Publish kilt golang library

Signed-off-by: Radu Andries <radu.andries@sysdig.com>

Author: Radu Andries

.gitignore

@@ -0,0 +1 @@
+.idea/

pkg/go.mod

@@ -0,0 +1,8 @@
+module github.com/falcosecurity/kilt/pkg
+
+go 1.15
+
+require (
+	github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665
+	github.com/stretchr/testify v1.6.1
+)

pkg/go.sum

@@ -0,0 +1,13 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665 h1:Iz3aEheYgn+//VX7VisgCmF/wW3BMtXCLbvHV4jMQJA=
+github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665/go.mod h1:19bUnum2ZAeftfwwLZ/wRe7idyfoW2MfmXO464Hrfbw=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

pkg/hocon/build.go

@@ -0,0 +1,42 @@
+package hocon
+
+import (
+	"fmt"
+	"github.com/falcosecurity/kilt/pkg/kilt"
+	"github.com/go-akka/configuration"
+)
+
+func extractBuild(config *configuration.Config) (*kilt.Build, error) {
+	b := new(kilt.Build)
+
+	b.Image = config.GetString("build.image")
+	b.EntryPoint = config.GetStringList("build.entry_point")
+	b.Command = config.GetStringList("build.command")
+
+	b.EnvironmentVariables = extractToStringMap(config, "build.environment_variables")
+
+	if config.IsArray("build.mount") {
+		mounts := config.GetValue("build.mount").GetArray()
+
+		for k, m := range mounts {
+			if m.IsObject() {
+				mount := m.GetObject()
+
+				resource := kilt.BuildResource{
+					Name:       mount.GetKey("name").GetString(),
+					Image:      mount.GetKey("image").GetString(),
+					Volumes:    mount.GetKey("volumes").GetStringList(),
+					EntryPoint: mount.GetKey("entry_point").GetStringList(),
+				}
+
+				if resource.Image == "" || len(resource.Volumes) == 0 || len(resource.EntryPoint) == 0 {
+					return nil, fmt.Errorf("error at build.mount.%d: image, volumes and entry_point are all required ", k)
+				}
+
+				b.Resources = append(b.Resources, resource)
+			}
+		}
+	}
+
+	return b, nil
+}

pkg/hocon/fixtures/input.json

@@ -0,0 +1,7 @@
+{
+  "image": "busybox:latest",
+  "container_name": "test",
+  "container_group_name": "test_group",
+  "entry_point": ["/bin/stuff"],
+  "command": ["/bin/sh"]
+}

pkg/hocon/fixtures/kilt.cfg

@@ -0,0 +1,27 @@
+build {
+    entry_point: [/falco/pdig] ${?original.entry_point}
+    environment_variables: {
+        TEST: "true"
+    }
+    mount: [
+        {
+            name: "TestImage"
+            image: "falco/falco:latest"
+            volumes: ["/falco"]
+            entry_point: ["/falco/waitforever"]
+        }
+    ]
+}
+runtime {
+    upload: [
+        {
+            url: "https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/"
+            as: "/bin/kubectl"
+        }
+    ]
+    exec: [
+        {
+            run: ["/bin/kubectl", "--version"]
+        }
+    ]
+}

pkg/hocon/hocon.go

@@ -0,0 +1,60 @@
+package hocon
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/falcosecurity/kilt/pkg/kilt"
+	"github.com/go-akka/configuration"
+)
+
+var defaults = `
+build {
+	entry_point: ${original.entry_point}
+	command: ${original.command}
+	image: ${original.image}
+	environment_variables: ${original.environment_variables}
+
+	mount: []
+}
+`
+
+type KiltHocon struct {
+	definition string
+}
+
+func NewKiltHocon(definition string) *KiltHocon {
+	h := new(KiltHocon)
+	h.definition = definition
+	return h
+}
+
+func (k *KiltHocon) prepareFullStringConfig(info *kilt.TargetInfo) (*configuration.Config, error) {
+	rawVars, err := json.Marshal(info)
+	if err != nil {
+		return nil, fmt.Errorf("could not serialize info: %w", err)
+	}
+	configString := "original:" + string(rawVars) + "\n" + defaults + k.definition
+
+	return configuration.ParseString(configString), nil
+}
+
+func (k *KiltHocon) Build(info *kilt.TargetInfo) (*kilt.Build, error) {
+	config, err := k.prepareFullStringConfig(info)
+	if err != nil {
+		return nil, fmt.Errorf("could not assemble full config: %w", err)
+	}
+
+	return extractBuild(config)
+}
+
+func (k *KiltHocon) Runtime(info *kilt.TargetInfo) (*kilt.Runtime, error) {
+	config, err := k.prepareFullStringConfig(info)
+	if err != nil {
+		return nil, fmt.Errorf("could not assemble full config: %w", err)
+	}
+	if ! config.HasPath("runtime"){
+		return nil, fmt.Errorf("definition does not have a runtime section")
+	}
+	return extractRuntime(config)
+}
+

pkg/hocon/hocon_test.go

@@ -0,0 +1,40 @@
+package hocon
+
+import (
+	"encoding/json"
+	"github.com/falcosecurity/kilt/pkg/kilt"
+	"github.com/stretchr/testify/assert"
+	"io/ioutil"
+	"testing"
+)
+
+func TestSimpleRuntime(t *testing.T) {
+	targetInfoString, _ := ioutil.ReadFile("./fixtures/input.json")
+	definitionString, _ := ioutil.ReadFile("./fixtures/kilt.cfg")
+	k := NewKiltHocon(string(definitionString))
+	info := new(kilt.TargetInfo)
+	_ = json.Unmarshal(targetInfoString, info)
+	r, _ := k.Runtime(info)
+
+	assert.Equal(t, 1, len(r.Uploads), "expected 1 executable")
+	assert.Equal(t, "https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/",
+		r.Uploads[0].Payload.Contents)
+	assert.Equal(t, kilt.URL, r.Uploads[0].Payload.Type)
+
+	assert.Equal(t, 1, len(r.Executables))
+	assert.Equal(t, "/bin/kubectl", r.Executables[0].Run[0])
+}
+
+func TestSimpleBuild(t *testing.T) {
+	targetInfoString, _ := ioutil.ReadFile("./fixtures/input.json")
+	definitionString, _ := ioutil.ReadFile("./fixtures/kilt.cfg")
+	k := NewKiltHocon(string(definitionString))
+	info := new(kilt.TargetInfo)
+	_ = json.Unmarshal(targetInfoString, info)
+	b, _ := k.Build(info)
+
+	assert.Equal(t, "busybox:latest", b.Image)
+	assert.Equal(t, "/falco/pdig", b.EntryPoint[0])
+	assert.Equal(t, "true", b.EnvironmentVariables["TEST"])
+	assert.Equal(t, 1, len(b.Resources))
+}

pkg/hocon/payload.go

@@ -0,0 +1,35 @@
+package hocon
+
+import (
+	"fmt"
+	"github.com/falcosecurity/kilt/pkg/kilt"
+	"github.com/go-akka/configuration/hocon"
+)
+
+func retrievePayload(object *hocon.HoconObject) (*kilt.Payload, error) {
+	payload := new(kilt.Payload)
+	payload.Type = kilt.Unknown
+	if object.GetKey("url").IsString() {
+		payload.Contents = object.GetKey("url").GetString()
+		payload.Type = kilt.URL
+	} else if object.GetKey("file").IsString() {
+		payload.Contents = object.GetKey("file").GetString()
+		payload.Type = kilt.LocalPath
+	} else if object.GetKey("payload").IsString() {
+		payload.Contents = object.GetKey("payload").GetString()
+		payload.Type = kilt.Base64
+	} else if object.GetKey("text").IsString() {
+		payload.Contents = object.GetKey("text").GetString()
+		payload.Type = kilt.Text
+	}
+	if object.GetKey("gzipped") != nil && object.GetKey("gzipped").IsString() && object.GetKey("gzipped").GetBoolean() {
+		payload.Gzipped = true
+	}
+
+	if payload.Type == kilt.Unknown {
+		return nil, fmt.Errorf("could not identify payload type for %s", object.ToString(1))
+	}
+
+
+	return payload, nil
+}

pkg/hocon/runtime.go

@@ -0,0 +1,60 @@
+package hocon
+
+import (
+	"fmt"
+	"github.com/falcosecurity/kilt/pkg/kilt"
+	"github.com/go-akka/configuration"
+)
+
+func extractRuntime(config *configuration.Config) (*kilt.Runtime, error) {
+	r := new(kilt.Runtime)
+
+	if config.IsArray("runtime.upload") {
+		uploads := config.GetValue("runtime.upload").GetArray()
+
+		for k, u := range uploads {
+			if u.IsObject() {
+				var err error
+				upload := u.GetObject()
+
+				newUpload := new(kilt.RuntimeUpload)
+
+				newUpload.Payload, err = retrievePayload(upload)
+
+				if err != nil {
+					return nil, fmt.Errorf("could not extract payload for entry %d: %w", k, err)
+				}
+
+				newUpload.Destination = upload.GetKey("as").GetString()
+
+				if newUpload.Destination == "" {
+					return nil, fmt.Errorf("could not extract destination for entry %d: 'as' cannot be empty", k)
+				}
+
+				newUpload.Uid = getWithDefaultUint16(upload, "uid", kilt.DefaultUserID)
+				newUpload.Gid = getWithDefaultUint16(upload, "gid", kilt.DefaultGroupID)
+				newUpload.Permissions = getWithDefaultUint32(upload, "permissions", kilt.DefaultPermissions)
+
+				r.Uploads = append(r.Uploads, *newUpload)
+			}
+		}
+	}
+
+	if config.IsArray("runtime.exec") {
+		for k, e := range config.GetValue("runtime.exec").GetArray() {
+			if e.IsObject() {
+				exec := e.GetObject()
+
+				execParams := exec.GetKey("run").GetStringList()
+
+				if len(execParams) == 0 {
+					return nil, fmt.Errorf("could not add exec at entry %d: run cannot have 0 arguments", k)
+				}
+
+				r.Executables = append(r.Executables, kilt.RuntimeExecutable{Run: execParams})
+			}
+		}
+	}
+
+	return r, nil
+}

pkg/hocon/util.go

@@ -0,0 +1,44 @@
+package hocon
+
+import (
+	"github.com/go-akka/configuration"
+	"github.com/go-akka/configuration/hocon"
+)
+
+func extractToStringMap(config *configuration.Config, path string) map[string]string {
+	value := make(map[string]string)
+
+	if config.HasPath(path) && config.IsObject(path) {
+		obj := config.GetNode(path).GetObject()
+
+		for k, v := range obj.Items() {
+			value[k] = v.GetString()
+		}
+	}
+
+	return value
+}
+
+func getWithDefaultUint16(object *hocon.HoconObject, key string, fallback uint16) uint16 {
+	t := object.GetKey(key)
+
+	if t == nil || t.IsEmpty() {
+		return fallback
+	}
+
+	return uint16(t.GetInt32())
+}
+
+func getWithDefaultUint32(object *hocon.HoconObject, key string, fallback uint32) uint32 {
+	t := object.GetKey(key)
+
+	if  t==nil ||  t.IsEmpty() {
+		return fallback
+	}
+
+	return uint32(t.GetInt64())
+}
+
+func emptyIncludeCallback(filename string) *hocon.HoconRoot {
+	return hocon.Parse("", emptyIncludeCallback)
+}

pkg/kilt/kilt.go

@@ -0,0 +1,21 @@
+package kilt
+
+
+
+type Kilt struct {
+	definition LanguageInterface
+}
+
+func NewKilt(impl LanguageInterface) *Kilt {
+	k := new(Kilt)
+	k.definition = impl
+	return k
+}
+
+func (k *Kilt) Build(info *TargetInfo) (*Build, error) {
+	return k.definition.Build(info)
+}
+
+func (k *Kilt) Runtime(info *TargetInfo) (*Runtime, error) {
+	return k.definition.Runtime(info)
+}