finialized k8s target schema

ctrlplanedev · Oct 19, 2024 · b362cbb · b362cbb
1 parent 4808e09
commit b362cbb
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 7 deletions.
diff --git a/apps/event-worker/src/target-scan/google.ts b/apps/event-worker/src/target-scan/google.ts
@@ -1,3 +1,4 @@
+import type { KubernetesClusterAPIV1 } from "@ctrlplane/validators/targets";
 import type { ClusterManagerClient } from "@google-cloud/container";
 import type { google } from "@google-cloud/container/build/protos/protos.js";
 import type { AuthClient } from "google-auth-library";
@@ -89,7 +90,7 @@ export const clusterToTarget = (
   providerId: string,
   project: string,
   cluster: google.container.v1.ICluster,
-) => {
+): KubernetesClusterAPIV1 & { workspaceId: string; providerId: string } => {
   const masterVersion = new SemVer(cluster.currentMasterVersion ?? "0");
   const nodeVersion = new SemVer(cluster.currentNodeVersion ?? "0");
   const autoscaling = String(
@@ -105,9 +106,15 @@ export const clusterToTarget = (
     version: "kubernetes/v1",
     kind: "ClusterAPI",
     config: {
-      name: cluster.name,
-      status: cluster.status,
-      cluster: {
+      name: cluster.name!,
+      auth: {
+        method: "google/gke",
+        project,
+        location: cluster.location!,
+        clusterName: cluster.name!,
+      },
+      status: cluster.status?.toString() ?? "STATUS_UNSPECIFIED",
+      server: {
         certificateAuthorityData: cluster.masterAuth?.clusterCaCertificate,
         endpoint: `https://${cluster.endpoint}`,
       },

diff --git a/integrations/google-compute-scanner/src/gke.ts b/integrations/google-compute-scanner/src/gke.ts
@@ -71,9 +71,15 @@ export const getKubernetesClusters = async (): Promise<
         identifier: `${env.GOOGLE_PROJECT_ID}/${cluster.name}`,
         config: {
           name: cluster.name!,
+          auth: {
+            method: "google/gke",
+            project: env.GOOGLE_PROJECT_ID,
+            location: cluster.location!,
+            clusterName: cluster.name!,
+          },
+          status: cluster.status?.toString() ?? "STATUS_UNSPECIFIED",
           server: {
-            certificateAuthorityData:
-              cluster.masterAuth?.clusterCaCertificate ?? "",
+            certificateAuthorityData: cluster.masterAuth?.clusterCaCertificate,
             endpoint: `https://${cluster.endpoint}`,
           },
         },

diff --git a/packages/validators/src/targets/kubernetes-v1.ts b/packages/validators/src/targets/kubernetes-v1.ts
@@ -2,10 +2,51 @@ import { z } from "zod";
 
 const clusterConfig = z.object({
   name: z.string(),
+  status: z.string().optional(),
   server: z.object({
-    certificateAuthorityData: z.string(),
+    certificateAuthorityData: z.string().nullish(),
     endpoint: z.string().url(),
   }),
+  auth: z.discriminatedUnion("method", [
+    z.object({
+      method: z.literal("token"),
+      token: z.string(),
+    }),
+    z.object({
+      method: z.literal("google/gke"),
+      project: z.string(),
+      location: z.string(),
+      clusterName: z.string(),
+    }),
+    z.object({
+      method: z.literal("aws/eks"),
+      region: z.string(),
+      clusterName: z.string(),
+    }),
+    z.object({
+      method: z.literal("azure/aks"),
+      resourceGroup: z.string(),
+      clusterName: z.string(),
+    }),
+    z.object({
+      method: z.literal("exec"),
+      command: z.string(),
+      args: z.array(z.string()).optional(),
+      env: z
+        .array(
+          z.object({
+            name: z.string(),
+            value: z.string(),
+          }),
+        )
+        .optional(),
+    }),
+    z.object({
+      method: z.literal("kubeconfig"),
+      path: z.string(),
+      context: z.string().optional(),
+    }),
+  ]),
 });
 
 export const kubernetesClusterApiV1 = z.object({