Return for each workload if it's a system workload

appsecco · May 8, 2020 · 3039354 · 3039354
1 parent f55069d
commit 3039354
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 12 deletions.
diff --git a/server/src/rest/utils.go b/server/src/rest/utils.go
@@ -1,6 +1,7 @@
 package rest
 
 import (
+	"github.com/toolkits/slice"
 	"kube-scan/risk"
 	"kube-scan/state"
 )
@@ -17,8 +18,9 @@ func GetClusterRiskWorkloads(cluster *state.Cluster) risk.WorkloadRiskDataList {
 	result := make([]*risk.WorkloadRiskData, 0)
 
 	for _, namespace := range cluster.Namespaces {
+		isSystemNamespace := slice.ContainsString(state.SystemNamespaces, namespace.Name)
 		for _, workload := range namespace.GetAllRiskWorkloads() {
-			result = append(result, risk.ToWorkloadRiskData(workload))
+			result = append(result, risk.ToWorkloadRiskData(workload, isSystemNamespace))
 		}
 	}
 

diff --git a/server/src/risk/types.go b/server/src/risk/types.go
@@ -187,20 +187,22 @@ func (w *WorkloadRisk) SetRisk(r *Risk) {
 }
 
 type WorkloadRiskData struct {
-	Kind      string `json:"kind"`
-	Name      string `json:"name"`
-	Namespace string `json:"namespace"`
-	Domain    string `json:"domain"`
-	Risk      *Risk  `json:"risk"`
+	Kind             string `json:"kind"`
+	Name             string `json:"name"`
+	Namespace        string `json:"namespace"`
+	Domain           string `json:"domain"`
+	IsSystemWorkload bool   `json:"isSystemWorkload"`
+	Risk             *Risk  `json:"risk"`
 }
 
-func ToWorkloadRiskData(workload IWorloadRisk) *WorkloadRiskData {
+func ToWorkloadRiskData(workload IWorloadRisk, isSystemWorkload bool) *WorkloadRiskData {
 	return &WorkloadRiskData{
-		Kind:      workload.GetKind(),
-		Name:      workload.GetName(),
-		Namespace: workload.GetNamespace(),
-		Domain:    workload.GetDomain(),
-		Risk:      workload.GetRisk(),
+		Kind:             workload.GetKind(),
+		Name:             workload.GetName(),
+		Namespace:        workload.GetNamespace(),
+		Domain:           workload.GetDomain(),
+		IsSystemWorkload: isSystemWorkload,
+		Risk:             workload.GetRisk(),
 	}
 }
 

diff --git a/server/src/state/cluster.go b/server/src/state/cluster.go
@@ -18,6 +18,8 @@ type Cluster struct {
 	mux sync.Mutex
 }
 
+var SystemNamespaces = []string{"octarine", "kube-system", "kube-public", "octarine-tiller", "istio-system", "octarine-dataplane", "kube-scan"}
+
 func NewState(name string) *Cluster {
 	return &Cluster{
 		Name:       name,