Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: use SNYK_CFG for IaC OCI registry env vars [CFG-1165] #2336

Merged
merged 2 commits into from
Nov 8, 2021
Merged

feat: use SNYK_CFG for IaC OCI registry env vars [CFG-1165] #2336

merged 2 commits into from
Nov 8, 2021

Conversation

teodora-sandu
Copy link
Contributor

@teodora-sandu teodora-sandu commented Nov 2, 2021
edited

What does this PR do?

This PR changes the IaC OCI registry env vars to be set via snyk config set by using the SNYK_CFG_ prefix.

Where should the reviewer start?

The code change is pretty small and straightforward, but there will be other places we'll need to change these.
For now, the tests work without changing the CircleCI environment variables because we read them and then pass them with SNYK_CFG_ prefixed to them in the acceptance tests. I will need to update them in the public docs, 1Password, and the contract tests in https://github.com/snyk/snyk-iac-rules

How should this be manually tested?

  1. Run npm run build
  2. Run the CLI with no configs: snyk-dev iac test test/fixtures/iac/terraform/sg_open_ssh.tf
  3. Use the details in the IaC Tests - OCI Registries Credentials vault to set the following:
snyk-dev config set oci-registry-url=
snyk-dev config set oci-registry-username=
snyk-dev config set oci-registry-password=
  1. Run the CLI with the configs: snyk-dev iac test test/fixtures/iac/terraform/sg_open_ssh.tf

Any background context you want to provide?

We agreed on this in this Slack thread.

What are the relevant tickets?

https://snyksec.atlassian.net/browse/CFG-1165

Screenshots

Step 2:
Screenshot 2021-11-02 at 16 32 37

Step 4:
Screenshot 2021-11-02 at 16 35 13

Help docs:
Screenshot 2021-11-08 at 11 05 29
Screenshot 2021-11-08 at 11 10 16
Screenshot 2021-11-08 at 11 10 21
Screenshot 2021-11-08 at 11 12 03

@teodora-sandu teodora-sandu requested review from a team and craigfurman November 2, 2021 16:42
@teodora-sandu teodora-sandu changed the title feat: use SNYK_CFG for IaC OCI registry env vars feat: use SNYK_CFG for IaC OCI registry env vars [CFG-1165] Nov 2, 2021
@teodora-sandu teodora-sandu requested review from ipapast and removed request for craigfurman November 2, 2021 16:42
teodora-sandu
teodora-sandu commented Nov 2, 2021
View reviewed changes
test/jest/acceptance/iac/custom-rules.spec.ts
@@ -92,22 +92,22 @@ describe('custom rules pull from a remote OCI registry', () => {
test.each(cases)(
'given %p as a registry and correct credentials, it returns a success exit code',
async (
OCI_REGISTRY_NAME,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ipapast We can get away without changing the env vars in CircleCI (and the same for snyk-iac-rules), but I'm wondering if you think it's confusing?

Copy link
Contributor

@ipapast ipapast Nov 5, 2021
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think let's keep them consistent, it's not a big deal to change them in CircleCI. (we also might not remember this in a few months time :) )
+++ update in 1password

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated the variables in the code but will change them in CircleCI when I'm close to merging, so we don't break existing pipelines

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should go with expand and contract; have both the new and old values on the first merge, remove after the merge. just in case someone's releasing at the same time

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I just realised that the env vars in CircleCI have nothing to do with the SNYK_CFG env vars. They are strictly configured for the tests, so we can then pass them to the SNYK_CFG env vars. So I will keep them as they are

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AH!! yes, you are very right, I explicitly named them with the registry name inside (docker, etc) for this reason, I should have remembered it 😆

This was referenced Nov 2, 2021
Closed
Merged
ipapast
ipapast approved these changes Nov 5, 2021
View reviewed changes
Copy link
Contributor

@ipapast ipapast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested this with set, unset, clear and it works great.
We had a chat on Slack with Teo about generating docs to show the usage of these env vars too.
I'm approving as it works great, some docs will be added soon

@teodora-sandu teodora-sandu requested a review from a team as a code owner November 5, 2021 13:48
@teodora-sandu teodora-sandu force-pushed the feat/use-snyk-cfg-oci-registry branch 2 times, most recently from 4279330 to 2f92ad3 Compare November 8, 2021 10:00
@teodora-sandu teodora-sandu force-pushed the feat/use-snyk-cfg-oci-registry branch 5 times, most recently from 2d1c68e to 828972e Compare November 8, 2021 11:12
ghost
ghost reviewed Nov 8, 2021
View reviewed changes
help/commands-docs/_ENVIRONMENT.md Outdated Show resolved Hide resolved
help/commands-txt/snyk-auth.txt Show resolved Hide resolved
@teodora-sandu teodora-sandu merged commit b510f8e into master Nov 8, 2021
@teodora-sandu teodora-sandu deleted the feat/use-snyk-cfg-oci-registry branch November 8, 2021 16:17
@teodora-sandu teodora-sandu mentioned this pull request Nov 8, 2021
Merged
This was referenced Jan 16, 2022
Open
Open
This was referenced Jan 17, 2022
Open
Open
This was referenced Feb 1, 2022
Closed
Open
Open
Open
@snyk-bot snyk-bot mentioned this pull request Feb 23, 2022
Merged
This was referenced Sep 22, 2022
Closed
Closed
This was referenced Sep 24, 2022
Open
Open
This was referenced Sep 26, 2022
Closed
Closed
@snyk-bot snyk-bot mentioned this pull request Sep 30, 2022
Closed
@aliscco aliscco mentioned this pull request Sep 30, 2022
Open
This was referenced Oct 1, 2022
Open
Closed
@aliscco aliscco mentioned this pull request Oct 2, 2022
Open
This was referenced Oct 3, 2022
Open
Closed
@shaniHerz shaniHerz mentioned this pull request Oct 4, 2022
Closed
@snyk-bot snyk-bot mentioned this pull request Oct 4, 2022
Closed
@hiep98 hiep98 mentioned this pull request Oct 5, 2022
Open
@allRounderWiser allRounderWiser mentioned this pull request Oct 6, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Feb 3, 2023
Merged
This was referenced Feb 19, 2023
Merged
Merged
@snyk-bot snyk-bot mentioned this pull request Feb 28, 2023
Merged
@cloudgeek7 cloudgeek7 mentioned this pull request Mar 16, 2023
Open
@snyk-bot snyk-bot mentioned this pull request Mar 17, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ipapast ipapast ipapast approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@teodora-sandu @ipapast