feat(adapter): Add applier and modify package name

5GSEC · Jan 9, 2024 · 7a73ed2 · 7a73ed2
1 parent 169e905
commit 7a73ed2
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 3 deletions.
diff --git a/pkg/nimbus-kubearmor/core/applier/applier.go b/pkg/nimbus-kubearmor/core/applier/applier.go
@@ -0,0 +1,45 @@
+package applier
+
+import (
+	"context"
+
+	"sigs.k8s.io/controller-runtime/pkg/log"
+
+	kubearmorv1 "github.com/kubearmor/KubeArmor/pkg/KubeArmorController/api/security.kubearmor.com/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// Applier manages the enforcement of policies.
+type Applier struct {
+	Client client.Client
+}
+
+// NewApplier creates a new Applier.
+func NewApplier(client client.Client) *Applier {
+	return &Applier{Client: client}
+}
+
+// ApplyPolicy applies or updates a given KubeArmorPolicy.
+func (e *Applier) ApplyPolicy(ctx context.Context, kubeArmorPolicy *kubearmorv1.KubeArmorPolicy) error {
+	log := log.FromContext(ctx)
+
+	// Check if the policy already exists
+	existingPolicy := &kubearmorv1.KubeArmorPolicy{}
+	err := e.Client.Get(ctx, types.NamespacedName{Name: kubeArmorPolicy.Name, Namespace: kubeArmorPolicy.Namespace}, existingPolicy)
+	if err != nil && !errors.IsNotFound(err) {
+		log.Error(err, "Existing KubeArmorPolicy lookup failed", "PolicyName", kubeArmorPolicy.Name)
+		return err
+	}
+
+	// Update if exists, create otherwise
+	if errors.IsNotFound(err) {
+		log.Info("Apply a new KubeArmorPolicy", "PolicyName", kubeArmorPolicy.Name, "Policy", kubeArmorPolicy)
+		return e.Client.Create(ctx, kubeArmorPolicy)
+	} else {
+		log.Info("Update existing KubeArmorPolicy", "PolicyName", kubeArmorPolicy.Name)
+		existingPolicy.Spec = kubeArmorPolicy.Spec
+		return e.Client.Update(ctx, existingPolicy)
+	}
+}
diff --git a/pkg/nimbus-kubearmor/core/converter/converter.go b/pkg/nimbus-kubearmor/core/converter/converter.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright 2023 Authors of Nimbus
 
-package transformer
+package converter
 
 import (
 	"context"

diff --git a/pkg/nimbus-kubearmor/core/converter/converthelper.go b/pkg/nimbus-kubearmor/core/converter/converthelper.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright 2023 Authors of Nimbus
 
-package transformer
+package converter
 
 import (
 	v1 "github.com/5GSEC/nimbus/api/v1"

diff --git a/pkg/nimbus-kubearmor/main.go b/pkg/nimbus-kubearmor/main.go
@@ -16,6 +16,7 @@ import (
 	"github.com/5GSEC/nimbus/pkg/nimbus-kubearmor/core/enforcer"
 	watcher "github.com/5GSEC/nimbus/pkg/nimbus-kubearmor/receiver/nimbuspolicywatcher"
 	"github.com/5GSEC/nimbus/pkg/nimbus-kubearmor/receiver/verifier"
+	ctrl "sigs.k8s.io/controller-runtime"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"

diff --git a/pkg/nimbus-kubearmor/nimbus-kubearmor b/pkg/nimbus-kubearmor/nimbus-kubearmor
diff --git a/pkg/nimbus-kubearmor/receiver/nimbuspolicywatcher/watcher.go b/pkg/nimbus-kubearmor/receiver/nimbuspolicywatcher/watcher.go
@@ -28,7 +28,6 @@ func NewNimbusPolicyWatcher(client client.Client) *NimbusPolicyWatcher {
 // It returns a channel through which the NimbusPolicy objects can be received.
 func (npw *NimbusPolicyWatcher) WatchNimbusPolicies(ctx context.Context) (<-chan v1.NimbusPolicy, error) {
 	policyChan := make(chan v1.NimbusPolicy)
-	// NimbusPolicyWatcher 구조체에 추가
 
 	go func() {
 		defer close(policyChan)