From 2ebf6271202724baacd10cb43e0dd40028c1e109 Mon Sep 17 00:00:00 2001
From: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
Date: Wed, 31 Jan 2024 14:13:19 +0530
Subject: [PATCH] fix(adapter): Add KSP for DNSManipulation

Signed-off-by: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
---
 go.sum                                          |  1 +
 .../nimbus-kubearmor/processor/kspbuilder.go    | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/go.sum b/go.sum
index b805827a..2bc9d759 100644
--- a/go.sum
+++ b/go.sum
@@ -13,6 +13,7 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU=
 github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
+github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
diff --git a/pkg/adapter/nimbus-kubearmor/processor/kspbuilder.go b/pkg/adapter/nimbus-kubearmor/processor/kspbuilder.go
index 6a905c2a..40338409 100644
--- a/pkg/adapter/nimbus-kubearmor/processor/kspbuilder.go
+++ b/pkg/adapter/nimbus-kubearmor/processor/kspbuilder.go
@@ -46,11 +46,28 @@ func buildKspFor(id string) kubearmorv1.KubeArmorPolicy {
 		return swDeploymentToolsKsp()
 	case idpool.UnAuthorizedSaTokenAccess:
 		return unAuthorizedSaTokenAccessKsp()
+	case idpool.DNSManipulation:
+		return dnsManipulationKsp()
 	default:
 		return kubearmorv1.KubeArmorPolicy{}
 	}
 }
 
+func dnsManipulationKsp() kubearmorv1.KubeArmorPolicy {
+	return kubearmorv1.KubeArmorPolicy{
+		Spec: kubearmorv1.KubeArmorPolicySpec{
+			File: kubearmorv1.FileType{
+				MatchPaths: []kubearmorv1.FilePathType{
+					{
+						Path:     "/etc/resolv.conf",
+						ReadOnly: true,
+					},
+				},
+			},
+		},
+	}
+}
+
 func unAuthorizedSaTokenAccessKsp() kubearmorv1.KubeArmorPolicy {
 	return kubearmorv1.KubeArmorPolicy{
 		Spec: kubearmorv1.KubeArmorPolicySpec{