diff --git a/.circleci/config.yml b/.circleci/config.yml index 006b6954b5e4c..0628653ad16b2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1376,6 +1376,8 @@ commands: - attach_workspace: at: /go/src/github.com/stackrox/rox + - *restoreGoModCache + - *setupRoxctl - setup-gcp - setup-dep-env: diff --git a/central/image/service/service_impl.go b/central/image/service/service_impl.go index 1c0c8aaa61202..7aa6dc0732eeb 100644 --- a/central/image/service/service_impl.go +++ b/central/image/service/service_impl.go @@ -51,9 +51,12 @@ var ( "/v1.ImageService/CountImages", "/v1.ImageService/ListImages", }, - or.Or(idcheck.SensorsOnly(), idcheck.AdmissionControlOnly()): { + or.SensorOrAuthorizer(idcheck.AdmissionControlOnly()): { "/v1.ImageService/ScanImageInternal", }, + idcheck.SensorsOnly(): { + "/v1.ImageService/GetImageVulnerabilitiesInternal", + }, user.With(permissions.Modify(permissions.WithLegacyAuthForSAC(resources.Image, true))): { "/v1.ImageService/DeleteImages", "/v1.ImageService/ScanImage", @@ -108,9 +111,10 @@ func (s *serviceImpl) GetImage(ctx context.Context, request *v1.GetImageRequest) if request.GetId() == "" { return nil, errors.Wrap(errorhelpers.ErrInvalidArgs, "id must be specified") } - request.Id = types.NewDigest(request.Id).Digest() - image, exists, err := s.datastore.GetImage(ctx, request.GetId()) + id := types.NewDigest(request.GetId()).Digest() + + image, exists, err := s.datastore.GetImage(ctx, id) if err != nil { return nil, err } @@ -122,6 +126,11 @@ func (s *serviceImpl) GetImage(ctx context.Context, request *v1.GetImageRequest) // This modifies the image object utils.FilterSuppressedCVEsNoClone(image) } + if request.GetStripDescription() { + // This modifies the image object + utils.StripCVEDescriptionsNoClone(image) + } + return image, nil } @@ -175,7 +184,7 @@ func internalScanRespFromImage(img *storage.Image) *v1.ScanImageInternalResponse } } -// ScanImageInternal handles an image request from Sensor +// ScanImageInternal handles an image request from Sensor and Admission Controller. func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanImageInternalRequest) (*v1.ScanImageInternalResponse, error) { if err := s.internalScanSemaphore.Acquire(concurrency.AsContext(concurrency.Timeout(maxSemaphoreWaitTime)), 1); err != nil { s, err := status.New(codes.Unavailable, err.Error()).WithDetails(&v1.ScanImageInternalResponseDetails_TooManyParallelScans{}) @@ -192,7 +201,8 @@ func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanIma if err != nil { return nil, err } - // If the scan exists and it is less than the reprocessing interval then return the scan. Otherwise, fetch it from the DB + // If the scan exists, and it is less than the reprocessing interval, then return the scan. + // Otherwise, fetch it from the DB. if exists { return internalScanRespFromImage(img), nil } @@ -251,6 +261,14 @@ func (s *serviceImpl) ScanImage(ctx context.Context, request *v1.ScanImageReques return img, nil } +// GetImageVulnerabilitiesInternal retrieves the vulnerabilities related to the image +// specified by the given components and scan notes. +// This is meant to be called by Sensor. +// TODO(ROX-9281): Implement me. +func (s *serviceImpl) GetImageVulnerabilitiesInternal(ctx context.Context, request *v1.GetImageVulnerabilitiesInternalRequest) (*v1.ScanImageInternalResponse, error) { + return nil, nil +} + // DeleteImages deletes images based on query func (s *serviceImpl) DeleteImages(ctx context.Context, request *v1.DeleteImagesRequest) (*v1.DeleteImagesResponse, error) { if request.GetQuery() == nil { diff --git a/generated/api/v1/image_service.pb.go b/generated/api/v1/image_service.pb.go index d72343739e581..b42197854b245 100644 --- a/generated/api/v1/image_service.pb.go +++ b/generated/api/v1/image_service.pb.go @@ -8,6 +8,7 @@ import ( fmt "fmt" proto "github.com/golang/protobuf/proto" storage "github.com/stackrox/rox/generated/storage" + v1 "github.com/stackrox/scanner/generated/scanner/api/v1" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" @@ -55,12 +56,13 @@ func (x WatchImageResponse_ErrorType) String() string { } func (WatchImageResponse_ErrorType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{9, 0} + return fileDescriptor_b4306cfe43028263, []int{10, 0} } type GetImageRequest struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` IncludeSnoozed bool `protobuf:"varint,2,opt,name=include_snoozed,json=includeSnoozed,proto3" json:"include_snoozed,omitempty"` + StripDescription bool `protobuf:"varint,3,opt,name=strip_description,json=stripDescription,proto3" json:"strip_description,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -113,6 +115,13 @@ func (m *GetImageRequest) GetIncludeSnoozed() bool { return false } +func (m *GetImageRequest) GetStripDescription() bool { + if m != nil { + return m.StripDescription + } + return false +} + func (m *GetImageRequest) MessageClone() proto.Message { return m.Clone() } @@ -458,6 +467,107 @@ func (m *ScanImageInternalResponse) Clone() *ScanImageInternalResponse { return cloned } +type GetImageVulnerabilitiesInternalRequest struct { + ImageId string `protobuf:"bytes,1,opt,name=image_id,json=imageId,proto3" json:"image_id,omitempty"` + ImageName *storage.ImageName `protobuf:"bytes,2,opt,name=image_name,json=imageName,proto3" json:"image_name,omitempty"` + Metadata *storage.ImageMetadata `protobuf:"bytes,3,opt,name=metadata,proto3" json:"metadata,omitempty"` + Components *v1.Components `protobuf:"bytes,4,opt,name=components,proto3" json:"components,omitempty"` + Notes []v1.Note `protobuf:"varint,5,rep,packed,name=notes,proto3,enum=scannerV1.Note" json:"notes,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *GetImageVulnerabilitiesInternalRequest) Reset() { + *m = GetImageVulnerabilitiesInternalRequest{} +} +func (m *GetImageVulnerabilitiesInternalRequest) String() string { return proto.CompactTextString(m) } +func (*GetImageVulnerabilitiesInternalRequest) ProtoMessage() {} +func (*GetImageVulnerabilitiesInternalRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_b4306cfe43028263, []int{6} +} +func (m *GetImageVulnerabilitiesInternalRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *GetImageVulnerabilitiesInternalRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_GetImageVulnerabilitiesInternalRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *GetImageVulnerabilitiesInternalRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_GetImageVulnerabilitiesInternalRequest.Merge(m, src) +} +func (m *GetImageVulnerabilitiesInternalRequest) XXX_Size() int { + return m.Size() +} +func (m *GetImageVulnerabilitiesInternalRequest) XXX_DiscardUnknown() { + xxx_messageInfo_GetImageVulnerabilitiesInternalRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_GetImageVulnerabilitiesInternalRequest proto.InternalMessageInfo + +func (m *GetImageVulnerabilitiesInternalRequest) GetImageId() string { + if m != nil { + return m.ImageId + } + return "" +} + +func (m *GetImageVulnerabilitiesInternalRequest) GetImageName() *storage.ImageName { + if m != nil { + return m.ImageName + } + return nil +} + +func (m *GetImageVulnerabilitiesInternalRequest) GetMetadata() *storage.ImageMetadata { + if m != nil { + return m.Metadata + } + return nil +} + +func (m *GetImageVulnerabilitiesInternalRequest) GetComponents() *v1.Components { + if m != nil { + return m.Components + } + return nil +} + +func (m *GetImageVulnerabilitiesInternalRequest) GetNotes() []v1.Note { + if m != nil { + return m.Notes + } + return nil +} + +func (m *GetImageVulnerabilitiesInternalRequest) MessageClone() proto.Message { + return m.Clone() +} +func (m *GetImageVulnerabilitiesInternalRequest) Clone() *GetImageVulnerabilitiesInternalRequest { + if m == nil { + return nil + } + cloned := new(GetImageVulnerabilitiesInternalRequest) + *cloned = *m + + cloned.ImageName = m.ImageName.Clone() + cloned.Metadata = m.Metadata.Clone() + cloned.Components = m.Components.Clone() + if m.Notes != nil { + cloned.Notes = make([]v1.Note, len(m.Notes)) + copy(cloned.Notes, m.Notes) + } + return cloned +} + type DeleteImagesRequest struct { Query *RawQuery `protobuf:"bytes,1,opt,name=query,proto3" json:"query,omitempty"` Confirm bool `protobuf:"varint,2,opt,name=confirm,proto3" json:"confirm,omitempty"` @@ -470,7 +580,7 @@ func (m *DeleteImagesRequest) Reset() { *m = DeleteImagesRequest{} } func (m *DeleteImagesRequest) String() string { return proto.CompactTextString(m) } func (*DeleteImagesRequest) ProtoMessage() {} func (*DeleteImagesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{6} + return fileDescriptor_b4306cfe43028263, []int{7} } func (m *DeleteImagesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -539,7 +649,7 @@ func (m *DeleteImagesResponse) Reset() { *m = DeleteImagesResponse{} } func (m *DeleteImagesResponse) String() string { return proto.CompactTextString(m) } func (*DeleteImagesResponse) ProtoMessage() {} func (*DeleteImagesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{7} + return fileDescriptor_b4306cfe43028263, []int{8} } func (m *DeleteImagesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -609,7 +719,7 @@ func (m *WatchImageRequest) Reset() { *m = WatchImageRequest{} } func (m *WatchImageRequest) String() string { return proto.CompactTextString(m) } func (*WatchImageRequest) ProtoMessage() {} func (*WatchImageRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{8} + return fileDescriptor_b4306cfe43028263, []int{9} } func (m *WatchImageRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -675,7 +785,7 @@ func (m *WatchImageResponse) Reset() { *m = WatchImageResponse{} } func (m *WatchImageResponse) String() string { return proto.CompactTextString(m) } func (*WatchImageResponse) ProtoMessage() {} func (*WatchImageResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{9} + return fileDescriptor_b4306cfe43028263, []int{10} } func (m *WatchImageResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -751,7 +861,7 @@ func (m *UnwatchImageRequest) Reset() { *m = UnwatchImageRequest{} } func (m *UnwatchImageRequest) String() string { return proto.CompactTextString(m) } func (*UnwatchImageRequest) ProtoMessage() {} func (*UnwatchImageRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{10} + return fileDescriptor_b4306cfe43028263, []int{11} } func (m *UnwatchImageRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -811,7 +921,7 @@ func (m *GetWatchedImagesResponse) Reset() { *m = GetWatchedImagesRespon func (m *GetWatchedImagesResponse) String() string { return proto.CompactTextString(m) } func (*GetWatchedImagesResponse) ProtoMessage() {} func (*GetWatchedImagesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{11} + return fileDescriptor_b4306cfe43028263, []int{12} } func (m *GetWatchedImagesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -878,7 +988,7 @@ func (m *ScanImageInternalResponseDetails) Reset() { *m = ScanImageInter func (m *ScanImageInternalResponseDetails) String() string { return proto.CompactTextString(m) } func (*ScanImageInternalResponseDetails) ProtoMessage() {} func (*ScanImageInternalResponseDetails) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{12} + return fileDescriptor_b4306cfe43028263, []int{13} } func (m *ScanImageInternalResponseDetails) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -936,7 +1046,7 @@ func (m *ScanImageInternalResponseDetails_TooManyParallelScans) String() string } func (*ScanImageInternalResponseDetails_TooManyParallelScans) ProtoMessage() {} func (*ScanImageInternalResponseDetails_TooManyParallelScans) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{12, 0} + return fileDescriptor_b4306cfe43028263, []int{13, 0} } func (m *ScanImageInternalResponseDetails_TooManyParallelScans) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -986,6 +1096,7 @@ func init() { proto.RegisterType((*ScanImageRequest)(nil), "v1.ScanImageRequest") proto.RegisterType((*ScanImageInternalRequest)(nil), "v1.ScanImageInternalRequest") proto.RegisterType((*ScanImageInternalResponse)(nil), "v1.ScanImageInternalResponse") + proto.RegisterType((*GetImageVulnerabilitiesInternalRequest)(nil), "v1.GetImageVulnerabilitiesInternalRequest") proto.RegisterType((*DeleteImagesRequest)(nil), "v1.DeleteImagesRequest") proto.RegisterType((*DeleteImagesResponse)(nil), "v1.DeleteImagesResponse") proto.RegisterType((*WatchImageRequest)(nil), "v1.WatchImageRequest") @@ -999,70 +1110,81 @@ func init() { func init() { proto.RegisterFile("api/v1/image_service.proto", fileDescriptor_b4306cfe43028263) } var fileDescriptor_b4306cfe43028263 = []byte{ - // 1001 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x55, 0x6d, 0x6f, 0xdb, 0x44, - 0x1c, 0x5f, 0xd2, 0xb5, 0x6b, 0xfe, 0x49, 0xd3, 0xf4, 0x92, 0xb5, 0x9e, 0xd7, 0x27, 0x79, 0x48, - 0x2d, 0x45, 0x38, 0x4a, 0x79, 0x37, 0x21, 0x41, 0x68, 0xb3, 0x92, 0xa9, 0x49, 0x8a, 0xd3, 0x8d, - 0x81, 0x26, 0x59, 0x87, 0x7d, 0x4b, 0x2d, 0xec, 0x3b, 0xcf, 0xe7, 0xa4, 0x78, 0x88, 0x17, 0xf0, - 0x15, 0x78, 0xc3, 0x37, 0x82, 0x97, 0x48, 0x7c, 0x01, 0x54, 0xf8, 0x20, 0xc8, 0x77, 0x97, 0xc4, - 0x79, 0x98, 0xc4, 0x3b, 0xdf, 0xff, 0xe1, 0xf7, 0x7f, 0xfe, 0x19, 0x74, 0x1c, 0x7a, 0xf5, 0x51, - 0xa3, 0xee, 0x05, 0x78, 0x40, 0x6c, 0x4e, 0xa2, 0x91, 0xe7, 0x10, 0x33, 0x8c, 0x58, 0xcc, 0x50, - 0x7e, 0xd4, 0xd0, 0x77, 0x07, 0x8c, 0x0d, 0x7c, 0x52, 0x4f, 0xcd, 0x30, 0xa5, 0x2c, 0xc6, 0xb1, - 0xc7, 0x28, 0x97, 0x16, 0xfa, 0x63, 0xe5, 0xcd, 0x09, 0x8e, 0x9c, 0x9b, 0x59, 0x77, 0x1d, 0x29, - 0x25, 0x09, 0xc2, 0x38, 0x51, 0xb2, 0x2a, 0x8f, 0x59, 0x84, 0x07, 0x44, 0xc6, 0x53, 0x42, 0x6d, - 0x2c, 0x74, 0x49, 0xe8, 0xb3, 0x24, 0x20, 0x34, 0x96, 0x1a, 0xe3, 0x39, 0x6c, 0x5e, 0x90, 0xb8, - 0x9d, 0xda, 0x5a, 0xe4, 0xed, 0x90, 0xf0, 0x18, 0x95, 0x21, 0xef, 0xb9, 0x5a, 0xee, 0x30, 0x77, - 0x5c, 0xb0, 0xf2, 0x9e, 0x8b, 0x8e, 0x60, 0xd3, 0xa3, 0x8e, 0x3f, 0x74, 0x89, 0xcd, 0x29, 0x63, - 0xef, 0x88, 0xab, 0xe5, 0x0f, 0x73, 0xc7, 0xeb, 0x56, 0x59, 0x89, 0xfb, 0x52, 0x6a, 0x7c, 0x0e, - 0xe8, 0xd2, 0xe3, 0x12, 0x8c, 0x5b, 0x84, 0x87, 0x8c, 0x72, 0x82, 0x4e, 0x60, 0x4d, 0xa4, 0xc2, - 0xb5, 0xdc, 0xe1, 0xca, 0x71, 0xf1, 0x14, 0x99, 0x2a, 0x19, 0x73, 0x62, 0x6c, 0x29, 0x0b, 0xe3, - 0x23, 0xa8, 0x9e, 0xb1, 0x21, 0x9d, 0x87, 0xa8, 0xc1, 0xaa, 0x93, 0x8a, 0x45, 0x52, 0xab, 0x96, - 0x7c, 0x18, 0x21, 0x54, 0xfa, 0x0e, 0xa6, 0x33, 0xb9, 0xef, 0x01, 0xc8, 0x3e, 0x53, 0x1c, 0x10, - 0x55, 0x43, 0x41, 0x48, 0xba, 0x38, 0x10, 0x40, 0x6f, 0x58, 0xe4, 0x10, 0x55, 0x80, 0x7c, 0x2c, - 0x2b, 0x70, 0x65, 0x69, 0x81, 0x21, 0x68, 0x93, 0x88, 0x6d, 0x1a, 0x93, 0x88, 0x62, 0x7f, 0x1c, - 0xf9, 0x63, 0x58, 0x15, 0x71, 0x44, 0xd0, 0xe2, 0xe9, 0xce, 0xa4, 0xca, 0x33, 0x46, 0x63, 0xec, - 0x51, 0x12, 0xc9, 0x44, 0xa5, 0x15, 0x3a, 0x80, 0xa2, 0x83, 0x9d, 0x1b, 0xe2, 0xda, 0x8c, 0xfa, - 0x89, 0x8a, 0x07, 0x52, 0xd4, 0xa3, 0x7e, 0xf2, 0xfc, 0xfe, 0x7a, 0xbe, 0xb2, 0x62, 0x34, 0xe1, - 0xd1, 0x92, 0x88, 0xaa, 0x2d, 0x1f, 0xcc, 0x86, 0x2c, 0x4f, 0x42, 0x66, 0x23, 0x19, 0x7d, 0xa8, - 0x9e, 0x13, 0x9f, 0xc4, 0x64, 0xdc, 0x54, 0x99, 0xaf, 0x01, 0xab, 0x6f, 0x87, 0x24, 0x4a, 0x94, - 0x73, 0xc9, 0x1c, 0x35, 0x4c, 0x0b, 0xdf, 0x7e, 0x95, 0xca, 0x2c, 0xa9, 0x42, 0x1a, 0x3c, 0x70, - 0x18, 0x7d, 0xe3, 0x45, 0x81, 0x6a, 0xd8, 0xf8, 0x69, 0x5c, 0x41, 0x6d, 0x16, 0x54, 0xa5, 0x74, - 0x00, 0x45, 0x3a, 0x0c, 0x6c, 0x57, 0xe8, 0xe4, 0x12, 0x6d, 0x58, 0x40, 0x87, 0x81, 0xb4, 0x76, - 0xd1, 0x0e, 0x3c, 0x70, 0xa3, 0xc4, 0x8e, 0x86, 0x54, 0x41, 0xae, 0xb9, 0x51, 0x62, 0x0d, 0xa9, - 0x71, 0x04, 0x5b, 0x5f, 0xe3, 0xd8, 0xb9, 0x99, 0x19, 0x27, 0x82, 0xfb, 0x99, 0x41, 0x8a, 0x6f, - 0xe3, 0xe7, 0x3c, 0xa0, 0xac, 0xa5, 0x8a, 0x7c, 0x04, 0x9b, 0x94, 0x45, 0x01, 0xf6, 0xbd, 0x77, - 0xc4, 0xcd, 0x8e, 0xbf, 0x3c, 0x15, 0x8b, 0x1d, 0xf8, 0x0c, 0x80, 0x44, 0x11, 0x8b, 0xec, 0x38, - 0x09, 0xe5, 0x22, 0x94, 0x4f, 0x0f, 0xd3, 0xea, 0x17, 0x41, 0xcd, 0x56, 0x6a, 0x78, 0x9d, 0x84, - 0xc4, 0x2a, 0x90, 0xf1, 0x27, 0x7a, 0x02, 0x1b, 0x12, 0x20, 0x20, 0x9c, 0xa7, 0xed, 0x5f, 0x11, - 0x71, 0x4a, 0x42, 0xd8, 0x91, 0x32, 0xe3, 0x35, 0x14, 0x26, 0xce, 0xa8, 0x04, 0xeb, 0xdd, 0x9e, - 0xdd, 0xb2, 0xac, 0x9e, 0x55, 0xb9, 0x87, 0xb6, 0x01, 0xb5, 0xbb, 0x2f, 0x9b, 0x97, 0xed, 0x73, - 0xbb, 0xdd, 0x69, 0x5e, 0xb4, 0xec, 0x6e, 0xb3, 0xd3, 0xaa, 0xe4, 0x90, 0x06, 0xb5, 0x6e, 0xcf, - 0x56, 0x8a, 0xee, 0x75, 0xeb, 0xc2, 0x6a, 0x5e, 0xb7, 0x7b, 0xdd, 0x4a, 0x1e, 0x6d, 0x42, 0xb1, - 0x7f, 0xd6, 0xec, 0xda, 0xcf, 0x9a, 0xed, 0xcb, 0xd6, 0x79, 0x65, 0xc5, 0xf8, 0x10, 0xaa, 0x2f, - 0xe8, 0xed, 0xff, 0x6a, 0xd7, 0x2b, 0xd0, 0x2e, 0x48, 0x2c, 0x6a, 0x23, 0xee, 0xdc, 0xb4, 0x3e, - 0x85, 0xf2, 0xad, 0x54, 0xd8, 0x33, 0x27, 0xfa, 0x70, 0xb2, 0x49, 0x59, 0x3f, 0x6b, 0xe3, 0x36, - 0x8b, 0x62, 0x3c, 0x85, 0xc3, 0xf7, 0xee, 0xe6, 0x39, 0x89, 0xb1, 0xe7, 0x73, 0x7d, 0x1b, 0x6a, - 0xd7, 0x8c, 0x75, 0x30, 0x4d, 0xae, 0x70, 0x84, 0x7d, 0x9f, 0xf8, 0xa9, 0x0b, 0x3f, 0xfd, 0x7d, - 0x0d, 0x4a, 0xc2, 0xb1, 0x2f, 0x09, 0x0d, 0x7d, 0x09, 0xeb, 0x63, 0x1e, 0x42, 0xd5, 0x74, 0x1a, - 0x73, 0xac, 0xa4, 0xcf, 0x6d, 0xb7, 0xb1, 0xf3, 0xcb, 0x5f, 0xff, 0xfe, 0x9a, 0xdf, 0x42, 0x9b, - 0x13, 0x6e, 0xe5, 0xf5, 0x1f, 0x3d, 0xf7, 0x27, 0xd4, 0x81, 0x62, 0x86, 0x43, 0xd0, 0xcc, 0x62, - 0xeb, 0x3b, 0xe9, 0x6b, 0x09, 0xc5, 0x2c, 0x83, 0x13, 0x2c, 0x83, 0x9e, 0x01, 0x4c, 0x49, 0x6d, - 0x0e, 0x6d, 0x3b, 0x7d, 0x2d, 0x52, 0x9e, 0x81, 0x04, 0x58, 0x09, 0xc1, 0x14, 0x0c, 0x75, 0xa0, - 0x30, 0xe9, 0x16, 0xaa, 0xa5, 0x8e, 0xf3, 0xe4, 0xb5, 0x50, 0xa2, 0x2e, 0x60, 0x6a, 0x46, 0xb6, - 0x44, 0xee, 0x60, 0xfa, 0x34, 0x77, 0x82, 0xae, 0x60, 0x6b, 0xa1, 0xf9, 0x68, 0x77, 0x06, 0x76, - 0x8e, 0xa1, 0xf4, 0xbd, 0xf7, 0x68, 0xd5, 0x32, 0xbc, 0x86, 0x83, 0x36, 0x1d, 0x61, 0xdf, 0x73, - 0x71, 0x4c, 0x52, 0xb3, 0x26, 0x75, 0x2d, 0x32, 0xf0, 0x78, 0x1c, 0x25, 0x67, 0x29, 0x2f, 0x71, - 0x54, 0x48, 0x11, 0x5a, 0xe9, 0xcf, 0x46, 0x9f, 0x7e, 0x1a, 0x4f, 0x44, 0x9a, 0x7b, 0xe8, 0x71, - 0x26, 0x4d, 0x41, 0x64, 0x75, 0x6f, 0x82, 0x87, 0x5e, 0x40, 0x29, 0x4b, 0x18, 0x48, 0x0c, 0x62, - 0x09, 0x2f, 0xe9, 0xda, 0xa2, 0x62, 0xb6, 0xab, 0x27, 0xd9, 0xae, 0x7e, 0x03, 0x30, 0x3d, 0x5b, - 0xf4, 0x70, 0xfe, 0x8c, 0x25, 0xe4, 0xf6, 0xf2, 0xeb, 0x36, 0x76, 0x05, 0xe0, 0xb6, 0xb1, 0x95, - 0x02, 0xaa, 0xdd, 0x96, 0xb8, 0x69, 0x87, 0x3b, 0x50, 0xca, 0xde, 0x98, 0xcc, 0x78, 0xc9, 0xd5, - 0x65, 0x5b, 0xf1, 0x48, 0x20, 0x56, 0x4f, 0x16, 0x11, 0xd1, 0x4b, 0xa8, 0xcc, 0xdf, 0x61, 0xb6, - 0x9f, 0xbb, 0x6a, 0xe7, 0x97, 0x1e, 0xea, 0x18, 0x17, 0x2d, 0xe2, 0x7e, 0x61, 0xfe, 0x71, 0xb7, - 0x9f, 0xfb, 0xf3, 0x6e, 0x3f, 0xf7, 0xf7, 0xdd, 0x7e, 0xee, 0xb7, 0x7f, 0xf6, 0xef, 0x81, 0xe6, - 0x31, 0x93, 0xc7, 0xd8, 0xf9, 0x3e, 0x62, 0x3f, 0xc8, 0xbf, 0xbc, 0x89, 0x43, 0xcf, 0x1c, 0x35, - 0xbe, 0xcd, 0x8f, 0x1a, 0xaf, 0xee, 0x7d, 0xb7, 0x26, 0x64, 0x9f, 0xfc, 0x17, 0x00, 0x00, 0xff, - 0xff, 0x0b, 0x24, 0x4b, 0x05, 0x99, 0x08, 0x00, 0x00, + // 1176 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x56, 0xdd, 0x72, 0xdb, 0x44, + 0x14, 0xae, 0xed, 0xa6, 0x49, 0x8e, 0x5d, 0xc7, 0xd9, 0xa4, 0x89, 0xe2, 0xa6, 0x49, 0x46, 0x05, + 0x1a, 0xd2, 0x41, 0x1e, 0x9b, 0xe1, 0xa6, 0xc3, 0x0c, 0x98, 0xc4, 0x0d, 0x66, 0x6a, 0xa7, 0x28, + 0x69, 0x28, 0x4c, 0x67, 0x34, 0x5b, 0x69, 0x9b, 0x6a, 0x90, 0x76, 0x55, 0xed, 0xda, 0xc1, 0x65, + 0xb8, 0x80, 0x2b, 0xee, 0xb9, 0xe1, 0x45, 0x78, 0x07, 0x2e, 0x99, 0xe1, 0x05, 0x98, 0xc0, 0x83, + 0x30, 0xda, 0x5d, 0xcb, 0x92, 0xed, 0x52, 0xee, 0xb4, 0xe7, 0xe7, 0x3b, 0x7b, 0xfe, 0xbe, 0x15, + 0xd4, 0x71, 0xe4, 0x37, 0x86, 0xcd, 0x86, 0x1f, 0xe2, 0x0b, 0xe2, 0x70, 0x12, 0x0f, 0x7d, 0x97, + 0x58, 0x51, 0xcc, 0x04, 0x43, 0xc5, 0x61, 0xb3, 0xbe, 0x7d, 0xc1, 0xd8, 0x45, 0x40, 0x1a, 0x89, + 0x19, 0xa6, 0x94, 0x09, 0x2c, 0x7c, 0x46, 0xb9, 0xb2, 0xa8, 0xdf, 0xd6, 0xde, 0x9c, 0xe0, 0xd8, + 0x7d, 0x99, 0x77, 0xaf, 0x23, 0xad, 0x24, 0x61, 0x24, 0x46, 0x5a, 0xb6, 0xc3, 0x5d, 0x4c, 0x29, + 0x89, 0x1b, 0x5a, 0xe7, 0xb2, 0x30, 0x62, 0x94, 0x50, 0xa1, 0xf5, 0x5b, 0x53, 0x7a, 0xca, 0xc4, + 0x18, 0x6e, 0x8d, 0x0b, 0x16, 0xe3, 0x0b, 0xa2, 0xae, 0xaa, 0x85, 0xc6, 0x58, 0xe8, 0x91, 0x28, + 0x60, 0xa3, 0x30, 0x45, 0x32, 0x2f, 0x61, 0xe5, 0x98, 0x88, 0x6e, 0x62, 0x6b, 0x93, 0x57, 0x03, + 0xc2, 0x05, 0xaa, 0x42, 0xd1, 0xf7, 0x8c, 0xc2, 0x5e, 0x61, 0x7f, 0xd9, 0x2e, 0xfa, 0x1e, 0xba, + 0x07, 0x2b, 0x3e, 0x75, 0x83, 0x81, 0x47, 0x1c, 0x4e, 0x19, 0x7b, 0x4d, 0x3c, 0xa3, 0xb8, 0x57, + 0xd8, 0x5f, 0xb2, 0xab, 0x5a, 0x7c, 0xaa, 0xa4, 0xe8, 0x3e, 0xac, 0x72, 0x11, 0xfb, 0x91, 0xe3, + 0x11, 0xee, 0xc6, 0x7e, 0x94, 0x94, 0xc0, 0x28, 0x49, 0xd3, 0x9a, 0x54, 0x1c, 0x4d, 0xe4, 0xe6, + 0xa7, 0x80, 0x1e, 0xf9, 0x5c, 0x45, 0xe6, 0x36, 0xe1, 0x11, 0xa3, 0x9c, 0xa0, 0x03, 0xb8, 0x21, + 0xef, 0xcd, 0x8d, 0xc2, 0x5e, 0x69, 0xbf, 0xdc, 0x42, 0x96, 0xbe, 0xb9, 0x95, 0x1a, 0xdb, 0xda, + 0xc2, 0xbc, 0x0f, 0x6b, 0x87, 0x6c, 0x40, 0xa7, 0x21, 0xd6, 0x61, 0xc1, 0x4d, 0xc4, 0x32, 0x83, + 0x05, 0x5b, 0x1d, 0xcc, 0x08, 0x6a, 0xa7, 0x2e, 0xa6, 0xb9, 0x44, 0xef, 0x00, 0xa8, 0x7e, 0x52, + 0x1c, 0x12, 0x9d, 0xf0, 0xb2, 0x94, 0xf4, 0x71, 0x28, 0x81, 0x5e, 0xb0, 0xd8, 0x25, 0x3a, 0x5b, + 0x75, 0x98, 0x57, 0x8d, 0xd2, 0xbc, 0x6a, 0x98, 0x11, 0x18, 0x69, 0xc4, 0x2e, 0x15, 0x24, 0xa6, + 0x38, 0x18, 0x47, 0xfe, 0x00, 0x16, 0x64, 0x1c, 0x19, 0xb4, 0xdc, 0xda, 0x4c, 0xb3, 0x3c, 0x64, + 0x54, 0x60, 0x9f, 0x92, 0x58, 0x5d, 0x54, 0x59, 0xa1, 0x5d, 0x28, 0xbb, 0xd8, 0x7d, 0x49, 0x3c, + 0x87, 0xd1, 0x60, 0xa4, 0xe3, 0x81, 0x12, 0x9d, 0xd0, 0x60, 0xf4, 0xc5, 0xf5, 0xa5, 0x62, 0xad, + 0x64, 0xb6, 0x61, 0x6b, 0x4e, 0x44, 0x5d, 0x96, 0x77, 0xf2, 0x21, 0xab, 0x69, 0xc8, 0x6c, 0x24, + 0xf3, 0xe7, 0x22, 0xbc, 0x37, 0x9e, 0x87, 0xf3, 0x41, 0x40, 0x49, 0x8c, 0x9f, 0xfb, 0x81, 0x2f, + 0x7c, 0xc2, 0xa7, 0x73, 0xd8, 0x82, 0x25, 0x55, 0xbd, 0x74, 0x58, 0x16, 0xe5, 0xb9, 0xeb, 0xa1, + 0x66, 0xae, 0xb0, 0x45, 0x19, 0x10, 0xe5, 0x03, 0x26, 0x15, 0xce, 0x16, 0xbb, 0x05, 0x4b, 0x21, + 0x11, 0xd8, 0xc3, 0x02, 0xcb, 0xfc, 0xca, 0xad, 0x8d, 0xbc, 0x43, 0x4f, 0x6b, 0xed, 0xd4, 0x0e, + 0x7d, 0x04, 0x90, 0x2e, 0x06, 0x37, 0xae, 0x4b, 0xaf, 0x5b, 0x96, 0x5e, 0x8d, 0xf3, 0xa6, 0x75, + 0x98, 0x2a, 0xed, 0x8c, 0x21, 0x7a, 0x17, 0x16, 0x92, 0x7d, 0xe1, 0xc6, 0xc2, 0x5e, 0x69, 0xbf, + 0xda, 0x5a, 0xc9, 0x78, 0xf4, 0x99, 0x20, 0xb6, 0xd2, 0x9a, 0xa7, 0xb0, 0x76, 0x44, 0x02, 0x22, + 0xc8, 0x78, 0xbe, 0x54, 0xda, 0x26, 0x2c, 0xbc, 0x1a, 0x90, 0x78, 0xa4, 0xeb, 0x58, 0xb1, 0x86, + 0x4d, 0xcb, 0xc6, 0x97, 0x5f, 0x26, 0x32, 0x5b, 0xa9, 0x90, 0x01, 0x8b, 0x2e, 0xa3, 0x2f, 0xfc, + 0x38, 0xd4, 0xb3, 0x33, 0x3e, 0x9a, 0x8f, 0x61, 0x3d, 0x0f, 0xaa, 0xbb, 0xb3, 0x0b, 0x65, 0x3a, + 0x08, 0x1d, 0x4f, 0xea, 0x54, 0x3d, 0x6f, 0xda, 0x40, 0x07, 0xa1, 0xb2, 0xf6, 0xd0, 0x26, 0x2c, + 0x7a, 0xf1, 0xc8, 0x89, 0x07, 0x54, 0x43, 0xde, 0xf0, 0xe2, 0x91, 0x3d, 0xa0, 0xe6, 0x3d, 0x58, + 0xfd, 0x0a, 0x0b, 0xf7, 0x65, 0x6e, 0xb2, 0x11, 0x5c, 0xcf, 0xcc, 0xb4, 0xfc, 0x36, 0x7f, 0x2c, + 0x02, 0xca, 0x5a, 0xea, 0xc8, 0xf7, 0x60, 0x85, 0xb2, 0x38, 0xc4, 0x81, 0xff, 0x9a, 0x78, 0xd9, + 0x4d, 0xa8, 0x4e, 0xc4, 0xb2, 0x43, 0x9f, 0x00, 0x90, 0x38, 0x66, 0xb1, 0x23, 0x46, 0x91, 0x6a, + 0x6a, 0xb5, 0xb5, 0x97, 0x64, 0x3f, 0x0b, 0x6a, 0x75, 0x12, 0xc3, 0xb3, 0x51, 0x44, 0xec, 0x65, + 0x32, 0xfe, 0x44, 0x77, 0xe1, 0xa6, 0x02, 0x08, 0x09, 0xe7, 0xc9, 0x24, 0x96, 0x64, 0x9c, 0x8a, + 0x14, 0xf6, 0x94, 0xcc, 0x7c, 0x06, 0xcb, 0xa9, 0x33, 0xaa, 0xc0, 0x52, 0xff, 0xc4, 0xe9, 0xd8, + 0xf6, 0x89, 0x5d, 0xbb, 0x86, 0x36, 0x00, 0x75, 0xfb, 0xe7, 0xed, 0x47, 0xdd, 0x23, 0xa7, 0xdb, + 0x6b, 0x1f, 0x77, 0x9c, 0x7e, 0xbb, 0xd7, 0xa9, 0x15, 0x90, 0x01, 0xeb, 0xfd, 0x13, 0x47, 0x2b, + 0xfa, 0x67, 0x9d, 0x63, 0xbb, 0x7d, 0xd6, 0x3d, 0xe9, 0xd7, 0x8a, 0x68, 0x05, 0xca, 0xa7, 0x87, + 0xed, 0xbe, 0xf3, 0xb0, 0xdd, 0x7d, 0xd4, 0x39, 0xaa, 0x95, 0xcc, 0xf7, 0x61, 0xed, 0x09, 0xbd, + 0xfc, 0x5f, 0xe5, 0x7a, 0x0a, 0xc6, 0x31, 0x11, 0x32, 0x37, 0xe2, 0x4d, 0x75, 0xeb, 0x63, 0xa8, + 0x5e, 0x2a, 0x85, 0x93, 0x63, 0xab, 0x5b, 0xe9, 0xc8, 0x66, 0xfd, 0xec, 0x9b, 0x97, 0x59, 0x14, + 0xf3, 0x01, 0xec, 0xbd, 0x71, 0x4d, 0x8f, 0x88, 0xc0, 0x7e, 0xc0, 0xeb, 0x1b, 0xb0, 0x7e, 0xc6, + 0x58, 0x0f, 0xd3, 0xd1, 0x63, 0x1c, 0xe3, 0x20, 0x20, 0x41, 0xe2, 0xc2, 0x5b, 0xbf, 0x2d, 0x42, + 0x45, 0x3a, 0x9e, 0xaa, 0x37, 0x04, 0x7d, 0x0e, 0x4b, 0xe3, 0x7d, 0x45, 0x6b, 0x49, 0x37, 0xa6, + 0xd8, 0xbc, 0x3e, 0xb5, 0xe8, 0xe6, 0xe6, 0x4f, 0x7f, 0xfe, 0xf3, 0x4b, 0x71, 0x15, 0xad, 0xa4, + 0xcf, 0x19, 0x6f, 0x7c, 0xef, 0x7b, 0x3f, 0xa0, 0x1e, 0x94, 0x33, 0x74, 0x8a, 0x72, 0x83, 0x5d, + 0xdf, 0x4c, 0x4e, 0x73, 0xd8, 0x76, 0x1e, 0x9c, 0x24, 0x5c, 0xf4, 0x10, 0x60, 0xc2, 0xef, 0x53, + 0x68, 0x1b, 0xc9, 0x69, 0x96, 0xfd, 0x4d, 0x24, 0xc1, 0x2a, 0x08, 0x26, 0x60, 0xa8, 0x07, 0xcb, + 0x69, 0xb5, 0xd0, 0x7a, 0xe2, 0x38, 0xcd, 0xe3, 0x33, 0x29, 0xd6, 0x25, 0xcc, 0xba, 0x99, 0x4d, + 0x31, 0xd9, 0xf1, 0x07, 0x85, 0x03, 0xf4, 0x18, 0x56, 0x67, 0x8a, 0x8f, 0xb6, 0x73, 0xb0, 0x53, + 0x44, 0x57, 0xbf, 0xf3, 0x06, 0xad, 0x1e, 0x86, 0x00, 0x76, 0xdf, 0xc2, 0x98, 0xe8, 0x20, 0xdb, + 0x98, 0xff, 0xa6, 0xd5, 0xb7, 0x45, 0x7b, 0x06, 0xbb, 0x5d, 0x3a, 0xc4, 0x81, 0xef, 0x61, 0x41, + 0x12, 0xb3, 0x36, 0xf5, 0x6c, 0x72, 0xe1, 0x73, 0x11, 0x8f, 0x0e, 0x93, 0x07, 0x81, 0xa3, 0xe5, + 0x04, 0xa1, 0x93, 0xfc, 0x4d, 0xd4, 0x27, 0x9f, 0xe6, 0x5d, 0x59, 0x94, 0x3b, 0xe8, 0x76, 0xa6, + 0x28, 0xf2, 0x05, 0x69, 0xf8, 0x29, 0x1e, 0x7a, 0x02, 0x95, 0x2c, 0x3d, 0x21, 0xd9, 0xf6, 0x39, + 0x2c, 0x58, 0x37, 0x66, 0x15, 0xf9, 0x1e, 0x1e, 0x64, 0x7b, 0xf8, 0x35, 0xc0, 0x84, 0x24, 0xd0, + 0xad, 0x69, 0xd2, 0x50, 0x90, 0x1b, 0xf3, 0xb9, 0xc4, 0xdc, 0x96, 0x80, 0x1b, 0xe6, 0x6a, 0x02, + 0xa8, 0x37, 0x49, 0xe1, 0x26, 0xfd, 0xec, 0x41, 0x25, 0xbb, 0xd1, 0xea, 0xc6, 0x73, 0x76, 0x3c, + 0x5b, 0x8a, 0x2d, 0x89, 0xb8, 0x76, 0x30, 0x8b, 0x88, 0xce, 0xa1, 0x36, 0xbd, 0xf5, 0xd9, 0x7a, + 0x6e, 0xeb, 0x46, 0xce, 0xa5, 0x85, 0x31, 0x2e, 0x9a, 0xc5, 0xfd, 0xcc, 0xfa, 0xfd, 0x6a, 0xa7, + 0xf0, 0xc7, 0xd5, 0x4e, 0xe1, 0xaf, 0xab, 0x9d, 0xc2, 0xaf, 0x7f, 0xef, 0x5c, 0x03, 0xc3, 0x67, + 0x16, 0x17, 0xd8, 0xfd, 0x36, 0x66, 0xdf, 0xa9, 0x7f, 0x31, 0x0b, 0x47, 0xbe, 0x35, 0x6c, 0x7e, + 0x53, 0x1c, 0x36, 0x9f, 0x5e, 0x7b, 0x7e, 0x43, 0xca, 0x3e, 0xfc, 0x37, 0x00, 0x00, 0xff, 0xff, + 0xb2, 0x5f, 0x16, 0x05, 0x7a, 0x0a, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -1085,8 +1207,10 @@ type ImageServiceClient interface { ListImages(ctx context.Context, in *RawQuery, opts ...grpc.CallOption) (*ListImagesResponse, error) // ScanImage scans a single image and returns the result ScanImage(ctx context.Context, in *ScanImageRequest, opts ...grpc.CallOption) (*storage.Image, error) - // ScanImageInternal is used solely by the Sensor to send scan requests + // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests ScanImageInternal(ctx context.Context, in *ScanImageInternalRequest, opts ...grpc.CallOption) (*ScanImageInternalResponse, error) + // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. + GetImageVulnerabilitiesInternal(ctx context.Context, in *GetImageVulnerabilitiesInternalRequest, opts ...grpc.CallOption) (*ScanImageInternalResponse, error) // InvalidateScanAndRegistryCaches removes the image metadata cache. InvalidateScanAndRegistryCaches(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) // DeleteImage removes the images based on a query @@ -1155,6 +1279,15 @@ func (c *imageServiceClient) ScanImageInternal(ctx context.Context, in *ScanImag return out, nil } +func (c *imageServiceClient) GetImageVulnerabilitiesInternal(ctx context.Context, in *GetImageVulnerabilitiesInternalRequest, opts ...grpc.CallOption) (*ScanImageInternalResponse, error) { + out := new(ScanImageInternalResponse) + err := c.cc.Invoke(ctx, "/v1.ImageService/GetImageVulnerabilitiesInternal", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *imageServiceClient) InvalidateScanAndRegistryCaches(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { out := new(Empty) err := c.cc.Invoke(ctx, "/v1.ImageService/InvalidateScanAndRegistryCaches", in, out, opts...) @@ -1210,8 +1343,10 @@ type ImageServiceServer interface { ListImages(context.Context, *RawQuery) (*ListImagesResponse, error) // ScanImage scans a single image and returns the result ScanImage(context.Context, *ScanImageRequest) (*storage.Image, error) - // ScanImageInternal is used solely by the Sensor to send scan requests + // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests ScanImageInternal(context.Context, *ScanImageInternalRequest) (*ScanImageInternalResponse, error) + // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. + GetImageVulnerabilitiesInternal(context.Context, *GetImageVulnerabilitiesInternalRequest) (*ScanImageInternalResponse, error) // InvalidateScanAndRegistryCaches removes the image metadata cache. InvalidateScanAndRegistryCaches(context.Context, *Empty) (*Empty, error) // DeleteImage removes the images based on a query @@ -1246,6 +1381,9 @@ func (*UnimplementedImageServiceServer) ScanImage(ctx context.Context, req *Scan func (*UnimplementedImageServiceServer) ScanImageInternal(ctx context.Context, req *ScanImageInternalRequest) (*ScanImageInternalResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method ScanImageInternal not implemented") } +func (*UnimplementedImageServiceServer) GetImageVulnerabilitiesInternal(ctx context.Context, req *GetImageVulnerabilitiesInternalRequest) (*ScanImageInternalResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetImageVulnerabilitiesInternal not implemented") +} func (*UnimplementedImageServiceServer) InvalidateScanAndRegistryCaches(ctx context.Context, req *Empty) (*Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method InvalidateScanAndRegistryCaches not implemented") } @@ -1356,6 +1494,24 @@ func _ImageService_ScanImageInternal_Handler(srv interface{}, ctx context.Contex return interceptor(ctx, in, info, handler) } +func _ImageService_GetImageVulnerabilitiesInternal_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetImageVulnerabilitiesInternalRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ImageServiceServer).GetImageVulnerabilitiesInternal(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/v1.ImageService/GetImageVulnerabilitiesInternal", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ImageServiceServer).GetImageVulnerabilitiesInternal(ctx, req.(*GetImageVulnerabilitiesInternalRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _ImageService_InvalidateScanAndRegistryCaches_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(Empty) if err := dec(in); err != nil { @@ -1470,6 +1626,10 @@ var _ImageService_serviceDesc = grpc.ServiceDesc{ MethodName: "ScanImageInternal", Handler: _ImageService_ScanImageInternal_Handler, }, + { + MethodName: "GetImageVulnerabilitiesInternal", + Handler: _ImageService_GetImageVulnerabilitiesInternal_Handler, + }, { MethodName: "InvalidateScanAndRegistryCaches", Handler: _ImageService_InvalidateScanAndRegistryCaches_Handler, @@ -1519,6 +1679,16 @@ func (m *GetImageRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.StripDescription { + i-- + if m.StripDescription { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x18 + } if m.IncludeSnoozed { i-- if m.IncludeSnoozed { @@ -1754,6 +1924,94 @@ func (m *ScanImageInternalResponse) MarshalToSizedBuffer(dAtA []byte) (int, erro return len(dAtA) - i, nil } +func (m *GetImageVulnerabilitiesInternalRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GetImageVulnerabilitiesInternalRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *GetImageVulnerabilitiesInternalRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Notes) > 0 { + dAtA4 := make([]byte, len(m.Notes)*10) + var j3 int + for _, num := range m.Notes { + for num >= 1<<7 { + dAtA4[j3] = uint8(uint64(num)&0x7f | 0x80) + num >>= 7 + j3++ + } + dAtA4[j3] = uint8(num) + j3++ + } + i -= j3 + copy(dAtA[i:], dAtA4[:j3]) + i = encodeVarintImageService(dAtA, i, uint64(j3)) + i-- + dAtA[i] = 0x2a + } + if m.Components != nil { + { + size, err := m.Components.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintImageService(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + if m.Metadata != nil { + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintImageService(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + if m.ImageName != nil { + { + size, err := m.ImageName.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintImageService(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if len(m.ImageId) > 0 { + i -= len(m.ImageId) + copy(dAtA[i:], m.ImageId) + i = encodeVarintImageService(dAtA, i, uint64(len(m.ImageId))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *DeleteImagesRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -2078,6 +2336,9 @@ func (m *GetImageRequest) Size() (n int) { if m.IncludeSnoozed { n += 2 } + if m.StripDescription { + n += 2 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -2174,6 +2435,41 @@ func (m *ScanImageInternalResponse) Size() (n int) { return n } +func (m *GetImageVulnerabilitiesInternalRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ImageId) + if l > 0 { + n += 1 + l + sovImageService(uint64(l)) + } + if m.ImageName != nil { + l = m.ImageName.Size() + n += 1 + l + sovImageService(uint64(l)) + } + if m.Metadata != nil { + l = m.Metadata.Size() + n += 1 + l + sovImageService(uint64(l)) + } + if m.Components != nil { + l = m.Components.Size() + n += 1 + l + sovImageService(uint64(l)) + } + if len(m.Notes) > 0 { + l = 0 + for _, e := range m.Notes { + l += sovImageService(uint64(e)) + } + n += 1 + sovImageService(uint64(l)) + l + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *DeleteImagesRequest) Size() (n int) { if m == nil { return 0 @@ -2395,6 +2691,26 @@ func (m *GetImageRequest) Unmarshal(dAtA []byte) error { } } m.IncludeSnoozed = bool(v != 0) + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field StripDescription", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.StripDescription = bool(v != 0) default: iNdEx = preIndex skippy, err := skipImageService(dAtA[iNdEx:]) @@ -2889,6 +3205,266 @@ func (m *ScanImageInternalResponse) Unmarshal(dAtA []byte) error { } return nil } +func (m *GetImageVulnerabilitiesInternalRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetImageVulnerabilitiesInternalRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetImageVulnerabilitiesInternalRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ImageId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ImageId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ImageName", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ImageName == nil { + m.ImageName = &storage.ImageName{} + } + if err := m.ImageName.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Metadata == nil { + m.Metadata = &storage.ImageMetadata{} + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Components", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Components == nil { + m.Components = &v1.Components{} + } + if err := m.Components.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType == 0 { + var v v1.Note + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= v1.Note(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Notes = append(m.Notes, v) + } else if wireType == 2 { + var packedLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + packedLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if packedLen < 0 { + return ErrInvalidLengthImageService + } + postIndex := iNdEx + packedLen + if postIndex < 0 { + return ErrInvalidLengthImageService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + var elementCount int + if elementCount != 0 && len(m.Notes) == 0 { + m.Notes = make([]v1.Note, 0, elementCount) + } + for iNdEx < postIndex { + var v v1.Note + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowImageService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= v1.Note(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Notes = append(m.Notes, v) + } + } else { + return fmt.Errorf("proto: wrong wireType = %d for field Notes", wireType) + } + default: + iNdEx = preIndex + skippy, err := skipImageService(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthImageService + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *DeleteImagesRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/generated/api/v1/image_service.swagger.json b/generated/api/v1/image_service.swagger.json index d4edb4d5ffbe7..be3c8cddb4bf4 100644 --- a/generated/api/v1/image_service.swagger.json +++ b/generated/api/v1/image_service.swagger.json @@ -215,6 +215,12 @@ "in": "query", "required": false, "type": "boolean" + }, + { + "name": "stripDescription", + "in": "query", + "required": false, + "type": "boolean" } ], "tags": [ @@ -408,20 +414,6 @@ ], "default": "UI_NONE" }, - "EmbeddedImageScanComponentExecutable": { - "type": "object", - "properties": { - "path": { - "type": "string" - }, - "dependencies": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, "EmbeddedVulnerabilityVulnerabilityType": { "type": "string", "enum": [ @@ -480,6 +472,210 @@ } } }, + "scannerV1Components": { + "type": "object", + "properties": { + "namespace": { + "type": "string" + }, + "osComponents": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1OSComponent" + } + }, + "rhelComponents": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1RHELComponent" + } + }, + "languageComponents": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1LanguageComponent" + } + } + } + }, + "scannerV1Executable": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "requiredFeatures": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1FeatureNameVersion" + } + } + } + }, + "scannerV1FeatureNameVersion": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + } + }, + "scannerV1JavaComponent": { + "type": "object", + "properties": { + "implementationVersion": { + "type": "string" + }, + "mavenVersion": { + "type": "string" + }, + "origins": { + "type": "array", + "items": { + "type": "string" + } + }, + "specificationVersion": { + "type": "string" + }, + "bundleName": { + "type": "string" + } + } + }, + "scannerV1LanguageComponent": { + "type": "object", + "properties": { + "type": { + "$ref": "#/definitions/scannerV1SourceType" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "location": { + "type": "string" + }, + "java": { + "$ref": "#/definitions/scannerV1JavaComponent" + }, + "python": { + "$ref": "#/definitions/scannerV1PythonComponent" + }, + "addedBy": { + "type": "string" + } + } + }, + "scannerV1Note": { + "type": "string", + "enum": [ + "OS_CVES_UNAVAILABLE", + "OS_CVES_STALE", + "LANGUAGE_CVES_UNAVAILABLE", + "CERTIFIED_RHEL_SCAN_UNAVAILABLE" + ], + "default": "OS_CVES_UNAVAILABLE" + }, + "scannerV1OSComponent": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + }, + "addedBy": { + "type": "string" + }, + "executables": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1Executable" + } + } + } + }, + "scannerV1PythonComponent": { + "type": "object", + "properties": { + "homepage": { + "type": "string" + }, + "authorEmail": { + "type": "string" + }, + "downloadUrl": { + "type": "string" + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + } + } + }, + "scannerV1RHELComponent": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "int64" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + }, + "arch": { + "type": "string" + }, + "module": { + "type": "string" + }, + "cpes": { + "type": "array", + "items": { + "type": "string" + } + }, + "addedBy": { + "type": "string" + }, + "executables": { + "type": "array", + "items": { + "$ref": "#/definitions/scannerV1Executable" + } + } + } + }, + "scannerV1SourceType": { + "type": "string", + "enum": [ + "UNSET_SOURCE_TYPE", + "JAVA", + "PYTHON", + "NPM", + "GEM", + "DOTNETCORERUNTIME" + ], + "default": "UNSET_SOURCE_TYPE" + }, "storageCVSSV2": { "type": "object", "properties": { @@ -721,13 +917,27 @@ "executables": { "type": "array", "items": { - "$ref": "#/definitions/EmbeddedImageScanComponentExecutable" + "$ref": "#/definitions/storageEmbeddedImageScanComponentExecutable" }, "title": "Values are cleared after moving to cache, remove them from the grpc return as well" } }, "title": "Next Tag: 13" }, + "storageEmbeddedImageScanComponentExecutable": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "dependencies": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "storageEmbeddedVulnerability": { "type": "object", "properties": { diff --git a/go.mod b/go.mod index ba9fb44c131a1..e6b3486382e54 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 // CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude" // directive at the bottom of the file as well. -require github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d +require github.com/stackrox/scanner v0.0.0-20220214215744-13c0e1db0298 require ( cloud.google.com/go/compute v1.3.0 diff --git a/go.sum b/go.sum index a491929027dd2..617d58d540dda 100644 --- a/go.sum +++ b/go.sum @@ -673,7 +673,6 @@ github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= -github.com/containers/image/v5 v5.11.1/go.mod h1:HC9lhJ/Nz5v3w/5Co7H431kLlgzlVlOC+auD/er3OqE= github.com/containers/image/v5 v5.19.1 h1:g4/+XIuh1kRoRn2MfLDhfHhkNOIO9JtqhSyo55tjpfE= github.com/containers/image/v5 v5.19.1/go.mod h1:ewoo3u+TpJvGmsz64XgzbyTHwHtM94q7mgK/pX+v2SE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= @@ -681,7 +680,6 @@ github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/ github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= -github.com/containers/storage v1.29.0/go.mod h1:u84RU4CCufGeJBNTRNwMB+FoE+AiFeFw4SsMoqAOeCM= github.com/containers/storage v1.38.2 h1:8bAIxnVBGKzMw5EWCivVj24bztQT6IkDp4uHiyhnzwE= github.com/containers/storage v1.38.2/go.mod h1:INP0RPLHWBxx+pTsO5uiHlDUGHDFvWZPWprAbAlQWPQ= github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= @@ -823,7 +821,6 @@ github.com/docker/docker v0.7.3-0.20190103212154-2b7e084dc98b/go.mod h1:eEKB0N0r github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v0.7.3-0.20190817195342-4760db040282/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v1.4.2-0.20191219165747-a9416c67da9f/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v1.4.2-0.20200203170920-46ec8731fbce/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= @@ -985,14 +982,11 @@ github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-git-fixtures/v4 v4.0.2-0.20200613231340-f56387b50c12/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw= github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8= github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= -github.com/go-git/go-git/v5 v5.2.0/go.mod h1:kh02eMX+wdqqxgNMEyq8YgwlIOsDOa9homkUq1PoTMs= github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4= github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= @@ -1777,7 +1771,6 @@ github.com/jsonnet-bundler/jsonnet-bundler v0.3.1/go.mod h1:/by7P/OoohkI3q4CgSFq github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= @@ -1877,7 +1870,6 @@ github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lovoo/gcloud-opentracing v0.3.0/go.mod h1:ZFqk2y38kMDDikZPAK7ynTTGuyt17nSPdS3K5e+ZTBY= -github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/machinebox/graphql v0.2.2 h1:dWKpJligYKhYKO5A2gvNhkJdQMNZeChZYyBbrZkBZfo= @@ -1899,7 +1891,6 @@ github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/manifoldco/promptui v0.8.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ= github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/maratori/testpackage v1.0.1/go.mod h1:ddKdw+XG0Phzhx8BFDTKgpWP4i7MpApTE5fXSKAqwDU= github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI= @@ -1952,7 +1943,6 @@ github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.10/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= @@ -2078,7 +2068,6 @@ github.com/mozillazg/go-httpheader v0.2.1/go.mod h1:jJ8xECTlalr6ValeXYdOF8fFUISe github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de/go.mod h1:kJun4WP5gFuHZgRjZUWWuH1DTxCtxbHDOIJsudS8jzY= github.com/mschoch/smat v0.2.0 h1:8imxQsjDm8yFEAVBe7azKmKSgzSkZXDuKkSq9374khM= github.com/mschoch/smat v0.2.0/go.mod h1:kc9mz7DoBKqDyiRL7VZN8KvXQMWeTaVnttLRXOlotKw= -github.com/mtrmac/gpgme v0.1.2/go.mod h1:GYYHnGSuS7HK3zVS2n3y73y0okK/BeKzwnn5jgiVFNI= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -2256,8 +2245,6 @@ github.com/polyfloyd/go-errorlint v0.0.0-20210722154253-910bb7978349/go.mod h1:w github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M= -github.com/pquerna/ffjson v0.0.0-20190813045741-dac163c6c0a9/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M= github.com/proglottis/gpgme v0.1.1/go.mod h1:fPbW/EZ0LvwQtH8Hy7eixhp1eF3G39dtx7GUN+0Gmy0= github.com/prometheus/alertmanager v0.18.0/go.mod h1:WcxHBl40VSPuOaqWae6l6HpnEOVRIycEJ7i9iYkadEE= github.com/prometheus/alertmanager v0.20.0/go.mod h1:9g2i48FAyZW6BtbsnvHtMHQXl2aVtrORKwKVCQ+nbrg= @@ -2349,7 +2336,6 @@ github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqn github.com/remind101/migrate v0.0.0-20170729031349-52c1edff7319/go.mod h1:rhSvwcijY9wfmrBYrfCvapX8/xOTV46NAUjBRgUyJqc= github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= -github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/robfig/cron v0.0.0-20170526150127-736158dc09e1/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k= @@ -2541,8 +2527,8 @@ github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 h1:0 github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5/go.mod h1:GEtZ9DYAzmOtyqQPCJCEIzXJ7NcrHbMy6ZPJbcyfmLM= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56 h1:D2wYiy+hcKy8qZAg9SxSWfZgbvmEgD9AdV0g0lJqGZ0= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56/go.mod h1:AIeN7k60Q/kcW9aeiMpA0PY8CU3zsrLV0UhIksolMn4= -github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d h1:AugbkBwG2hVTam/UG0k+/GcjNMLMDd8/au9ke2NnOtY= -github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= +github.com/stackrox/scanner v0.0.0-20220214215744-13c0e1db0298 h1:yE3ZX70ooJqHrKY59Ck8EFADw9Jmv3of0r+tb/Sc9Bk= +github.com/stackrox/scanner v0.0.0-20220214215744-13c0e1db0298/go.mod h1:Juogn/73/TuznF3SFDDdhcaX7ASHDNmxQVxMP8XZPk4= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d h1:jeM6QMtwE9BU0rfDYcmkI/aOChOUfIO18LDp/DSnZpI= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/stackrox/yaml/v2 v2.4.1 h1:09ux+QFfvp+Lk73pwGlMTAHeZoS2pqs6CCngYaJ6EQo= @@ -2666,12 +2652,10 @@ github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyC github.com/valyala/fasthttp v1.16.0/go.mod h1:YOKImeEosDdBPnxc0gy7INqi3m1zK6A+xl6TwOBhHCA= github.com/valyala/quicktemplate v1.6.3/go.mod h1:fwPzK2fHuYEODzJ9pkw0ipCPNHZ2tD5KW4lOuSdPKzY= github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= -github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g= github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME= github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= github.com/vbauerster/mpb/v4 v4.12.2 h1:TsBs1nWRYF0m8cUH13pxNhOUqY6yKcOr2PeSYxp2L3I= github.com/vbauerster/mpb/v4 v4.12.2/go.mod h1:LVRGvMch8T4HQO3eg2pFPsACH9kO/O6fT/7vhGje3QE= -github.com/vbauerster/mpb/v6 v6.0.3/go.mod h1:5luBx4rDLWxpA4t6I5sdeeQuZhqDxc+wr5Nqf35+tnM= github.com/vbauerster/mpb/v7 v7.3.2/go.mod h1:wfxIZcOJq/bG1/lAtfzMXcOiSvbqVi/5GX5WCSi+IsA= github.com/vdemeester/k8s-pkg-credentialprovider v1.21.0-1/go.mod h1:l4LxiP0cmEcc5q4BTDE8tZSyIiyXe0T28x37yHpMzoM= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= @@ -3242,7 +3226,6 @@ golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/make/protogen.mk b/make/protogen.mk index 779fcde2b7c60..b86bfe7ce219c 100644 --- a/make/protogen.mk +++ b/make/protogen.mk @@ -20,6 +20,11 @@ GENERATED_PB_SRCS = $(ALL_PROTOS_REL:%.proto=$(GENERATED_BASE_PATH)/%.pb.go) GENERATED_API_GW_SRCS = $(SERVICE_PROTOS_REL:%.proto=$(GENERATED_BASE_PATH)/%.pb.gw.go) GENERATED_API_SWAGGER_SPECS = $(API_SERVICE_PROTOS:%.proto=$(GENERATED_BASE_PATH)/%.swagger.json) +SCANNER_DIR = $(shell go list -f '{{.Dir}}' -m github.com/stackrox/scanner) +SCANNER_PROTO_BASE_PATH = $(SCANNER_DIR)/proto +ALL_SCANNER_PROTOS = $(shell find $(SCANNER_PROTO_BASE_PATH) -name '*.proto') +ALL_SCANNER_PROTOS_REL = $(ALL_SCANNER_PROTOS:$(SCANNER_PROTO_BASE_PATH)/%=%) + ############## ## Protobuf ## ############## @@ -92,10 +97,15 @@ $(PROTOC_GEN_LINT): $(MODFILE_DIR)/github.com/ckaznocha/protoc-gen-lint/UPDATE_C GOGO_M_STR := Mgoogle/protobuf/any.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/duration.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/struct.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/timestamp.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/wrappers.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/empty.proto=github.com/gogo/protobuf/types -# The --go_out=M... argument specifies the go package to use for an imported proto file. Here, we instruct protoc-gen-go -# to import the go source for proto file $(BASE_PATH)//*.proto to +# The --go_out=M... argument specifies the go package to use for an imported proto file. +# Here, we instruct protoc-gen-go to import the go source for proto file $(BASE_PATH)//*.proto to # "github.com/stackrox/rox/generated/". -M_ARGS = $(foreach proto,$(ALL_PROTOS_REL),M$(proto)=github.com/stackrox/rox/generated/$(patsubst %/,%,$(dir $(proto)))) +ROX_M_ARGS = $(foreach proto,$(ALL_PROTOS_REL),M$(proto)=github.com/stackrox/rox/generated/$(patsubst %/,%,$(dir $(proto)))) +# Here, we instruct protoc-gen-go to import the go source for proto file github.com/stackrox/scanner/proto//*.proto to +# "github.com/stackrox/scanner/generated/". +SCANNER_M_ARGS = $(foreach proto,$(ALL_SCANNER_PROTOS_REL),M$(proto)=github.com/stackrox/scanner/generated/$(patsubst %/,%,$(dir $(proto)))) +# Combine the *_M_ARGS. +M_ARGS = $(ROX_M_ARGS) $(SCANNER_M_ARGS) # This is the M_ARGS used for the grpc-gateway invocation. We only map the storage protos, because # - the gateway code produces no output (possibly because of a bug) if we pass M_ARGS_STR to it. # - the gateway code doesn't need access to anything outside api/v1 except storage. In particular, it should NOT import internalapi protos. @@ -123,6 +133,7 @@ proto-fmt: $(PROTOC_GEN_LINT) -I$(PROTOC_INCLUDES) \ -I$(GOGO_DIR)/protobuf \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ + -I$(SCANNER_PROTO_BASE_PATH) \ --lint_out=. \ --proto_path=$(PROTO_BASE_PATH) \ $(ALL_PROTOS) @@ -191,6 +202,7 @@ $(GENERATED_BASE_PATH)/%.pb.go: $(PROTO_BASE_PATH)/%.proto $(PROTO_DEPS) $(PROTO -I$(GOGO_DIR) \ -I$(PROTOC_INCLUDES) \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ + -I$(SCANNER_PROTO_BASE_PATH) \ --proto_path=$(PROTO_BASE_PATH) \ --gofast_out=$(GOGO_M_STR:%=%,)$(M_ARGS_STR:%=%,)plugins=grpc:$(GENERATED_BASE_PATH) \ $(dir $<)/*.proto @@ -205,6 +217,7 @@ $(GENERATED_BASE_PATH)/%_service.pb.gw.go: $(PROTO_BASE_PATH)/%_service.proto $( -I$(PROTOC_INCLUDES) \ -I$(GOGO_DIR) \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ + -I$(SCANNER_PROTO_BASE_PATH) \ --proto_path=$(PROTO_BASE_PATH) \ --grpc-gateway_out=$(GATEWAY_M_ARGS_STR:%=%,)allow_colon_final_segments=true,logtostderr=true:$(GENERATED_BASE_PATH) \ $(dir $<)/*.proto @@ -218,6 +231,7 @@ $(GENERATED_BASE_PATH)/%.swagger.json: $(PROTO_BASE_PATH)/%.proto $(PROTO_DEPS) -I$(GOGO_DIR) \ -I$(PROTOC_INCLUDES) \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ + -I$(SCANNER_PROTO_BASE_PATH) \ --proto_path=$(PROTO_BASE_PATH) \ --swagger_out=logtostderr=true,json_names_for_fields=true:$(GENERATED_BASE_PATH) \ $(dir $<)/*.proto diff --git a/pkg/env/sensor.go b/pkg/env/sensor.go index 865f1cd96eed5..9fc7d56e645a5 100644 --- a/pkg/env/sensor.go +++ b/pkg/env/sensor.go @@ -11,4 +11,11 @@ var ( // SensorEndpoint is used to communicate the sensor endpoint to other services in the same cluster. SensorEndpoint = RegisterSetting("ROX_SENSOR_ENDPOINT", WithDefault("sensor.stackrox.svc:443")) + + // ScannerGRPCEndpoint is used to communicate the scanner endpoint to other services in the same cluster. + // This is typically used for Sensor to communicate with a local Scanner-slim's gRPC server. + ScannerGRPCEndpoint = RegisterSetting("ROX_SCANNER_GRPC_ENDPOINT", WithDefault("scanner-slim.stackrox.svc:8443")) + + // UseLocalScanner is used to specify if Sensor should attempt to scan images via a local Scanner. + UseLocalScanner = RegisterBooleanSetting("ROX_USE_LOCAL_SCANNER", false) ) diff --git a/pkg/images/utils/utils.go b/pkg/images/utils/utils.go index 4966d00df1e84..0a1dc09ac99b0 100644 --- a/pkg/images/utils/utils.go +++ b/pkg/images/utils/utils.go @@ -48,7 +48,7 @@ func GenerateImageFromStringWithDefaultTag(imageStr, defaultTag string) (*storag } // GenerateImageNameFromString generated an ImageName from a common string format and returns an error if there was an -// issure parsing it. +// issue parsing it. func GenerateImageNameFromString(imageStr string) (*storage.ImageName, reference.Reference, error) { name := &storage.ImageName{ FullName: imageStr, @@ -175,6 +175,13 @@ func ExtractImageDigest(imageStr string) string { return "" } +// ExtractOpenShiftProject returns the name of the OpenShift project in which the given image is stored. +// Images stored in the OpenShift Internal Registry are identified as: //:. +func ExtractOpenShiftProject(imgName *storage.ImageName) string { + // Use the image name's "remote" field, as it encapsulates /. + return stringutils.GetUpTo(imgName.GetRemote(), "/") +} + type nameHolder interface { GetName() *storage.ImageName GetId() string diff --git a/proto/api/v1/image_service.proto b/proto/api/v1/image_service.proto index 3fc42f78cd2e7..9f50549f67cbe 100644 --- a/proto/api/v1/image_service.proto +++ b/proto/api/v1/image_service.proto @@ -6,14 +6,17 @@ option java_package = "io.stackrox.proto.api.v1"; import weak "google/api/annotations.proto"; import "api/v1/search_service.proto"; import "api/v1/empty.proto"; +import "scanner/api/v1/component.proto"; +import "scanner/api/v1/note.proto"; import "storage/image.proto"; import "storage/deployment.proto"; package v1; message GetImageRequest { - string id = 1; - bool include_snoozed = 2; + string id = 1; + bool include_snoozed = 2; + bool strip_description = 3; } message ListImagesResponse { @@ -40,6 +43,14 @@ message ScanImageInternalResponse { storage.Image image = 1; } +message GetImageVulnerabilitiesInternalRequest { + string image_id = 1; + storage.ImageName image_name = 2; + storage.ImageMetadata metadata = 3; + scannerV1.Components components = 4; + repeated scannerV1.Note notes = 5; +} + message DeleteImagesRequest { RawQuery query = 1; bool confirm = 2; @@ -129,9 +140,12 @@ service ImageService { }; } - // ScanImageInternal is used solely by the Sensor to send scan requests + // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests rpc ScanImageInternal (ScanImageInternalRequest) returns (ScanImageInternalResponse); + // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. + rpc GetImageVulnerabilitiesInternal (GetImageVulnerabilitiesInternalRequest) returns (ScanImageInternalResponse); + // InvalidateScanAndRegistryCaches removes the image metadata cache. rpc InvalidateScanAndRegistryCaches (Empty) returns (Empty) { option (google.api.http) = { diff --git a/proto/internalapi/sensor/image_iservice.proto b/proto/internalapi/sensor/image_iservice.proto index 75ed86dc209f4..285a92820354e 100644 --- a/proto/internalapi/sensor/image_iservice.proto +++ b/proto/internalapi/sensor/image_iservice.proto @@ -16,7 +16,7 @@ message GetImageResponse { storage.Image image = 1; } -// A Sensor service that allows admission controller to retrieve images from Sensor +// A Sensor service that allows Admission Controller to retrieve images from Sensor service ImageService { rpc GetImage (GetImageRequest) returns (GetImageResponse); } diff --git a/proto/storage/deployment.proto b/proto/storage/deployment.proto index ec18c8c9b5eff..704fd42d52549 100644 --- a/proto/storage/deployment.proto +++ b/proto/storage/deployment.proto @@ -57,9 +57,9 @@ message ContainerImage { option (gogoproto.goproto_unrecognized) = false; // These tags maintain backwards compatibility with the previously embedded storage.Image - string id = 4 [(gogoproto.moretags) = "search:\"Image Sha,store,hidden\""]; - ImageName name = 1; - bool not_pullable = 10; + string id = 4 [(gogoproto.moretags) = "search:\"Image Sha,store,hidden\""]; + ImageName name = 1; + bool not_pullable = 10; } message Container { diff --git a/qa-tests-backend/scripts/migrate_protos.sh b/qa-tests-backend/scripts/migrate_protos.sh index 50727277b1a55..c4a79427cc630 100755 --- a/qa-tests-backend/scripts/migrate_protos.sh +++ b/qa-tests-backend/scripts/migrate_protos.sh @@ -2,6 +2,8 @@ JAVA_PATH=src/main/proto/ +# Migrate protos from the stackrox repo. + for file in $(find ../proto/*); do if [[ -d $file ]]; then dir=${file#"../proto/"} @@ -16,3 +18,21 @@ for file in $(find ../proto/* -name '*.proto'); do sed -e 's/\[[^][]*\]//g' "$file" | sed -e 's/\[[^][]*\]//g' | sed '/gogo/d' > "${JAVA_PATH}${java_file}" fi done + +# Migrate v1 API protos from the Scanner repo + +SCANNER_DIR=$(go list -f '{{.Dir}}' -m github.com/stackrox/scanner) +SCANNER_PROTO_BASE_PATH=$SCANNER_DIR/proto + +mkdir -p "${JAVA_PATH}scanner/api/v1" +echo "${JAVA_PATH}scanner/api/v1" + +for file in $(find "$SCANNER_PROTO_BASE_PATH" -name '*.proto'); do + if [[ -f $file ]]; then + # Get relative path. Should be along the lines of scanner/api/v1/*.proto + rel_file=${file/"$SCANNER_PROTO_BASE_PATH"/""} + rel_file="${rel_file:1}" + sed -e 's/\[[^][]*\]//g' "$file" | sed -e 's/\[[^][]*\]//g' | sed '/gogo/d' > "${JAVA_PATH}${rel_file}" + fi +done + diff --git a/sensor/admission-control/manager/images.go b/sensor/admission-control/manager/images.go index e3b05d851f4dc..e83829b4cd74a 100644 --- a/sensor/admission-control/manager/images.go +++ b/sensor/admission-control/manager/images.go @@ -64,6 +64,7 @@ type fetchImageResult struct { func (m *manager) getImageFromSensorOrCentral(ctx context.Context, s *state, img *storage.ContainerImage) (*storage.Image, error) { // Talk to central if we know its endpoint (and the client connection is not shutting down), and if we are not // currently connected to sensor. + // Note: Sensor is required to scan images in the local registry. if !m.sensorConnStatus.Get() && s.centralConn != nil && s.centralConn.GetState() != connectivity.Shutdown { // Central route resp, err := v1.NewImageServiceClient(s.centralConn).ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index a08a69a417e8d..54cba95eb23e8 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -10,9 +10,12 @@ import ( "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/concurrency" "github.com/stackrox/rox/pkg/expiringcache" + "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/images/types" "github.com/stackrox/rox/sensor/common/detector/metrics" "github.com/stackrox/rox/sensor/common/imagecacheutils" + "github.com/stackrox/rox/sensor/common/imageutil" + "github.com/stackrox/rox/sensor/common/scan" "google.golang.org/grpc/status" ) @@ -52,9 +55,18 @@ func (c *cacheValue) waitAndGet() *storage.Image { func scanImage(ctx context.Context, svc v1.ImageServiceClient, ci *storage.ContainerImage) (*v1.ScanImageInternalResponse, error) { ctx, cancel := context.WithTimeout(ctx, scanTimeout) defer cancel() - return svc.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ - Image: ci, - }) + + // Ask Central to scan the image if the image is not internal. + if !features.LocalImageScanning.Enabled() || !imageutil.IsInternalImage(ci.GetName()) { + return svc.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ + Image: ci, + }) + } + + img, err := scan.ScanImage(ctx, svc, ci) + return &v1.ScanImageInternalResponse{ + Image: img, + }, err } func (c *cacheValue) scanAndSet(ctx context.Context, svc v1.ImageServiceClient, ci *storage.ContainerImage) { @@ -142,7 +154,7 @@ func (e *enricher) runScan(containerIdx int, ci *storage.ContainerImage) imageCh func (e *enricher) runImageScanAsync(imageChan chan<- imageChanResult, containerIdx int, ci *storage.ContainerImage) { go func() { - // unguarded send (push to channel outside of a select) is allowed because the imageChan is a buffered channel of exact size + // unguarded send (push to channel outside a select) is allowed because the imageChan is a buffered channel of exact size imageChan <- e.runScan(containerIdx, ci) }() } diff --git a/sensor/common/image/service_impl.go b/sensor/common/image/service_impl.go index cd5db9ac51696..927d9acd2bbd7 100644 --- a/sensor/common/image/service_impl.go +++ b/sensor/common/image/service_impl.go @@ -4,17 +4,21 @@ import ( "context" "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/pkg/errors" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/internalapi/sensor" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/expiringcache" + "github.com/stackrox/rox/pkg/features" grpcPkg "github.com/stackrox/rox/pkg/grpc" "github.com/stackrox/rox/pkg/grpc/authz/idcheck" "github.com/stackrox/rox/sensor/common/imagecacheutils" + "github.com/stackrox/rox/sensor/common/imageutil" + "github.com/stackrox/rox/sensor/common/scan" "google.golang.org/grpc" ) -// Service is an interface to receiving ComplianceReturns from launched daemons. +// Service is an interface to receiving image scan results for the Admission Controller. type Service interface { grpcPkg.APIService sensor.ImageServiceServer @@ -23,8 +27,7 @@ type Service interface { SetClient(conn grpc.ClientConnInterface) } -// NewService returns the ComplianceServiceServer API for Sensor to use, outputs any received ComplianceReturns -// to the input channel. +// NewService returns the ImageService API for the Admission Controller to use. func NewService(imageCache expiringcache.Cache) Service { return &serviceImpl{ imageCache: imageCache, @@ -49,15 +52,27 @@ func (s *serviceImpl) GetImage(ctx context.Context, req *sensor.GetImageRequest) }, nil } } - scanResp, err := s.centralClient.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ - Image: req.GetImage(), - CachedOnly: !req.GetScanInline(), - }) + + // Ask Central to scan the image if the image is not internal. + if !features.LocalImageScanning.Enabled() || !imageutil.IsInternalImage(req.GetImage().GetName()) { + scanResp, err := s.centralClient.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ + Image: req.GetImage(), + CachedOnly: !req.GetScanInline(), + }) + if err != nil { + return nil, errors.Wrap(err, "scanning image via central") + } + return &sensor.GetImageResponse{ + Image: scanResp.GetImage(), + }, nil + } + + img, err := scan.ScanImage(ctx, s.centralClient, req.GetImage()) if err != nil { - return nil, err + return nil, errors.Wrap(err, "scanning image via local scanner") } return &sensor.GetImageResponse{ - Image: scanResp.GetImage(), + Image: img, }, nil } diff --git a/sensor/common/imageutil/util.go b/sensor/common/imageutil/util.go new file mode 100644 index 0000000000000..9490b9b4e91fa --- /dev/null +++ b/sensor/common/imageutil/util.go @@ -0,0 +1,17 @@ +package imageutil + +import ( + "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/sensor/common/registry" +) + +// IsInternalImage determines if the image represented by the given name +// is an "internal" image. An internal image is one which is hosted by an internal registry. +// An internal registry is on which is only accessible from within the cluster in which it lives. +func IsInternalImage(image *storage.ImageName) bool { + // If the Sensor knows about the registry in which the image is hosted, + // then the image must be "internal" to the cluster, as Sensor only tracks + // "internal" registries. + reg, err := registry.Singleton().GetRegistryForImage(image) + return reg != nil && err == nil +} diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index 1fc9496b118a7..6e7b6c6682c2e 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -6,9 +6,11 @@ import ( "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/docker/config" + "github.com/stackrox/rox/pkg/images/utils" "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/registries" dockerFactory "github.com/stackrox/rox/pkg/registries/docker" + registryTypes "github.com/stackrox/rox/pkg/registries/types" "github.com/stackrox/rox/pkg/sync" "github.com/stackrox/rox/pkg/tlscheck" ) @@ -96,10 +98,28 @@ func (rs *Store) UpsertRegistry(ctx context.Context, namespace, registry string, return nil } -// GetAllInNamespace returns all the registries within a given namespace. -func (rs *Store) GetAllInNamespace(namespace string) registries.Set { +// getRegistriesInNamespace returns all the registries within a given namespace. +func (rs *Store) getRegistriesInNamespace(namespace string) registries.Set { rs.mutex.RLock() defer rs.mutex.RUnlock() return rs.store[namespace] } + +// GetRegistryForImage returns the relevant image registry for the given image. +// An error is returned if the registry is unknown. +func (rs *Store) GetRegistryForImage(image *storage.ImageName) (registryTypes.Registry, error) { + reg := image.GetRegistry() + + ns := utils.ExtractOpenShiftProject(image) + regs := rs.getRegistriesInNamespace(ns) + if regs != nil { + for _, r := range regs.GetAll() { + if r.Name() == reg { + return r, nil + } + } + } + + return nil, errors.Errorf("Unknown image registry: %q", reg) +} diff --git a/sensor/common/scan/scan.go b/sensor/common/scan/scan.go new file mode 100644 index 0000000000000..1b0f31173c140 --- /dev/null +++ b/sensor/common/scan/scan.go @@ -0,0 +1,88 @@ +package scan + +import ( + "context" + + "github.com/pkg/errors" + v1 "github.com/stackrox/rox/generated/api/v1" + "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/images/types" + "github.com/stackrox/rox/pkg/logging" + "github.com/stackrox/rox/sensor/common/registry" + "github.com/stackrox/rox/sensor/common/scannerclient" + scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" +) + +var ( + // ErrNoLocalScanner indicates there is no Secured Cluster local Scanner connection. + // This happens if it's not desired or if there is a connection error. + ErrNoLocalScanner = errors.New("No local Scanner connection") + + log = logging.LoggerForModule() +) + +// ScanImage runs the pipeline required to scan an image with a local Scanner. +// TODO(ROX-9281): add retries for rate-limiting. +//nolint:revive +func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, ci *storage.ContainerImage) (*storage.Image, error) { + // 1. Check if Central already knows about this image. + // If Central already knows about it, then return its results. + img, err := centralClient.GetImage(ctx, &v1.GetImageRequest{ + Id: ci.GetId(), + StripDescription: true, + }) + if err == nil { + return img, nil + } + + // The image either does not exist in Central yet or there was some other error when reaching out. + // Attempt to scan locally. + + // 2. Check if there is a local Scanner. + // No need to continue if there is no local Scanner. + scannerClient := scannerclient.GRPCClientSingleton() + if scannerClient == nil { + return nil, ErrNoLocalScanner + } + + // 3. Find the registry in which this image lives. + reg, err := registry.Singleton().GetRegistryForImage(ci.GetName()) + if err != nil { + return nil, errors.Wrap(err, "determining image registry") + } + + name := ci.GetName().GetFullName() + image := types.ToImage(ci) + + // 4. Retrieve the metadata for the image from the registry. + metadata, err := reg.Metadata(image) + if err != nil { + log.Debugf("Failed to get metadata for image %s: %v", name, err) + return nil, errors.Wrap(err, "getting image metadata") + } + log.Debugf("Retrieved metadata for image %s: %v", name, metadata) + + // 5. Get the image analysis from the local Scanner. + scanResp, err := scannerClient.GetImageAnalysis(ctx, image, reg.Config()) + if err != nil { + return nil, errors.Wrapf(err, "scanning image %s", name) + } + if scanResp.GetStatus() != scannerV1.ScanStatus_SUCCEEDED { + return nil, errors.Wrapf(err, "scan failed for image %s", name) + } + + // 6. Get the image's vulnerabilities from Central. + centralResp, err := centralClient.GetImageVulnerabilitiesInternal(ctx, &v1.GetImageVulnerabilitiesInternalRequest{ + ImageId: image.GetId(), + ImageName: image.GetName(), + Metadata: metadata, + Components: scanResp.GetComponents(), + Notes: scanResp.GetNotes(), + }) + if err != nil { + return nil, errors.Wrapf(err, "retrieving image vulnerabilities for %s", name) + } + + // 7. Return the completely scanned image. + return centralResp.GetImage(), nil +} diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go new file mode 100644 index 0000000000000..127d2ae4c7592 --- /dev/null +++ b/sensor/common/scannerclient/grpc_client.go @@ -0,0 +1,88 @@ +package scannerclient + +import ( + "context" + "strings" + + "github.com/pkg/errors" + "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/clientconn" + "github.com/stackrox/rox/pkg/images/utils" + "github.com/stackrox/rox/pkg/logging" + "github.com/stackrox/rox/pkg/mtls" + "github.com/stackrox/rox/pkg/registries/types" + scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" +) + +var ( + log = logging.LoggerForModule() +) + +// client is a Scanner gRPC client. +type client struct { + client scannerV1.ImageScanServiceClient + conn *grpc.ClientConn +} + +// dial Scanner and return a new client. +// dial is non-blocking and returns a non-nil error upon configuration error. +func dial(endpoint string) (*client, error) { + if endpoint == "" { + return nil, errors.New("Invalid Scanner endpoint (empty)") + } + + endpoint = strings.TrimPrefix(endpoint, "https://") + if strings.Contains(endpoint, "://") { + return nil, errors.Errorf("Scanner endpoint has unsupported scheme: %s", endpoint) + } + + tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ + UseClientCert: clientconn.MustUseClientCert, + }) + if err != nil { + return nil, errors.Wrap(err, "failed to initialize Scanner TLS config") + } + + // This is non-blocking. If we ever want this to block, + // then add the grpc.WithBlock() DialOption. + conn, err := grpc.Dial(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) + if err != nil { + return nil, errors.Wrap(err, "failed to dial Scanner") + } + + log.Infof("Dialing Scanner at %s", endpoint) + + return &client{ + client: scannerV1.NewImageScanServiceClient(conn), + conn: conn, + }, nil +} + +// GetImageAnalysis retrieves the image analysis results for the given image. +func (c *client) GetImageAnalysis(ctx context.Context, image *storage.Image, cfg *types.Config) (*scannerV1.GetImageComponentsResponse, error) { + name := image.GetName().GetFullName() + + resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ + Image: utils.GetFullyQualifiedFullName(image), + Registry: &scannerV1.RegistryData{ + Url: cfg.URL, + Username: cfg.Username, + Password: cfg.Password, + Insecure: cfg.Insecure, + }, + }) + if err != nil { + log.Debugf("Unable to get image components from local Scanner for image %s: %v", name, err) + return nil, errors.Wrap(err, "getting image components from scanner") + } + + log.Debugf("Received image components from local Scanner for image %s", name) + + return resp, nil +} + +func (c *client) Close() error { + return c.conn.Close() +} diff --git a/sensor/common/scannerclient/singleton.go b/sensor/common/scannerclient/singleton.go new file mode 100644 index 0000000000000..0ac0c68e22489 --- /dev/null +++ b/sensor/common/scannerclient/singleton.go @@ -0,0 +1,29 @@ +package scannerclient + +import ( + "github.com/stackrox/rox/pkg/env" + "github.com/stackrox/rox/pkg/sync" + "github.com/stackrox/rox/pkg/utils" +) + +var ( + once sync.Once + scannerClient *client +) + +// GRPCClientSingleton returns a gRPC client to a local Scanner. +// Only one client per Sensor is required. +func GRPCClientSingleton() *client { + once.Do(func() { + if !env.UseLocalScanner.BooleanSetting() { + log.Info("No local Scanner connection desired") + return + } + + var err error + scannerClient, err = dial(env.ScannerGRPCEndpoint.Setting()) + // If err is not nil, then there was a configuration error. + _ = utils.Should(err) + }) + return scannerClient +} diff --git a/sensor/kubernetes/listener/resources/secrets_test.go b/sensor/kubernetes/listener/resources/secrets_test.go index 14a4f3b4d66b5..6b79ceed8171e 100644 --- a/sensor/kubernetes/listener/resources/secrets_test.go +++ b/sensor/kubernetes/listener/resources/secrets_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/stackrox/rox/generated/internalapi/central" + "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/registries/types" "github.com/stackrox/rox/pkg/testutils" @@ -82,11 +83,27 @@ func testOpenShiftRegistrySecret311(t *testing.T) { _ = d.ProcessEvent(openshift311DockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) - assert.Nil(t, regStore.GetAllInNamespace("random-ns")) + imgName := &storage.ImageName{ + Registry: "docker-registry.default.svc.cluster.local:5000", + Remote: "dummy/nginx", + Tag: "1.18.0", + FullName: "docker-registry.default.svc.cluster.local:5000/stackrox/nginx:1.18.0", + } + + reg, err := regStore.GetRegistryForImage(imgName) + assert.Nil(t, reg) + assert.Error(t, err) + + imgName = &storage.ImageName{ + Registry: "docker-registry.default.svc.cluster.local:5000", + Remote: "test-ns/nginx", + Tag: "1.18.0", + FullName: "docker-registry.default.svc.cluster.local:5000/stackrox/nginx:1.18.0", + } - regs := regStore.GetAllInNamespace(openshift311DockerConfigSecret.GetNamespace()) - assert.NotNil(t, regs) - assert.Len(t, regs.GetAll(), 1) + reg, err = regStore.GetRegistryForImage(imgName) + assert.NotNil(t, reg) + assert.NoError(t, err) expectedRegConfig := &types.Config{ Username: "serviceaccount", @@ -97,7 +114,8 @@ func testOpenShiftRegistrySecret311(t *testing.T) { Autogenerated: false, } - assert.Equal(t, expectedRegConfig, regs.GetAll()[0].Config()) + assert.Equal(t, "docker-registry.default.svc.cluster.local:5000", reg.Name()) + assert.Equal(t, expectedRegConfig, reg.Config()) } func TestOpenShiftRegistrySecret_4x(t *testing.T) { @@ -110,11 +128,27 @@ func testOpenShiftRegistrySecret4x(t *testing.T) { _ = d.ProcessEvent(openshift4xDockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) - assert.Nil(t, regStore.GetAllInNamespace("random-ns")) + imgName := &storage.ImageName{ + Registry: "image-registry.openshift-image-registry.svc:5000", + Remote: "dummy/nginx", + Tag: "1.18.0", + FullName: "image-registry.openshift-image-registry.svc:5000/stackrox/nginx:1.18.0", + } + + reg, err := regStore.GetRegistryForImage(imgName) + assert.Nil(t, reg) + assert.Error(t, err) + + imgName = &storage.ImageName{ + Registry: "image-registry.openshift-image-registry.svc:5000", + Remote: "test-ns/nginx", + Tag: "1.18.0", + FullName: "image-registry.openshift-image-registry.svc:5000/stackrox/nginx:1.18.0", + } - regs := regStore.GetAllInNamespace(openshift4xDockerConfigSecret.GetNamespace()) - assert.NotNil(t, regs) - assert.Len(t, regs.GetAll(), 1) + reg, err = regStore.GetRegistryForImage(imgName) + assert.NotNil(t, reg) + assert.NoError(t, err) expectedRegConfig := &types.Config{ Username: "serviceaccount", @@ -125,5 +159,6 @@ func testOpenShiftRegistrySecret4x(t *testing.T) { Autogenerated: false, } - assert.Equal(t, expectedRegConfig, regs.GetAll()[0].Config()) + assert.Equal(t, "image-registry.openshift-image-registry.svc:5000", reg.Name()) + assert.Equal(t, expectedRegConfig, reg.Config()) }