-
Notifications
You must be signed in to change notification settings - Fork 15
/
command.go
678 lines (582 loc) · 22.1 KB
/
command.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
// Copyright 2021 The Audit Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package bundles
import (
"database/sql"
"encoding/json"
"errors"
"fmt"
"io"
"os"
"os/exec"
"strings"
"sync"
alphamodel "github.com/operator-framework/operator-registry/alpha/model"
"github.com/operator-framework/audit/pkg/actions"
"github.com/operator-framework/operator-registry/alpha/declcfg"
"github.com/spf13/cobra"
// To allow create connection to query the index database
_ "github.com/mattn/go-sqlite3"
"github.com/operator-framework/api/pkg/operators/v1alpha1"
log "github.com/sirupsen/logrus"
"github.com/operator-framework/audit/pkg"
"github.com/operator-framework/audit/pkg/models"
index "github.com/operator-framework/audit/pkg/reports/bundles"
)
var flags = index.BindFlags{}
func NewCmd() *cobra.Command {
cmd := &cobra.Command{
Use: "bundles",
Short: "audit all operator bundles of an index catalog image",
Long: `Provides reports with the details of all bundles operators ship in the index image informed.
## When should I use it?
This command is used to extract the data required for audit tool be able to parse.
By running this command audit tool will:
- Extract the database from the image informed
- Perform SQL queries to obtain the data from the index db
- Download and extract all bundles files by using the operator bundle path which is stored in the index db
- Get the required data for the report from the operator bundle manifest files
- Use the [operator-framework/api][of-api] to execute the bundle validator checks
- Use SDK tool to execute the Scorecard bundle checks
- Output a report providing the information obtained and processed in JSON format.
`,
PreRunE: validation,
RunE: run,
}
currentPath, err := os.Getwd()
if err != nil {
log.Error(err)
os.Exit(1)
}
cmd.Flags().StringVar(&flags.IndexImage, "index-image", "",
"index image and tag which will be audit")
if err := cmd.MarkFlagRequired("index-image"); err != nil {
log.Fatalf("Failed to mark `index-image` flag for `index` sub-command as required")
}
cmd.Flags().BoolVar(&flags.StaticCheckFIPSCompliance, "static-check-fips-compliance", false,
"If set, the tool will perform a static check for FIPS compliance on all bundle images.")
cmd.Flags().StringVar(&flags.Filter, "filter", "",
"filter by the packages names which are like *filter*")
cmd.Flags().StringVar(&flags.OutputFormat, "output", pkg.JSON,
fmt.Sprintf("inform the output format. [Options: %s]", pkg.JSON))
cmd.Flags().StringVar(&flags.OutputPath, "output-path", currentPath,
"inform the path of the directory to output the report. (Default: current directory)")
cmd.Flags().Int32Var(&flags.Limit, "limit", 0,
"limit the num of operator bundles to be audit")
cmd.Flags().BoolVar(&flags.HeadOnly, "head-only", false,
"if set, will just check the operator bundle which are head of the channels")
cmd.Flags().BoolVar(&flags.DisableScorecard, "disable-scorecard", false,
"if set, will disable the scorecard tests")
cmd.Flags().BoolVar(&flags.DisableValidators, "disable-validators", false,
"if set, will disable the validators tests")
cmd.Flags().StringVar(&flags.Label, "label", "",
"filter by bundles which has index images where contains *label*")
cmd.Flags().StringVar(&flags.LabelValue, "label-value", "",
"filter by bundles which has index images where contains *label=label-value*. "+
"This option can only be used with the --label flag.")
cmd.Flags().BoolVar(&flags.ServerMode, "server-mode", false,
"if set, the images which are downloaded will not be removed. This flag should be used on dedicated "+
"environments and reduce the cost to generate the reports periodically")
cmd.Flags().StringVar(&flags.ContainerEngine, "container-engine", pkg.Docker,
fmt.Sprintf("specifies the container tool to use. If not set, the default value is docker. "+
"Note that you can use the environment variable CONTAINER_ENGINE to inform this option. "+
"[Options: %s and %s]", pkg.Docker, pkg.Podman))
return cmd
}
// CheckFIPSAnnotations searches for variants of the FIPS annotations.
func CheckFIPSAnnotations(csv *v1alpha1.ClusterServiceVersion) (bool, error) {
fipsAnnotationPatterns := []string{
"features.operators.openshift.io/fips-compliant",
"operators.openshift.io/infrastructure-features",
}
for _, pattern := range fipsAnnotationPatterns {
if value, exists := csv.Annotations[pattern]; exists &&
(strings.Contains(value, "fips") || strings.Contains(value, "true")) {
return true, nil
}
}
return false, nil
}
// ExtractUniqueImageReferences get a unique list of operator image and related images
func ExtractUniqueImageReferences(operatorBundlePath string, csv *v1alpha1.ClusterServiceVersion) ([]string, error) {
var imageRefs []string
// Extract image references from RelatedImages slice
for _, relatedImage := range csv.Spec.RelatedImages {
imageRefs = append(imageRefs, relatedImage.Image)
}
imageRefs = append(imageRefs, operatorBundlePath)
// Remove duplicates
uniqueRefs := removeDuplicates(imageRefs)
return uniqueRefs, nil
}
func removeDuplicates(elements []string) []string {
encountered := map[string]bool{}
result := []string{}
for v := range elements {
if !encountered[elements[v]] {
encountered[elements[v]] = true
result = append(result, elements[v])
}
}
return result
}
// Define structured types for warnings and errors
type Warning struct {
OperatorName string
RPMName string
ExecutableName string
Status string
Image string
}
type Error struct {
OperatorName string
RPMName string
ExecutableName string
Status string
Image string
}
// ExecuteExternalValidator runs the external validator on the provided image reference.
func ExecuteExternalValidator(imageRef string) (bool, []Warning, []Error, error) {
extValidatorCmd := "sudo check-payload scan operator --spec " + imageRef + " --log_file=/dev/null --output-format=csv"
cmd := exec.Command("bash", "-c", extValidatorCmd)
log.Infof("Executing external validator with command: %s", extValidatorCmd)
output, err := cmd.CombinedOutput()
if err != nil {
log.Infof("command failed: %v, output: %s", err, string(output))
}
lines := strings.Split(string(output), "\n")
var warnings []Warning
var errors []Error
var currentHeader []string
inFailureReport, inWarningReport := false, false
for _, line := range lines {
log.Infof("External validator line: %s", line)
switch {
case line == "---- Failure Report":
inFailureReport = true
inWarningReport = false
case line == "---- Warning Report":
inWarningReport = true
inFailureReport = false
case strings.Contains(line, "Operator Name"):
// Parse header line
currentHeader = strings.Split(line, ",")
case inFailureReport:
if currentHeader != nil {
parseReportLine(line, &errors, currentHeader)
}
case inWarningReport:
if currentHeader != nil {
parseReportLine(line, &warnings, currentHeader)
}
}
// Reset states and header for next section
if line == "---- Successful run" || line == "" {
inFailureReport, inWarningReport = false, false
currentHeader = nil
}
}
success := len(errors) == 0
return success, warnings, errors, nil
}
func parseReportLine(line string, report interface{}, header []string) {
// Ignore control lines starting with "----" and blank lines
if strings.HasPrefix(line, "----") || strings.TrimSpace(line) == "" {
return
}
columns := strings.Split(line, ",")
if len(columns) < len(header) {
log.Printf("Warning: Line has fewer columns than expected. Skipping line: %s", line)
return
}
data := make(map[string]string)
for i, columnName := range header {
if i < len(columns) {
data[strings.TrimSpace(columnName)] = strings.TrimSpace(columns[i])
}
}
// Dynamically create Warning or Error based on the header
switch v := report.(type) {
case *[]Warning:
warning := Warning{}
fillReportFromData(&warning, data)
*v = append(*v, warning)
case *[]Error:
error := Error{}
fillReportFromData(&error, data)
*v = append(*v, error)
}
}
// fillReportFromData populates a report (Warning or Error) with data from the map
func fillReportFromData(report interface{}, data map[string]string) {
switch v := report.(type) {
case *Warning:
v.OperatorName = data["Operator Name"]
v.RPMName = data["RPM Name"]
v.ExecutableName = data["Executable Name"]
v.Status = data["Status"]
v.Image = data["Image"]
case *Error:
v.OperatorName = data["Operator Name"]
v.RPMName = data["RPM Name"]
v.ExecutableName = data["Executable Name"]
v.Status = data["Status"]
v.Image = data["Image"]
}
}
// ProcessValidatorResults takes the results from the external validator and appends them to the report data.
func ProcessValidatorResults(success bool, warnings []Warning, errors []Error, auditBundle *models.AuditBundle) {
var combinedErrors []string
if !success {
for _, err := range errors {
combinedErrors = append(combinedErrors, fmt.Sprintf("ERROR for Operator '%s', Executable '%s': %s (Image: %s)",
err.OperatorName, err.ExecutableName, err.Status, err.Image))
}
}
for _, warning := range warnings {
combinedErrors = append(combinedErrors, fmt.Sprintf("WARNING for Operator '%s', Executable '%s': %s (Image: %s)",
warning.OperatorName, warning.ExecutableName, warning.Status, warning.Image))
}
log.Infof("Adding FIPS check info to auditBundle with %s", combinedErrors)
auditBundle.Errors = append(auditBundle.Errors, combinedErrors...)
}
func validation(cmd *cobra.Command, args []string) error {
if flags.Limit < 0 {
return fmt.Errorf("invalid value informed via the --limit flag :%v", flags.Limit)
}
if len(flags.OutputFormat) > 0 && flags.OutputFormat != pkg.JSON {
return fmt.Errorf("invalid value informed via the --output flag :%v. "+
"The available option is: %s", flags.OutputFormat, pkg.JSON)
}
if len(flags.OutputPath) > 0 {
if _, err := os.Stat(flags.OutputPath); os.IsNotExist(err) {
return err
}
}
if len(flags.LabelValue) > 0 && len(flags.Label) == 0 {
return fmt.Errorf("inform the label via the --label flag")
}
if !flags.DisableScorecard {
if !pkg.HasClusterRunning() {
return errors.New("this report is configured to run the Scorecard tests which requires a cluster up " +
"and running. Please, startup your cluster or use the flag --disable-scorecard")
}
if !pkg.HasSDKInstalled() {
return errors.New("this report is configured to run the Scorecard tests which requires the " +
"SDK CLI version >= 1.5 installed locally.\n" +
"Please, see ensure that you have SDK installed or use the flag --disable-scorecard.\n" +
"More info: https://github.com/operator-framework/operator-sdk")
}
}
if len(flags.ContainerEngine) == 0 {
flags.ContainerEngine = pkg.GetContainerToolFromEnvVar()
}
if flags.ContainerEngine != pkg.Docker && flags.ContainerEngine != pkg.Podman {
return fmt.Errorf("invalid value for the flag --container-engine (%s)."+
" The valid options are %s and %s", flags.ContainerEngine, pkg.Docker, pkg.Podman)
}
return nil
}
func run(cmd *cobra.Command, args []string) error {
log.Info("Starting audit...")
reportData := index.Data{}
reportData.Flags = flags
pkg.GenerateTemporaryDirs()
// to fix common possible typo issue
reportData.Flags.Filter = strings.ReplaceAll(reportData.Flags.Filter, "”", "")
if err := actions.DownloadImage(flags.IndexImage, flags.ContainerEngine); err != nil {
return err
}
// Inspect the OLM index image
var err error
reportData.IndexImageInspect, err = pkg.RunDockerInspect(flags.IndexImage, flags.ContainerEngine)
if err != nil {
log.Errorf("unable to inspect the index image: %s", err)
}
if err := actions.ExtractIndexDBorCatalogs(flags.IndexImage, flags.ContainerEngine); err != nil {
return err
}
log.Info("Gathering data...")
// check here to see if it's index.db or file-based catalogs
if IsFBC(flags.IndexImage) {
reportData, _ = GetDataFromFBC(reportData)
} else {
reportData, _ = GetDataFromIndexDB(reportData)
}
if err := reportData.OutputReport(); err != nil {
return err
}
pkg.CleanupTemporaryDirs()
log.Info("Operation completed.")
return nil
}
func handleFIPS(operatorBundlePath string, csv *v1alpha1.ClusterServiceVersion, auditBundle *models.AuditBundle) error {
isClaimingFIPSCompliant, err := CheckFIPSAnnotations(csv)
if err != nil {
return err
}
if !isClaimingFIPSCompliant {
return nil
}
uniqueImageRefs, err := ExtractUniqueImageReferences(operatorBundlePath, csv)
if err != nil {
return err
}
for _, imageRef := range uniqueImageRefs {
success, warnings, errors, err := ExecuteExternalValidator(imageRef)
if err != nil {
log.Errorf("Error while executing FIPS compliance check on image: %s. Error: %s", imageRef, err.Error())
continue
}
log.Infof("Processing FIPS check results on image: %s.", imageRef)
ProcessValidatorResults(success, warnings, errors, auditBundle)
}
return nil
}
func IsFBC(indexImage string) bool {
//check if /output/versiontag/configs is populated to determine if the catalog is file-based
root := "./output/" + actions.GetVersionTagFromImage(indexImage) + "/configs"
f, err := os.Open(root)
if err != nil {
return false
}
defer f.Close()
_, err = f.Readdir(1)
if err == io.EOF {
return false
}
log.Infof("./output/%s/configs is present & populated so this must be a file-based config catalog",
actions.GetVersionTagFromImage(indexImage))
return true
}
func GetDataFromFBC(report index.Data) (index.Data, error) {
root := "./output/" + actions.GetVersionTagFromImage(report.Flags.IndexImage) + "/configs"
fileSystem := os.DirFS(root)
fbc, err := declcfg.LoadFS(fileSystem)
if err != nil {
return report, fmt.Errorf("unable to load the file based config : %s", err)
}
model, err := declcfg.ConvertToModel(*fbc)
if err != nil {
return report, fmt.Errorf("unable to file based config to internal model: %s", err)
}
const maxConcurrency = 4
packageChan := make(chan *alphamodel.Package, maxConcurrency)
resultsChan := make(chan *index.Data, maxConcurrency)
var wg sync.WaitGroup
// Start worker goroutines
for i := 0; i < maxConcurrency; i++ {
wg.Add(1)
go packageWorker(packageChan, resultsChan, &wg)
}
// Send packages to the workers
go func() {
for _, Package := range model {
packageChan <- Package
}
close(packageChan)
}()
// Close the results channel when all workers are done
go func() {
wg.Wait()
close(resultsChan)
}()
// Collect results
for result := range resultsChan {
report.AuditBundle = append(report.AuditBundle, result.AuditBundle...)
}
return report, nil
}
func packageWorker(packageChan <-chan *alphamodel.Package, resultsChan chan<- *index.Data, wg *sync.WaitGroup) {
defer wg.Done()
for Package := range packageChan {
// Initialize a local variable to store results for this package
var result index.Data
// Iterate over the channels in the package
for _, channel := range Package.Channels {
headBundle, err := channel.Head()
if err != nil {
continue
}
for _, bundle := range channel.Bundles {
auditBundle := models.NewAuditBundle(bundle.Name, bundle.Image)
if headBundle == bundle {
auditBundle.IsHeadOfChannel = true
} else {
if flags.HeadOnly {
continue
}
}
log.Infof("Generating data from the bundle (%s)", bundle.Name)
var csv *v1alpha1.ClusterServiceVersion
err := json.Unmarshal([]byte(bundle.CsvJSON), &csv)
if err == nil {
auditBundle.CSVFromIndexDB = csv
} else {
auditBundle.Errors = append(auditBundle.Errors,
fmt.Errorf("unable to parse the csv from the index.db: %s", err).Error())
}
// Call GetDataFromBundleImage
auditBundle = actions.GetDataFromBundleImage(auditBundle, flags.DisableScorecard,
flags.DisableValidators, flags.ServerMode, flags.Label,
flags.LabelValue, flags.ContainerEngine, flags.IndexImage)
// Extra inner loop for channels
for _, channel := range Package.Channels {
auditBundle.Channels = append(auditBundle.Channels, channel.Name)
}
auditBundle.PackageName = Package.Name
auditBundle.DefaultChannel = Package.DefaultChannel.Name
// Collect properties not found in the index version
for _, property := range bundle.Properties {
auditBundle.PropertiesDB = append(auditBundle.PropertiesDB,
pkg.PropertiesAnnotation{Type: property.Type, Value: string(property.Value)})
}
headBundle, err := channel.Head()
if err == nil {
if headBundle == bundle {
auditBundle.IsHeadOfChannel = true
}
}
if flags.StaticCheckFIPSCompliance {
err = handleFIPS(auditBundle.OperatorBundleImagePath, csv, auditBundle)
if err != nil {
// Check for specific error types and provide more informative messages
if exitError, ok := err.(*exec.ExitError); ok {
if exitError.ExitCode() == 127 {
auditBundle.Errors = append(auditBundle.Errors,
"Failed to run FIPS external validator: Command not found.")
} else {
auditBundle.Errors = append(auditBundle.Errors,
fmt.Sprintf("FIPS external validator returned with exit code %d.", exitError.ExitCode()))
}
} else {
auditBundle.Errors = append(auditBundle.Errors,
fmt.Sprintf("Difficulty running FIPS external validator: %s", err.Error()))
}
}
}
result.AuditBundle = append(result.AuditBundle, *auditBundle)
}
}
// Send the result to the results channel
resultsChan <- &result
}
}
func GetDataFromIndexDB(report index.Data) (index.Data, error) {
// Connect to the database
db, err := sql.Open("sqlite3", "./output/"+
actions.GetVersionTagFromImage(report.Flags.IndexImage)+"/index.db")
if err != nil {
return report, fmt.Errorf("unable to connect in to the database : %s", err)
}
sql, err := report.BuildBundlesQuery()
if err != nil {
return report, err
}
row, err := db.Query(sql)
if err != nil {
return report, fmt.Errorf("unable to query the index db : %s", err)
}
defer row.Close()
for row.Next() {
var bundleName string
var csv *string
var bundlePath string
var csvStruct *v1alpha1.ClusterServiceVersion
err = row.Scan(&bundleName, &csv, &bundlePath)
if err != nil {
log.Errorf("unable to scan data from index %s\n", err.Error())
}
log.Infof("Generating data from the bundle (%s)", bundleName)
auditBundle := models.NewAuditBundle(bundleName, bundlePath)
// the csv is pruned from the database to save space.
// See that is store only what is needed to populate the package manifest on cluster, all the extra
// manifests are pruned to save storage space
if csv != nil {
err = json.Unmarshal([]byte(*csv), &csvStruct)
if err == nil {
auditBundle.CSVFromIndexDB = csvStruct
} else {
auditBundle.Errors = append(auditBundle.Errors,
fmt.Errorf("unable to parse the csv from the index.db: %s", err).Error())
}
}
auditBundle = actions.GetDataFromBundleImage(auditBundle, report.Flags.DisableScorecard,
report.Flags.DisableValidators, report.Flags.ServerMode, report.Flags.Label,
report.Flags.LabelValue, flags.ContainerEngine, report.Flags.IndexImage)
sqlString := fmt.Sprintf("SELECT c.channel_name, c.package_name FROM channel_entry c "+
"where c.operatorbundle_name = '%s'", auditBundle.OperatorBundleName)
row, err := db.Query(sqlString)
if err != nil {
return report, fmt.Errorf("unable to query channel entry in the index db : %s", err)
}
defer row.Close()
var channelName string
var packageName string
for row.Next() { // Iterate and fetch the records from result cursor
_ = row.Scan(&channelName, &packageName)
auditBundle.Channels = append(auditBundle.Channels, channelName)
auditBundle.PackageName = packageName
}
if len(strings.TrimSpace(auditBundle.PackageName)) == 0 && auditBundle.Bundle != nil {
auditBundle.PackageName = auditBundle.Bundle.Package
}
sqlString = fmt.Sprintf("SELECT default_channel FROM package WHERE name = '%s'", auditBundle.PackageName)
row, err = db.Query(sqlString)
if err != nil {
return report, fmt.Errorf("unable to query default channel entry in the index db : %s", err)
}
defer row.Close()
var defaultChannelName string
for row.Next() { // Iterate and fetch the records from result cursor
_ = row.Scan(&defaultChannelName)
auditBundle.DefaultChannel = defaultChannelName
}
//TODO Think this should actually be:
// SELECT DISTINCT type, value FROM properties
// WHERE operatorbundle_name=?
// AND (operatorbundle_version=? OR operatorbundle_version is NULL)
// AND (operatorbundle_path=? OR operatorbundle_path is NULL)
// but leaving this as-is because this is the baseline for index-based audit reports.
// The redundant entries caused w/out DISTINCT seem okay?
sqlString = fmt.Sprintf("SELECT type, value FROM properties WHERE operatorbundle_name = '%s'",
auditBundle.OperatorBundleName)
row, err = db.Query(sqlString)
if err != nil {
return report, fmt.Errorf("unable to query properties entry in the index db : %s", err)
}
defer row.Close()
var properType string
var properValue string
for row.Next() { // Iterate and fetch the records from result cursor
_ = row.Scan(&properType, &properValue)
auditBundle.PropertiesDB = append(auditBundle.PropertiesDB,
pkg.PropertiesAnnotation{Type: properType, Value: properValue})
}
sqlString = fmt.Sprintf("select count(*) from channel where head_operatorbundle_name = '%s'",
auditBundle.OperatorBundleName)
row, err = db.Query(sqlString)
if err != nil {
return report, fmt.Errorf("unable to query properties entry in the index db : %s", err)
}
defer row.Close()
var found int
for row.Next() { // Iterate and fetch the records from result cursor
_ = row.Scan(&found)
auditBundle.IsHeadOfChannel = found > 0
}
report.AuditBundle = append(report.AuditBundle, *auditBundle)
}
return report, nil
}