refactor: Use factory to instantiate ConfigAuditReport plugins (#418)

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
aquasecurity · Mar 4, 2021 · 3892722 · 3892722
1 parent 8cf7552
commit 3892722
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 11 deletions.
diff --git a/deploy/static/05-starboard-operator.config.yaml b/deploy/static/05-starboard-operator.config.yaml
@@ -195,6 +195,7 @@ data:
         - kube-hunter
         rules:
         - runAsRootAllowed
+  kube-bench.imageRef: docker.io/aquasec/kube-bench:0.5.0
 ---
 apiVersion: v1
 kind: Secret

diff --git a/pkg/cmd/polaris.go b/pkg/cmd/polaris.go
@@ -1,19 +1,20 @@
 package cmd
 
 import (
+	"github.com/aquasecurity/starboard/pkg/starboard"
 	"github.com/spf13/cobra"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 )
 
 // Deprecated
 // Use NewScanConfigAuditReportsCmd instead.
-func NewPolarisCmd(cf *genericclioptions.ConfigFlags) *cobra.Command {
+func NewPolarisCmd(buildInfo starboard.BuildInfo, cf *genericclioptions.ConfigFlags) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:        "polaris",
 		Deprecated: "please use 'scan configauditreports' instead",
 		Short:      configAuditCmdShort,
 		Args:       cobra.MaximumNArgs(1),
-		RunE:       ScanConfigAuditReports(cf),
+		RunE:       ScanConfigAuditReports(buildInfo, cf),
 	}
 
 	registerScannerOpts(cmd)

diff --git a/pkg/cmd/root.go b/pkg/cmd/root.go
@@ -28,7 +28,7 @@ func NewRootCmd(buildInfo starboard.BuildInfo, args []string, outWriter io.Write
 	rootCmd.AddCommand(NewScanCmd(buildInfo, cf))
 	rootCmd.AddCommand(NewKubeBenchCmd(cf))
 	rootCmd.AddCommand(NewKubeHunterCmd(cf))
-	rootCmd.AddCommand(NewPolarisCmd(cf))
+	rootCmd.AddCommand(NewPolarisCmd(buildInfo, cf))
 	rootCmd.AddCommand(NewGetCmd(buildInfo, cf, outWriter))
 	rootCmd.AddCommand(NewCleanupCmd(cf))
 	rootCmd.AddCommand(NewConfigCmd(cf, outWriter))

diff --git a/pkg/cmd/scan.go b/pkg/cmd/scan.go
@@ -12,7 +12,7 @@ func NewScanCmd(buildInfo starboard.BuildInfo, cf *genericclioptions.ConfigFlags
 		Aliases: []string{"generate"},
 		Short:   "Manage security weakness identification tools",
 	}
-	scanCmd.AddCommand(NewScanConfigAuditReportsCmd(cf))
+	scanCmd.AddCommand(NewScanConfigAuditReportsCmd(buildInfo, cf))
 	scanCmd.AddCommand(NewScanKubeBenchReportsCmd(cf))
 	scanCmd.AddCommand(NewScanKubeHunterReportsCmd(cf))
 	scanCmd.AddCommand(NewScanVulnerabilityReportsCmd(buildInfo, cf))

diff --git a/pkg/cmd/scan_configaudit.go b/pkg/cmd/scan_configaudit.go
@@ -3,9 +3,8 @@ package cmd
 import (
 	"context"
 
+	"github.com/aquasecurity/starboard/pkg/config"
 	"github.com/aquasecurity/starboard/pkg/configauditreport"
-	"github.com/aquasecurity/starboard/pkg/ext"
-	"github.com/aquasecurity/starboard/pkg/polaris"
 	"github.com/aquasecurity/starboard/pkg/starboard"
 	"github.com/spf13/cobra"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
@@ -17,20 +16,20 @@ const (
 	configAuditCmdShort = "Run a variety of checks to ensure that a given workload is configured using best practices"
 )
 
-func NewScanConfigAuditReportsCmd(cf *genericclioptions.ConfigFlags) *cobra.Command {
+func NewScanConfigAuditReportsCmd(buildInfo starboard.BuildInfo, cf *genericclioptions.ConfigFlags) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "configauditreports",
 		Short: configAuditCmdShort,
 		Args:  cobra.MaximumNArgs(1),
-		RunE:  ScanConfigAuditReports(cf),
+		RunE:  ScanConfigAuditReports(buildInfo, cf),
 	}
 
 	registerScannerOpts(cmd)
 
 	return cmd
 }
 
-func ScanConfigAuditReports(cf *genericclioptions.ConfigFlags) func(cmd *cobra.Command, args []string) error {
+func ScanConfigAuditReports(buildInfo starboard.BuildInfo, cf *genericclioptions.ConfigFlags) func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
 		ctx := context.Background()
 		ns, _, err := cf.ToRawKubeConfigLoader().Namespace()
@@ -59,11 +58,14 @@ func ScanConfigAuditReports(cf *genericclioptions.ConfigFlags) func(cmd *cobra.C
 		if err != nil {
 			return err
 		}
-		config, err := starboard.NewConfigManager(kubeClientset, starboard.NamespaceName).Read(ctx)
+		starboardConfig, err := starboard.NewConfigManager(kubeClientset, starboard.NamespaceName).Read(ctx)
+		if err != nil {
+			return err
+		}
+		plugin, err := config.GetConfigAuditReportPlugin(buildInfo, starboardConfig)
 		if err != nil {
 			return err
 		}
-		plugin := polaris.NewPlugin(ext.NewSystemClock(), config)
 		scanner := configauditreport.NewScanner(scheme, kubeClientset, opts, plugin)
 		report, err := scanner.Scan(ctx, workload, gvk)
 		if err != nil {