Skip to content

Commit

Permalink
fix: Security config ignored (kyma-project#2003)
Browse files Browse the repository at this point in the history
* Make security config from config file work

* Make security config from config file work

* Make security config from config file work

* review fix
  • Loading branch information
Tomasz-Smelcerz-SAP authored and pPrecel committed May 20, 2024
1 parent 7a27762 commit 0a543e1
Showing 1 changed file with 29 additions and 8 deletions.
37 changes: 29 additions & 8 deletions cmd/kyma/alpha/create/module/module.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,11 @@ import (
"github.com/kyma-project/cli/pkg/module"
)

const (
kcpSystemNamespace = "kcp-system"
securityConfigFlagName = "sec-scanners-config"
)

type command struct {
cli.Command
opts *Options
Expand Down Expand Up @@ -113,7 +118,7 @@ Build a Kubebuilder module my-domain/modC in version 3.2.1 and push it to a loca
kyma alpha create module --name my-domain/modC --version 3.2.1 --path /path/to/module --registry http://localhost:5001/unsigned --insecure
`,
RunE: func(cobraCmd *cobra.Command, args []string) error { return c.Run() },
RunE: func(cobraCmd *cobra.Command, args []string) error { return c.Run(cobraCmd) },
Aliases: []string{"mod"},
}

Expand Down Expand Up @@ -181,7 +186,7 @@ Build a Kubebuilder module my-domain/modC in version 3.2.1 and push it to a loca
cmd.Flags().BoolVar(&o.Insecure, "insecure", false, "Uses an insecure connection to access the registry.")

cmd.Flags().StringVar(
&o.SecurityScanConfig, "sec-scanners-config", "sec-scanners-config.yaml", "Path to the file holding "+
&o.SecurityScanConfig, securityConfigFlagName, "sec-scanners-config.yaml", "Path to the file holding "+
"the security scan configuration.",
)

Expand Down Expand Up @@ -225,9 +230,7 @@ func configureLegacyFlags(cmd *cobra.Command, o *Options) *cobra.Command {
return cmd
}

const kcpSystemNamespace = "kcp-system"

func (cmd *command) Run() error {
func (cmd *command) Run(cobraCmd *cobra.Command) error {
osFS := osfs.New()

if cmd.opts.CI {
Expand Down Expand Up @@ -319,10 +322,23 @@ func (cmd *command) Run() error {
}

// Security Scan
if cmd.opts.SecurityScanConfig != "" && gitPath != "" { // security scan is only supported for target git repositories
var securityScanConfigFile = ""

// if the flag is explicitly set, use it
if cmd.isSecurityConfigFlagDefined(cobraCmd) {
securityScanConfigFile = cmd.opts.SecurityScanConfig
} else if modCnf != nil && modCnf.Security != "" {
fPath, err := resolveFilePath(modCnf.Security, cmd.opts.Path)
//Supress the error to keep the existing contract: The non-existing file is ignored and the security scan is skipped
if err == nil {
securityScanConfigFile = fPath
}
}

if securityScanConfigFile != "" && gitPath != "" { // security scan is only supported for target git repositories
cmd.NewStep("Configuring security scanning...")
if files.IsFileExists(cmd.opts.SecurityScanConfig) {
err = module.AddSecurityScanningMetadata(componentDescriptor, cmd.opts.SecurityScanConfig)
if files.IsFileExists(securityScanConfigFile) {
err = module.AddSecurityScanningMetadata(componentDescriptor, securityScanConfigFile)
if err != nil {
cmd.CurrentStep.Failure()
return err
Expand Down Expand Up @@ -592,6 +608,11 @@ func (cmd *command) avoidUserInteraction() bool {
return cmd.NonInteractive || cmd.CI
}

// isSecurityConfigFlagDefined returns true if the "sec-scanners-config" flag is set explicitly on the command line
func (cmd *command) isSecurityConfigFlagDefined(cobraCmd *cobra.Command) bool {
return cobraCmd.Flags().Lookup(securityConfigFlagName).Changed
}

// resolvePath resolves given path if it's absolute or uses the provided prefix to make it absolute.
// Returns an error if the path does not exist or is a directory.
func resolveFilePath(given, absolutePrefix string) (string, error) {
Expand Down

0 comments on commit 0a543e1

Please sign in to comment.