autodiscovery

package
v0.123.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2025 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AutoCollector 

type AutoCollector interface {
	// DiscoverFoundational discovers foundational collectors based on cluster state (Path 1)
	DiscoverFoundational(ctx context.Context, opts DiscoveryOptions) ([]CollectorSpec, error)
	// AugmentWithFoundational augments existing YAML collectors with foundational collectors (Path 2)
	AugmentWithFoundational(ctx context.Context, yamlCollectors []CollectorSpec, opts DiscoveryOptions) ([]CollectorSpec, error)
	// ValidatePermissions validates RBAC permissions for discovered resources
	ValidatePermissions(ctx context.Context, resources []Resource) ([]Resource, error)
}

AutoCollector defines the interface for automatic collector discovery

type CollectorSource 

type CollectorSource string

CollectorSource indicates the origin of a collector 

const (
	SourceFoundational CollectorSource = "foundational"
	SourceYAML         CollectorSource = "yaml"
	SourceAugmented    CollectorSource = "augmented"
	SourceKOTS         CollectorSource = "kots"
)

type CollectorSpec 

type CollectorSpec struct {
	// Type of collector (logs, clusterResources, secret, etc.)
	Type CollectorType
	// Name of the collector for identification
	Name string
	// Namespace for namespaced resources
	Namespace string
	// Spec contains the actual collector configuration
	Spec interface{}
	// Priority for deduplication (higher wins)
	Priority int
	// Source indicates where this collector came from (foundational, yaml, etc.)
	Source CollectorSource
}

CollectorSpec represents a collector specification that can be converted to troubleshootv1beta2.Collect

func (CollectorSpec) GetUniqueKey 

func (c CollectorSpec) GetUniqueKey() string

GetUniqueKey returns a unique identifier for deduplication

func (CollectorSpec) ToTroubleshootCollect 

func (c CollectorSpec) ToTroubleshootCollect() (*troubleshootv1beta2.Collect, error)

ToTroubleshootCollect converts a CollectorSpec to a troubleshootv1beta2.Collect

type CollectorType 

type CollectorType string

CollectorType represents the type of data being collected 

const (
	CollectorTypePods             CollectorType = "pods"
	CollectorTypeDeployments      CollectorType = "deployments"
	CollectorTypeServices         CollectorType = "services"
	CollectorTypeConfigMaps       CollectorType = "configmaps"
	CollectorTypeSecrets          CollectorType = "secrets"
	CollectorTypeEvents           CollectorType = "events"
	CollectorTypeLogs             CollectorType = "logs"
	CollectorTypeClusterInfo      CollectorType = "clusterInfo"
	CollectorTypeClusterResources CollectorType = "clusterResources"
	CollectorTypeImageFacts       CollectorType = "imageFacts"
	CollectorTypeData             CollectorType = "data"
)

type Discoverer 

type Discoverer struct {
	// contains filtered or unexported fields
}

Discoverer implements the AutoCollector interface

func NewDiscoverer 

func NewDiscoverer(clientConfig *rest.Config, client kubernetes.Interface) (*Discoverer, error)

NewDiscoverer creates a new autodiscovery discoverer

func (*Discoverer) AugmentWithFoundational 

func (d *Discoverer) AugmentWithFoundational(ctx context.Context, yamlCollectors []CollectorSpec, opts DiscoveryOptions) ([]CollectorSpec, error)

AugmentWithFoundational augments existing YAML collectors with foundational collectors (Path 2)

func (*Discoverer) DiscoverFoundational 

func (d *Discoverer) DiscoverFoundational(ctx context.Context, opts DiscoveryOptions) ([]CollectorSpec, error)

DiscoverFoundational discovers foundational collectors based on cluster state (Path 1)

func (*Discoverer) ValidatePermissions 

func (d *Discoverer) ValidatePermissions(ctx context.Context, resources []Resource) ([]Resource, error)

ValidatePermissions validates RBAC permissions for discovered resources

type DiscoveryOptions 

type DiscoveryOptions struct {
	// Target namespaces for discovery (empty = all accessible namespaces)
	Namespaces []string
	// Include container image metadata collection
	IncludeImages bool
	// Perform RBAC permission checking
	RBACCheck bool
	// Maximum discovery depth for resource relationships
	MaxDepth int
	// Path 1: Only collect foundational data
	FoundationalOnly bool
	// Path 2: Add foundational to existing YAML specs
	AugmentMode bool
	// Timeout for discovery operations
	Timeout time.Duration
	// TestMode disables KOTS diagnostic collectors for cleaner testing
	TestMode bool
}

DiscoveryOptions configures the autodiscovery behavior

type ExpansionContext 

type ExpansionContext struct {
	Namespace string
	Options   DiscoveryOptions
	Resources []Resource
	Metadata  map[string]interface{}
}

ExpansionContext provides context for resource expansion

type ExpansionRule 

type ExpansionRule struct {
	// CollectorType is the type of collector this rule creates
	CollectorType CollectorType
	// Priority determines the order of collectors (higher = more important)
	Priority int
	// RequiredPermissions lists the RBAC permissions needed
	RequiredPermissions []ResourcePermission
	// ExpansionFunc creates the actual collector spec
	ExpansionFunc func(context.Context, ExpansionContext) ([]CollectorSpec, error)
	// Dependencies lists other collector types this depends on
	Dependencies []CollectorType
}

ExpansionRule defines how a resource type should be expanded into collectors

type FoundationalCollectors 

type FoundationalCollectors struct {
	// Core Kubernetes resources always collected
	Pods             []CollectorSpec
	Deployments      []CollectorSpec
	Services         []CollectorSpec
	ConfigMaps       []CollectorSpec
	Secrets          []CollectorSpec
	Events           []CollectorSpec
	Logs             []CollectorSpec
	ClusterInfo      []CollectorSpec
	ClusterResources []CollectorSpec
	// Container image metadata
	ImageFacts []CollectorSpec
}

FoundationalCollectors represents the set of collectors that are always included

type KotsApplication 

type KotsApplication struct {
	Namespace           string
	AppName             string
	KotsadmDeployment   *appsv1.Deployment
	KotsadmServices     []corev1.Service
	ReplicatedSecrets   []corev1.Secret
	ConfigMaps          []corev1.ConfigMap
	AdditionalResources []KotsResource
}

KotsApplication represents a detected KOTS application

type KotsDetector 

type KotsDetector struct {
	// contains filtered or unexported fields
}

KotsDetector detects KOTS applications in the cluster

func NewKotsDetector 

func NewKotsDetector(client kubernetes.Interface) *KotsDetector

NewKotsDetector creates a new KOTS detector

func (*KotsDetector) DetectKotsApplications 

func (k *KotsDetector) DetectKotsApplications(ctx context.Context) ([]KotsApplication, error)

DetectKotsApplications searches for KOTS applications across all accessible namespaces

func (*KotsDetector) GenerateKotsCollectors 

func (k *KotsDetector) GenerateKotsCollectors(kotsApps []KotsApplication) []CollectorSpec

GenerateKotsCollectors generates collectors specific to the detected KOTS applications

func (*KotsDetector) GenerateStandardKotsCollectors 

func (k *KotsDetector) GenerateStandardKotsCollectors(ctx context.Context) []CollectorSpec

GenerateStandardKotsCollectors generates collectors for standard KOTS resources that should always be checked This includes attempting to collect expected KOTS resources even if no active KOTS apps are detected

type KotsResource 

type KotsResource struct {
	Kind      string
	Name      string
	Namespace string
}

KotsResource represents a KOTS-related Kubernetes resource

type NamespaceInfo 

type NamespaceInfo struct {
	Name   string
	Labels map[string]string
	// IsSystem indicates if this is a system namespace
	IsSystem bool
	// ResourceCount provides counts of key resources in the namespace
	ResourceCount ResourceCount
}

NamespaceInfo contains information about a discovered namespace

type NamespaceScanner 

type NamespaceScanner struct {
	// contains filtered or unexported fields
}

NamespaceScanner handles namespace discovery and filtering

func NewNamespaceScanner 

func NewNamespaceScanner(client kubernetes.Interface) *NamespaceScanner

NewNamespaceScanner creates a new namespace scanner

func (*NamespaceScanner) FilterNamespacesByLabel 

func (ns *NamespaceScanner) FilterNamespacesByLabel(ctx context.Context, namespaces []string, labelSelector string) ([]string, error)

FilterNamespacesByLabel filters namespaces using a label selector

func (*NamespaceScanner) GetNamespacesByResourceActivity 

func (ns *NamespaceScanner) GetNamespacesByResourceActivity(ctx context.Context, opts ScanOptions) ([]NamespaceInfo, error)

GetNamespacesByResourceActivity returns namespaces sorted by resource activity

func (*NamespaceScanner) GetTargetNamespaces 

func (ns *NamespaceScanner) GetTargetNamespaces(ctx context.Context, requestedNamespaces []string, opts ScanOptions) ([]string, error)

GetTargetNamespaces returns a list of namespace names to target for collection

func (*NamespaceScanner) ScanNamespaces 

func (ns *NamespaceScanner) ScanNamespaces(ctx context.Context, opts ScanOptions) ([]NamespaceInfo, error)

ScanNamespaces discovers and returns information about accessible namespaces

type PermissionIssue 

type PermissionIssue struct {
	Resource  string
	Namespace string
	Verb      string
	Collector string
	Reason    string
}

PermissionIssue represents a specific RBAC permission problem

type RBACChecker 

type RBACChecker struct {
	// contains filtered or unexported fields
}

RBACChecker handles RBAC permission validation

func NewRBACChecker 

func NewRBACChecker(client kubernetes.Interface) (*RBACChecker, error)

NewRBACChecker creates a new RBAC checker

func (*RBACChecker) CheckBulkPermissions 

func (r *RBACChecker) CheckBulkPermissions(ctx context.Context, resources []Resource) (map[string]bool, error)

CheckBulkPermissions checks multiple permissions efficiently using batch operations

func (*RBACChecker) CheckPermission 

func (r *RBACChecker) CheckPermission(ctx context.Context, resource Resource) (bool, error)

CheckPermission checks if the current user has permission to access a specific resource

func (*RBACChecker) FilterByPermissions 

func (r *RBACChecker) FilterByPermissions(ctx context.Context, resources []Resource) ([]Resource, error)

FilterByPermissions filters resources based on RBAC permissions

type RBACReporter 

type RBACReporter struct {
	// contains filtered or unexported fields
}

RBACReporter handles reporting of RBAC permission issues to users

func NewRBACReporter 

func NewRBACReporter() *RBACReporter

NewRBACReporter creates a new RBAC reporter

func (*RBACReporter) GenerateDebugInfo 

func (r *RBACReporter) GenerateDebugInfo()

GenerateDebugInfo generates detailed debug information about RBAC filtering

func (*RBACReporter) GeneratePermissionSummary 

func (r *RBACReporter) GeneratePermissionSummary()

GeneratePermissionSummary generates a summary of permission issues

func (*RBACReporter) GenerateRemediationReport 

func (r *RBACReporter) GenerateRemediationReport()

GenerateRemediationReport generates actionable commands to fix permission issues

func (*RBACReporter) GetFilteredCollectorCount 

func (r *RBACReporter) GetFilteredCollectorCount() int

GetFilteredCollectorCount returns the number of collectors that were filtered

func (*RBACReporter) GetFilteredCollectors 

func (r *RBACReporter) GetFilteredCollectors() []CollectorSpec

GetFilteredCollectors returns the list of collectors that were filtered

func (*RBACReporter) GetPermissionIssues 

func (r *RBACReporter) GetPermissionIssues() []PermissionIssue

GetPermissionIssues returns the list of permission issues

func (*RBACReporter) GetWarningCount 

func (r *RBACReporter) GetWarningCount() int

GetWarningCount returns the number of warnings generated

func (*RBACReporter) HasWarnings 

func (r *RBACReporter) HasWarnings() bool

HasWarnings returns true if any warnings were generated

func (*RBACReporter) ReportFilteredCollector 

func (r *RBACReporter) ReportFilteredCollector(collector CollectorSpec, reason string)

ReportFilteredCollector reports that a collector was filtered due to RBAC permissions

func (*RBACReporter) ReportMissingPermission 

func (r *RBACReporter) ReportMissingPermission(resource, namespace, verb, collectorName string)

ReportMissingPermission reports a specific missing permission

func (*RBACReporter) Reset 

func (r *RBACReporter) Reset()

Reset clears all warnings and tracked issues (useful for testing)

func (*RBACReporter) SummarizeCollectionResults 

func (r *RBACReporter) SummarizeCollectionResults(totalCollectors int)

SummarizeCollectionResults provides a final summary of what was collected vs. what was skipped

type Resource 

type Resource struct {
	APIVersion string
	Kind       string
	Namespace  string
	Name       string
}

Resource represents a Kubernetes resource for RBAC checking

type ResourceCount 

type ResourceCount struct {
	Pods        int
	Deployments int
	Services    int
	ConfigMaps  int
	Secrets     int
}

ResourceCount tracks resource counts in a namespace

type ResourceExpander 

type ResourceExpander struct {
	// contains filtered or unexported fields
}

ResourceExpander handles converting discovered resources to collector specifications

func NewResourceExpander 

func NewResourceExpander() *ResourceExpander

NewResourceExpander creates a new resource expander with default rules

func (*ResourceExpander) DeduplicateCollectors 

func (re *ResourceExpander) DeduplicateCollectors(collectors []CollectorSpec) []CollectorSpec

DeduplicateCollectors removes duplicate collectors based on their unique key

func (*ResourceExpander) ExpandToCollectors 

func (re *ResourceExpander) ExpandToCollectors(ctx context.Context, namespaces []string, opts DiscoveryOptions) ([]CollectorSpec, error)

ExpandToCollectors converts discovered resources to collector specifications

func (*ResourceExpander) FilterCollectorsByNamespace 

func (re *ResourceExpander) FilterCollectorsByNamespace(collectors []CollectorSpec, targetNamespaces []string) []CollectorSpec

FilterCollectorsByNamespace filters collectors to only include those for specified namespaces

func (*ResourceExpander) GetCollectorPriority 

func (re *ResourceExpander) GetCollectorPriority(collectorType CollectorType) int

GetCollectorPriority returns the priority for a collector type

func (*ResourceExpander) GetCollectorTypesForNamespace 

func (re *ResourceExpander) GetCollectorTypesForNamespace(namespace string, opts DiscoveryOptions) []CollectorType

GetCollectorTypesForNamespace returns the collector types that should be generated for a namespace

func (*ResourceExpander) GetRequiredPermissions 

func (re *ResourceExpander) GetRequiredPermissions(collectorType CollectorType) []ResourcePermission

GetRequiredPermissions returns the RBAC permissions required for a collector type

func (*ResourceExpander) RegisterRule 

func (re *ResourceExpander) RegisterRule(collectorType CollectorType, rule ExpansionRule)

RegisterRule registers a new expansion rule

func (*ResourceExpander) ValidateCollectorDependencies 

func (re *ResourceExpander) ValidateCollectorDependencies(collectors []CollectorSpec) error

ValidateCollectorDependencies ensures all collector dependencies are satisfied

type ResourcePermission 

type ResourcePermission struct {
	APIVersion string
	Kind       string
	Verbs      []string // get, list, watch, etc.
}

ResourcePermission represents a required RBAC permission

type ScanOptions 

type ScanOptions struct {
	// IncludePatterns are glob patterns for namespaces to include
	IncludePatterns []string
	// ExcludePatterns are glob patterns for namespaces to exclude
	ExcludePatterns []string
	// LabelSelector filters namespaces by labels
	LabelSelector string
	// IncludeSystemNamespaces includes system namespaces like kube-system
	IncludeSystemNamespaces bool
}

ScanOptions configures namespace scanning behavior

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.