Add Cloud account id to Agent node data (#1646)

* #1643 report account id for host and k8s nodes
deepfence · Oct 6, 2023 · 1fb2669 · 1fb2669
1 parent 4006084
commit 1fb2669
Show file tree

Hide file tree

Showing 10 changed files with 52 additions and 37 deletions.
diff --git a/deepfence_agent/tools/apache/deepfence/df-utils/cloud_metadata/cloud_metadata.go b/deepfence_agent/tools/apache/deepfence/df-utils/cloud_metadata/cloud_metadata.go
@@ -423,6 +423,40 @@ func GetGenericMetadata(onlyValidate bool) (CloudMetadata, error) {
 	return genericMetadata, nil
 }
 
+func GetCloudMetadata() CloudMetadata {
+	// Check if AWS
+	cloudMetadata, err := GetAWSMetadata(false)
+	if err == nil {
+		return cloudMetadata
+	}
+	// Check if Google Cloud
+	cloudMetadata, err = GetGoogleCloudMetadata(false)
+	if err == nil {
+		return cloudMetadata
+	}
+	// Check if Azure
+	cloudMetadata, err = GetAzureMetadata(false)
+	if err == nil {
+		return cloudMetadata
+	}
+	// Check if Digital Ocean
+	cloudMetadata, err = GetDigitalOceanMetadata(false)
+	if err == nil {
+		return cloudMetadata
+	}
+	// Check if AWS ECS / Fargate
+	cloudMetadata, err = GetAWSFargateMetadata(false)
+	if err == nil {
+		return cloudMetadata
+	}
+	// Check if Softlayer
+	cloudMetadata, err = GetSoftlayerMetadata(false)
+	if err == nil {
+		return cloudMetadata
+	}
+	return CloudMetadata{InstanceID: "", CloudProvider: "private_cloud"}
+}
+
 func DetectCloudServiceProvider() string {
 	// Check if AWS
 	_, err := GetAWSMetadata(true)

diff --git a/deepfence_agent/tools/apache/deepfence/df-utils/get_cloud_instance_id/main.go b/deepfence_agent/tools/apache/deepfence/df-utils/get_cloud_instance_id/main.go
@@ -6,42 +6,8 @@ import (
 	"github.com/deepfence/df-utils/cloud_metadata"
 )
 
-func GetCloudMetadata() cloud_metadata.CloudMetadata {
-	// Check if AWS
-	cloudMetadata, err := cloud_metadata.GetAWSMetadata(false)
-	if err == nil {
-		return cloudMetadata
-	}
-	// Check if Google Cloud
-	cloudMetadata, err = cloud_metadata.GetGoogleCloudMetadata(false)
-	if err == nil {
-		return cloudMetadata
-	}
-	// Check if Azure
-	cloudMetadata, err = cloud_metadata.GetAzureMetadata(false)
-	if err == nil {
-		return cloudMetadata
-	}
-	// Check if Digital Ocean
-	cloudMetadata, err = cloud_metadata.GetDigitalOceanMetadata(false)
-	if err == nil {
-		return cloudMetadata
-	}
-	// Check if AWS ECS / Fargate
-	cloudMetadata, err = cloud_metadata.GetAWSFargateMetadata(false)
-	if err == nil {
-		return cloudMetadata
-	}
-	// Check if Softlayer
-	cloudMetadata, err = cloud_metadata.GetSoftlayerMetadata(false)
-	if err == nil {
-		return cloudMetadata
-	}
-	return cloud_metadata.CloudMetadata{InstanceID: "", CloudProvider: "private_cloud"}
-}
-
 func main() {
-	cloudMetadata := GetCloudMetadata()
+	cloudMetadata := cloud_metadata.GetCloudMetadata()
 	if cloudMetadata.InstanceID != "" {
 		fmt.Print(cloudMetadata.InstanceID)
 	}

diff --git a/deepfence_agent/tools/apache/scope/probe/host/reporter.go b/deepfence_agent/tools/apache/scope/probe/host/reporter.go
@@ -386,6 +386,7 @@ func (r *Reporter) Report() (report.Report, error) {
 				IsConsoleVm:         r.IsConsoleVm,
 				AgentRunning:        true,
 				LocalCIDRs:          localCIDRs,
+				CloudAccountID:      cloudMetadata.AccountID,
 				CloudProvider:       cloudProvider,
 				CloudRegion:         cloudMetadata.Region,
 				InstanceID:          cloudMetadata.InstanceID,

diff --git a/deepfence_agent/tools/apache/scope/probe/kubernetes/kubernetes_cluster.go b/deepfence_agent/tools/apache/scope/probe/kubernetes/kubernetes_cluster.go
@@ -13,12 +13,14 @@ type KubernetesClusterResource interface {
 }
 
 type kubernetesCluster struct {
-	cloudProvider string
+	cloudProvider  string
+	cloudAccountID string
 }
 
 // NewKubernetesClusterResource creates a new Cluster node
 func NewKubernetesClusterResource() KubernetesClusterResource {
-	return &kubernetesCluster{cloudProvider: cloud_metadata.DetectCloudServiceProvider()}
+	metadata := cloud_metadata.GetCloudMetadata()
+	return &kubernetesCluster{cloudProvider: metadata.CloudProvider, cloudAccountID: metadata.AccountID}
 }
 
 func (k *kubernetesCluster) GetNode() report.TopologyNode {
@@ -31,6 +33,7 @@ func (k *kubernetesCluster) GetNode() report.TopologyNode {
 		KubernetesClusterName: kubernetesClusterName,
 		CloudProvider:         k.cloudProvider,
 		AgentRunning:          true,
+		CloudAccountID:        k.cloudAccountID,
 	}
 	return report.TopologyNode{
 		Metadata: metadata,

diff --git a/deepfence_agent/tools/apache/scope/report/metadata.go b/deepfence_agent/tools/apache/scope/report/metadata.go
@@ -30,6 +30,7 @@ type Metadata struct {
 	// cloud metadata
 	InstanceID       string   `json:"instance_id,omitempty"`
 	CloudProvider    string   `json:"cloud_provider,omitempty"`
+	CloudAccountID   string   `json:"cloud_account_id,omitempty"`
 	InstanceType     string   `json:"instance_type,omitempty"`
 	PublicIP         []string `json:"public_ip,omitempty"`
 	PrivateIP        []string `json:"private_ip,omitempty"`

diff --git a/deepfence_server/apiDocs/operation.go b/deepfence_server/apiDocs/operation.go
@@ -784,4 +784,7 @@ func (d *OpenApiDocs) AddCompletionOperations() {
 	d.AddOperation("completeVulnerabilityInfo", http.MethodPost, "/deepfence/complete/vulnerability",
 		"Get Completion for vulnerability fields", "Complete vulnerability info",
 		http.StatusOK, []string{tagCompletion}, bearerToken, new(CompletionNodeFieldReq), new(CompletionNodeFieldRes))
+	d.AddOperation("completeHostInfo", http.MethodPost, "/deepfence/complete/host",
+		"Get Completion for host fields", "Complete host info",
+		http.StatusOK, []string{tagCompletion}, bearerToken, new(CompletionNodeFieldReq), new(CompletionNodeFieldRes))
 }
diff --git a/deepfence_server/handler/completion.go b/deepfence_server/handler/completion.go
@@ -18,6 +18,10 @@ func (h *Handler) CompleteVulnerabilityInfo(w http.ResponseWriter, r *http.Reque
 	genericCompleteInfoHandler[model.VulnerabilityRule](w, r, h)
 }
 
+func (h *Handler) CompleteHostInfo(w http.ResponseWriter, r *http.Request) {
+	genericCompleteInfoHandler[model.Host](w, r, h)
+}
+
 func genericCompleteInfoHandler[T reporters.Cypherable](w http.ResponseWriter, r *http.Request, h *Handler) {
 	defer r.Body.Close()
 	var req completion.CompletionNodeFieldReq

diff --git a/deepfence_server/model/lookup.go b/deepfence_server/model/lookup.go
@@ -79,6 +79,7 @@ type Host struct {
 	LocalNetworks             []interface{}    `json:"local_networks" required:"true"`
 	InstanceID                string           `json:"instance_id" required:"true"`
 	CloudProvider             string           `json:"cloud_provider" required:"true"`
+	CloudAccountID            string           `json:"cloud_account_id" required:"true"`
 	InstanceType              string           `json:"instance_type" required:"true"`
 	PublicIP                  []interface{}    `json:"public_ip" required:"true"`
 	PrivateIP                 []interface{}    `json:"private_ip" required:"true"`

diff --git a/deepfence_server/pkg/scope/report/metadata.go b/deepfence_server/pkg/scope/report/metadata.go
@@ -30,6 +30,7 @@ type Metadata struct {
 	// cloud metadata
 	InstanceID       string   `json:"instance_id,omitempty"`
 	CloudProvider    string   `json:"cloud_provider,omitempty"`
+	CloudAccountID   string   `json:"cloud_account_id,omitempty"`
 	InstanceType     string   `json:"instance_type,omitempty"`
 	PublicIP         []string `json:"public_ip,omitempty"`
 	PrivateIP        []string `json:"private_ip,omitempty"`

diff --git a/deepfence_server/router/router.go b/deepfence_server/router/router.go
@@ -253,6 +253,7 @@ func SetupRoutes(r *chi.Mux, serverPort string, serveOpenapiDocs bool, ingestC c
 			r.Route("/complete", func(r chi.Router) {
 				r.Post("/process", dfHandler.CompleteProcessInfo)
 				r.Post("/vulnerability", dfHandler.CompleteVulnerabilityInfo)
+				r.Post("/host", dfHandler.CompleteHostInfo)
 			})
 
 			r.Route("/search", func(r chi.Router) {