Skip to content

Commit 2c5da5e

Browse files
KaizheKaizhe
authored
add volume mount information about a container (#47)
Signed-off-by: Kaizhe Huang <[email protected]>
1 parent 25515e1 commit 2c5da5e

File tree

4 files changed

+62
-21
lines changed

4 files changed

+62
-21
lines changed

advisor/types/securityspec.go

Lines changed: 28 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -39,26 +39,35 @@ const (
3939
// 13. seLinux and others - need further investigation
4040
// 14. allowedUnsafeSysctls - done
4141

42+
type VolumeMount struct {
43+
MountPath string `json:"mountPath"`
44+
Name string `json:"name"`
45+
SubPath string `json:"subPath,omitempty"`
46+
ReadOnly bool `json:"readOnly,omitempty"`
47+
SubPathExpr string `json:"subPathExpr,omitempty"`
48+
}
49+
4250
type ContainerSecuritySpec struct {
43-
Metadata Metadata `json:"parentMetadata"`
44-
ContainerID string `json:"containerID"`
45-
ContainerName string `json:"containerName"`
46-
PodName string `json:"podName"`
47-
Namespace string `json:"namespace"`
48-
ImageName string `json:"imageName"`
49-
ImageSHA string `json:"imageSHA"`
50-
HostName string `json:"hostName"`
51-
Capabilities []string `json:"effectiveCapabilities,omitempty"`
52-
DroppedCap []string `json:"droppedCapabilities,omitempty"`
53-
AddedCap []string `json:"addedCapabilities,omitempty"`
54-
Privileged bool `json:"privileged,omitempty"`
55-
ReadOnlyRootFS bool `json:"readOnlyRootFileSystem,omitempty"`
56-
RunAsNonRoot *bool `json:"runAsNonRoot,omitempty"`
57-
AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty"`
58-
RunAsUser *int64 `json:"runAsUser,omitempty"`
59-
RunAsGroup *int64 `json:"runAsGroup,omitempty"`
60-
HostPorts []int32 `json:"hostPorts,omitempty"`
61-
ServiceAccount string `json:"serviceAccount,omitempty"`
51+
Metadata Metadata `json:"parentMetadata"`
52+
ContainerID string `json:"containerID"`
53+
ContainerName string `json:"containerName"`
54+
PodName string `json:"podName"`
55+
Namespace string `json:"namespace"`
56+
ImageName string `json:"imageName"`
57+
ImageSHA string `json:"imageSHA"`
58+
HostName string `json:"hostName"`
59+
Capabilities []string `json:"effectiveCapabilities,omitempty"`
60+
DroppedCap []string `json:"droppedCapabilities,omitempty"`
61+
AddedCap []string `json:"addedCapabilities,omitempty"`
62+
Privileged bool `json:"privileged,omitempty"`
63+
ReadOnlyRootFS bool `json:"readOnlyRootFileSystem,omitempty"`
64+
RunAsNonRoot *bool `json:"runAsNonRoot,omitempty"`
65+
AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty"`
66+
RunAsUser *int64 `json:"runAsUser,omitempty"`
67+
RunAsGroup *int64 `json:"runAsGroup,omitempty"`
68+
HostPorts []int32 `json:"hostPorts,omitempty"`
69+
ServiceAccount string `json:"serviceAccount,omitempty"`
70+
VolumeMounts []VolumeMount `json:"volumeMounts"`
6271
}
6372

6473
type PodSecuritySpec struct {

generator/generator.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -342,6 +342,7 @@ func (pg *Generator) GetSecuritySpecFromPodSpec(metadata types.Metadata, namespa
342342
RunAsUser: getRunAsUser(container.SecurityContext, spec.SecurityContext),
343343
HostPorts: getHostPorts(container.Ports),
344344
ServiceAccount: getServiceAccountName(spec),
345+
VolumeMounts: getVolumeMounts(container.VolumeMounts),
345346
}
346347
cssList = append(cssList, csc)
347348
}
@@ -893,3 +894,19 @@ func getNamespace(ns string) string {
893894

894895
return "default"
895896
}
897+
898+
func getVolumeMounts(mounts []corev1.VolumeMount) []types.VolumeMount {
899+
list := []types.VolumeMount{}
900+
901+
for _, vm := range mounts {
902+
list = append(list, types.VolumeMount{
903+
Name: vm.Name,
904+
MountPath: vm.MountPath,
905+
ReadOnly: vm.ReadOnly,
906+
SubPath: vm.SubPath,
907+
SubPathExpr: vm.SubPathExpr,
908+
})
909+
}
910+
911+
return list
912+
}

go.mod

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,10 @@ require (
1818
github.com/modern-go/reflect2 v1.0.1 // indirect
1919
github.com/sirupsen/logrus v1.4.2
2020
github.com/spf13/cobra v0.0.5
21+
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 // indirect
2122
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 // indirect
22-
golang.org/x/text v0.3.2 // indirect
2323
golang.org/x/time v0.0.0-20190921001708-c4c64cad1fd0 // indirect
24-
golang.org/x/tools v0.0.0-20201006221505-454bc3d4df59
24+
golang.org/x/tools v0.1.5
2525
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
2626
gopkg.in/inf.v0 v0.9.0 // indirect
2727
gopkg.in/yaml.v2 v2.2.4 // indirect

go.sum

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,7 @@ github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljT
9494
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
9595
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
9696
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
97+
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
9798
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
9899
golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
99100
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -106,6 +107,8 @@ golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ=
106107
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
107108
golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
108109
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
110+
golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
111+
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
109112
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
110113
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
111114
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -116,12 +119,15 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b h1:0mm1VjtFUOIlE1SbDlwjYaDxZ
116119
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
117120
golang.org/x/net v0.0.0-20200822124328-c89045814202 h1:VvcQYSHwXgi7W+TpUR6A9g6Up98WAHf3f/ulnJ62IyA=
118121
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
122+
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
123+
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
119124
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
120125
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
121126
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
122127
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
123128
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
124129
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
130+
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
125131
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
126132
golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
127133
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -131,9 +137,16 @@ golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f h1:25KHgbfyiSm6vwQLbM3zZIe1v
131137
golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
132138
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
133139
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
140+
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
141+
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
142+
golang.org/x/sys v0.0.0-20210510120138-977fb7262007 h1:gG67DSER+11cZvqIMb8S8bt0vZtiN6xWYARwirrOSfE=
143+
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
144+
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
134145
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
135146
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
136147
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
148+
golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
149+
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
137150
golang.org/x/time v0.0.0-20190921001708-c4c64cad1fd0 h1:xQwXv67TxFo9nC1GJFyab5eq/5B590r6RlnL/G8Sz7w=
138151
golang.org/x/time v0.0.0-20190921001708-c4c64cad1fd0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
139152
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -147,6 +160,8 @@ golang.org/x/tools v0.0.0-20200519205726-57a9e4404bf7 h1:nm4zDh9WvH4jiuUpMY5RUsv
147160
golang.org/x/tools v0.0.0-20200519205726-57a9e4404bf7/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
148161
golang.org/x/tools v0.0.0-20201006221505-454bc3d4df59 h1:H/v9nnePDtwkDwwziog8hJOJSY4rx6DGzohRRLYRing=
149162
golang.org/x/tools v0.0.0-20201006221505-454bc3d4df59/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
163+
golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA=
164+
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
150165
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
151166
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
152167
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=

0 commit comments

Comments
 (0)