Skip to content

Commit

Permalink
Add token reuse
Browse files Browse the repository at this point in the history
  • Loading branch information
@Richard87
Richard87 committed Apr 2, 2024
1 parent b07f0ac commit 7758602
Show file tree
Hide file tree
Showing 5 changed files with 29 additions and 30 deletions.
22 changes: 21 additions & 1 deletion main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"github.com/equinor/radix-vulnerability-scanner/pkg/dockercfg"
"github.com/equinor/radix-vulnerability-scanner/pkg/options"
"github.com/equinor/radix-vulnerability-scanner/pkg/scan"
"github.com/equinor/radix-vulnerability-scanner/pkg/tokenstore"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"k8s.io/client-go/kubernetes"
Expand All @@ -35,7 +36,7 @@ func main() {

logOptions(opts)

scanner, err := scan.New(ctx, &opts.Docker)
scanner, err := newSnykScanner(ctx, &opts.Docker)
if err != nil {
log.Fatal().Msg(err.Error())
}
Expand Down Expand Up @@ -123,3 +124,22 @@ func getKubernetesClients(opts *options.KubeOptions) (kubernetes.Interface, radi

return kubeClient, radixClient, nil
}

func newSnykScanner(ctx context.Context, opts *options.DockerOptions) (scan.Scanner, error) {
var dockerConfig dockercfg.DockerConfig
var err error

if opts.AuthsFile != "" {
dockerConfig, err = dockercfg.ReadDockerAuthConfigFromFile(opts.AuthsFile)
if err != nil {
return nil, err
}
}

tokenStore, err := tokenstore.NewTokenStore(ctx)
if err != nil {
return nil, err
}

return scan.NewSnyk(dockerConfig, tokenStore), nil
}
4 changes: 2 additions & 2 deletions pkg/dockercfg/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
"os"

"github.com/containerd/containerd/reference/docker"
"github.com/equinor/radix-vulnerability-scanner/pkg/acr"
"github.com/equinor/radix-vulnerability-scanner/pkg/tokenstore"
"github.com/rs/zerolog/log"
)

Expand Down Expand Up @@ -51,7 +51,7 @@ func ReadDockerAuthConfigFromBytes(contents []byte) (DockerConfig, error) {
return cfgJSON, nil
}

func (c DockerConfig) GetAuth(image string, tokenStore *acr.TokenStore) (DockerAuthConfigEntry, error) {
func (c DockerConfig) GetAuth(image string, tokenStore *tokenstore.TokenStore) (DockerAuthConfigEntry, error) {
named, err := docker.ParseDockerRef(image)
if err != nil {
return DockerAuthConfigEntry{}, err
Expand Down
21 changes: 0 additions & 21 deletions pkg/scan/scanner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,32 +3,11 @@ package scan
import (
"context"

"github.com/equinor/radix-vulnerability-scanner/pkg/acr"
"github.com/equinor/radix-vulnerability-scanner/pkg/dockercfg"
"github.com/equinor/radix-vulnerability-scanner/pkg/options"
)

// Scanner defines methods for scanning Docker images for vulnerabilities
type Scanner interface {
// Scan scans a Docker image for vulnerabilities
Scan(ctx context.Context, image string, dockerConfig dockercfg.DockerConfig) (*ScanResult, error)
}

func New(ctx context.Context, opts *options.DockerOptions) (Scanner, error) {
var dockerAuth dockercfg.DockerConfig
var err error

if opts.AuthsFile != "" {
dockerAuth, err = dockercfg.ReadDockerAuthConfigFromFile(opts.AuthsFile)
if err != nil {
return nil, err
}
}

tokenStore, err := acr.NewTokenStore(ctx)
if err != nil {
return nil, err
}

return NewSnyk(dockerAuth, tokenStore), nil
}
6 changes: 3 additions & 3 deletions pkg/scan/snyk.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ import (
"io"
"os/exec"

"github.com/equinor/radix-vulnerability-scanner/pkg/acr"
"github.com/equinor/radix-vulnerability-scanner/pkg/dockercfg"
"github.com/equinor/radix-vulnerability-scanner/pkg/tokenstore"
"github.com/equinor/radix-vulnerability-scanner/pkg/utils/logwriter"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
Expand Down Expand Up @@ -38,11 +38,11 @@ func (commandExecutorImpl) Execute(ctx context.Context, command string, args []s
type snykScanner struct {
commonDockerConfig dockercfg.DockerConfig
executor commandExecutor
tokenStore *acr.TokenStore
tokenStore *tokenstore.TokenStore
}

// NewSnyk create a Scanner that use SNYK to scan for vulnerabilities
func NewSnyk(commonAuths dockercfg.DockerConfig, tokenStore *acr.TokenStore) Scanner {
func NewSnyk(commonAuths dockercfg.DockerConfig, tokenStore *tokenstore.TokenStore) Scanner {
return &snykScanner{commonDockerConfig: commonAuths, executor: commandExecutorImpl{}, tokenStore: tokenStore}
}

Expand Down
6 changes: 3 additions & 3 deletions pkg/acr/token_store.go → pkg/tokenstore/token_store.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package acr
package tokenstore

import (
"context"
Expand Down Expand Up @@ -58,7 +58,7 @@ func (t *TokenStore) GetToken(registryName string) (string, error) {

_, ok := t.tokens[registryName]
if !ok {
t.tokens[registryName] = t.getTokenSource(t.ctx, registryName)
t.tokens[registryName] = oauth2.ReuseTokenSource(nil, t.getACRTokenSource(t.ctx, registryName))
}

token, err := t.tokens[registryName].Token()
Expand All @@ -75,7 +75,7 @@ func (s TokenSourceFunc) Token() (*oauth2.Token, error) {
return s()
}

func (t *TokenStore) getTokenSource(ctx context.Context, registryName string) oauth2.TokenSource {
func (t *TokenStore) getACRTokenSource(ctx context.Context, registryName string) oauth2.TokenSource {
return TokenSourceFunc(func() (*oauth2.Token, error) {
log.Ctx(ctx).Debug().Str("registry", registryName).Msg("Fetching new ACR token")

Expand Down

0 comments on commit 7758602

Please sign in to comment.