feat: Add build info to /metadata response (#54)

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
aquasecurity · Nov 14, 2019 · 5a8827b · 5a8827b
1 parent 2800275
commit 5a8827b
Show file tree

Hide file tree

Showing 17 changed files with 99 additions and 58 deletions.
diff --git a/README.md b/README.md
@@ -79,22 +79,21 @@ make container
    $ kubectl apply -f kube/harbor-scanner-trivy.yaml
    ```
    > By default the StatefulSet refers to the latest release image published to [Docker Hub][latest-release-url].
-4. Build a Docker image `aquasec/harbor-scanner-trivy:dev`:
+4. Scale down the StatefulSet:
+   ```
+   $ kubectl scale sts harbor-scanner-trivy --replicas=0
+   ```
+5. Build a Docker image `aquasec/harbor-scanner-trivy:dev`:
    ```
    $ make container
    ```
-5. Update StatefulSet's image to `aquasec/harbor-scanner-trivy:dev`
-   1. Update `init` container image:
-      ```
-      $ kubectl set image sts harbor-scanner-trivy \
-        init=aquasec/harbor-scanner-trivy:dev
-      ```
-   2. Update `main` container image:
-      ```
-      $ kubectl set image sts harbor-scanner-trivy \
-        main=aquasec/harbor-scanner-trivy:dev
-      ```
-6. Change the number of replicas of the StatefulSet:
+6. Update StatefulSet's images to `aquasec/harbor-scanner-trivy:dev`
+   ```
+   $ kubectl set image sts harbor-scanner-trivy \
+     init=aquasec/harbor-scanner-trivy:dev \
+     main=aquasec/harbor-scanner-trivy:dev
+   ```
+7. Scale up the StatefulSet:
    ```
    $ kubectl scale sts harbor-scanner-trivy --replicas=1
    ```
@@ -181,6 +180,7 @@ Configuration of the adapter is done via environment variables at startup.
 | `SCANNER_API_SERVER_WRITE_TIMEOUT` | `15s`   | The maximum duration before timing out writes of the response. |
 | `SCANNER_TRIVY_CACHE_DIR`   | `/root/.cache/trivy`   | Trivy cache directory.   |
 | `SCANNER_TRIVY_REPORTS_DIR` | `/root/.cache/reports` | Trivy reports directory. |
+| `SCANNER_TRIVY_DEBUG_MODE`  | `false` | The flag to enable or disable Trivy debug mode. |
 | `SCANNER_STORE_REDIS_URL`       | `redis://localhost:6379`          | Redis server URI for a redis store. |
 | `SCANNER_STORE_REDIS_NAMESPACE` | `harbor.scanner.trivy:data-store` | A namespace for keys in a redis store. |
 | `SCANNER_STORE_REDIS_POOL_MAX_ACTIVE` | `5`  | The max number of connections allocated by the pool for a redis store. |

diff --git a/cmd/scanner-trivy/main.go b/cmd/scanner-trivy/main.go
@@ -7,6 +7,7 @@ import (
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/persistence/redis"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/queue"
 	log "github.com/sirupsen/logrus"
+	"golang.org/x/xerrors"
 	"os"
 	"os/signal"
 	"syscall"
@@ -25,19 +26,35 @@ func main() {
 	log.SetReportCaller(false)
 	log.SetFormatter(&log.JSONFormatter{})
 
+	info := etc.BuildInfo{
+		Version: version,
+		Commit:  commit,
+		Date:    date,
+	}
+
+	if err := run(info); err != nil {
+		log.Fatalf("Error: %v", err)
+	}
+}
+
+func run(info etc.BuildInfo) error {
 	log.WithFields(log.Fields{
-		"version":  version,
-		"commit":   commit,
-		"built_at": date,
+		"version":  info.Version,
+		"commit":   info.Commit,
+		"built_at": info.Date,
 	}).Info("Starting harbor-scanner-trivy")
 
 	config, err := etc.GetConfig()
 	if err != nil {
-		log.Fatalf("Error: %v", err)
+		return xerrors.Errorf("getting config: %w", err)
 	}
 
 	worker := queue.NewWorker(config.JobQueue)
-	apiServer := newAPIServer(config)
+
+	store := redis.NewStore(config.RedisStore)
+	enqueuer := queue.NewEnqueuer(config.JobQueue, store)
+	apiHandler := v1.NewAPIHandler(info, enqueuer, store)
+	apiServer := api.NewServer(config.API, apiHandler)
 
 	shutdownComplete := make(chan struct{})
 	go func() {
@@ -56,11 +73,5 @@ func main() {
 	apiServer.ListenAndServe()
 
 	<-shutdownComplete
-}
-
-func newAPIServer(config etc.Config) *api.Server {
-	store := redis.NewStore(config.RedisStore)
-	enqueuer := queue.NewEnqueuer(config.JobQueue, store)
-	apiHandler := v1.NewAPIHandler(enqueuer, store)
-	return api.NewServer(config.API, apiHandler)
+	return nil
 }
diff --git a/kube/harbor-scanner-trivy.yaml b/kube/harbor-scanner-trivy.yaml
@@ -22,7 +22,7 @@ spec:
   selector:
     matchLabels:
       app: harbor-scanner-trivy
-  replicas: 0
+  replicas: 1
   volumeClaimTemplates:
     - metadata:
         name: data
@@ -77,6 +77,8 @@ spec:
               value: "/root/.cache/trivy"
             - name: "SCANNER_TRIVY_REPORTS_DIR"
               value: "/root/.cache/reports"
+            - name: "SCANNER_TRIVY_DEBUG_MODE"
+              value: "false"
             - name: "SCANNER_STORE_REDIS_URL"
               value: "redis://harbor-harbor-redis:6379"
             - name: "SCANNER_STORE_REDIS_SCAN_JOB_TTL"

diff --git a/pkg/etc/config.go b/pkg/etc/config.go
@@ -8,6 +8,12 @@ import (
 	"time"
 )
 
+type BuildInfo struct {
+	Version string
+	Commit  string
+	Date    string
+}
+
 type Config struct {
 	API        API
 	Trivy      Trivy
@@ -18,6 +24,7 @@ type Config struct {
 type Trivy struct {
 	CacheDir   string `env:"SCANNER_TRIVY_CACHE_DIR" envDefault:"/root/.cache/trivy"`
 	ReportsDir string `env:"SCANNER_TRIVY_REPORTS_DIR" envDefault:"/root/.cache/reports"`
+	DebugMode  bool   `env:"SCANNER_TRIVY_DEBUG_MODE" envDefault:"false"`
 }
 
 type API struct {

diff --git a/pkg/etc/config_test.go b/pkg/etc/config_test.go
@@ -92,6 +92,7 @@ func TestGetConfig(t *testing.T) {
 
 				"SCANNER_TRIVY_CACHE_DIR":   "/home/scanner/trivy-cache",
 				"SCANNER_TRIVY_REPORTS_DIR": "/home/scanner/trivy-reports",
+				"SCANNER_TRIVY_DEBUG_MODE":  "true",
 
 				"SCANNER_STORE_REDIS_URL":             "redis://harbor-harbor-redis:6379",
 				"SCANNER_STORE_REDIS_NAMESPACE":       "test.namespace",
@@ -109,6 +110,7 @@ func TestGetConfig(t *testing.T) {
 				Trivy: Trivy{
 					CacheDir:   "/home/scanner/trivy-cache",
 					ReportsDir: "/home/scanner/trivy-reports",
+					DebugMode:  true,
 				},
 				RedisStore: RedisStore{
 					RedisURL:      "redis://harbor-harbor-redis:6379",

diff --git a/pkg/http/api/v1/handler.go b/pkg/http/api/v1/handler.go
@@ -21,13 +21,15 @@ const (
 )
 
 type requestHandler struct {
+	info     etc.BuildInfo
 	enqueuer queue.Enqueuer
 	store    persistence.Store
 	api.BaseHandler
 }
 
-func NewAPIHandler(enqueuer queue.Enqueuer, store persistence.Store) http.Handler {
+func NewAPIHandler(info etc.BuildInfo, enqueuer queue.Enqueuer, store persistence.Store) http.Handler {
 	handler := &requestHandler{
+		info:     info,
 		enqueuer: enqueuer,
 		store:    store,
 	}
@@ -200,6 +202,10 @@ func (h *requestHandler) GetMetadata(res http.ResponseWriter, req *http.Request)
 		},
 		Properties: map[string]string{
 			"harbor.scanner-adapter/scanner-type": "os-package-vulnerability",
+			"org.label-schema.version":            h.info.Version,
+			"org.label-schema.build-date":         h.info.Date,
+			"org.label-schema.vcs-ref":            h.info.Commit,
+			"org.label-schema.vcs":                "https://github.com/aquasecurity/harbor-scanner-trivy",
 		},
 	}
 	h.WriteJSON(res, metadata, api.MimeTypeMetadata, http.StatusOK)

diff --git a/pkg/http/api/v1/handler_test.go b/pkg/http/api/v1/handler_test.go
@@ -3,6 +3,7 @@ package v1
 import (
 	"errors"
 	"fmt"
+	"github.com/aquasecurity/harbor-scanner-trivy/pkg/etc"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -174,7 +175,7 @@ func TestRequestHandler_AcceptScanRequest(t *testing.T) {
 			r, err := http.NewRequest(http.MethodPost, "/api/v1/scan", strings.NewReader(tc.requestBody))
 			require.NoError(t, err)
 
-			NewAPIHandler(enqueuer, store).ServeHTTP(rr, r)
+			NewAPIHandler(etc.BuildInfo{}, enqueuer, store).ServeHTTP(rr, r)
 
 			assert.Equal(t, tc.expectedStatus, rr.Code)
 			assert.Equal(t, tc.expectedContentType, rr.Header().Get("Content-Type"))
@@ -367,7 +368,7 @@ func TestRequestHandler_GetScanReport(t *testing.T) {
 			r, err := http.NewRequest(http.MethodGet, "/api/v1/scan/job:123/report", nil)
 			require.NoError(t, err)
 
-			NewAPIHandler(enqueuer, store).ServeHTTP(rr, r)
+			NewAPIHandler(etc.BuildInfo{}, enqueuer, store).ServeHTTP(rr, r)
 
 			assert.Equal(t, tc.expectedStatus, rr.Code)
 			assert.Equal(t, tc.expectedContentType, rr.Header().Get("Content-Type"))
@@ -390,7 +391,7 @@ func TestRequestHandler_GetHealthy(t *testing.T) {
 	r, err := http.NewRequest(http.MethodGet, "/probe/healthy", nil)
 	require.NoError(t, err)
 
-	NewAPIHandler(enqueuer, store).ServeHTTP(rr, r)
+	NewAPIHandler(etc.BuildInfo{}, enqueuer, store).ServeHTTP(rr, r)
 
 	rs := rr.Result()
 
@@ -408,7 +409,7 @@ func TestRequestHandler_GetReady(t *testing.T) {
 	r, err := http.NewRequest(http.MethodGet, "/probe/ready", nil)
 	require.NoError(t, err)
 
-	NewAPIHandler(enqueuer, store).ServeHTTP(rr, r)
+	NewAPIHandler(etc.BuildInfo{}, enqueuer, store).ServeHTTP(rr, r)
 
 	rs := rr.Result()
 
@@ -426,7 +427,7 @@ func TestRequestHandler_GetMetadata(t *testing.T) {
 	r, err := http.NewRequest(http.MethodGet, "/api/v1/metadata", nil)
 	require.NoError(t, err)
 
-	NewAPIHandler(enqueuer, store).ServeHTTP(rr, r)
+	NewAPIHandler(etc.BuildInfo{Version: "0.1", Commit: "abc", Date: "2019-01-03T13:40"}, enqueuer, store).ServeHTTP(rr, r)
 
 	rs := rr.Result()
 
@@ -449,7 +450,11 @@ func TestRequestHandler_GetMetadata(t *testing.T) {
     }
   ],
   "properties": {
-    "harbor.scanner-adapter/scanner-type": "os-package-vulnerability"
+    "harbor.scanner-adapter/scanner-type": "os-package-vulnerability",
+    "org.label-schema.version": "0.1",
+    "org.label-schema.build-date": "2019-01-03T13:40",
+    "org.label-schema.vcs-ref": "abc",
+    "org.label-schema.vcs": "https://github.com/aquasecurity/harbor-scanner-trivy"
   }
 }`, rr.Body.String())
 	enqueuer.AssertExpectations(t)

diff --git a/pkg/mock/transformer.go b/pkg/mock/transformer.go
@@ -2,7 +2,7 @@ package mock
 
 import (
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model/harbor"
-	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model/trivy"
+	"github.com/aquasecurity/harbor-scanner-trivy/pkg/trivy"
 	"github.com/stretchr/testify/mock"
 )
 

diff --git a/pkg/mock/wrapper.go b/pkg/mock/wrapper.go
@@ -1,7 +1,6 @@
 package mock
 
 import (
-	model "github.com/aquasecurity/harbor-scanner-trivy/pkg/model/trivy"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/trivy"
 	"github.com/stretchr/testify/mock"
 )
@@ -14,7 +13,7 @@ func NewWrapper() *Wrapper {
 	return &Wrapper{}
 }
 
-func (w *Wrapper) Run(imageRef string, auth trivy.RegistryAuth) (model.ScanReport, error) {
+func (w *Wrapper) Run(imageRef string, auth trivy.RegistryAuth) (trivy.ScanReport, error) {
 	args := w.Called(imageRef, auth)
-	return args.Get(0).(model.ScanReport), args.Error(1)
+	return args.Get(0).(trivy.ScanReport), args.Error(1)
 }
diff --git a/pkg/queue/worker.go b/pkg/queue/worker.go
@@ -3,7 +3,6 @@ package queue
 import (
 	"encoding/json"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/etc"
-	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model/harbor"
 	store "github.com/aquasecurity/harbor-scanner-trivy/pkg/persistence/redis"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/scan"
@@ -89,7 +88,7 @@ func (s *workerContext) controller() (controller scan.Controller, err error) {
 	wrapper := trivy.NewWrapper(config.Trivy)
 	dataStore := store.NewStore(config.RedisStore)
 
-	controller = scan.NewController(dataStore, wrapper, model.NewTransformer(&model.SystemClock{}))
+	controller = scan.NewController(dataStore, wrapper, scan.NewTransformer(&scan.SystemClock{}))
 	return
 }
 

diff --git a/pkg/scan/controller.go b/pkg/scan/controller.go
@@ -2,7 +2,6 @@ package scan
 
 import (
 	"encoding/base64"
-	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model/harbor"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model/job"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/persistence"
@@ -19,10 +18,10 @@ type Controller interface {
 type controller struct {
 	store       persistence.Store
 	wrapper     trivy.Wrapper
-	transformer model.Transformer
+	transformer Transformer
 }
 
-func NewController(store persistence.Store, wrapper trivy.Wrapper, transformer model.Transformer) Controller {
+func NewController(store persistence.Store, wrapper trivy.Wrapper, transformer Transformer) Controller {
 	return &controller{
 		store:       store,
 		wrapper:     wrapper,

diff --git a/pkg/scan/controller_test.go b/pkg/scan/controller_test.go
@@ -5,7 +5,6 @@ import (
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/mock"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model/harbor"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model/job"
-	model "github.com/aquasecurity/harbor-scanner-trivy/pkg/model/trivy"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/trivy"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/xerrors"
@@ -17,7 +16,7 @@ func TestController_Scan(t *testing.T) {
 		Repository: "library/mongo",
 		Digest:     "sha256:917f5b7f4bef1b35ee90f03033f33a81002511c1e0767fd44276d4bd9cd2fa8e",
 	}
-	trivyReport := model.ScanReport{}
+	trivyReport := trivy.ScanReport{}
 	harborReport := harbor.ScanReport{}
 
 	testCases := []struct {
@@ -109,7 +108,7 @@ func TestController_Scan(t *testing.T) {
 					trivy.RegistryAuth{Username: "user", Password: "password"},
 				},
 				ReturnArgs: []interface{}{
-					model.ScanReport{},
+					trivy.ScanReport{},
 					xerrors.New("out of memory"),
 				},
 			},

diff --git a/pkg/model/transformer.go → pkg/scan/transformer.go b/pkg/model/transformer.go → pkg/scan/transformer.go
@@ -1,9 +1,9 @@
-package model
+package scan
 
 import (
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/etc"
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model/harbor"
-	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model/trivy"
+	"github.com/aquasecurity/harbor-scanner-trivy/pkg/trivy"
 	log "github.com/sirupsen/logrus"
 	"time"
 )

diff --git a/pkg/model/transformer_test.go → pkg/scan/transformer_test.go b/pkg/model/transformer_test.go → pkg/scan/transformer_test.go
@@ -1,11 +1,11 @@
-package model
+package scan
 
 import (
+	"github.com/aquasecurity/harbor-scanner-trivy/pkg/trivy"
 	"testing"
 	"time"
 
 	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model/harbor"
-	"github.com/aquasecurity/harbor-scanner-trivy/pkg/model/trivy"
 	"github.com/stretchr/testify/assert"
 )
 

diff --git a/pkg/model/trivy/model.go → pkg/trivy/model.go b/pkg/model/trivy/model.go → pkg/trivy/model.go