anchore · svietry · Mar 15, 2023 · Mar 15, 2023
@@ -54,23 +54,40 @@ in the following order:
 
 Anchore ECS Inventory can be configured with a configuration file. The default
 location the configuration file is looked for is
-`~/.anchore-ecs-inventory/config.yaml`. The configuration file can be overridden
+`~/.anchore-ecs-inventory.yaml`. The configuration file can be overridden
 with the `-c` flag.
 
 ```yaml
 log:
-  level: "debug"
-  # location to write the log file (by default we log to STDOUT only)
+  # level of logging that anchore-ecs-inventory will do  { 'error' | 'info' | 'debug }
+  level: "info"
+
+  # location to write the log file (default is not to have a log file)
   file: "./anchore-ecs-inventory.log"
 
 anchore:
-  url: <anchore enterprise api url> (e.g. http://localhost:8228)
-  user: <anchore enterprise username>
-  password: $ANCHORE_ENTERPRISE_API_PASSWORD
+  # anchore enterprise api url  (e.g. http://localhost:8228)
+  url: $ANCHORE_ECS_INVENTORY_ANCHORE_URL
+
+  # anchore enterprise username
+  user: $ANCHORE_ECS_INVENTORY_ANCHORE_USER 
+
+  # anchore enterprise password
+  password: ANCHORE_ECS_INVENTORY_ANCHORE_PASSWORD
+
+  # anchore enterprise account that the inventory will be sent
+  account: $ANCHORE_ECS_INVENTORY_ANCHORE_ACCOUNT
+
   http:
     insecure: true
     timeout-seconds: 10
 
+# the aws region
+region: $ANCHORE_ECS_INVENTORY_REGION
+
+# frequency of which to poll the region
+polling-interval-seconds: 300
+
 quiet: false
 ```
 

@@ -0,0 +1,31 @@
+log:
+  # level of logging that anchore-ecs-inventory will do  { 'error' | 'info' | 'debug }
+  level: "info"
+
+  # location to write the log file (default is not to have a log file)
+  file: ""
+
+anchore:
+  # anchore enterprise api url  (e.g. http://localhost:8228)
+  url: $ANCHORE_ECS_INVENTORY_ANCHORE_URL
+
+  # anchore enterprise username
+  user: $ANCHORE_ECS_INVENTORY_ANCHORE_USER
+
+  # anchore enterprise password
+  password: ANCHORE_ECS_INVENTORY_ANCHORE_PASSWORD
+
+  # anchore enterprise account that the inventory will be sent
+  account: $ANCHORE_ECS_INVENTORY_ANCHORE_ACCOUNT
+
+  http:
+    insecure: true
+    timeout-seconds: 10
+
+# the aws region
+region: $ANCHORE_ECS_INVENTORY_REGION
+
+# frequency of which to poll the region
+polling-interval-seconds: 300
+
+quiet: false
@@ -1,18 +1,15 @@
 version: '2.1'
+
 services:
   anchore-ecs-inventory:
-    volumes:
-      - ./config.yaml:/config.yaml:ro
-    image: anchore/ecs-inventory:latest
+    image: docker.io/anchore/ecs-inventory:latest
     container_name: anchore-ecs-inventory
+    volumes:
+      - ./anchore-ecs-inventory.yaml:/.anchore-ecs-inventory.yaml
+      - ./aws.config:/.aws/credentials
     environment:
-      ANCHORE_ENTERPRISE_API_PASSWORD: ${ANCHORE_ENTERPRISE_API_PASSWORD:-foobar}
-      AWS_REGION: ${AWS_REGION:-us-west-2}
-      AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:-bar}
-      AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:-foo}
-    command:
-      [
-        "--config=config.yaml",
-        "--polling-interval-seconds=300",
-        "-v"
-      ]
+      ANCHORE_ECS_INVENTORY_ANCHORE_URL: ${ANCHORE_ECS_INVENTORY_ANCHORE_URL:-http://localhost:8228}
+      ANCHORE_ECS_INVENTORY_ANCHORE_USER: ${ANCHORE_ECS_INVENTORY_ANCHORE_USER:-admin}
+      ANCHORE_ECS_INVENTORY_ANCHORE_PASSWORD: ${ANCHORE_ECS_INVENTORY_ANCHORE_PASSWORD:-foobar}
+      ANCHORE_ECS_INVENTORY_ANCHORE_ACCOUNT: ${ANCHORE_ECS_INVENTORY_ANCHORE_ACCOUNT:-admin}
+      ANCHORE_ECS_INVENTORY_REGION: ${ANCHORE_ECS_INVENTORY_REGION:-eu-west-2}
@@ -20,7 +20,7 @@ const ReportAPIPath = "v1/enterprise/inventories"
 //
 //nolint:gosec
 func Post(report Report, anchoreDetails connection.AnchoreInfo) error {
-	logger.Log.Info("Reporting results to Anchore")
+	logger.Log.Info("Reporting results to Anchore", "Account", anchoreDetails.Account)
 	tr := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: anchoreDetails.HTTP.Insecure},
 	}
@@ -54,7 +54,7 @@ func Post(report Report, anchoreDetails connection.AnchoreInfo) error {
 	if resp.StatusCode != 200 {
 		return fmt.Errorf("failed to report data to Anchore: %+v", resp)
 	}
-	logger.Log.Debug("Successfully reported results to Anchore")
+	logger.Log.Debug("Successfully reported results to Anchore", "Account", anchoreDetails.Account)
 	return nil
 }
 

@@ -6,7 +6,7 @@ import (
 
 // ReportItem represents a cluster and all it's unique images
 type ReportItem struct {
-	Namespace string        `json:"namespace,omitempty"` // NOTE The key is Namespace to match the Anchore API but it's actually passed as empty string
+	Namespace string        `json:"namespace"` // NOTE The key is Namespace to match the Anchore API but it's actually passed as empty string
 	Images    []ReportImage `json:"images"`
 }