From 590057e4d24a6b2cd010d491c3d7b76d4635bca7 Mon Sep 17 00:00:00 2001 From: refaelm Date: Wed, 27 Nov 2024 11:46:40 +0200 Subject: [PATCH 1/2] support aws and azure trigger job on registry creation Signed-off-by: refaelm --- go.mod | 38 +++++++++--------- go.sum | 80 ++++++++++++++++++-------------------- mainhandler/vulnscan.go | 17 +++++--- watcher/registryhandler.go | 78 ++++++++++++++++++++++++++++++++----- 4 files changed, 137 insertions(+), 76 deletions(-) diff --git a/go.mod b/go.mod index d4810eb..2743dde 100644 --- a/go.mod +++ b/go.mod @@ -5,9 +5,9 @@ go 1.23.0 toolchain go1.23.2 require ( - github.com/armosec/armoapi-go v0.0.473 + github.com/armosec/armoapi-go v0.0.475 github.com/armosec/cluster-notifier-api-go v0.0.5 - github.com/armosec/registryx v0.0.20 + github.com/armosec/registryx v0.0.22 github.com/armosec/utils-go v0.0.58 github.com/armosec/utils-k8s-go v0.0.30 github.com/aws/aws-sdk-go v1.50.8 @@ -52,7 +52,7 @@ require ( require ( cloud.google.com/go/auth v0.3.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect - cloud.google.com/go/compute/metadata v0.3.0 // indirect + cloud.google.com/go/compute/metadata v0.5.2 // indirect cloud.google.com/go/container v1.35.1 // indirect github.com/IBM/sarama v1.42.1 // indirect github.com/coreos/go-semver v0.3.1 // indirect @@ -107,22 +107,22 @@ require ( github.com/anchore/syft v1.13.0 // indirect github.com/armosec/gojay v1.2.17 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2 v1.30.0 // indirect - github.com/aws/aws-sdk-go-v2/config v1.27.21 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.21 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect + github.com/aws/aws-sdk-go-v2 v1.32.5 // indirect + github.com/aws/aws-sdk-go-v2/config v1.28.5 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.46 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ecr v1.36.6 // indirect github.com/aws/aws-sdk-go-v2/service/eks v1.28.1 // indirect github.com/aws/aws-sdk-go-v2/service/iam v1.21.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 // indirect - github.com/aws/smithy-go v1.20.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 // indirect + github.com/aws/smithy-go v1.22.1 // indirect github.com/becheran/wildmatch-go v1.0.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -288,8 +288,8 @@ require ( golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/mod v0.21.0 // indirect golang.org/x/net v0.29.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sys v0.25.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sys v0.27.0 // indirect golang.org/x/term v0.24.0 // indirect golang.org/x/text v0.18.0 // indirect golang.org/x/time v0.6.0 // indirect diff --git a/go.sum b/go.sum index e2524c5..6b06fc5 100644 --- a/go.sum +++ b/go.sum @@ -41,8 +41,8 @@ cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvf cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= -cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= +cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/container v1.35.1 h1:Vbu/3PZNrgV1Z5DGcRubQdUccX/uMUDNc+NgHNIfbEk= cloud.google.com/go/container v1.35.1/go.mod h1:udm8fgLm3TtpnjFN4QLLjZezAIIp/VnMo316yIRVRQU= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= @@ -139,14 +139,14 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armosec/armoapi-go v0.0.473 h1:YPCz2Tj5GmdegItI9PPwY1e4AXGCp2RxS9S17mOF8Zc= -github.com/armosec/armoapi-go v0.0.473/go.mod h1:TruqDSAPgfRBXCeM+Cgp6nN4UhJSbe7la+XDKV2pTsY= +github.com/armosec/armoapi-go v0.0.475 h1:VM8OcG+etjyHru4fvK8CSqgLWhlzry8ae46LRjSzdys= +github.com/armosec/armoapi-go v0.0.475/go.mod h1:TruqDSAPgfRBXCeM+Cgp6nN4UhJSbe7la+XDKV2pTsY= github.com/armosec/cluster-notifier-api-go v0.0.5 h1:UKY58ehKocKgtqzrawyaIHJa5paG9A4srv+4/6n+Ez4= github.com/armosec/cluster-notifier-api-go v0.0.5/go.mod h1:p5w9/zWIWwpi8W8mHGQdE6HuBb3AxXmZM9Rp//JWvx0= github.com/armosec/gojay v1.2.17 h1:VSkLBQzD1c2V+FMtlGFKqWXNsdNvIKygTKJI9ysY8eM= github.com/armosec/gojay v1.2.17/go.mod h1:vuvX3DlY0nbVrJ0qCklSS733AWMoQboq3cFyuQW9ybc= -github.com/armosec/registryx v0.0.20 h1:KB8LIBSqgQGqps7VAWobHWlpSOzGpYPobfPKe+Fc6ss= -github.com/armosec/registryx v0.0.20/go.mod h1:48rlQqJa+WGTKzPsusO8f0BPN6ZeuiiMXoVJYd3h7VU= +github.com/armosec/registryx v0.0.22 h1:RJPtjXe8HM7XrALqTmjR+oAhJ8cJjqQeP9peJYKXUA0= +github.com/armosec/registryx v0.0.22/go.mod h1:Wv/IjsruMf07rGhqTLxb4WDOzirVcoRdcCr+J/8n2pM= github.com/armosec/utils-go v0.0.58 h1:g9RnRkxZAmzTfPe2ruMo2OXSYLwVSegQSkSavOfmaIE= github.com/armosec/utils-go v0.0.58/go.mod h1:CdqKHKruVJMCxGcZXYW9J+5P9FZou8dMzVpcB0Xt8pk= github.com/armosec/utils-k8s-go v0.0.30 h1:Gj8MJck0jZPSLSq8ZMiRPT3F/laOYQdaLxXKKcjijt4= @@ -157,47 +157,43 @@ github.com/aws/aws-sdk-go v1.50.8 h1:gY0WoOW+/Wz6XmYSgDH9ge3wnAevYDSQWPxxJvqAkP4 github.com/aws/aws-sdk-go v1.50.8/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2 v1.19.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM= -github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA= -github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= -github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM= -github.com/aws/aws-sdk-go-v2/config v1.27.21/go.mod h1:4XtlEU6DzNai8RMbjSF5MgGZtYvrhBP/aKZcRtZAVdM= -github.com/aws/aws-sdk-go-v2/credentials v1.17.21 h1:pjAqgzfgFhTv5grc7xPHtXCAaMapzmwA7aU+c/SZQGw= -github.com/aws/aws-sdk-go-v2/credentials v1.17.21/go.mod h1:nhK6PtBlfHTUDVmBLr1dg+WHCOCK+1Fu/WQyVHPsgNQ= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8/go.mod h1:EgSKcHiuuakEIxJcKGzVNWh5srVAQ3jKaSrBGRYvM48= +github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo= +github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.28.5 h1:Za41twdCXbuyyWv9LndXxZZv3QhTG1DinqlFsSuvtI0= +github.com/aws/aws-sdk-go-v2/config v1.28.5/go.mod h1:4VsPbHP8JdcdUDmbTVgNL/8w9SqOkM5jyY8ljIxLO3o= +github.com/aws/aws-sdk-go-v2/credentials v1.17.46 h1:AU7RcriIo2lXjUfHFnFKYsLCwgbz1E7Mm95ieIRDNUg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.46/go.mod h1:1FmYyLGL08KQXQ6mcTlifyFXfJVCNJTVGuQP4m0d/UA= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 h1:sDSXIrlsFSFJtWKLQS4PUWRvrT580rrnuLydJrCQ/yA= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20/go.mod h1:WZ/c+w0ofps+/OUqMwWgnfrgzZH1DZO1RIkktICsqnY= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35/go.mod h1:ipR5PvpSPqIqL5Mi82BxLnfMkHVbmco8kUwO2xrCi0M= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.36/go.mod h1:T8Jsn/uNL/AFOXrVYQ1YQaN1r9gN34JU1855/Lyjv+o= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12/go.mod h1:FkpvXhA92gb3GE9LD6Og0pHHycTxW7xGpnEh5E7Opwo= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29/go.mod h1:M/eUABlDbw2uVrdAn+UsI6M727qp2fxkp8K0ejcBDUY= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.30/go.mod h1:v3GSCnFxbHzt9dlWBqvA1K1f9lmWuf4ztupZBCAIVs4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 h1:hb5KgeYfObi5MHkSSZMEudnIvX30iB+E21evI4r6BnQ= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12/go.mod h1:CroKe/eWJdyfy9Vx4rljP5wTUjNJfb+fPz1uMYUhEGM= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE= -github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2/go.mod h1:Q0LcmaN/Qr8+4aSBrdrXXePqoX0eOuYpJLbYpilmWnA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/ecr v1.36.6 h1:zg+3FGHA0PBs0KM25qE/rOf2o5zsjNa1g/Qq83+SDI0= +github.com/aws/aws-sdk-go-v2/service/ecr v1.36.6/go.mod h1:ZSq54Z9SIsOTf1Efwgw1msilSs4XVEfVQiP9nYVnKpM= github.com/aws/aws-sdk-go-v2/service/eks v1.28.1 h1:SA+98Rnehl2KXewvGXc2Lw2ns3Y4t9jdMHmEY5hcNws= github.com/aws/aws-sdk-go-v2/service/eks v1.28.1/go.mod h1:cQRkgJKg6s9AIzFZ+i4pXdm+/3Fw4MuPNqCdMvSaqns= github.com/aws/aws-sdk-go-v2/service/iam v1.21.1 h1:VTCWgsrromZqnlRgfziqqWWcW7LFkQLwJVYgf/5zgWA= github.com/aws/aws-sdk-go-v2/service/iam v1.21.1/go.mod h1:LBsjrFczXiQLASO6FtDGTeHuZh6oHuIH6VKaOozFghg= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI= -github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 h1:sd0BsnAvLH8gsp2e3cbaIr+9D7T1xugueQ7V/zUAsS4= -github.com/aws/aws-sdk-go-v2/service/sso v1.21.1/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 h1:1uEFNNskK/I1KoZ9Q8wJxMz5V9jyBlsiaNrM7vA3YUQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4= -github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 h1:myX5CxqXE0QMZNja6FA1/FSE3Vu1rVmeUmpJMMzeZg0= -github.com/aws/aws-sdk-go-v2/service/sts v1.29.1/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 h1:wtpJ4zcwrSbwhECWQoI/g6WM9zqCcSpHDJIWSbMLOu4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5/go.mod h1:qu/W9HXQbbQ4+1+JcZp0ZNPV31ym537ZJN+fiS7Ti8E= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 h1:3zu537oLmsPfDMyjnUS2g+F2vITgy5pB74tHI+JBNoM= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.6/go.mod h1:WJSZH2ZvepM6t6jwu4w/Z45Eoi75lPN7DcydSRtJg6Y= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 h1:K0OQAsDywb0ltlFrZm0JHPY3yZp/S9OaoLU33S7vPS8= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5/go.mod h1:ORITg+fyuMoeiQFiVGoqB3OydVTLkClw/ljbblMq6Cc= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 h1:6SZUVRQNvExYlMLbHdlKB48x0fLbc2iVROyaNEwBHbU= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.1/go.mod h1:GqWyYCwLXnlUB1lOAXQyNSPqPLQJvmo8J0DWBzp9mtg= github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= -github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA= github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -1247,8 +1243,8 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1348,8 +1344,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= diff --git a/mainhandler/vulnscan.go b/mainhandler/vulnscan.go index f29d740..0eda56c 100644 --- a/mainhandler/vulnscan.go +++ b/mainhandler/vulnscan.go @@ -187,7 +187,10 @@ func (actionHandler *ActionHandler) scanRegistriesV2(ctx context.Context, sessio return fmt.Errorf("scanRegistriesV2 failed to get registry images to scan with err %v", err) } - registryScanCMDList := actionHandler.getRegistryImageScanCommands(sessionObj, client, imageRegistry, images) + registryScanCMDList, err := actionHandler.getRegistryImageScanCommands(sessionObj, client, imageRegistry, images) + if err != nil { + return fmt.Errorf("scanRegistriesV2 failed to get registry images scan commands with err %v", err) + } sessionObj.Reporter.SendDetails(fmt.Sprintf("sending %d images from registry %v to vuln scan", len(registryScanCMDList), imageRegistry), actionHandler.sendReport) return sendAllImagesToRegistryScan(ctx, actionHandler.config, registryScanCMDList) @@ -200,7 +203,7 @@ func (actionHandler *ActionHandler) loadRegistrySecret(ctx context.Context, sess return fmt.Errorf("loadRegistrySecret failed to get secret with err %v", err) } - var secretMap map[string]string + var secretMap map[string]interface{} err = json.Unmarshal(secret.Data[apitypes.RegistryAuthFieldInSecret], &secretMap) if err != nil { return fmt.Errorf("loadRegistrySecret failed to unmarshal registry secret with err %v", err) @@ -225,7 +228,7 @@ func (actionHandler *ActionHandler) loadRegistryFromSessionObj(sessionObj *utils return imageRegistry, nil } -func (actionHandler *ActionHandler) getRegistryImageScanCommands(sessionObj *utils.SessionObj, client interfaces.RegistryClient, imageRegistry apitypes.ContainerImageRegistry, images map[string]string) []*apis.RegistryScanCommand { +func (actionHandler *ActionHandler) getRegistryImageScanCommands(sessionObj *utils.SessionObj, client interfaces.RegistryClient, imageRegistry apitypes.ContainerImageRegistry, images map[string]string) ([]*apis.RegistryScanCommand, error) { registryScanCMDList := make([]*apis.RegistryScanCommand, 0, len(images)) for image, tag := range images { repository := image @@ -247,12 +250,16 @@ func (actionHandler *ActionHandler) getRegistryImageScanCommands(sessionObj *uti identifiers.AttributeSensor: imageRegistry.GetBase().ClusterName, }, } - registryScanCommand.Credentialslist = append(registryScanCommand.Credentialslist, *client.GetDockerAuth()) + auth, err := client.GetDockerAuth() + if err != nil { + return nil, fmt.Errorf("failed to get docker auth with err %v", err) + } + registryScanCommand.Credentialslist = append(registryScanCommand.Credentialslist, *auth) registryScanCMDList = append(registryScanCMDList, &apis.RegistryScanCommand{ ImageScanParams: *registryScanCommand, }) } - return registryScanCMDList + return registryScanCMDList, nil } func (actionHandler *ActionHandler) loadRegistryScan(ctx context.Context, sessionObj *utils.SessionObj) (*registryScan, error) { diff --git a/watcher/registryhandler.go b/watcher/registryhandler.go index 58a5c86..235fcff 100644 --- a/watcher/registryhandler.go +++ b/watcher/registryhandler.go @@ -48,6 +48,12 @@ var ( Version: "v1", Resource: "cronjobs", } + + jobGVR = schema.GroupVersionResource{ + Group: "batch", + Version: "v1", + Resource: "jobs", + } ) type RegistryCommandsHandler struct { @@ -86,8 +92,10 @@ func (ch *RegistryCommandsHandler) Start() { var payload []byte switch cmd.Spec.CommandType { - case string(command.OperatorCommandTypeCreateRegistry), string(command.OperatorCommandTypeUpdateRegistry): - err = ch.upsertRegistry(cmd) + case string(command.OperatorCommandTypeCreateRegistry): + err = ch.upsertRegistry(cmd, true) + case string(command.OperatorCommandTypeUpdateRegistry): + err = ch.upsertRegistry(cmd, false) case string(command.OperatorCommandTypeDeleteRegistry): err = ch.deleteRegistry(cmd) case string(command.OperatorCommandTypeCheckRegistry): @@ -185,7 +193,7 @@ func (ch *RegistryCommandsHandler) deleteRegistry(cmd v1alpha1.OperatorCommand) return nil } -func (ch *RegistryCommandsHandler) upsertRegistry(cmd v1alpha1.OperatorCommand) error { +func (ch *RegistryCommandsHandler) upsertRegistry(cmd v1alpha1.OperatorCommand, triggerNow bool) error { registry, err := armotypes.UnmarshalRegistry(cmd.Spec.Body) if err != nil { logger.L().Error("upsertRegistry - failed to unmarshal command payload", helpers.Error(err)) @@ -219,14 +227,28 @@ func (ch *RegistryCommandsHandler) upsertRegistry(cmd v1alpha1.OperatorCommand) }) errGroup.Go(func() error { - cronJob, err := createCronJobObject(ch.k8sAPI, registry) - if err != nil { - logger.L().Error("upsertRegistry - failed to create cron job resource", helpers.Error(err)) - return err + if triggerNow { + job, err := createJobObject(ch.k8sAPI, registry) + if err != nil { + logger.L().Error("upsertRegistry - failed to create job resource", helpers.Error(err)) + return err + } + if err = ch.upsertResource(job, jobGVR, registry.GetBase().ResourceName); err != nil { + logger.L().Error("upsertRegistry - failed to upsert job resource", helpers.Error(err)) + return err + } } - if err = ch.upsertResource(cronJob, cronJobGVR, cronJob.Name); err != nil { - logger.L().Error("upsertRegistry - failed to upsert cron job resource", helpers.Error(err)) - return err + if registry.GetBase().ScanFrequency != "" { + cronjob, err := createCronJobObject(ch.k8sAPI, registry) + if err != nil { + logger.L().Error("upsertRegistry - failed to create cron job resource", helpers.Error(err)) + return err + + } + if err = ch.upsertResource(cronjob, cronJobGVR, registry.GetBase().ResourceName); err != nil { + logger.L().Error("upsertRegistry - failed to upsert job resource", helpers.Error(err)) + return err + } } return nil }) @@ -280,6 +302,42 @@ func createCronJobObject(k8sAPI *k8sinterface.KubernetesApi, registry armotypes. return cronjob, nil } +func createJobObject(k8sAPI *k8sinterface.KubernetesApi, registry armotypes.ContainerImageRegistry) (*batchv1.Job, error) { + template, err := k8sAPI.KubernetesClient.CoreV1().ConfigMaps(armotypes.KubescapeNamespace).Get(context.Background(), registryCronjobTemplate, metav1.GetOptions{}) + if err != nil { + return nil, err + } + jobTemplateStr, ok := template.Data[cronjobTemplateName] + if !ok { + return nil, fmt.Errorf("getJobTemplate: jobTemplate not found") + } + cronjob := &batchv1.CronJob{} + if err := yaml.Unmarshal([]byte(jobTemplateStr), cronjob); err != nil { + return nil, err + } + job := &batchv1.Job{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "batch/v1", + Kind: "Job", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: registry.GetBase().ResourceName, + Namespace: cronjob.Namespace, + Labels: map[string]string{"app": registry.GetBase().ResourceName}, + }, + Spec: cronjob.Spec.JobTemplate.Spec, + } + for i, v := range job.Spec.Template.Spec.Volumes { + if v.Name == armotypes.RegistryRequestVolumeName { + if job.Spec.Template.Spec.Volumes[i].ConfigMap != nil { + job.Spec.Template.Spec.Volumes[i].ConfigMap.Name = registry.GetBase().ResourceName + } + } + } + + return job, nil +} + func createSecretObject(registry armotypes.ContainerImageRegistry) (*v1.Secret, error) { secret := v1.Secret{} secret.Name = registry.GetBase().ResourceName From da814ba4f28716ce715a04ff93ccce3e2f825b1d Mon Sep 17 00:00:00 2001 From: refaelm Date: Wed, 27 Nov 2024 13:53:53 +0200 Subject: [PATCH 2/2] fix cr Signed-off-by: refaelm --- mainhandler/handlerequests.go | 4 ++-- mainhandler/vulnscan.go | 2 +- watcher/commandswatcher.go | 10 +++++---- watcher/commandswatcher_test.go | 8 +++++-- watcher/registryhandler.go | 37 ++++++++++++++++++--------------- 5 files changed, 35 insertions(+), 26 deletions(-) diff --git a/mainhandler/handlerequests.go b/mainhandler/handlerequests.go index 347657e..04be70e 100644 --- a/mainhandler/handlerequests.go +++ b/mainhandler/handlerequests.go @@ -153,8 +153,8 @@ func (mainHandler *MainHandler) HandleWatchers(ctx context.Context) { eventQueue := watcher.NewCooldownQueue() watchHandler := watcher.NewWatchHandler(ctx, mainHandler.config, mainHandler.k8sAPI, ksStorageClient, eventQueue) - commandWatchHandler := watcher.NewCommandWatchHandler(mainHandler.k8sAPI) - registryCommandsHandler := watcher.NewRegistryCommandsHandler(ctx, mainHandler.k8sAPI, commandWatchHandler) + commandWatchHandler := watcher.NewCommandWatchHandler(mainHandler.k8sAPI, mainHandler.config) + registryCommandsHandler := watcher.NewRegistryCommandsHandler(ctx, mainHandler.k8sAPI, commandWatchHandler, mainHandler.config) go registryCommandsHandler.Start() // wait for the kubevuln component to be ready diff --git a/mainhandler/vulnscan.go b/mainhandler/vulnscan.go index 0eda56c..c93bb5d 100644 --- a/mainhandler/vulnscan.go +++ b/mainhandler/vulnscan.go @@ -198,7 +198,7 @@ func (actionHandler *ActionHandler) scanRegistriesV2(ctx context.Context, sessio func (actionHandler *ActionHandler) loadRegistrySecret(ctx context.Context, sessionObj *utils.SessionObj, imageRegistry apitypes.ContainerImageRegistry) error { secretName := sessionObj.Command.Args[apitypes.RegistrySecretNameArgKey].(string) - secret, err := actionHandler.k8sAPI.KubernetesClient.CoreV1().Secrets(apitypes.KubescapeNamespace).Get(ctx, secretName, metav1.GetOptions{}) + secret, err := actionHandler.k8sAPI.KubernetesClient.CoreV1().Secrets(actionHandler.config.Namespace()).Get(ctx, secretName, metav1.GetOptions{}) if err != nil { return fmt.Errorf("loadRegistrySecret failed to get secret with err %v", err) } diff --git a/watcher/commandswatcher.go b/watcher/commandswatcher.go index 2c27201..e4f799d 100644 --- a/watcher/commandswatcher.go +++ b/watcher/commandswatcher.go @@ -4,11 +4,11 @@ import ( "context" "errors" "fmt" - "github.com/armosec/armoapi-go/armotypes" "github.com/cenkalti/backoff" mapset "github.com/deckarep/golang-set/v2" "github.com/kubescape/backend/pkg/command" "github.com/kubescape/backend/pkg/command/types/v1alpha1" + "github.com/kubescape/operator/config" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "time" @@ -26,13 +26,15 @@ type CommandWatchHandler struct { k8sAPI *k8sinterface.KubernetesApi eventQueue *CooldownQueue commandReceivers mapset.Set[chan v1alpha1.OperatorCommand] + config config.IConfig } -func NewCommandWatchHandler(k8sAPI *k8sinterface.KubernetesApi) *CommandWatchHandler { +func NewCommandWatchHandler(k8sAPI *k8sinterface.KubernetesApi, config config.IConfig) *CommandWatchHandler { return &CommandWatchHandler{ k8sAPI: k8sAPI, eventQueue: NewCooldownQueue(), commandReceivers: mapset.NewSet[chan v1alpha1.OperatorCommand](), + config: config, } } @@ -58,7 +60,7 @@ func (cwh *CommandWatchHandler) CommandWatch(ctx context.Context) { func (cwh *CommandWatchHandler) listCommands(ctx context.Context) { if err := pager.New(func(ctx context.Context, opts v1.ListOptions) (runtime.Object, error) { - return cwh.k8sAPI.GetDynamicClient().Resource(v1alpha1.SchemaGroupVersionResource).Namespace(armotypes.KubescapeNamespace).List(context.Background(), opts) + return cwh.k8sAPI.GetDynamicClient().Resource(v1alpha1.SchemaGroupVersionResource).Namespace(cwh.config.Namespace()).List(context.Background(), opts) }).EachListItem(ctx, v1.ListOptions{ LabelSelector: fmt.Sprintf("%s=%s", command.OperatorCommandAppNameLabelKey, "operator"), }, func(obj runtime.Object) error { @@ -78,7 +80,7 @@ func (cwh *CommandWatchHandler) watchRetry(ctx context.Context) { LabelSelector: fmt.Sprintf("%s=%s", command.OperatorCommandAppNameLabelKey, "operator"), } if err := backoff.RetryNotify(func() error { - watcher, err := cwh.k8sAPI.GetDynamicClient().Resource(v1alpha1.SchemaGroupVersionResource).Namespace(armotypes.KubescapeNamespace).Watch(context.Background(), watchOpts) + watcher, err := cwh.k8sAPI.GetDynamicClient().Resource(v1alpha1.SchemaGroupVersionResource).Namespace(cwh.config.Namespace()).Watch(context.Background(), watchOpts) if err != nil { return fmt.Errorf("failed to get commands watcher: %w", err) } diff --git a/watcher/commandswatcher_test.go b/watcher/commandswatcher_test.go index cfec0d0..7e46515 100644 --- a/watcher/commandswatcher_test.go +++ b/watcher/commandswatcher_test.go @@ -5,10 +5,13 @@ import ( _ "embed" "encoding/json" "github.com/armosec/armoapi-go/armotypes" + utilsmetadata "github.com/armosec/utils-k8s-go/armometadata" "github.com/kubescape/backend/pkg/command" "github.com/kubescape/backend/pkg/command/types/v1alpha1" + beUtils "github.com/kubescape/backend/pkg/utils" "github.com/kubescape/go-logger" "github.com/kubescape/k8s-interface/k8sinterface" + "github.com/kubescape/operator/config" "github.com/stretchr/testify/require" "github.com/testcontainers/testcontainers-go/modules/k3s" "io" @@ -118,8 +121,9 @@ func setupEnvAndWatchers(t *testing.T, ctx context.Context, k8sAPI *k8sinterface require.NoError(t, err) // start watcher - commandWatchHandler := NewCommandWatchHandler(k8sAPI) - registryCommandsHandler := NewRegistryCommandsHandler(ctx, k8sAPI, commandWatchHandler) + operatorConfig := config.NewOperatorConfig(config.CapabilitiesConfig{}, utilsmetadata.ClusterConfig{}, &beUtils.Credentials{}, "", config.Config{Namespace: armotypes.KubescapeNamespace}) + commandWatchHandler := NewCommandWatchHandler(k8sAPI, operatorConfig) + registryCommandsHandler := NewRegistryCommandsHandler(ctx, k8sAPI, commandWatchHandler, operatorConfig) go registryCommandsHandler.Start() go commandWatchHandler.CommandWatch(ctx) } diff --git a/watcher/registryhandler.go b/watcher/registryhandler.go index 235fcff..87705f4 100644 --- a/watcher/registryhandler.go +++ b/watcher/registryhandler.go @@ -12,6 +12,7 @@ import ( "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" "github.com/kubescape/k8s-interface/k8sinterface" + "github.com/kubescape/operator/config" "golang.org/x/sync/errgroup" batchv1 "k8s.io/api/batch/v1" v1 "k8s.io/api/core/v1" @@ -61,14 +62,16 @@ type RegistryCommandsHandler struct { k8sAPI *k8sinterface.KubernetesApi commands chan v1alpha1.OperatorCommand commandsWatcher *CommandWatchHandler + config config.IConfig } -func NewRegistryCommandsHandler(ctx context.Context, k8sAPI *k8sinterface.KubernetesApi, commandsWatcher *CommandWatchHandler) *RegistryCommandsHandler { +func NewRegistryCommandsHandler(ctx context.Context, k8sAPI *k8sinterface.KubernetesApi, commandsWatcher *CommandWatchHandler, config config.IConfig) *RegistryCommandsHandler { return &RegistryCommandsHandler{ ctx: ctx, k8sAPI: k8sAPI, commands: make(chan v1alpha1.OperatorCommand, 100), commandsWatcher: commandsWatcher, + config: config, } } @@ -173,17 +176,17 @@ func (ch *RegistryCommandsHandler) deleteRegistry(cmd v1alpha1.OperatorCommand) return err } resourceName := registry.GetBase().ResourceName - err = ch.k8sAPI.KubernetesClient.BatchV1().CronJobs(armotypes.KubescapeNamespace).Delete(context.Background(), resourceName, metav1.DeleteOptions{}) + err = ch.k8sAPI.KubernetesClient.BatchV1().CronJobs(ch.config.Namespace()).Delete(context.Background(), resourceName, metav1.DeleteOptions{}) if err != nil { logger.L().Error("deleteRegistry - failed to delete cronjob resource", helpers.Error(err)) return err } - err = ch.k8sAPI.KubernetesClient.CoreV1().Secrets(armotypes.KubescapeNamespace).Delete(context.Background(), resourceName, metav1.DeleteOptions{}) + err = ch.k8sAPI.KubernetesClient.CoreV1().Secrets(ch.config.Namespace()).Delete(context.Background(), resourceName, metav1.DeleteOptions{}) if err != nil { logger.L().Error("deleteRegistry - failed to delete secret resource", helpers.Error(err)) return err } - err = ch.k8sAPI.KubernetesClient.CoreV1().ConfigMaps(armotypes.KubescapeNamespace).Delete(context.Background(), resourceName, metav1.DeleteOptions{}) + err = ch.k8sAPI.KubernetesClient.CoreV1().ConfigMaps(ch.config.Namespace()).Delete(context.Background(), resourceName, metav1.DeleteOptions{}) if err != nil { logger.L().Error("deleteRegistry - failed to delete configmap resource", helpers.Error(err)) return err @@ -201,7 +204,7 @@ func (ch *RegistryCommandsHandler) upsertRegistry(cmd v1alpha1.OperatorCommand, } errGroup := errgroup.Group{} errGroup.Go(func() error { - secret, err := createSecretObject(registry) + secret, err := ch.generateSecretObject(registry) if err != nil { logger.L().Error("upsertRegistry - failed to create secret resource", helpers.Error(err)) return err @@ -214,7 +217,7 @@ func (ch *RegistryCommandsHandler) upsertRegistry(cmd v1alpha1.OperatorCommand, }) errGroup.Go(func() error { - configMap, err := createConfigMapObject(registry) + configMap, err := ch.generateConfigMapObject(registry) if err != nil { logger.L().Error("upsertRegistry - failed to create config map resource", helpers.Error(err)) return err @@ -228,7 +231,7 @@ func (ch *RegistryCommandsHandler) upsertRegistry(cmd v1alpha1.OperatorCommand, errGroup.Go(func() error { if triggerNow { - job, err := createJobObject(ch.k8sAPI, registry) + job, err := ch.generateJobObject(registry) if err != nil { logger.L().Error("upsertRegistry - failed to create job resource", helpers.Error(err)) return err @@ -239,7 +242,7 @@ func (ch *RegistryCommandsHandler) upsertRegistry(cmd v1alpha1.OperatorCommand, } } if registry.GetBase().ScanFrequency != "" { - cronjob, err := createCronJobObject(ch.k8sAPI, registry) + cronjob, err := ch.generateCronJobObject(registry) if err != nil { logger.L().Error("upsertRegistry - failed to create cron job resource", helpers.Error(err)) return err @@ -271,12 +274,12 @@ func (ch *RegistryCommandsHandler) upsertResource(resource interface{}, gvr sche if err != nil { return err } - _, err = ch.k8sAPI.DynamicClient.Resource(gvr).Namespace(armotypes.KubescapeNamespace).Apply(ch.ctx, name, &unstructured.Unstructured{Object: unstructuredResource}, applyOpts) + _, err = ch.k8sAPI.DynamicClient.Resource(gvr).Namespace(ch.config.Namespace()).Apply(ch.ctx, name, &unstructured.Unstructured{Object: unstructuredResource}, applyOpts) return err } -func createCronJobObject(k8sAPI *k8sinterface.KubernetesApi, registry armotypes.ContainerImageRegistry) (*batchv1.CronJob, error) { - template, err := k8sAPI.KubernetesClient.CoreV1().ConfigMaps(armotypes.KubescapeNamespace).Get(context.Background(), registryCronjobTemplate, metav1.GetOptions{}) +func (ch *RegistryCommandsHandler) generateCronJobObject(registry armotypes.ContainerImageRegistry) (*batchv1.CronJob, error) { + template, err := ch.k8sAPI.KubernetesClient.CoreV1().ConfigMaps(ch.config.Namespace()).Get(context.Background(), registryCronjobTemplate, metav1.GetOptions{}) if err != nil { return nil, err } @@ -302,8 +305,8 @@ func createCronJobObject(k8sAPI *k8sinterface.KubernetesApi, registry armotypes. return cronjob, nil } -func createJobObject(k8sAPI *k8sinterface.KubernetesApi, registry armotypes.ContainerImageRegistry) (*batchv1.Job, error) { - template, err := k8sAPI.KubernetesClient.CoreV1().ConfigMaps(armotypes.KubescapeNamespace).Get(context.Background(), registryCronjobTemplate, metav1.GetOptions{}) +func (ch *RegistryCommandsHandler) generateJobObject(registry armotypes.ContainerImageRegistry) (*batchv1.Job, error) { + template, err := ch.k8sAPI.KubernetesClient.CoreV1().ConfigMaps(ch.config.Namespace()).Get(context.Background(), registryCronjobTemplate, metav1.GetOptions{}) if err != nil { return nil, err } @@ -338,13 +341,13 @@ func createJobObject(k8sAPI *k8sinterface.KubernetesApi, registry armotypes.Cont return job, nil } -func createSecretObject(registry armotypes.ContainerImageRegistry) (*v1.Secret, error) { +func (ch *RegistryCommandsHandler) generateSecretObject(registry armotypes.ContainerImageRegistry) (*v1.Secret, error) { secret := v1.Secret{} secret.Name = registry.GetBase().ResourceName secret.Kind = armotypes.K8sKindSecret secret.APIVersion = armotypes.K8sApiVersionV1 secret.Type = v1.SecretTypeOpaque - secret.Namespace = armotypes.KubescapeNamespace + secret.Namespace = ch.config.Namespace() secret.StringData = make(map[string]string) registryAuthBytes, err := json.Marshal(registry.ExtractSecret()) if err != nil { @@ -355,12 +358,12 @@ func createSecretObject(registry armotypes.ContainerImageRegistry) (*v1.Secret, return &secret, err } -func createConfigMapObject(registry armotypes.ContainerImageRegistry) (*v1.ConfigMap, error) { +func (ch *RegistryCommandsHandler) generateConfigMapObject(registry armotypes.ContainerImageRegistry) (*v1.ConfigMap, error) { configMap := v1.ConfigMap{} configMap.Name = registry.GetBase().ResourceName configMap.Kind = armotypes.K8sKindConfigMap configMap.APIVersion = armotypes.K8sApiVersionV1 - configMap.Namespace = armotypes.KubescapeNamespace + configMap.Namespace = ch.config.Namespace() configMap.Labels = map[string]string{"app": registry.GetBase().ResourceName} cmd, err := getCommandForConfigMap(registry, registry.GetBase().ResourceName) if err != nil {