Update the legacy kubernetes audit log parser with the new base task types

[kyasbal]

This is a PR to merge the epic/issue-373 branch into main branch.

Summary

This PR migrates the legacy Kubernetes audit log parser to a new audit log parser implemented with the new base task types. Throughout this change, there are several enhancements applied on the parsers.

• Now KHI audit parser can handle delete collection audit log correctly. 🐛 Changes made by delete collection operation may generate wrong resource timeline #267
• The binding subresources shown under node resource was removed, and introduced a new subresource type pod_phase which shows pod statuses on the node.
• kubelet logs can be associated with pod when the resource uid is included in the log.
• Resource conditions are now handled correctly when it was created again with the same name after deletion
• endpointslice subresource was renamed to endpoint
• Container ID can also be provided from pod audit log by checking the status field. This enables node log parser to associate containerd log with Pod even the logs around the starting time is not included.
• The mechanism to gather IP, container ID, pod sandbox ID, sneg names are now refactored to use the new inventory task API. This allows user to merge multiple discovery task result to provide these info to another parser using them easily. The consumer of the inventory don't need to be aware of the actual discovery task and it enables the further extensibility.

[gemini-code-assist]

Summary of Changes

Hello @kyasbal, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces several new features and improvements to the inspection system. It adds a new framework for discovering and merging inventory data, a new task for sorting logs by timestamp, and a mechanism for verifying and reporting orphan logs. It also deprecates RelationshipTask in favor of InventoryTask, and adds new revision states to the model/enum/revision_state.go file.

Highlights

• Pattern Matching: Introduces a GetMatchedString method to the PatternMatchResult struct for extracting the matched string from an original string, along with corresponding unit tests.
• Inventory Task Framework: Adds a new framework for discovering and merging inventory data from various sources, including InventoryTaskBuilder, InventoryTask, and DiscoveryTask components.
• Log Sorting Task: Implements a new LogSorterByTimeTask for sorting logs by timestamp, along with its unit tests.
• Code Modernization: Deprecates RelationshipTask in favor of InventoryTask, and renames relationship_task_test.go to inventory_task_test.go.
• Revision State Enhancements: Adds new revision states to the model/enum/revision_state.go file, including states for pod phases and container statuses.
• Orphan Log Verification: Implements a mechanism to verify and report orphan logs, which are logs not associated with any timeline events or revisions.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a major and impressive refactoring of the Kubernetes audit log parsing logic. The introduction of the generic InventoryTaskBuilder and the new commonlogk8sauditv2 package with its modular task-based approach is a significant improvement in terms of design, extensibility, and testability. The old, more monolithic commonlogk8saudit package has been successfully replaced.

Key improvements include:

• Decoupling with Inventory Tasks: The new InventoryTaskBuilder provides a clean and reusable pattern for discovering and aggregating data from various sources, replacing the less generic RelationshipTask. This is well-utilized for inventories like node names, resource UIDs, and IP leases.
• Modular Parsing Logic: The commonlogk8sauditv2 package breaks down the complex parsing process into smaller, more manageable tasks (filtering, grouping, manifest generation, lifetime tracking, and various history modifiers). This separation of concerns makes the logic easier to understand and maintain.
• Improved Accuracy: The logic for tracking resource lifetimes and sorting timeline revisions by their actual ChangeTime rather than log timestamp enhances the accuracy of the generated history.
• Enhanced Testability: The addition of new test utilities and the modular design will make it easier to write targeted unit tests for different parts of the parsing pipeline.

I've identified a couple of areas for improvement to enhance correctness and robustness, which are detailed in the specific comments. Overall, this is a high-quality refactoring that significantly improves the architecture of the inspection framework.