From 6e234d9aae02e76f1b437fe85e7ff969c45b327b Mon Sep 17 00:00:00 2001 From: Tommy Date: Wed, 15 May 2024 10:05:41 +0200 Subject: [PATCH] fix(timesketch): fix default configs nesting configmap and bump to 0.2.0 --- charts/timesketch/Chart.yaml | 2 +- .../{configs => config}/bigquery_matcher.yaml | 0 .../{configs => config}/context_links.yaml | 0 .../{configs => config}/data_finder.yaml | 0 .../dfiq/approaches/Q0001.01.yaml | 0 .../dfiq/approaches/Q0001.02.yaml | 0 .../dfiq/approaches/Q0002.01.yaml | 0 .../dfiq/approaches/Q0003.01.yaml | 0 .../dfiq/approaches/Q0003.02.yaml | 0 .../dfiq/approaches/Q0004.01.yaml | 0 .../dfiq/approaches/Q0005.01.yaml | 0 .../dfiq/approaches/Q0006.01.yaml | 0 .../dfiq/facets/F0001.yaml | 0 .../dfiq/facets/F0002.yaml | 0 .../dfiq/questions/Q0001.yaml | 0 .../dfiq/questions/Q0002.yaml | 0 .../dfiq/questions/Q0003.yaml | 0 .../dfiq/questions/Q0004.yaml | 0 .../dfiq/questions/Q0005.yaml | 0 .../dfiq/questions/Q0006.yaml | 0 .../dfiq/questions/Q0007.yaml | 0 .../dfiq/scenarios/S0001.yaml | 0 .../{configs => config}/generic.mappings | 0 .../intelligence_tag_metadata.yaml | 0 .../{configs => config}/ontology.yaml | 0 .../{configs => config}/plaso.mappings | 0 .../{configs => config}/plaso_formatters.yaml | 0 .../{configs => config}/regex_features.yaml | 0 .../{configs => config}/scenarios/facets.yaml | 0 .../scenarios/questions.yaml | 0 .../scenarios/scenarios.yaml | 0 .../sigma/rules/lnx_susp_zmap.yml | 0 .../sigma/rules/win_powershell_susp_1.yaml | 0 .../sigma/rules/win_suspicious_keywords.yml | 0 .../{configs => config}/sigma_config.yaml | 0 .../timesketch/{configs => config}/tags.yaml | 0 .../{configs => config}/winevt_features.yaml | 0 .../templates/configuration-timesketch.yaml | 16 ++++++++++++++-- .../templates/deployment-frontend.yaml | 19 +++++++++++-------- .../templates/deployment-worker.yaml | 16 ++++++++++------ 40 files changed, 36 insertions(+), 17 deletions(-) rename charts/timesketch/{configs => config}/bigquery_matcher.yaml (100%) rename charts/timesketch/{configs => config}/context_links.yaml (100%) rename charts/timesketch/{configs => config}/data_finder.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/approaches/Q0001.01.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/approaches/Q0001.02.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/approaches/Q0002.01.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/approaches/Q0003.01.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/approaches/Q0003.02.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/approaches/Q0004.01.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/approaches/Q0005.01.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/approaches/Q0006.01.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/facets/F0001.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/facets/F0002.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/questions/Q0001.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/questions/Q0002.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/questions/Q0003.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/questions/Q0004.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/questions/Q0005.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/questions/Q0006.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/questions/Q0007.yaml (100%) rename charts/timesketch/{configs => config}/dfiq/scenarios/S0001.yaml (100%) rename charts/timesketch/{configs => config}/generic.mappings (100%) rename charts/timesketch/{configs => config}/intelligence_tag_metadata.yaml (100%) rename charts/timesketch/{configs => config}/ontology.yaml (100%) rename charts/timesketch/{configs => config}/plaso.mappings (100%) rename charts/timesketch/{configs => config}/plaso_formatters.yaml (100%) rename charts/timesketch/{configs => config}/regex_features.yaml (100%) rename charts/timesketch/{configs => config}/scenarios/facets.yaml (100%) rename charts/timesketch/{configs => config}/scenarios/questions.yaml (100%) rename charts/timesketch/{configs => config}/scenarios/scenarios.yaml (100%) rename charts/timesketch/{configs => config}/sigma/rules/lnx_susp_zmap.yml (100%) rename charts/timesketch/{configs => config}/sigma/rules/win_powershell_susp_1.yaml (100%) rename charts/timesketch/{configs => config}/sigma/rules/win_suspicious_keywords.yml (100%) rename charts/timesketch/{configs => config}/sigma_config.yaml (100%) rename charts/timesketch/{configs => config}/tags.yaml (100%) rename charts/timesketch/{configs => config}/winevt_features.yaml (100%) diff --git a/charts/timesketch/Chart.yaml b/charts/timesketch/Chart.yaml index 5e844dd..97cce7a 100644 --- a/charts/timesketch/Chart.yaml +++ b/charts/timesketch/Chart.yaml @@ -4,7 +4,7 @@ description: | A toolset of DFIR tools appVersion: "20240508" type: application -version: 0.1.3 +version: 0.2.0 maintainers: - name: Tommy Skaug email: tommy@skaug.me diff --git a/charts/timesketch/configs/bigquery_matcher.yaml b/charts/timesketch/config/bigquery_matcher.yaml similarity index 100% rename from charts/timesketch/configs/bigquery_matcher.yaml rename to charts/timesketch/config/bigquery_matcher.yaml diff --git a/charts/timesketch/configs/context_links.yaml b/charts/timesketch/config/context_links.yaml similarity index 100% rename from charts/timesketch/configs/context_links.yaml rename to charts/timesketch/config/context_links.yaml diff --git a/charts/timesketch/configs/data_finder.yaml b/charts/timesketch/config/data_finder.yaml similarity index 100% rename from charts/timesketch/configs/data_finder.yaml rename to charts/timesketch/config/data_finder.yaml diff --git a/charts/timesketch/configs/dfiq/approaches/Q0001.01.yaml b/charts/timesketch/config/dfiq/approaches/Q0001.01.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/approaches/Q0001.01.yaml rename to charts/timesketch/config/dfiq/approaches/Q0001.01.yaml diff --git a/charts/timesketch/configs/dfiq/approaches/Q0001.02.yaml b/charts/timesketch/config/dfiq/approaches/Q0001.02.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/approaches/Q0001.02.yaml rename to charts/timesketch/config/dfiq/approaches/Q0001.02.yaml diff --git a/charts/timesketch/configs/dfiq/approaches/Q0002.01.yaml b/charts/timesketch/config/dfiq/approaches/Q0002.01.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/approaches/Q0002.01.yaml rename to charts/timesketch/config/dfiq/approaches/Q0002.01.yaml diff --git a/charts/timesketch/configs/dfiq/approaches/Q0003.01.yaml b/charts/timesketch/config/dfiq/approaches/Q0003.01.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/approaches/Q0003.01.yaml rename to charts/timesketch/config/dfiq/approaches/Q0003.01.yaml diff --git a/charts/timesketch/configs/dfiq/approaches/Q0003.02.yaml b/charts/timesketch/config/dfiq/approaches/Q0003.02.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/approaches/Q0003.02.yaml rename to charts/timesketch/config/dfiq/approaches/Q0003.02.yaml diff --git a/charts/timesketch/configs/dfiq/approaches/Q0004.01.yaml b/charts/timesketch/config/dfiq/approaches/Q0004.01.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/approaches/Q0004.01.yaml rename to charts/timesketch/config/dfiq/approaches/Q0004.01.yaml diff --git a/charts/timesketch/configs/dfiq/approaches/Q0005.01.yaml b/charts/timesketch/config/dfiq/approaches/Q0005.01.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/approaches/Q0005.01.yaml rename to charts/timesketch/config/dfiq/approaches/Q0005.01.yaml diff --git a/charts/timesketch/configs/dfiq/approaches/Q0006.01.yaml b/charts/timesketch/config/dfiq/approaches/Q0006.01.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/approaches/Q0006.01.yaml rename to charts/timesketch/config/dfiq/approaches/Q0006.01.yaml diff --git a/charts/timesketch/configs/dfiq/facets/F0001.yaml b/charts/timesketch/config/dfiq/facets/F0001.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/facets/F0001.yaml rename to charts/timesketch/config/dfiq/facets/F0001.yaml diff --git a/charts/timesketch/configs/dfiq/facets/F0002.yaml b/charts/timesketch/config/dfiq/facets/F0002.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/facets/F0002.yaml rename to charts/timesketch/config/dfiq/facets/F0002.yaml diff --git a/charts/timesketch/configs/dfiq/questions/Q0001.yaml b/charts/timesketch/config/dfiq/questions/Q0001.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/questions/Q0001.yaml rename to charts/timesketch/config/dfiq/questions/Q0001.yaml diff --git a/charts/timesketch/configs/dfiq/questions/Q0002.yaml b/charts/timesketch/config/dfiq/questions/Q0002.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/questions/Q0002.yaml rename to charts/timesketch/config/dfiq/questions/Q0002.yaml diff --git a/charts/timesketch/configs/dfiq/questions/Q0003.yaml b/charts/timesketch/config/dfiq/questions/Q0003.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/questions/Q0003.yaml rename to charts/timesketch/config/dfiq/questions/Q0003.yaml diff --git a/charts/timesketch/configs/dfiq/questions/Q0004.yaml b/charts/timesketch/config/dfiq/questions/Q0004.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/questions/Q0004.yaml rename to charts/timesketch/config/dfiq/questions/Q0004.yaml diff --git a/charts/timesketch/configs/dfiq/questions/Q0005.yaml b/charts/timesketch/config/dfiq/questions/Q0005.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/questions/Q0005.yaml rename to charts/timesketch/config/dfiq/questions/Q0005.yaml diff --git a/charts/timesketch/configs/dfiq/questions/Q0006.yaml b/charts/timesketch/config/dfiq/questions/Q0006.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/questions/Q0006.yaml rename to charts/timesketch/config/dfiq/questions/Q0006.yaml diff --git a/charts/timesketch/configs/dfiq/questions/Q0007.yaml b/charts/timesketch/config/dfiq/questions/Q0007.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/questions/Q0007.yaml rename to charts/timesketch/config/dfiq/questions/Q0007.yaml diff --git a/charts/timesketch/configs/dfiq/scenarios/S0001.yaml b/charts/timesketch/config/dfiq/scenarios/S0001.yaml similarity index 100% rename from charts/timesketch/configs/dfiq/scenarios/S0001.yaml rename to charts/timesketch/config/dfiq/scenarios/S0001.yaml diff --git a/charts/timesketch/configs/generic.mappings b/charts/timesketch/config/generic.mappings similarity index 100% rename from charts/timesketch/configs/generic.mappings rename to charts/timesketch/config/generic.mappings diff --git a/charts/timesketch/configs/intelligence_tag_metadata.yaml b/charts/timesketch/config/intelligence_tag_metadata.yaml similarity index 100% rename from charts/timesketch/configs/intelligence_tag_metadata.yaml rename to charts/timesketch/config/intelligence_tag_metadata.yaml diff --git a/charts/timesketch/configs/ontology.yaml b/charts/timesketch/config/ontology.yaml similarity index 100% rename from charts/timesketch/configs/ontology.yaml rename to charts/timesketch/config/ontology.yaml diff --git a/charts/timesketch/configs/plaso.mappings b/charts/timesketch/config/plaso.mappings similarity index 100% rename from charts/timesketch/configs/plaso.mappings rename to charts/timesketch/config/plaso.mappings diff --git a/charts/timesketch/configs/plaso_formatters.yaml b/charts/timesketch/config/plaso_formatters.yaml similarity index 100% rename from charts/timesketch/configs/plaso_formatters.yaml rename to charts/timesketch/config/plaso_formatters.yaml diff --git a/charts/timesketch/configs/regex_features.yaml b/charts/timesketch/config/regex_features.yaml similarity index 100% rename from charts/timesketch/configs/regex_features.yaml rename to charts/timesketch/config/regex_features.yaml diff --git a/charts/timesketch/configs/scenarios/facets.yaml b/charts/timesketch/config/scenarios/facets.yaml similarity index 100% rename from charts/timesketch/configs/scenarios/facets.yaml rename to charts/timesketch/config/scenarios/facets.yaml diff --git a/charts/timesketch/configs/scenarios/questions.yaml b/charts/timesketch/config/scenarios/questions.yaml similarity index 100% rename from charts/timesketch/configs/scenarios/questions.yaml rename to charts/timesketch/config/scenarios/questions.yaml diff --git a/charts/timesketch/configs/scenarios/scenarios.yaml b/charts/timesketch/config/scenarios/scenarios.yaml similarity index 100% rename from charts/timesketch/configs/scenarios/scenarios.yaml rename to charts/timesketch/config/scenarios/scenarios.yaml diff --git a/charts/timesketch/configs/sigma/rules/lnx_susp_zmap.yml b/charts/timesketch/config/sigma/rules/lnx_susp_zmap.yml similarity index 100% rename from charts/timesketch/configs/sigma/rules/lnx_susp_zmap.yml rename to charts/timesketch/config/sigma/rules/lnx_susp_zmap.yml diff --git a/charts/timesketch/configs/sigma/rules/win_powershell_susp_1.yaml b/charts/timesketch/config/sigma/rules/win_powershell_susp_1.yaml similarity index 100% rename from charts/timesketch/configs/sigma/rules/win_powershell_susp_1.yaml rename to charts/timesketch/config/sigma/rules/win_powershell_susp_1.yaml diff --git a/charts/timesketch/configs/sigma/rules/win_suspicious_keywords.yml b/charts/timesketch/config/sigma/rules/win_suspicious_keywords.yml similarity index 100% rename from charts/timesketch/configs/sigma/rules/win_suspicious_keywords.yml rename to charts/timesketch/config/sigma/rules/win_suspicious_keywords.yml diff --git a/charts/timesketch/configs/sigma_config.yaml b/charts/timesketch/config/sigma_config.yaml similarity index 100% rename from charts/timesketch/configs/sigma_config.yaml rename to charts/timesketch/config/sigma_config.yaml diff --git a/charts/timesketch/configs/tags.yaml b/charts/timesketch/config/tags.yaml similarity index 100% rename from charts/timesketch/configs/tags.yaml rename to charts/timesketch/config/tags.yaml diff --git a/charts/timesketch/configs/winevt_features.yaml b/charts/timesketch/config/winevt_features.yaml similarity index 100% rename from charts/timesketch/configs/winevt_features.yaml rename to charts/timesketch/config/winevt_features.yaml diff --git a/charts/timesketch/templates/configuration-timesketch.yaml b/charts/timesketch/templates/configuration-timesketch.yaml index 30cfa5f..d251f61 100644 --- a/charts/timesketch/templates/configuration-timesketch.yaml +++ b/charts/timesketch/templates/configuration-timesketch.yaml @@ -1,9 +1,21 @@ +{{/* +Create a nested ConfigMap from a directory structure from the config directory. +*/}} +{{- define "timesketch.nestedConfigMap" -}} +{{- $root := . -}} +{{- $files := .Files.Glob "config/**" -}} +{{- range $path, $file := $files -}} +{{- $key := (regexReplaceAll "/" $path "__") -}} +{{- printf "%s: |-\n%s" $key (indent 2 (printf "%s" $file)) | nindent 2 }} +{{- end -}} +{{- end -}} +--- apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "timesketch.fullname" . }}-configs + name: {{ include "timesketch.fullname" . }}-default-config namespace: {{ .Release.Namespace | quote }} labels: {{- include "timesketch.labels" . | nindent 4 }} data: - {{- (.Files.Glob "configs/**.{yaml,mappings}").AsConfig | nindent 2 }} \ No newline at end of file + {{ include "timesketch.nestedConfigMap" . | nindent 2 }} diff --git a/charts/timesketch/templates/deployment-frontend.yaml b/charts/timesketch/templates/deployment-frontend.yaml index fa60589..854c3a4 100644 --- a/charts/timesketch/templates/deployment-frontend.yaml +++ b/charts/timesketch/templates/deployment-frontend.yaml @@ -62,9 +62,13 @@ spec: - name: upload-volume mountPath: /data/uploads subPath: uploads - - name: timesketch-default-configs - mountPath: /config - readOnly: true + {{- range $path, $file := .Files.Glob "config/**" }} + {{ $recreatedPath := (regexReplaceAll "__" $path "/") | trimPrefix "config/" }} + {{ $key := (regexReplaceAll "/" $path "__") }} + - name: timesketch-default-config + mountPath: /config/{{ $recreatedPath }} + subPath: {{ $key }} + {{- end }} - name: timesketch-conf mountPath: /var/timesketch.conf subPath: timesketch.conf @@ -82,15 +86,14 @@ spec: - name: upload-volume persistentVolumeClaim: claimName: {{ include "timesketch.fullname" . }}-upload - readOnly: false - - name: timesketch-default-configs + - name: timesketch-default-config configMap: - name: {{ include "timesketch.fullname" . }}-configs - optional: true + name: {{ include "timesketch.fullname" . }}-default-config + optional: false - name: timesketch-conf secret: secretName: {{ .Values.config.existingConfSecret }} - optional: true + optional: false - name: ca-cert configMap: name: {{ .Values.caCert.existingConfigMapName }} diff --git a/charts/timesketch/templates/deployment-worker.yaml b/charts/timesketch/templates/deployment-worker.yaml index 4716153..9241a47 100644 --- a/charts/timesketch/templates/deployment-worker.yaml +++ b/charts/timesketch/templates/deployment-worker.yaml @@ -58,9 +58,13 @@ spec: - name: upload-volume mountPath: /data/uploads subPath: uploads - - name: timesketch-default-configs - mountPath: /config - readOnly: true + {{- range $path, $file := .Files.Glob "config/**" }} + {{ $recreatedPath := (regexReplaceAll "__" $path "/") | trimPrefix "config/" }} + {{ $key := (regexReplaceAll "/" $path "__") }} + - name: timesketch-default-config + mountPath: /config/{{ $recreatedPath }} + subPath: {{ $key }} + {{- end }} - name: timesketch-conf mountPath: /var/timesketch.conf subPath: timesketch.conf @@ -79,10 +83,10 @@ spec: persistentVolumeClaim: claimName: {{ include "timesketch.fullname" . }}-upload readOnly: false - - name: timesketch-default-configs + - name: timesketch-default-config configMap: - name: {{ include "timesketch.fullname" . }}-configs - optional: true + name: {{ include "timesketch.fullname" . }}-default-config + optional: false - name: timesketch-conf secret: secretName: {{ .Values.config.existingConfSecret }}