Merge pull request #140 from kubescape/deprecate-ConfigInputs

Deprecate ConfigInputs, use ControlConfigInputs

Author: yuleib

reporthandling/datastructures.go

@@ -59,7 +59,6 @@ type PolicyRule struct {
 	Match                  []RuleMatchObjects    `json:"match" bson:"match"`                                   // k8s resources this rule needs as inputs
 	DynamicMatch           []RuleMatchObjects    `json:"dynamicMatch,omitempty" bson:"dynamicMatch,omitempty"` // NON-k8s resources this rule needs as inputs, acquired by host-scanner
 	RuleDependencies       []RuleDependency      `json:"ruleDependencies" bson:"ruleDependencies"`             // packages this rule uses
-	ConfigInputs           []string              `json:"configInputs" bson:"configInputs"`                     // DEPRECATED
 	ControlConfigInputs    []ControlConfigInputs `json:"controlConfigInputs" bson:"controlConfigInputs" `      // list of inputs from postureControlInputs in customerConfig for this rule
 	Description            string                `json:"description" bson:"description"`
 	Remediation            string                `json:"remediation" bson:"remediation"`

resources/resourcesutils.go

@@ -10,6 +10,7 @@ import (
 	"github.com/open-policy-agent/opa/storage/inmem"
 
 	k8sinterface "github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/opa-utils/reporthandling"
 	"k8s.io/client-go/rest"
 )
 
@@ -88,6 +89,20 @@ func (data *RegoDependenciesData) GetFilteredPostureControlInputs(settings []str
 	return jsonObj
 }
 
+func (data *RegoDependenciesData) GetFilteredPostureControlConfigInputs(settings []reporthandling.ControlConfigInputs) map[string][]string {
+	jsonObj := map[string][]string{}
+	for i := range settings {
+		splitted := strings.Split(settings[i].Path, ".")
+		if len(splitted) != 3 {
+			continue
+		}
+		if v, k := data.PostureControlInputs[splitted[2]]; k && v != nil {
+			jsonObj[splitted[2]] = v
+		}
+	}
+	return jsonObj
+}
+
 // TOStorage - converts rego data inputs to a storage.Store object.
 func (data *RegoDependenciesData) TOStorage() (storage.Store, error) {
 	return inmem.NewFromObject(map[string]interface{}{"postureControlInputs": data.PostureControlInputs,

resources/resourcesutils_test.go

@@ -4,6 +4,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/kubescape/opa-utils/reporthandling"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -20,3 +21,29 @@ func TestGetFilteredPostureControlInputs(t *testing.T) {
 	_, ok = postureControlInputs[splitted1[2]]
 	assert.False(t, ok)
 }
+
+func TestGetFilteredPostureControlConfigInputs(t *testing.T) {
+	regoInputData := RegoDependenciesData{}
+	regoInputData.PostureControlInputs = map[string][]string{"sensitiveKeyNames": {"keyA", "keyB"}}
+
+	inputs := []reporthandling.ControlConfigInputs{
+		{
+			Path: "settings.postureControlInputs.sensitiveKeyNames",
+			Name: "Sensitive Key Names",
+		},
+		{
+			Path: "settings.postureControlInputs.blabla",
+			Name: "Blabla",
+		},
+	}
+
+	postureControlInputs := regoInputData.GetFilteredPostureControlConfigInputs(inputs)
+
+	splitted0 := strings.Split(inputs[0].Path, ".")
+	_, ok := postureControlInputs[splitted0[2]]
+	assert.True(t, ok)
+
+	splitted1 := strings.Split(inputs[1].Path, ".")
+	_, ok = postureControlInputs[splitted1[2]]
+	assert.False(t, ok)
+}