use seed id and pass to agent

compliance-framework · Dec 17, 2024 · e6b7d6b · e6b7d6b
1 parent d5b86a9
commit e6b7d6b
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 3 deletions.
diff --git a/cmd/agent.go b/cmd/agent.go
@@ -2,18 +2,20 @@ package cmd
 
 import (
 	"fmt"
-	"github.com/chris-cmsoft/concom/internal/event"
-	"go.mongodb.org/mongo-driver/bson/primitive"
 	"log"
 	"os"
 	"os/exec"
 	"os/signal"
 	"path"
 	"runtime"
+	"strings"
 	"sync"
 	"syscall"
 	"time"
 
+	"github.com/chris-cmsoft/concom/internal/event"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+
 	"github.com/chris-cmsoft/concom/internal"
 	"github.com/chris-cmsoft/concom/runner"
 	"github.com/chris-cmsoft/concom/runner/proto"
@@ -23,6 +25,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"github.com/google/uuid"
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-plugin"
 	"github.com/open-policy-agent/opa/rego"
@@ -345,6 +348,33 @@ func (ar *AgentRunner) runInstance() error {
 
 		logger.Debug("Running plugin", "source", source)
 
+		uuidSeedData := map[string]string{
+			// Repeatably identify this plugin / policy combination.
+			// Rerunning this plugin / policy on the same agent with the same config should generate the same UUID.
+			"plugin-name":    pluginName,
+			"plugin-version": "1.0.0",
+			"policy-version": "v1.2.3",
+
+			// Uniquely identify this agent.
+			// If a set of machines is running the same agent config, each should have a unique UUID.
+			"agent-version": "v1.0.0",
+			"hostname":      os.Getenv("HOSTNAME"),
+		}
+
+		seed := ""
+		for k, v := range uuidSeedData {
+			seed = fmt.Sprintf("%s-%s-%s", seed, k, v)
+		}
+
+		generatedUuid, err := uuid.NewRandomFromReader(strings.NewReader(seed))
+		if err != nil {
+			fmt.Printf("Failed to create UUID from dataset: %v", err)
+		}
+
+		fmt.Println("Generated UUID:", generatedUuid.String())
+
+		pluginConfig.Config["uuid"] = generatedUuid.String()
+
 		if _, err := os.ReadFile(source); err != nil {
 			return err
 		}

diff --git a/cmd/agent_test.go b/cmd/agent_test.go
@@ -3,8 +3,11 @@ package cmd
 import (
 	"bytes"
 	"fmt"
-	"github.com/spf13/viper"
+	"strings"
 	"testing"
+
+	"github.com/google/uuid"
+	"github.com/spf13/viper"
 )
 
 func TestAgentCmd_ConfigurationValidation(t *testing.T) {
@@ -117,3 +120,36 @@ func TestAgentCmd_ConfigurationMerging(t *testing.T) {
 		}
 	})
 }
+
+func TestUUIDUniqueness(t *testing.T) {
+	// This seed data will be defined by the plugin author.
+	// Each agent instance should generate a reproducible UUID for a plugin/policy combo, but unique onto itself.
+	uuidSeedData := map[string]string{
+		// Repeatably identify this plugin / policy combination.
+		// Rerunning this plugin / policy on the same agent with the same config should generate the same UUID.
+		"plugin-name":    "local-ssh",
+		"plugin-version": "v1.3.0",
+		"policy-version": "v1.2.3",
+
+		// Uniquely identify this agent.
+		// If a set of machines is running the same agent config, each should have a unique UUID.
+		"agent-version": "v1.0.0",
+		"hostname":      "k8s-worker-3",
+	}
+
+	// Build a seed string based on the uniqueness parameters
+	seed := ""
+	for k, v := range uuidSeedData {
+		seed = fmt.Sprintf("%s-%s-%s", seed, k, v)
+	}
+
+	// Generate the UUID.
+	// It will be consistent for this plugin / policy / agent.
+	// It will be unique for each agent instance, so different hosts generate different IDs.
+	generatedUuid, err := uuid.NewRandomFromReader(strings.NewReader(seed))
+	if err != nil {
+		t.Errorf("Failed to create UUID from dataset: %v", err)
+	}
+
+	fmt.Println(generatedUuid.String())
+}