From 245519b3a065d6bd0e07b7ae709d4baca98f4200 Mon Sep 17 00:00:00 2001 From: Richard87 Date: Wed, 3 Apr 2024 08:14:20 +0200 Subject: [PATCH] cleanup Main --- main.go | 31 ++++++++----------------------- pkg/db/gorm.go | 28 +++++++++++++++++++++++++--- pkg/db/repository.go | 28 ---------------------------- pkg/scan/snyk.go | 22 +++++++++++++++++++--- 4 files changed, 52 insertions(+), 57 deletions(-) diff --git a/main.go b/main.go index 612b881..1e0f4b0 100644 --- a/main.go +++ b/main.go @@ -10,11 +10,9 @@ import ( radix "github.com/equinor/radix-operator/pkg/client/clientset/versioned" "github.com/equinor/radix-vulnerability-scanner/pkg/db" - "github.com/equinor/radix-vulnerability-scanner/pkg/dockercfg" "github.com/equinor/radix-vulnerability-scanner/pkg/options" "github.com/equinor/radix-vulnerability-scanner/pkg/scan" "github.com/equinor/radix-vulnerability-scanner/pkg/server" - "github.com/equinor/radix-vulnerability-scanner/pkg/tokenstore" "github.com/rs/zerolog" "github.com/rs/zerolog/log" "k8s.io/client-go/kubernetes" @@ -38,12 +36,12 @@ func main() { logOptions(opts) - scanner, err := newSnykScanner(ctx, &opts.Docker) + scanner, err := scan.NewSnykScanner(ctx, &opts.Docker) if err != nil { log.Fatal().Msg(err.Error()) } - repo, err := db.New(&opts.DB) + repo, err := db.NewGormRepository(&opts.DB) if err != nil { log.Fatal().Msg(err.Error()) } @@ -57,6 +55,12 @@ func main() { if err != nil { log.Fatal().Msg(err.Error()) } + // + // cfg, _ := dockercfg.ReadDockerAuthConfigFromBytes([]byte(`{"credHelpers": {"radixdev.azurecr.io": "radix-wi-env"}}`)) + // _, _ = scanner.Scan(ctx, "radixdev.azurecr.io/edc2023-radix-wi-rihag-web:8onqf", cfg) + // time.Sleep(2 * time.Second) + // _, _ = scanner.Scan(ctx, "radixdev.azurecr.io/edc2023-radix-wi-rihag-web:8onqf", cfg) + // os.Exit(1) err = srv.Run(ctx.Done()) if err != nil { @@ -120,22 +124,3 @@ func getKubernetesClients(opts *options.KubeOptions) (kubernetes.Interface, radi return kubeClient, radixClient, nil } - -func newSnykScanner(ctx context.Context, opts *options.DockerOptions) (scan.Scanner, error) { - var dockerConfig dockercfg.DockerConfig - var err error - - if opts.AuthsFile != "" { - dockerConfig, err = dockercfg.ReadDockerAuthConfigFromFile(opts.AuthsFile) - if err != nil { - return nil, err - } - } - - tokenStore, err := tokenstore.NewTokenStore(ctx) - if err != nil { - return nil, err - } - - return scan.NewSnyk(dockerConfig, tokenStore), nil -} diff --git a/pkg/db/gorm.go b/pkg/db/gorm.go index 7e5def4..41b7cae 100644 --- a/pkg/db/gorm.go +++ b/pkg/db/gorm.go @@ -3,12 +3,18 @@ package db import ( "context" "database/sql" + "fmt" "time" + commongorm "github.com/equinor/radix-common/pkg/gorm" "github.com/equinor/radix-vulnerability-scanner/pkg/generic" + "github.com/equinor/radix-vulnerability-scanner/pkg/options" mssql "github.com/microsoft/go-mssqldb" + "github.com/microsoft/go-mssqldb/azuread" + "gorm.io/driver/sqlserver" "gorm.io/gorm" "gorm.io/gorm/clause" + "gorm.io/gorm/schema" ) const vulnerabilityBulkTypeTvpName = "dbo.VulnerabilityBulkType" @@ -20,10 +26,26 @@ type gormRepository struct { } // NewGormRepository returns a Repository using a Gorm ORM (https://gorm.io/index.html) database to access data -func NewGormRepository(db *gorm.DB) Repository { - return &gormRepository{ - db: db, +func NewGormRepository(opts *options.DBOptions) (Repository, error) { + + dsn := fmt.Sprintf("server=%s;database=%s;fedauth=ActiveDirectoryDefault", opts.Server, opts.Database) + dialector := sqlserver.New(sqlserver.Config{ + DriverName: azuread.DriverName, + DSN: dsn, + }) + + gormdb, err := gorm.Open(dialector, &gorm.Config{ + NamingStrategy: schema.NamingStrategy{NoLowerCase: true}, + Logger: commongorm.NewLogger(), + DisableAutomaticPing: false, + }) + if err != nil { + return nil, err } + + return &gormRepository{ + db: gormdb, + }, nil } func (r *gormRepository) GetLastImageScan(ctx context.Context, image string) (*ImageScanDto, error) { diff --git a/pkg/db/repository.go b/pkg/db/repository.go index 28e2d2c..8f359c1 100644 --- a/pkg/db/repository.go +++ b/pkg/db/repository.go @@ -2,15 +2,7 @@ package db import ( "context" - "fmt" "time" - - commongorm "github.com/equinor/radix-common/pkg/gorm" - "github.com/equinor/radix-vulnerability-scanner/pkg/options" - "github.com/microsoft/go-mssqldb/azuread" - "gorm.io/driver/sqlserver" - "gorm.io/gorm" - "gorm.io/gorm/schema" ) // Repository defines methods for reading and storing data about vulnerability scans @@ -20,23 +12,3 @@ type Repository interface { // RegisterImageScan stores information about a vulnerability scan for an image RegisterImageScan(ctx context.Context, image string, baseImage *string, scanTime time.Time, success bool, vulnerabilities []VulnerabilityBulkDto, identifiers []VulnerabilityIdentifierBulkDto, references []VulnerabilityReferenceBulkDto) error } - -func New(opts *options.DBOptions) (Repository, error) { - - dsn := fmt.Sprintf("server=%s;database=%s;fedauth=ActiveDirectoryDefault", opts.Server, opts.Database) - dialector := sqlserver.New(sqlserver.Config{ - DriverName: azuread.DriverName, - DSN: dsn, - }) - - gormdb, err := gorm.Open(dialector, &gorm.Config{ - NamingStrategy: schema.NamingStrategy{NoLowerCase: true}, - Logger: commongorm.NewLogger(), - DisableAutomaticPing: false, - }) - if err != nil { - return nil, err - } - - return NewGormRepository(gormdb), nil -} diff --git a/pkg/scan/snyk.go b/pkg/scan/snyk.go index e8743ab..b07a0fb 100644 --- a/pkg/scan/snyk.go +++ b/pkg/scan/snyk.go @@ -9,6 +9,7 @@ import ( "os/exec" "github.com/equinor/radix-vulnerability-scanner/pkg/dockercfg" + "github.com/equinor/radix-vulnerability-scanner/pkg/options" "github.com/equinor/radix-vulnerability-scanner/pkg/tokenstore" "github.com/equinor/radix-vulnerability-scanner/pkg/utils/logwriter" "github.com/rs/zerolog" @@ -41,9 +42,24 @@ type snykScanner struct { tokenStore *tokenstore.TokenStore } -// NewSnyk create a Scanner that use SNYK to scan for vulnerabilities -func NewSnyk(commonAuths dockercfg.DockerConfig, tokenStore *tokenstore.TokenStore) Scanner { - return &snykScanner{commonDockerConfig: commonAuths, executor: commandExecutorImpl{}, tokenStore: tokenStore} +// NewSnykScanner create a Scanner that use SNYK to scan for vulnerabilities +func NewSnykScanner(ctx context.Context, opts *options.DockerOptions) (Scanner, error) { + var dockerConfig dockercfg.DockerConfig + var err error + + if opts.AuthsFile != "" { + dockerConfig, err = dockercfg.ReadDockerAuthConfigFromFile(opts.AuthsFile) + if err != nil { + return nil, err + } + } + + tokenStore, err := tokenstore.NewTokenStore(ctx) + if err != nil { + return nil, err + } + + return &snykScanner{commonDockerConfig: dockerConfig, executor: commandExecutorImpl{}, tokenStore: tokenStore}, nil } func (s *snykScanner) Scan(ctx context.Context, image string, dockerConfig dockercfg.DockerConfig) (*ScanResult, error) {