Add replicaset resources by default

iblancasa · iblancasa · commit 0a04458a5d7e · 2024-04-09T11:23:30.000+02:00
Signed-off-by: Israel Blancas &lt;iblancasa@gmail.com&gt;
diff --git a/internal/manifests/collector/parser/processor/processor_k8sattributes.go b/internal/manifests/collector/parser/processor/processor_k8sattributes.go
@@ -50,15 +50,24 @@ func (o *K8sAttributesParser) ParserName() string {
 }
 
 func (o *K8sAttributesParser) GetRBACRules() []rbacv1.PolicyRule {
-	var prs []rbacv1.PolicyRule
-
-	// This one needs to be added always
-	policy := rbacv1.PolicyRule{
-		APIGroups: []string{""},
-		Resources: []string{"pods", "namespaces"},
-		Verbs:     []string{"get", "watch", "list"},
+	// These policies need to be added always
+	var prs []rbacv1.PolicyRule = []rbacv1.PolicyRule{
+		{
+			APIGroups: []string{""},
+			Resources: []string{"pods", "namespaces"},
+			Verbs:     []string{"get", "watch", "list"},
+		},
+		{
+			APIGroups: []string{"apps"},
+			Resources: []string{"replicasets"},
+			Verbs:     []string{"get", "watch", "list"},
+		},
+		{
+			APIGroups: []string{"extensions"},
+			Resources: []string{"replicasets"},
+			Verbs:     []string{"get", "watch", "list"},
+		},
 	}
-	prs = append(prs, policy)
 
 	extractCfg, ok := o.config["extract"]
 	if !ok {
@@ -77,20 +86,7 @@ func (o *K8sAttributesParser) GetRBACRules() []rbacv1.PolicyRule {
 
 	for _, m := range metadata {
 		metadataField := fmt.Sprint(m)
-		if metadataField == "k8s.deployment.uid" || metadataField == "k8s.deployment.name" {
-			prs = append(prs,
-				rbacv1.PolicyRule{
-					APIGroups: []string{"apps"},
-					Resources: []string{"replicasets"},
-					Verbs:     []string{"get", "watch", "list"},
-				},
-				rbacv1.PolicyRule{
-					APIGroups: []string{"extensions"},
-					Resources: []string{"replicasets"},
-					Verbs:     []string{"get", "watch", "list"},
-				},
-			)
-		} else if strings.Contains(metadataField, "k8s.node") {
+		if strings.Contains(metadataField, "k8s.node") {
 			prs = append(prs,
 				rbacv1.PolicyRule{
 					APIGroups: []string{""},
diff --git a/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go b/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go
@@ -34,23 +34,6 @@ func TestK8sAttributesRBAC(t *testing.T) {
 		{
 			name:   "no extra parameters",
 			config: nil,
-			expectedRules: []rbacv1.PolicyRule{
-				{
-					APIGroups: []string{""},
-					Resources: []string{"pods", "namespaces"},
-					Verbs:     []string{"get", "watch", "list"},
-				},
-			},
-		},
-		{
-			name: "extract k8s.deployment.uid",
-			config: map[interface{}]interface{}{
-				"extract": map[interface{}]interface{}{
-					"metadata": []interface{}{
-						"k8s.deployment.uid",
-					},
-				},
-			},
 			expectedRules: []rbacv1.PolicyRule{
 				{
 					APIGroups: []string{""},
@@ -70,11 +53,11 @@ func TestK8sAttributesRBAC(t *testing.T) {
 			},
 		},
 		{
-			name: "extract k8s.deployment.name",
+			name: "extract k8s.node",
 			config: map[interface{}]interface{}{
 				"extract": map[interface{}]interface{}{
 					"metadata": []interface{}{
-						"k8s.deployment.name",
+						"k8s.node",
 					},
 				},
 			},
@@ -94,6 +77,11 @@ func TestK8sAttributesRBAC(t *testing.T) {
 					Resources: []string{"replicasets"},
 					Verbs:     []string{"get", "watch", "list"},
 				},
+				{
+					APIGroups: []string{""},
+					Resources: []string{"nodes"},
+					Verbs:     []string{"get", "watch", "list"},
+				},
 			},
 		},
 	}
