zkck commented 2 years ago

This PR introduces GKE/Kubernetes cluster enumeration capabilities.

Allows enumeration from different starting points, such as:
- GKE Cluster
- K8s Cluster
- K8s Workload
- K8s Service
- K8s Node
- ...
Allows different enumeration methods, such as:
- Enumerating to logger
- Enumeration string
- JSON enumeration
Generic Enumeration class
- Subclasses can be introduced in the enumeration at any level
- Overriding the _Populate method determines the table displayed in the enumeration
- Overriding the _Children method determines how the enumeration continues from the subclass

Discussion points for reviewer:

Right now a warning is underlined, but there may be a better way to do this.
Is there any information that you think I missed in the _Populate methods?

Example script (updated 16.09.2021):

from pprint import pprint

import libcloudforensics.providers.kubernetes.enumerations.gcp
import libcloudforensics.providers.kubernetes.enumerations.base
from libcloudforensics.providers.gcp.internal import gke
from libcloudforensics.providers.kubernetes import enumerations

# Enumerate from GKE cluster level, in default namespace
gke_cluster = gke.GkeCluster('cluster-id', 'zone-id', 'cluster-id')
gke_cluster_enumeration = enumerations.gcp.GkeClusterEnumeration(gke_cluster)
gke_cluster_enumeration.Enumerate(namespace='default')

cluster = gke_cluster.GetK8sCluster()

# Enumerate from K8s workload level
workload = cluster.GetDeployment('nginx', 'default')
workload_enumeration = enumerations.base.WorkloadEnumeration(workload)
workload_enumeration.Enumerate()

# Enumerate from K8s service level
service = cluster.GetService('nginx-service', 'default')
service_enumeration = enumerations.base.ServiceEnumeration(service)
service_enumeration.Enumerate()

# Get enumeration string instead of logging
enumeration_string = gke_cluster_enumeration.Enumerate(namespace='default', silent=True)
print(enumeration_string)

# Get JSON dict
enumeration_json = gke_cluster_enumeration.ToJson()
pprint(enumeration_json)

zkck commented 2 years ago

[2021-09-14 13:06:37,504] [libcloudforensics.providers.kubernetes.enumeration] INFO     Service
[2021-09-14 13:06:37,509] [libcloudforensics.providers.kubernetes.enumeration] INFO     -------------------------
[2021-09-14 13:06:37,509] [libcloudforensics.providers.kubernetes.enumeration] INFO     Name      : nginx-service
[2021-09-14 13:06:37,509] [libcloudforensics.providers.kubernetes.enumeration] INFO     Namespace : default
[2021-09-14 13:06:37,509] [libcloudforensics.providers.kubernetes.enumeration] INFO     Type      : ClusterIP
[2021-09-14 13:06:37,509] [libcloudforensics.providers.kubernetes.enumeration] INFO     -------------------------
[2021-09-14 13:06:37,541] [libcloudforensics.providers.kubernetes.enumeration] INFO         Pod
[2021-09-14 13:06:37,542] [libcloudforensics.providers.kubernetes.enumeration] INFO         --------------------------------
[2021-09-14 13:06:37,542] [libcloudforensics.providers.kubernetes.enumeration] INFO         Name      : <REDACTED_POD_NAME>
[2021-09-14 13:06:37,542] [libcloudforensics.providers.kubernetes.enumeration] INFO         Namespace : default
[2021-09-14 13:06:37,542] [libcloudforensics.providers.kubernetes.enumeration] INFO         Node      : <REDACTED_NODE_NAME>
[2021-09-14 13:06:37,542] [libcloudforensics.providers.kubernetes.enumeration] INFO         --------------------------------
[2021-09-14 13:06:37,575] [libcloudforensics.providers.kubernetes.enumeration] INFO             Container
[2021-09-14 13:06:37,575] [libcloudforensics.providers.kubernetes.enumeration] INFO             --------------------------
[2021-09-14 13:06:37,575] [libcloudforensics.providers.kubernetes.enumeration] INFO             Name   : nginx
[2021-09-14 13:06:37,575] [libcloudforensics.providers.kubernetes.enumeration] INFO             Image  : nginx
[2021-09-14 13:06:37,575] [libcloudforensics.providers.kubernetes.enumeration] INFO             Mounts : <REDACTED_MOUNTS>
[2021-09-14 13:06:37,575] [libcloudforensics.providers.kubernetes.enumeration] INFO             --------------------------
[2021-09-14 13:06:37,575] [libcloudforensics.providers.kubernetes.enumeration] INFO             Volume
[2021-09-14 13:06:37,576] [libcloudforensics.providers.kubernetes.enumeration] INFO             -----------------------------
[2021-09-14 13:06:37,576] [libcloudforensics.providers.kubernetes.enumeration] INFO             Name : <REDACTED_VOLUME_NAME>
[2021-09-14 13:06:37,576] [libcloudforensics.providers.kubernetes.enumeration] INFO             Type : secret
[2021-09-14 13:06:37,576] [libcloudforensics.providers.kubernetes.enumeration] INFO             -----------------------------
[2021-09-14 13:06:37,576] [libcloudforensics.providers.kubernetes.enumeration] INFO         Pod
[2021-09-14 13:06:37,576] [libcloudforensics.providers.kubernetes.enumeration] INFO         --------------------------------
[2021-09-14 13:06:37,576] [libcloudforensics.providers.kubernetes.enumeration] INFO         Name      : <REDACTED_POD_NAME>
[2021-09-14 13:06:37,576] [libcloudforensics.providers.kubernetes.enumeration] INFO         Namespace : default
[2021-09-14 13:06:37,576] [libcloudforensics.providers.kubernetes.enumeration] INFO         Node      : <REDACTED_NODE_NAME>
[2021-09-14 13:06:37,576] [libcloudforensics.providers.kubernetes.enumeration] INFO         --------------------------------
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO             Container
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO             --------------------------
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO             Name   : nginx
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO             Image  : nginx
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO             Mounts : <REDACTED_MOUNTS>
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO             --------------------------
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO             Volume
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO             -----------------------------
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO             Name : <REDACTED_VOLUME_NAME>
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO             Type : secret
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO             -----------------------------
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO         Pod
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO         --------------------------------
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO         Name      : <REDACTED_POD_NAME>
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO         Namespace : default
[2021-09-14 13:06:37,613] [libcloudforensics.providers.kubernetes.enumeration] INFO         Node      : <REDACTED_NODE_NAME>
[2021-09-14 13:06:37,614] [libcloudforensics.providers.kubernetes.enumeration] INFO         --------------------------------
[2021-09-14 13:06:37,651] [libcloudforensics.providers.kubernetes.enumeration] INFO             Container
[2021-09-14 13:06:37,651] [libcloudforensics.providers.kubernetes.enumeration] INFO             --------------------------
[2021-09-14 13:06:37,651] [libcloudforensics.providers.kubernetes.enumeration] INFO             Name   : nginx
[2021-09-14 13:06:37,651] [libcloudforensics.providers.kubernetes.enumeration] INFO             Image  : nginx
[2021-09-14 13:06:37,651] [libcloudforensics.providers.kubernetes.enumeration] INFO             Mounts : <REDACTED_MOUNTS>
[2021-09-14 13:06:37,651] [libcloudforensics.providers.kubernetes.enumeration] INFO             --------------------------
[2021-09-14 13:06:37,651] [libcloudforensics.providers.kubernetes.enumeration] INFO             Volume
[2021-09-14 13:06:37,651] [libcloudforensics.providers.kubernetes.enumeration] INFO             -----------------------------
[2021-09-14 13:06:37,651] [libcloudforensics.providers.kubernetes.enumeration] INFO             Name : <REDACTED_VOLUME_NAME>
[2021-09-14 13:06:37,651] [libcloudforensics.providers.kubernetes.enumeration] INFO             Type : secret
[2021-09-14 13:06:37,651] [libcloudforensics.providers.kubernetes.enumeration] INFO             -----------------------------

zkck commented 2 years ago

This is how a warning looks right now:

[2021-09-15 09:27:31,257] [libcloudforensics.providers.kubernetes.enumeration] INFO             Container
[2021-09-15 09:27:31,258] [libcloudforensics.providers.kubernetes.enumeration] INFO             ------------------------------------
[2021-09-15 09:27:31,258] [libcloudforensics.providers.kubernetes.enumeration] INFO             Name       : nginx
[2021-09-15 09:27:31,258] [libcloudforensics.providers.kubernetes.enumeration] INFO             Image      : nginx
[2021-09-15 09:27:31,258] [libcloudforensics.providers.kubernetes.enumeration] INFO             Mounts     : ['default-token-aaaa']
[2021-09-15 09:27:31,258] [libcloudforensics.providers.kubernetes.enumeration] INFO             Privileged : Yes
[2021-09-15 09:27:31,258] [libcloudforensics.providers.kubernetes.enumeration] INFO             ------------------------------------

codecov-commenter commented 2 years ago

Codecov Report

:exclamation: No coverage uploaded for pull request base (main@d982d40). Click here to learn what that means. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #391   +/-   ##
=======================================
  Coverage        ?   58.29%           
=======================================
  Files           ?       48           
  Lines           ?     3700           
  Branches        ?        0           
=======================================
  Hits            ?     2157           
  Misses          ?     1543           
  Partials        ?        0

Flag	Coverage Δ
nosetests	`58.29% <0.00%> (?)`

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update d982d40...66942e5. Read the comment docs.

google / cloud-forensics-utils

Kubernetes enumeration functionality #391

Codecov Report