fix handling of cross-provider assets discovery for run command

Signed-off-by: Ivan Milchev <[email protected]>
mondoohq · Sep 4, 2023 · 1a93e86 · 1a93e86
1 parent fc33b15
commit 1a93e86
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 17 deletions.
diff --git a/apps/cnquery/cmd/plugin.go b/apps/cnquery/cmd/plugin.go
@@ -117,7 +117,49 @@ func (c *cnqueryPlugin) RunQuery(conf *run.RunQueryConfig, runtime *providers.Ru
 		}
 	}
 
-	for i := range filteredAssets {
+	for _, asset := range filteredAssets {
+		// If the assets have platform IDs, then we have already connected to them via the
+		// current provider.
+		if len(asset.PlatformIds) > 0 {
+			continue
+		}
+
+		// Make sure the provider for the asset is present
+		if err := runtime.DetectProvider(asset); err != nil {
+			return err
+		}
+
+		err := runtime.Connect(&pp.ConnectReq{
+			Features: config.Features,
+			Asset:    asset,
+			Upstream: upstreamConfig,
+		})
+		if err != nil {
+			return err
+		}
+	}
+
+	// TODO: filter unique assets by platform ID
+	uniqueAssets := []*inventory.Asset{}
+	platformIds := map[string]struct{}{}
+	for _, asset := range filteredAssets {
+		found := false
+		for _, platformId := range asset.PlatformIds {
+			if _, ok := platformIds[platformId]; ok {
+				found = true
+			}
+		}
+		if found {
+			continue
+		}
+
+		uniqueAssets = append(uniqueAssets, asset)
+		for _, platformId := range asset.PlatformIds {
+			platformIds[platformId] = struct{}{}
+		}
+	}
+
+	for i := range uniqueAssets {
 		connectAsset := filteredAssets[i]
 		if err := runtime.DetectProvider(connectAsset); err != nil {
 			return err

diff --git a/providers/k8s/resources/discovery.go b/providers/k8s/resources/discovery.go
@@ -623,22 +623,6 @@ func discoverContainerImages(runtime *plugin.Runtime, invConfig *inventory.Confi
 		})
 	}
 
-	// Convert the container images to assets.
-	// assets := make(map[string]*inventory.Asset)
-	// for _, i := range runningImages {
-	// 	a, err := newPodImageAsset(i)
-	// 	if err != nil {
-	// 		log.Error().Err(err).Msg("failed to convert container image to asset")
-	// 		continue
-	// 	}
-
-	// 	// It is still possible to have unique images at this point. There might be
-	// 	// multiple image tags that actually point to the same digest. If we are scanning
-	// 	// a manifest, where there is no container status, we can only know that the 2 images
-	// 	// are identical after we resolve them with the container registry.
-	// 	assets[a.Labels["docker.io/digest"]] = a
-	// 	log.Debug().Str("name", a.Name).Str("image", a.Connections[0].Host).Msg("resolved pod")
-	// }
 	return assetList, nil
 }