-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Enhance walkers to create some kind of report #1289
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few remarks on the first look. I still didn't try to run it
d36147b
to
30ce891
Compare
🚀 Deployed Preview: https://trustification-spog-pr-1289-preview.surge.sh ✨ |
retest it |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I couldn't run the compose successfully, the walkers panic with
invalid character 's' looking for beginning of value
Did you see this as well? If not, can you provide some basic instructions on how to test it?
I can run TRUST_IMAGE=trust TRUST_VERSION=latest docker-compose -f compose.yaml -f compose-guac.yaml -f compose-trustification.yaml -f compose-collectors.yaml -f compose-walkers.yaml up --force-recreate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I ran the walker manually for now ingesting dataset1
REPORT_TYPE=SBOM REPORT_PATH=/tmp/share/reports/sbom RUST_LOG=info cargo run -p trust bombastic walker --sink http://localhost:8082 --devmode --source file:./data/ds1/sbom
Here are some comments
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work. I think things are going in the right direction. Here are some more comments for minor improvements.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me. Just a few more minor comments
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just took a look at the Rust part. I don't feel having enough understanding of the deployment part.
02ea0fc
to
015638d
Compare
common/walker/templates/report.html
Outdated
<meta charset="UTF-8"> | ||
<meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
<title>Walker Report</title> | ||
<link rel="stylesheet" href="https://unpkg.com/@patternfly/patternfly/patternfly.css"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for overlooking this before. However, relying on CDNs like this, for a product, will cause some issues.
Assuming this is run in an air-gapped environment, this won't work. I am also not sure if this is compliant with privacy policies like GDPR.
A possible solution would be to provide an env-var (via clap) to customize this base URL. We could then add this as a static asset and configure it's location from the Helm charts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see any fix for this. I see that there as an additional ConfigMap replacing this file, injecting this value via Helm. This seems overly complex to me and duplicates the while file.
I think having a way to replace the file is good. However, as we already have a template engine in place, and to replace elements in this file, we should simply re-use that same functionality for replacing the value as well. This would allow us to get rid of all the extra code below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My method is too complicated. I will change it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To me it looks like there's still the link unpkg
.
deploy/k8s/charts/trustification/templates/services/report/020-Configmap.yaml
Outdated
Show resolved
Hide resolved
deploy/k8s/charts/trustification/templates/services/report/030-PersistentVolumeClaim.yaml
Outdated
Show resolved
Hide resolved
eca6bf8
to
7435cbf
Compare
common/walker/src/report.rs
Outdated
log::info!("This report contains no error messages and does not require the generation of an error report"); | ||
return Ok(()); | ||
} | ||
let template_file_path = env::var_os("TEMPLATE_FILE"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason this isn't handled as a clap argument? Including adding the env
attribute.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is still using env::var_os
somewhere inside the code. Why can't this be handled in the place we have the other options, using clap
, using the long
and env
option?
bombastic/walker/src/lib.rs
Outdated
|
||
/// Path of the HTML output file | ||
#[arg(long, default_value = "/tmp/share/report")] | ||
pub report_path: Option<String>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason the env
attribute is missing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That sill seems to be unresolved.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#1289 (comment)
so I do not add it in env.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure how this aligns with that comment.
- There's a default value, having the type of the value
Option<T>
doesn't seem to make sense - It can be overridden by
--report-path
(which also seems to be used), for other args we allow overriding byenv
. I don't see any reason why we shouldn't do this in this case too. - The same seems true for the vexination walker.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok , I am not sure my understander is correct, I updated the PR, please check agian.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can keep the default value. Add the env
marker and make it String
.
common/walker/templates/report.html
Outdated
<meta charset="UTF-8"> | ||
<meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
<title>Walker Report</title> | ||
<link rel="stylesheet" href="https://unpkg.com/@patternfly/patternfly/patternfly.css"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see any fix for this. I see that there as an additional ConfigMap replacing this file, injecting this value via Helm. This seems overly complex to me and duplicates the while file.
I think having a way to replace the file is good. However, as we already have a template engine in place, and to replace elements in this file, we should simply re-use that same functionality for replacing the value as well. This would allow us to get rid of all the extra code below.
deploy/k8s/charts/trustification/templates/services/report/030-PersistentVolumeClaim.yaml
Show resolved
Hide resolved
{{- $mod := dict "root" . "name" "report-server" "component" "report" "module" .Values.modules.report -}} | ||
|
||
|
||
{{/*---*/}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this needed?
report: | ||
enabled: true | ||
ingress: {} | ||
infrastructure: {} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The infrastructure got removed. Please remove this as well.
ingress: {} | ||
infrastructure: {} | ||
image: {} | ||
patternflyUrl: "https://unpkg.com/@patternfly/patternfly/patternfly.css" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As said before, this isn't a viable option for many reasons. I think we should provide a suitable option by default and save us some trouble during productization.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we define several CSS options by adding a new configuration file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC we decided on moving away from this approach and add some static CSS?
vexination/walker/src/lib.rs
Outdated
pub report_enable: bool, | ||
|
||
/// Path of the HTML output file | ||
#[arg(long, default_value = "/tmp/share/reports")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please see the other comment (bombastic) on this option.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see this issue being resolved.
@ctron @dejanb There is a new issue, patternfly.css and patternfly.min.css's sizes are both more than 1m. but configmap's size is 1m. so I can not input CSS file into configmap. So I customized some CSS styles.[1] please check it. [1] https://github.com/trustification/trustification/pull/1289/files#diff-c94245949b61109bee8690aaba8bddf73b52617107b05fe30621394692139ef7R7 |
bombastic/walker/src/lib.rs
Outdated
|
||
/// Path of the HTML output file | ||
#[arg(long, default_value = "/tmp/share/report")] | ||
pub report_path: Option<String>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That sill seems to be unresolved.
bombastic/walker/src/lib.rs
Outdated
pub report_enable: bool, | ||
|
||
/// Define report output path | ||
#[arg(long, default_value = "/tmp/share/report")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it makes sense to have this Option<T>
with a default value.
deploy/k8s/charts/trustification/templates/services/report/010-Configmap-ReportTemplate.yaml
Outdated
Show resolved
Hide resolved
command: [ "/usr/sbin/nginx" ] | ||
args: [ "-g", "daemon off;" ] | ||
ports: | ||
- containerPort: 8018 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why don't we use the port 8080 in this case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still don't see port 8080 here, but there's no explanation why this is required.
vexination/walker/src/lib.rs
Outdated
pub report_enable: bool, | ||
|
||
/// Path of the HTML output file | ||
#[arg(long, default_value = "/tmp/share/reports")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see this issue being resolved.
499ab23
to
5d6ecaf
Compare
ingress: {} | ||
infrastructure: {} | ||
image: {} | ||
patternflyUrl: "https://unpkg.com/@patternfly/patternfly/patternfly.css" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC we decided on moving away from this approach and add some static CSS?
bombastic/walker/src/lib.rs
Outdated
pub report_enable: bool, | ||
|
||
/// Path of the HTML output file | ||
#[arg(long, default_value = "/tmp/share/report")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#[arg(long, default_value = "/tmp/share/report")] | |
#[arg(long, env, default_value = "/tmp/share/report")] |
bombastic/walker/src/lib.rs
Outdated
|
||
/// Path of the HTML output file | ||
#[arg(long, default_value = "/tmp/share/report")] | ||
pub report_path: Option<String>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pub report_path: Option<String>, | |
pub report_path: String, |
bombastic/walker/src/lib.rs
Outdated
@@ -162,7 +170,9 @@ impl Run { | |||
scanner.run(interval.into()).await?; | |||
} else { | |||
let (report, result) = scanner.run_once().await.split()?; | |||
handle_report(report).await?; | |||
if self.report_enable { | |||
handle_report(report, self.report_path, "Sbom".to_string()).await?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
handle_report(report, self.report_path, "Sbom".to_string()).await?; | |
handle_report(report, self.report_path, "SBOM".to_string()).await?; |
common/walker/src/report.rs
Outdated
log::info!("This report contains no error messages and does not require the generation of an error report"); | ||
return Ok(()); | ||
} | ||
let template_file_path = env::var_os("TEMPLATE_FILE"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is still using env::var_os
somewhere inside the code. Why can't this be handled in the place we have the other options, using clap
, using the long
and env
option?
common/walker/src/report.rs
Outdated
let mut tera = Tera::default(); | ||
if let Some(file) = template_file_path { | ||
let template_file_path = file.to_str().unwrap_or(DEFAULT_TEMPLATE_FILIE).to_string(); | ||
let _ = tera.add_template_files(vec![(template_file_path, Some("report.html"))]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this error should silently be ignored.
common/walker/templates/report.html
Outdated
<meta charset="UTF-8"> | ||
<meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
<title>Walker Report</title> | ||
<link rel="stylesheet" href="https://unpkg.com/@patternfly/patternfly/patternfly.css"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To me it looks like there's still the link unpkg
.
vexination/walker/src/lib.rs
Outdated
pub report_enable: bool, | ||
|
||
/// Path of the HTML output file | ||
#[arg(long, default_value = "/tmp/share/reports")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#[arg(long, default_value = "/tmp/share/reports")] | |
#[arg(long, env, default_value = "/tmp/share/reports")] |
vexination/walker/src/lib.rs
Outdated
|
||
/// Path of the HTML output file | ||
#[arg(long, default_value = "/tmp/share/reports")] | ||
pub report_path: Option<String>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pub report_path: Option<String>, | |
pub report_path: String, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like the previous review went to an older version of the PR. Not sure what happened, sorry.
bombastic/walker/src/lib.rs
Outdated
|
||
/// Path of the HTML output file | ||
#[arg(long, default_value = "/tmp/share/report")] | ||
pub report_path: Option<String>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can keep the default value. Add the env
marker and make it String
.
deploy/k8s/charts/trustification/templates/init/dataset/020-Job.yaml
Outdated
Show resolved
Hide resolved
deploy/k8s/charts/trustification/templates/services/bombastic/walker/030-CronJob.yaml
Outdated
Show resolved
Hide resolved
command: [ "/usr/sbin/nginx" ] | ||
args: [ "-g", "daemon off;" ] | ||
ports: | ||
- containerPort: 8018 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still don't see port 8080 here, but there's no explanation why this is required.
deploy/k8s/charts/trustification/templates/services/vexination/walker/030-CronJob.yaml
Outdated
Show resolved
Hide resolved
@@ -0,0 +1 @@ | |||
admin:$apr1$XFCFfzu4$vtfox1qeBPqcZv814kltL1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The next step is to make this configurable for the person deploying the application.
No description provided.