Skip to content

Commit

Permalink
no discovery for container images
Browse files Browse the repository at this point in the history
  • Loading branch information
vjeffrey committed Feb 28, 2024
1 parent e13883f commit acff7e4
Show file tree
Hide file tree
Showing 5 changed files with 42 additions and 27 deletions.
31 changes: 19 additions & 12 deletions explorer/scan/discovery.go
Original file line number Diff line number Diff line change
Expand Up @@ -138,20 +138,27 @@ func DiscoverAssets(ctx context.Context, inv *inventory.Inventory, upstream *ups
// for all discovered assets, we apply mondoo-specific labels and annotations that come from the root asset
for _, a := range rootAssetWithRuntime.Runtime.Provider.Connection.Inventory.Spec.Assets {
// create runtime for root asset
assetWithRuntime, err := createRuntimeForAsset(a, upstream, recording)
if err != nil {
log.Error().Err(err).Str("asset", a.Name).Msg("unable to create runtime for asset")
discoveredAssets.AddError(a, err)
continue
log.Info().Msgf("create runtime %v %v", *a.Platform, a.Connections[0].Type)
if a.Connections[0].Type == "registry-image" {
a.Connections[0].Options["needs-discovery"] = "true"
discoveredAssets.Add(a, nil)
} else {
assetWithRuntime, err := createRuntimeForAsset(a, upstream, recording)
if err != nil {
log.Error().Err(err).Str("asset", a.Name).Msg("unable to create runtime for asset")
discoveredAssets.AddError(a, err)
continue
}

resolvedAsset := assetWithRuntime.Runtime.Provider.Connection.Asset
prepareAsset(resolvedAsset, resolvedRootAsset, runtimeLabels)

// If the asset has been already added, we should close its runtime
if !discoveredAssets.Add(resolvedAsset, assetWithRuntime.Runtime) {
assetWithRuntime.Runtime.Close()
}
}

resolvedAsset := assetWithRuntime.Runtime.Provider.Connection.Asset
prepareAsset(resolvedAsset, resolvedRootAsset, runtimeLabels)

// If the asset has been already added, we should close its runtime
if !discoveredAssets.Add(resolvedAsset, assetWithRuntime.Runtime) {
assetWithRuntime.Runtime.Close()
}
}
}

Expand Down
12 changes: 10 additions & 2 deletions explorer/scan/local_scanner.go
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up
if job.Bundle != nil && job.Bundle.FilterQueryPacks(job.QueryPackFilters) {
return nil, errors.New("all available packs filtered out. nothing to do")
}

log.Info().Msg("running actual job")
wg := sync.WaitGroup{}
wg.Add(1)
go func() {
Expand All @@ -316,6 +316,14 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up
asset := batch[i].Asset
runtime := batch[i].Runtime

if asset.Connections[0].Options["needs-discovery"] == "true" {
rootAssetWithRuntime, _ := createRuntimeForAsset(asset, upstream, s.recording)
resolvedAsset := rootAssetWithRuntime.Runtime.Provider.Connection.Asset
prepareAsset(resolvedAsset, asset, map[string]string{})
runtime = rootAssetWithRuntime.Runtime
asset = resolvedAsset
}

// Make sure the context has not been canceled in the meantime. Note that this approach works only for single threaded execution. If we have more than 1 thread calling this function,
// we need to solve this at a different level.
select {
Expand All @@ -326,7 +334,7 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up
return
default:
}

log.Info().Msg("run asset job")
p := &progress.MultiProgressAdapter{Key: asset.PlatformIds[0], Multi: multiprogress}
s.RunAssetJob(&AssetJob{
DoRecord: job.DoRecord,
Expand Down
3 changes: 2 additions & 1 deletion providers/os/connection/container/image_connection.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ func NewImageConnection(id uint32, conf *inventory.Config, asset *inventory.Asse

// NewRegistryImage loads a container image from a remote registry
func NewRegistryImage(id uint32, conf *inventory.Config, asset *inventory.Asset) (*tar.Connection, error) {
log.Info().Msg("new reg image")
ref, err := name.ParseReference(conf.Host, name.WeakValidation)
if err != nil {
return nil, errors.New("invalid container registry reference: " + conf.Host)
Expand Down Expand Up @@ -107,7 +108,7 @@ func NewRegistryImage(id uint32, conf *inventory.Config, asset *inventory.Asset)

conn.Metadata.Labels = labels
asset.Labels = labels

log.Info().Msg("got img")
return conn, err
}

Expand Down
21 changes: 10 additions & 11 deletions providers/os/connection/tar/connection.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,17 +80,15 @@ func (p *Connection) RunCommand(command string) (*shared.Command, error) {

func (p *Connection) EnsureLoaded() {
if p.fetchFn != nil {
p.fetchOnce.Do(func() {
f, err := p.fetchFn()
if err != nil {
log.Error().Err(err).Msg("tar> could not fetch tar file")
return
}
if err := p.LoadFile(f); err != nil {
log.Error().Err(err).Msg("tar> could not load tar file")
return
}
})
f, err := p.fetchFn()
if err != nil {
log.Error().Err(err).Msg("tar> could not fetch tar file")
return
}
if err := p.LoadFile(f); err != nil {
log.Error().Err(err).Msg("tar> could not load tar file")
return
}
}
}

Expand All @@ -100,6 +98,7 @@ func (p *Connection) FileSystem() afero.Fs {
}

func (c *Connection) FileInfo(path string) (shared.FileInfoDetails, error) {
c.EnsureLoaded()
fs := c.FileSystem()
afs := &afero.Afero{Fs: fs}
stat, err := afs.Stat(path)
Expand Down
2 changes: 1 addition & 1 deletion providers/os/provider/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ func (s *Service) Connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
}

// We only need to run the detection step when we don't have any asset information yet.
if req.Asset.Platform == nil || req.Asset.Platform.Name == "" {
if (req.Asset.Platform == nil || req.Asset.Platform.Name == "") && req.Asset.Connections[0].Type != "registry-image" {
if err := s.detect(req.Asset, conn); err != nil {
return nil, err
}
Expand Down

0 comments on commit acff7e4

Please sign in to comment.