Added Role, RoleBinding, ClusterRole, ClusterRoleBinding and ServiceA…

…ccount modules (#45) * ENG-947 & ENG-1241: Removed Persistent-Volume from transformObject flow * ENG-947: Added Persistent-Volume-Claim flow * ENG-1948, ENG-1949 & ENG-1955: Added Role, RoleBinding, ClusterRole, ClusterRoleBinding and ServiceAccount modules * ENG-1948, ENG-1949 & ENG-1955: Added Role, RoleBinding, ClusterRole, ClusterRoleBinding and ServiceAccount modules
middleware-labs · Feb 21, 2024 · 9d719b2 · 9d719b2
1 parent db49257
commit 9d719b2
Show file tree

Hide file tree

Showing 22 changed files with 2,888 additions and 381 deletions.
diff --git a/receiver/k8sclusterreceiver/documentation.md b/receiver/k8sclusterreceiver/documentation.md
@@ -12,6 +12,22 @@ metrics:
     enabled: false
 ```
 
+### k8s.clusterrole.rule_count
+
+The count of cluster roles.
+
+| Unit | Metric Type | Value Type |
+| ---- | ----------- | ---------- |
+| 1 | Gauge | Int |
+
+### k8s.clusterrolebinding.subject_count
+
+The subject count of cluster role bindings.
+
+| Unit | Metric Type | Value Type |
+| ---- | ----------- | ---------- |
+| 1 | Gauge | Int |
+
 ### k8s.container.cpu_limit
 
 Maximum resource limit set for the container. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#resourcerequirements-v1-core for details
@@ -320,6 +336,22 @@ The usage for a particular resource in a specific namespace. Will only be sent i
 | ---- | ----------- | ------ |
 | resource | the name of the resource on which the quota is applied | Any Str |
 
+### k8s.role.rule_count
+
+The count of roles.
+
+| Unit | Metric Type | Value Type |
+| ---- | ----------- | ---------- |
+| 1 | Gauge | Int |
+
+### k8s.rolebinding.subject_count
+
+The subject count of role bindings.
+
+| Unit | Metric Type | Value Type |
+| ---- | ----------- | ---------- |
+| 1 | Gauge | Int |
+
 ### k8s.service.port_count
 
 The number of ports in the service
@@ -328,6 +360,14 @@ The number of ports in the service
 | ---- | ----------- | ---------- |
 | 1 | Gauge | Int |
 
+### k8s.serviceaccount.secret_count
+
+The count of secrets in Service Account.
+
+| Unit | Metric Type | Value Type |
+| ---- | ----------- | ---------- |
+| 1 | Gauge | Int |
+
 ### k8s.statefulset.current_pods
 
 The number of pods created by the StatefulSet controller from the StatefulSet version
@@ -444,6 +484,21 @@ Current status reason of the pod (1 - Evicted, 2 - NodeAffinity, 3 - NodeLost, 4
 | container.image.name | The container image name | Any Str | true |
 | container.image.tag | The container image tag | Any Str | true |
 | k8s.cluster.name | The k8s cluster name. | Any Str | true |
+| k8s.clusterrole.annotations | Annotations of the Cluster Role. | Any Str | true |
+| k8s.clusterrole.labels | Labels of the Cluster Role. | Any Str | true |
+| k8s.clusterrole.name | The name of the Cluster Role. | Any Str | true |
+| k8s.clusterrole.rules | Rules of the Cluster Role. | Any Str | true |
+| k8s.clusterrole.start_time | The start time of the Cluster Role. | Any Str | true |
+| k8s.clusterrole.type | The type of the Cluster Role. | Any Str | true |
+| k8s.clusterrole.uid | The UID of the Role. | Any Str | true |
+| k8s.clusterrolebinding.annotations | Annotations of the Cluster Role Binding. | Any Str | true |
+| k8s.clusterrolebinding.labels | Labels of the Cluster Role Binding. | Any Str | true |
+| k8s.clusterrolebinding.name | The name of the Cluster Role Binding. | Any Str | true |
+| k8s.clusterrolebinding.role_ref | RoleRef can reference a Cluster Role. | Any Str | true |
+| k8s.clusterrolebinding.start_time | The start time of the Cluster Role Binding. | Any Str | true |
+| k8s.clusterrolebinding.subjects | Subjects holds references to the objects, the cluster role applies to. | Any Str | true |
+| k8s.clusterrolebinding.type | The type of the Cluster Role Binding. | Any Str | true |
+| k8s.clusterrolebinding.uid | The UID of the Cluster Role Binding. | Any Str | true |
 | k8s.container.name | The k8s container name | Any Str | true |
 | k8s.cronjob.name | The k8s CronJob name | Any Str | true |
 | k8s.cronjob.start_time | The start time of the Cronjob. | Any Str | true |
@@ -502,12 +557,39 @@ Current status reason of the pod (1 - Evicted, 2 - NodeAffinity, 3 - NodeLost, 4
 | k8s.replicationcontroller.uid | The k8s replicationcontroller uid. | Any Str | true |
 | k8s.resourcequota.name | The k8s resourcequota name. | Any Str | true |
 | k8s.resourcequota.uid | The k8s resourcequota uid. | Any Str | true |
+| k8s.role.annotations | Annotations of the Role. | Any Str | true |
+| k8s.role.labels | Labels of the Role. | Any Str | true |
+| k8s.role.name | The name of the Role. | Any Str | true |
+| k8s.role.namespace | The namespace of the Role. | Any Str | true |
+| k8s.role.rules | Rules of the Role. | Any Str | true |
+| k8s.role.start_time | The start time of the Role. | Any Str | true |
+| k8s.role.type | The type of the Role. | Any Str | true |
+| k8s.role.uid | The UID of the Role. | Any Str | true |
+| k8s.rolebinding.annotations | Annotations of the Role Binding. | Any Str | true |
+| k8s.rolebinding.labels | Labels of the Role Binding. | Any Str | true |
+| k8s.rolebinding.name | The name of the Role Binding. | Any Str | true |
+| k8s.rolebinding.namespace | The namespace of the Role Binding. | Any Str | true |
+| k8s.rolebinding.role_ref | RoleRef can reference a Role in the current namespace. | Any Str | true |
+| k8s.rolebinding.start_time | The start time of the Role Binding. | Any Str | true |
+| k8s.rolebinding.subjects | Subjects holds references to the objects, the role applies to. | Any Str | true |
+| k8s.rolebinding.type | The type of the Role Binding. | Any Str | true |
+| k8s.rolebinding.uid | The UID of the Role Binding. | Any Str | true |
 | k8s.service.cluster_ip | The cluster IP of the service | Any Str | true |
 | k8s.service.name | The name of the service | Any Str | true |
 | k8s.service.namespace | The namespace of the service | Any Str | true |
 | k8s.service.type | The type of the service | Any Str | true |
 | k8s.service.uid | The UID of the service | Any Str | true |
 | k8s.service_account.name | The name of the Service-account | Any Str | true |
+| k8s.serviceaccount.annotations | Annotations of the Service Account. | Any Str | true |
+| k8s.serviceaccount.automount_serviceaccount_token | Automount service account token of the Service Account. | Any Str | true |
+| k8s.serviceaccount.image_pull_secrets | Image pull secrets of the Service Account. | Any Str | true |
+| k8s.serviceaccount.labels | Labels of the Service Account. | Any Str | true |
+| k8s.serviceaccount.name | The name of the Service Account. | Any Str | true |
+| k8s.serviceaccount.namespace | The namespace of the Service Account. | Any Str | true |
+| k8s.serviceaccount.secrets | Secrets of the Service Account. | Any Str | true |
+| k8s.serviceaccount.start_time | The start time of the Service Account. | Any Str | true |
+| k8s.serviceaccount.type | The type of the Service Account. | Any Str | true |
+| k8s.serviceaccount.uid | The UID of the Service Account. | Any Str | true |
 | k8s.statefulset.name | The k8s statefulset name. | Any Str | true |
 | k8s.statefulset.start_time | The start time of the Statefulset. | Any Str | true |
 | k8s.statefulset.uid | The k8s statefulset uid. | Any Str | true |

diff --git a/receiver/k8sclusterreceiver/internal/clusterrole/clusterrole.go b/receiver/k8sclusterreceiver/internal/clusterrole/clusterrole.go
@@ -0,0 +1,98 @@
+package clusterrole
+
+import (
+	"fmt"
+	"github.com/open-telemetry/opentelemetry-collector-contrib/internal/common/maps"
+	"github.com/open-telemetry/opentelemetry-collector-contrib/pkg/experimentalmetricmetadata"
+	"go.opentelemetry.io/collector/pdata/pcommon"
+	rbacv1 "k8s.io/api/rbac/v1"
+	"strings"
+	"time"
+
+	"github.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8sclusterreceiver/internal/metadata"
+	imetadata "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8sclusterreceiver/internal/metadata"
+)
+
+const (
+	// Keys for clusterrole metadata.
+	AttributeK8SClusterRoleUID  = "k8s.clusterrole.uid"
+	AttributeK8SClusterRoleName = "k8s.clusterrole.name"
+	ClusterRoleCreationTime     = "clusterrole.creation_timestamp"
+)
+
+// Transform transforms the clusterrole to remove the fields.
+// IMPORTANT: Make sure to update this function before using new clusterrole fields.
+func Transform(r *rbacv1.ClusterRole) *rbacv1.ClusterRole {
+	newCR := &rbacv1.ClusterRole{
+		ObjectMeta: metadata.TransformObjectMeta(r.ObjectMeta),
+	}
+	return newCR
+}
+
+func RecordMetrics(mb *imetadata.MetricsBuilder, cr *rbacv1.ClusterRole, ts pcommon.Timestamp) {
+	mb.RecordK8sClusterroleRuleCountDataPoint(ts, int64(len(cr.Rules)))
+
+	rb := mb.NewResourceBuilder()
+	rb.SetK8sClusterroleUID(string(cr.GetUID()))
+	rb.SetK8sClusterroleName(cr.GetName())
+	rb.SetK8sClusterName("unknown")
+	rb.SetK8sClusterroleType("ClusterRole")
+	rb.SetK8sClusterroleStartTime(cr.GetCreationTimestamp().String())
+	rb.SetK8sClusterroleLabels(mapToString(cr.GetLabels(), "&"))
+	rb.SetK8sClusterroleAnnotations(mapToString(cr.GetAnnotations(), "&"))
+	rb.SetK8sClusterroleRules(convertRulesToString(cr.Rules))
+	mb.EmitForResource(metadata.WithResource(rb.Emit()))
+}
+
+func mapToString(m map[string]string, seperator string) string {
+	var res []string
+	for k, v := range m {
+		res = append(res, fmt.Sprintf("%s=%s", k, v))
+	}
+	return strings.Join(res, seperator)
+}
+
+func convertRulesToString(rules []rbacv1.PolicyRule) string {
+	var result strings.Builder
+
+	for i, rule := range rules {
+		if i > 0 {
+			result.WriteString(";")
+		}
+
+		result.WriteString("verbs=")
+		result.WriteString(strings.Join(rule.Verbs, ","))
+
+		result.WriteString("&apiGroups=")
+		result.WriteString(strings.Join(rule.APIGroups, ","))
+
+		result.WriteString("&resources=")
+		result.WriteString(strings.Join(rule.Resources, ","))
+
+		result.WriteString("&resourceNames=")
+		result.WriteString(strings.Join(rule.ResourceNames, ","))
+
+		result.WriteString("&nonResourceURLs=")
+		result.WriteString(strings.Join(rule.NonResourceURLs, ","))
+
+	}
+
+	return result.String()
+}
+
+func GetMetadata(r *rbacv1.ClusterRole) map[experimentalmetricmetadata.ResourceID]*metadata.KubernetesMetadata {
+	meta := maps.MergeStringMaps(map[string]string{}, r.Labels)
+
+	meta[AttributeK8SClusterRoleName] = r.Name
+	meta[ClusterRoleCreationTime] = r.GetCreationTimestamp().Format(time.RFC3339)
+
+	rID := experimentalmetricmetadata.ResourceID(r.UID)
+	return map[experimentalmetricmetadata.ResourceID]*metadata.KubernetesMetadata{
+		rID: {
+			EntityType:    "k8s.clusterrole",
+			ResourceIDKey: AttributeK8SClusterRoleUID,
+			ResourceID:    rID,
+			Metadata:      meta,
+		},
+	}
+}
diff --git a/receiver/k8sclusterreceiver/internal/clusterrole/clusterrole_test.go b/receiver/k8sclusterreceiver/internal/clusterrole/clusterrole_test.go
@@ -0,0 +1,24 @@
+package clusterrole
+
+import (
+	"github.com/stretchr/testify/assert"
+	rbacv1 "k8s.io/api/rbac/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"testing"
+)
+
+func TestTransform(t *testing.T) {
+	originalCR := &rbacv1.ClusterRole{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "my-cr",
+			UID:  "my-cr-uid",
+		},
+	}
+	wantCR := &rbacv1.ClusterRole{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "my-cr",
+			UID:  "my-cr-uid",
+		},
+	}
+	assert.Equal(t, wantCR, Transform(originalCR))
+}
diff --git a/receiver/k8sclusterreceiver/internal/clusterrolebinding/clusterrolebinding.go b/receiver/k8sclusterreceiver/internal/clusterrolebinding/clusterrolebinding.go
@@ -0,0 +1,95 @@
+package clusterrolebinding
+
+import (
+	"fmt"
+	"github.com/open-telemetry/opentelemetry-collector-contrib/internal/common/maps"
+	"github.com/open-telemetry/opentelemetry-collector-contrib/pkg/experimentalmetricmetadata"
+	"go.opentelemetry.io/collector/pdata/pcommon"
+	rbacv1 "k8s.io/api/rbac/v1"
+	"strings"
+	"time"
+
+	"github.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8sclusterreceiver/internal/metadata"
+	imetadata "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8sclusterreceiver/internal/metadata"
+)
+
+const (
+	// Keys for clusterrolebinding metadata.
+	AttributeK8SClusterRoleBindingUID  = "k8s.clusterrolebinding.uid"
+	AttributeK8SClusterRoleBindingName = "k8s.clusterrolebinding.name"
+	ClusterRoleBindingCreationTime     = "clusterrolebinding.creation_timestamp"
+)
+
+// Transform transforms the clusterrolebinding to remove the fields.
+// IMPORTANT: Make sure to update this function before using new clusterrolebinding fields.
+func Transform(rb *rbacv1.ClusterRoleBinding) *rbacv1.ClusterRoleBinding {
+	newCRB := &rbacv1.ClusterRoleBinding{
+		ObjectMeta: metadata.TransformObjectMeta(rb.ObjectMeta),
+	}
+	return newCRB
+}
+
+func RecordMetrics(mb *imetadata.MetricsBuilder, crbind *rbacv1.ClusterRoleBinding, ts pcommon.Timestamp) {
+	mb.RecordK8sClusterrolebindingSubjectCountDataPoint(ts, int64(len(crbind.Subjects)))
+
+	rb := mb.NewResourceBuilder()
+	rb.SetK8sClusterrolebindingUID(string(crbind.GetUID()))
+	rb.SetK8sClusterrolebindingName(crbind.GetName())
+	rb.SetK8sClusterName("unknown")
+	rb.SetK8sClusterrolebindingLabels(mapToString(crbind.GetLabels(), "&"))
+	rb.SetK8sClusterrolebindingAnnotations(mapToString(crbind.GetAnnotations(), "&"))
+	rb.SetK8sClusterrolebindingStartTime(crbind.GetCreationTimestamp().String())
+	rb.SetK8sClusterrolebindingType("ClusterRoleBinding")
+	rb.SetK8sClusterrolebindingSubjects(convertSubjectsToString(crbind.Subjects))
+	rb.SetK8sClusterrolebindingRoleRef(fmt.Sprintf("apiGroup=%s&kind=%s&name=%s",
+		crbind.RoleRef.APIGroup,
+		crbind.RoleRef.Kind,
+		crbind.RoleRef.Name))
+	mb.EmitForResource(metadata.WithResource(rb.Emit()))
+}
+
+func mapToString(m map[string]string, seperator string) string {
+	var res []string
+	for k, v := range m {
+		res = append(res, fmt.Sprintf("%s=%s", k, v))
+	}
+	return strings.Join(res, seperator)
+}
+
+func convertSubjectsToString(subjects []rbacv1.Subject) string {
+	var result strings.Builder
+
+	for i, subject := range subjects {
+		if i > 0 {
+			result.WriteString(";")
+		}
+
+		result.WriteString("kind=")
+		result.WriteString(subject.Kind)
+
+		result.WriteString("&name=")
+		result.WriteString(subject.Name)
+
+		result.WriteString("&namespace=")
+		result.WriteString(subject.Namespace)
+	}
+
+	return result.String()
+}
+
+func GetMetadata(crb *rbacv1.ClusterRoleBinding) map[experimentalmetricmetadata.ResourceID]*metadata.KubernetesMetadata {
+	meta := maps.MergeStringMaps(map[string]string{}, crb.Labels)
+
+	meta[AttributeK8SClusterRoleBindingName] = crb.Name
+	meta[ClusterRoleBindingCreationTime] = crb.GetCreationTimestamp().Format(time.RFC3339)
+
+	crbID := experimentalmetricmetadata.ResourceID(crb.UID)
+	return map[experimentalmetricmetadata.ResourceID]*metadata.KubernetesMetadata{
+		crbID: {
+			EntityType:    "k8s.clusterrolebinding",
+			ResourceIDKey: AttributeK8SClusterRoleBindingUID,
+			ResourceID:    crbID,
+			Metadata:      meta,
+		},
+	}
+}
diff --git a/receiver/k8sclusterreceiver/internal/clusterrolebinding/clusterrolebinding_test.go b/receiver/k8sclusterreceiver/internal/clusterrolebinding/clusterrolebinding_test.go
@@ -0,0 +1,24 @@
+package clusterrolebinding
+
+import (
+	"github.com/stretchr/testify/assert"
+	rbacv1 "k8s.io/api/rbac/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"testing"
+)
+
+func TestTransform(t *testing.T) {
+	originalCRB := &rbacv1.ClusterRoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "my-crb",
+			UID:  "my-crb-uid",
+		},
+	}
+	wantCRB := &rbacv1.ClusterRoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "my-crb",
+			UID:  "my-crb-uid",
+		},
+	}
+	assert.Equal(t, wantCRB, Transform(originalCRB))
+}