Skip to content

KIEM Tech Spec

Shreyas Mishra edited this page May 8, 2023 · 3 revisions

Tech Spec

This is how the flow of code will looke like

image a

Getting the data (Query)

Right now the program will use the k8s api twice

1) to get all the roles

2) to get the role bindings

3) the role binding will be associated with either

  • Service account
  • User
  • Group

user and groups are managed by platform which can be accessed by kubernetes authentication system how to get the user/ group name is yet to be figured out

image

Example of Struct

type PermissionTable struct {
    Name      string `json:"name"`
    Kind      string `json:"kind"`
    Namespace string `json:"namespace,omitempty"`
    RoleBindingInfo        []RoleBindingInfo     `json:"RoleBindingInfo"`

}

type RoleBindingInfo struct {
    Namespace       string            `json:"namespace"`
    RoleBindingName string            `json:"role_binding_name"`
	  Name            string       `json:"rolename"`
    Rules           []RoleRuleInfo    `json:"rules"`
}

type RoleRuleInfo struct {
    APIGroups []string `json:"api_groups"`
    Resources []string `json:"resources"`
    Verbs     []string `json:"verbs"`
}

Example of json


[
  {
    "name": "something",
    "kind": "group",
    "namespace": "namespace",
    "RoleBindingInfo": [
      {
        "namespace": "namespace",
        "role_binding_name": "app-dev",
        "role_name" : "Dev-Team"
        "rules": [
          {
            "api_groups": [
              "kubearmor.io"
            ],
            "resources": [
              "kubearmorsecuritypolicy",
              "kubearmorhostpolicy"
            ],
            "verbs": [
              "list",
              "update",
              "add",
              "delete"
            ]
          },
          {
            "api_groups": [
              "cilium.io"
            ],
            "resources": [
              "ciliumsecuritypolicy",
              "ciliumhostpolicy"
            ],
            "verbs": [
              "get",
              "list",
              "add",
              "delete"
            ]
          }
        ]
      }
    ]
  }
]
Clone this wiki locally