feat: Enhance walkers to create some kind of report

[bxf12315]

No description provided.

[dejanb]

Just a few remarks on the first look. I still didn't try to run it

[trust-git-bot]

🚀 Deployed Preview: https://trustification-spog-pr-1289-preview.surge.sh ✨

[bxf12315]

retest it

[dejanb]

I couldn't run the compose successfully, the walkers panic with

invalid character 's' looking for beginning of value

Did you see this as well? If not, can you provide some basic instructions on how to test it?

[bxf12315]

I couldn't run the compose successfully, the walkers panic with

invalid character 's' looking for beginning of value

Did you see this as well? If not, can you provide some basic instructions on how to test it?

I can run TRUST_IMAGE=trust TRUST_VERSION=latest docker-compose -f compose.yaml -f compose-guac.yaml -f compose-trustification.yaml -f compose-collectors.yaml -f compose-walkers.yaml up --force-recreate.

[dejanb]

I ran the walker manually for now ingesting dataset1

REPORT_TYPE=SBOM REPORT_PATH=/tmp/share/reports/sbom RUST_LOG=info cargo run -p trust bombastic walker --sink http://localhost:8082 --devmode --source file:./data/ds1/sbom

Here are some comments

[dejanb]

Great work. I think things are going in the right direction. Here are some more comments for minor improvements.

[dejanb]

This looks good to me. Just a few more minor comments

[ctron]

I just took a look at the Rust part. I don't feel having enough understanding of the deployment part.

[ctron]

Sorry for overlooking this before. However, relying on CDNs like this, for a product, will cause some issues.

Assuming this is run in an air-gapped environment, this won't work. I am also not sure if this is compliant with privacy policies like GDPR.

A possible solution would be to provide an env-var (via clap) to customize this base URL. We could then add this as a static asset and configure it's location from the Helm charts.

[ctron]

I don't see any fix for this. I see that there as an additional ConfigMap replacing this file, injecting this value via Helm. This seems overly complex to me and duplicates the while file.

I think having a way to replace the file is good. However, as we already have a template engine in place, and to replace elements in this file, we should simply re-use that same functionality for replacing the value as well. This would allow us to get rid of all the extra code below.

[bxf12315]

My method is too complicated. I will change it.

[ctron]

To me it looks like there's still the link unpkg.

[ctron]

Is there a reason this isn't handled as a clap argument? Including adding the env attribute.

[ctron]

This is still using env::var_os somewhere inside the code. Why can't this be handled in the place we have the other options, using clap, using the long and env option?

[ctron]

Is there a reason the env attribute is missing?

[ctron]

That sill seems to be unresolved.

[bxf12315]

#1289 (comment)
so I do not add it in env.

[ctron]

I am not sure how this aligns with that comment.

1. There's a default value, having the type of the value Option<T> doesn't seem to make sense
2. It can be overridden by --report-path (which also seems to be used), for other args we allow overriding by env. I don't see any reason why we shouldn't do this in this case too.
3. The same seems true for the vexination walker.

[bxf12315]

ok , I am not sure my understander is correct, I updated the PR, please check agian.

[ctron]

You can keep the default value. Add the env marker and make it String.

[ctron]

I don't see any fix for this. I see that there as an additional ConfigMap replacing this file, injecting this value via Helm. This seems overly complex to me and duplicates the while file.

I think having a way to replace the file is good. However, as we already have a template engine in place, and to replace elements in this file, we should simply re-use that same functionality for replacing the value as well. This would allow us to get rid of all the extra code below.

[ctron]

Why is this needed?

[ctron]

The infrastructure got removed. Please remove this as well.

[ctron]

As said before, this isn't a viable option for many reasons. I think we should provide a suitable option by default and save us some trouble during productization.

[bxf12315]

Can we define several CSS options by adding a new configuration file?

[ctron]

IIRC we decided on moving away from this approach and add some static CSS?

[ctron]

Please see the other comment (bombastic) on this option.

[ctron]

I don't see this issue being resolved.

[bxf12315]

@ctron @dejanb There is a new issue, patternfly.css and patternfly.min.css's sizes are both more than 1m. but configmap's size is 1m. so I can not input CSS file into configmap. So I customized some CSS styles.[1] please check it.
The PR also deploys on [2].

[1] https://github.com/trustification/trustification/pull/1289/files#diff-c94245949b61109bee8690aaba8bddf73b52617107b05fe30621394692139ef7R7
[2] https://report-xiabai-test.apps.scale.scale.trustification.cloud/

[ctron]

That sill seems to be unresolved.

[ctron]

I don't think it makes sense to have this Option<T> with a default value.

[ctron]

Why don't we use the port 8080 in this case?

[ctron]

I still don't see port 8080 here, but there's no explanation why this is required.

[ctron]

I don't see this issue being resolved.

[ctron]

IIRC we decided on moving away from this approach and add some static CSS?

[ctron]

Suggested change

	#[arg(long, default_value = "/tmp/share/report")]
	#[arg(long, env, default_value = "/tmp/share/report")]

[ctron]

Suggested change

	pub report_path: Option<String>,
	pub report_path: String,

[ctron]

Suggested change

	handle_report(report, self.report_path, "Sbom".to_string()).await?;
	handle_report(report, self.report_path, "SBOM".to_string()).await?;

[ctron]

This is still using env::var_os somewhere inside the code. Why can't this be handled in the place we have the other options, using clap, using the long and env option?

[ctron]

I don't think this error should silently be ignored.

[ctron]

To me it looks like there's still the link unpkg.

[ctron]

Suggested change

	#[arg(long, default_value = "/tmp/share/reports")]
	#[arg(long, env, default_value = "/tmp/share/reports")]

[ctron]

Suggested change

	pub report_path: Option<String>,
	pub report_path: String,

[ctron]

Looks like the previous review went to an older version of the PR. Not sure what happened, sorry.

[ctron]

You can keep the default value. Add the env marker and make it String.

[ctron]

I still don't see port 8080 here, but there's no explanation why this is required.

[bxf12315]

@dejanb @ctron I add basic auth on report server, please check it. Thanks

[ctron]

The next step is to make this configurable for the person deploying the application.