propagating context

DataDog · Oct 15, 2024 · cefb308 · cefb308
1 parent 3086566
commit cefb308
Show file tree

Hide file tree

Showing 71 changed files with 162 additions and 169 deletions.
diff --git a/cmd/kubehound/dumper.go b/cmd/kubehound/dumper.go
@@ -63,7 +63,7 @@ var (
 			}
 			// Running the ingestion on KHaaS
 			if cobraCmd.Flags().Lookup("khaas-server").Value.String() != "" {
-				return core.CoreClientGRPCIngest(khCfg.Ingestor, khCfg.Dynamic.ClusterName, khCfg.Dynamic.RunID.String())
+				return core.CoreClientGRPCIngest(cobraCmd.Context(), khCfg.Ingestor, khCfg.Dynamic.ClusterName, khCfg.Dynamic.RunID.String())
 			}
 
 			return err

diff --git a/cmd/kubehound/ingest.go b/cmd/kubehound/ingest.go
@@ -66,10 +66,10 @@ var (
 			}
 
 			if isIngestRemoteDefault() {
-				return core.CoreClientGRPCRehydrateLatest(khCfg.Ingestor)
+				return core.CoreClientGRPCRehydrateLatest(cobraCmd.Context(), khCfg.Ingestor)
 			}
 
-			return core.CoreClientGRPCIngest(khCfg.Ingestor, khCfg.Dynamic.ClusterName, runID)
+			return core.CoreClientGRPCIngest(cobraCmd.Context(), khCfg.Ingestor, khCfg.Dynamic.ClusterName, runID)
 		},
 	}
 )

diff --git a/cmd/kubehound/root.go b/cmd/kubehound/root.go
@@ -71,7 +71,7 @@ var (
 			return nil
 		},
 		PersistentPostRunE: func(cobraCmd *cobra.Command, args []string) error {
-			return cmd.CloseKubehoundConfig()
+			return cmd.CloseKubehoundConfig(cobraCmd.Context())
 		},
 		SilenceUsage:  true,
 		SilenceErrors: true,

diff --git a/cmd/kubehound/server.go b/cmd/kubehound/server.go
@@ -27,7 +27,7 @@ var (
 			return core.CoreGrpcApi(cobraCmd.Context(), khCfg)
 		},
 		PersistentPostRunE: func(cobraCmd *cobra.Command, args []string) error {
-			return cmd.CloseKubehoundConfig()
+			return cmd.CloseKubehoundConfig(cobraCmd.Context())
 		},
 	}
 )

diff --git a/deployments/kubehound/binary/Dockerfile_debug b/deployments/kubehound/binary/Dockerfile_debug
@@ -11,15 +11,13 @@ COPY deployments ./deployments
 
 RUN GOOS=linux GOARCH=amd64 go build -o "./bin/build/kubehound" ./cmd/kubehound/
 
-FROM gcr.io/distroless/base-debian12 AS build-release-stage
+FROM ubuntu:24.04 AS build-release-stage
 
 WORKDIR /
 
 COPY --from=build-stage /go/bin/build/kubehound /kubehound
 
 EXPOSE 9000
 
-USER nonroot:nonroot
-
 ENTRYPOINT ["/kubehound"]
 CMD  ["serve"]
diff --git a/pkg/cmd/config.go b/pkg/cmd/config.go
@@ -31,7 +31,7 @@ func InitializeKubehoundConfig(ctx context.Context, configPath string, generateR
 		viper.Set(config.DynamicRunID, config.NewRunID())
 	}
 
-	khCfg := config.NewKubehoundConfig(configPath, inline)
+	khCfg := config.NewKubehoundConfig(ctx, configPath, inline)
 	// Activate debug mode if needed
 	if khCfg.Debug {
 		l.Info("Debug mode activated")
@@ -49,7 +49,7 @@ func InitTelemetry(khCfg *config.KubehoundConfig) {
 	ctx := context.Background()
 	l := log.Logger(ctx)
 	l.Info("Initializing application telemetry")
-	err := telemetry.Initialize(khCfg)
+	err := telemetry.Initialize(ctx, khCfg)
 	if err != nil {
 		l.Warn("failed telemetry initialization", log.ErrorField(err))
 	}
@@ -76,13 +76,13 @@ func InitTags(ctx context.Context, khCfg *config.KubehoundConfig) {
 	// log.AddGlobalTags(khCfg.Telemetry.Tags)
 }
 
-func CloseKubehoundConfig() error {
+func CloseKubehoundConfig(ctx context.Context) error {
 	khCfg, err := GetConfig()
 	if err != nil {
 		return err
 	}
 
-	telemetry.Shutdown(khCfg.Telemetry.Enabled)
+	telemetry.Shutdown(ctx, khCfg.Telemetry.Enabled)
 
 	return nil
 }
diff --git a/pkg/cmd/dump.go b/pkg/cmd/dump.go
@@ -38,10 +38,10 @@ func InitLocalDumpCmd(cmd *cobra.Command) {
 
 func InitRemoteDumpCmd(cmd *cobra.Command) {
 	cmd.Flags().String("bucket-url", "", "Bucket to use to push k8s resources (e.g.: s3://<your_bucket>)")
-	viper.BindPFlag(config.CollectorFileBlobBucket, cmd.Flags().Lookup("bucket-url")) //nolint: errcheck
+	viper.BindPFlag(config.IngestorBlobBucketURL, cmd.Flags().Lookup("bucket-url")) //nolint: errcheck
 
 	cmd.Flags().String("region", "", "Region to retrieve the configuration (only for s3) (e.g.: us-east-1)")
-	viper.BindPFlag(config.CollectorFileBlobRegion, cmd.Flags().Lookup("region")) //nolint: errcheck
+	viper.BindPFlag(config.IngestorBlobBucketURL, cmd.Flags().Lookup("region")) //nolint: errcheck
 }
 
 func InitLocalIngestCmd(cmd *cobra.Command) {

diff --git a/pkg/collector/file.go b/pkg/collector/file.go
@@ -54,13 +54,14 @@ const (
 // FileCollector implements a collector based on local K8s API json files generated outside the KubeHound application via e.g kubectl.
 type FileCollector struct {
 	cfg         *config.FileCollectorConfig
-	log         *log.KubehoundLogger
 	tags        collectorTags
 	clusterName string
 }
 
 // NewFileCollector creates a new instance of the file collector from the provided application config.
 func NewFileCollector(ctx context.Context, cfg *config.KubehoundConfig) (CollectorClient, error) {
+	ctx = context.WithValue(ctx, log.ContextFieldComponent, FileCollectorName)
+	l := log.Trace(ctx)
 	if cfg.Collector.Type != config.CollectorTypeFile {
 		return nil, fmt.Errorf("invalid collector type in config: %s", cfg.Collector.Type)
 	}
@@ -69,12 +70,10 @@ func NewFileCollector(ctx context.Context, cfg *config.KubehoundConfig) (Collect
 		return nil, errors.New("file collector config not provided")
 	}
 
-	l := log.Trace(ctx)
-	l.Info("Creating file collector from directory", log.String("path", cfg.Collector.File.Directory))
+	l.Info("Creating file collector from directory", log.String(log.FieldPathKey, cfg.Collector.File.Directory))
 
 	return &FileCollector{
-		cfg: cfg.Collector.File,
-		// log:         l,
+		cfg:         cfg.Collector.File,
 		tags:        newCollectorTags(),
 		clusterName: cfg.Dynamic.ClusterName,
 	}, nil
@@ -139,6 +138,7 @@ func (c *FileCollector) streamPodsNamespace(ctx context.Context, fp string, inge
 func (c *FileCollector) StreamPods(ctx context.Context, ingestor PodIngestor) error {
 	span, ctx := tracer.StartSpanFromContext(ctx, span.CollectorStream, tracer.Measured())
 	span.SetTag(tag.EntityTag, tag.EntityPods)
+	l := log.Trace(ctx)
 	var err error
 	defer func() { span.Finish(tracer.WithError(err)) }()
 
@@ -156,7 +156,7 @@ func (c *FileCollector) StreamPods(ctx context.Context, ingestor PodIngestor) er
 			return nil
 		}
 
-		c.log.Debugf("Streaming pods from file %s", fp)
+		l.Debug("Streaming pods from file", log.String(log.FieldPathKey, fp), log.String(log.FieldEntityKey, tag.EntityPods))
 
 		return c.streamPodsNamespace(ctx, fp, ingestor)
 	})
@@ -190,6 +190,7 @@ func (c *FileCollector) streamRolesNamespace(ctx context.Context, fp string, ing
 func (c *FileCollector) StreamRoles(ctx context.Context, ingestor RoleIngestor) error {
 	span, ctx := tracer.StartSpanFromContext(ctx, span.CollectorStream, tracer.Measured())
 	span.SetTag(tag.EntityTag, tag.EntityRoles)
+	l := log.Trace(ctx)
 	var err error
 	defer func() { span.Finish(tracer.WithError(err)) }()
 
@@ -199,17 +200,17 @@ func (c *FileCollector) StreamRoles(ctx context.Context, ingestor RoleIngestor)
 			return nil
 		}
 
-		f := filepath.Join(path, RolesPath)
+		fp := filepath.Join(path, RolesPath)
 
 		// Check if the file exists
-		if _, err := os.Stat(f); os.IsNotExist(err) {
+		if _, err := os.Stat(fp); os.IsNotExist(err) {
 			// Skipping streaming as file does not exist (k8s type not necessary required in a namespace, for instance, an namespace can have no roles)
 			return nil
 		}
 
-		c.log.Debugf("Streaming roles from file %s", f)
+		l.Debug("Streaming roles from file", log.String(log.FieldPathKey, fp), log.String(log.FieldEntityKey, tag.EntityRoles))
 
-		return c.streamRolesNamespace(ctx, f, ingestor)
+		return c.streamRolesNamespace(ctx, fp, ingestor)
 	})
 
 	if err != nil {
@@ -241,6 +242,7 @@ func (c *FileCollector) streamRoleBindingsNamespace(ctx context.Context, fp stri
 func (c *FileCollector) StreamRoleBindings(ctx context.Context, ingestor RoleBindingIngestor) error {
 	span, ctx := tracer.StartSpanFromContext(ctx, span.CollectorStream, tracer.Measured())
 	span.SetTag(tag.EntityTag, tag.EntityRolebindings)
+	l := log.Trace(ctx)
 	var err error
 	defer func() { span.Finish(tracer.WithError(err)) }()
 
@@ -258,7 +260,7 @@ func (c *FileCollector) StreamRoleBindings(ctx context.Context, ingestor RoleBin
 			return nil
 		}
 
-		c.log.Debugf("Streaming role bindings from file %s", fp)
+		l.Debug("Streaming role bindings from file", log.String(log.FieldPathKey, fp), log.String(log.FieldEntityKey, tag.EntityRolebindings))
 
 		return c.streamRoleBindingsNamespace(ctx, fp, ingestor)
 	})
@@ -292,6 +294,7 @@ func (c *FileCollector) streamEndpointsNamespace(ctx context.Context, fp string,
 func (c *FileCollector) StreamEndpoints(ctx context.Context, ingestor EndpointIngestor) error {
 	span, ctx := tracer.StartSpanFromContext(ctx, span.CollectorStream, tracer.Measured())
 	span.SetTag(tag.EntityTag, tag.EntityEndpoints)
+	l := log.Trace(ctx)
 	var err error
 	defer func() { span.Finish(tracer.WithError(err)) }()
 
@@ -308,8 +311,7 @@ func (c *FileCollector) StreamEndpoints(ctx context.Context, ingestor EndpointIn
 			// Skipping streaming as file does not exist (k8s type not necessary required in a namespace, for instance, an namespace can have no endpoints)
 			return nil
 		}
-
-		c.log.Debugf("Streaming endpoint slices from file %s", fp)
+		l.Debug("Streaming endpoints slices from file", log.String(log.FieldPathKey, fp), log.String(log.FieldEntityKey, tag.EntityEndpoints))
 
 		return c.streamEndpointsNamespace(ctx, fp, ingestor)
 	})
@@ -324,11 +326,12 @@ func (c *FileCollector) StreamEndpoints(ctx context.Context, ingestor EndpointIn
 func (c *FileCollector) StreamNodes(ctx context.Context, ingestor NodeIngestor) error {
 	span, ctx := tracer.StartSpanFromContext(ctx, span.CollectorStream, tracer.Measured())
 	span.SetTag(tag.EntityTag, tag.EntityNodes)
+	l := log.Trace(ctx)
 	var err error
 	defer func() { span.Finish(tracer.WithError(err)) }()
 
 	fp := filepath.Join(c.cfg.Directory, NodePath)
-	c.log.Debugf("Streaming nodes from file %s", fp)
+	l.Debug("Streaming nodes from file", log.String(log.FieldPathKey, fp), log.String(log.FieldEntityKey, tag.EntityNodes))
 
 	list, err := readList[corev1.NodeList](ctx, fp)
 	if err != nil {
@@ -350,11 +353,12 @@ func (c *FileCollector) StreamNodes(ctx context.Context, ingestor NodeIngestor)
 func (c *FileCollector) StreamClusterRoles(ctx context.Context, ingestor ClusterRoleIngestor) error {
 	span, ctx := tracer.StartSpanFromContext(ctx, span.CollectorStream, tracer.Measured())
 	span.SetTag(tag.EntityTag, tag.EntityClusterRoles)
+	l := log.Trace(ctx)
 	var err error
 	defer func() { span.Finish(tracer.WithError(err)) }()
 
 	fp := filepath.Join(c.cfg.Directory, ClusterRolesPath)
-	c.log.Debugf("Streaming cluster roles from file %s", fp)
+	l.Debug("Streaming cluster role from file", log.String(log.FieldPathKey, fp), log.String(log.FieldEntityKey, tag.EntityClusterRoles))
 
 	list, err := readList[rbacv1.ClusterRoleList](ctx, fp)
 	if err != nil {
@@ -376,11 +380,12 @@ func (c *FileCollector) StreamClusterRoles(ctx context.Context, ingestor Cluster
 func (c *FileCollector) StreamClusterRoleBindings(ctx context.Context, ingestor ClusterRoleBindingIngestor) error {
 	span, ctx := tracer.StartSpanFromContext(ctx, span.CollectorStream, tracer.Measured())
 	span.SetTag(tag.EntityTag, tag.EntityClusterRolebindings)
+	l := log.Trace(ctx)
 	var err error
 	defer func() { span.Finish(tracer.WithError(err)) }()
 
 	fp := filepath.Join(c.cfg.Directory, ClusterRoleBindingsPath)
-	c.log.Debugf("Streaming cluster role bindings from file %s", fp)
+	l.Debug("Streaming cluster role bindings from file", log.String(log.FieldPathKey, fp), log.String(log.FieldEntityKey, tag.EntityClusterRolebindings))
 
 	list, err := readList[rbacv1.ClusterRoleBindingList](ctx, fp)
 	if err != nil {

diff --git a/pkg/collector/file_test.go b/pkg/collector/file_test.go
@@ -16,7 +16,7 @@ func TestFileCollector_Constructor(t *testing.T) {
 	t.Parallel()
 
 	v := viper.New()
-	cfg, err := config.NewConfig(v, "testdata/kubehound-test.yaml")
+	cfg, err := config.NewConfig(context.TODO(), v, "testdata/kubehound-test.yaml")
 	assert.NoError(t, err)
 
 	c, err := NewFileCollector(context.Background(), cfg)
@@ -64,7 +64,7 @@ func NewTestFileCollector(t *testing.T) *FileCollector {
 	t.Helper()
 
 	v := viper.New()
-	cfg, err := config.NewConfig(v, "testdata/kubehound-test.yaml")
+	cfg, err := config.NewConfig(context.TODO(), v, "testdata/kubehound-test.yaml")
 	assert.NoError(t, err)
 
 	c, err := NewFileCollector(context.Background(), cfg)

diff --git a/pkg/collector/k8s_api.go b/pkg/collector/k8s_api.go
@@ -89,7 +89,8 @@ func NewK8sAPICollector(ctx context.Context, cfg *config.KubehoundConfig) (Colle
 			return nil, errors.New("user did not confirm")
 		}
 	} else {
-		l.Warnf("Non-interactive mode enabled, proceeding with k8s cluster dump: %s", clusterName)
+		msg := fmt.Sprintf("Non-interactive mode enabled, proceeding with k8s cluster dump: %s", clusterName)
+		l.Warn(msg)
 	}
 
 	err = checkK8sAPICollectorConfig(cfg.Collector.Type)

diff --git a/pkg/collector/k8s_api_test.go b/pkg/collector/k8s_api_test.go
@@ -82,7 +82,7 @@ func TestNewK8sAPICollectorConfig(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			v := viper.New()
-			cfg, err := config.NewConfig(v, tt.args.path)
+			cfg, err := config.NewConfig(context.TODO(), v, tt.args.path)
 			assert.NoError(t, err)
 			err = checkK8sAPICollectorConfig(cfg.Collector.Type)
 			if (err != nil) != tt.wantErr {

diff --git a/pkg/config/collector.go b/pkg/config/collector.go
@@ -18,8 +18,6 @@ const (
 	CollectorNonInteractive        = "collector.non_interactive"
 	CollectorFileArchiveNoCompress = "collector.file.archive.no_compress"
 	CollectorFileDirectory         = "collector.file.directory"
-	CollectorFileBlobRegion        = "collector.file.blob.region"
-	CollectorFileBlobBucket        = "collector.file.blob.bucket_url"
 )
 
 // CollectorConfig configures collector specific parameters.