Improved container ID discovery tasks and implemented pod uid discovery tasks (#396)

* Added new fieldset related tasks and history modifiers for error audit logs

* Adding k8s audit log parser tasks

* Added LogSorterTask that sorts logs before ingesting them to the manifest generator
* Added ChangeTargetGrouperTask that groups logs by the resource paths actually modified with the audit log
* Added NonSuccessLogGrouperTask that groups logs by resource paths for non succeeded audit logs

* fix issues pointed by gemini-code-assist

* fix issues pointed by gemini-code-assist

* Adding grouping related tasks and tasks for gathering k8s audit logs from Cloud Logging  (#378)

* Added new fieldset related tasks and history modifiers for error audit logs

* fix issues pointed by gemini-code-assist

* Added new fieldset related tasks and history modifiers for error audit logs

* Adding k8s audit log parser tasks

* Added LogSorterTask that sorts logs before ingesting them to the manifest generator
* Added ChangeTargetGrouperTask that groups logs by the resource paths actually modified with the audit log
* Added NonSuccessLogGrouperTask that groups logs by resource paths for non succeeded audit logs

* fix issues pointed by gemini-code-assist

* Adding k8s audit log parser tasks

* Added LogSorterTask that sorts logs before ingesting them to the manifest generator
* Added ChangeTargetGrouperTask that groups logs by the resource paths actually modified with the audit log
* Added NonSuccessLogGrouperTask that groups logs by resource paths for non succeeded audit logs

* fix issues pointed by gemini-code-assist

* Adding k8s audit log parser tasks

* Added LogSorterTask that sorts logs before ingesting them to the manifest generator
* Added ChangeTargetGrouperTask that groups logs by the resource paths actually modified with the audit log
* Added NonSuccessLogGrouperTask that groups logs by resource paths for non succeeded audit logs

* fix issues pointed by gemini-code-assist

* Added several test asserter for changeset testing

* fix issues pointed by gemini-code-assist

* fix issues pointed by gemini-code-assist

* fix issue pointed by gemini-code-assist

* Migrate containerID discovery tasks to use the inventory task and implemented resource UID inventory

* Improved containerd,kubelet and controlplane ID matchers to use inventory tasks

Author: kyasbal

pkg/common/patternfinder/finder.go

@@ -14,6 +14,8 @@
 
 package patternfinder
 
+import "fmt"
+
 // PatternMatchResult represents a single match found within a larger text.
 // It includes the start and end positions of the match.
 type PatternMatchResult[T any] struct {
@@ -22,6 +24,14 @@ type PatternMatchResult[T any] struct {
 	End   int
 }
 
+// GetMatchedString extracts the matched string from the original string.
+func (p *PatternMatchResult[T]) GetMatchedString(original string) (string, error) {
+	if p.Start < 0 || p.End > len(original) {
+		return "", fmt.Errorf("invalid match range: start=%d, end=%d", p.Start, p.End)
+	}
+	return original[p.Start:p.End], nil
+}
+
 // FindAllWithStarterRunes finds all occurrences of patterns within a search text.
 // The search for a pattern only begins after encountering one of the specified starterRunes.
 //

pkg/common/patternfinder/finder_test.go

@@ -133,6 +133,52 @@ func TestFindAllWithStarterRunes(t *testing.T) {
 	}
 }
 
+func TestGetMatchedString(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		result   PatternMatchResult[struct{}]
+		original string
+		want     string
+		wantErr  bool
+	}{
+		{
+			desc: "simple case",
+			result: PatternMatchResult[struct{}]{
+				Value: struct{}{},
+				Start: 0,
+				End:   5,
+			},
+			original: "hello",
+			want:     "hello",
+		},
+		{
+			desc: "original message has short length than result",
+			result: PatternMatchResult[struct{}]{
+				Value: struct{}{},
+				Start: 0,
+				End:   5,
+			},
+			original: "",
+			want:     "",
+			wantErr:  true,
+		},
+	}
+	for _, tc := range testCases {
+		t.Run(tc.desc, func(t *testing.T) {
+			got, err := tc.result.GetMatchedString(tc.original)
+			if tc.wantErr {
+				if err == nil {
+					t.Errorf("GetMatchedString() = %v, want error %v", got, tc.want)
+				}
+			} else {
+				if got != tc.want {
+					t.Errorf("GetMatchedString() = %v, want %v", got, tc.want)
+				}
+			}
+		})
+	}
+}
+
 func BenchmarkFindAllWithStarterRunes(b *testing.B) {
 	finders := []struct {
 		name        string

pkg/core/inspection/taskbase/inventory_task.go

@@ -108,7 +108,7 @@ func (s *InventoryTaskBuilder[T]) DiscoveryTask(taskID taskid.TaskImplementation
 // InventoryMergerStrategy defines the strategy how the generated InventoryTask merges results received from multiple discovery tasks.
 type InventoryMergerStrategy[T any] interface {
 
-	// Merge defines the logic to combine multiple results from various discovery tasks
+	// Merge defines the logic to combine multiple results from various InventoryDiscoveryTasks
 	// into a single, consolidated result.
 	Merge(results []T) (T, error)
 }

pkg/core/inspection/test/testutil.go

@@ -22,8 +22,10 @@ import (
 	"github.com/GoogleCloudPlatform/khi/pkg/common/typedmap"
 	inspectionmetadata "github.com/GoogleCloudPlatform/khi/pkg/core/inspection/metadata"
 	coretask "github.com/GoogleCloudPlatform/khi/pkg/core/task"
+	"github.com/GoogleCloudPlatform/khi/pkg/core/task/taskid"
 	tasktest "github.com/GoogleCloudPlatform/khi/pkg/core/task/test"
 	"github.com/GoogleCloudPlatform/khi/pkg/model/history"
+	core_contract "github.com/GoogleCloudPlatform/khi/pkg/task/core/contract"
 	inspectioncore_contract "github.com/GoogleCloudPlatform/khi/pkg/task/inspection/inspectioncore/contract"
 )
 
@@ -39,6 +41,17 @@ func WithDefaultTestInspectionTaskContext(baseContext context.Context) context.C
 	taskCtx = khictx.WithValue(taskCtx, inspectioncore_contract.GlobalSharedMap, typedmap.NewTypedMap())
 	taskCtx = khictx.WithValue(taskCtx, inspectioncore_contract.InspectionSharedMap, typedmap.NewTypedMap())
 
+	// If this context is used with the task runner, it should have the task result map. But if not, then this must complement the value with the default value.
+	_, err := khictx.GetValue(taskCtx, core_contract.TaskResultMapContextKey)
+	if err != nil {
+		taskCtx = khictx.WithValue(taskCtx, core_contract.TaskResultMapContextKey, typedmap.NewTypedMap())
+	}
+	_, err = khictx.GetValue(taskCtx, core_contract.TaskImplementationIDContextKey)
+	if err != nil {
+		fakeTaskID := taskid.NewDefaultImplementationID[struct{}]("khi.google.com/fake-test-id")
+		taskCtx = khictx.WithValue(taskCtx, core_contract.TaskImplementationIDContextKey, fakeTaskID.(taskid.UntypedTaskImplementationID))
+	}
+
 	ioConfig, err := inspectioncore_contract.NewIOConfigForTest()
 	if err != nil {
 		panic("Failed to create test IOConfig: " + err.Error())

pkg/task/inspection/commonlogk8sauditv2/contract/inventory.go

@@ -19,7 +19,21 @@ import (
 	"github.com/GoogleCloudPlatform/khi/pkg/core/task/taskid"
 )
 
-var NodeNameInventoryTaskID = taskid.NewDefaultImplementationID[[]string]("node-name-inventory-merger")
+var NodeNameInventoryTaskID = taskid.NewDefaultImplementationID[[]string](TaskIDPrefix + "node-name-inventory")
 
 // NodeNameInventoryBuilder is the inventory tasks builder for gathering node names
 var NodeNameInventoryBuilder = inspectiontaskbase.NewInventoryTaskBuilder[[]string](NodeNameInventoryTaskID)
+
+type UIDToResourceIdentity = map[string]*ResourceIdentity
+
+var ResourceUIDInventoryTaskID = taskid.NewDefaultImplementationID[UIDToResourceIdentity](TaskIDPrefix + "resource-uid-inventory")
+
+// ResourceUIDInventoryBuilder is the inventory tasks builder for gathering resource uids
+var ResourceUIDInventoryBuilder = inspectiontaskbase.NewInventoryTaskBuilder[UIDToResourceIdentity](ResourceUIDInventoryTaskID)
+
+type ContainerIDToContainerIdentity = map[string]*ContainerIdentity
+
+var ContainerIDInventoryTaskID = taskid.NewDefaultImplementationID[ContainerIDToContainerIdentity](TaskIDPrefix + "container-id-inventory")
+
+// ContainerIDInventoryBuilder is the inventory tasks builder for gathering the relationship between container id and container identity
+var ContainerIDInventoryBuilder = inspectiontaskbase.NewInventoryTaskBuilder[ContainerIDToContainerIdentity](ContainerIDInventoryTaskID)

pkg/task/inspection/commonlogk8sauditv2/contract/taskid.go

@@ -15,6 +15,7 @@
 package commonlogk8sauditv2_contract
 
 import (
+	"github.com/GoogleCloudPlatform/khi/pkg/common/patternfinder"
 	inspectiontaskbase "github.com/GoogleCloudPlatform/khi/pkg/core/inspection/taskbase"
 	"github.com/GoogleCloudPlatform/khi/pkg/core/task/taskid"
 	"github.com/GoogleCloudPlatform/khi/pkg/model/log"
@@ -86,3 +87,15 @@ var ConditionHistoryModifierTaskID = taskid.NewDefaultImplementationID[struct{}]
 
 // NodeNameDiscoveryTaskID is the task ID for extracting node names from audit logs.
 var NodeNameDiscoveryTaskID = taskid.NewDefaultImplementationID[[]string](TaskIDPrefix + "node-name-discovery")
+
+// ResourceUIDDiscoveryTaskID is the task ID for extracting resource uids from audit logs.
+var ResourceUIDDiscoveryTaskID = taskid.NewDefaultImplementationID[UIDToResourceIdentity](TaskIDPrefix + "resource-uid-discovery")
+
+// ResourceUIDPatternFinderTaskID is the task ID to build the PatternFinder from aggregated UIDs obtained from the inventory task.
+var ResourceUIDPatternFinderTaskID = taskid.NewDefaultImplementationID[patternfinder.PatternFinder[*ResourceIdentity]](TaskIDPrefix + "resource-uid-pattern-finder")
+
+// ContainerIDDiscoveryTaskID is the task ID for extracting container ids from audit logs.
+var ContainerIDDiscoveryTaskID = taskid.NewDefaultImplementationID[ContainerIDToContainerIdentity](TaskIDPrefix + "container-id-discovery")
+
+// ContainerIDPatternFinderTaskID is the task ID to build the PatternFinder from aggregated container ids obtained from the inventory task.
+var ContainerIDPatternFinderTaskID = taskid.NewDefaultImplementationID[patternfinder.PatternFinder[*ContainerIdentity]](TaskIDPrefix + "container-id-pattern-finder")

pkg/task/inspection/commonlogk8sauditv2/contract/type.go

@@ -113,6 +113,30 @@ func (r *ResourceIdentity) ParentIdentity() *ResourceIdentity {
 	}
 }
 
+type ContainerIdentity struct {
+	ContainerID   string
+	ContainerName string
+	PodSandboxID  string
+}
+
+func (c *ContainerIdentity) Merge(other *ContainerIdentity) *ContainerIdentity {
+	result := *c
+	if other.ContainerID != "" {
+		result.ContainerID = other.ContainerID
+	}
+	if other.ContainerName != "" {
+		result.ContainerName = other.ContainerName
+	}
+	if other.PodSandboxID != "" {
+		result.PodSandboxID = other.PodSandboxID
+	}
+	return &result
+}
+
+func (c *ContainerIdentity) ResourcePath(podNamespace string, podName string) resourcepath.ResourcePath {
+	return resourcepath.Container(podNamespace, podName, c.ContainerName)
+}
+
 // ResourceLogGroup is the group of the logs associated with k8s resource.
 type ResourceLogGroup struct {
 	// Resource is the resource identity.

pkg/task/inspection/commonlogk8sauditv2/impl/container_historymodifier_task.go

@@ -40,15 +40,15 @@ const (
 	ContainerTypeEphemeral containerType = "ephemeral"
 )
 
-type containerIdentity struct {
+type containerStatusIdentity struct {
 	// containerName is the name of the container.
 	containerName string
 	// containerType is the type of the container.
 	containerType containerType
 }
 
 // String returns the string representation of the container identity.
-func (c *containerIdentity) String() string {
+func (c *containerStatusIdentity) String() string {
 	switch c.containerType {
 	case ContainerTypeContainer:
 		return c.containerName
@@ -66,7 +66,7 @@ var ContainerHistoryModifierTask = commonlogk8sauditv2_contract.NewManifestHisto
 
 type containerHistoryModifierTaskState struct {
 	// containerIdentities is the map of container identities.
-	containerIdentities map[string]*containerIdentity
+	containerIdentities map[string]*containerStatusIdentity
 	// containerStateWalkers is the map of container state walkers.
 	containerStateWalkers map[string]*containerStateWalker
 }
@@ -98,7 +98,7 @@ func (c *containerHistoryModifierTaskSetting) PassCount() int {
 func (c *containerHistoryModifierTaskSetting) Process(ctx context.Context, passIndex int, event commonlogk8sauditv2_contract.ResourceChangeEvent, cs *history.ChangeSet, builder *history.Builder, state *containerHistoryModifierTaskState) (*containerHistoryModifierTaskState, error) {
 	if state == nil {
 		state = &containerHistoryModifierTaskState{
-			containerIdentities:   map[string]*containerIdentity{},
+			containerIdentities:   map[string]*containerStatusIdentity{},
 			containerStateWalkers: map[string]*containerStateWalker{},
 		}
 	}
@@ -124,7 +124,7 @@ func (c *containerHistoryModifierTaskSetting) processFirstPass(ctx context.Conte
 			for _, status := range statuses.Children() {
 				name, err := status.ReadString("name")
 				if err == nil {
-					identity := &containerIdentity{
+					identity := &containerStatusIdentity{
 						containerName: name,
 						containerType: containerType,
 					}
@@ -148,7 +148,7 @@ func (c *containerHistoryModifierTaskSetting) processSecondPass(ctx context.Cont
 			for _, status := range statuses.Children() {
 				name, err := status.ReadString("name")
 				if err == nil {
-					identity := containerIdentity{
+					identity := containerStatusIdentity{
 						containerName: name,
 						containerType: containerType,
 					}
@@ -201,7 +201,7 @@ var _ commonlogk8sauditv2_contract.ManifestHistoryModifierTaskSetting[*container
 
 type containerStateWalker struct {
 	// containerIdentity is the identity of the container.
-	containerIdentity *containerIdentity
+	containerIdentity *containerStatusIdentity
 	// podNamespace is the namespace of the pod.
 	podNamespace string
 	// podName is the name of the pod.

pkg/task/inspection/commonlogk8sauditv2/impl/container_historymodifier_task_test.go

@@ -352,7 +352,7 @@ state:
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			walker := &containerStateWalker{
-				containerIdentity: &containerIdentity{
+				containerIdentity: &containerStatusIdentity{
 					containerName: containerName,
 					containerType: ContainerTypeContainer,
 				},
@@ -417,7 +417,7 @@ status:
 `,
 			initialState: nil,
 			wantState: &containerHistoryModifierTaskState{
-				containerIdentities: map[string]*containerIdentity{
+				containerIdentities: map[string]*containerStatusIdentity{
 					"main-container": {
 						containerName: "main-container",
 						containerType: ContainerTypeContainer,
@@ -440,7 +440,7 @@ status:
 			pass:    0,
 			nilBody: true,
 			wantState: &containerHistoryModifierTaskState{
-				containerIdentities:   map[string]*containerIdentity{},
+				containerIdentities:   map[string]*containerStatusIdentity{},
 				containerStateWalkers: map[string]*containerStateWalker{},
 			},
 			asserters: []testchangeset.ChangeSetAsserter{},
@@ -458,7 +458,7 @@ status:
     ready: true
 `,
 			initialState: &containerHistoryModifierTaskState{
-				containerIdentities: map[string]*containerIdentity{
+				containerIdentities: map[string]*containerStatusIdentity{
 					"main-container": {
 						containerName: "main-container",
 						containerType: ContainerTypeContainer,
@@ -467,15 +467,15 @@ status:
 				containerStateWalkers: map[string]*containerStateWalker{},
 			},
 			wantState: &containerHistoryModifierTaskState{
-				containerIdentities: map[string]*containerIdentity{
+				containerIdentities: map[string]*containerStatusIdentity{
 					"main-container": {
 						containerName: "main-container",
 						containerType: ContainerTypeContainer,
 					},
 				},
 				containerStateWalkers: map[string]*containerStateWalker{
 					"main-container": {
-						containerIdentity: &containerIdentity{
+						containerIdentity: &containerStatusIdentity{
 							containerName: "main-container",
 							containerType: ContainerTypeContainer,
 						},
@@ -508,7 +508,7 @@ status:
   containerStatuses: []
 `,
 			initialState: &containerHistoryModifierTaskState{
-				containerIdentities: map[string]*containerIdentity{
+				containerIdentities: map[string]*containerStatusIdentity{
 					"main-container": {
 						containerName: "main-container",
 						containerType: ContainerTypeContainer,
@@ -517,15 +517,15 @@ status:
 				containerStateWalkers: map[string]*containerStateWalker{},
 			},
 			wantState: &containerHistoryModifierTaskState{
-				containerIdentities: map[string]*containerIdentity{
+				containerIdentities: map[string]*containerStatusIdentity{
 					"main-container": {
 						containerName: "main-container",
 						containerType: ContainerTypeContainer,
 					},
 				},
 				containerStateWalkers: map[string]*containerStateWalker{
 					"main-container": {
-						containerIdentity: &containerIdentity{
+						containerIdentity: &containerStatusIdentity{
 							containerName: "main-container",
 							containerType: ContainerTypeContainer,
 						},
@@ -555,7 +555,7 @@ status:
 			pass:    1,
 			nilBody: true,
 			initialState: &containerHistoryModifierTaskState{
-				containerIdentities: map[string]*containerIdentity{
+				containerIdentities: map[string]*containerStatusIdentity{
 					"main-container": {
 						containerName: "main-container",
 						containerType: ContainerTypeContainer,
@@ -564,7 +564,7 @@ status:
 				containerStateWalkers: map[string]*containerStateWalker{},
 			},
 			wantState: &containerHistoryModifierTaskState{
-				containerIdentities: map[string]*containerIdentity{
+				containerIdentities: map[string]*containerStatusIdentity{
 					"main-container": {
 						containerName: "main-container",
 						containerType: ContainerTypeContainer,
@@ -610,7 +610,7 @@ status:
 				t.Fatalf("Process(%d) failed: %v", tc.pass, err)
 			}
 
-			if diff := cmp.Diff(tc.wantState, nextState, cmp.AllowUnexported(containerHistoryModifierTaskState{}, containerIdentity{}, containerStateWalker{})); diff != "" {
+			if diff := cmp.Diff(tc.wantState, nextState, cmp.AllowUnexported(containerHistoryModifierTaskState{}, containerStatusIdentity{}, containerStateWalker{})); diff != "" {
 				t.Errorf("state mismatch (-want +got):\n%s", diff)
 			}