JFROG artifactory registry domain name not working as per helm values for lacework proxy scanner deployment

[shankarsrinivasnew]

As per lacework documentation:
https://docs.lacework.net/onboarding/integrate-proxy-scanner-with-jfrog-registry-auto-polling

scan_public_registries: false
static_cache_location: /opt/lacework
lacework:
  account_name: <my-lacework-account-name>
  integration_access_token: <my-lacework-access-token>
registries:
  - domain: <my-jfrog-artifactory-domain>>
    name: <name-for-registry-integration>
    ssl: true
    auto_poll: true
    credentials:
      user_name: "jfrog-user-name"
      password: "jfrog-user-password"
    poll_frequency_minutes: 20
    disable_non_os_package_scanning: false
    go_binary_scanning: 
      enable: true

whereas,
domain: Adjust the domain to your JFrog environment. Do not include the http(s):// portion in the domain.

Use the same domain that you use for Docker login. For example:
    If you log into Docker using dockerHost:Port, use domain: dockerHost:Port.
    If you log into Docker using dockerHost, use domain: dockerHost.

---

From JFROG documentation:
https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-registries-and-repositories

Both Artifactory and Docker use the term "repository", but each uses it in a different way.

A Docker repository is a hosted collection of tagged images that, together, create the file system for a container

A Docker registry is a host that stores Docker repositories

An Artifactory repository is a hosted collection of Docker repositories, effectively, a Docker registry in every way, and one that you can access transparently with the Docker client.

So my domian name for my jfrog artifactory is " artifactory.mgmt.aws.uk.org "

When i use config file as below : ( note that registries are given under config.registries as per documentation )

helm upgrade --install --values lacework-values.yaml lacework-proxy-scanner lacework/proxy-scanner

where lacework-values.yaml are below

config:
  scan_public_registries: false
  static_cache_location: /opt/lacework
  lacework:
    account_name: xxx
    integration_access_token: xxxxxxxxxxx
  registries :
  - auto_poll: true
    credentials:
      password: "xxxxxx"
      user_name: "xxxxxxx"
    domain: artifactory.mgmt.aws.uk.org
    go_binary_scanning:
      enable: false
      scan_directory_path: ""
    is_public: false
    name: docker-local
    poll_frequency_minutes: 20
    ssl: false

and pod fails running

errors:

[WARNING]:   2024-01-24 19:06:09 - Error while loading cache file. Scanner will start with bootstap mode: open /opt/lacework/lacework_proxy_scanner_state.json.gz: no such file or directory 
[ERROR]:   2024-01-24 19:06:09 - Error while loading cache. Running in bootstrap mode. open /opt/lacework/lacework_proxy_scanner_state.json.gz: no such file or directory 
[INFO]:   2024-01-24 19:06:09 - Response headers: {"Connection":"keep-alive","Content-Length":"87","Content-Type":"application/json;charset=ISO-8859-1","Date":"Wed, 24 Jan 2024 19:06:09 GMT","Docker-Distribution-Api-Version":"registry/2.0","Strict-Transport-Security":"max-age=31536000","Www-Authenticate":"Bearer realm=\"https://artifactory.mgmt.aws.uk.org/v2/token\",service=\"artifactory.mgmt.aws.uk.org\""} 
[INFO]:   2024-01-24 19:06:09 - registry (https://artifactory.mgmt.aws.uk.org) - got response status: 401 Unauthorized 
[INFO]:   2024-01-24 19:06:09 - request url: https://artifactory.mgmt.aws.uk.org/v2/ 
[INFO]:   2024-01-24 19:06:09 - registry (https://artifactory.mgmt.aws.uk.org) - got wwwAuthenticateHeader: Bearer realm="https://artifactory.mgmt.aws.uk.org/v2/token",service="artifactory.mgmt.aws.uk.org" 
[INFO]:   2024-01-24 19:06:09 - Using authentication method: Bearer 
[INFO]:   2024-01-24 19:06:09 - Requesting bearerAccessToken from https://artifactory.mgmt.aws.uk.org/v2/token?service=artifactory.mgmt.aws.uk.org&account=lacework&scope=registry:catalog:* 
[ERROR]:   2024-01-24 19:06:09 - registry(https://artifactory.mgmt.aws.uk.org): Error wile parsing catalog response: EOF 
[FATAL]:   2024-01-24 19:06:09 - Invalid credentials found for registry(https://artifactory.mgmt.aws.uk.org). Please correct credentials. Can not validate credential for registry

• note that Secret named "lacework-proxy-scanner-registry-secrets" gets auto created as expected .

---

But the same work good if I add registries under ( config.lacework.registries ) instead of ( config.registries ) as below

helm upgrade --install --values lacework-values.yaml lacework-proxy-scanner lacework/proxy-scanner

where lacework-values.yaml are below

config:
  scan_public_registries: false
  static_cache_location: /opt/lacework
  lacework:
    account_name: xxx
    integration_access_token: xxxxxxxxxxx
    registries :
    - auto_poll: true
      credentials:
        password: "xxxxxx"
        user_name: "xxxxxxx"
      domain: artifactory.mgmt.aws.uk.org
      go_binary_scanning:
        enable: false
        scan_directory_path: ""
      is_public: false
      name: docker-local
      poll_frequency_minutes: 20
      ssl: false

and and pod running good now

• Note that No Secret named "lacework-proxy-scanner-registry-secrets" gets created this time .

logs :

[WARNING]:   2024-01-25 11:01:09 - Error while loading cache file. Scanner will start with bootstap mode: open /opt/lacework/lacework_proxy_scanner_state.json.gz: no such file or directory 
[ERROR]:   2024-01-25 11:01:09 - Error while loading cache. Running in bootstrap mode. open /opt/lacework/lacework_proxy_scanner_state.json.gz: no such file or directory 
[INFO]:   2024-01-25 11:01:09 - Starting server.. 
[INFO]:   2024-01-25 11:01:09 - ScanDataHandlerWorker #1: Starting.. 
[INFO]:   2024-01-25 11:01:09 - Listener started 
[INFO]:   2024-01-25 11:01:09 - server started successfully on port 8080

Also able to get all docker based registires scanned succesfully in lacework console this time and all 10 docker type registries in my jfrog artifactory are displayed in console .

Questions:

1. What is the domain value to give here ? domain of jfrog artifactory i.e artifactory.mgmt.aws.uk.org ? or path of docker registry inside jfrog artifactory i.e artifactory.mgmt.aws.uk.org/artifactory/api/docker/

Since the naming convection differ for word "registry" for lacework and jfrog

https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-registries-and-repositories
https://jfrog.com/help/r/jfrog-artifactory-documentation/local-docker-repositories
https://docs.lacework.net/onboarding/integrate-proxy-scanner-with-jfrog-registry-auto-polling

2. How does values and setup work good for added registries under ( config.lacework.registries ) instead of ( config.registries ) ? BUG ? or it the right way to use under config.lacework.registries and the documentation is the issue here ?

Looking for faster response!

Thank you