mirror of
https://github.com/kyverno/policy-reporter.git
synced 2024-12-14 11:57:32 +00:00
securityhub: fix product name field and allow to set company name in findings (#446)
Signed-off-by: Peter Jakubis <balonik32@gmail.com>
This commit is contained in:
parent
ee5e4d629b
commit
cc85fee3a8
5 changed files with 21 additions and 7 deletions
|
@ -301,6 +301,7 @@ securityHub:
|
||||||
secretRef: {{ .Values.target.securityHub.secretRef | quote }}
|
secretRef: {{ .Values.target.securityHub.secretRef | quote }}
|
||||||
mountedSecret: {{ .Values.target.securityHub.mountedSecret | quote }}
|
mountedSecret: {{ .Values.target.securityHub.mountedSecret | quote }}
|
||||||
productName: {{ .Values.target.securityHub.productName | quote }}
|
productName: {{ .Values.target.securityHub.productName | quote }}
|
||||||
|
companyName: {{ .Values.target.securityHub.companyName | quote }}
|
||||||
region: {{ .Values.target.securityHub.region }}
|
region: {{ .Values.target.securityHub.region }}
|
||||||
endpoint: {{ .Values.target.securityHub.endpoint }}
|
endpoint: {{ .Values.target.securityHub.endpoint }}
|
||||||
minimumPriority: {{ .Values.target.securityHub.minimumPriority | quote }}
|
minimumPriority: {{ .Values.target.securityHub.minimumPriority | quote }}
|
||||||
|
|
|
@ -208,6 +208,7 @@ type SecurityHub struct {
|
||||||
AWSConfig `mapstructure:",squash"`
|
AWSConfig `mapstructure:",squash"`
|
||||||
AccountID string `mapstructure:"accountId"`
|
AccountID string `mapstructure:"accountId"`
|
||||||
ProductName string `mapstructure:"productName"`
|
ProductName string `mapstructure:"productName"`
|
||||||
|
CompanyName string `mapstructure:"companyName"`
|
||||||
DelayInSeconds int `mapstructure:"delayInSeconds"`
|
DelayInSeconds int `mapstructure:"delayInSeconds"`
|
||||||
Cleanup bool `mapstructure:"cleanup"`
|
Cleanup bool `mapstructure:"cleanup"`
|
||||||
Channels []*SecurityHub `mapstructure:"channels"`
|
Channels []*SecurityHub `mapstructure:"channels"`
|
||||||
|
|
|
@ -724,6 +724,7 @@ func (f *TargetFactory) createSecurityHub(config, parent *SecurityHub) target.Cl
|
||||||
sugar.Infof("%s configured", config.Name)
|
sugar.Infof("%s configured", config.Name)
|
||||||
|
|
||||||
setFallback(&config.ProductName, parent.ProductName, "Policy Reporter")
|
setFallback(&config.ProductName, parent.ProductName, "Policy Reporter")
|
||||||
|
setFallback(&config.CompanyName, parent.CompanyName, "Kyverno")
|
||||||
setInt(&config.DelayInSeconds, parent.DelayInSeconds)
|
setInt(&config.DelayInSeconds, parent.DelayInSeconds)
|
||||||
|
|
||||||
return securityhub.NewClient(securityhub.Options{
|
return securityhub.NewClient(securityhub.Options{
|
||||||
|
@ -733,6 +734,7 @@ func (f *TargetFactory) createSecurityHub(config, parent *SecurityHub) target.Cl
|
||||||
AccountID: config.AccountID,
|
AccountID: config.AccountID,
|
||||||
Region: config.Region,
|
Region: config.Region,
|
||||||
ProductName: config.ProductName,
|
ProductName: config.ProductName,
|
||||||
|
CompanyName: config.CompanyName,
|
||||||
Delay: time.Duration(config.DelayInSeconds) * time.Second,
|
Delay: time.Duration(config.DelayInSeconds) * time.Second,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,7 +18,7 @@ type HubClient interface {
|
||||||
GetFindings(ctx context.Context, params *hub.GetFindingsInput, optFns ...func(*hub.Options)) (*hub.GetFindingsOutput, error)
|
GetFindings(ctx context.Context, params *hub.GetFindingsInput, optFns ...func(*hub.Options)) (*hub.GetFindingsOutput, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Options to configure the S3 target
|
// Options to configure the SecurityHub target
|
||||||
type Options struct {
|
type Options struct {
|
||||||
target.ClientOptions
|
target.ClientOptions
|
||||||
CustomFields map[string]string
|
CustomFields map[string]string
|
||||||
|
@ -26,6 +26,7 @@ type Options struct {
|
||||||
AccountID string
|
AccountID string
|
||||||
Region string
|
Region string
|
||||||
ProductName string
|
ProductName string
|
||||||
|
CompanyName string
|
||||||
Delay time.Duration
|
Delay time.Duration
|
||||||
Cleanup bool
|
Cleanup bool
|
||||||
}
|
}
|
||||||
|
@ -37,6 +38,7 @@ type client struct {
|
||||||
accountID string
|
accountID string
|
||||||
region string
|
region string
|
||||||
productName string
|
productName string
|
||||||
|
companyName string
|
||||||
delay time.Duration
|
delay time.Duration
|
||||||
cleanup bool
|
cleanup bool
|
||||||
}
|
}
|
||||||
|
@ -75,9 +77,8 @@ func (c *client) Send(result v1alpha2.PolicyReportResult) {
|
||||||
},
|
},
|
||||||
Title: &title,
|
Title: &title,
|
||||||
Description: &result.Message,
|
Description: &result.Message,
|
||||||
ProductFields: map[string]string{
|
ProductName: &c.productName,
|
||||||
"Product Name": c.productName,
|
CompanyName: &c.companyName,
|
||||||
},
|
|
||||||
Compliance: &types.Compliance{
|
Compliance: &types.Compliance{
|
||||||
Status: types.ComplianceStatusFailed,
|
Status: types.ComplianceStatusFailed,
|
||||||
},
|
},
|
||||||
|
@ -229,7 +230,7 @@ func (c *client) mapOtherDetails(result v1alpha2.PolicyReportResult) map[string]
|
||||||
return details
|
return details
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewClient creates a new S3.client to send Results to S3.
|
// NewClient creates a new SecurityHub.client to send Results to SecurityHub.
|
||||||
func NewClient(options Options) target.Client {
|
func NewClient(options Options) target.Client {
|
||||||
return &client{
|
return &client{
|
||||||
target.NewBaseClient(options.ClientOptions),
|
target.NewBaseClient(options.ClientOptions),
|
||||||
|
@ -238,6 +239,7 @@ func NewClient(options Options) target.Client {
|
||||||
options.AccountID,
|
options.AccountID,
|
||||||
options.Region,
|
options.Region,
|
||||||
options.ProductName,
|
options.ProductName,
|
||||||
|
options.CompanyName,
|
||||||
options.Delay,
|
options.Delay,
|
||||||
options.Cleanup,
|
options.Cleanup,
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,6 +46,7 @@ func TestSecurityHub(t *testing.T) {
|
||||||
AccountID: "accountID",
|
AccountID: "accountID",
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
ProductName: "Policy Reporter",
|
ProductName: "Policy Reporter",
|
||||||
|
CompanyName: "Kyverno",
|
||||||
Client: &client{
|
Client: &client{
|
||||||
send: func(findings []types.AwsSecurityFinding) {
|
send: func(findings []types.AwsSecurityFinding) {
|
||||||
if len(findings) != 1 {
|
if len(findings) != 1 {
|
||||||
|
@ -64,8 +65,11 @@ func TestSecurityHub(t *testing.T) {
|
||||||
if *finding.ProductArn != "arn:aws:securityhub:eu-central-1:accountID:product/accountID/default" {
|
if *finding.ProductArn != "arn:aws:securityhub:eu-central-1:accountID:product/accountID/default" {
|
||||||
t.Errorf("unexpected product arn: %s", *finding.ProductArn)
|
t.Errorf("unexpected product arn: %s", *finding.ProductArn)
|
||||||
}
|
}
|
||||||
if finding.ProductFields["Product Name"] != "Policy Reporter" {
|
if *finding.ProductName != "Policy Reporter" {
|
||||||
t.Errorf("unexpected product name arn: %s", finding.ProductFields["Product Name"])
|
t.Errorf("unexpected product name: %s", *finding.ProductName)
|
||||||
|
}
|
||||||
|
if *finding.CompanyName != "Kyverno" {
|
||||||
|
t.Errorf("unexpected company name: %s", *finding.CompanyName)
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -80,6 +84,7 @@ func TestSecurityHub(t *testing.T) {
|
||||||
AccountID: "accountID",
|
AccountID: "accountID",
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
ProductName: "Policy Reporter",
|
ProductName: "Policy Reporter",
|
||||||
|
CompanyName: "Kyverno",
|
||||||
Client: h,
|
Client: h,
|
||||||
Cleanup: false,
|
Cleanup: false,
|
||||||
})
|
})
|
||||||
|
@ -100,6 +105,7 @@ func TestSecurityHub(t *testing.T) {
|
||||||
AccountID: "accountID",
|
AccountID: "accountID",
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
ProductName: "Policy Reporter",
|
ProductName: "Policy Reporter",
|
||||||
|
CompanyName: "Kyverno",
|
||||||
Client: h,
|
Client: h,
|
||||||
Cleanup: true,
|
Cleanup: true,
|
||||||
})
|
})
|
||||||
|
@ -126,6 +132,7 @@ func TestSecurityHub(t *testing.T) {
|
||||||
AccountID: "accountID",
|
AccountID: "accountID",
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
ProductName: "Policy Reporter",
|
ProductName: "Policy Reporter",
|
||||||
|
CompanyName: "Kyverno",
|
||||||
Client: h,
|
Client: h,
|
||||||
Cleanup: true,
|
Cleanup: true,
|
||||||
})
|
})
|
||||||
|
@ -152,6 +159,7 @@ func TestSecurityHub(t *testing.T) {
|
||||||
AccountID: "accountID",
|
AccountID: "accountID",
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
ProductName: "Policy Reporter",
|
ProductName: "Policy Reporter",
|
||||||
|
CompanyName: "Kyverno",
|
||||||
Client: h,
|
Client: h,
|
||||||
Cleanup: true,
|
Cleanup: true,
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue