[VC-43753] CyberArk(client): extract cluster UID from data readings #687
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wallrj-cyberark
changed the title
wallrj-cyberark
force-pushed
the
VC-43403-inventory-api-2
branch
2 times, most recently
from
88c1cc7 to
8b9a233
Compare
wallrj-cyberark
force-pushed
the
VC-43403-inventory-api-3
branch
from
6e029d7 to
4c3cbe5
Compare
This was referenced Aug 14, 2025
Merged
wallrj-cyberark
changed the title
wallrj-cyberark
force-pushed
the
VC-43403-inventory-api-2
branch
from
8b9a233 to
5196fc9
Compare
wallrj-cyberark
force-pushed
the
VC-43403-inventory-api-3
branch
from
4c3cbe5 to
919c73d
Compare
wallrj-cyberark
force-pushed
the
VC-43403-inventory-api-2
branch
2 times, most recently
from
59dbac7 to
2d44e46
Compare
wallrj-cyberark
force-pushed
the
VC-43403-inventory-api-2
branch
3 times, most recently
from
caadaf0 to
e8f50da
Compare
- Introduced a new `MachineHub` output mode in the agent configuration. - Added `--machine-hub` flag to enable the `MachineHub` mode. - Implemented `CyberArkClient` for publishing data readings to CyberArk's API. - Created `LoadClientConfigFromEnvironment` to load CyberArk client configuration from environment variables. - Updated tests to cover `MachineHub` mode and CyberArk client functionality. - Modified mock data and discovery logic to support CyberArk integration. Signed-off-by: Richard Wall <[email protected]>
- Introduced `ConvertDataReadingsToCyberarkSnapshot` to transform data readings into CyberArk snapshot format. - Enhanced `PostDataReadingsWithOptions` to utilize the new snapshot conversion. - Added `DynamicData` and `DiscoveryData` types for structured data handling. - Updated `DataGathererDynamic` and `DataGathererDiscovery` to return strongly typed data. - Implemented `ParseDataReadings` in `testutil` for decoding and testing data readings. - Added test data and golden file support for snapshot conversion validation. Signed-off-by: Richard Wall <[email protected]>
wallrj-cyberark
force-pushed
the
VC-43403-inventory-api-2
branch
from
e8f50da to
7686607
Compare
- Added `extractClusterUIDFromReading` to derive the cluster UID from `ark/namespaces` data readings. - Updated `ConvertDataReadingsToCyberarkSnapshot` to include the cluster UID in the snapshot. - Modified tests to validate cluster UID extraction logic. - Updated example test data to include `ark/namespaces` data gatherer. - Removed `pkg/clusteruid` package as its functionality is now integrated into the client logic. Signed-off-by: Richard Wall <[email protected]>
wallrj-cyberark
force-pushed
the
VC-43403-inventory-api-3
branch
from
919c73d to
339f991
Compare
wallrj-cyberark
changed the title
wallrj-cyberark
force-pushed
the
VC-43403-inventory-api-2
branch
3 times, most recently
from
ee3d84d to
a04cdad
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Stacked on #684
The problem with the first approach to getting the cluster ID (#670), -- the UID of the kube-system namespace -- is that it requires the agent to have a connection to a target Kubernetes cluster at startup.
But this breaks one of operating modes of the agent; it is designed so data can be collected and stored to a file by one instance, (
--one-shot --output-file) and then the data read from a file and uploaded to Venafi TLSPK (or CyberArk Discovery) by another separate instance (--one-shot --input-file).In this alternative approach, we use a dynamic data-gatherer to get all the namespaces, and extract the UID from the kube-system namespace before uploading to CyberArk.
extractClusterUIDFromReadingto derive the cluster UID fromark/namespacesdata readings.ConvertDataReadingsToCyberarkSnapshotto include the cluster UIDin the snapshot.
ark/namespacesdata gatherer.pkg/clusteruidpackage as its functionality is now integratedinto the client logic.
Part of: https://venafi.atlassian.net/browse/VC-43753
Followup PRs