feat(dataupload): replace PostDataReadingsWithOptions with PutSnapshot

- Introduced a new `Snapshot` struct to represent the payload for the
  CyberArk Discovery and Context API.
- Replaced the `PostDataReadingsWithOptions` method with `PutSnapshot`,
  which now uses the `Snapshot` struct and removes the dependency on
  `api.DataReadingsPost`.
- Updated the `retrievePresignedUploadURL` method to accept `clusterID`
  directly instead of relying on `Options`.
- Refactored tests to align with the new `PutSnapshot` method and
  `Snapshot` struct. Removed unused imports and legacy test cases.

Signed-off-by: Richard Wall <[email protected]>

Author: wallrj-cyberark

pkg/internal/cyberark/dataupload/dataupload.go

@@ -12,7 +12,8 @@ import (
 	"net/http"
 	"net/url"
 
-	"github.com/jetstack/preflight/api"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+
 	"github.com/jetstack/preflight/pkg/version"
 )
 
@@ -46,7 +47,27 @@ func New(httpClient *http.Client, baseURL string, authenticateRequest func(req *
 	}
 }
 
-// PostDataReadingsWithOptions PUTs the supplied payload to an [AWS presigned URL] which it obtains via the CyberArk inventory API.
+// snapshot is the JSON that the CyberArk Discovery and Context API expects to
+// be uploaded to the AWS presigned URL.
+type Snapshot struct {
+	AgentVersion        string                       `json:"agent_version"`
+	ClusterID           string                       `json:"cluster_id"`
+	K8SVersion          string                       `json:"k8s_version"`
+	Secrets             []*unstructured.Unstructured `json:"secrets"`
+	ServiceAccounts     []*unstructured.Unstructured `json:"serviceaccounts"`
+	Roles               []*unstructured.Unstructured `json:"roles"`
+	ClusterRoles        []*unstructured.Unstructured `json:"clusterroles"`
+	RoleBindings        []*unstructured.Unstructured `json:"rolebindings"`
+	ClusterRoleBindings []*unstructured.Unstructured `json:"clusterrolebindings"`
+	Jobs                []*unstructured.Unstructured `json:"jobs"`
+	CronJobs            []*unstructured.Unstructured `json:"cronjobs"`
+	Deployments         []*unstructured.Unstructured `json:"deployments"`
+	Statefulsets        []*unstructured.Unstructured `json:"statefulsets"`
+	Daemonsets          []*unstructured.Unstructured `json:"daemonsets"`
+	Pods                []*unstructured.Unstructured `json:"pods"`
+}
+
+// PutSnapshot PUTs the supplied snapshot to an [AWS presigned URL] which it obtains via the CyberArk inventory API.
 // [AWS presigned URL]: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
 //
 // A SHA256 checksum header is included in the request, to verify that the payload
@@ -60,20 +81,16 @@ func New(httpClient *http.Client, baseURL string, authenticateRequest func(req *
 // If you omit that header, it is possible to PUT any data.
 // There is a work around listed in that issue which we have shared with the
 // CyberArk API team.
-func (c *CyberArkClient) PostDataReadingsWithOptions(ctx context.Context, payload api.DataReadingsPost, opts Options) error {
-	if opts.ClusterName == "" {
-		return fmt.Errorf("programmer mistake: the cluster name (aka `cluster_id` in the config file) cannot be left empty")
-	}
-
+func (c *CyberArkClient) PutSnapshot(ctx context.Context, snapshot Snapshot) error {
 	encodedBody := &bytes.Buffer{}
 	hash := sha256.New()
-	if err := json.NewEncoder(io.MultiWriter(encodedBody, hash)).Encode(payload); err != nil {
+	if err := json.NewEncoder(io.MultiWriter(encodedBody, hash)).Encode(snapshot); err != nil {
 		return err
 	}
 	checksum := hash.Sum(nil)
 	checksumHex := hex.EncodeToString(checksum)
 	checksumBase64 := base64.StdEncoding.EncodeToString(checksum)
-	presignedUploadURL, err := c.retrievePresignedUploadURL(ctx, checksumHex, opts)
+	presignedUploadURL, err := c.retrievePresignedUploadURL(ctx, checksumHex, snapshot.ClusterID)
 	if err != nil {
 		return fmt.Errorf("while retrieving snapshot upload URL: %s", err)
 	}
@@ -103,7 +120,7 @@ func (c *CyberArkClient) PostDataReadingsWithOptions(ctx context.Context, payloa
 	return nil
 }
 
-func (c *CyberArkClient) retrievePresignedUploadURL(ctx context.Context, checksum string, opts Options) (string, error) {
+func (c *CyberArkClient) retrievePresignedUploadURL(ctx context.Context, checksum string, clusterID string) (string, error) {
 	uploadURL, err := url.JoinPath(c.baseURL, apiPathSnapshotLinks)
 	if err != nil {
 		return "", err
@@ -114,7 +131,7 @@ func (c *CyberArkClient) retrievePresignedUploadURL(ctx context.Context, checksu
 		Checksum     string `json:"checksum_sha256"`
 		AgentVersion string `json:"agent_version"`
 	}{
-		ClusterID:    opts.ClusterName,
+		ClusterID:    clusterID,
 		Checksum:     checksum,
 		AgentVersion: version.PreflightVersion,
 	}

pkg/internal/cyberark/dataupload/dataupload_test.go

@@ -6,15 +6,13 @@ import (
 	"net/http"
 	"os"
 	"testing"
-	"time"
 
 	"github.com/jetstack/venafi-connection-lib/http_client"
 	"github.com/stretchr/testify/require"
 	"k8s.io/client-go/transport"
 	"k8s.io/klog/v2"
 	"k8s.io/klog/v2/ktesting"
 
-	"github.com/jetstack/preflight/api"
 	"github.com/jetstack/preflight/pkg/internal/cyberark/dataupload"
 	"github.com/jetstack/preflight/pkg/internal/cyberark/identity"
 	"github.com/jetstack/preflight/pkg/internal/cyberark/servicediscovery"
@@ -23,28 +21,7 @@ import (
 	_ "k8s.io/klog/v2/ktesting/init"
 )
 
-func TestCyberArkClient_PostDataReadingsWithOptions(t *testing.T) {
-	fakeTime := time.Unix(123, 0)
-	defaultPayload := api.DataReadingsPost{
-		AgentMetadata: &api.AgentMetadata{
-			Version:   "test-version",
-			ClusterID: "test",
-		},
-		DataGatherTime: fakeTime,
-		DataReadings: []*api.DataReading{
-			{
-				ClusterID:     "success-cluster-id",
-				DataGatherer:  "test-gatherer",
-				Timestamp:     api.Time{Time: fakeTime},
-				Data:          map[string]interface{}{"test": "data"},
-				SchemaVersion: "v1",
-			},
-		},
-	}
-	defaultOpts := dataupload.Options{
-		ClusterName: "success-cluster-id",
-	}
-
+func TestCyberArkClient_PutSnapshot(t *testing.T) {
 	setToken := func(token string) func(*http.Request) error {
 		return func(req *http.Request) error {
 			req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
@@ -54,51 +31,49 @@ func TestCyberArkClient_PostDataReadingsWithOptions(t *testing.T) {
 
 	tests := []struct {
 		name         string
-		payload      api.DataReadingsPost
+		snapshot     dataupload.Snapshot
 		authenticate func(req *http.Request) error
-		opts         dataupload.Options
 		requireFn    func(t *testing.T, err error)
 	}{
 		{
-			name:         "successful upload",
-			payload:      defaultPayload,
-			opts:         defaultOpts,
+			name: "successful upload",
+			snapshot: dataupload.Snapshot{
+				ClusterID:    "success-cluster-id",
+				AgentVersion: "test-version",
+			},
 			authenticate: setToken("success-token"),
 			requireFn: func(t *testing.T, err error) {
 				require.NoError(t, err)
 			},
 		},
 		{
-			name:         "error when cluster name is empty",
-			payload:      defaultPayload,
-			opts:         dataupload.Options{ClusterName: ""},
-			authenticate: setToken("success-token"),
-			requireFn: func(t *testing.T, err error) {
-				require.ErrorContains(t, err, "programmer mistake: the cluster name")
+			name: "error when bearer token is incorrect",
+			snapshot: dataupload.Snapshot{
+				ClusterID:    "test",
+				AgentVersion: "test-version",
 			},
-		},
-		{
-			name:         "error when bearer token is incorrect",
-			payload:      defaultPayload,
-			opts:         defaultOpts,
 			authenticate: setToken("fail-token"),
 			requireFn: func(t *testing.T, err error) {
 				require.ErrorContains(t, err, "while retrieving snapshot upload URL: received response with status code 500: should authenticate using the correct bearer token")
 			},
 		},
 		{
-			name:         "invalid JSON from server (RetrievePresignedUploadURL step)",
-			payload:      defaultPayload,
-			opts:         dataupload.Options{ClusterName: "invalid-json-retrieve-presigned"},
+			name: "invalid JSON from server (RetrievePresignedUploadURL step)",
+			snapshot: dataupload.Snapshot{
+				ClusterID:    "invalid-json-retrieve-presigned",
+				AgentVersion: "test-version",
+			},
 			authenticate: setToken("success-token"),
 			requireFn: func(t *testing.T, err error) {
 				require.ErrorContains(t, err, "while retrieving snapshot upload URL: rejecting JSON response from server as it was too large or was truncated")
 			},
 		},
 		{
-			name:         "500 from server (RetrievePresignedUploadURL step)",
-			payload:      defaultPayload,
-			opts:         dataupload.Options{ClusterName: "invalid-response-post-data"},
+			name: "500 from server (RetrievePresignedUploadURL step)",
+			snapshot: dataupload.Snapshot{
+				ClusterID:    "invalid-response-post-data",
+				AgentVersion: "test-version",
+			},
 			authenticate: setToken("success-token"),
 			requireFn: func(t *testing.T, err error) {
 				require.ErrorContains(t, err, "while retrieving snapshot upload URL: received response with status code 500: mock error")
@@ -115,7 +90,7 @@ func TestCyberArkClient_PostDataReadingsWithOptions(t *testing.T) {
 
 			cyberArkClient := dataupload.New(httpClient, datauploadAPIBaseURL, tc.authenticate)
 
-			err := cyberArkClient.PostDataReadingsWithOptions(ctx, tc.payload, tc.opts)
+			err := cyberArkClient.PutSnapshot(ctx, tc.snapshot)
 			tc.requireFn(t, err)
 		})
 	}
@@ -159,8 +134,6 @@ func TestPostDataReadingsWithOptionsWithRealAPI(t *testing.T) {
 	require.NoError(t, err)
 
 	cyberArkClient := dataupload.New(httpClient, services.DiscoveryContext.API, identityClient.AuthenticateRequest)
-	err = cyberArkClient.PostDataReadingsWithOptions(ctx, api.DataReadingsPost{}, dataupload.Options{
-		ClusterName: "bb068932-c80d-460d-88df-34bc7f3f3297",
-	})
+	err = cyberArkClient.PutSnapshot(ctx, dataupload.Snapshot{})
 	require.NoError(t, err)
 }