apply annotations to root asset, instead of the job config. inherit d…

…uring discovery. (#2350)
mondoohq · Oct 24, 2023 · 78173f4 · 78173f4
1 parent 2d1b950
commit 78173f4
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 54 deletions.
diff --git a/apps/cnquery/cmd/scan.go b/apps/cnquery/cmd/scan.go
@@ -146,8 +146,6 @@ type scanConfig struct {
 	Props          map[string]string
 	Bundle         *explorer.Bundle
 	runtime        *providers.Runtime
-	// annotations that will be applied to all discovered assets
-	annotations map[string]string
 
 	IsIncognito bool
 }
@@ -165,11 +163,6 @@ func getCobraScanConfig(cmd *cobra.Command, runtime *providers.Runtime, cliRes *
 		log.Fatal().Err(err).Msg("failed to parse props")
 	}
 
-	inv, err := inventoryloader.ParseOrUse(cliRes.Asset, viper.GetBool("insecure"))
-	if err != nil {
-		log.Fatal().Err(err).Msg("failed to parse inventory")
-	}
-
 	annotations, err := cmd.Flags().GetStringToString("annotation")
 	if err != nil {
 		log.Fatal().Err(err).Msg("failed to parse annotations")
@@ -183,6 +176,11 @@ func getCobraScanConfig(cmd *cobra.Command, runtime *providers.Runtime, cliRes *
 	for k, v := range annotations {
 		optAnnotations[k] = v
 	}
+	inv, err := inventoryloader.ParseOrUse(cliRes.Asset, viper.GetBool("insecure"), optAnnotations)
+	if err != nil {
+		log.Fatal().Err(err).Msg("failed to parse inventory")
+	}
+
 	conf := scanConfig{
 		Features:       opts.GetFeatures(),
 		IsIncognito:    viper.GetBool("incognito"),
@@ -191,7 +189,6 @@ func getCobraScanConfig(cmd *cobra.Command, runtime *providers.Runtime, cliRes *
 		QueryPackNames: viper.GetStringSlice("querypacks"),
 		Props:          props,
 		runtime:        runtime,
-		annotations:    optAnnotations,
 	}
 
 	// if users want to get more information on available output options,
@@ -310,7 +307,6 @@ func RunScan(config *scanConfig) (*explorer.ReportCollection, error) {
 				Bundle:           config.Bundle,
 				QueryPackFilters: config.QueryPackNames,
 				Props:            config.Props,
-				Annotations:      config.annotations,
 			})
 	}
 	return scanner.Run(
@@ -320,7 +316,6 @@ func RunScan(config *scanConfig) (*explorer.ReportCollection, error) {
 			Bundle:           config.Bundle,
 			QueryPackFilters: config.QueryPackNames,
 			Props:            config.Props,
-			Annotations:      config.annotations,
 		})
 }
 

diff --git a/cli/inventoryloader/inventory.go b/cli/inventoryloader/inventory.go
@@ -136,10 +136,11 @@ func parseDomainListInventory(data []byte) (*inventory.Inventory, error) {
 
 // ParseOrUse tries to load the inventory and if nothing exists it
 // will instead use the provided asset.
-func ParseOrUse(cliAsset *inventory.Asset, insecure bool) (*inventory.Inventory, error) {
+func ParseOrUse(cliAsset *inventory.Asset, insecure bool, annotations map[string]string) (*inventory.Inventory, error) {
 	var v1inventory *inventory.Inventory
 	var err error
 
+	cliAsset.AddAnnotations(annotations)
 	// parses optional inventory file if inventory was not piped already
 	v1inventory, err = Parse()
 	if err != nil {

diff --git a/explorer/scan/cnquery_explorer_scan.pb.go b/explorer/scan/cnquery_explorer_scan.pb.go
diff --git a/explorer/scan/cnquery_explorer_scan.proto b/explorer/scan/cnquery_explorer_scan.proto
@@ -16,7 +16,5 @@ message Job {
   bool do_record = 20;
   repeated string query_pack_filters = 21;
   map<string,string> props = 22;
-  // annotations that will be applied to all assets in the job
-  map<string,string> annotations = 23;
 }
 
diff --git a/explorer/scan/local_scanner.go b/explorer/scan/local_scanner.go
@@ -210,9 +210,10 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up
 			continue
 		}
 
-		// for all discovered assets, we apply mondoo-specific labels that come from the root asset
+		// for all discovered assets, we apply mondoo-specific labels and annotations that come from the root asset
 		for _, a := range runtime.Provider.Connection.GetInventory().GetSpec().GetAssets() {
 			a.AddMondooLabels(asset)
+			a.AddAnnotations(asset.GetAnnotations())
 		}
 		processedAssets, err := providers.ProcessAssetCandidates(runtime, runtime.Provider.Connection, upstream, "")
 		if err != nil {
@@ -273,7 +274,6 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up
 
 	justAssets := []*inventory.Asset{}
 	for _, asset := range assets {
-		asset.asset.AddAnnotations(job.GetAnnotations())
 		asset.asset.KindString = asset.asset.GetPlatform().Kind
 		justAssets = append(justAssets, asset.asset)
 	}