/
scan_config.go
85 lines (74 loc) · 2.81 KB
/
scan_config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package config
import (
"strconv"
"strings"
"time"
log "github.com/sirupsen/logrus"
"github.com/spf13/viper"
corev1 "k8s.io/api/core/v1"
)
const (
MaxParallelism = "MAX_PARALLELISM"
TargetNamespace = "TARGET_NAMESPACE"
SeverityThreshold = "SEVERITY_THRESHOLD"
IgnoreNamespaces = "IGNORE_NAMESPACES"
JobResultTimeout = "JOB_RESULT_TIMEOUT"
KlarImageName = "KLAR_IMAGE_NAME"
DeleteJobPolicy = "DELETE_JOB_POLICY"
ShouldScanDockerFile = "SHOULD_SCAN_DOCKERFILE"
ScannerServiceAccount = "SCANNER_SERVICE_ACCOUNT"
RegistryInsecure = "REGISTRY_INSECURE"
)
type ScanConfig struct {
MaxScanParallelism int
TargetNamespace string
SeverityThreshold string
KlarImageName string
IgnoredNamespaces []string
JobResultTimeout time.Duration
DeleteJobPolicy DeleteJobPolicyType
ShouldScanDockerFile bool
ScannerServiceAccount string
RegistryInsecure string
}
func setScanConfigDefaults() {
viper.SetDefault(MaxParallelism, "10")
viper.SetDefault(TargetNamespace, corev1.NamespaceAll) // Scan all namespaces by default
viper.SetDefault(SeverityThreshold, "MEDIUM") // Minimum severity level to report
viper.SetDefault(IgnoreNamespaces, "")
viper.SetDefault(KlarImageName, "gcr.io/development-infra-208909/klar")
viper.SetDefault(JobResultTimeout, "10m")
viper.SetDefault(DeleteJobPolicy, DeleteJobPolicySuccessful)
viper.SetDefault(ShouldScanDockerFile, "true")
viper.SetDefault(RegistryInsecure, "false")
viper.AutomaticEnv()
}
func LoadScanConfig() *ScanConfig {
setScanConfigDefaults()
shouldScanDockerFile := viper.GetBool(ShouldScanDockerFile)
registryInsecure, _ := strconv.ParseBool(viper.GetString(RegistryInsecure))
// Disable DockerFile scan if insecure registry is set - currently not supported
if registryInsecure {
shouldScanDockerFile = false
}
return &ScanConfig{
MaxScanParallelism: viper.GetInt(MaxParallelism),
TargetNamespace: viper.GetString(TargetNamespace),
SeverityThreshold: viper.GetString(SeverityThreshold),
KlarImageName: viper.GetString(KlarImageName),
IgnoredNamespaces: strings.Split(viper.GetString(IgnoreNamespaces), ","),
JobResultTimeout: viper.GetDuration(JobResultTimeout),
DeleteJobPolicy: getDeleteJobPolicyType(viper.GetString(DeleteJobPolicy)),
ShouldScanDockerFile: shouldScanDockerFile,
ScannerServiceAccount: viper.GetString(ScannerServiceAccount),
RegistryInsecure: viper.GetString(RegistryInsecure),
}
}
func getDeleteJobPolicyType(policyType string) DeleteJobPolicyType {
deleteJobPolicy := DeleteJobPolicyType(policyType)
if !deleteJobPolicy.IsValid() {
log.Warnf("Invalid %s type - using default `%s`", DeleteJobPolicy, DeleteJobPolicySuccessful)
deleteJobPolicy = DeleteJobPolicySuccessful
}
return deleteJobPolicy
}