Merge pull request #177 from tremes/CCXDEV-2392

Bug 1879068: Collect hostsubnet information

Author: openshift-merge-robot

pkg/controller/operator.go

@@ -17,6 +17,7 @@ import (
 	"k8s.io/client-go/rest"
 
 	configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
+	networkv1client "github.com/openshift/client-go/network/clientset/versioned/typed/network/v1"
 	"github.com/openshift/library-go/pkg/controller/controllercmd"
 
 	imageregistryv1client "github.com/openshift/client-go/imageregistry/clientset/versioned"
@@ -110,6 +111,11 @@ func (s *Support) Run(ctx context.Context, controller *controllercmd.ControllerC
 		return err
 	}
 
+	gatherNetworkClient, err := networkv1client.NewForConfig(gatherKubeConfig)
+	if err != nil {
+		return err
+	}
+
 	registryClient, err := imageregistryv1client.NewForConfig(gatherKubeConfig)
 	if err != nil {
 		return err
@@ -142,7 +148,7 @@ func (s *Support) Run(ctx context.Context, controller *controllercmd.ControllerC
 
 	// the gatherers periodically check the state of the cluster and report any
 	// config to the recorder
-	configPeriodic := clusterconfig.New(gatherConfigClient, gatherKubeClient.CoreV1(), gatherKubeClient.CertificatesV1beta1(), metricsClient, registryClient.ImageregistryV1(), crdClient)
+	configPeriodic := clusterconfig.New(gatherConfigClient, gatherKubeClient.CoreV1(), gatherKubeClient.CertificatesV1beta1(), metricsClient, registryClient.ImageregistryV1(), crdClient, gatherNetworkClient)
 	periodic := periodic.New(configObserver, recorder, map[string]gather.Interface{
 		"config": configPeriodic,
 	})

pkg/gather/clusterconfig/clusterconfig.go

@@ -32,9 +32,11 @@ import (
 
 	configv1 "github.com/openshift/api/config/v1"
 	registryv1 "github.com/openshift/api/imageregistry/v1"
+	networkv1 "github.com/openshift/api/network/v1"
 	openshiftscheme "github.com/openshift/client-go/config/clientset/versioned/scheme"
 	configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	imageregistryv1 "github.com/openshift/client-go/imageregistry/clientset/versioned/typed/imageregistry/v1"
+	networkv1client "github.com/openshift/client-go/network/clientset/versioned/typed/network/v1"
 
 	"github.com/openshift/insights-operator/pkg/record"
 	"github.com/openshift/insights-operator/pkg/record/diskrecorder"
@@ -66,7 +68,9 @@ var (
 	maxEventTimeInterval = 1 * time.Hour
 
 	registrySerializer serializer.CodecFactory
+	networkSerializer  serializer.CodecFactory
 	registryScheme     = runtime.NewScheme()
+	networkScheme      = runtime.NewScheme()
 
 	// logTailLines sets maximum number of lines to fetch from pod logs
 	logTailLines = int64(100)
@@ -79,13 +83,16 @@ var (
 
 func init() {
 	utilruntime.Must(registryv1.AddToScheme(registryScheme))
+	utilruntime.Must(networkv1.AddToScheme(networkScheme))
+	networkSerializer = serializer.NewCodecFactory(networkScheme)
 	registrySerializer = serializer.NewCodecFactory(registryScheme)
 }
 
 // Gatherer is a driving instance invoking collection of data
 type Gatherer struct {
 	client         configv1client.ConfigV1Interface
 	coreClient     corev1client.CoreV1Interface
+	networkClient  networkv1client.NetworkV1Interface
 	metricsClient  rest.Interface
 	certClient     certificatesv1beta1.CertificatesV1beta1Interface
 	registryClient imageregistryv1.ImageregistryV1Interface
@@ -96,14 +103,15 @@ type Gatherer struct {
 
 // New creates new Gatherer
 func New(client configv1client.ConfigV1Interface, coreClient corev1client.CoreV1Interface, certClient certificatesv1beta1.CertificatesV1beta1Interface, metricsClient rest.Interface,
-	registryClient imageregistryv1.ImageregistryV1Interface, crdClient apixv1beta1client.ApiextensionsV1beta1Interface) *Gatherer {
+	registryClient imageregistryv1.ImageregistryV1Interface, crdClient apixv1beta1client.ApiextensionsV1beta1Interface, networkClient networkv1client.NetworkV1Interface) *Gatherer {
 	return &Gatherer{
 		client:         client,
 		coreClient:     coreClient,
 		certClient:     certClient,
 		metricsClient:  metricsClient,
 		registryClient: registryClient,
 		crdClient:      crdClient,
+		networkClient:  networkClient,
 	}
 }
 
@@ -130,6 +138,7 @@ func (i *Gatherer) Gather(ctx context.Context, recorder record.Interface) error
 		GatherClusterProxy(i),
 		GatherCertificateSigningRequests(i),
 		GatherCRD(i),
+		GatherHostSubnet(i),
 	)
 }
 
@@ -509,6 +518,30 @@ func GatherClusterNetwork(i *Gatherer) func() ([]record.Record, []error) {
 	}
 }
 
+// GatherHostSubnet collects HostSubnet information
+//
+// The Kubernetes api https://github.com/openshift/client-go/blob/master/network/clientset/versioned/typed/network/v1/hostsubnet.go
+// Response see https://docs.openshift.com/container-platform/4.3/rest_api/index.html#hostsubnet-v1-network-openshift-io
+//
+// Location in archive: config/hostsubnet/
+func GatherHostSubnet(i *Gatherer) func() ([]record.Record, []error) {
+	return func() ([]record.Record, []error) {
+
+		hostSubnetList, err := i.networkClient.HostSubnets().List(metav1.ListOptions{})
+		if errors.IsNotFound(err) {
+			return nil, nil
+		}
+		if err != nil {
+			return nil, []error{err}
+		}
+		records := make([]record.Record, 0, len(hostSubnetList.Items))
+		for _, h := range hostSubnetList.Items {
+			records = append(records, record.Record{Name: fmt.Sprintf("config/hostsubnet/%s", h.Host), Item: HostSubnetAnonymizer{&h}})
+		}
+		return records, nil
+	}
+}
+
 // GatherClusterAuthentication fetches the cluster Authentication - the Authentication with name cluster.
 //
 // The Kubernetes api https://github.com/openshift/client-go/blob/master/config/clientset/versioned/typed/config/v1/authentication.go#L50
@@ -1027,6 +1060,14 @@ func anonymizeString(s string) string {
 	return strings.Repeat("x", len(s))
 }
 
+func anonymizeSliceOfStrings(slice []string) []string {
+	anonymizedSlice := make([]string, len(slice), len(slice))
+	for i, s := range slice {
+		anonymizedSlice[i] = anonymizeString(s)
+	}
+	return anonymizedSlice
+}
+
 func isProductNamespacedKey(key string) bool {
 	return strings.Contains(key, "openshift.io/") || strings.Contains(key, "k8s.io/") || strings.Contains(key, "kubernetes.io/")
 }
@@ -1123,6 +1164,23 @@ func (a ConfigMapAnonymizer) GetExtension() string {
 	return ""
 }
 
+// HostSubnetAnonymizer implements HostSubnet serialization wiht anonymization
+type HostSubnetAnonymizer struct{ *networkv1.HostSubnet }
+
+// Marshal implements HostSubnet serialization
+func (a HostSubnetAnonymizer) Marshal(_ context.Context) ([]byte, error) {
+	a.HostSubnet.HostIP = anonymizeString(a.HostSubnet.HostIP)
+	a.HostSubnet.Subnet = anonymizeString(a.HostSubnet.Subnet)
+	a.HostSubnet.EgressIPs = anonymizeSliceOfStrings(a.HostSubnet.EgressIPs)
+	a.HostSubnet.EgressCIDRs = anonymizeSliceOfStrings(a.HostSubnet.EgressCIDRs)
+	return runtime.Encode(networkSerializer.LegacyCodec(networkv1.SchemeGroupVersion), a.HostSubnet)
+}
+
+// GetExtension returns extension for HostSubnet object
+func (a HostSubnetAnonymizer) GetExtension() string {
+	return "json"
+}
+
 func anonymizeConfigMap(dv []byte) string {
 	anonymizedPemBlock := `-----BEGIN CERTIFICATE-----
 ANONYMIZED

pkg/gather/clusterconfig/clusterconfig_test.go

@@ -10,6 +10,7 @@ import (
 	"testing"
 
 	imageregistryv1 "github.com/openshift/api/imageregistry/v1"
+	networkv1 "github.com/openshift/api/network/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
 	apixv1beta1clientfake "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/fake"
@@ -19,6 +20,7 @@ import (
 	"k8s.io/klog"
 
 	imageregistryfake "github.com/openshift/client-go/imageregistry/clientset/versioned/fake"
+	networkfake "github.com/openshift/client-go/network/clientset/versioned/fake"
 	"github.com/openshift/insights-operator/pkg/record"
 	"github.com/openshift/insights-operator/pkg/utils"
 )
@@ -478,6 +480,63 @@ func TestCollectVolumeSnapshotCRD(t *testing.T) {
 	}
 }
 
+func TestGatherHostSubnet(t *testing.T) {
+	testHostSubnet := networkv1.HostSubnet{
+		Host:        "test.host",
+		HostIP:      "10.0.0.0",
+		Subnet:      "10.0.0.0/23",
+		EgressIPs:   []string{"10.0.0.0", "10.0.0.1"},
+		EgressCIDRs: []string{"10.0.0.0/24", "10.0.0.0/24"},
+	}
+	client := networkfake.NewSimpleClientset()
+	_, err := client.NetworkV1().HostSubnets().Create(&testHostSubnet)
+	if err != nil {
+		t.Fatal("unable to create fake hostsubnet")
+	}
+
+	gatherer := &Gatherer{networkClient: client.NetworkV1()}
+
+	records, errs := GatherHostSubnet(gatherer)()
+	if len(errs) > 0 {
+		t.Errorf("unexpected errors: %#v", errs)
+		return
+	}
+	if len(records) != 1 {
+		t.Fatalf("unexpected number or records %d", len(records))
+	}
+	item, err := records[0].Item.Marshal(context.TODO())
+	var gatheredHostSubnet networkv1.HostSubnet
+	_, _, err = networkSerializer.LegacyCodec(networkv1.SchemeGroupVersion).Decode(item, nil, &gatheredHostSubnet)
+	if err != nil {
+		t.Fatalf("failed to decode object: %v", err)
+	}
+	if gatheredHostSubnet.HostIP != "xxxxxxxx" {
+		t.Fatalf("Host IP is not anonymized %s", gatheredHostSubnet.HostIP)
+	}
+	if gatheredHostSubnet.Subnet != "xxxxxxxxxxx" {
+		t.Fatalf("Host Subnet is not anonymized %s", gatheredHostSubnet.Subnet)
+	}
+	if len(gatheredHostSubnet.EgressIPs) != len(testHostSubnet.EgressIPs) {
+		t.Fatalf("unexpected number of egress IPs gathered %s", gatheredHostSubnet.EgressIPs)
+	}
+
+	if len(gatheredHostSubnet.EgressCIDRs) != len(testHostSubnet.EgressCIDRs) {
+		t.Fatalf("unexpected number of egress CIDRs gathered %s", gatheredHostSubnet.EgressCIDRs)
+	}
+
+	for _, ip := range gatheredHostSubnet.EgressIPs {
+		if ip != "xxxxxxxx" {
+			t.Fatalf("Egress IP is not anonymized %s", ip)
+		}
+	}
+
+	for _, cidr := range gatheredHostSubnet.EgressCIDRs {
+		if cidr != "xxxxxxxxxxx" {
+			t.Fatalf("Egress CIDR is not anonymized %s", cidr)
+		}
+	}
+}
+
 func ExampleGatherMostRecentMetrics_Test() {
 	b, err := ExampleMostRecentMetrics()
 	if err != nil {