add container definition included plugin and use it

aquasecurity · Aug 27, 2024 · d69536e · d69536e
1 parent 37143dc
commit d69536e
Showing 1 changed file with 84 additions and 20 deletions.
diff --git a/pkg/vulnerabilityreport/builder_test.go b/pkg/vulnerabilityreport/builder_test.go
@@ -298,7 +298,7 @@ func TestScanJobBuilder(t *testing.T) {
 	t.Run("Shoud set scan job with custom volume and volume mount", func(t *testing.T) {
 		g := gomega.NewGomegaWithT(t)
 		job, _, err := vulnerabilityreport.NewScanJobBuilder().
-			WithPlugin(&testPlugin{}).
+			WithPlugin(&testContainersPlugin{}).
 			WithPluginContext(trivyoperator.NewPluginContext().
 				WithName("test-plugin").
 				WithNamespace("trivy-operator-ns").
@@ -317,10 +317,17 @@ func TestScanJobBuilder(t *testing.T) {
 				Spec: appsv1.ReplicaSetSpec{
 					Template: corev1.PodTemplateSpec{
 						Spec: corev1.PodSpec{
+							InitContainers: []corev1.Container{
+								{
+									Name:  "test-init-container",
+									Image: "test-init-image",
+								},
+							},
+
 							Containers: []corev1.Container{
 								{
-									Name:  "nginx",
-									Image: "nginx:1.16",
+									Name:  "test-container",
+									Image: "test-image",
 								},
 							},
 						},
@@ -350,16 +357,15 @@ func TestScanJobBuilder(t *testing.T) {
 				Name:      "scan-vulnerabilityreport-64d65c457",
 				Namespace: "trivy-operator-ns",
 				Labels: map[string]string{
-					trivyoperator.LabelK8SAppManagedBy:            "trivy-operator",
-					trivyoperator.LabelVulnerabilityReportScanner: "test-plugin",
-					trivyoperator.LabelResourceKind:               "ReplicaSet",
-					trivyoperator.LabelResourceName:               "nginx-6799fc88d8",
-					trivyoperator.LabelResourceNamespace:          "prod-ns",
-					trivyoperator.LabelResourceSpecHash:           "788f48d57f",
+					"app.kubernetes.io/managed-by":      "trivy-operator",
+					"resource-spec-hash":                "7dcdf9f488",
+					"trivy-operator.resource.kind":      "ReplicaSet",
+					"trivy-operator.resource.name":      "nginx-6799fc88d8",
+					"trivy-operator.resource.namespace": "prod-ns",
+					"vulnerabilityReport.scanner":       "test-plugin",
 				},
 				Annotations: map[string]string{
-					"test-annotation":                       "test-value",
-					trivyoperator.AnnotationContainerImages: `{"nginx":"nginx:1.16"}`,
+					"trivy-operator.container-images": `{"test-container":"test-image","test-init-container":"test-init-image"}`,
 				},
 			},
 			Spec: batchv1.JobSpec{
@@ -369,18 +375,48 @@ func TestScanJobBuilder(t *testing.T) {
 				Template: corev1.PodTemplateSpec{
 					ObjectMeta: metav1.ObjectMeta{
 						Labels: map[string]string{
-							trivyoperator.LabelK8SAppManagedBy:            "trivy-operator",
-							trivyoperator.LabelVulnerabilityReportScanner: "test-plugin",
-							trivyoperator.LabelResourceKind:               "ReplicaSet",
-							trivyoperator.LabelResourceName:               "nginx-6799fc88d8",
-							trivyoperator.LabelResourceNamespace:          "prod-ns",
-							trivyoperator.LabelResourceSpecHash:           "788f48d57f",
+							"app.kubernetes.io/managed-by":      "trivy-operator",
+							"resource-spec-hash":                "7dcdf9f488",
+							"trivy-operator.resource.kind":      "ReplicaSet",
+							"trivy-operator.resource.name":      "nginx-6799fc88d8",
+							"trivy-operator.resource.namespace": "prod-ns",
+							"vulnerabilityReport.scanner":       "test-plugin",
 						},
-						Annotations: map[string]string{
-							"test-annotation": "test-value",
+					},
+					Spec: corev1.PodSpec{
+						Volumes: []corev1.Volume{
+							{
+								Name: "test-volume",
+								VolumeSource: corev1.VolumeSource{
+									EmptyDir: &corev1.EmptyDirVolumeSource{},
+								},
+							},
+						},
+						InitContainers: []corev1.Container{
+							{
+								Name:  "test-init-container",
+								Image: "test-init-image",
+								VolumeMounts: []corev1.VolumeMount{
+									{
+										Name:      "test-volume",
+										MountPath: "/test-mount-path",
+									},
+								},
+							},
+						},
+						Containers: []corev1.Container{
+							{
+								Name:  "test-container",
+								Image: "test-image",
+								VolumeMounts: []corev1.VolumeMount{
+									{
+										Name:      "test-volume",
+										MountPath: "/test-mount-path",
+									},
+								},
+							},
 						},
 					},
-					Spec: corev1.PodSpec{},
 				},
 			},
 		}))
@@ -401,3 +437,31 @@ func (p *testPlugin) GetScanJobSpec(_ trivyoperator.PluginContext, _ client.Obje
 func (p *testPlugin) ParseReportData(_ trivyoperator.PluginContext, _ string, _ io.ReadCloser) (v1alpha1.VulnerabilityReportData, v1alpha1.ExposedSecretReportData, *v1alpha1.SbomReportData, error) {
 	return v1alpha1.VulnerabilityReportData{}, v1alpha1.ExposedSecretReportData{}, &v1alpha1.SbomReportData{}, nil
 }
+
+type testContainersPlugin struct {
+}
+
+func (p *testContainersPlugin) Init(_ trivyoperator.PluginContext) error {
+	return nil
+}
+
+func (p *testContainersPlugin) GetScanJobSpec(_ trivyoperator.PluginContext, _ client.Object, _ map[string]docker.Auth, _ *corev1.SecurityContext, _ map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) {
+	return corev1.PodSpec{
+		InitContainers: []corev1.Container{
+			{
+				Name:  "test-init-container",
+				Image: "test-init-image",
+			},
+		},
+		Containers: []corev1.Container{
+			{
+				Name:  "test-container",
+				Image: "test-image",
+			},
+		},
+	}, nil, nil
+}
+
+func (p *testContainersPlugin) ParseReportData(_ trivyoperator.PluginContext, _ string, _ io.ReadCloser) (v1alpha1.VulnerabilityReportData, v1alpha1.ExposedSecretReportData, *v1alpha1.SbomReportData, error) {
+	return v1alpha1.VulnerabilityReportData{}, v1alpha1.ExposedSecretReportData{}, &v1alpha1.SbomReportData{}, nil
+}