From 628084f9d31062eccfe68fa5004d4d3ac8a339c4 Mon Sep 17 00:00:00 2001 From: Keshav Date: Fri, 26 Jan 2024 17:14:04 +0100 Subject: [PATCH 01/32] side car test --- cmd/detectExecuteScan_generated.go | 5 ++++ pkg/config/stepmeta.go | 11 +++++++- resources/metadata/detectExecuteScan.yaml | 34 +++++++++++++++++++++++ 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index 128b5ca9d1..bcffd8d60a 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -778,6 +778,11 @@ func detectExecuteScanMetadata() config.StepData { Containers: []config.Container{ {Name: "openjdk", Image: "openjdk:11", WorkingDir: "/root", Options: []config.Option{{Name: "-u", Value: "0"}}}, }, + Sidecars: []config.Container{ + {Name: "inspector-ubuntu", Image: "blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "ubuntu"}}}}}, + {Name: "inspector-alpine", Image: "blackducksoftware/blackduck-imageinspector-alpine:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "alpine"}}}}}, + {Name: "inspector-centos", Image: "blackducksoftware/blackduck-imageinspector-centos:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "centos"}}}}}, + }, Outputs: config.StepOutputs{ Resources: []config.StepResources{ { diff --git a/pkg/config/stepmeta.go b/pkg/config/stepmeta.go index 659451c338..bd15457a44 100644 --- a/pkg/config/stepmeta.go +++ b/pkg/config/stepmeta.go @@ -235,8 +235,17 @@ func (m *StepData) GetContextParameterFilters() StepFilters { contextFilters = append(contextFilters, parameterKeys...) } if len(m.Spec.Sidecars) > 0 { + parameterKeys := []string{"containerName", "containerPortMappings", "dockerName", "sidecarEnvVars", "sidecarImage", "sidecarName", "sidecarOptions", "sidecarPullImage", "sidecarReadyCommand", "sidecarVolumeBind", "sidecarWorkspace"} + for _, sidecar := range m.Spec.Sidecars { + for _, condition := range sidecar.Conditions { + for _, dependentParam := range condition.Params { + parameterKeys = append(parameterKeys, dependentParam.Value) + parameterKeys = append(parameterKeys, dependentParam.Name) + } + } + } //ToDo: support fallback for "dockerName" configuration property -> via aliasing? - contextFilters = append(contextFilters, []string{"containerName", "containerPortMappings", "dockerName", "sidecarEnvVars", "sidecarImage", "sidecarName", "sidecarOptions", "sidecarPullImage", "sidecarReadyCommand", "sidecarVolumeBind", "sidecarWorkspace"}...) + contextFilters = append(contextFilters, parameterKeys...) //ToDo: add condition param.Value and param.Name to filter as for Containers } diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index d03dd4b8a7..d8255da41f 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -562,3 +562,37 @@ spec: options: - name: -u value: "0" + sidecars: + - name: inspector-ubuntu + image: blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0 + command: [''] + volumeMounts: + - mountPath: /opt/blackduck/blackduck-imageinspector/shared + name: imageinspector-shared + conditions: + - conditionRef: strings-equal + params: + - name: containerDistro + value: ubuntu + - name: inspector-alpine + image: blackducksoftware/blackduck-imageinspector-alpine:5.1.0 + command: [''] + volumeMounts: + - mountPath: /opt/blackduck/blackduck-imageinspector/shared + name: imageinspector-shared + conditions: + - conditionRef: strings-equal + params: + - name: containerDistro + value: alpine + - name: inspector-centos + image: blackducksoftware/blackduck-imageinspector-centos:5.1.0 + command: [''] + volumeMounts: + - mountPath: /opt/blackduck/blackduck-imageinspector/shared + name: imageinspector-shared + conditions: + - conditionRef: strings-equal + params: + - name: containerDistro + value: centos From 765ddf2ef23fba55c5797ad13029d4f969b4fefe Mon Sep 17 00:00:00 2001 From: Keshav Date: Fri, 26 Jan 2024 17:16:27 +0100 Subject: [PATCH 02/32] including distros for test only will be removed later on --- cmd/detectExecuteScan_generated.go | 11 +++++++++++ resources/metadata/detectExecuteScan.yaml | 12 ++++++++++++ 2 files changed, 23 insertions(+) diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index bcffd8d60a..10dcfa263a 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -64,6 +64,7 @@ type detectExecuteScanOptions struct { NpmArguments []string `json:"npmArguments,omitempty"` PrivateModules string `json:"privateModules,omitempty"` PrivateModulesGitToken string `json:"privateModulesGitToken,omitempty"` + ContainerDistro string `json:"containerDistro,omitempty" validate:"possible-values=ubuntu centos alpine"` } type detectExecuteScanInflux struct { @@ -310,6 +311,7 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan cmd.Flags().StringSliceVar(&stepConfig.NpmArguments, "npmArguments", []string{}, "List of additional arguments that Detect will add at then end of the npm ls command line when Detect executes the NPM CLI Detector on an NPM project.") cmd.Flags().StringVar(&stepConfig.PrivateModules, "privateModules", os.Getenv("PIPER_privateModules"), "Tells go which modules shall be considered to be private (by setting [GOPRIVATE](https://pkg.go.dev/cmd/go#hdr-Configuration_for_downloading_non_public_code)).") cmd.Flags().StringVar(&stepConfig.PrivateModulesGitToken, "privateModulesGitToken", os.Getenv("PIPER_privateModulesGitToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line.") + cmd.Flags().StringVar(&stepConfig.ContainerDistro, "containerDistro", `ubuntu`, "Distro of the container that is scanned") cmd.MarkFlagRequired("token") cmd.MarkFlagRequired("projectName") @@ -773,6 +775,15 @@ func detectExecuteScanMetadata() config.StepData { Aliases: []config.Alias{}, Default: os.Getenv("PIPER_privateModulesGitToken"), }, + { + Name: "containerDistro", + ResourceRef: []config.ResourceReference{}, + Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, + Type: "string", + Mandatory: false, + Aliases: []config.Alias{}, + Default: `ubuntu`, + }, }, }, Containers: []config.Container{ diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index d8255da41f..17fe62dd99 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -511,6 +511,18 @@ spec: - type: vaultSecret name: golangPrivateModulesGitTokenVaultSecret default: golang + - name: containerDistro + description: Distro of the container that is scanned + type: "string" + scope: + - PARAMETERS + - STAGES + - STEPS + default: "ubuntu" + possibleValues: + - ubuntu + - centos + - alpine outputs: resources: - name: influx From cbbbd872b4c91958c2dca695c23b39ac133c9a1e Mon Sep 17 00:00:00 2001 From: Keshav Date: Fri, 26 Jan 2024 17:51:37 +0100 Subject: [PATCH 03/32] remove default value --- resources/metadata/detectExecuteScan.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index 17fe62dd99..aab7647752 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -518,7 +518,6 @@ spec: - PARAMETERS - STAGES - STEPS - default: "ubuntu" possibleValues: - ubuntu - centos From 8858abe101a63fac8c527732b0f0158fc670fdf5 Mon Sep 17 00:00:00 2001 From: Keshav Date: Fri, 26 Jan 2024 17:54:24 +0100 Subject: [PATCH 04/32] removing default --- cmd/detectExecuteScan_generated.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index 10dcfa263a..08d7496999 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -311,7 +311,7 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan cmd.Flags().StringSliceVar(&stepConfig.NpmArguments, "npmArguments", []string{}, "List of additional arguments that Detect will add at then end of the npm ls command line when Detect executes the NPM CLI Detector on an NPM project.") cmd.Flags().StringVar(&stepConfig.PrivateModules, "privateModules", os.Getenv("PIPER_privateModules"), "Tells go which modules shall be considered to be private (by setting [GOPRIVATE](https://pkg.go.dev/cmd/go#hdr-Configuration_for_downloading_non_public_code)).") cmd.Flags().StringVar(&stepConfig.PrivateModulesGitToken, "privateModulesGitToken", os.Getenv("PIPER_privateModulesGitToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line.") - cmd.Flags().StringVar(&stepConfig.ContainerDistro, "containerDistro", `ubuntu`, "Distro of the container that is scanned") + cmd.Flags().StringVar(&stepConfig.ContainerDistro, "containerDistro", os.Getenv("PIPER_containerDistro"), "Distro of the container that is scanned") cmd.MarkFlagRequired("token") cmd.MarkFlagRequired("projectName") @@ -782,7 +782,7 @@ func detectExecuteScanMetadata() config.StepData { Type: "string", Mandatory: false, Aliases: []config.Alias{}, - Default: `ubuntu`, + Default: os.Getenv("PIPER_containerDistro"), }, }, }, From 29d6df3ec34849819aac1cd641389860cd209932 Mon Sep 17 00:00:00 2001 From: Keshav Date: Fri, 26 Jan 2024 18:07:28 +0100 Subject: [PATCH 05/32] making the value string --- resources/metadata/detectExecuteScan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index aab7647752..57c17eacfd 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -595,7 +595,7 @@ spec: - conditionRef: strings-equal params: - name: containerDistro - value: alpine + value: 'alpine' - name: inspector-centos image: blackducksoftware/blackduck-imageinspector-centos:5.1.0 command: [''] From 004dec4cc5317f21ea7270b582ed2b19cb135001 Mon Sep 17 00:00:00 2001 From: Keshav Date: Fri, 26 Jan 2024 18:19:01 +0100 Subject: [PATCH 06/32] side car default change --- pkg/config/stepmeta.go | 41 ++++++++++++++++++++++++++++++++++------- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/pkg/config/stepmeta.go b/pkg/config/stepmeta.go index bd15457a44..9700b56c67 100644 --- a/pkg/config/stepmeta.go +++ b/pkg/config/stepmeta.go @@ -311,14 +311,41 @@ func (m *StepData) GetContextDefaults(stepName string) (io.ReadCloser, error) { } if len(m.Spec.Sidecars) > 0 { - if len(m.Spec.Sidecars[0].Command) > 0 { - root["sidecarCommand"] = m.Spec.Sidecars[0].Command[0] - } - m.Spec.Sidecars[0].commonConfiguration("sidecar", &root) - putStringIfNotEmpty(root, "sidecarReadyCommand", m.Spec.Sidecars[0].ReadyCommand) + for _, container := range m.Spec.Sidecars { + key := "" + conditionParam := "" + if len(container.Conditions) > 0 { + key = container.Conditions[0].Params[0].Value + conditionParam = container.Conditions[0].Params[0].Name + } + p := map[string]interface{}{} + if key != "" { + root[key] = p + //add default for condition parameter if available + for _, inputParam := range m.Spec.Inputs.Parameters { + if inputParam.Name == conditionParam { + root[conditionParam] = inputParam.Default + } + } + } else { + p = root + } + if len(container.Command) > 0 { + p["containerCommand"] = container.Command[0] + } - // not filled for now since this is not relevant in Kubernetes case - //putStringIfNotEmpty(root, "containerPortMappings", m.Spec.Sidecars[0].) + putStringIfNotEmpty(p, "containerName", container.Name) + putStringIfNotEmpty(p, "containerShell", container.Shell) + container.commonConfiguration("docker", &p) + } + // if len(m.Spec.Sidecars[0].Command) > 0 { + // root["sidecarCommand"] = m.Spec.Sidecars[0].Command[0] + // } + // m.Spec.Sidecars[0].commonConfiguration("sidecar", &root) + // putStringIfNotEmpty(root, "sidecarReadyCommand", m.Spec.Sidecars[0].ReadyCommand) + + // // not filled for now since this is not relevant in Kubernetes case + // //putStringIfNotEmpty(root, "containerPortMappings", m.Spec.Sidecars[0].) } if len(m.Spec.Inputs.Resources) > 0 { From 07930702b81198014ce4b6e0f6e23c30053df828 Mon Sep 17 00:00:00 2001 From: Keshav Date: Fri, 26 Jan 2024 18:29:18 +0100 Subject: [PATCH 07/32] changing string value --- resources/metadata/detectExecuteScan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index 57c17eacfd..aab7647752 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -595,7 +595,7 @@ spec: - conditionRef: strings-equal params: - name: containerDistro - value: 'alpine' + value: alpine - name: inspector-centos image: blackducksoftware/blackduck-imageinspector-centos:5.1.0 command: [''] From 0764abf1b18e464ee45aea3f2fb4247ebe492d27 Mon Sep 17 00:00:00 2001 From: Keshav Date: Sun, 28 Jan 2024 20:31:32 +0100 Subject: [PATCH 08/32] removing default side car values --- pkg/config/stepmeta.go | 41 +++++++---------------------------------- 1 file changed, 7 insertions(+), 34 deletions(-) diff --git a/pkg/config/stepmeta.go b/pkg/config/stepmeta.go index 9700b56c67..bd15457a44 100644 --- a/pkg/config/stepmeta.go +++ b/pkg/config/stepmeta.go @@ -311,41 +311,14 @@ func (m *StepData) GetContextDefaults(stepName string) (io.ReadCloser, error) { } if len(m.Spec.Sidecars) > 0 { - for _, container := range m.Spec.Sidecars { - key := "" - conditionParam := "" - if len(container.Conditions) > 0 { - key = container.Conditions[0].Params[0].Value - conditionParam = container.Conditions[0].Params[0].Name - } - p := map[string]interface{}{} - if key != "" { - root[key] = p - //add default for condition parameter if available - for _, inputParam := range m.Spec.Inputs.Parameters { - if inputParam.Name == conditionParam { - root[conditionParam] = inputParam.Default - } - } - } else { - p = root - } - if len(container.Command) > 0 { - p["containerCommand"] = container.Command[0] - } - - putStringIfNotEmpty(p, "containerName", container.Name) - putStringIfNotEmpty(p, "containerShell", container.Shell) - container.commonConfiguration("docker", &p) + if len(m.Spec.Sidecars[0].Command) > 0 { + root["sidecarCommand"] = m.Spec.Sidecars[0].Command[0] } - // if len(m.Spec.Sidecars[0].Command) > 0 { - // root["sidecarCommand"] = m.Spec.Sidecars[0].Command[0] - // } - // m.Spec.Sidecars[0].commonConfiguration("sidecar", &root) - // putStringIfNotEmpty(root, "sidecarReadyCommand", m.Spec.Sidecars[0].ReadyCommand) - - // // not filled for now since this is not relevant in Kubernetes case - // //putStringIfNotEmpty(root, "containerPortMappings", m.Spec.Sidecars[0].) + m.Spec.Sidecars[0].commonConfiguration("sidecar", &root) + putStringIfNotEmpty(root, "sidecarReadyCommand", m.Spec.Sidecars[0].ReadyCommand) + + // not filled for now since this is not relevant in Kubernetes case + //putStringIfNotEmpty(root, "containerPortMappings", m.Spec.Sidecars[0].) } if len(m.Spec.Inputs.Resources) > 0 { From b193af4dcc33df126c9a229469809ed2b1b1c731 Mon Sep 17 00:00:00 2001 From: Keshav Date: Sun, 28 Jan 2024 21:09:17 +0100 Subject: [PATCH 09/32] removing name from conditions --- resources/metadata/detectExecuteScan.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index aab7647752..08e5dd41bd 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -574,8 +574,8 @@ spec: - name: -u value: "0" sidecars: - - name: inspector-ubuntu - image: blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0 + - image: blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0 + # name: inspector-ubuntu command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared @@ -585,8 +585,8 @@ spec: params: - name: containerDistro value: ubuntu - - name: inspector-alpine - image: blackducksoftware/blackduck-imageinspector-alpine:5.1.0 + - image: blackducksoftware/blackduck-imageinspector-alpine:5.1.0 + # name: inspector-alpine command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared @@ -596,8 +596,8 @@ spec: params: - name: containerDistro value: alpine - - name: inspector-centos - image: blackducksoftware/blackduck-imageinspector-centos:5.1.0 + - image: blackducksoftware/blackduck-imageinspector-centos:5.1.0 + # name: inspector-centos command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared From cb08236f4df4f448b9702316d525ab1040300ca8 Mon Sep 17 00:00:00 2001 From: Keshav Date: Sun, 28 Jan 2024 21:10:17 +0100 Subject: [PATCH 10/32] go generate --- cmd/detectExecuteScan_generated.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index 08d7496999..f0904dae31 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -790,9 +790,9 @@ func detectExecuteScanMetadata() config.StepData { {Name: "openjdk", Image: "openjdk:11", WorkingDir: "/root", Options: []config.Option{{Name: "-u", Value: "0"}}}, }, Sidecars: []config.Container{ - {Name: "inspector-ubuntu", Image: "blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "ubuntu"}}}}}, - {Name: "inspector-alpine", Image: "blackducksoftware/blackduck-imageinspector-alpine:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "alpine"}}}}}, - {Name: "inspector-centos", Image: "blackducksoftware/blackduck-imageinspector-centos:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "centos"}}}}}, + {Image: "blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "ubuntu"}}}}}, + {Image: "blackducksoftware/blackduck-imageinspector-alpine:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "alpine"}}}}}, + {Image: "blackducksoftware/blackduck-imageinspector-centos:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "centos"}}}}}, }, Outputs: config.StepOutputs{ Resources: []config.StepResources{ From 464277e11409400c8c526687f544321e33c5e353 Mon Sep 17 00:00:00 2001 From: Keshav Date: Sun, 28 Jan 2024 21:24:37 +0100 Subject: [PATCH 11/32] testig with general param --- cmd/detectExecuteScan_generated.go | 2 +- resources/metadata/detectExecuteScan.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index f0904dae31..f52d3999da 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -791,7 +791,7 @@ func detectExecuteScanMetadata() config.StepData { }, Sidecars: []config.Container{ {Image: "blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "ubuntu"}}}}}, - {Image: "blackducksoftware/blackduck-imageinspector-alpine:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "alpine"}}}}}, + {Image: "blackducksoftware/blackduck-imageinspector-alpine:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "pip"}}}}}, {Image: "blackducksoftware/blackduck-imageinspector-centos:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "centos"}}}}}, }, Outputs: config.StepOutputs{ diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index 08e5dd41bd..5b9d797b02 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -594,8 +594,8 @@ spec: conditions: - conditionRef: strings-equal params: - - name: containerDistro - value: alpine + - name: buildTool + value: pip - image: blackducksoftware/blackduck-imageinspector-centos:5.1.0 # name: inspector-centos command: [''] From 972f96d7025e1412fdbaebe4506b5e659222808d Mon Sep 17 00:00:00 2001 From: Keshav Date: Mon, 29 Jan 2024 08:10:46 +0100 Subject: [PATCH 12/32] changing variable name --- pkg/config/stepmeta.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/config/stepmeta.go b/pkg/config/stepmeta.go index bd15457a44..8338326200 100644 --- a/pkg/config/stepmeta.go +++ b/pkg/config/stepmeta.go @@ -235,17 +235,17 @@ func (m *StepData) GetContextParameterFilters() StepFilters { contextFilters = append(contextFilters, parameterKeys...) } if len(m.Spec.Sidecars) > 0 { - parameterKeys := []string{"containerName", "containerPortMappings", "dockerName", "sidecarEnvVars", "sidecarImage", "sidecarName", "sidecarOptions", "sidecarPullImage", "sidecarReadyCommand", "sidecarVolumeBind", "sidecarWorkspace"} + parameterKeysForSideCar := []string{"containerName", "containerPortMappings", "dockerName", "sidecarEnvVars", "sidecarImage", "sidecarName", "sidecarOptions", "sidecarPullImage", "sidecarReadyCommand", "sidecarVolumeBind", "sidecarWorkspace"} for _, sidecar := range m.Spec.Sidecars { for _, condition := range sidecar.Conditions { for _, dependentParam := range condition.Params { - parameterKeys = append(parameterKeys, dependentParam.Value) - parameterKeys = append(parameterKeys, dependentParam.Name) + parameterKeysForSideCar = append(parameterKeysForSideCar, dependentParam.Value) + parameterKeysForSideCar = append(parameterKeysForSideCar, dependentParam.Name) } } } //ToDo: support fallback for "dockerName" configuration property -> via aliasing? - contextFilters = append(contextFilters, parameterKeys...) + contextFilters = append(contextFilters, parameterKeysForSideCar...) //ToDo: add condition param.Value and param.Name to filter as for Containers } From 1fd62eac8ab702f79dbc122aa5f9bbd21630b19d Mon Sep 17 00:00:00 2001 From: Keshav Date: Mon, 29 Jan 2024 10:53:02 +0100 Subject: [PATCH 13/32] correcting the condition for distros --- cmd/detectExecuteScan_generated.go | 2 +- resources/metadata/detectExecuteScan.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index f52d3999da..f0904dae31 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -791,7 +791,7 @@ func detectExecuteScanMetadata() config.StepData { }, Sidecars: []config.Container{ {Image: "blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "ubuntu"}}}}}, - {Image: "blackducksoftware/blackduck-imageinspector-alpine:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "pip"}}}}}, + {Image: "blackducksoftware/blackduck-imageinspector-alpine:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "alpine"}}}}}, {Image: "blackducksoftware/blackduck-imageinspector-centos:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "centos"}}}}}, }, Outputs: config.StepOutputs{ diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index 5b9d797b02..08e5dd41bd 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -594,8 +594,8 @@ spec: conditions: - conditionRef: strings-equal params: - - name: buildTool - value: pip + - name: containerDistro + value: alpine - image: blackducksoftware/blackduck-imageinspector-centos:5.1.0 # name: inspector-centos command: [''] From 7bb75622f095bea45943782698388b43bf144c67 Mon Sep 17 00:00:00 2001 From: Keshav Date: Mon, 29 Jan 2024 10:57:30 +0100 Subject: [PATCH 14/32] changing first image --- cmd/detectExecuteScan_generated.go | 2 +- resources/metadata/detectExecuteScan.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index f0904dae31..a6cc652d34 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -790,7 +790,7 @@ func detectExecuteScanMetadata() config.StepData { {Name: "openjdk", Image: "openjdk:11", WorkingDir: "/root", Options: []config.Option{{Name: "-u", Value: "0"}}}, }, Sidecars: []config.Container{ - {Image: "blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "ubuntu"}}}}}, + {Image: "blackducksoftware/blackduck-imageinspector-alipne:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "ubuntu"}}}}}, {Image: "blackducksoftware/blackduck-imageinspector-alpine:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "alpine"}}}}}, {Image: "blackducksoftware/blackduck-imageinspector-centos:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "centos"}}}}}, }, diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index 08e5dd41bd..ce75e80615 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -574,7 +574,7 @@ spec: - name: -u value: "0" sidecars: - - image: blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0 + - image: blackducksoftware/blackduck-imageinspector-alipne:5.1.0 # name: inspector-ubuntu command: [''] volumeMounts: From 244404acb5fcb4324917087e6687a96a9769f6b2 Mon Sep 17 00:00:00 2001 From: Keshav Date: Mon, 29 Jan 2024 12:07:09 +0100 Subject: [PATCH 15/32] reverting the the same conditions --- cmd/detectExecuteScan_generated.go | 2 +- pkg/config/stepmeta.go | 30 ++++++++++++++++++++--- resources/metadata/detectExecuteScan.yaml | 2 +- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index a6cc652d34..f0904dae31 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -790,7 +790,7 @@ func detectExecuteScanMetadata() config.StepData { {Name: "openjdk", Image: "openjdk:11", WorkingDir: "/root", Options: []config.Option{{Name: "-u", Value: "0"}}}, }, Sidecars: []config.Container{ - {Image: "blackducksoftware/blackduck-imageinspector-alipne:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "ubuntu"}}}}}, + {Image: "blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "ubuntu"}}}}}, {Image: "blackducksoftware/blackduck-imageinspector-alpine:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "alpine"}}}}}, {Image: "blackducksoftware/blackduck-imageinspector-centos:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "centos"}}}}}, }, diff --git a/pkg/config/stepmeta.go b/pkg/config/stepmeta.go index 8338326200..36d7bc18a5 100644 --- a/pkg/config/stepmeta.go +++ b/pkg/config/stepmeta.go @@ -311,11 +311,33 @@ func (m *StepData) GetContextDefaults(stepName string) (io.ReadCloser, error) { } if len(m.Spec.Sidecars) > 0 { - if len(m.Spec.Sidecars[0].Command) > 0 { - root["sidecarCommand"] = m.Spec.Sidecars[0].Command[0] + for _, sideCar := range m.Spec.Sidecars { + key := "" + conditionParam := "" + if len(sideCar.Conditions) > 0 { + key = sideCar.Conditions[0].Params[0].Value + conditionParam = sideCar.Conditions[0].Params[0].Name + } + p := map[string]interface{}{} + if key != "" { + root[key] = p + //add default for condition parameter if available + for _, inputParam := range m.Spec.Inputs.Parameters { + if inputParam.Name == conditionParam { + root[conditionParam] = inputParam.Default + } + } + } else { + p = root + } + if len(sideCar.Command) > 0 { + root["sidecarCommand"] = sideCar.Command[0] + } + + putStringIfNotEmpty(root, "sidecarReadyCommand", sideCar.ReadyCommand) + sideCar.commonConfiguration("sidecar", &p) + } - m.Spec.Sidecars[0].commonConfiguration("sidecar", &root) - putStringIfNotEmpty(root, "sidecarReadyCommand", m.Spec.Sidecars[0].ReadyCommand) // not filled for now since this is not relevant in Kubernetes case //putStringIfNotEmpty(root, "containerPortMappings", m.Spec.Sidecars[0].) diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index ce75e80615..08e5dd41bd 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -574,7 +574,7 @@ spec: - name: -u value: "0" sidecars: - - image: blackducksoftware/blackduck-imageinspector-alipne:5.1.0 + - image: blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0 # name: inspector-ubuntu command: [''] volumeMounts: From 4670876b41a0c24fcf31cc4c7475791bfc3e0984 Mon Sep 17 00:00:00 2001 From: Keshav Date: Mon, 29 Jan 2024 13:54:06 +0100 Subject: [PATCH 16/32] adding correct volumne names --- resources/metadata/detectExecuteScan.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index 08e5dd41bd..bdb0994142 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -575,33 +575,33 @@ spec: value: "0" sidecars: - image: blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0 - # name: inspector-ubuntu + name: inspector-ubuntu command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared - name: imageinspector-shared + name: volume conditions: - conditionRef: strings-equal params: - name: containerDistro value: ubuntu - image: blackducksoftware/blackduck-imageinspector-alpine:5.1.0 - # name: inspector-alpine + name: inspector-alpine command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared - name: imageinspector-shared + name: volume conditions: - conditionRef: strings-equal params: - name: containerDistro value: alpine - image: blackducksoftware/blackduck-imageinspector-centos:5.1.0 - # name: inspector-centos + name: inspector-centos command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared - name: imageinspector-shared + name: volume conditions: - conditionRef: strings-equal params: From 7dde167130e91cfd69606887944d6acc10b96881 Mon Sep 17 00:00:00 2001 From: Keshav Date: Mon, 29 Jan 2024 13:57:03 +0100 Subject: [PATCH 17/32] adding correct volumne names --- cmd/detectExecuteScan_generated.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index f0904dae31..08d7496999 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -790,9 +790,9 @@ func detectExecuteScanMetadata() config.StepData { {Name: "openjdk", Image: "openjdk:11", WorkingDir: "/root", Options: []config.Option{{Name: "-u", Value: "0"}}}, }, Sidecars: []config.Container{ - {Image: "blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "ubuntu"}}}}}, - {Image: "blackducksoftware/blackduck-imageinspector-alpine:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "alpine"}}}}}, - {Image: "blackducksoftware/blackduck-imageinspector-centos:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "centos"}}}}}, + {Name: "inspector-ubuntu", Image: "blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "ubuntu"}}}}}, + {Name: "inspector-alpine", Image: "blackducksoftware/blackduck-imageinspector-alpine:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "alpine"}}}}}, + {Name: "inspector-centos", Image: "blackducksoftware/blackduck-imageinspector-centos:5.1.0", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "containerDistro", Value: "centos"}}}}}, }, Outputs: config.StepOutputs{ Resources: []config.StepResources{ From cb4bf21bd84d255a8b3d6ee5fe6c5a80f0fe95ac Mon Sep 17 00:00:00 2001 From: Keshav Date: Tue, 30 Jan 2024 10:20:18 +0100 Subject: [PATCH 18/32] including detect changes as well --- cmd/detectExecuteScan.go | 124 +++++++++++++++++++++- cmd/detectExecuteScan_generated.go | 71 +++++++++++++ resources/metadata/detectExecuteScan.yaml | 47 ++++++++ 3 files changed, 239 insertions(+), 3 deletions(-) diff --git a/cmd/detectExecuteScan.go b/cmd/detectExecuteScan.go index 5655582638..6694972c31 100644 --- a/cmd/detectExecuteScan.go +++ b/cmd/detectExecuteScan.go @@ -20,6 +20,7 @@ import ( "github.com/SAP/jenkins-library/pkg/log" "github.com/SAP/jenkins-library/pkg/maven" "github.com/SAP/jenkins-library/pkg/orchestrator" + "github.com/SAP/jenkins-library/pkg/piperenv" "github.com/SAP/jenkins-library/pkg/piperutils" "github.com/SAP/jenkins-library/pkg/reporting" "github.com/SAP/jenkins-library/pkg/telemetry" @@ -30,6 +31,8 @@ import ( "github.com/pkg/errors" ) +const NO_VERSION_SUFFIX = "" + type detectUtils interface { piperutils.FileUtils @@ -202,7 +205,7 @@ func runDetect(ctx context.Context, config detectExecuteScanOptions, utils detec blackduckSystem := newBlackduckSystem(config) args := []string{"./detect.sh"} - args, err = addDetectArgs(args, config, utils, blackduckSystem) + args, err = addDetectArgs(args, config, utils, blackduckSystem, NO_VERSION_SUFFIX, NO_VERSION_SUFFIX) if err != nil { return err } @@ -214,7 +217,12 @@ func runDetect(ctx context.Context, config detectExecuteScanOptions, utils detec utils.SetDir(".") utils.SetEnv(envs) - err = utils.RunShell("/bin/bash", script) + err = mapDetectError(utils.RunShell("/bin/bash", script), config, utils) + + if config.ScanImages { + err = mapDetectError(runDetectImages(ctx, config, utils, blackduckSystem, influx, blackduckSystem), config, utils) + } + reportingErr := postScanChecksAndReporting(ctx, config, influx, utils, blackduckSystem) if reportingErr != nil { if strings.Contains(reportingErr.Error(), "License Policy Violations found") { @@ -247,6 +255,73 @@ func runDetect(ctx context.Context, config detectExecuteScanOptions, utils detec return err } +func mapDetectError(err error, config detectExecuteScanOptions, utils detectUtils) error { + if err != nil { + // Setting error category based on exit code + mapErrorCategory(utils.GetExitCode()) + if log.GetErrorCategory() == log.ErrorCompliance && !config.FailOnSevereVulnerabilities { + err = nil + log.Entry().Infof("policy violation(s) found - step will only create data but not fail due to setting failOnSevereVulnerabilities: false") + } else { + // Error code mapping with more human readable text + err = errors.Wrapf(err, exitCodeMapping(utils.GetExitCode())) + } + } + return err +} + +func runDetectImages(ctx context.Context, config detectExecuteScanOptions, utils detectUtils, sys *blackduckSystem, influx *detectExecuteScanInflux, blackduckSystem *blackduckSystem) error { + cpePath := filepath.Join(GeneralConfig.EnvRootPath, "commonPipelineEnvironment") + imagesRaw := piperenv.GetResourceParameter(cpePath, "container", "imageNameTags.json") + if imagesRaw == "" { + log.Entry().Debugf("No images found to be scanned") + return nil + } + + images := []string{} + err := json.Unmarshal([]byte(imagesRaw), &images) + if err != nil { + return errors.Wrap(err, "Unable to read cpe") + } + + registryUser := piperenv.GetResourceParameter(cpePath, "container", "repositoryUsername") + registryPassword := piperenv.GetResourceParameter(cpePath, "container", "repositoryPassword") + registryURL := piperenv.GetResourceParameter(cpePath, "container", "registryUrl") + + log.Entry().Infof("Scanning %d images", len(images)) + for _, image := range images { + // Download image to be scanned + log.Entry().Debugf("Scanning image: %q", image) + tarName := fmt.Sprintf("%s.tar", strings.Split(image, ":")[0]) + + options := containerSaveImageOptions{ + ContainerRegistryURL: registryURL, + ContainerImage: image, + ContainerRegistryPassword: registryPassword, + ContainerRegistryUser: registryUser, + FilePath: tarName, + ImageFormat: "legacy", + } + containerSaveImage(options, &telemetry.CustomData{}) + + args := []string{"./detect.sh"} + args, err = addDetectArgsImages(args, config, utils, sys, tarName) + if err != nil { + return err + } + script := strings.Join(args, " ") + + err = utils.RunShell("/bin/bash", script) + err = mapDetectError(err, config, utils) + + if err != nil { + return err + } + } + + return nil +} + // Get proper error category func mapErrorCategory(exitCodeKey int) { switch exitCodeKey { @@ -331,8 +406,13 @@ func getDetectScript(config detectExecuteScanOptions, utils detectUtils) error { return nil } -func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectUtils, sys *blackduckSystem) ([]string, error) { +func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectUtils, sys *blackduckSystem, versionSuffix, locationSuffix string) ([]string, error) { detectVersionName := getVersionName(config) + + if versionSuffix != NO_VERSION_SUFFIX { + detectVersionName = fmt.Sprintf("%s-%s", detectVersionName, versionSuffix) + } + // Split on spaces, the scanPropeties, so that each property is available as a single string // instead of all properties being part of a single string config.ScanProperties = piperutils.SplitAndTrim(config.ScanProperties, " ") @@ -467,6 +547,44 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU return args, nil } +func addDetectArgsImages(args []string, config detectExecuteScanOptions, utils detectUtils, sys *blackduckSystem, imageTar string) ([]string, error) { + // suffix := strings.Split(imageTar, ".")[0] + // In order to preserve source scan result + config.Unmap = false + args, err := addDetectArgs(args, config, utils, sys, NO_VERSION_SUFFIX, fmt.Sprintf("image-%s", strings.Split(imageTar, ".")[0])) + if err != nil { + return []string{}, err + } + + args = append(args, fmt.Sprintf("--detect.docker.tar=./%s", imageTar)) + args = append(args, "--detect.target.type=IMAGE") + // https://community.synopsys.com/s/article/Docker-image-scanning-CLI-examples-and-some-Q-As + args = append(args, "--detect.tools.excluded=DETECTOR") + args = append(args, "--detect.docker.passthrough.shared.dir.path.local=/opt/blackduck/blackduck-imageinspector/shared") + args = append(args, "--detect.docker.passthrough.shared.dir.path.imageinspector=/opt/blackduck/blackduck-imageinspector/shared") + //args = append(args, "--detect.docker.passthrough.shared.dir.path.local=/home/scanner") + //args = append(args, "--detect.docker.passthrough.shared.dir.path.imageinspector=/home/scanner") + args = append(args, fmt.Sprintf("--detect.docker.passthrough.imageinspector.service.distro.default=%s", config.ContainerDistro)) + args = append(args, "--detect.docker.passthrough.imageinspector.service.start=false") + args = append(args, "--detect.docker.passthrough.output.include.squashedimage=false") + //args = append(args, "--detect.docker.passthrough.cleanup.inspector.container=false") + //args = append(args, "--logging.level.com.synopsys=DEBUG") + //args = append(args, "--detect.diagnostic") + + switch config.ContainerDistro { + case "ubuntu": + args = append(args, "--detect.docker.passthrough.imageinspector.service.url=http://localhost:9002") + case "centos": + args = append(args, "--detect.docker.passthrough.imageinspector.service.url=http://localhost:9001") + case "alpine": + args = append(args, "--detect.docker.passthrough.imageinspector.service.url=http://localhost:9000") + default: + return nil, fmt.Errorf("unknown container distro %q", config.ContainerDistro) + } + + return args, nil +} + func getVersionName(config detectExecuteScanOptions) string { detectVersionName := config.CustomScanVersion if len(detectVersionName) > 0 { diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index 08d7496999..f9f2c0560b 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -64,7 +64,11 @@ type detectExecuteScanOptions struct { NpmArguments []string `json:"npmArguments,omitempty"` PrivateModules string `json:"privateModules,omitempty"` PrivateModulesGitToken string `json:"privateModulesGitToken,omitempty"` + ScanImages bool `json:"scanImages,omitempty"` ContainerDistro string `json:"containerDistro,omitempty" validate:"possible-values=ubuntu centos alpine"` + ContainerRegistryURL string `json:"containerRegistryUrl,omitempty"` + ContainerRegistryPassword string `json:"containerRegistryPassword,omitempty"` + ContainerRegistryUser string `json:"containerRegistryUser,omitempty"` } type detectExecuteScanInflux struct { @@ -199,6 +203,8 @@ Please configure your BlackDuck server Url using the serverUrl parameter and the log.RegisterSecret(stepConfig.Token) log.RegisterSecret(stepConfig.GithubToken) log.RegisterSecret(stepConfig.PrivateModulesGitToken) + log.RegisterSecret(stepConfig.ContainerRegistryPassword) + log.RegisterSecret(stepConfig.ContainerRegistryUser) if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) @@ -311,7 +317,11 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan cmd.Flags().StringSliceVar(&stepConfig.NpmArguments, "npmArguments", []string{}, "List of additional arguments that Detect will add at then end of the npm ls command line when Detect executes the NPM CLI Detector on an NPM project.") cmd.Flags().StringVar(&stepConfig.PrivateModules, "privateModules", os.Getenv("PIPER_privateModules"), "Tells go which modules shall be considered to be private (by setting [GOPRIVATE](https://pkg.go.dev/cmd/go#hdr-Configuration_for_downloading_non_public_code)).") cmd.Flags().StringVar(&stepConfig.PrivateModulesGitToken, "privateModulesGitToken", os.Getenv("PIPER_privateModulesGitToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line.") + cmd.Flags().BoolVar(&stepConfig.ScanImages, "scanImages", false, "If images found in the cpe, they will also be scanned") cmd.Flags().StringVar(&stepConfig.ContainerDistro, "containerDistro", os.Getenv("PIPER_containerDistro"), "Distro of the container that is scanned") + cmd.Flags().StringVar(&stepConfig.ContainerRegistryURL, "containerRegistryUrl", os.Getenv("PIPER_containerRegistryUrl"), "http(s) url of the Container registry where the image should be pushed to - will be used instead of parameter `containerImage`") + cmd.Flags().StringVar(&stepConfig.ContainerRegistryPassword, "containerRegistryPassword", os.Getenv("PIPER_containerRegistryPassword"), "For `buildTool: docker`: Password for container registry access - typically provided by the CI/CD environment.") + cmd.Flags().StringVar(&stepConfig.ContainerRegistryUser, "containerRegistryUser", os.Getenv("PIPER_containerRegistryUser"), "For `buildTool: docker`: Username for container registry access - typically provided by the CI/CD environment.") cmd.MarkFlagRequired("token") cmd.MarkFlagRequired("projectName") @@ -775,6 +785,15 @@ func detectExecuteScanMetadata() config.StepData { Aliases: []config.Alias{}, Default: os.Getenv("PIPER_privateModulesGitToken"), }, + { + Name: "scanImages", + ResourceRef: []config.ResourceReference{}, + Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, + Type: "bool", + Mandatory: false, + Aliases: []config.Alias{}, + Default: false, + }, { Name: "containerDistro", ResourceRef: []config.ResourceReference{}, @@ -784,6 +803,58 @@ func detectExecuteScanMetadata() config.StepData { Aliases: []config.Alias{}, Default: os.Getenv("PIPER_containerDistro"), }, + { + Name: "containerRegistryUrl", + ResourceRef: []config.ResourceReference{ + { + Name: "commonPipelineEnvironment", + Param: "container/registryUrl", + }, + }, + Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, + Type: "string", + Mandatory: false, + Aliases: []config.Alias{{Name: "dockerRegistryUrl"}}, + Default: os.Getenv("PIPER_containerRegistryUrl"), + }, + { + Name: "containerRegistryPassword", + ResourceRef: []config.ResourceReference{ + { + Name: "commonPipelineEnvironment", + Param: "container/repositoryPassword", + }, + + { + Name: "commonPipelineEnvironment", + Param: "custom/repositoryPassword", + }, + }, + Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, + Type: "string", + Mandatory: false, + Aliases: []config.Alias{}, + Default: os.Getenv("PIPER_containerRegistryPassword"), + }, + { + Name: "containerRegistryUser", + ResourceRef: []config.ResourceReference{ + { + Name: "commonPipelineEnvironment", + Param: "container/repositoryUsername", + }, + + { + Name: "commonPipelineEnvironment", + Param: "custom/repositoryUsername", + }, + }, + Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, + Type: "string", + Mandatory: false, + Aliases: []config.Alias{}, + Default: os.Getenv("PIPER_containerRegistryUser"), + }, }, }, Containers: []config.Container{ diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index bdb0994142..2d0043aaae 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -511,6 +511,14 @@ spec: - type: vaultSecret name: golangPrivateModulesGitTokenVaultSecret default: golang + - name: scanImages + description: If images found in the cpe, they will also be scanned + type: "bool" + scope: + - PARAMETERS + - STAGES + - STEPS + default: false - name: containerDistro description: Distro of the container that is scanned type: "string" @@ -522,6 +530,45 @@ spec: - ubuntu - centos - alpine + - name: containerRegistryUrl + aliases: + - name: dockerRegistryUrl + type: string + description: http(s) url of the Container registry where the image should be pushed to - will be used instead of parameter `containerImage` + scope: + - GENERAL + - PARAMETERS + - STAGES + - STEPS + resourceRef: + - name: commonPipelineEnvironment + param: container/registryUrl + - name: containerRegistryPassword + description: "For `buildTool: docker`: Password for container registry access - typically provided by the CI/CD environment." + type: string + scope: + - PARAMETERS + - STAGES + - STEPS + secret: true + resourceRef: + - name: commonPipelineEnvironment + param: container/repositoryPassword + - name: commonPipelineEnvironment + param: custom/repositoryPassword + - name: containerRegistryUser + description: "For `buildTool: docker`: Username for container registry access - typically provided by the CI/CD environment." + type: string + scope: + - PARAMETERS + - STAGES + - STEPS + secret: true + resourceRef: + - name: commonPipelineEnvironment + param: container/repositoryUsername + - name: commonPipelineEnvironment + param: custom/repositoryUsername outputs: resources: - name: influx From ba477c50c94aad620f5c08502c329545b665713c Mon Sep 17 00:00:00 2001 From: Keshav Date: Tue, 30 Jan 2024 10:37:52 +0100 Subject: [PATCH 19/32] including downloading the correct values from the cpe --- cmd/detectExecuteScan.go | 25 ++++++++--------------- cmd/detectExecuteScan_generated.go | 16 +++++++++++++++ resources/metadata/detectExecuteScan.yaml | 10 +++++++++ 3 files changed, 35 insertions(+), 16 deletions(-) diff --git a/cmd/detectExecuteScan.go b/cmd/detectExecuteScan.go index 6694972c31..9538d205de 100644 --- a/cmd/detectExecuteScan.go +++ b/cmd/detectExecuteScan.go @@ -20,7 +20,6 @@ import ( "github.com/SAP/jenkins-library/pkg/log" "github.com/SAP/jenkins-library/pkg/maven" "github.com/SAP/jenkins-library/pkg/orchestrator" - "github.com/SAP/jenkins-library/pkg/piperenv" "github.com/SAP/jenkins-library/pkg/piperutils" "github.com/SAP/jenkins-library/pkg/reporting" "github.com/SAP/jenkins-library/pkg/telemetry" @@ -271,25 +270,19 @@ func mapDetectError(err error, config detectExecuteScanOptions, utils detectUtil } func runDetectImages(ctx context.Context, config detectExecuteScanOptions, utils detectUtils, sys *blackduckSystem, influx *detectExecuteScanInflux, blackduckSystem *blackduckSystem) error { - cpePath := filepath.Join(GeneralConfig.EnvRootPath, "commonPipelineEnvironment") - imagesRaw := piperenv.GetResourceParameter(cpePath, "container", "imageNameTags.json") - if imagesRaw == "" { + // cpePath := filepath.Join(GeneralConfig.EnvRootPath, "commonPipelineEnvironment") + imagesRaw := config.ImageNameTags + if len(imagesRaw) == 0 { log.Entry().Debugf("No images found to be scanned") return nil } - images := []string{} - err := json.Unmarshal([]byte(imagesRaw), &images) - if err != nil { - return errors.Wrap(err, "Unable to read cpe") - } - - registryUser := piperenv.GetResourceParameter(cpePath, "container", "repositoryUsername") - registryPassword := piperenv.GetResourceParameter(cpePath, "container", "repositoryPassword") - registryURL := piperenv.GetResourceParameter(cpePath, "container", "registryUrl") + registryUser := config.ContainerRegistryUser + registryPassword := config.ContainerRegistryPassword + registryURL := config.ContainerRegistryURL - log.Entry().Infof("Scanning %d images", len(images)) - for _, image := range images { + log.Entry().Infof("Scanning %d images", len(imagesRaw)) + for _, image := range imagesRaw { // Download image to be scanned log.Entry().Debugf("Scanning image: %q", image) tarName := fmt.Sprintf("%s.tar", strings.Split(image, ":")[0]) @@ -305,7 +298,7 @@ func runDetectImages(ctx context.Context, config detectExecuteScanOptions, utils containerSaveImage(options, &telemetry.CustomData{}) args := []string{"./detect.sh"} - args, err = addDetectArgsImages(args, config, utils, sys, tarName) + args, err := addDetectArgsImages(args, config, utils, sys, tarName) if err != nil { return err } diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index f9f2c0560b..55e9d94f0c 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -69,6 +69,7 @@ type detectExecuteScanOptions struct { ContainerRegistryURL string `json:"containerRegistryUrl,omitempty"` ContainerRegistryPassword string `json:"containerRegistryPassword,omitempty"` ContainerRegistryUser string `json:"containerRegistryUser,omitempty"` + ImageNameTags []string `json:"imageNameTags,omitempty"` } type detectExecuteScanInflux struct { @@ -322,6 +323,7 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan cmd.Flags().StringVar(&stepConfig.ContainerRegistryURL, "containerRegistryUrl", os.Getenv("PIPER_containerRegistryUrl"), "http(s) url of the Container registry where the image should be pushed to - will be used instead of parameter `containerImage`") cmd.Flags().StringVar(&stepConfig.ContainerRegistryPassword, "containerRegistryPassword", os.Getenv("PIPER_containerRegistryPassword"), "For `buildTool: docker`: Password for container registry access - typically provided by the CI/CD environment.") cmd.Flags().StringVar(&stepConfig.ContainerRegistryUser, "containerRegistryUser", os.Getenv("PIPER_containerRegistryUser"), "For `buildTool: docker`: Username for container registry access - typically provided by the CI/CD environment.") + cmd.Flags().StringSliceVar(&stepConfig.ImageNameTags, "imageNameTags", []string{}, "For `buildTool: docker`: image name and tags of the image to be scanned.") cmd.MarkFlagRequired("token") cmd.MarkFlagRequired("projectName") @@ -855,6 +857,20 @@ func detectExecuteScanMetadata() config.StepData { Aliases: []config.Alias{}, Default: os.Getenv("PIPER_containerRegistryUser"), }, + { + Name: "imageNameTags", + ResourceRef: []config.ResourceReference{ + { + Name: "commonPipelineEnvironment", + Param: "container/imageNameTags", + }, + }, + Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, + Type: "[]string", + Mandatory: false, + Aliases: []config.Alias{}, + Default: []string{}, + }, }, }, Containers: []config.Container{ diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index 2d0043aaae..17cb04aa4f 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -569,6 +569,16 @@ spec: param: container/repositoryUsername - name: commonPipelineEnvironment param: custom/repositoryUsername + - name: imageNameTags + description: "For `buildTool: docker`: image name and tags of the image to be scanned." + type: "[]string" + scope: + - PARAMETERS + - STAGES + - STEPS + resourceRef: + - name: commonPipelineEnvironment + param: container/imageNameTags outputs: resources: - name: influx From 6003cdd714a75c1698ec4417ae96573b0e3903b8 Mon Sep 17 00:00:00 2001 From: Keshav Date: Tue, 30 Jan 2024 12:32:26 +0100 Subject: [PATCH 20/32] adding condition either image of artifact --- cmd/detectExecuteScan.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/detectExecuteScan.go b/cmd/detectExecuteScan.go index 9538d205de..7b963f3179 100644 --- a/cmd/detectExecuteScan.go +++ b/cmd/detectExecuteScan.go @@ -216,9 +216,9 @@ func runDetect(ctx context.Context, config detectExecuteScanOptions, utils detec utils.SetDir(".") utils.SetEnv(envs) - err = mapDetectError(utils.RunShell("/bin/bash", script), config, utils) - - if config.ScanImages { + if !config.ScanImages { + err = mapDetectError(utils.RunShell("/bin/bash", script), config, utils) + } else { err = mapDetectError(runDetectImages(ctx, config, utils, blackduckSystem, influx, blackduckSystem), config, utils) } From beb578a80922d1df37fe6bca1bbe93f508c7eb33 Mon Sep 17 00:00:00 2001 From: Keshav Date: Wed, 31 Jan 2024 12:28:28 +0100 Subject: [PATCH 21/32] adding port mapping to detect step --- resources/metadata/detectExecuteScan.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index 17cb04aa4f..5ca5f5af56 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -634,6 +634,10 @@ spec: - image: blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0 name: inspector-ubuntu command: [''] + containerPortMappings: + 'blackduck-imageinspector-ubuntu:5.1.0': + - containerPort: 9002 + hostPort: 9002 volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared name: volume From f71dadf14bf2b97ffe77b23f9fdd80ab658e7542 Mon Sep 17 00:00:00 2001 From: Keshav Date: Wed, 31 Jan 2024 12:29:05 +0100 Subject: [PATCH 22/32] adding port mapping to detect step --- resources/metadata/detectExecuteScan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index 5ca5f5af56..d965cb29e0 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -635,7 +635,7 @@ spec: name: inspector-ubuntu command: [''] containerPortMappings: - 'blackduck-imageinspector-ubuntu:5.1.0': + 'blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0': - containerPort: 9002 hostPort: 9002 volumeMounts: From a017376dabb9fe29eb9861292b8ae9ae138b0933 Mon Sep 17 00:00:00 2001 From: Keshav Date: Thu, 1 Feb 2024 10:13:02 +0100 Subject: [PATCH 23/32] changing port numbers --- cmd/detectExecuteScan.go | 2 +- resources/metadata/detectExecuteScan.yaml | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/cmd/detectExecuteScan.go b/cmd/detectExecuteScan.go index 7b963f3179..6d57d05643 100644 --- a/cmd/detectExecuteScan.go +++ b/cmd/detectExecuteScan.go @@ -566,7 +566,7 @@ func addDetectArgsImages(args []string, config detectExecuteScanOptions, utils d switch config.ContainerDistro { case "ubuntu": - args = append(args, "--detect.docker.passthrough.imageinspector.service.url=http://localhost:9002") + args = append(args, "--detect.docker.passthrough.imageinspector.service.url=http://localhost:8082") case "centos": args = append(args, "--detect.docker.passthrough.imageinspector.service.url=http://localhost:9001") case "alpine": diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index d965cb29e0..17cb04aa4f 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -634,10 +634,6 @@ spec: - image: blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0 name: inspector-ubuntu command: [''] - containerPortMappings: - 'blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0': - - containerPort: 9002 - hostPort: 9002 volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared name: volume From 1358d2199479858c094e26757ce8ba42af8e7570 Mon Sep 17 00:00:00 2001 From: Keshav Date: Thu, 1 Feb 2024 11:28:53 +0100 Subject: [PATCH 24/32] adding voume mounts name --- resources/metadata/detectExecuteScan.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index 17cb04aa4f..b0442e2d14 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -630,13 +630,16 @@ spec: options: - name: -u value: "0" + volumeMounts: + - mountPath: /opt/blackduck/blackduck-imageinspector/shared + name: imageinspector-shared sidecars: - image: blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0 name: inspector-ubuntu command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared - name: volume + name: imageinspector-shared conditions: - conditionRef: strings-equal params: @@ -647,7 +650,7 @@ spec: command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared - name: volume + name: imageinspector-shared conditions: - conditionRef: strings-equal params: @@ -658,7 +661,7 @@ spec: command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared - name: volume + name: imageinspector-shared conditions: - conditionRef: strings-equal params: From 17b63a3af9c095321fa5b14d605525bc2f199716 Mon Sep 17 00:00:00 2001 From: Keshav Date: Thu, 1 Feb 2024 12:14:41 +0100 Subject: [PATCH 25/32] changing file permissions --- cmd/detectExecuteScan.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cmd/detectExecuteScan.go b/cmd/detectExecuteScan.go index 6d57d05643..871bc6f999 100644 --- a/cmd/detectExecuteScan.go +++ b/cmd/detectExecuteScan.go @@ -296,9 +296,13 @@ func runDetectImages(ctx context.Context, config detectExecuteScanOptions, utils ImageFormat: "legacy", } containerSaveImage(options, &telemetry.CustomData{}) + err := detectUtils.Chmod(tarName, 0666) + if err != nil { + return err + } args := []string{"./detect.sh"} - args, err := addDetectArgsImages(args, config, utils, sys, tarName) + args, err = addDetectArgsImages(args, config, utils, sys, tarName) if err != nil { return err } From abe805ac441d815e40f9730f214fb16963c8051d Mon Sep 17 00:00:00 2001 From: Keshav Date: Thu, 1 Feb 2024 12:54:58 +0100 Subject: [PATCH 26/32] changing file permissions --- cmd/detectExecuteScan.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/detectExecuteScan.go b/cmd/detectExecuteScan.go index 871bc6f999..187bfc1301 100644 --- a/cmd/detectExecuteScan.go +++ b/cmd/detectExecuteScan.go @@ -296,7 +296,7 @@ func runDetectImages(ctx context.Context, config detectExecuteScanOptions, utils ImageFormat: "legacy", } containerSaveImage(options, &telemetry.CustomData{}) - err := detectUtils.Chmod(tarName, 0666) + err := utils.Chmod(tarName, 0666) if err != nil { return err } From cc394fa240eead9838bef7c36902e593859508b7 Mon Sep 17 00:00:00 2001 From: Keshav Date: Thu, 1 Feb 2024 15:11:40 +0100 Subject: [PATCH 27/32] making 777 permission --- cmd/detectExecuteScan.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/detectExecuteScan.go b/cmd/detectExecuteScan.go index 187bfc1301..eed5a7695d 100644 --- a/cmd/detectExecuteScan.go +++ b/cmd/detectExecuteScan.go @@ -296,7 +296,7 @@ func runDetectImages(ctx context.Context, config detectExecuteScanOptions, utils ImageFormat: "legacy", } containerSaveImage(options, &telemetry.CustomData{}) - err := utils.Chmod(tarName, 0666) + err := utils.Chmod(tarName, 0777) if err != nil { return err } From 8d85456becf54dc68aea7261274bd292abe2a9b7 Mon Sep 17 00:00:00 2001 From: Keshav Date: Fri, 2 Feb 2024 15:42:35 +0100 Subject: [PATCH 28/32] adding shared docker volume --- resources/metadata/detectExecuteScan.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index b0442e2d14..772b336f26 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -632,14 +632,14 @@ spec: value: "0" volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared - name: imageinspector-shared + name: volume sidecars: - image: blackducksoftware/blackduck-imageinspector-ubuntu:5.1.0 name: inspector-ubuntu command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared - name: imageinspector-shared + name: volume conditions: - conditionRef: strings-equal params: @@ -650,7 +650,7 @@ spec: command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared - name: imageinspector-shared + name: volume conditions: - conditionRef: strings-equal params: @@ -661,7 +661,7 @@ spec: command: [''] volumeMounts: - mountPath: /opt/blackduck/blackduck-imageinspector/shared - name: imageinspector-shared + name: volume conditions: - conditionRef: strings-equal params: From 3e3b7debd4275c13ec51a8b042f38d4368b4738c Mon Sep 17 00:00:00 2001 From: Keshav Date: Fri, 2 Feb 2024 16:12:46 +0100 Subject: [PATCH 29/32] defaulting to one side car in case of no multiple --- pkg/config/stepmeta.go | 53 +++++++++++++++++++++++++----------------- 1 file changed, 32 insertions(+), 21 deletions(-) diff --git a/pkg/config/stepmeta.go b/pkg/config/stepmeta.go index 36d7bc18a5..ec9dd51ec1 100644 --- a/pkg/config/stepmeta.go +++ b/pkg/config/stepmeta.go @@ -311,32 +311,43 @@ func (m *StepData) GetContextDefaults(stepName string) (io.ReadCloser, error) { } if len(m.Spec.Sidecars) > 0 { - for _, sideCar := range m.Spec.Sidecars { - key := "" - conditionParam := "" - if len(sideCar.Conditions) > 0 { - key = sideCar.Conditions[0].Params[0].Value - conditionParam = sideCar.Conditions[0].Params[0].Name + + // if there one side care dont check conditions and consider the only side care as default . this is default behaviour + // if there are more than one side car then check conditions, + if len(m.Spec.Sidecars) == 1 { + if len(m.Spec.Sidecars[0].Command) > 0 { + root["sidecarCommand"] = m.Spec.Sidecars[0].Command[0] } - p := map[string]interface{}{} - if key != "" { - root[key] = p - //add default for condition parameter if available - for _, inputParam := range m.Spec.Inputs.Parameters { - if inputParam.Name == conditionParam { - root[conditionParam] = inputParam.Default + m.Spec.Sidecars[0].commonConfiguration("sidecar", &root) + putStringIfNotEmpty(root, "sidecarReadyCommand", m.Spec.Sidecars[0].ReadyCommand) + } else { + for _, sideCar := range m.Spec.Sidecars { + key := "" + conditionParam := "" + if len(sideCar.Conditions) > 0 { + key = sideCar.Conditions[0].Params[0].Value + conditionParam = sideCar.Conditions[0].Params[0].Name + } + p := map[string]interface{}{} + if key != "" { + root[key] = p + //add default for condition parameter if available + for _, inputParam := range m.Spec.Inputs.Parameters { + if inputParam.Name == conditionParam { + root[conditionParam] = inputParam.Default + } } + } else { + p = root + } + if len(sideCar.Command) > 0 { + root["sidecarCommand"] = sideCar.Command[0] } - } else { - p = root - } - if len(sideCar.Command) > 0 { - root["sidecarCommand"] = sideCar.Command[0] - } - putStringIfNotEmpty(root, "sidecarReadyCommand", sideCar.ReadyCommand) - sideCar.commonConfiguration("sidecar", &p) + putStringIfNotEmpty(root, "sidecarReadyCommand", sideCar.ReadyCommand) + sideCar.commonConfiguration("sidecar", &p) + } } // not filled for now since this is not relevant in Kubernetes case From 6098d5d66da0766d39b774c8a6cf20ef1592bb06 Mon Sep 17 00:00:00 2001 From: Keshav Date: Fri, 2 Feb 2024 16:49:54 +0100 Subject: [PATCH 30/32] impro docu --- pkg/config/stepmeta.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkg/config/stepmeta.go b/pkg/config/stepmeta.go index ec9dd51ec1..da17321e28 100644 --- a/pkg/config/stepmeta.go +++ b/pkg/config/stepmeta.go @@ -311,7 +311,6 @@ func (m *StepData) GetContextDefaults(stepName string) (io.ReadCloser, error) { } if len(m.Spec.Sidecars) > 0 { - // if there one side care dont check conditions and consider the only side care as default . this is default behaviour // if there are more than one side car then check conditions, if len(m.Spec.Sidecars) == 1 { @@ -349,7 +348,6 @@ func (m *StepData) GetContextDefaults(stepName string) (io.ReadCloser, error) { } } - // not filled for now since this is not relevant in Kubernetes case //putStringIfNotEmpty(root, "containerPortMappings", m.Spec.Sidecars[0].) } From 17c3723706ecdd02f50c66d17d316e27fef55b11 Mon Sep 17 00:00:00 2001 From: Keshav Date: Fri, 2 Feb 2024 17:04:17 +0100 Subject: [PATCH 31/32] typo error fix --- pkg/config/stepmeta.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/config/stepmeta.go b/pkg/config/stepmeta.go index da17321e28..570bf806ea 100644 --- a/pkg/config/stepmeta.go +++ b/pkg/config/stepmeta.go @@ -311,7 +311,7 @@ func (m *StepData) GetContextDefaults(stepName string) (io.ReadCloser, error) { } if len(m.Spec.Sidecars) > 0 { - // if there one side care dont check conditions and consider the only side care as default . this is default behaviour + // if there one side car do not check conditions and consider the only side care as default . this is default behaviour // if there are more than one side car then check conditions, if len(m.Spec.Sidecars) == 1 { if len(m.Spec.Sidecars[0].Command) > 0 { From ca9d32cf3322028de0797b31fe8c9b8d47d905ee Mon Sep 17 00:00:00 2001 From: Keshav Date: Tue, 6 Feb 2024 15:18:13 +0100 Subject: [PATCH 32/32] correct port names for the inspector app --- cmd/detectExecuteScan.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/detectExecuteScan.go b/cmd/detectExecuteScan.go index eed5a7695d..3f54283aaf 100644 --- a/cmd/detectExecuteScan.go +++ b/cmd/detectExecuteScan.go @@ -572,9 +572,9 @@ func addDetectArgsImages(args []string, config detectExecuteScanOptions, utils d case "ubuntu": args = append(args, "--detect.docker.passthrough.imageinspector.service.url=http://localhost:8082") case "centos": - args = append(args, "--detect.docker.passthrough.imageinspector.service.url=http://localhost:9001") + args = append(args, "--detect.docker.passthrough.imageinspector.service.url=http://localhost:8081") case "alpine": - args = append(args, "--detect.docker.passthrough.imageinspector.service.url=http://localhost:9000") + args = append(args, "--detect.docker.passthrough.imageinspector.service.url=http://localhost:8080") default: return nil, fmt.Errorf("unknown container distro %q", config.ContainerDistro) }