list_k8s_resource_misconfigs

Identify and analyze Kubernetes resource manifest misconfigurations to enhance security posture and compliance.

Instructions

Get manifest misconfigurations for a Kubernetes resource

Input Schema

TableJSON Schema

Name	Required	Description	Default
`resource_uid`	Yes	Kubernetes resource UID to get misconfigurations for

Implementation Reference

src/operations/misconfigs.ts:17-45 (handler)

Main handler function that fetches and deduplicates Kubernetes resource misconfigurations for a given resource UID using the RAD Security API.

export async function listKubernetesResourceMisconfigurations(
  client: RadSecurityClient,
  resourceUid: string
): Promise<any> {
  const misconfigs = await client.makeRequest(
    `/accounts/${client.getAccountId()}/misconfig`,
    { kubeobject_uids: resourceUid, page_size: 50 }
  );

  // deduplicate the list based on field "guard_policy.human_id"
  const seenIds = new Set<string>();
  const toReturn = [];

  for (const misconfig of misconfigs.entries) {
    const humanId = misconfig.guard_policy.human_id;
    if (!seenIds.has(humanId)) {
      seenIds.add(humanId);
      toReturn.push({
        id: misconfig.id,
        cluster_id: misconfig.cluster_id,
        title: misconfig.guard_policy.title,
        human_id: misconfig.guard_policy.human_id,
      });
    }
  }

  misconfigs.entries = toReturn;
  return misconfigs;
}

src/operations/misconfigs.ts:4-6 (schema)

Zod input schema defining the required 'resource_uid' parameter.

export const ListKubernetesResourceMisconfigurationsSchema = z.object({
  resource_uid: z.string().describe("Kubernetes resource UID to get misconfigurations for"),
});

src/index.ts:333-339 (registration)

Tool registration in the list of available tools, including name, description, and input schema.

  name: "list_k8s_resource_misconfigs",
  description:
    "Get manifest misconfigurations for a Kubernetes resource",
  inputSchema: zodToJsonSchema(
    misconfigs.ListKubernetesResourceMisconfigurationsSchema
  ),
},

src/index.ts:1092-1106 (registration)

Dispatch handler in the switch statement for call_tool requests, parsing args and invoking the misconfigs handler.

case "list_k8s_resource_misconfigs": {
  const args =
    misconfigs.ListKubernetesResourceMisconfigurationsSchema.parse(
      request.params.arguments
    );
  const response =
    await misconfigs.listKubernetesResourceMisconfigurations(
      client,
      args.resource_uid
    );
  return {
    content: [
      { type: "text", text: JSON.stringify(response, null, 2) },
    ],
  };

RAD Security