Skip to content

[VC-43753] CyberArk(client): add CyberArk snapshot conversion and test utilities #684

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

[VC-43753] CyberArk(client): add CyberArk snapshot conversion and test utilities #684

wants to merge 2 commits into from

Conversation

wallrj-cyberark
Copy link
Member

@wallrj-cyberark wallrj-cyberark commented Aug 8, 2025
edited
Loading

Stacked on #696

  • Introduced ConvertDataReadingsToCyberarkSnapshot to transform data readings into CyberArk snapshot format.
  • Enhanced PostDataReadingsWithOptions to utilize the new snapshot conversion.
  • Added DynamicData and DiscoveryData types for structured data handling.
  • Updated DataGathererDynamic and DataGathererDiscovery to return strongly typed data.
  • Implemented ParseDataReadings in testutil for decoding and testing data readings.
  • Added test data and golden file support for snapshot conversion validation.

The client still deviates from the API requirements, as follows:

  • "roles" : currently all roles and cluster roles are uploaded. The API spec says that only roles relevant for secrets should be uploaded; which means only roles are having any permissions on the secrets
  • "role_bindings": currently all rolebindings and clusterrolebindings are uploaded. The API spec says only role bindings related to the above roles should be uploaded.

...but I prefer to address those in followup PRs, as time permits.

Part of: https://venafi.atlassian.net/browse/VC-43753

Followup PRs

  1. [VC-43753] CyberArk(client): extract cluster UID from data readings #687
  2. [VC-43403] CyberArk(helm): add Disco Agent Helm chart #678

Testing

TODO

wallrj-cyberark
wallrj-cyberark commented Aug 9, 2025
View reviewed changes
api/datareading.go
Resource interface{}
DeletedAt Time
Resource interface{} `json:"resource"`
DeletedAt Time `json:"deleted_at,omitempty"`
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added json annotations here so that I can unmarshal date readings from a file, for testing.

The agent already has an --input-file option, but stops decoding the input at api.DataReading.Data, leaving the actual data as interface{}.

In the test in this PR I need to decode the Data, so that it has the same types as the DataGatherer.Fetch return values.

pkg/datagatherer/k8s/discovery.go Outdated
type DiscoveryData struct {
ServerVersion *version.Info `json:"server_version"`
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I created a data type instead of the ad-hoc map that was previously returned by this data gatherer,
to make it easier to do a type conversion in ConverDatareadingsToCyberarkSnapshot function.

@wallrj-cyberark wallrj-cyberark marked this pull request as ready for review August 9, 2025 14:14
@wallrj-cyberark wallrj-cyberark mentioned this pull request Aug 10, 2025
Draft
inteon
inteon reviewed Aug 12, 2025
View reviewed changes
@wallrj-cyberark wallrj-cyberark force-pushed the VC-43403-inventory-api-2 branch 2 times, most recently from 9606752 to 4d8e691 Compare August 13, 2025 16:21
@wallrj-cyberark wallrj-cyberark changed the base branch from master to VC-43403-inventory-api-sha3 August 13, 2025 16:21
@wallrj-cyberark wallrj-cyberark mentioned this pull request Aug 13, 2025
Draft
@wallrj-cyberark wallrj-cyberark force-pushed the VC-43403-inventory-api-2 branch 2 times, most recently from 88c1cc7 to 8b9a233 Compare August 13, 2025 21:34
@wallrj-cyberark wallrj-cyberark mentioned this pull request Aug 14, 2025
Merged
@wallrj-cyberark wallrj-cyberark marked this pull request as draft August 14, 2025 08:23
Base automatically changed from VC-43403-inventory-api-sha3 to master August 14, 2025 09:16
@wallrj-cyberark wallrj-cyberark force-pushed the VC-43403-inventory-api-2 branch 4 times, most recently from 2d44e46 to 34d67da Compare August 21, 2025 08:50
inteon
inteon reviewed Aug 21, 2025
View reviewed changes
pkg/internal/cyberark/dataupload/testdata/example-1/agent.yaml Outdated
- kind: k8s-discovery
name: ark/discovery
- kind: k8s-dynamic
name: ark/secrets
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wallrj-cyberark Since the name here is ark-specific, does that mean that we will fetch secrets twice (once for TLSPK and once for the Secret solution?)

@wallrj-cyberark wallrj-cyberark force-pushed the VC-43403-inventory-api-2 branch 2 times, most recently from caadaf0 to e8f50da Compare August 22, 2025 17:01
@wallrj-cyberark wallrj-cyberark changed the base branch from master to VC-43403-client August 22, 2025 19:48
@wallrj-cyberark wallrj-cyberark force-pushed the VC-43403-client branch 6 times, most recently from 78700c9 to b7adba8 Compare August 27, 2025 17:02
@wallrj-cyberark wallrj-cyberark mentioned this pull request Aug 28, 2025
Merged
@wallrj-cyberark wallrj-cyberark mentioned this pull request Aug 28, 2025
Merged
@wallrj-cyberark wallrj-cyberark force-pushed the VC-43403-client branch 4 times, most recently from a331e26 to 0bfb107 Compare August 28, 2025 15:38
@wallrj-cyberark wallrj-cyberark mentioned this pull request Aug 28, 2025
Merged
@wallrj-cyberark wallrj-cyberark force-pushed the VC-43403-client branch 4 times, most recently from ae1b4fb to d82113d Compare August 28, 2025 16:24
@wallrj-cyberark
CyberArk(agent): add support for MachineHub output mode
8842333 
- Introduced a new `MachineHub` output mode in the agent configuration.
- Added `--machine-hub` flag to enable the `MachineHub` mode.
- Implemented `CyberArkClient` for publishing data readings to CyberArk's API.
- Created `LoadClientConfigFromEnvironment` to load CyberArk client configuration from environment variables.
- Updated tests to cover `MachineHub` mode and CyberArk client functionality.
- Modified mock data and discovery logic to support CyberArk integration.

Signed-off-by: Richard Wall <[email protected]>
@wallrj-cyberark
CyberArk(client): add CyberArk snapshot conversion and test utilities
7686607 
- Introduced `ConvertDataReadingsToCyberarkSnapshot` to transform data readings into CyberArk snapshot format.
- Enhanced `PostDataReadingsWithOptions` to utilize the new snapshot conversion.
- Added `DynamicData` and `DiscoveryData` types for structured data handling.
- Updated `DataGathererDynamic` and `DataGathererDiscovery` to return strongly typed data.
- Implemented `ParseDataReadings` in `testutil` for decoding and testing data readings.
- Added test data and golden file support for snapshot conversion validation.

Signed-off-by: Richard Wall <[email protected]>
@wallrj-cyberark wallrj-cyberark force-pushed the VC-43403-inventory-api-2 branch from e8f50da to 7686607 Compare August 29, 2025 03:38
@wallrj-cyberark wallrj-cyberark changed the title [VC-43753] CyberArk Discovery and Context: Upload data in the JSON format required by the API [VC-43753] CyberArk(client): add CyberArk snapshot conversion and test utilities Aug 29, 2025
Base automatically changed from VC-43403-client to master August 29, 2025 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inteon inteon inteon left review comments

@wallrj wallrj Awaiting requested review from wallrj

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wallrj-cyberark @inteon