matcher: Introduce Remote Matcher interface (#202)

* matcher: Add preliminary support for Remote Matcher RemoteMatcher is an additional interface that a Matcher can implement. When called the interface can invoke the remote matcher using the RESTful API to fetch new vulnerabilities associated with the given IndexRecords. The information retrieved from this interface **won't be persisted** into ClairCore database. * Update internal/matcher/controller.go Co-authored-by: Louis DeLosSantos <louis.delos@gmail.com> * remotematcher: Add a realistic deadline for QueryRemoteMatcher call * remotematcher: Change deadline to 60s according to review comments Co-authored-by: Louis DeLosSantos <louis.delos@gmail.com>
quay · Jul 16, 2020 · d51d4c3 · d51d4c3
1 parent 1b6b49a
commit d51d4c3
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/internal/matcher/controller.go b/internal/matcher/controller.go
@@ -2,6 +2,7 @@ package matcher
 
 import (
 	"context"
+	"time"
 
 	"github.com/rs/zerolog"
 
@@ -45,6 +46,15 @@ func (mc *Controller) Match(ctx context.Context, records []*claircore.IndexRecor
 		return map[string][]*claircore.Vulnerability{}, nil
 	}
 
+	remoteMatcher, matchedVulns, err := mc.queryRemoteMatcher(ctx, interested)
+	if remoteMatcher {
+		if err != nil {
+			log.Error().Err(err).Msg("remote matcher error, returning empty results")
+			return map[string][]*claircore.Vulnerability{}, nil
+		}
+		return matchedVulns, nil
+	}
+
 	dbSide, authoritative := mc.dbFilter()
 	log.Debug().
 		Bool("opt-in", dbSide).
@@ -71,6 +81,19 @@ func (mc *Controller) Match(ctx context.Context, records []*claircore.IndexRecor
 	return filteredVulns, nil
 }
 
+// If RemoteMatcher exists, it will call the matcher service which runs on a remote
+// machine and fetches the vulnerabilities associated with the IndexRecords.
+func (mc *Controller) queryRemoteMatcher(ctx context.Context, interested []*claircore.IndexRecord) (bool, map[string][]*claircore.Vulnerability, error) {
+	f, ok := mc.m.(driver.RemoteMatcher)
+	if !ok {
+		return false, nil, nil
+	}
+	tctx, cancel := context.WithTimeout(ctx, 60*time.Second)
+	defer cancel()
+	vulns, err := f.QueryRemoteMatcher(tctx, interested)
+	return true, vulns, err
+}
+
 // DbFilter reports whether the db-side version filtering can be used, and
 // whether it's authoritative.
 func (mc *Controller) dbFilter() (bool, bool) {

diff --git a/libvuln/driver/remotematcher.go b/libvuln/driver/remotematcher.go
@@ -0,0 +1,17 @@
+package driver
+
+import (
+	"context"
+
+	"github.com/quay/claircore"
+)
+
+// RemoteMatcher is an additional interface that a Matcher can implement.
+
+// When called the interface can invoke the remote matcher using the RESTful API
+// to fetch new vulnerabilities associated with the given IndexRecords.
+
+// The information retrieved from this interface won't be persisted into ClairCore database.
+type RemoteMatcher interface {
+	QueryRemoteMatcher(ctx context.Context, records []*claircore.IndexRecord) (map[string][]*claircore.Vulnerability, error)
+}