6 @@
 {
   "metadata": {
-    "name": "ns-pod-pod-cb3a-a929",
+    "name": "pod-pod",
     "creationTimestamp": null,
     "labels": {
       "kubescape.io/workload-api-version": "v1",

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
@@ -2,14 +2,15 @@ package utils
 
 import (
 	"errors"
-	"github.com/goradd/maps"
 	"math/rand"
 	"path/filepath"
 	"runtime"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/goradd/maps"
+
 	"github.com/armosec/utils-k8s-go/wlid"
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
@@ -39,23 +40,24 @@ const (
 )
 
 type WatchedContainerData struct {
-	ContainerID                              string
-	ContainerIndex                           int
-	ContainerType                            ContainerType
-	FilteredSpdxData                         *v1beta1.SBOMSPDXv2p3Filtered
-	ImageID                                  string
-	ImageTag                                 string
-	InitialDelayExpired                      bool
 	InstanceID                               instanceidhandler.IInstanceID
+	UpdateDataTicker                         *time.Ticker
+	SyncChannel                              chan error
+	FilteredSpdxData                         *v1beta1.SBOMSPDXv2p3Filtered
+	RelevantRealtimeFilesBySPDXIdentifier    map[v1beta1.ElementID]bool
+	RelevantRealtimeFilesByPackageSourceInfo map[string]*PackageSourceInfoData
 	K8sContainerID                           string
+	ContainerID                              string
 	ParentResourceVersion                    string
-	RelevantRealtimeFilesByPackageSourceInfo map[string]*PackageSourceInfoData
-	RelevantRealtimeFilesBySPDXIdentifier    map[v1beta1.ElementID]bool
-	SBOMResourceVersion                      int
-	SyncChannel                              chan error
-	UpdateDataTicker                         *time.Ticker
+	ImageTag                                 string
+	ImageID                                  string
 	Wlid                                     string
+	TemplateHash                             string
+	SBOMResourceVersion                      int
+	ContainerType                            ContainerType
+	ContainerIndex                           int
 	NsMntId                                  uint64
+	InitialDelayExpired                      bool
 }
 
 func Between(value string, a string, b string) string {
@@ -140,6 +142,9 @@ func GetLabels(watchedContainer *WatchedContainerData, stripContainer bool) map[
 	if watchedContainer.ParentResourceVersion != "" {
 		labels[instanceidhandler2.ResourceVersionMetadataKey] = watchedContainer.ParentResourceVersion
 	}
+	if watchedContainer.TemplateHash != "" {
+		labels[instanceidhandler2.TemplateHashKey] = watchedContainer.TemplateHash
+	}
 	return labels
 }