diff --git a/admission/rules/v1/r2000_exec_to_pod.go b/admission/rules/v1/r2000_exec_to_pod.go index adaa1e7..3220892 100644 --- a/admission/rules/v1/r2000_exec_to_pod.go +++ b/admission/rules/v1/r2000_exec_to_pod.go @@ -77,6 +77,13 @@ func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access inte return nil } + object := event.GetObject().(*unstructured.Unstructured) + containerName, isOk, err := unstructured.NestedString(object.Object, "container") + if !isOk || err != nil { + logger.L().Error("Failed to get container name", helpers.Error(err)) + containerName = "" + } + ruleFailure := GenericRuleFailure{ BaseRuntimeAlert: apitypes.BaseRuntimeAlert{ AlertName: rule.Name(), @@ -90,7 +97,7 @@ func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access inte RequestNamespace: event.GetNamespace(), Resource: event.GetResource(), Operation: event.GetOperation(), - Object: event.GetObject().(*unstructured.Unstructured), + Object: object, Subresource: event.GetSubresource(), UserInfo: &user.DefaultInfo{ Name: event.GetUserInfo().GetName(), @@ -107,14 +114,13 @@ func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access inte RuleDescription: fmt.Sprintf("Exec to pod detected on pod %s", event.GetName()), }, RuntimeAlertK8sDetails: apitypes.RuntimeAlertK8sDetails{ - PodName: event.GetName(), - Namespace: event.GetNamespace(), - PodNamespace: event.GetNamespace(), + PodName: event.GetName(), + Namespace: event.GetNamespace(), WorkloadName: workloadName, WorkloadNamespace: workloadNamespace, WorkloadKind: workloadKind, NodeName: nodeName, - + ContainerName: containerName, }, RuleID: R2000ID, } diff --git a/admission/rules/v1/r2000_exec_to_pod_test.go b/admission/rules/v1/r2000_exec_to_pod_test.go index 3cd3540..88c8aad 100644 --- a/admission/rules/v1/r2000_exec_to_pod_test.go +++ b/admission/rules/v1/r2000_exec_to_pod_test.go @@ -41,7 +41,6 @@ func TestR2000(t *testing.T) { result := rule.ProcessEvent(event, objectcache.KubernetesCacheMockImpl{}) assert.NotNil(t, result) - assert.Equal(t, "test-namespace", result.GetRuntimeAlertK8sDetails().PodNamespace) assert.Equal(t, "test-workload", result.GetRuntimeAlertK8sDetails().WorkloadName) assert.Equal(t, "test-namespace", result.GetRuntimeAlertK8sDetails().WorkloadNamespace) assert.Equal(t, "ReplicaSet", result.GetRuntimeAlertK8sDetails().WorkloadKind) diff --git a/admission/rules/v1/r2001_portforward.go b/admission/rules/v1/r2001_portforward.go index 6519b4a..c7b26ff 100644 --- a/admission/rules/v1/r2001_portforward.go +++ b/admission/rules/v1/r2001_portforward.go @@ -76,6 +76,12 @@ func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access in logger.L().Error("Failed to get parent workload details", helpers.Error(err)) return nil } + object := event.GetObject().(*unstructured.Unstructured) + containerName, isOk, err := unstructured.NestedString(object.Object, "container") + if !isOk || err != nil { + logger.L().Error("Failed to get container name", helpers.Error(err)) + containerName = "" + } ruleFailure := GenericRuleFailure{ BaseRuntimeAlert: apitypes.BaseRuntimeAlert{ @@ -90,7 +96,7 @@ func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access in RequestNamespace: event.GetNamespace(), Resource: event.GetResource(), Operation: event.GetOperation(), - Object: event.GetObject().(*unstructured.Unstructured), + Object: object, Subresource: event.GetSubresource(), UserInfo: &user.DefaultInfo{ Name: event.GetUserInfo().GetName(), @@ -109,12 +115,11 @@ func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access in RuntimeAlertK8sDetails: apitypes.RuntimeAlertK8sDetails{ PodName: event.GetName(), Namespace: event.GetNamespace(), - PodNamespace: event.GetNamespace(), WorkloadName: workloadName, WorkloadNamespace: workloadNamespace, WorkloadKind: workloadKind, NodeName: nodeName, - + ContainerName: containerName, }, RuleID: R2001ID, } diff --git a/admission/rules/v1/r2001_portforward_test.go b/admission/rules/v1/r2001_portforward_test.go index d76ea27..320170a 100644 --- a/admission/rules/v1/r2001_portforward_test.go +++ b/admission/rules/v1/r2001_portforward_test.go @@ -41,7 +41,6 @@ func TestR2001(t *testing.T) { result := rule.ProcessEvent(event, objectcache.KubernetesCacheMockImpl{}) assert.NotNil(t, result) - assert.Equal(t, "test-namespace", result.GetRuntimeAlertK8sDetails().PodNamespace) assert.Equal(t, "test-workload", result.GetRuntimeAlertK8sDetails().WorkloadName) assert.Equal(t, "test-namespace", result.GetRuntimeAlertK8sDetails().WorkloadNamespace) assert.Equal(t, "ReplicaSet", result.GetRuntimeAlertK8sDetails().WorkloadKind)