🐛 Fix k8s.ingress certificates (#1937)

* 🐛 Fix k8s.ingress certificates Fixes #1867 Signed-off-by: Christian Zunker <christian@mondoo.com>
mondoohq · Sep 27, 2023 · faed5ce · faed5ce
1 parent ac8dfed
commit faed5ce
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 14 deletions.
diff --git a/providers/k8s/resources/ingress.go b/providers/k8s/resources/ingress.go
@@ -20,8 +20,9 @@ import (
 )
 
 type mqlK8sIngressInternal struct {
- lock sync.Mutex
- obj *networkingv1.Ingress
+ lock sync.Mutex
+ obj *networkingv1.Ingress
+ objId string
 }
 
 func (k *mqlK8s) ingresses() ([]interface{}, error) {
@@ -45,11 +46,6 @@ func (k *mqlK8s) ingresses() ([]interface{}, error) {
  return nil, err
  }
 
- tls, err := getTLS(ingress, objId, k.MqlRuntime, k.GetSecrets)
- if err != nil {
- return nil, err
- }
-
  r, err := CreateResource(k.MqlRuntime, "k8s.ingress", map[string]*llx.RawData{
  "id": llx.StringData(objId),
  "uid": llx.StringData(string(obj.GetUID())),
@@ -60,16 +56,31 @@ func (k *mqlK8s) ingresses() ([]interface{}, error) {
  "created": llx.TimeData(ts.Time),
  "manifest": llx.DictData(manifest),
  "rules": llx.ArrayData(rules, types.Resource("k8s.ingressrule")),
- "tls": llx.ArrayData(tls, types.Resource("k8s.ingresstls")),
  })
  if err != nil {
  return nil, err
  }
  r.(*mqlK8sIngress).obj = ingress
+ r.(*mqlK8sIngress).objId = objId
  return r, nil
  })
 }
 
+func (k *mqlK8sIngress) tls() ([]interface{}, error) {
+ o, err := CreateResource(k.MqlRuntime, "k8s", map[string]*llx.RawData{})
+ if err != nil {
+ return nil, err
+ }
+ k8s := o.(*mqlK8s)
+
+ tls, err := getTLS(k.obj, k.objId, k.MqlRuntime, k8s.GetSecrets)
+ if err != nil {
+ return nil, err
+ }
+
+ return tls, nil
+}
+
 func (k *mqlK8sIngress) id() (string, error) {
  return k.Id.Data, nil
 }
@@ -296,7 +307,7 @@ func getTLS(ingress *networkingv1.Ingress, objId string, runtime *plugin.Runtime
  ingressTls, err := CreateResource(runtime, "k8s.ingresstls", map[string]*llx.RawData{
  "id": llx.StringData(fmt.Sprintf("%s-tls%d", objId, i)),
  "hosts": llx.ArrayData(convert.SliceAnyToInterface(tls.Hosts), types.String),
- "certificates": llx.ArrayData(secret.Certificates.Data, types.Resource("core.certificate")),
+ "certificates": llx.ArrayData(secret.Certificates.Data, types.Resource("network.certificate")),
  })
  if err != nil {
  return nil, fmt.Errorf("error creating k8s.ingresstls: %s", err)

diff --git a/providers/k8s/resources/k8s.lr b/providers/k8s/resources/k8s.lr
@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: BUSL-1.1
 
 import "../../os/resources/os.lr"
+import "../../network/resources/network.lr"
 
 option provider = "go.mondoo.com/cnquery/providers/k8s"
 option go_package = "go.mondoo.com/cnquery/providers/k8s/resources"
@@ -465,7 +466,7 @@ private k8s.secret @defaults("namespace name created") {
  // Secret type
  type string
  // Secret certificates
- certificates() []certificate
+ certificates() []network.certificate
 }
 
 // Kubernetes ConfigMap
@@ -583,7 +584,7 @@ private k8s.ingresstls {
  // List of hosts associated with TLS certificate
  hosts []string
  // Certificates data from TLS Secret
- certificates []core.certificate
+ certificates []network.certificate
 }
 
 // Kubernetes Ingress
@@ -611,7 +612,7 @@ private k8s.ingress @defaults("namespace name created") {
  // Ingress rules
  rules []k8s.ingressrule
  // Ingress TLS data
- tls []k8s.ingresstls
+ tls() []k8s.ingresstls
 }
 
 // Kubernetes Service Account

diff --git a/providers/k8s/resources/k8s.lr.go b/providers/k8s/resources/k8s.lr.go