/
registry.go
172 lines (150 loc) · 5.02 KB
/
registry.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
package kv
import (
"encoding/json"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"sort"
"strings"
log "github.com/sirupsen/logrus"
"github.com/neuvector/neuvector/controller/api"
"github.com/neuvector/neuvector/share"
"github.com/neuvector/neuvector/share/cluster"
)
const registryDataDir = NeuvectorDir + "registry/"
const summarySuffix = ".sum"
const reportSuffix = ".gz"
func registryImageSummaryFileName(name, id string) string {
return fmt.Sprintf("%s%s/%s%s", registryDataDir, name, id, summarySuffix)
}
func registryImageReportFileName(name, id string) string {
return fmt.Sprintf("%s%s/%s%s", registryDataDir, name, id, reportSuffix)
}
func writeRegistryImageSummary(name, id string, dat []byte) error {
path := fmt.Sprintf("%s%s", registryDataDir, name)
if _, err := os.Stat(path); os.IsNotExist(err) {
os.MkdirAll(path, 0755)
}
filename := registryImageSummaryFileName(name, id)
if err := ioutil.WriteFile(filename, dat, 0755); err != nil {
log.WithFields(log.Fields{"error": err, "filename": filename}).Error("Unable to write file")
return err
}
return nil
}
func writeRegistryImageReport(name, id string, dat []byte) error {
path := fmt.Sprintf("%s%s", registryDataDir, name)
if _, err := os.Stat(path); os.IsNotExist(err) {
os.MkdirAll(path, 0755)
}
filename := registryImageReportFileName(name, id)
if err := ioutil.WriteFile(filename, dat, 0755); err != nil {
log.WithFields(log.Fields{"error": err, "filename": filename}).Error("Unable to write file")
return err
}
return nil
}
func deleteRegistryImageSummary(name, id string) error {
filename := registryImageSummaryFileName(name, id)
return os.Remove(filename)
}
func deleteRegistryImageReport(name, id string) error {
filename := registryImageReportFileName(name, id)
return os.Remove(filename)
}
func readRegistryImageSummary(name, id string) ([]byte, error) {
filename := registryImageSummaryFileName(name, id)
if dat, err := ioutil.ReadFile(filename); err != nil {
return nil, err
} else {
return dat, nil
}
}
func readRegistryImageReport(name, id string) ([]byte, error) {
filename := registryImageReportFileName(name, id)
if dat, err := ioutil.ReadFile(filename); err != nil {
return nil, err
} else {
return dat, nil
}
}
func createRegistryDir(name string) error {
path := fmt.Sprintf("%s%s", registryDataDir, name)
if _, err := os.Stat(path); os.IsNotExist(err) {
return os.MkdirAll(path, 0755)
} else {
return nil
}
}
func deleteRegistryDir(name string) error {
path := fmt.Sprintf("%s%s", registryDataDir, name)
return os.RemoveAll(path)
}
func restoreToCluster(reg string) {
regPath := fmt.Sprintf("%s%s", registryDataDir, reg)
log.WithFields(log.Fields{"regPath": regPath, "name": reg}).Debug("Restore to cluster")
// 1. Read summary first
sums := make([]*share.CLUSRegistryImageSummary, 0)
filepath.Walk(regPath, func(path string, info os.FileInfo, err error) error {
if info != nil && strings.HasSuffix(path, summarySuffix) {
value, err := ioutil.ReadFile(path)
if err == nil {
var sum share.CLUSRegistryImageSummary
if err = json.Unmarshal(value, &sum); err == nil {
if sum.Status == api.ScanStatusFinished {
sums = append(sums, &sum)
}
} else {
log.WithFields(log.Fields{"error": err, "path": path}).Error("Failed to unmarshal summary")
}
} else {
log.WithFields(log.Fields{"error": err, "path": path}).Error("Failed to read summary")
}
}
return nil
})
// 2. Sort summary new to old, and remove the old ones
if len(sums) > api.ScanPersistImageMax {
sort.Slice(sums, func(i, j int) bool { return sums[i].ScannedAt.After(sums[j].ScannedAt) })
dels := sums[api.ScanPersistImageMax:]
sums = sums[:api.ScanPersistImageMax]
for _, sum := range dels {
os.Remove(fmt.Sprintf("%s/%s%s", regPath, sum.ImageID, summarySuffix))
os.Remove(fmt.Sprintf("%s/%s%s", regPath, sum.ImageID, reportSuffix))
}
log.WithFields(log.Fields{"count": len(dels)}).Info("Remove old images")
}
// 3. Read the report and write both into kv
for _, sum := range sums {
key := share.CLUSRegistryImageStateKey(reg, sum.ImageID)
value, _ := json.Marshal(&sum)
if err := cluster.Put(key, value); err != nil {
log.WithFields(log.Fields{"error": err}).Error("Failed to restore summary to cluster")
}
rptFile := fmt.Sprintf("%s/%s%s", regPath, sum.ImageID, reportSuffix)
value, err := ioutil.ReadFile(rptFile)
if err == nil {
key = share.CLUSRegistryImageDataKey(reg, sum.ImageID)
if err = cluster.PutBinary(key, value); err != nil {
log.WithFields(log.Fields{"error": err}).Error("Failed to restore report to cluster")
}
} else {
log.WithFields(log.Fields{"error": err, "path": rptFile}).Error("Failed to read report")
}
}
}
func restoreRegistry(ch chan<- error) {
files, err := ioutil.ReadDir(registryDataDir)
if err != nil {
log.WithFields(log.Fields{"error": err}).Debug("Failed to read registry directory")
} else {
for _, info := range files {
name := info.Name()
if info.IsDir() && name != "" && name != "." {
restoreToCluster(name)
}
}
}
ch <- err
}