From acff7e453b8083fe081b107ef530dc86e880a8db Mon Sep 17 00:00:00 2001 From: Victoria Jeffrey Date: Wed, 28 Feb 2024 16:39:16 -0700 Subject: [PATCH] no discovery for container images --- explorer/scan/discovery.go | 31 ++++++++++++------- explorer/scan/local_scanner.go | 12 +++++-- .../connection/container/image_connection.go | 3 +- providers/os/connection/tar/connection.go | 21 ++++++------- providers/os/provider/provider.go | 2 +- 5 files changed, 42 insertions(+), 27 deletions(-) diff --git a/explorer/scan/discovery.go b/explorer/scan/discovery.go index 5a4ec565cc..081bd1502b 100644 --- a/explorer/scan/discovery.go +++ b/explorer/scan/discovery.go @@ -138,20 +138,27 @@ func DiscoverAssets(ctx context.Context, inv *inventory.Inventory, upstream *ups // for all discovered assets, we apply mondoo-specific labels and annotations that come from the root asset for _, a := range rootAssetWithRuntime.Runtime.Provider.Connection.Inventory.Spec.Assets { // create runtime for root asset - assetWithRuntime, err := createRuntimeForAsset(a, upstream, recording) - if err != nil { - log.Error().Err(err).Str("asset", a.Name).Msg("unable to create runtime for asset") - discoveredAssets.AddError(a, err) - continue + log.Info().Msgf("create runtime %v %v", *a.Platform, a.Connections[0].Type) + if a.Connections[0].Type == "registry-image" { + a.Connections[0].Options["needs-discovery"] = "true" + discoveredAssets.Add(a, nil) + } else { + assetWithRuntime, err := createRuntimeForAsset(a, upstream, recording) + if err != nil { + log.Error().Err(err).Str("asset", a.Name).Msg("unable to create runtime for asset") + discoveredAssets.AddError(a, err) + continue + } + + resolvedAsset := assetWithRuntime.Runtime.Provider.Connection.Asset + prepareAsset(resolvedAsset, resolvedRootAsset, runtimeLabels) + + // If the asset has been already added, we should close its runtime + if !discoveredAssets.Add(resolvedAsset, assetWithRuntime.Runtime) { + assetWithRuntime.Runtime.Close() + } } - resolvedAsset := assetWithRuntime.Runtime.Provider.Connection.Asset - prepareAsset(resolvedAsset, resolvedRootAsset, runtimeLabels) - - // If the asset has been already added, we should close its runtime - if !discoveredAssets.Add(resolvedAsset, assetWithRuntime.Runtime) { - assetWithRuntime.Runtime.Close() - } } } diff --git a/explorer/scan/local_scanner.go b/explorer/scan/local_scanner.go index 4c5502abb9..64604183f9 100644 --- a/explorer/scan/local_scanner.go +++ b/explorer/scan/local_scanner.go @@ -307,7 +307,7 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up if job.Bundle != nil && job.Bundle.FilterQueryPacks(job.QueryPackFilters) { return nil, errors.New("all available packs filtered out. nothing to do") } - + log.Info().Msg("running actual job") wg := sync.WaitGroup{} wg.Add(1) go func() { @@ -316,6 +316,14 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up asset := batch[i].Asset runtime := batch[i].Runtime + if asset.Connections[0].Options["needs-discovery"] == "true" { + rootAssetWithRuntime, _ := createRuntimeForAsset(asset, upstream, s.recording) + resolvedAsset := rootAssetWithRuntime.Runtime.Provider.Connection.Asset + prepareAsset(resolvedAsset, asset, map[string]string{}) + runtime = rootAssetWithRuntime.Runtime + asset = resolvedAsset + } + // Make sure the context has not been canceled in the meantime. Note that this approach works only for single threaded execution. If we have more than 1 thread calling this function, // we need to solve this at a different level. select { @@ -326,7 +334,7 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up return default: } - + log.Info().Msg("run asset job") p := &progress.MultiProgressAdapter{Key: asset.PlatformIds[0], Multi: multiprogress} s.RunAssetJob(&AssetJob{ DoRecord: job.DoRecord, diff --git a/providers/os/connection/container/image_connection.go b/providers/os/connection/container/image_connection.go index 0d5c1ab2f4..26d8c0ceaf 100644 --- a/providers/os/connection/container/image_connection.go +++ b/providers/os/connection/container/image_connection.go @@ -47,6 +47,7 @@ func NewImageConnection(id uint32, conf *inventory.Config, asset *inventory.Asse // NewRegistryImage loads a container image from a remote registry func NewRegistryImage(id uint32, conf *inventory.Config, asset *inventory.Asset) (*tar.Connection, error) { + log.Info().Msg("new reg image") ref, err := name.ParseReference(conf.Host, name.WeakValidation) if err != nil { return nil, errors.New("invalid container registry reference: " + conf.Host) @@ -107,7 +108,7 @@ func NewRegistryImage(id uint32, conf *inventory.Config, asset *inventory.Asset) conn.Metadata.Labels = labels asset.Labels = labels - + log.Info().Msg("got img") return conn, err } diff --git a/providers/os/connection/tar/connection.go b/providers/os/connection/tar/connection.go index b6120b6b3d..088a593429 100644 --- a/providers/os/connection/tar/connection.go +++ b/providers/os/connection/tar/connection.go @@ -80,17 +80,15 @@ func (p *Connection) RunCommand(command string) (*shared.Command, error) { func (p *Connection) EnsureLoaded() { if p.fetchFn != nil { - p.fetchOnce.Do(func() { - f, err := p.fetchFn() - if err != nil { - log.Error().Err(err).Msg("tar> could not fetch tar file") - return - } - if err := p.LoadFile(f); err != nil { - log.Error().Err(err).Msg("tar> could not load tar file") - return - } - }) + f, err := p.fetchFn() + if err != nil { + log.Error().Err(err).Msg("tar> could not fetch tar file") + return + } + if err := p.LoadFile(f); err != nil { + log.Error().Err(err).Msg("tar> could not load tar file") + return + } } } @@ -100,6 +98,7 @@ func (p *Connection) FileSystem() afero.Fs { } func (c *Connection) FileInfo(path string) (shared.FileInfoDetails, error) { + c.EnsureLoaded() fs := c.FileSystem() afs := &afero.Afero{Fs: fs} stat, err := afs.Stat(path) diff --git a/providers/os/provider/provider.go b/providers/os/provider/provider.go index 9c8ca8863b..edc42ee07e 100644 --- a/providers/os/provider/provider.go +++ b/providers/os/provider/provider.go @@ -224,7 +224,7 @@ func (s *Service) Connect(req *plugin.ConnectReq, callback plugin.ProviderCallba } // We only need to run the detection step when we don't have any asset information yet. - if req.Asset.Platform == nil || req.Asset.Platform.Name == "" { + if (req.Asset.Platform == nil || req.Asset.Platform.Name == "") && req.Asset.Connections[0].Type != "registry-image" { if err := s.detect(req.Asset, conn); err != nil { return nil, err }