Merge pull request #1 from opengovern/feat-make-task

fix: use tasks service to run describer

Author: artaasadi

discovery/envs/envs.go

@@ -0,0 +1,24 @@
+package envs
+
+import (
+	"github.com/opengovern/opensecurity/services/tasks/worker/consts"
+	"os"
+)
+
+var (
+	NatsURL         = os.Getenv(consts.NatsURLEnv)
+	NatsConsumer    = os.Getenv(consts.NatsConsumerEnv)
+	StreamName      = os.Getenv(consts.NatsStreamNameEnv)
+	TopicName       = os.Getenv(consts.NatsTopicNameEnv)
+	ResultTopicName = os.Getenv(consts.NatsResultTopicNameEnv)
+
+	ESAddress       = os.Getenv(consts.ElasticSearchAddressEnv)
+	ESUsername      = os.Getenv(consts.ElasticSearchUsernameEnv)
+	ESPassword      = os.Getenv(consts.ElasticSearchPasswordEnv)
+	ESIsOnAks       = os.Getenv(consts.ElasticSearchIsOnAksNameEnv)
+	ESIsOpenSearch  = os.Getenv(consts.ElasticSearchIsOpenSearch)
+	ESAwsRegion     = os.Getenv(consts.ElasticSearchAwsRegionEnv)
+	ESAssumeRoleArn = os.Getenv(consts.ElasticSearchAssumeRoleArnEnv)
+
+	InventoryServiceEndpoint = os.Getenv(consts.InventoryBaseURL)
+)

discovery/main.go

@@ -3,9 +3,7 @@ package main
 import (
 	"context"
 	"fmt"
-	"github.com/opengovern/og-describer-kubernetes/discovery/pkg"
-	"github.com/spf13/cobra"
-	"go.uber.org/zap"
+	"github.com/opengovern/og-describer-kubernetes/discovery/worker"
 	"os"
 	"os/signal"
 	"syscall"
@@ -30,33 +28,8 @@ func main() {
 		}
 	}()
 
-	if err := WorkerCommand().ExecuteContext(ctx); err != nil {
+	if err := worker.WorkerCommand().ExecuteContext(ctx); err != nil {
 		fmt.Printf("Error: %v\n", err)
 		os.Exit(1)
 	}
 }
-
-func WorkerCommand() *cobra.Command {
-	cmd := &cobra.Command{
-		RunE: func(cmd *cobra.Command, args []string) error {
-			ctx := cmd.Context()
-			cmd.SilenceUsage = true
-			logger, err := zap.NewProduction()
-			if err != nil {
-				return err
-			}
-
-			w, err := pkg.NewWorker(
-				logger,
-				cmd.Context(),
-			)
-			if err != nil {
-				return err
-			}
-
-			return w.Run(ctx)
-		},
-	}
-
-	return cmd
-}

discovery/pkg/orchestrator/worker.go

@@ -72,10 +72,10 @@ func Do(ctx context.Context,
 	}
 	// logger.Info("decrypted config", zap.Any("config", config))
 
-	return doDescribe(ctx, logger, job, params, config, grpcEndpoint, ingestionPipelineEndpoint, describeDeliverToken, useOpenSearch)
+	return Describe(ctx, logger, job, params, config, grpcEndpoint, ingestionPipelineEndpoint, describeDeliverToken, useOpenSearch)
 }
 
-func doDescribe(
+func Describe(
 	ctx context.Context,
 	logger *zap.Logger,
 	job describe2.DescribeJob,

discovery/task/retry.go

@@ -0,0 +1,28 @@
+package task
+
+import (
+	"fmt"
+	"time"
+)
+
+const (
+	maxRetries        = 10
+	retryDelay        = 10 * time.Second
+	connectionRefused = "connect: connection refused"
+)
+
+func retryWithBackoff[T any](operationName string, fetchFunc func() ([]T, error)) ([]T, error) {
+	var result []T
+	var err error
+
+	for attempt := 1; attempt <= maxRetries; attempt++ {
+		result, err = fetchFunc()
+		if err == nil {
+			return result, nil
+		}
+
+		time.Sleep(retryDelay)
+	}
+
+	return nil, fmt.Errorf("failed to complete %s after %d attempts: %w", operationName, maxRetries, err)
+}

discovery/task/run-task.go

@@ -0,0 +1,245 @@
+package task
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"github.com/opengovern/og-describer-kubernetes/discovery/pkg/orchestrator"
+	authApi "github.com/opengovern/og-util/pkg/api"
+	"github.com/opengovern/og-util/pkg/describe"
+	"github.com/opengovern/og-util/pkg/httpclient"
+	"github.com/opengovern/og-util/pkg/integration"
+	"github.com/opengovern/og-util/pkg/jq"
+	"github.com/opengovern/og-util/pkg/opengovernance-es-sdk"
+	"github.com/opengovern/og-util/pkg/tasks"
+	"github.com/opengovern/og-util/pkg/vault"
+	coreApi "github.com/opengovern/opensecurity/services/core/api"
+	coreClient "github.com/opengovern/opensecurity/services/core/client"
+	"github.com/opengovern/opensecurity/services/tasks/scheduler"
+	"go.uber.org/zap"
+	"time"
+)
+
+type TaskRunner struct {
+	vaultSrc            vault.VaultSourceConfig
+	jq                  *jq.JobQueue
+	coreServiceEndpoint string
+	describeToken       string
+	esClient            opengovernance.Client
+	logger              *zap.Logger
+	request             tasks.TaskRequest
+	response            *scheduler.TaskResponse
+}
+
+func NewTaskRunner(ctx context.Context, jq *jq.JobQueue, coreServiceEndpoint string, describeToken string, esClient opengovernance.Client,
+	logger *zap.Logger, request tasks.TaskRequest, response *scheduler.TaskResponse) (*TaskRunner, error) {
+
+	vaultSc, err := vault.NewHashiCorpVaultClient(ctx, logger, request.VaultConfig.HashiCorp, request.VaultConfig.KeyId)
+	if err != nil {
+		return nil, fmt.Errorf("failed to initialize HashiCorp vault: %w", err)
+	}
+
+	logger.Info("Vault setup complete")
+
+	return &TaskRunner{
+		vaultSrc:            vaultSc,
+		jq:                  jq,
+		coreServiceEndpoint: coreServiceEndpoint,
+		describeToken:       describeToken,
+		esClient:            esClient,
+		logger:              logger,
+		request:             request,
+		response:            response,
+	}, nil
+}
+
+type TaskResult struct {
+}
+
+type ResourceType struct {
+	Name string
+}
+
+type Integration struct {
+	IntegrationID   string
+	ProviderID      string
+	IntegrationType string
+	Secret          string
+	Labels          map[string]string
+	Annotations     map[string]string
+}
+
+func (tr *TaskRunner) RunTask(ctx context.Context) error {
+
+	taskResult := &TaskResult{}
+	var err error
+	var integrations []Integration
+
+	inventoryClient := coreClient.NewCoreServiceClient(tr.coreServiceEndpoint)
+	if _, ok := tr.request.TaskDefinition.Params["integrations_query"]; ok {
+		integrations, err = retryWithBackoff("GetIntegrations", func() ([]Integration, error) {
+			return GetIntegrationsFromQuery(inventoryClient, tr.request.TaskDefinition.Params)
+		})
+		if err != nil {
+			tr.logger.Error("Error fetching integrations", zap.Error(err))
+			return err
+		}
+	}
+
+	for _, i := range integrations {
+		err = tr.describeIntegrationResourceTypes(ctx, i)
+		if err != nil {
+			tr.logger.Error("Error describing integrations", zap.Error(err))
+			return err
+		}
+	}
+
+	jsonBytes, err := json.Marshal(taskResult)
+	if err != nil {
+		err = fmt.Errorf("failed Marshaling task result: %s", err.Error())
+		return err
+	}
+	tr.response.Result = jsonBytes
+
+	return nil
+}
+
+func (tr *TaskRunner) describeIntegrationResourceTypes(ctx context.Context, i Integration) error {
+	var resourceTypes []ResourceType
+	var err error
+
+	config, err := tr.vaultSrc.Decrypt(ctx, i.Secret)
+	if err != nil {
+		return fmt.Errorf("decrypt error: %w", err)
+	}
+
+	inventoryClient := coreClient.NewCoreServiceClient(tr.coreServiceEndpoint)
+	if _, ok := tr.request.TaskDefinition.Params["resource_types_query"]; ok {
+		resourceTypes, err = retryWithBackoff("GetResourceTypes", func() ([]ResourceType, error) {
+			return GetResourceTypesFromQuery(inventoryClient, tr.request.TaskDefinition.Params)
+		})
+		if err != nil {
+			tr.logger.Error("Error fetching integrations", zap.Error(err))
+			return err
+		}
+	}
+
+	for _, rt := range resourceTypes {
+		params := make(map[string]string)
+		for key, value := range tr.request.TaskDefinition.Params {
+			params[key] = fmt.Sprintf("%v", value)
+		}
+		for k, v := range params {
+			ctx = context.WithValue(ctx, k, v)
+		}
+
+		job := describe.DescribeJob{
+			JobID:                  0,
+			ResourceType:           rt.Name,
+			IntegrationID:          i.IntegrationID,
+			ProviderID:             i.ProviderID,
+			DescribedAt:            time.Now().Unix(),
+			IntegrationType:        integration.Type(i.IntegrationType),
+			CipherText:             i.Secret,
+			IntegrationLabels:      i.Labels,
+			IntegrationAnnotations: i.Annotations,
+		}
+		_, err = orchestrator.Describe(ctx, tr.logger, job, params, config, tr.request.EsDeliverEndpoint,
+			tr.request.IngestionPipelineEndpoint, tr.describeToken, tr.request.UseOpenSearch)
+		if err != nil {
+			tr.logger.Error("Error describing job", zap.Error(err))
+			return err
+		}
+	}
+
+	return nil
+}
+
+func GetIntegrationsFromQuery(coreServiceClient coreClient.CoreServiceClient, params map[string]any) ([]Integration, error) {
+	if v, ok := params["integrations_query"]; ok {
+		if vv, ok := v.(string); !ok {
+			return nil, fmt.Errorf("query id should be a string")
+		} else {
+			queryResponse, err := coreServiceClient.RunQuery(&httpclient.Context{UserRole: authApi.AdminRole}, coreApi.RunQueryRequest{
+				Query: &vv,
+				Page: coreApi.Page{
+					No:   1,
+					Size: 1000,
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			var integrations []Integration
+			for _, r := range queryResponse.Result {
+				integ := Integration{}
+				for i, rc := range r {
+					switch queryResponse.Headers[i] {
+					case "integration_id":
+						integ.IntegrationID = rc.(string)
+					case "provider_id":
+						integ.ProviderID = rc.(string)
+					case "integration_type":
+						integ.IntegrationType = rc.(string)
+					case "secret":
+						integ.Secret = rc.(string)
+					case "annotations":
+						if rc != nil {
+							if jsonStr, ok := rc.(string); ok {
+								var ann map[string]string
+								if err := json.Unmarshal([]byte(jsonStr), &ann); err == nil {
+									integ.Annotations = ann
+								}
+							}
+						}
+					case "labels":
+						if rc != nil {
+							if jsonStr, ok := rc.(string); ok {
+								var lbl map[string]string
+								if err := json.Unmarshal([]byte(jsonStr), &lbl); err == nil {
+									integ.Labels = lbl
+								}
+							}
+						}
+					}
+				}
+				integrations = append(integrations, integ)
+			}
+			return integrations, nil
+		}
+	} else {
+		return nil, fmt.Errorf("query id should be a string")
+	}
+}
+
+func GetResourceTypesFromQuery(coreServiceClient coreClient.CoreServiceClient, params map[string]any) ([]ResourceType, error) {
+	if v, ok := params["integrations_query"]; ok {
+		if vv, ok := v.(string); !ok {
+			return nil, fmt.Errorf("query id should be a string")
+		} else {
+			queryResponse, err := coreServiceClient.RunQuery(&httpclient.Context{UserRole: authApi.AdminRole}, coreApi.RunQueryRequest{
+				Query: &vv,
+				Page: coreApi.Page{
+					No:   1,
+					Size: 1000,
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			var resourceTypes []ResourceType
+			for _, r := range queryResponse.Result {
+				resourceType := ResourceType{}
+				for i, rc := range r {
+					if queryResponse.Headers[i] == "resource_type" {
+						resourceType.Name = rc.(string)
+					}
+				}
+				resourceTypes = append(resourceTypes, resourceType)
+			}
+			return resourceTypes, nil
+		}
+	} else {
+		return nil, fmt.Errorf("query id should be a string")
+	}
+}

discovery/worker/service.go

@@ -0,0 +1,31 @@
+package worker
+
+import (
+	"github.com/spf13/cobra"
+	"go.uber.org/zap"
+)
+
+func WorkerCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		RunE: func(cmd *cobra.Command, args []string) error {
+			ctx := cmd.Context()
+			cmd.SilenceUsage = true
+			logger, err := zap.NewProduction()
+			if err != nil {
+				return err
+			}
+
+			w, err := NewWorker(
+				logger,
+				cmd.Context(),
+			)
+			if err != nil {
+				return err
+			}
+
+			return w.Run(ctx)
+		},
+	}
+
+	return cmd
+}