work with non K8s environments

Dockerfile

@@ -1,6 +1,6 @@
 FROM golang:1.20 AS build
-WORKDIR /build
 RUN apt update -y; apt install -y libseccomp-dev
+WORKDIR /build
 ADD . .
 RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o bluelock .
 

Makefile

@@ -1,6 +1,21 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright 2023 Authors of KubeArmor
 
+GOOS := $(shell go env GOOS)
+GOARCH := $(shell go env GOARCH)
+
+.PHONY: run
+run: build
+	K8S=false RELAYSERVERURL="http://localhost:32767/" ./bluelock bash
+
+.PHONY: run-container
+run-container:
+	docker compose up --build -f deployments/unorchestrated/docker-compose.yaml
+
 .PHONY: build
 build:
+	GOOS=$(GOOS) GOARCH=$(GOARCH) CGO_ENABLED=0 go build -o bluelock .
+
+.PHONY: docker-build
+docker-build:
 	docker build -t bluelock:latest .

common/common.go

@@ -1,8 +1,13 @@
 package common
 
 import (
+	"encoding/json"
+	"fmt"
+	"net/url"
 	"os"
 	"path/filepath"
+	"reflect"
+	"strings"
 )
 
 func IsK8sLocal() bool {
@@ -48,3 +53,122 @@ func IsK8sEnv() bool {
 
 	return false
 }
+
+// Clone Function
+func Clone(src, dst interface{}) error {
+	arr, _ := json.Marshal(src)
+	return json.Unmarshal(arr, dst)
+}
+
+// ObjCommaExpand Function
+func ObjCommaExpand(v reflect.Value) []string {
+	return strings.Split(v.Field(0).Interface().(string), ",")
+}
+
+// ObjCommaExpandFirstDupOthers Function
+func ObjCommaExpandFirstDupOthers(objptr interface{}) {
+	if ObjCommaCanBeExpanded(objptr) {
+		old := reflect.ValueOf(objptr).Elem()
+		new := reflect.New(reflect.TypeOf(objptr).Elem()).Elem()
+
+		for i := 0; i < old.Len(); i++ {
+			for _, f := range ObjCommaExpand(old.Index(i)) {
+				field := strings.ReplaceAll(f, " ", "")
+				new.Set(reflect.Append(new, old.Index(i)))
+				new.Index(new.Len() - 1).Field(0).SetString(field)
+			}
+		}
+
+		reflect.ValueOf(objptr).Elem().Set(new)
+	}
+}
+
+// ObjCommaCanBeExpanded Function
+func ObjCommaCanBeExpanded(objptr interface{}) bool {
+	ovptr := reflect.ValueOf(objptr)
+	if ovptr.Kind() != reflect.Ptr {
+		return false
+	}
+
+	ov := ovptr.Elem()
+	if ov.Kind() != reflect.Slice {
+		return false
+	}
+
+	if ov.Len() == 0 {
+		return false
+	}
+
+	ovelm := ov.Index(0)
+	if ovelm.Kind() != reflect.Struct {
+		return false
+	}
+
+	field0 := ovelm.Field(0)
+	if field0.Kind() != reflect.String {
+		return false
+	}
+
+	value := field0.Interface().(string)
+	return strings.Split(value, ",")[0] != value
+}
+
+// MatchIdentities Function
+func MatchIdentities(identities []string, superIdentities []string) bool {
+	matched := true
+
+	// if nothing in identities, skip it
+	if len(identities) == 0 {
+		return false
+	}
+
+	// if super identities not include identity, return false
+	for _, identity := range identities {
+		if !ContainsElement(superIdentities, identity) {
+			matched = false
+			break
+		}
+	}
+
+	// otherwise, return true
+	return matched
+}
+
+// ContainsElement Function
+func ContainsElement(slice interface{}, element interface{}) bool {
+	switch reflect.TypeOf(slice).Kind() {
+	case reflect.Slice:
+		s := reflect.ValueOf(slice)
+
+		for i := 0; i < s.Len(); i++ {
+			val := s.Index(i).Interface()
+			if reflect.DeepEqual(val, element) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func GetURL(address string) (string, error) {
+	var host string
+	addr, err := url.Parse(address)
+	if err != nil || addr.Host == "" {
+		u, repErr := url.ParseRequestURI("http://" + address)
+		if repErr != nil {
+			return "", fmt.Errorf("Error while parsing URL: %s", err)
+		}
+
+		host = u.Host
+		if u.Port() == "" {
+			return fmt.Sprintf("%s:80", host), nil
+		}
+	} else {
+		host = addr.Host
+		if addr.Port() == "" {
+			return fmt.Sprintf("%s:80", host), nil
+		}
+	}
+
+	return host, nil
+}

config/config.go

@@ -2,40 +2,71 @@ package config
 
 import (
 	"flag"
+	"net/url"
 	"os"
 
 	kg "github.com/kubearmor/KubeArmor/KubeArmor/log"
 	"github.com/spf13/viper"
 )
 
 type BluelockConfig struct {
-	LogPath           string // Log file to use
+	ContainerName string // Container name needed for unorchestrated containers
 
-	DefaultFilePosture         string // Default Enforcement Action in Global File Context
-	DefaultNetworkPosture      string // Default Enforcement Action in Global Network Context
+	DefaultFilePosture    string // Default Enforcement Action in Global File Context
+	DefaultNetworkPosture string // Default Enforcement Action in Global Network Context
+
+	K8sEnv bool
+
+	LogPath string // Log file to use
+
+	RelayServerURL string // RelayServerURL to which logs will be pushed
 }
 
 var GlobalCfg BluelockConfig
 
+// ConfigContainerName key
+const ConfigContainerName string = "containerName"
+
 // ConfigDefaultFilePosture KubeArmor Default Global File Posture key
 const ConfigDefaultFilePosture string = "defaultFilePosture"
 
 // ConfigDefaultNetworkPosture KubeArmor Default Global Network Posture key
 const ConfigDefaultNetworkPosture string = "defaultNetworkPosture"
 
+// ConfigK8sEnv VM key
+const ConfigK8sEnv string = "k8s"
+
 // ConfigLogPath Log Path key
 const ConfigLogPath string = "logPath"
 
+// ConfigRelayServerURL Path key
+const ConfigRelayServerURL string = "relayServerURL"
+
 func readCmdLineParameters() {
-	logStr := flag.String(ConfigLogPath, "none", "log file path, {path|stdout|none}")
+	containerName := flag.String(ConfigContainerName, "", "container/service name to match policies. only needed in case of unorchestrated containers")
 
 	defaultFilePosture := flag.String(ConfigDefaultFilePosture, "block", "configuring default enforcement action in global file context {allow|audit|block}")
 	defaultNetworkPosture := flag.String(ConfigDefaultNetworkPosture, "block", "configuring default enforcement action in global network context {allow|audit|block}")
 
-	viper.SetDefault(ConfigLogPath, *logStr)
+	k8sEnvB := flag.Bool(ConfigK8sEnv, true, "is running with Kubernetes env?")
+
+	logStr := flag.String(ConfigLogPath, "none", "log file path, {path|stdout|none}")
+
+	relayServerURLStr := flag.String(ConfigRelayServerURL, "http://localhost:2801/", "relay-server http URL listening for logs")
+
+	flag.Parse()
+
+	viper.SetDefault(ConfigContainerName, *containerName)
 
 	viper.SetDefault(ConfigDefaultFilePosture, *defaultFilePosture)
 	viper.SetDefault(ConfigDefaultNetworkPosture, *defaultNetworkPosture)
+
+	viper.SetDefault(ConfigK8sEnv, *k8sEnvB)
+
+	viper.SetDefault(ConfigLogPath, *logStr)
+
+	viper.SetDefault(ConfigRelayServerURL, *relayServerURLStr)
+
 }
 
 func LoadConfig() error {
@@ -56,10 +87,19 @@ func LoadConfig() error {
 		}
 	}
 
-	GlobalCfg.LogPath = viper.GetString(ConfigLogPath)
+	relayURL, err := url.Parse(viper.GetString(ConfigRelayServerURL))
+	if err != nil {
+		return err
+	}
 
-	GlobalCfg.DefaultFilePosture = viper.GetString(ConfigDefaultFilePosture)
-	GlobalCfg.DefaultNetworkPosture = viper.GetString(ConfigDefaultNetworkPosture)
+	GlobalCfg = BluelockConfig{
+		ContainerName:         viper.GetString(ConfigContainerName),
+		DefaultFilePosture:    viper.GetString(ConfigDefaultFilePosture),
+		DefaultNetworkPosture: viper.GetString(ConfigDefaultNetworkPosture),
+		K8sEnv:                viper.GetBool(ConfigK8sEnv),
+		LogPath:               viper.GetString(ConfigLogPath),
+		RelayServerURL:        relayURL.String(),
+	}
 
 	kg.Printf("Final Configuration [%+v]", GlobalCfg)