diff --git a/apps/event-worker/src/target-scan/google.ts b/apps/event-worker/src/target-scan/google.ts index 05f32fd58..96c4b6f31 100644 --- a/apps/event-worker/src/target-scan/google.ts +++ b/apps/event-worker/src/target-scan/google.ts @@ -1,3 +1,4 @@ +import type { KubernetesClusterAPIV1 } from "@ctrlplane/validators/targets"; import type { ClusterManagerClient } from "@google-cloud/container"; import type { google } from "@google-cloud/container/build/protos/protos.js"; import type { AuthClient } from "google-auth-library"; @@ -89,7 +90,7 @@ export const clusterToTarget = ( providerId: string, project: string, cluster: google.container.v1.ICluster, -) => { +): KubernetesClusterAPIV1 & { workspaceId: string; providerId: string } => { const masterVersion = new SemVer(cluster.currentMasterVersion ?? "0"); const nodeVersion = new SemVer(cluster.currentNodeVersion ?? "0"); const autoscaling = String( @@ -105,9 +106,15 @@ export const clusterToTarget = ( version: "kubernetes/v1", kind: "ClusterAPI", config: { - name: cluster.name, - status: cluster.status, - cluster: { + name: cluster.name!, + auth: { + method: "google/gke", + project, + location: cluster.location!, + clusterName: cluster.name!, + }, + status: cluster.status?.toString() ?? "STATUS_UNSPECIFIED", + server: { certificateAuthorityData: cluster.masterAuth?.clusterCaCertificate, endpoint: `https://${cluster.endpoint}`, }, diff --git a/integrations/google-compute-scanner/src/gke.ts b/integrations/google-compute-scanner/src/gke.ts index 2aa4587e1..c3a3f42aa 100644 --- a/integrations/google-compute-scanner/src/gke.ts +++ b/integrations/google-compute-scanner/src/gke.ts @@ -71,9 +71,15 @@ export const getKubernetesClusters = async (): Promise< identifier: `${env.GOOGLE_PROJECT_ID}/${cluster.name}`, config: { name: cluster.name!, + auth: { + method: "google/gke", + project: env.GOOGLE_PROJECT_ID, + location: cluster.location!, + clusterName: cluster.name!, + }, + status: cluster.status?.toString() ?? "STATUS_UNSPECIFIED", server: { - certificateAuthorityData: - cluster.masterAuth?.clusterCaCertificate ?? "", + certificateAuthorityData: cluster.masterAuth?.clusterCaCertificate, endpoint: `https://${cluster.endpoint}`, }, }, diff --git a/packages/validators/src/targets/kubernetes-v1.ts b/packages/validators/src/targets/kubernetes-v1.ts index 8b4db83a9..b29b54be2 100644 --- a/packages/validators/src/targets/kubernetes-v1.ts +++ b/packages/validators/src/targets/kubernetes-v1.ts @@ -2,10 +2,51 @@ import { z } from "zod"; const clusterConfig = z.object({ name: z.string(), + status: z.string().optional(), server: z.object({ - certificateAuthorityData: z.string(), + certificateAuthorityData: z.string().nullish(), endpoint: z.string().url(), }), + auth: z.discriminatedUnion("method", [ + z.object({ + method: z.literal("token"), + token: z.string(), + }), + z.object({ + method: z.literal("google/gke"), + project: z.string(), + location: z.string(), + clusterName: z.string(), + }), + z.object({ + method: z.literal("aws/eks"), + region: z.string(), + clusterName: z.string(), + }), + z.object({ + method: z.literal("azure/aks"), + resourceGroup: z.string(), + clusterName: z.string(), + }), + z.object({ + method: z.literal("exec"), + command: z.string(), + args: z.array(z.string()).optional(), + env: z + .array( + z.object({ + name: z.string(), + value: z.string(), + }), + ) + .optional(), + }), + z.object({ + method: z.literal("kubeconfig"), + path: z.string(), + context: z.string().optional(), + }), + ]), }); export const kubernetesClusterApiV1 = z.object({