feat: allow to specify a default DT parent project (#796)

Author: Ka0o0

README.md

@@ -125,6 +125,7 @@ not present in the cluster anymore are removed from the configured targets (exce
 | `dtrack-ca-cert-file` | `false` | `""` | CA-Certificate filepath when using mTLS to connect to dtrack |
 | `dtrack-client-cert-file` | `true` when `dtrack-ca-cert-file` is provided | `""` | Client-Certificate filepath when using mTLS to connect to dtrack |
 | `dtrack-client-key-file` | `true` when `dtrack-ca-cert-file` is provided | `""` | Client-Key filepath when using mTLS to connect to dtrack |
+| `dtrack-default-parent-project` | `false` | `""` | The default parent project UUID that should be used. This is overwritten in case a parent project annotation is set and found |
 | `dtrack-parent-project-annotation-key` | `false` | `""` | Kubernetes pod annotation key to set parent project automatically, e.g. "my.pod.annotation" |
 | `dtrack-project-name-annotation-key` | `false` | `""` | Kubernetes pod annotation key to set custom dtrack project name automatically, e.g. "my.pod.annotation" |
 | `kubernetes-cluster-id` | `false` | `"default"` | Kubernetes Cluster ID (to be used in Dependency-Track or Job-Images) |

internal/config.go

@@ -26,6 +26,7 @@ type Config struct {
 	DtrackCaCertFile                 string   `yaml:"dtrackCaCertFile" env:"SBOM_DTRACK_CA_CERT_FILE" flag:"dtrack-ca-cert-file"`
 	DtrackClientCertFile             string   `yaml:"dtrackClientCertFile" env:"SBOM_DTRACK_CLIENT_CERT_FILE" flag:"dtrack-client-cert-file"`
 	DtrackClientKeyFile              string   `yaml:"dtrackClientKeyFile" env:"SBOM_DTRACK_CLIENT_KEY_FILE" flag:"dtrack-client-key-file"`
+	DtrackDefaultParentProject       string   `yaml:"dtrackDefaultParentProject" env:"SBOM_DTRACK_DEFAULT_PARENT_PROJECT" flag:"dtrack-default-parent-project"`
 	DtrackParentProjectAnnotationKey string   `yaml:"dtrackParentProjectAnnotationKey" env:"SBOM_DTRACK_PARENT_PROJECT_ANNOTATION_KEY" flag:"dtrack-parent-project-annotation-key"`
 	DtrackProjectNameAnnotationKey   string   `yaml:"dtrackProjectNameAnnotationKey" env:"SBOM_DTRACK_PROJECT_NAME_ANNOTATION_KEY" flag:"dtrack-project-name-annotation-key"`
 	KubernetesClusterId              string   `yaml:"kubernetesClusterId" env:"SBOM_KUBERNETES_CLUSTER_ID" flag:"kubernetes-cluster-id"`
@@ -66,6 +67,7 @@ var (
 	ConfigKeyDependencyTrackCaCertFile                       = "dtrack-ca-cert-file"
 	ConfigKeyDependencyTrackClientCertFile                   = "dtrack-client-cert-file"
 	ConfigKeyDependencyTrackClientKeyFile                    = "dtrack-client-key-file"
+	ConfigKeyDefaultParentProject                            = "dtrack-default-parent-project"
 	ConfigKeyDependencyTrackDtrackParentProjectAnnotationKey = "dtrack-parent-project-annotation-key"
 	ConfigKeyDependencyTrackDtrackProjectNameAnnotationKey   = "dtrack-project-name-annotation-key"
 	ConfigKeyKubernetesClusterId                             = "kubernetes-cluster-id"

internal/processor/processor.go

@@ -141,7 +141,8 @@ func initTargets(k8s *kubernetes.KubeClient) []target.Target {
 			clientCertFile := internal.OperatorConfig.DtrackClientCertFile
 			clientKeyFile := internal.OperatorConfig.DtrackClientKeyFile
 			k8sClusterId := internal.OperatorConfig.KubernetesClusterId
-			t := dtrack.NewDependencyTrackTarget(baseUrl, apiKey, podLabelTagMatcher, caCertFile, clientCertFile, clientKeyFile, k8sClusterId, parentProjectAnnotationKey, projectNameAnnotationKey)
+			defaultParentProject := internal.OperatorConfig.DtrackDefaultParentProject
+			t := dtrack.NewDependencyTrackTarget(baseUrl, apiKey, podLabelTagMatcher, caCertFile, clientCertFile, clientKeyFile, k8sClusterId, defaultParentProject, parentProjectAnnotationKey, projectNameAnnotationKey)
 			err = t.ValidateConfig()
 			targets = append(targets, t)
 		} else if ta == "oci" {

internal/target/dtrack/dtrack_target.go

@@ -22,13 +22,16 @@ type DependencyTrackTarget struct {
 	baseUrl                    string
 	apiKey                     string
 	podLabelTagMatcher         string
+	defaultParentProject       string
 	parentProjectAnnotationKey string
 	projectNameAnnotationKey   string
 	caCertFile                 string
 	clientCertFile             string
 	clientKeyFile              string
 	k8sClusterId               string
 	imageProjectMap            map[string]uuid.UUID
+
+	defaultParentProjectParsed *uuid.UUID
 }
 
 const (
@@ -38,7 +41,7 @@ const (
 	podNamespaceTagKey = "namespace"
 )
 
-func NewDependencyTrackTarget(baseUrl, apiKey, podLabelTagMatcher, caCertFile, clientCertFile, clientKeyFile, k8sClusterId string, parentProjectAnnotationKey string, projectNameAnnotationKey string) *DependencyTrackTarget {
+func NewDependencyTrackTarget(baseUrl, apiKey, podLabelTagMatcher, caCertFile, clientCertFile, clientKeyFile, k8sClusterId string, defaultParentProject string, parentProjectAnnotationKey string, projectNameAnnotationKey string) *DependencyTrackTarget {
 	return &DependencyTrackTarget{
 		baseUrl:                    baseUrl,
 		apiKey:                     apiKey,
@@ -47,6 +50,7 @@ func NewDependencyTrackTarget(baseUrl, apiKey, podLabelTagMatcher, caCertFile, c
 		clientCertFile:             clientCertFile,
 		clientKeyFile:              clientKeyFile,
 		k8sClusterId:               k8sClusterId,
+		defaultParentProject:       defaultParentProject,
 		parentProjectAnnotationKey: parentProjectAnnotationKey,
 		projectNameAnnotationKey:   projectNameAnnotationKey,
 	}
@@ -76,6 +80,17 @@ func (g *DependencyTrackTarget) ValidateConfig() error {
 			)
 		}
 	}
+	if g.defaultParentProject != "" {
+		uuid, err := uuid.Parse(g.defaultParentProject)
+		if err != nil {
+			return fmt.Errorf(
+				"default parent project is not a valid UUID",
+			)
+		}
+		g.defaultParentProjectParsed = &uuid
+	} else {
+		g.defaultParentProjectParsed = nil
+	}
 
 	return nil
 }
@@ -221,6 +236,10 @@ func (g *DependencyTrackTarget) ProcessSbom(ctx *target.TargetContext) error {
 		}
 	}
 
+	if project.ParentRef == nil && g.defaultParentProjectParsed != nil {
+		project.ParentRef = &dtrack.ParentRef{UUID: *g.defaultParentProjectParsed}
+	}
+
 	_, err = client.Project.Update(context.Background(), project)
 	if err != nil {
 		logrus.WithError(err).Errorf("Could not update project")

main.go

@@ -80,6 +80,7 @@ func newRootCmd() *cobra.Command {
 	rootCmd.PersistentFlags().String(internal.ConfigKeyDependencyTrackBaseUrl, "", "Dependency-Track base URL, e.g. 'https://dtrack.example.com'")
 	rootCmd.PersistentFlags().String(internal.ConfigKeyDependencyTrackApiKey, "", "Dependency-Track API key")
 	rootCmd.PersistentFlags().String(internal.ConfigKeyDependencyTrackLabelTagMatcher, "", "Dependency-Track Pod-Label-Tag matcher regex")
+	rootCmd.PersistentFlags().String(internal.ConfigKeyDefaultParentProject, "", "Dependency-Track: Dependency-Track: Default parent project UUID")
 	rootCmd.PersistentFlags().String(internal.ConfigKeyDependencyTrackDtrackParentProjectAnnotationKey, "", "Dependency-Track: kubernetes annotation-key for setting parent project")
 	rootCmd.PersistentFlags().String(internal.ConfigKeyDependencyTrackDtrackProjectNameAnnotationKey, "", "Dependency-Track: kubernetes annotation-key for setting custom project name")
 	rootCmd.PersistentFlags().String(internal.ConfigKeyKubernetesClusterId, "default", "Kubernetes Cluster ID")