Adding linkerd sidecar reporting to discovered intents resolution data

otterize · Jan 23, 2025 · 5a0fd44 · 5a0fd44
1 parent ed6fe54
commit 5a0fd44
Show file tree

Hide file tree

Showing 7 changed files with 150 additions and 41 deletions.
diff --git a/src/mapper/pkg/cloudclient/cloud_client.go b/src/mapper/pkg/cloudclient/cloud_client.go
@@ -34,7 +34,6 @@ func NewClient(ctx context.Context) (*CloudClientImpl, bool, error) {
 
 func (c *CloudClientImpl) ReportDiscoveredIntents(ctx context.Context, intents []*DiscoveredIntentInput) error {
 	logrus.Debug("Uploading intents to cloud, count: ", len(intents))
-
 	_, err := ReportDiscoveredIntents(ctx, c.client, intents)
 	if err != nil {
 		return errors.Wrap(err)

diff --git a/src/mapper/pkg/cloudclient/schema.graphql b/src/mapper/pkg/cloudclient/schema.graphql
@@ -309,6 +309,13 @@ input ClientIPConfig {
 	timeoutSeconds: Int
 }
 
+type ClientIntentAccessStatus {
+	total: Int!
+	allowed: Int!
+	blocked: Int!
+	wouldBeBlocked: Int!
+}
+
 type ClientIntentEvent {
 	firstTimestamp: Time
 	lastTimestamp: Time
@@ -359,6 +366,7 @@ input ClientIntentStatusInput {
 
 type ClientIntentsFileRepresentation {
 	fileName: String!
+	namespacedFileName: String!
 	service: Service!
 	rows: [ClientIntentsRow!]!
 	content: String!
@@ -505,6 +513,11 @@ type DashboardData {
 	nonCompliantControls: Fraction!
 }
 
+type DashboardV2 {
+	dashboard: DashboardData!
+	findings: [FindingSummaryV2!]!
+}
+
 type DatabaseConfig {
 	dbname: String!
 	table: String!
@@ -712,6 +725,9 @@ type FeatureFlags {
 	isCloudServicesDetectionEnabled: Boolean
 	isCloudSecurityEnabled: Boolean
 	useClientIntentsV2: Boolean
+	enableFindingsV2: Boolean
+	useTypedIntentsCTE: Boolean
+	enableInternetIntentsSuggestions: Boolean
 }
 
 type Finding {
@@ -726,6 +742,7 @@ type Finding {
 	status: FindingStatus!
 	ignoredReason: String
 	type: FindingType!
+	controlId: RegulationCode!
 }
 
 enum FindingStatus {
@@ -768,11 +785,10 @@ type FindingSummaryV2 {
 	validationDescription: String
 	status: FindingStatus!
 	ignoredReason: String
-	serviceTotalCount: Int!
-	serviceOpenCount: Int!
-	clusterTotalCount: Int!
-	clusterOpenCount: Int!
+	workloadFindingsStatus: StatusSummary!
+	clusterFindingStatus: StatusSummary!
 	requirements: [FindingSummaryV2!]
+	wasOpen: Boolean!
 }
 
 """NEW findings"""
@@ -981,6 +997,9 @@ input InputFeatureFlags {
 	isCloudServicesDetectionEnabled: Boolean
 	isCloudSecurityEnabled: Boolean
 	useClientIntentsV2: Boolean
+	enableFindingsV2: Boolean
+	useTypedIntentsCTE: Boolean
+	enableInternetIntentsSuggestions: Boolean
 }
 
 """ Findings filter """
@@ -1118,6 +1137,7 @@ enum IntegrationState {
 	FAILURE
 	PENDING
 	WARNING
+	DISABLED
 }
 
 type IntegrationStatus {
@@ -1627,6 +1647,7 @@ type Mutation {
 		ignored: Boolean!
 		reason: String
 	): Boolean!
+	createFindingsForOrg: Boolean!
 """Create a new generic integration"""
 	createGenericIntegration(
 		name: String!
@@ -1929,6 +1950,7 @@ input NetworkPolicySpecInput {
 type Organization {
 	id: ID!
 	name: String!
+	uniqueName: String!
 	imageURL: String
 	settings: OrganizationSettings!
 	created: Time!
@@ -2002,6 +2024,11 @@ type Query {
 		clusterIds: [ID!]
 		featureFlags: InputFeatureFlags
 	): [ClientIntentsFileRepresentation!]!
+""" Get service incoming internet connections """
+	serviceIncomingInternetConnections(
+		targetServiceId: ID!
+		lastSeenAfter: Time!
+	): [String!]!
 """Get access log"""
 	accessLog(
 		filter: InputAccessLogFilter
@@ -2052,6 +2079,9 @@ type Query {
 	findingSummaryStatusHistory(
 		leafControlIDs: [RegulationCode!]!
 	): [FindingStatusHistory!]!
+	dashboardV2(
+		filter: InputFindingFilter
+	): DashboardV2!
 """List integrations"""
 	integrations(
 		name: String
@@ -2343,6 +2373,8 @@ input ServiceBackendPortInput {
 type ServiceClientIntents {
 	asClient: ClientIntentsFiles
 	asServer: ClientIntentsFiles
+	asClientStatus: ClientIntentAccessStatus
+	asServerStatus: ClientIntentAccessStatus
 	appliedIntentStatus: ClientIntentStatus
 	appliedIntentEvents: [ClientIntentEvent!]
 }
@@ -2453,6 +2485,14 @@ input StackFrame {
 	package: String!
 }
 
+type StatusSummary {
+	openCount: Int!
+	resolvedCount: Int!
+	ignoredCount: Int!
+	totalCount: Int!
+	status: FindingStatus!
+}
+
 """The `String`scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text."""
 scalar String
 

diff --git a/src/mapper/pkg/graph/generated/generated.go b/src/mapper/pkg/graph/generated/generated.go
diff --git a/src/mapper/pkg/graph/model/models_gen.go b/src/mapper/pkg/graph/model/models_gen.go
diff --git a/src/mapper/pkg/resolvers/helpers.go b/src/mapper/pkg/resolvers/helpers.go
@@ -11,6 +11,8 @@ import (
 	"time"
 )
 
+const LinkerdSidecarContainerName = "linkerd-proxy"
+
 var SourceIsHostNetworkPodError = errors.NewSentinelError("source is a host network pod, ignoring")
 
 func (r *Resolver) discoverInternalSrcIdentity(ctx context.Context, src *model.RecordedDestinationsForSrc) (model.OtterizeServiceIdentity, error) {
@@ -89,11 +91,12 @@ func (r *Resolver) resolveInClusterIdentity(ctx context.Context, pod *corev1.Pod
 		Namespace: pod.Namespace,
 		Labels:    kubefinder.PodLabelsToOtterizeLabels(pod),
 		ResolutionData: &model.IdentityResolutionData{
-			Host:        lo.ToPtr(pod.Status.PodIP),
-			PodHostname: lo.ToPtr(pod.Name),
-			IsService:   lo.ToPtr(false),
-			ExtraInfo:   lo.ToPtr("resolveInClusterIdentity"),
-			Uptime:      lo.ToPtr(time.Since(pod.CreationTimestamp.Time).String()),
+			Host:              lo.ToPtr(pod.Status.PodIP),
+			PodHostname:       lo.ToPtr(pod.Name),
+			IsService:         lo.ToPtr(false),
+			ExtraInfo:         lo.ToPtr("resolveInClusterIdentity"),
+			Uptime:            lo.ToPtr(time.Since(pod.CreationTimestamp.Time).String()),
+			HasLinkerdSidecar: lo.ToPtr(hasLinkerdSidecar(pod)),
 		},
 	}
 	if svcIdentity.OwnerObject != nil {
@@ -102,3 +105,12 @@ func (r *Resolver) resolveInClusterIdentity(ctx context.Context, pod *corev1.Pod
 
 	return modelSvcIdentity, nil
 }
+
+func hasLinkerdSidecar(pod *corev1.Pod) bool {
+	for _, container := range pod.Spec.Containers {
+		if container.Name == LinkerdSidecarContainerName {
+			return true
+		}
+	}
+	return false
+}
diff --git a/src/mapper/pkg/resolvers/schema.helpers.resolvers.go b/src/mapper/pkg/resolvers/schema.helpers.resolvers.go
@@ -106,13 +106,14 @@ func (r *Resolver) resolveDestIdentity(ctx context.Context, dest model.Destinati
 		Namespace: destPod.Namespace,
 		Labels:    kubefinder.PodLabelsToOtterizeLabels(destPod),
 		ResolutionData: &model.IdentityResolutionData{
-			Host:        lo.ToPtr(dest.Destination),
-			PodHostname: lo.ToPtr(destPod.Name),
-			Port:        dest.DestinationPort,
-			IsService:   lo.ToPtr(false),
-			ExtraInfo:   lo.ToPtr("resolveDestIdentity"),
-			LastSeen:    lo.ToPtr(dest.LastSeen.String()),
-			Uptime:      lo.ToPtr(time.Since(destPod.CreationTimestamp.Time).String()),
+			Host:              lo.ToPtr(dest.Destination),
+			PodHostname:       lo.ToPtr(destPod.Name),
+			Port:              dest.DestinationPort,
+			IsService:         lo.ToPtr(false),
+			ExtraInfo:         lo.ToPtr("resolveDestIdentity"),
+			LastSeen:          lo.ToPtr(dest.LastSeen.String()),
+			Uptime:            lo.ToPtr(time.Since(destPod.CreationTimestamp.Time).String()),
+			HasLinkerdSidecar: lo.ToPtr(hasLinkerdSidecar(destPod)),
 		},
 	}
 	if dstService.OwnerObject != nil {
@@ -187,13 +188,14 @@ func (r *Resolver) addSocketScanPodIntent(ctx context.Context, srcSvcIdentity mo
 		Namespace: destPod.Namespace,
 		Labels:    kubefinder.PodLabelsToOtterizeLabels(destPod),
 		ResolutionData: &model.IdentityResolutionData{
-			Host:        lo.ToPtr(dest.Destination),
-			PodHostname: lo.ToPtr(destPod.Name),
-			Port:        dest.DestinationPort,
-			IsService:   lo.ToPtr(false),
-			ExtraInfo:   lo.ToPtr("addSocketScanPodIntent"),
-			LastSeen:    lo.ToPtr(dest.LastSeen.String()),
-			Uptime:      lo.ToPtr(time.Since(destPod.CreationTimestamp.Time).String()),
+			Host:              lo.ToPtr(dest.Destination),
+			PodHostname:       lo.ToPtr(destPod.Name),
+			Port:              dest.DestinationPort,
+			IsService:         lo.ToPtr(false),
+			ExtraInfo:         lo.ToPtr("addSocketScanPodIntent"),
+			LastSeen:          lo.ToPtr(dest.LastSeen.String()),
+			Uptime:            lo.ToPtr(time.Since(destPod.CreationTimestamp.Time).String()),
+			HasLinkerdSidecar: lo.ToPtr(hasLinkerdSidecar(destPod)),
 		},
 	}
 	if dstService.OwnerObject != nil {
@@ -374,7 +376,7 @@ func (r *Resolver) resolveOtterizeIdentityForDestinationAddress(ctx context.Cont
 
 	resolutionData.PodHostname = lo.ToPtr(destPod.Name)
 	resolutionData.Uptime = lo.ToPtr(time.Since(destPod.CreationTimestamp.Time).String())
-
+	resolutionData.HasLinkerdSidecar = lo.ToPtr(hasLinkerdSidecar(destPod))
 	dstService, err := r.serviceIdResolver.ResolvePodToServiceIdentity(ctx, destPod)
 	if err != nil {
 		logrus.WithError(err).Debugf("Could not resolve pod %s to identity", destPod.Name)

diff --git a/src/mappergraphql/schema.graphql b/src/mappergraphql/schema.graphql
@@ -48,6 +48,7 @@ type IdentityResolutionData {
     uptime: String
     lastSeen: String
     extraInfo: String
+    hasLinkerdSidecar: Boolean
 }
 
 type OtterizeServiceIdentity {