search

aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters
Apache License 2.0
4.71k stars 581 forks source link

WIP: Refactor subscribe mechanism #351

Closed iyehuda closed 2 years ago

iyehuda commented 4 years ago

Description

Change the way you subscribe to events. Make the pubsub mechanism a (almost) standalone package. Potentially, it can become a separate package that supplies pubsub mechanism in python.

Previous state: kube-hunter keeps a global instance of kube_hunter.core.EventQueue called handler which gets instantiated after its class is defined. Every hunter imports the handler variable and uses it to subscribe to events using handler.subscribe. Hunters use handler.publish_event to publish new events. This is tight coupling makes things hard to test and make import order critical. Reporting classes accessing the handler global variable to get report data and statistics. Reporting and report dispatching is made in a subscriber class.

New state: Put anything that is related to the core engine of pubsub in a new sub-package: kube_hunter.core.pubsub. Create a Subscriber base class that stores a static variable of subscription metadata. Make subscribe a standalone decorator function that adds subscription metadata to the subscriber class. Hunters yield events in their execute method, that are collected by the calling EventQueue. This way hunters don't know about the existenvce of EventQueue for subscription/event publishing. Replace EventQueue.subscribe with EventQueue.register to register a subscriber class using its subscription metadata. Reporters gets the report data as parameters and do not depend on EventQueue. Reporting and dispatching is done in the main function after the hunting process is finished/stopped.

Contribution Guidelines

Please Read through the Contribution Guidelines.

Fixed Issues

Fixes #348 Fixes #339

Contribution checklist

Notes

This is a work in progress and isn't ready yet. Since the subscription contract is broken here, some tests need to be re-written to comply the new mechanism.

CLAassistant commented 2 years ago

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.