Skip to content

Revert "ROX-9280: Scan image with local Scanner (#517)" #732

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RTann merged 1 commit into from
Feb 24, 2022
Merged

Revert "ROX-9280: Scan image with local Scanner (#517)" #732

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1376,8 +1376,6 @@ commands:
- attach_workspace:
at: /go/src/github.com/stackrox/rox

- *restoreGoModCache

- *setupRoxctl
- setup-gcp
- setup-dep-env:
Expand Down
28 changes: 5 additions & 23 deletions central/image/service/service_impl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,9 @@ var (
"/v1.ImageService/CountImages",
"/v1.ImageService/ListImages",
},
or.SensorOrAuthorizer(idcheck.AdmissionControlOnly()): {
or.Or(idcheck.SensorsOnly(), idcheck.AdmissionControlOnly()): {
"/v1.ImageService/ScanImageInternal",
},
idcheck.SensorsOnly(): {
"/v1.ImageService/GetImageVulnerabilitiesInternal",
},
user.With(permissions.Modify(permissions.WithLegacyAuthForSAC(resources.Image, true))): {
"/v1.ImageService/DeleteImages",
"/v1.ImageService/ScanImage",
Expand Down Expand Up @@ -111,10 +108,9 @@ func (s *serviceImpl) GetImage(ctx context.Context, request *v1.GetImageRequest)
if request.GetId() == "" {
return nil, errors.Wrap(errorhelpers.ErrInvalidArgs, "id must be specified")
}
request.Id = types.NewDigest(request.Id).Digest()

id := types.NewDigest(request.GetId()).Digest()

image, exists, err := s.datastore.GetImage(ctx, id)
image, exists, err := s.datastore.GetImage(ctx, request.GetId())
if err != nil {
return nil, err
}
Expand All @@ -126,11 +122,6 @@ func (s *serviceImpl) GetImage(ctx context.Context, request *v1.GetImageRequest)
// This modifies the image object
utils.FilterSuppressedCVEsNoClone(image)
}
if request.GetStripDescription() {
// This modifies the image object
utils.StripCVEDescriptionsNoClone(image)
}

return image, nil
}

Expand Down Expand Up @@ -184,7 +175,7 @@ func internalScanRespFromImage(img *storage.Image) *v1.ScanImageInternalResponse
}
}

// ScanImageInternal handles an image request from Sensor and Admission Controller.
// ScanImageInternal handles an image request from Sensor
func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanImageInternalRequest) (*v1.ScanImageInternalResponse, error) {
if err := s.internalScanSemaphore.Acquire(concurrency.AsContext(concurrency.Timeout(maxSemaphoreWaitTime)), 1); err != nil {
s, err := status.New(codes.Unavailable, err.Error()).WithDetails(&v1.ScanImageInternalResponseDetails_TooManyParallelScans{})
Expand All @@ -201,8 +192,7 @@ func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanIma
if err != nil {
return nil, err
}
// If the scan exists, and it is less than the reprocessing interval, then return the scan.
// Otherwise, fetch it from the DB.
// If the scan exists and it is less than the reprocessing interval then return the scan. Otherwise, fetch it from the DB
if exists {
return internalScanRespFromImage(img), nil
}
Expand Down Expand Up @@ -261,14 +251,6 @@ func (s *serviceImpl) ScanImage(ctx context.Context, request *v1.ScanImageReques
return img, nil
}

// GetImageVulnerabilitiesInternal retrieves the vulnerabilities related to the image
// specified by the given components and scan notes.
// This is meant to be called by Sensor.
// TODO(ROX-9281): Implement me.
func (s *serviceImpl) GetImageVulnerabilitiesInternal(ctx context.Context, request *v1.GetImageVulnerabilitiesInternalRequest) (*v1.ScanImageInternalResponse, error) {
return nil, nil
}

// DeleteImages deletes images based on query
func (s *serviceImpl) DeleteImages(ctx context.Context, request *v1.DeleteImagesRequest) (*v1.DeleteImagesResponse, error) {
if request.GetQuery() == nil {
Expand Down
726 changes: 75 additions & 651 deletions generated/api/v1/image_service.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

240 changes: 15 additions & 225 deletions generated/api/v1/image_service.swagger.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,12 +215,6 @@
"in": "query",
"required": false,
"type": "boolean"
},
{
"name": "stripDescription",
"in": "query",
"required": false,
"type": "boolean"
}
],
"tags": [
Expand Down Expand Up @@ -414,6 +408,20 @@
],
"default": "UI_NONE"
},
"EmbeddedImageScanComponentExecutable": {
"type": "object",
"properties": {
"path": {
"type": "string"
},
"dependencies": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"EmbeddedVulnerabilityVulnerabilityType": {
"type": "string",
"enum": [
Expand Down Expand Up @@ -472,210 +480,6 @@
}
}
},
"scannerV1Components": {
"type": "object",
"properties": {
"namespace": {
"type": "string"
},
"osComponents": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1OSComponent"
}
},
"rhelComponents": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1RHELComponent"
}
},
"languageComponents": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1LanguageComponent"
}
}
}
},
"scannerV1Executable": {
"type": "object",
"properties": {
"path": {
"type": "string"
},
"requiredFeatures": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1FeatureNameVersion"
}
}
}
},
"scannerV1FeatureNameVersion": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"version": {
"type": "string"
}
}
},
"scannerV1JavaComponent": {
"type": "object",
"properties": {
"implementationVersion": {
"type": "string"
},
"mavenVersion": {
"type": "string"
},
"origins": {
"type": "array",
"items": {
"type": "string"
}
},
"specificationVersion": {
"type": "string"
},
"bundleName": {
"type": "string"
}
}
},
"scannerV1LanguageComponent": {
"type": "object",
"properties": {
"type": {
"$ref": "#/definitions/scannerV1SourceType"
},
"name": {
"type": "string"
},
"version": {
"type": "string"
},
"location": {
"type": "string"
},
"java": {
"$ref": "#/definitions/scannerV1JavaComponent"
},
"python": {
"$ref": "#/definitions/scannerV1PythonComponent"
},
"addedBy": {
"type": "string"
}
}
},
"scannerV1Note": {
"type": "string",
"enum": [
"OS_CVES_UNAVAILABLE",
"OS_CVES_STALE",
"LANGUAGE_CVES_UNAVAILABLE",
"CERTIFIED_RHEL_SCAN_UNAVAILABLE"
],
"default": "OS_CVES_UNAVAILABLE"
},
"scannerV1OSComponent": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"version": {
"type": "string"
},
"addedBy": {
"type": "string"
},
"executables": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1Executable"
}
}
}
},
"scannerV1PythonComponent": {
"type": "object",
"properties": {
"homepage": {
"type": "string"
},
"authorEmail": {
"type": "string"
},
"downloadUrl": {
"type": "string"
},
"summary": {
"type": "string"
},
"description": {
"type": "string"
}
}
},
"scannerV1RHELComponent": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "int64"
},
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"version": {
"type": "string"
},
"arch": {
"type": "string"
},
"module": {
"type": "string"
},
"cpes": {
"type": "array",
"items": {
"type": "string"
}
},
"addedBy": {
"type": "string"
},
"executables": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1Executable"
}
}
}
},
"scannerV1SourceType": {
"type": "string",
"enum": [
"UNSET_SOURCE_TYPE",
"JAVA",
"PYTHON",
"NPM",
"GEM",
"DOTNETCORERUNTIME"
],
"default": "UNSET_SOURCE_TYPE"
},
"storageCVSSV2": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -917,27 +721,13 @@
"executables": {
"type": "array",
"items": {
"$ref": "#/definitions/storageEmbeddedImageScanComponentExecutable"
"$ref": "#/definitions/EmbeddedImageScanComponentExecutable"
},
"title": "Values are cleared after moving to cache, remove them from the grpc return as well"
}
},
"title": "Next Tag: 13"
},
"storageEmbeddedImageScanComponentExecutable": {
"type": "object",
"properties": {
"path": {
"type": "string"
},
"dependencies": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"storageEmbeddedVulnerability": {
"type": "object",
"properties": {
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ go 1.16

// CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude"
// directive at the bottom of the file as well.
require github.com/stackrox/scanner v0.0.0-20220214215744-13c0e1db0298
require github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d

require (
cloud.google.com/go/compute v1.3.0
Expand Down
Loading