diff --git a/.circleci/config.yml b/.circleci/config.yml index 0628653ad16b2..006b6954b5e4c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1376,8 +1376,6 @@ commands: - attach_workspace: at: /go/src/github.com/stackrox/rox - - *restoreGoModCache - - *setupRoxctl - setup-gcp - setup-dep-env: diff --git a/central/image/service/service_impl.go b/central/image/service/service_impl.go index 7aa6dc0732eeb..1c0c8aaa61202 100644 --- a/central/image/service/service_impl.go +++ b/central/image/service/service_impl.go @@ -51,12 +51,9 @@ var ( "/v1.ImageService/CountImages", "/v1.ImageService/ListImages", }, - or.SensorOrAuthorizer(idcheck.AdmissionControlOnly()): { + or.Or(idcheck.SensorsOnly(), idcheck.AdmissionControlOnly()): { "/v1.ImageService/ScanImageInternal", }, - idcheck.SensorsOnly(): { - "/v1.ImageService/GetImageVulnerabilitiesInternal", - }, user.With(permissions.Modify(permissions.WithLegacyAuthForSAC(resources.Image, true))): { "/v1.ImageService/DeleteImages", "/v1.ImageService/ScanImage", @@ -111,10 +108,9 @@ func (s *serviceImpl) GetImage(ctx context.Context, request *v1.GetImageRequest) if request.GetId() == "" { return nil, errors.Wrap(errorhelpers.ErrInvalidArgs, "id must be specified") } + request.Id = types.NewDigest(request.Id).Digest() - id := types.NewDigest(request.GetId()).Digest() - - image, exists, err := s.datastore.GetImage(ctx, id) + image, exists, err := s.datastore.GetImage(ctx, request.GetId()) if err != nil { return nil, err } @@ -126,11 +122,6 @@ func (s *serviceImpl) GetImage(ctx context.Context, request *v1.GetImageRequest) // This modifies the image object utils.FilterSuppressedCVEsNoClone(image) } - if request.GetStripDescription() { - // This modifies the image object - utils.StripCVEDescriptionsNoClone(image) - } - return image, nil } @@ -184,7 +175,7 @@ func internalScanRespFromImage(img *storage.Image) *v1.ScanImageInternalResponse } } -// ScanImageInternal handles an image request from Sensor and Admission Controller. +// ScanImageInternal handles an image request from Sensor func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanImageInternalRequest) (*v1.ScanImageInternalResponse, error) { if err := s.internalScanSemaphore.Acquire(concurrency.AsContext(concurrency.Timeout(maxSemaphoreWaitTime)), 1); err != nil { s, err := status.New(codes.Unavailable, err.Error()).WithDetails(&v1.ScanImageInternalResponseDetails_TooManyParallelScans{}) @@ -201,8 +192,7 @@ func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanIma if err != nil { return nil, err } - // If the scan exists, and it is less than the reprocessing interval, then return the scan. - // Otherwise, fetch it from the DB. + // If the scan exists and it is less than the reprocessing interval then return the scan. Otherwise, fetch it from the DB if exists { return internalScanRespFromImage(img), nil } @@ -261,14 +251,6 @@ func (s *serviceImpl) ScanImage(ctx context.Context, request *v1.ScanImageReques return img, nil } -// GetImageVulnerabilitiesInternal retrieves the vulnerabilities related to the image -// specified by the given components and scan notes. -// This is meant to be called by Sensor. -// TODO(ROX-9281): Implement me. -func (s *serviceImpl) GetImageVulnerabilitiesInternal(ctx context.Context, request *v1.GetImageVulnerabilitiesInternalRequest) (*v1.ScanImageInternalResponse, error) { - return nil, nil -} - // DeleteImages deletes images based on query func (s *serviceImpl) DeleteImages(ctx context.Context, request *v1.DeleteImagesRequest) (*v1.DeleteImagesResponse, error) { if request.GetQuery() == nil { diff --git a/generated/api/v1/image_service.pb.go b/generated/api/v1/image_service.pb.go index b42197854b245..d72343739e581 100644 --- a/generated/api/v1/image_service.pb.go +++ b/generated/api/v1/image_service.pb.go @@ -8,7 +8,6 @@ import ( fmt "fmt" proto "github.com/golang/protobuf/proto" storage "github.com/stackrox/rox/generated/storage" - v1 "github.com/stackrox/scanner/generated/scanner/api/v1" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" @@ -56,13 +55,12 @@ func (x WatchImageResponse_ErrorType) String() string { } func (WatchImageResponse_ErrorType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{10, 0} + return fileDescriptor_b4306cfe43028263, []int{9, 0} } type GetImageRequest struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` IncludeSnoozed bool `protobuf:"varint,2,opt,name=include_snoozed,json=includeSnoozed,proto3" json:"include_snoozed,omitempty"` - StripDescription bool `protobuf:"varint,3,opt,name=strip_description,json=stripDescription,proto3" json:"strip_description,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -115,13 +113,6 @@ func (m *GetImageRequest) GetIncludeSnoozed() bool { return false } -func (m *GetImageRequest) GetStripDescription() bool { - if m != nil { - return m.StripDescription - } - return false -} - func (m *GetImageRequest) MessageClone() proto.Message { return m.Clone() } @@ -467,107 +458,6 @@ func (m *ScanImageInternalResponse) Clone() *ScanImageInternalResponse { return cloned } -type GetImageVulnerabilitiesInternalRequest struct { - ImageId string `protobuf:"bytes,1,opt,name=image_id,json=imageId,proto3" json:"image_id,omitempty"` - ImageName *storage.ImageName `protobuf:"bytes,2,opt,name=image_name,json=imageName,proto3" json:"image_name,omitempty"` - Metadata *storage.ImageMetadata `protobuf:"bytes,3,opt,name=metadata,proto3" json:"metadata,omitempty"` - Components *v1.Components `protobuf:"bytes,4,opt,name=components,proto3" json:"components,omitempty"` - Notes []v1.Note `protobuf:"varint,5,rep,packed,name=notes,proto3,enum=scannerV1.Note" json:"notes,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *GetImageVulnerabilitiesInternalRequest) Reset() { - *m = GetImageVulnerabilitiesInternalRequest{} -} -func (m *GetImageVulnerabilitiesInternalRequest) String() string { return proto.CompactTextString(m) } -func (*GetImageVulnerabilitiesInternalRequest) ProtoMessage() {} -func (*GetImageVulnerabilitiesInternalRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{6} -} -func (m *GetImageVulnerabilitiesInternalRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *GetImageVulnerabilitiesInternalRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_GetImageVulnerabilitiesInternalRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *GetImageVulnerabilitiesInternalRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_GetImageVulnerabilitiesInternalRequest.Merge(m, src) -} -func (m *GetImageVulnerabilitiesInternalRequest) XXX_Size() int { - return m.Size() -} -func (m *GetImageVulnerabilitiesInternalRequest) XXX_DiscardUnknown() { - xxx_messageInfo_GetImageVulnerabilitiesInternalRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_GetImageVulnerabilitiesInternalRequest proto.InternalMessageInfo - -func (m *GetImageVulnerabilitiesInternalRequest) GetImageId() string { - if m != nil { - return m.ImageId - } - return "" -} - -func (m *GetImageVulnerabilitiesInternalRequest) GetImageName() *storage.ImageName { - if m != nil { - return m.ImageName - } - return nil -} - -func (m *GetImageVulnerabilitiesInternalRequest) GetMetadata() *storage.ImageMetadata { - if m != nil { - return m.Metadata - } - return nil -} - -func (m *GetImageVulnerabilitiesInternalRequest) GetComponents() *v1.Components { - if m != nil { - return m.Components - } - return nil -} - -func (m *GetImageVulnerabilitiesInternalRequest) GetNotes() []v1.Note { - if m != nil { - return m.Notes - } - return nil -} - -func (m *GetImageVulnerabilitiesInternalRequest) MessageClone() proto.Message { - return m.Clone() -} -func (m *GetImageVulnerabilitiesInternalRequest) Clone() *GetImageVulnerabilitiesInternalRequest { - if m == nil { - return nil - } - cloned := new(GetImageVulnerabilitiesInternalRequest) - *cloned = *m - - cloned.ImageName = m.ImageName.Clone() - cloned.Metadata = m.Metadata.Clone() - cloned.Components = m.Components.Clone() - if m.Notes != nil { - cloned.Notes = make([]v1.Note, len(m.Notes)) - copy(cloned.Notes, m.Notes) - } - return cloned -} - type DeleteImagesRequest struct { Query *RawQuery `protobuf:"bytes,1,opt,name=query,proto3" json:"query,omitempty"` Confirm bool `protobuf:"varint,2,opt,name=confirm,proto3" json:"confirm,omitempty"` @@ -580,7 +470,7 @@ func (m *DeleteImagesRequest) Reset() { *m = DeleteImagesRequest{} } func (m *DeleteImagesRequest) String() string { return proto.CompactTextString(m) } func (*DeleteImagesRequest) ProtoMessage() {} func (*DeleteImagesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{7} + return fileDescriptor_b4306cfe43028263, []int{6} } func (m *DeleteImagesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -649,7 +539,7 @@ func (m *DeleteImagesResponse) Reset() { *m = DeleteImagesResponse{} } func (m *DeleteImagesResponse) String() string { return proto.CompactTextString(m) } func (*DeleteImagesResponse) ProtoMessage() {} func (*DeleteImagesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{8} + return fileDescriptor_b4306cfe43028263, []int{7} } func (m *DeleteImagesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -719,7 +609,7 @@ func (m *WatchImageRequest) Reset() { *m = WatchImageRequest{} } func (m *WatchImageRequest) String() string { return proto.CompactTextString(m) } func (*WatchImageRequest) ProtoMessage() {} func (*WatchImageRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{9} + return fileDescriptor_b4306cfe43028263, []int{8} } func (m *WatchImageRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -785,7 +675,7 @@ func (m *WatchImageResponse) Reset() { *m = WatchImageResponse{} } func (m *WatchImageResponse) String() string { return proto.CompactTextString(m) } func (*WatchImageResponse) ProtoMessage() {} func (*WatchImageResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{10} + return fileDescriptor_b4306cfe43028263, []int{9} } func (m *WatchImageResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -861,7 +751,7 @@ func (m *UnwatchImageRequest) Reset() { *m = UnwatchImageRequest{} } func (m *UnwatchImageRequest) String() string { return proto.CompactTextString(m) } func (*UnwatchImageRequest) ProtoMessage() {} func (*UnwatchImageRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{11} + return fileDescriptor_b4306cfe43028263, []int{10} } func (m *UnwatchImageRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -921,7 +811,7 @@ func (m *GetWatchedImagesResponse) Reset() { *m = GetWatchedImagesRespon func (m *GetWatchedImagesResponse) String() string { return proto.CompactTextString(m) } func (*GetWatchedImagesResponse) ProtoMessage() {} func (*GetWatchedImagesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{12} + return fileDescriptor_b4306cfe43028263, []int{11} } func (m *GetWatchedImagesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -988,7 +878,7 @@ func (m *ScanImageInternalResponseDetails) Reset() { *m = ScanImageInter func (m *ScanImageInternalResponseDetails) String() string { return proto.CompactTextString(m) } func (*ScanImageInternalResponseDetails) ProtoMessage() {} func (*ScanImageInternalResponseDetails) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{13} + return fileDescriptor_b4306cfe43028263, []int{12} } func (m *ScanImageInternalResponseDetails) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1046,7 +936,7 @@ func (m *ScanImageInternalResponseDetails_TooManyParallelScans) String() string } func (*ScanImageInternalResponseDetails_TooManyParallelScans) ProtoMessage() {} func (*ScanImageInternalResponseDetails_TooManyParallelScans) Descriptor() ([]byte, []int) { - return fileDescriptor_b4306cfe43028263, []int{13, 0} + return fileDescriptor_b4306cfe43028263, []int{12, 0} } func (m *ScanImageInternalResponseDetails_TooManyParallelScans) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1096,7 +986,6 @@ func init() { proto.RegisterType((*ScanImageRequest)(nil), "v1.ScanImageRequest") proto.RegisterType((*ScanImageInternalRequest)(nil), "v1.ScanImageInternalRequest") proto.RegisterType((*ScanImageInternalResponse)(nil), "v1.ScanImageInternalResponse") - proto.RegisterType((*GetImageVulnerabilitiesInternalRequest)(nil), "v1.GetImageVulnerabilitiesInternalRequest") proto.RegisterType((*DeleteImagesRequest)(nil), "v1.DeleteImagesRequest") proto.RegisterType((*DeleteImagesResponse)(nil), "v1.DeleteImagesResponse") proto.RegisterType((*WatchImageRequest)(nil), "v1.WatchImageRequest") @@ -1110,81 +999,70 @@ func init() { func init() { proto.RegisterFile("api/v1/image_service.proto", fileDescriptor_b4306cfe43028263) } var fileDescriptor_b4306cfe43028263 = []byte{ - // 1176 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x56, 0xdd, 0x72, 0xdb, 0x44, - 0x14, 0xae, 0xed, 0xa6, 0x49, 0x8e, 0x5d, 0xc7, 0xd9, 0xa4, 0x89, 0xe2, 0xa6, 0x49, 0x46, 0x05, - 0x1a, 0xd2, 0x41, 0x1e, 0x9b, 0xe1, 0xa6, 0xc3, 0x0c, 0x98, 0xc4, 0x0d, 0x66, 0x6a, 0xa7, 0x28, - 0x69, 0x28, 0x4c, 0x67, 0x34, 0x5b, 0x69, 0x9b, 0x6a, 0x90, 0x76, 0x55, 0xed, 0xda, 0xc1, 0x65, - 0xb8, 0x80, 0x2b, 0xee, 0xb9, 0xe1, 0x45, 0x78, 0x07, 0x2e, 0x99, 0xe1, 0x05, 0x98, 0xc0, 0x83, - 0x30, 0xda, 0x5d, 0xcb, 0x92, 0xed, 0x52, 0xee, 0xb4, 0xe7, 0xe7, 0x3b, 0x7b, 0xfe, 0xbe, 0x15, - 0xd4, 0x71, 0xe4, 0x37, 0x86, 0xcd, 0x86, 0x1f, 0xe2, 0x0b, 0xe2, 0x70, 0x12, 0x0f, 0x7d, 0x97, - 0x58, 0x51, 0xcc, 0x04, 0x43, 0xc5, 0x61, 0xb3, 0xbe, 0x7d, 0xc1, 0xd8, 0x45, 0x40, 0x1a, 0x89, - 0x19, 0xa6, 0x94, 0x09, 0x2c, 0x7c, 0x46, 0xb9, 0xb2, 0xa8, 0xdf, 0xd6, 0xde, 0x9c, 0xe0, 0xd8, - 0x7d, 0x99, 0x77, 0xaf, 0x23, 0xad, 0x24, 0x61, 0x24, 0x46, 0x5a, 0xb6, 0xc3, 0x5d, 0x4c, 0x29, - 0x89, 0x1b, 0x5a, 0xe7, 0xb2, 0x30, 0x62, 0x94, 0x50, 0xa1, 0xf5, 0x5b, 0x53, 0x7a, 0xca, 0xc4, - 0x18, 0x6e, 0x8d, 0x0b, 0x16, 0xe3, 0x0b, 0xa2, 0xae, 0xaa, 0x85, 0xc6, 0x58, 0xe8, 0x91, 0x28, - 0x60, 0xa3, 0x30, 0x45, 0x32, 0x2f, 0x61, 0xe5, 0x98, 0x88, 0x6e, 0x62, 0x6b, 0x93, 0x57, 0x03, - 0xc2, 0x05, 0xaa, 0x42, 0xd1, 0xf7, 0x8c, 0xc2, 0x5e, 0x61, 0x7f, 0xd9, 0x2e, 0xfa, 0x1e, 0xba, - 0x07, 0x2b, 0x3e, 0x75, 0x83, 0x81, 0x47, 0x1c, 0x4e, 0x19, 0x7b, 0x4d, 0x3c, 0xa3, 0xb8, 0x57, - 0xd8, 0x5f, 0xb2, 0xab, 0x5a, 0x7c, 0xaa, 0xa4, 0xe8, 0x3e, 0xac, 0x72, 0x11, 0xfb, 0x91, 0xe3, - 0x11, 0xee, 0xc6, 0x7e, 0x94, 0x94, 0xc0, 0x28, 0x49, 0xd3, 0x9a, 0x54, 0x1c, 0x4d, 0xe4, 0xe6, - 0xa7, 0x80, 0x1e, 0xf9, 0x5c, 0x45, 0xe6, 0x36, 0xe1, 0x11, 0xa3, 0x9c, 0xa0, 0x03, 0xb8, 0x21, - 0xef, 0xcd, 0x8d, 0xc2, 0x5e, 0x69, 0xbf, 0xdc, 0x42, 0x96, 0xbe, 0xb9, 0x95, 0x1a, 0xdb, 0xda, - 0xc2, 0xbc, 0x0f, 0x6b, 0x87, 0x6c, 0x40, 0xa7, 0x21, 0xd6, 0x61, 0xc1, 0x4d, 0xc4, 0x32, 0x83, - 0x05, 0x5b, 0x1d, 0xcc, 0x08, 0x6a, 0xa7, 0x2e, 0xa6, 0xb9, 0x44, 0xef, 0x00, 0xa8, 0x7e, 0x52, - 0x1c, 0x12, 0x9d, 0xf0, 0xb2, 0x94, 0xf4, 0x71, 0x28, 0x81, 0x5e, 0xb0, 0xd8, 0x25, 0x3a, 0x5b, - 0x75, 0x98, 0x57, 0x8d, 0xd2, 0xbc, 0x6a, 0x98, 0x11, 0x18, 0x69, 0xc4, 0x2e, 0x15, 0x24, 0xa6, - 0x38, 0x18, 0x47, 0xfe, 0x00, 0x16, 0x64, 0x1c, 0x19, 0xb4, 0xdc, 0xda, 0x4c, 0xb3, 0x3c, 0x64, - 0x54, 0x60, 0x9f, 0x92, 0x58, 0x5d, 0x54, 0x59, 0xa1, 0x5d, 0x28, 0xbb, 0xd8, 0x7d, 0x49, 0x3c, - 0x87, 0xd1, 0x60, 0xa4, 0xe3, 0x81, 0x12, 0x9d, 0xd0, 0x60, 0xf4, 0xc5, 0xf5, 0xa5, 0x62, 0xad, - 0x64, 0xb6, 0x61, 0x6b, 0x4e, 0x44, 0x5d, 0x96, 0x77, 0xf2, 0x21, 0xab, 0x69, 0xc8, 0x6c, 0x24, - 0xf3, 0xe7, 0x22, 0xbc, 0x37, 0x9e, 0x87, 0xf3, 0x41, 0x40, 0x49, 0x8c, 0x9f, 0xfb, 0x81, 0x2f, - 0x7c, 0xc2, 0xa7, 0x73, 0xd8, 0x82, 0x25, 0x55, 0xbd, 0x74, 0x58, 0x16, 0xe5, 0xb9, 0xeb, 0xa1, - 0x66, 0xae, 0xb0, 0x45, 0x19, 0x10, 0xe5, 0x03, 0x26, 0x15, 0xce, 0x16, 0xbb, 0x05, 0x4b, 0x21, - 0x11, 0xd8, 0xc3, 0x02, 0xcb, 0xfc, 0xca, 0xad, 0x8d, 0xbc, 0x43, 0x4f, 0x6b, 0xed, 0xd4, 0x0e, - 0x7d, 0x04, 0x90, 0x2e, 0x06, 0x37, 0xae, 0x4b, 0xaf, 0x5b, 0x96, 0x5e, 0x8d, 0xf3, 0xa6, 0x75, - 0x98, 0x2a, 0xed, 0x8c, 0x21, 0x7a, 0x17, 0x16, 0x92, 0x7d, 0xe1, 0xc6, 0xc2, 0x5e, 0x69, 0xbf, - 0xda, 0x5a, 0xc9, 0x78, 0xf4, 0x99, 0x20, 0xb6, 0xd2, 0x9a, 0xa7, 0xb0, 0x76, 0x44, 0x02, 0x22, - 0xc8, 0x78, 0xbe, 0x54, 0xda, 0x26, 0x2c, 0xbc, 0x1a, 0x90, 0x78, 0xa4, 0xeb, 0x58, 0xb1, 0x86, - 0x4d, 0xcb, 0xc6, 0x97, 0x5f, 0x26, 0x32, 0x5b, 0xa9, 0x90, 0x01, 0x8b, 0x2e, 0xa3, 0x2f, 0xfc, - 0x38, 0xd4, 0xb3, 0x33, 0x3e, 0x9a, 0x8f, 0x61, 0x3d, 0x0f, 0xaa, 0xbb, 0xb3, 0x0b, 0x65, 0x3a, - 0x08, 0x1d, 0x4f, 0xea, 0x54, 0x3d, 0x6f, 0xda, 0x40, 0x07, 0xa1, 0xb2, 0xf6, 0xd0, 0x26, 0x2c, - 0x7a, 0xf1, 0xc8, 0x89, 0x07, 0x54, 0x43, 0xde, 0xf0, 0xe2, 0x91, 0x3d, 0xa0, 0xe6, 0x3d, 0x58, - 0xfd, 0x0a, 0x0b, 0xf7, 0x65, 0x6e, 0xb2, 0x11, 0x5c, 0xcf, 0xcc, 0xb4, 0xfc, 0x36, 0x7f, 0x2c, - 0x02, 0xca, 0x5a, 0xea, 0xc8, 0xf7, 0x60, 0x85, 0xb2, 0x38, 0xc4, 0x81, 0xff, 0x9a, 0x78, 0xd9, - 0x4d, 0xa8, 0x4e, 0xc4, 0xb2, 0x43, 0x9f, 0x00, 0x90, 0x38, 0x66, 0xb1, 0x23, 0x46, 0x91, 0x6a, - 0x6a, 0xb5, 0xb5, 0x97, 0x64, 0x3f, 0x0b, 0x6a, 0x75, 0x12, 0xc3, 0xb3, 0x51, 0x44, 0xec, 0x65, - 0x32, 0xfe, 0x44, 0x77, 0xe1, 0xa6, 0x02, 0x08, 0x09, 0xe7, 0xc9, 0x24, 0x96, 0x64, 0x9c, 0x8a, - 0x14, 0xf6, 0x94, 0xcc, 0x7c, 0x06, 0xcb, 0xa9, 0x33, 0xaa, 0xc0, 0x52, 0xff, 0xc4, 0xe9, 0xd8, - 0xf6, 0x89, 0x5d, 0xbb, 0x86, 0x36, 0x00, 0x75, 0xfb, 0xe7, 0xed, 0x47, 0xdd, 0x23, 0xa7, 0xdb, - 0x6b, 0x1f, 0x77, 0x9c, 0x7e, 0xbb, 0xd7, 0xa9, 0x15, 0x90, 0x01, 0xeb, 0xfd, 0x13, 0x47, 0x2b, - 0xfa, 0x67, 0x9d, 0x63, 0xbb, 0x7d, 0xd6, 0x3d, 0xe9, 0xd7, 0x8a, 0x68, 0x05, 0xca, 0xa7, 0x87, - 0xed, 0xbe, 0xf3, 0xb0, 0xdd, 0x7d, 0xd4, 0x39, 0xaa, 0x95, 0xcc, 0xf7, 0x61, 0xed, 0x09, 0xbd, - 0xfc, 0x5f, 0xe5, 0x7a, 0x0a, 0xc6, 0x31, 0x11, 0x32, 0x37, 0xe2, 0x4d, 0x75, 0xeb, 0x63, 0xa8, - 0x5e, 0x2a, 0x85, 0x93, 0x63, 0xab, 0x5b, 0xe9, 0xc8, 0x66, 0xfd, 0xec, 0x9b, 0x97, 0x59, 0x14, - 0xf3, 0x01, 0xec, 0xbd, 0x71, 0x4d, 0x8f, 0x88, 0xc0, 0x7e, 0xc0, 0xeb, 0x1b, 0xb0, 0x7e, 0xc6, - 0x58, 0x0f, 0xd3, 0xd1, 0x63, 0x1c, 0xe3, 0x20, 0x20, 0x41, 0xe2, 0xc2, 0x5b, 0xbf, 0x2d, 0x42, - 0x45, 0x3a, 0x9e, 0xaa, 0x37, 0x04, 0x7d, 0x0e, 0x4b, 0xe3, 0x7d, 0x45, 0x6b, 0x49, 0x37, 0xa6, - 0xd8, 0xbc, 0x3e, 0xb5, 0xe8, 0xe6, 0xe6, 0x4f, 0x7f, 0xfe, 0xf3, 0x4b, 0x71, 0x15, 0xad, 0xa4, - 0xcf, 0x19, 0x6f, 0x7c, 0xef, 0x7b, 0x3f, 0xa0, 0x1e, 0x94, 0x33, 0x74, 0x8a, 0x72, 0x83, 0x5d, - 0xdf, 0x4c, 0x4e, 0x73, 0xd8, 0x76, 0x1e, 0x9c, 0x24, 0x5c, 0xf4, 0x10, 0x60, 0xc2, 0xef, 0x53, - 0x68, 0x1b, 0xc9, 0x69, 0x96, 0xfd, 0x4d, 0x24, 0xc1, 0x2a, 0x08, 0x26, 0x60, 0xa8, 0x07, 0xcb, - 0x69, 0xb5, 0xd0, 0x7a, 0xe2, 0x38, 0xcd, 0xe3, 0x33, 0x29, 0xd6, 0x25, 0xcc, 0xba, 0x99, 0x4d, - 0x31, 0xd9, 0xf1, 0x07, 0x85, 0x03, 0xf4, 0x18, 0x56, 0x67, 0x8a, 0x8f, 0xb6, 0x73, 0xb0, 0x53, - 0x44, 0x57, 0xbf, 0xf3, 0x06, 0xad, 0x1e, 0x86, 0x00, 0x76, 0xdf, 0xc2, 0x98, 0xe8, 0x20, 0xdb, - 0x98, 0xff, 0xa6, 0xd5, 0xb7, 0x45, 0x7b, 0x06, 0xbb, 0x5d, 0x3a, 0xc4, 0x81, 0xef, 0x61, 0x41, - 0x12, 0xb3, 0x36, 0xf5, 0x6c, 0x72, 0xe1, 0x73, 0x11, 0x8f, 0x0e, 0x93, 0x07, 0x81, 0xa3, 0xe5, - 0x04, 0xa1, 0x93, 0xfc, 0x4d, 0xd4, 0x27, 0x9f, 0xe6, 0x5d, 0x59, 0x94, 0x3b, 0xe8, 0x76, 0xa6, - 0x28, 0xf2, 0x05, 0x69, 0xf8, 0x29, 0x1e, 0x7a, 0x02, 0x95, 0x2c, 0x3d, 0x21, 0xd9, 0xf6, 0x39, - 0x2c, 0x58, 0x37, 0x66, 0x15, 0xf9, 0x1e, 0x1e, 0x64, 0x7b, 0xf8, 0x35, 0xc0, 0x84, 0x24, 0xd0, - 0xad, 0x69, 0xd2, 0x50, 0x90, 0x1b, 0xf3, 0xb9, 0xc4, 0xdc, 0x96, 0x80, 0x1b, 0xe6, 0x6a, 0x02, - 0xa8, 0x37, 0x49, 0xe1, 0x26, 0xfd, 0xec, 0x41, 0x25, 0xbb, 0xd1, 0xea, 0xc6, 0x73, 0x76, 0x3c, - 0x5b, 0x8a, 0x2d, 0x89, 0xb8, 0x76, 0x30, 0x8b, 0x88, 0xce, 0xa1, 0x36, 0xbd, 0xf5, 0xd9, 0x7a, - 0x6e, 0xeb, 0x46, 0xce, 0xa5, 0x85, 0x31, 0x2e, 0x9a, 0xc5, 0xfd, 0xcc, 0xfa, 0xfd, 0x6a, 0xa7, - 0xf0, 0xc7, 0xd5, 0x4e, 0xe1, 0xaf, 0xab, 0x9d, 0xc2, 0xaf, 0x7f, 0xef, 0x5c, 0x03, 0xc3, 0x67, - 0x16, 0x17, 0xd8, 0xfd, 0x36, 0x66, 0xdf, 0xa9, 0x7f, 0x31, 0x0b, 0x47, 0xbe, 0x35, 0x6c, 0x7e, - 0x53, 0x1c, 0x36, 0x9f, 0x5e, 0x7b, 0x7e, 0x43, 0xca, 0x3e, 0xfc, 0x37, 0x00, 0x00, 0xff, 0xff, - 0xb2, 0x5f, 0x16, 0x05, 0x7a, 0x0a, 0x00, 0x00, + // 1001 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x55, 0x6d, 0x6f, 0xdb, 0x44, + 0x1c, 0x5f, 0xd2, 0xb5, 0x6b, 0xfe, 0x49, 0xd3, 0xf4, 0x92, 0xb5, 0x9e, 0xd7, 0x27, 0x79, 0x48, + 0x2d, 0x45, 0x38, 0x4a, 0x79, 0x37, 0x21, 0x41, 0x68, 0xb3, 0x92, 0xa9, 0x49, 0x8a, 0xd3, 0x8d, + 0x81, 0x26, 0x59, 0x87, 0x7d, 0x4b, 0x2d, 0xec, 0x3b, 0xcf, 0xe7, 0xa4, 0x78, 0x88, 0x17, 0xf0, + 0x15, 0x78, 0xc3, 0x37, 0x82, 0x97, 0x48, 0x7c, 0x01, 0x54, 0xf8, 0x20, 0xc8, 0x77, 0x97, 0xc4, + 0x79, 0x98, 0xc4, 0x3b, 0xdf, 0xff, 0xe1, 0xf7, 0x7f, 0xfe, 0x19, 0x74, 0x1c, 0x7a, 0xf5, 0x51, + 0xa3, 0xee, 0x05, 0x78, 0x40, 0x6c, 0x4e, 0xa2, 0x91, 0xe7, 0x10, 0x33, 0x8c, 0x58, 0xcc, 0x50, + 0x7e, 0xd4, 0xd0, 0x77, 0x07, 0x8c, 0x0d, 0x7c, 0x52, 0x4f, 0xcd, 0x30, 0xa5, 0x2c, 0xc6, 0xb1, + 0xc7, 0x28, 0x97, 0x16, 0xfa, 0x63, 0xe5, 0xcd, 0x09, 0x8e, 0x9c, 0x9b, 0x59, 0x77, 0x1d, 0x29, + 0x25, 0x09, 0xc2, 0x38, 0x51, 0xb2, 0x2a, 0x8f, 0x59, 0x84, 0x07, 0x44, 0xc6, 0x53, 0x42, 0x6d, + 0x2c, 0x74, 0x49, 0xe8, 0xb3, 0x24, 0x20, 0x34, 0x96, 0x1a, 0xe3, 0x39, 0x6c, 0x5e, 0x90, 0xb8, + 0x9d, 0xda, 0x5a, 0xe4, 0xed, 0x90, 0xf0, 0x18, 0x95, 0x21, 0xef, 0xb9, 0x5a, 0xee, 0x30, 0x77, + 0x5c, 0xb0, 0xf2, 0x9e, 0x8b, 0x8e, 0x60, 0xd3, 0xa3, 0x8e, 0x3f, 0x74, 0x89, 0xcd, 0x29, 0x63, + 0xef, 0x88, 0xab, 0xe5, 0x0f, 0x73, 0xc7, 0xeb, 0x56, 0x59, 0x89, 0xfb, 0x52, 0x6a, 0x7c, 0x0e, + 0xe8, 0xd2, 0xe3, 0x12, 0x8c, 0x5b, 0x84, 0x87, 0x8c, 0x72, 0x82, 0x4e, 0x60, 0x4d, 0xa4, 0xc2, + 0xb5, 0xdc, 0xe1, 0xca, 0x71, 0xf1, 0x14, 0x99, 0x2a, 0x19, 0x73, 0x62, 0x6c, 0x29, 0x0b, 0xe3, + 0x23, 0xa8, 0x9e, 0xb1, 0x21, 0x9d, 0x87, 0xa8, 0xc1, 0xaa, 0x93, 0x8a, 0x45, 0x52, 0xab, 0x96, + 0x7c, 0x18, 0x21, 0x54, 0xfa, 0x0e, 0xa6, 0x33, 0xb9, 0xef, 0x01, 0xc8, 0x3e, 0x53, 0x1c, 0x10, + 0x55, 0x43, 0x41, 0x48, 0xba, 0x38, 0x10, 0x40, 0x6f, 0x58, 0xe4, 0x10, 0x55, 0x80, 0x7c, 0x2c, + 0x2b, 0x70, 0x65, 0x69, 0x81, 0x21, 0x68, 0x93, 0x88, 0x6d, 0x1a, 0x93, 0x88, 0x62, 0x7f, 0x1c, + 0xf9, 0x63, 0x58, 0x15, 0x71, 0x44, 0xd0, 0xe2, 0xe9, 0xce, 0xa4, 0xca, 0x33, 0x46, 0x63, 0xec, + 0x51, 0x12, 0xc9, 0x44, 0xa5, 0x15, 0x3a, 0x80, 0xa2, 0x83, 0x9d, 0x1b, 0xe2, 0xda, 0x8c, 0xfa, + 0x89, 0x8a, 0x07, 0x52, 0xd4, 0xa3, 0x7e, 0xf2, 0xfc, 0xfe, 0x7a, 0xbe, 0xb2, 0x62, 0x34, 0xe1, + 0xd1, 0x92, 0x88, 0xaa, 0x2d, 0x1f, 0xcc, 0x86, 0x2c, 0x4f, 0x42, 0x66, 0x23, 0x19, 0x7d, 0xa8, + 0x9e, 0x13, 0x9f, 0xc4, 0x64, 0xdc, 0x54, 0x99, 0xaf, 0x01, 0xab, 0x6f, 0x87, 0x24, 0x4a, 0x94, + 0x73, 0xc9, 0x1c, 0x35, 0x4c, 0x0b, 0xdf, 0x7e, 0x95, 0xca, 0x2c, 0xa9, 0x42, 0x1a, 0x3c, 0x70, + 0x18, 0x7d, 0xe3, 0x45, 0x81, 0x6a, 0xd8, 0xf8, 0x69, 0x5c, 0x41, 0x6d, 0x16, 0x54, 0xa5, 0x74, + 0x00, 0x45, 0x3a, 0x0c, 0x6c, 0x57, 0xe8, 0xe4, 0x12, 0x6d, 0x58, 0x40, 0x87, 0x81, 0xb4, 0x76, + 0xd1, 0x0e, 0x3c, 0x70, 0xa3, 0xc4, 0x8e, 0x86, 0x54, 0x41, 0xae, 0xb9, 0x51, 0x62, 0x0d, 0xa9, + 0x71, 0x04, 0x5b, 0x5f, 0xe3, 0xd8, 0xb9, 0x99, 0x19, 0x27, 0x82, 0xfb, 0x99, 0x41, 0x8a, 0x6f, + 0xe3, 0xe7, 0x3c, 0xa0, 0xac, 0xa5, 0x8a, 0x7c, 0x04, 0x9b, 0x94, 0x45, 0x01, 0xf6, 0xbd, 0x77, + 0xc4, 0xcd, 0x8e, 0xbf, 0x3c, 0x15, 0x8b, 0x1d, 0xf8, 0x0c, 0x80, 0x44, 0x11, 0x8b, 0xec, 0x38, + 0x09, 0xe5, 0x22, 0x94, 0x4f, 0x0f, 0xd3, 0xea, 0x17, 0x41, 0xcd, 0x56, 0x6a, 0x78, 0x9d, 0x84, + 0xc4, 0x2a, 0x90, 0xf1, 0x27, 0x7a, 0x02, 0x1b, 0x12, 0x20, 0x20, 0x9c, 0xa7, 0xed, 0x5f, 0x11, + 0x71, 0x4a, 0x42, 0xd8, 0x91, 0x32, 0xe3, 0x35, 0x14, 0x26, 0xce, 0xa8, 0x04, 0xeb, 0xdd, 0x9e, + 0xdd, 0xb2, 0xac, 0x9e, 0x55, 0xb9, 0x87, 0xb6, 0x01, 0xb5, 0xbb, 0x2f, 0x9b, 0x97, 0xed, 0x73, + 0xbb, 0xdd, 0x69, 0x5e, 0xb4, 0xec, 0x6e, 0xb3, 0xd3, 0xaa, 0xe4, 0x90, 0x06, 0xb5, 0x6e, 0xcf, + 0x56, 0x8a, 0xee, 0x75, 0xeb, 0xc2, 0x6a, 0x5e, 0xb7, 0x7b, 0xdd, 0x4a, 0x1e, 0x6d, 0x42, 0xb1, + 0x7f, 0xd6, 0xec, 0xda, 0xcf, 0x9a, 0xed, 0xcb, 0xd6, 0x79, 0x65, 0xc5, 0xf8, 0x10, 0xaa, 0x2f, + 0xe8, 0xed, 0xff, 0x6a, 0xd7, 0x2b, 0xd0, 0x2e, 0x48, 0x2c, 0x6a, 0x23, 0xee, 0xdc, 0xb4, 0x3e, + 0x85, 0xf2, 0xad, 0x54, 0xd8, 0x33, 0x27, 0xfa, 0x70, 0xb2, 0x49, 0x59, 0x3f, 0x6b, 0xe3, 0x36, + 0x8b, 0x62, 0x3c, 0x85, 0xc3, 0xf7, 0xee, 0xe6, 0x39, 0x89, 0xb1, 0xe7, 0x73, 0x7d, 0x1b, 0x6a, + 0xd7, 0x8c, 0x75, 0x30, 0x4d, 0xae, 0x70, 0x84, 0x7d, 0x9f, 0xf8, 0xa9, 0x0b, 0x3f, 0xfd, 0x7d, + 0x0d, 0x4a, 0xc2, 0xb1, 0x2f, 0x09, 0x0d, 0x7d, 0x09, 0xeb, 0x63, 0x1e, 0x42, 0xd5, 0x74, 0x1a, + 0x73, 0xac, 0xa4, 0xcf, 0x6d, 0xb7, 0xb1, 0xf3, 0xcb, 0x5f, 0xff, 0xfe, 0x9a, 0xdf, 0x42, 0x9b, + 0x13, 0x6e, 0xe5, 0xf5, 0x1f, 0x3d, 0xf7, 0x27, 0xd4, 0x81, 0x62, 0x86, 0x43, 0xd0, 0xcc, 0x62, + 0xeb, 0x3b, 0xe9, 0x6b, 0x09, 0xc5, 0x2c, 0x83, 0x13, 0x2c, 0x83, 0x9e, 0x01, 0x4c, 0x49, 0x6d, + 0x0e, 0x6d, 0x3b, 0x7d, 0x2d, 0x52, 0x9e, 0x81, 0x04, 0x58, 0x09, 0xc1, 0x14, 0x0c, 0x75, 0xa0, + 0x30, 0xe9, 0x16, 0xaa, 0xa5, 0x8e, 0xf3, 0xe4, 0xb5, 0x50, 0xa2, 0x2e, 0x60, 0x6a, 0x46, 0xb6, + 0x44, 0xee, 0x60, 0xfa, 0x34, 0x77, 0x82, 0xae, 0x60, 0x6b, 0xa1, 0xf9, 0x68, 0x77, 0x06, 0x76, + 0x8e, 0xa1, 0xf4, 0xbd, 0xf7, 0x68, 0xd5, 0x32, 0xbc, 0x86, 0x83, 0x36, 0x1d, 0x61, 0xdf, 0x73, + 0x71, 0x4c, 0x52, 0xb3, 0x26, 0x75, 0x2d, 0x32, 0xf0, 0x78, 0x1c, 0x25, 0x67, 0x29, 0x2f, 0x71, + 0x54, 0x48, 0x11, 0x5a, 0xe9, 0xcf, 0x46, 0x9f, 0x7e, 0x1a, 0x4f, 0x44, 0x9a, 0x7b, 0xe8, 0x71, + 0x26, 0x4d, 0x41, 0x64, 0x75, 0x6f, 0x82, 0x87, 0x5e, 0x40, 0x29, 0x4b, 0x18, 0x48, 0x0c, 0x62, + 0x09, 0x2f, 0xe9, 0xda, 0xa2, 0x62, 0xb6, 0xab, 0x27, 0xd9, 0xae, 0x7e, 0x03, 0x30, 0x3d, 0x5b, + 0xf4, 0x70, 0xfe, 0x8c, 0x25, 0xe4, 0xf6, 0xf2, 0xeb, 0x36, 0x76, 0x05, 0xe0, 0xb6, 0xb1, 0x95, + 0x02, 0xaa, 0xdd, 0x96, 0xb8, 0x69, 0x87, 0x3b, 0x50, 0xca, 0xde, 0x98, 0xcc, 0x78, 0xc9, 0xd5, + 0x65, 0x5b, 0xf1, 0x48, 0x20, 0x56, 0x4f, 0x16, 0x11, 0xd1, 0x4b, 0xa8, 0xcc, 0xdf, 0x61, 0xb6, + 0x9f, 0xbb, 0x6a, 0xe7, 0x97, 0x1e, 0xea, 0x18, 0x17, 0x2d, 0xe2, 0x7e, 0x61, 0xfe, 0x71, 0xb7, + 0x9f, 0xfb, 0xf3, 0x6e, 0x3f, 0xf7, 0xf7, 0xdd, 0x7e, 0xee, 0xb7, 0x7f, 0xf6, 0xef, 0x81, 0xe6, + 0x31, 0x93, 0xc7, 0xd8, 0xf9, 0x3e, 0x62, 0x3f, 0xc8, 0xbf, 0xbc, 0x89, 0x43, 0xcf, 0x1c, 0x35, + 0xbe, 0xcd, 0x8f, 0x1a, 0xaf, 0xee, 0x7d, 0xb7, 0x26, 0x64, 0x9f, 0xfc, 0x17, 0x00, 0x00, 0xff, + 0xff, 0x0b, 0x24, 0x4b, 0x05, 0x99, 0x08, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -1207,10 +1085,8 @@ type ImageServiceClient interface { ListImages(ctx context.Context, in *RawQuery, opts ...grpc.CallOption) (*ListImagesResponse, error) // ScanImage scans a single image and returns the result ScanImage(ctx context.Context, in *ScanImageRequest, opts ...grpc.CallOption) (*storage.Image, error) - // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests + // ScanImageInternal is used solely by the Sensor to send scan requests ScanImageInternal(ctx context.Context, in *ScanImageInternalRequest, opts ...grpc.CallOption) (*ScanImageInternalResponse, error) - // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. - GetImageVulnerabilitiesInternal(ctx context.Context, in *GetImageVulnerabilitiesInternalRequest, opts ...grpc.CallOption) (*ScanImageInternalResponse, error) // InvalidateScanAndRegistryCaches removes the image metadata cache. InvalidateScanAndRegistryCaches(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) // DeleteImage removes the images based on a query @@ -1279,15 +1155,6 @@ func (c *imageServiceClient) ScanImageInternal(ctx context.Context, in *ScanImag return out, nil } -func (c *imageServiceClient) GetImageVulnerabilitiesInternal(ctx context.Context, in *GetImageVulnerabilitiesInternalRequest, opts ...grpc.CallOption) (*ScanImageInternalResponse, error) { - out := new(ScanImageInternalResponse) - err := c.cc.Invoke(ctx, "/v1.ImageService/GetImageVulnerabilitiesInternal", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - func (c *imageServiceClient) InvalidateScanAndRegistryCaches(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { out := new(Empty) err := c.cc.Invoke(ctx, "/v1.ImageService/InvalidateScanAndRegistryCaches", in, out, opts...) @@ -1343,10 +1210,8 @@ type ImageServiceServer interface { ListImages(context.Context, *RawQuery) (*ListImagesResponse, error) // ScanImage scans a single image and returns the result ScanImage(context.Context, *ScanImageRequest) (*storage.Image, error) - // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests + // ScanImageInternal is used solely by the Sensor to send scan requests ScanImageInternal(context.Context, *ScanImageInternalRequest) (*ScanImageInternalResponse, error) - // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. - GetImageVulnerabilitiesInternal(context.Context, *GetImageVulnerabilitiesInternalRequest) (*ScanImageInternalResponse, error) // InvalidateScanAndRegistryCaches removes the image metadata cache. InvalidateScanAndRegistryCaches(context.Context, *Empty) (*Empty, error) // DeleteImage removes the images based on a query @@ -1381,9 +1246,6 @@ func (*UnimplementedImageServiceServer) ScanImage(ctx context.Context, req *Scan func (*UnimplementedImageServiceServer) ScanImageInternal(ctx context.Context, req *ScanImageInternalRequest) (*ScanImageInternalResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method ScanImageInternal not implemented") } -func (*UnimplementedImageServiceServer) GetImageVulnerabilitiesInternal(ctx context.Context, req *GetImageVulnerabilitiesInternalRequest) (*ScanImageInternalResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetImageVulnerabilitiesInternal not implemented") -} func (*UnimplementedImageServiceServer) InvalidateScanAndRegistryCaches(ctx context.Context, req *Empty) (*Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method InvalidateScanAndRegistryCaches not implemented") } @@ -1494,24 +1356,6 @@ func _ImageService_ScanImageInternal_Handler(srv interface{}, ctx context.Contex return interceptor(ctx, in, info, handler) } -func _ImageService_GetImageVulnerabilitiesInternal_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetImageVulnerabilitiesInternalRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ImageServiceServer).GetImageVulnerabilitiesInternal(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v1.ImageService/GetImageVulnerabilitiesInternal", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ImageServiceServer).GetImageVulnerabilitiesInternal(ctx, req.(*GetImageVulnerabilitiesInternalRequest)) - } - return interceptor(ctx, in, info, handler) -} - func _ImageService_InvalidateScanAndRegistryCaches_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(Empty) if err := dec(in); err != nil { @@ -1626,10 +1470,6 @@ var _ImageService_serviceDesc = grpc.ServiceDesc{ MethodName: "ScanImageInternal", Handler: _ImageService_ScanImageInternal_Handler, }, - { - MethodName: "GetImageVulnerabilitiesInternal", - Handler: _ImageService_GetImageVulnerabilitiesInternal_Handler, - }, { MethodName: "InvalidateScanAndRegistryCaches", Handler: _ImageService_InvalidateScanAndRegistryCaches_Handler, @@ -1679,16 +1519,6 @@ func (m *GetImageRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.StripDescription { - i-- - if m.StripDescription { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x18 - } if m.IncludeSnoozed { i-- if m.IncludeSnoozed { @@ -1924,94 +1754,6 @@ func (m *ScanImageInternalResponse) MarshalToSizedBuffer(dAtA []byte) (int, erro return len(dAtA) - i, nil } -func (m *GetImageVulnerabilitiesInternalRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *GetImageVulnerabilitiesInternalRequest) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *GetImageVulnerabilitiesInternalRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Notes) > 0 { - dAtA4 := make([]byte, len(m.Notes)*10) - var j3 int - for _, num := range m.Notes { - for num >= 1<<7 { - dAtA4[j3] = uint8(uint64(num)&0x7f | 0x80) - num >>= 7 - j3++ - } - dAtA4[j3] = uint8(num) - j3++ - } - i -= j3 - copy(dAtA[i:], dAtA4[:j3]) - i = encodeVarintImageService(dAtA, i, uint64(j3)) - i-- - dAtA[i] = 0x2a - } - if m.Components != nil { - { - size, err := m.Components.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintImageService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x22 - } - if m.Metadata != nil { - { - size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintImageService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - if m.ImageName != nil { - { - size, err := m.ImageName.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintImageService(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - if len(m.ImageId) > 0 { - i -= len(m.ImageId) - copy(dAtA[i:], m.ImageId) - i = encodeVarintImageService(dAtA, i, uint64(len(m.ImageId))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - func (m *DeleteImagesRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -2336,9 +2078,6 @@ func (m *GetImageRequest) Size() (n int) { if m.IncludeSnoozed { n += 2 } - if m.StripDescription { - n += 2 - } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -2435,41 +2174,6 @@ func (m *ScanImageInternalResponse) Size() (n int) { return n } -func (m *GetImageVulnerabilitiesInternalRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.ImageId) - if l > 0 { - n += 1 + l + sovImageService(uint64(l)) - } - if m.ImageName != nil { - l = m.ImageName.Size() - n += 1 + l + sovImageService(uint64(l)) - } - if m.Metadata != nil { - l = m.Metadata.Size() - n += 1 + l + sovImageService(uint64(l)) - } - if m.Components != nil { - l = m.Components.Size() - n += 1 + l + sovImageService(uint64(l)) - } - if len(m.Notes) > 0 { - l = 0 - for _, e := range m.Notes { - l += sovImageService(uint64(e)) - } - n += 1 + sovImageService(uint64(l)) + l - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - func (m *DeleteImagesRequest) Size() (n int) { if m == nil { return 0 @@ -2691,26 +2395,6 @@ func (m *GetImageRequest) Unmarshal(dAtA []byte) error { } } m.IncludeSnoozed = bool(v != 0) - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field StripDescription", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.StripDescription = bool(v != 0) default: iNdEx = preIndex skippy, err := skipImageService(dAtA[iNdEx:]) @@ -3205,266 +2889,6 @@ func (m *ScanImageInternalResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetImageVulnerabilitiesInternalRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GetImageVulnerabilitiesInternalRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GetImageVulnerabilitiesInternalRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ImageId", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthImageService - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthImageService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ImageId = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ImageName", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthImageService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthImageService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.ImageName == nil { - m.ImageName = &storage.ImageName{} - } - if err := m.ImageName.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthImageService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthImageService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Metadata == nil { - m.Metadata = &storage.ImageMetadata{} - } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Components", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthImageService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthImageService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Components == nil { - m.Components = &v1.Components{} - } - if err := m.Components.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 5: - if wireType == 0 { - var v v1.Note - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= v1.Note(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Notes = append(m.Notes, v) - } else if wireType == 2 { - var packedLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - packedLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if packedLen < 0 { - return ErrInvalidLengthImageService - } - postIndex := iNdEx + packedLen - if postIndex < 0 { - return ErrInvalidLengthImageService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - var elementCount int - if elementCount != 0 && len(m.Notes) == 0 { - m.Notes = make([]v1.Note, 0, elementCount) - } - for iNdEx < postIndex { - var v v1.Note - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowImageService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= v1.Note(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Notes = append(m.Notes, v) - } - } else { - return fmt.Errorf("proto: wrong wireType = %d for field Notes", wireType) - } - default: - iNdEx = preIndex - skippy, err := skipImageService(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthImageService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func (m *DeleteImagesRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/generated/api/v1/image_service.swagger.json b/generated/api/v1/image_service.swagger.json index be3c8cddb4bf4..d4edb4d5ffbe7 100644 --- a/generated/api/v1/image_service.swagger.json +++ b/generated/api/v1/image_service.swagger.json @@ -215,12 +215,6 @@ "in": "query", "required": false, "type": "boolean" - }, - { - "name": "stripDescription", - "in": "query", - "required": false, - "type": "boolean" } ], "tags": [ @@ -414,6 +408,20 @@ ], "default": "UI_NONE" }, + "EmbeddedImageScanComponentExecutable": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "dependencies": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "EmbeddedVulnerabilityVulnerabilityType": { "type": "string", "enum": [ @@ -472,210 +480,6 @@ } } }, - "scannerV1Components": { - "type": "object", - "properties": { - "namespace": { - "type": "string" - }, - "osComponents": { - "type": "array", - "items": { - "$ref": "#/definitions/scannerV1OSComponent" - } - }, - "rhelComponents": { - "type": "array", - "items": { - "$ref": "#/definitions/scannerV1RHELComponent" - } - }, - "languageComponents": { - "type": "array", - "items": { - "$ref": "#/definitions/scannerV1LanguageComponent" - } - } - } - }, - "scannerV1Executable": { - "type": "object", - "properties": { - "path": { - "type": "string" - }, - "requiredFeatures": { - "type": "array", - "items": { - "$ref": "#/definitions/scannerV1FeatureNameVersion" - } - } - } - }, - "scannerV1FeatureNameVersion": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "version": { - "type": "string" - } - } - }, - "scannerV1JavaComponent": { - "type": "object", - "properties": { - "implementationVersion": { - "type": "string" - }, - "mavenVersion": { - "type": "string" - }, - "origins": { - "type": "array", - "items": { - "type": "string" - } - }, - "specificationVersion": { - "type": "string" - }, - "bundleName": { - "type": "string" - } - } - }, - "scannerV1LanguageComponent": { - "type": "object", - "properties": { - "type": { - "$ref": "#/definitions/scannerV1SourceType" - }, - "name": { - "type": "string" - }, - "version": { - "type": "string" - }, - "location": { - "type": "string" - }, - "java": { - "$ref": "#/definitions/scannerV1JavaComponent" - }, - "python": { - "$ref": "#/definitions/scannerV1PythonComponent" - }, - "addedBy": { - "type": "string" - } - } - }, - "scannerV1Note": { - "type": "string", - "enum": [ - "OS_CVES_UNAVAILABLE", - "OS_CVES_STALE", - "LANGUAGE_CVES_UNAVAILABLE", - "CERTIFIED_RHEL_SCAN_UNAVAILABLE" - ], - "default": "OS_CVES_UNAVAILABLE" - }, - "scannerV1OSComponent": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "version": { - "type": "string" - }, - "addedBy": { - "type": "string" - }, - "executables": { - "type": "array", - "items": { - "$ref": "#/definitions/scannerV1Executable" - } - } - } - }, - "scannerV1PythonComponent": { - "type": "object", - "properties": { - "homepage": { - "type": "string" - }, - "authorEmail": { - "type": "string" - }, - "downloadUrl": { - "type": "string" - }, - "summary": { - "type": "string" - }, - "description": { - "type": "string" - } - } - }, - "scannerV1RHELComponent": { - "type": "object", - "properties": { - "id": { - "type": "string", - "format": "int64" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "version": { - "type": "string" - }, - "arch": { - "type": "string" - }, - "module": { - "type": "string" - }, - "cpes": { - "type": "array", - "items": { - "type": "string" - } - }, - "addedBy": { - "type": "string" - }, - "executables": { - "type": "array", - "items": { - "$ref": "#/definitions/scannerV1Executable" - } - } - } - }, - "scannerV1SourceType": { - "type": "string", - "enum": [ - "UNSET_SOURCE_TYPE", - "JAVA", - "PYTHON", - "NPM", - "GEM", - "DOTNETCORERUNTIME" - ], - "default": "UNSET_SOURCE_TYPE" - }, "storageCVSSV2": { "type": "object", "properties": { @@ -917,27 +721,13 @@ "executables": { "type": "array", "items": { - "$ref": "#/definitions/storageEmbeddedImageScanComponentExecutable" + "$ref": "#/definitions/EmbeddedImageScanComponentExecutable" }, "title": "Values are cleared after moving to cache, remove them from the grpc return as well" } }, "title": "Next Tag: 13" }, - "storageEmbeddedImageScanComponentExecutable": { - "type": "object", - "properties": { - "path": { - "type": "string" - }, - "dependencies": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, "storageEmbeddedVulnerability": { "type": "object", "properties": { diff --git a/go.mod b/go.mod index e6b3486382e54..ba9fb44c131a1 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 // CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude" // directive at the bottom of the file as well. -require github.com/stackrox/scanner v0.0.0-20220214215744-13c0e1db0298 +require github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d require ( cloud.google.com/go/compute v1.3.0 diff --git a/go.sum b/go.sum index 617d58d540dda..a491929027dd2 100644 --- a/go.sum +++ b/go.sum @@ -673,6 +673,7 @@ github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= +github.com/containers/image/v5 v5.11.1/go.mod h1:HC9lhJ/Nz5v3w/5Co7H431kLlgzlVlOC+auD/er3OqE= github.com/containers/image/v5 v5.19.1 h1:g4/+XIuh1kRoRn2MfLDhfHhkNOIO9JtqhSyo55tjpfE= github.com/containers/image/v5 v5.19.1/go.mod h1:ewoo3u+TpJvGmsz64XgzbyTHwHtM94q7mgK/pX+v2SE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= @@ -680,6 +681,7 @@ github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/ github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= +github.com/containers/storage v1.29.0/go.mod h1:u84RU4CCufGeJBNTRNwMB+FoE+AiFeFw4SsMoqAOeCM= github.com/containers/storage v1.38.2 h1:8bAIxnVBGKzMw5EWCivVj24bztQT6IkDp4uHiyhnzwE= github.com/containers/storage v1.38.2/go.mod h1:INP0RPLHWBxx+pTsO5uiHlDUGHDFvWZPWprAbAlQWPQ= github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= @@ -821,6 +823,7 @@ github.com/docker/docker v0.7.3-0.20190103212154-2b7e084dc98b/go.mod h1:eEKB0N0r github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v0.7.3-0.20190817195342-4760db040282/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v1.4.2-0.20191219165747-a9416c67da9f/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v1.4.2-0.20200203170920-46ec8731fbce/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= @@ -982,11 +985,14 @@ github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= +github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-git-fixtures/v4 v4.0.2-0.20200613231340-f56387b50c12/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw= github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8= github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= +github.com/go-git/go-git/v5 v5.2.0/go.mod h1:kh02eMX+wdqqxgNMEyq8YgwlIOsDOa9homkUq1PoTMs= github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4= github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= @@ -1771,6 +1777,7 @@ github.com/jsonnet-bundler/jsonnet-bundler v0.3.1/go.mod h1:/by7P/OoohkI3q4CgSFq github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= @@ -1870,6 +1877,7 @@ github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lovoo/gcloud-opentracing v0.3.0/go.mod h1:ZFqk2y38kMDDikZPAK7ynTTGuyt17nSPdS3K5e+ZTBY= +github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/machinebox/graphql v0.2.2 h1:dWKpJligYKhYKO5A2gvNhkJdQMNZeChZYyBbrZkBZfo= @@ -1891,6 +1899,7 @@ github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/manifoldco/promptui v0.8.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ= github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/maratori/testpackage v1.0.1/go.mod h1:ddKdw+XG0Phzhx8BFDTKgpWP4i7MpApTE5fXSKAqwDU= github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI= @@ -1943,6 +1952,7 @@ github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/mattn/go-runewidth v0.0.10/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= @@ -2068,6 +2078,7 @@ github.com/mozillazg/go-httpheader v0.2.1/go.mod h1:jJ8xECTlalr6ValeXYdOF8fFUISe github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de/go.mod h1:kJun4WP5gFuHZgRjZUWWuH1DTxCtxbHDOIJsudS8jzY= github.com/mschoch/smat v0.2.0 h1:8imxQsjDm8yFEAVBe7azKmKSgzSkZXDuKkSq9374khM= github.com/mschoch/smat v0.2.0/go.mod h1:kc9mz7DoBKqDyiRL7VZN8KvXQMWeTaVnttLRXOlotKw= +github.com/mtrmac/gpgme v0.1.2/go.mod h1:GYYHnGSuS7HK3zVS2n3y73y0okK/BeKzwnn5jgiVFNI= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -2245,6 +2256,8 @@ github.com/polyfloyd/go-errorlint v0.0.0-20210722154253-910bb7978349/go.mod h1:w github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= +github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M= +github.com/pquerna/ffjson v0.0.0-20190813045741-dac163c6c0a9/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M= github.com/proglottis/gpgme v0.1.1/go.mod h1:fPbW/EZ0LvwQtH8Hy7eixhp1eF3G39dtx7GUN+0Gmy0= github.com/prometheus/alertmanager v0.18.0/go.mod h1:WcxHBl40VSPuOaqWae6l6HpnEOVRIycEJ7i9iYkadEE= github.com/prometheus/alertmanager v0.20.0/go.mod h1:9g2i48FAyZW6BtbsnvHtMHQXl2aVtrORKwKVCQ+nbrg= @@ -2336,6 +2349,7 @@ github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqn github.com/remind101/migrate v0.0.0-20170729031349-52c1edff7319/go.mod h1:rhSvwcijY9wfmrBYrfCvapX8/xOTV46NAUjBRgUyJqc= github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= +github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/robfig/cron v0.0.0-20170526150127-736158dc09e1/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k= @@ -2527,8 +2541,8 @@ github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 h1:0 github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5/go.mod h1:GEtZ9DYAzmOtyqQPCJCEIzXJ7NcrHbMy6ZPJbcyfmLM= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56 h1:D2wYiy+hcKy8qZAg9SxSWfZgbvmEgD9AdV0g0lJqGZ0= github.com/stackrox/nvdtools v0.0.0-20210326191554-5daeb6395b56/go.mod h1:AIeN7k60Q/kcW9aeiMpA0PY8CU3zsrLV0UhIksolMn4= -github.com/stackrox/scanner v0.0.0-20220214215744-13c0e1db0298 h1:yE3ZX70ooJqHrKY59Ck8EFADw9Jmv3of0r+tb/Sc9Bk= -github.com/stackrox/scanner v0.0.0-20220214215744-13c0e1db0298/go.mod h1:Juogn/73/TuznF3SFDDdhcaX7ASHDNmxQVxMP8XZPk4= +github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d h1:AugbkBwG2hVTam/UG0k+/GcjNMLMDd8/au9ke2NnOtY= +github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d/go.mod h1:DxQRXuuHfgvLOCBkhwX67Q6qO/6MkKizEBXdnhKudkQ= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d h1:jeM6QMtwE9BU0rfDYcmkI/aOChOUfIO18LDp/DSnZpI= github.com/stackrox/tail v1.4.9-0.20210831224919-407035634f5d/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/stackrox/yaml/v2 v2.4.1 h1:09ux+QFfvp+Lk73pwGlMTAHeZoS2pqs6CCngYaJ6EQo= @@ -2652,10 +2666,12 @@ github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyC github.com/valyala/fasthttp v1.16.0/go.mod h1:YOKImeEosDdBPnxc0gy7INqi3m1zK6A+xl6TwOBhHCA= github.com/valyala/quicktemplate v1.6.3/go.mod h1:fwPzK2fHuYEODzJ9pkw0ipCPNHZ2tD5KW4lOuSdPKzY= github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= +github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g= github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME= github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= github.com/vbauerster/mpb/v4 v4.12.2 h1:TsBs1nWRYF0m8cUH13pxNhOUqY6yKcOr2PeSYxp2L3I= github.com/vbauerster/mpb/v4 v4.12.2/go.mod h1:LVRGvMch8T4HQO3eg2pFPsACH9kO/O6fT/7vhGje3QE= +github.com/vbauerster/mpb/v6 v6.0.3/go.mod h1:5luBx4rDLWxpA4t6I5sdeeQuZhqDxc+wr5Nqf35+tnM= github.com/vbauerster/mpb/v7 v7.3.2/go.mod h1:wfxIZcOJq/bG1/lAtfzMXcOiSvbqVi/5GX5WCSi+IsA= github.com/vdemeester/k8s-pkg-credentialprovider v1.21.0-1/go.mod h1:l4LxiP0cmEcc5q4BTDE8tZSyIiyXe0T28x37yHpMzoM= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= @@ -3226,6 +3242,7 @@ golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/make/protogen.mk b/make/protogen.mk index b86bfe7ce219c..779fcde2b7c60 100644 --- a/make/protogen.mk +++ b/make/protogen.mk @@ -20,11 +20,6 @@ GENERATED_PB_SRCS = $(ALL_PROTOS_REL:%.proto=$(GENERATED_BASE_PATH)/%.pb.go) GENERATED_API_GW_SRCS = $(SERVICE_PROTOS_REL:%.proto=$(GENERATED_BASE_PATH)/%.pb.gw.go) GENERATED_API_SWAGGER_SPECS = $(API_SERVICE_PROTOS:%.proto=$(GENERATED_BASE_PATH)/%.swagger.json) -SCANNER_DIR = $(shell go list -f '{{.Dir}}' -m github.com/stackrox/scanner) -SCANNER_PROTO_BASE_PATH = $(SCANNER_DIR)/proto -ALL_SCANNER_PROTOS = $(shell find $(SCANNER_PROTO_BASE_PATH) -name '*.proto') -ALL_SCANNER_PROTOS_REL = $(ALL_SCANNER_PROTOS:$(SCANNER_PROTO_BASE_PATH)/%=%) - ############## ## Protobuf ## ############## @@ -97,15 +92,10 @@ $(PROTOC_GEN_LINT): $(MODFILE_DIR)/github.com/ckaznocha/protoc-gen-lint/UPDATE_C GOGO_M_STR := Mgoogle/protobuf/any.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/duration.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/struct.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/timestamp.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/wrappers.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/empty.proto=github.com/gogo/protobuf/types -# The --go_out=M... argument specifies the go package to use for an imported proto file. -# Here, we instruct protoc-gen-go to import the go source for proto file $(BASE_PATH)//*.proto to +# The --go_out=M... argument specifies the go package to use for an imported proto file. Here, we instruct protoc-gen-go +# to import the go source for proto file $(BASE_PATH)//*.proto to # "github.com/stackrox/rox/generated/". -ROX_M_ARGS = $(foreach proto,$(ALL_PROTOS_REL),M$(proto)=github.com/stackrox/rox/generated/$(patsubst %/,%,$(dir $(proto)))) -# Here, we instruct protoc-gen-go to import the go source for proto file github.com/stackrox/scanner/proto//*.proto to -# "github.com/stackrox/scanner/generated/". -SCANNER_M_ARGS = $(foreach proto,$(ALL_SCANNER_PROTOS_REL),M$(proto)=github.com/stackrox/scanner/generated/$(patsubst %/,%,$(dir $(proto)))) -# Combine the *_M_ARGS. -M_ARGS = $(ROX_M_ARGS) $(SCANNER_M_ARGS) +M_ARGS = $(foreach proto,$(ALL_PROTOS_REL),M$(proto)=github.com/stackrox/rox/generated/$(patsubst %/,%,$(dir $(proto)))) # This is the M_ARGS used for the grpc-gateway invocation. We only map the storage protos, because # - the gateway code produces no output (possibly because of a bug) if we pass M_ARGS_STR to it. # - the gateway code doesn't need access to anything outside api/v1 except storage. In particular, it should NOT import internalapi protos. @@ -133,7 +123,6 @@ proto-fmt: $(PROTOC_GEN_LINT) -I$(PROTOC_INCLUDES) \ -I$(GOGO_DIR)/protobuf \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ - -I$(SCANNER_PROTO_BASE_PATH) \ --lint_out=. \ --proto_path=$(PROTO_BASE_PATH) \ $(ALL_PROTOS) @@ -202,7 +191,6 @@ $(GENERATED_BASE_PATH)/%.pb.go: $(PROTO_BASE_PATH)/%.proto $(PROTO_DEPS) $(PROTO -I$(GOGO_DIR) \ -I$(PROTOC_INCLUDES) \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ - -I$(SCANNER_PROTO_BASE_PATH) \ --proto_path=$(PROTO_BASE_PATH) \ --gofast_out=$(GOGO_M_STR:%=%,)$(M_ARGS_STR:%=%,)plugins=grpc:$(GENERATED_BASE_PATH) \ $(dir $<)/*.proto @@ -217,7 +205,6 @@ $(GENERATED_BASE_PATH)/%_service.pb.gw.go: $(PROTO_BASE_PATH)/%_service.proto $( -I$(PROTOC_INCLUDES) \ -I$(GOGO_DIR) \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ - -I$(SCANNER_PROTO_BASE_PATH) \ --proto_path=$(PROTO_BASE_PATH) \ --grpc-gateway_out=$(GATEWAY_M_ARGS_STR:%=%,)allow_colon_final_segments=true,logtostderr=true:$(GENERATED_BASE_PATH) \ $(dir $<)/*.proto @@ -231,7 +218,6 @@ $(GENERATED_BASE_PATH)/%.swagger.json: $(PROTO_BASE_PATH)/%.proto $(PROTO_DEPS) -I$(GOGO_DIR) \ -I$(PROTOC_INCLUDES) \ -I$(GRPC_GATEWAY_DIR)/third_party/googleapis \ - -I$(SCANNER_PROTO_BASE_PATH) \ --proto_path=$(PROTO_BASE_PATH) \ --swagger_out=logtostderr=true,json_names_for_fields=true:$(GENERATED_BASE_PATH) \ $(dir $<)/*.proto diff --git a/pkg/env/sensor.go b/pkg/env/sensor.go index 9fc7d56e645a5..865f1cd96eed5 100644 --- a/pkg/env/sensor.go +++ b/pkg/env/sensor.go @@ -11,11 +11,4 @@ var ( // SensorEndpoint is used to communicate the sensor endpoint to other services in the same cluster. SensorEndpoint = RegisterSetting("ROX_SENSOR_ENDPOINT", WithDefault("sensor.stackrox.svc:443")) - - // ScannerGRPCEndpoint is used to communicate the scanner endpoint to other services in the same cluster. - // This is typically used for Sensor to communicate with a local Scanner-slim's gRPC server. - ScannerGRPCEndpoint = RegisterSetting("ROX_SCANNER_GRPC_ENDPOINT", WithDefault("scanner-slim.stackrox.svc:8443")) - - // UseLocalScanner is used to specify if Sensor should attempt to scan images via a local Scanner. - UseLocalScanner = RegisterBooleanSetting("ROX_USE_LOCAL_SCANNER", false) ) diff --git a/pkg/images/utils/utils.go b/pkg/images/utils/utils.go index 0a1dc09ac99b0..4966d00df1e84 100644 --- a/pkg/images/utils/utils.go +++ b/pkg/images/utils/utils.go @@ -48,7 +48,7 @@ func GenerateImageFromStringWithDefaultTag(imageStr, defaultTag string) (*storag } // GenerateImageNameFromString generated an ImageName from a common string format and returns an error if there was an -// issue parsing it. +// issure parsing it. func GenerateImageNameFromString(imageStr string) (*storage.ImageName, reference.Reference, error) { name := &storage.ImageName{ FullName: imageStr, @@ -175,13 +175,6 @@ func ExtractImageDigest(imageStr string) string { return "" } -// ExtractOpenShiftProject returns the name of the OpenShift project in which the given image is stored. -// Images stored in the OpenShift Internal Registry are identified as: //:. -func ExtractOpenShiftProject(imgName *storage.ImageName) string { - // Use the image name's "remote" field, as it encapsulates /. - return stringutils.GetUpTo(imgName.GetRemote(), "/") -} - type nameHolder interface { GetName() *storage.ImageName GetId() string diff --git a/proto/api/v1/image_service.proto b/proto/api/v1/image_service.proto index 9f50549f67cbe..3fc42f78cd2e7 100644 --- a/proto/api/v1/image_service.proto +++ b/proto/api/v1/image_service.proto @@ -6,17 +6,14 @@ option java_package = "io.stackrox.proto.api.v1"; import weak "google/api/annotations.proto"; import "api/v1/search_service.proto"; import "api/v1/empty.proto"; -import "scanner/api/v1/component.proto"; -import "scanner/api/v1/note.proto"; import "storage/image.proto"; import "storage/deployment.proto"; package v1; message GetImageRequest { - string id = 1; - bool include_snoozed = 2; - bool strip_description = 3; + string id = 1; + bool include_snoozed = 2; } message ListImagesResponse { @@ -43,14 +40,6 @@ message ScanImageInternalResponse { storage.Image image = 1; } -message GetImageVulnerabilitiesInternalRequest { - string image_id = 1; - storage.ImageName image_name = 2; - storage.ImageMetadata metadata = 3; - scannerV1.Components components = 4; - repeated scannerV1.Note notes = 5; -} - message DeleteImagesRequest { RawQuery query = 1; bool confirm = 2; @@ -140,12 +129,9 @@ service ImageService { }; } - // ScanImageInternal is used solely by the Sensor and Admission Controller to send scan requests + // ScanImageInternal is used solely by the Sensor to send scan requests rpc ScanImageInternal (ScanImageInternalRequest) returns (ScanImageInternalResponse); - // GetImageVulnerabilities is used solely by the Sensor to send vulnerability matching requests. - rpc GetImageVulnerabilitiesInternal (GetImageVulnerabilitiesInternalRequest) returns (ScanImageInternalResponse); - // InvalidateScanAndRegistryCaches removes the image metadata cache. rpc InvalidateScanAndRegistryCaches (Empty) returns (Empty) { option (google.api.http) = { diff --git a/proto/internalapi/sensor/image_iservice.proto b/proto/internalapi/sensor/image_iservice.proto index 285a92820354e..75ed86dc209f4 100644 --- a/proto/internalapi/sensor/image_iservice.proto +++ b/proto/internalapi/sensor/image_iservice.proto @@ -16,7 +16,7 @@ message GetImageResponse { storage.Image image = 1; } -// A Sensor service that allows Admission Controller to retrieve images from Sensor +// A Sensor service that allows admission controller to retrieve images from Sensor service ImageService { rpc GetImage (GetImageRequest) returns (GetImageResponse); } diff --git a/proto/storage/deployment.proto b/proto/storage/deployment.proto index 704fd42d52549..ec18c8c9b5eff 100644 --- a/proto/storage/deployment.proto +++ b/proto/storage/deployment.proto @@ -57,9 +57,9 @@ message ContainerImage { option (gogoproto.goproto_unrecognized) = false; // These tags maintain backwards compatibility with the previously embedded storage.Image - string id = 4 [(gogoproto.moretags) = "search:\"Image Sha,store,hidden\""]; - ImageName name = 1; - bool not_pullable = 10; + string id = 4 [(gogoproto.moretags) = "search:\"Image Sha,store,hidden\""]; + ImageName name = 1; + bool not_pullable = 10; } message Container { diff --git a/qa-tests-backend/scripts/migrate_protos.sh b/qa-tests-backend/scripts/migrate_protos.sh index c4a79427cc630..50727277b1a55 100755 --- a/qa-tests-backend/scripts/migrate_protos.sh +++ b/qa-tests-backend/scripts/migrate_protos.sh @@ -2,8 +2,6 @@ JAVA_PATH=src/main/proto/ -# Migrate protos from the stackrox repo. - for file in $(find ../proto/*); do if [[ -d $file ]]; then dir=${file#"../proto/"} @@ -18,21 +16,3 @@ for file in $(find ../proto/* -name '*.proto'); do sed -e 's/\[[^][]*\]//g' "$file" | sed -e 's/\[[^][]*\]//g' | sed '/gogo/d' > "${JAVA_PATH}${java_file}" fi done - -# Migrate v1 API protos from the Scanner repo - -SCANNER_DIR=$(go list -f '{{.Dir}}' -m github.com/stackrox/scanner) -SCANNER_PROTO_BASE_PATH=$SCANNER_DIR/proto - -mkdir -p "${JAVA_PATH}scanner/api/v1" -echo "${JAVA_PATH}scanner/api/v1" - -for file in $(find "$SCANNER_PROTO_BASE_PATH" -name '*.proto'); do - if [[ -f $file ]]; then - # Get relative path. Should be along the lines of scanner/api/v1/*.proto - rel_file=${file/"$SCANNER_PROTO_BASE_PATH"/""} - rel_file="${rel_file:1}" - sed -e 's/\[[^][]*\]//g' "$file" | sed -e 's/\[[^][]*\]//g' | sed '/gogo/d' > "${JAVA_PATH}${rel_file}" - fi -done - diff --git a/sensor/admission-control/manager/images.go b/sensor/admission-control/manager/images.go index e83829b4cd74a..e3b05d851f4dc 100644 --- a/sensor/admission-control/manager/images.go +++ b/sensor/admission-control/manager/images.go @@ -64,7 +64,6 @@ type fetchImageResult struct { func (m *manager) getImageFromSensorOrCentral(ctx context.Context, s *state, img *storage.ContainerImage) (*storage.Image, error) { // Talk to central if we know its endpoint (and the client connection is not shutting down), and if we are not // currently connected to sensor. - // Note: Sensor is required to scan images in the local registry. if !m.sensorConnStatus.Get() && s.centralConn != nil && s.centralConn.GetState() != connectivity.Shutdown { // Central route resp, err := v1.NewImageServiceClient(s.centralConn).ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ diff --git a/sensor/common/detector/enricher.go b/sensor/common/detector/enricher.go index 54cba95eb23e8..a08a69a417e8d 100644 --- a/sensor/common/detector/enricher.go +++ b/sensor/common/detector/enricher.go @@ -10,12 +10,9 @@ import ( "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/concurrency" "github.com/stackrox/rox/pkg/expiringcache" - "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/images/types" "github.com/stackrox/rox/sensor/common/detector/metrics" "github.com/stackrox/rox/sensor/common/imagecacheutils" - "github.com/stackrox/rox/sensor/common/imageutil" - "github.com/stackrox/rox/sensor/common/scan" "google.golang.org/grpc/status" ) @@ -55,18 +52,9 @@ func (c *cacheValue) waitAndGet() *storage.Image { func scanImage(ctx context.Context, svc v1.ImageServiceClient, ci *storage.ContainerImage) (*v1.ScanImageInternalResponse, error) { ctx, cancel := context.WithTimeout(ctx, scanTimeout) defer cancel() - - // Ask Central to scan the image if the image is not internal. - if !features.LocalImageScanning.Enabled() || !imageutil.IsInternalImage(ci.GetName()) { - return svc.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ - Image: ci, - }) - } - - img, err := scan.ScanImage(ctx, svc, ci) - return &v1.ScanImageInternalResponse{ - Image: img, - }, err + return svc.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ + Image: ci, + }) } func (c *cacheValue) scanAndSet(ctx context.Context, svc v1.ImageServiceClient, ci *storage.ContainerImage) { @@ -154,7 +142,7 @@ func (e *enricher) runScan(containerIdx int, ci *storage.ContainerImage) imageCh func (e *enricher) runImageScanAsync(imageChan chan<- imageChanResult, containerIdx int, ci *storage.ContainerImage) { go func() { - // unguarded send (push to channel outside a select) is allowed because the imageChan is a buffered channel of exact size + // unguarded send (push to channel outside of a select) is allowed because the imageChan is a buffered channel of exact size imageChan <- e.runScan(containerIdx, ci) }() } diff --git a/sensor/common/image/service_impl.go b/sensor/common/image/service_impl.go index 927d9acd2bbd7..cd5db9ac51696 100644 --- a/sensor/common/image/service_impl.go +++ b/sensor/common/image/service_impl.go @@ -4,21 +4,17 @@ import ( "context" "github.com/grpc-ecosystem/grpc-gateway/runtime" - "github.com/pkg/errors" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/internalapi/sensor" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/expiringcache" - "github.com/stackrox/rox/pkg/features" grpcPkg "github.com/stackrox/rox/pkg/grpc" "github.com/stackrox/rox/pkg/grpc/authz/idcheck" "github.com/stackrox/rox/sensor/common/imagecacheutils" - "github.com/stackrox/rox/sensor/common/imageutil" - "github.com/stackrox/rox/sensor/common/scan" "google.golang.org/grpc" ) -// Service is an interface to receiving image scan results for the Admission Controller. +// Service is an interface to receiving ComplianceReturns from launched daemons. type Service interface { grpcPkg.APIService sensor.ImageServiceServer @@ -27,7 +23,8 @@ type Service interface { SetClient(conn grpc.ClientConnInterface) } -// NewService returns the ImageService API for the Admission Controller to use. +// NewService returns the ComplianceServiceServer API for Sensor to use, outputs any received ComplianceReturns +// to the input channel. func NewService(imageCache expiringcache.Cache) Service { return &serviceImpl{ imageCache: imageCache, @@ -52,27 +49,15 @@ func (s *serviceImpl) GetImage(ctx context.Context, req *sensor.GetImageRequest) }, nil } } - - // Ask Central to scan the image if the image is not internal. - if !features.LocalImageScanning.Enabled() || !imageutil.IsInternalImage(req.GetImage().GetName()) { - scanResp, err := s.centralClient.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ - Image: req.GetImage(), - CachedOnly: !req.GetScanInline(), - }) - if err != nil { - return nil, errors.Wrap(err, "scanning image via central") - } - return &sensor.GetImageResponse{ - Image: scanResp.GetImage(), - }, nil - } - - img, err := scan.ScanImage(ctx, s.centralClient, req.GetImage()) + scanResp, err := s.centralClient.ScanImageInternal(ctx, &v1.ScanImageInternalRequest{ + Image: req.GetImage(), + CachedOnly: !req.GetScanInline(), + }) if err != nil { - return nil, errors.Wrap(err, "scanning image via local scanner") + return nil, err } return &sensor.GetImageResponse{ - Image: img, + Image: scanResp.GetImage(), }, nil } diff --git a/sensor/common/imageutil/util.go b/sensor/common/imageutil/util.go deleted file mode 100644 index 9490b9b4e91fa..0000000000000 --- a/sensor/common/imageutil/util.go +++ /dev/null @@ -1,17 +0,0 @@ -package imageutil - -import ( - "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/sensor/common/registry" -) - -// IsInternalImage determines if the image represented by the given name -// is an "internal" image. An internal image is one which is hosted by an internal registry. -// An internal registry is on which is only accessible from within the cluster in which it lives. -func IsInternalImage(image *storage.ImageName) bool { - // If the Sensor knows about the registry in which the image is hosted, - // then the image must be "internal" to the cluster, as Sensor only tracks - // "internal" registries. - reg, err := registry.Singleton().GetRegistryForImage(image) - return reg != nil && err == nil -} diff --git a/sensor/common/registry/registry_store.go b/sensor/common/registry/registry_store.go index 6e7b6c6682c2e..1fc9496b118a7 100644 --- a/sensor/common/registry/registry_store.go +++ b/sensor/common/registry/registry_store.go @@ -6,11 +6,9 @@ import ( "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/docker/config" - "github.com/stackrox/rox/pkg/images/utils" "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/pkg/registries" dockerFactory "github.com/stackrox/rox/pkg/registries/docker" - registryTypes "github.com/stackrox/rox/pkg/registries/types" "github.com/stackrox/rox/pkg/sync" "github.com/stackrox/rox/pkg/tlscheck" ) @@ -98,28 +96,10 @@ func (rs *Store) UpsertRegistry(ctx context.Context, namespace, registry string, return nil } -// getRegistriesInNamespace returns all the registries within a given namespace. -func (rs *Store) getRegistriesInNamespace(namespace string) registries.Set { +// GetAllInNamespace returns all the registries within a given namespace. +func (rs *Store) GetAllInNamespace(namespace string) registries.Set { rs.mutex.RLock() defer rs.mutex.RUnlock() return rs.store[namespace] } - -// GetRegistryForImage returns the relevant image registry for the given image. -// An error is returned if the registry is unknown. -func (rs *Store) GetRegistryForImage(image *storage.ImageName) (registryTypes.Registry, error) { - reg := image.GetRegistry() - - ns := utils.ExtractOpenShiftProject(image) - regs := rs.getRegistriesInNamespace(ns) - if regs != nil { - for _, r := range regs.GetAll() { - if r.Name() == reg { - return r, nil - } - } - } - - return nil, errors.Errorf("Unknown image registry: %q", reg) -} diff --git a/sensor/common/scan/scan.go b/sensor/common/scan/scan.go deleted file mode 100644 index 1b0f31173c140..0000000000000 --- a/sensor/common/scan/scan.go +++ /dev/null @@ -1,88 +0,0 @@ -package scan - -import ( - "context" - - "github.com/pkg/errors" - v1 "github.com/stackrox/rox/generated/api/v1" - "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/pkg/images/types" - "github.com/stackrox/rox/pkg/logging" - "github.com/stackrox/rox/sensor/common/registry" - "github.com/stackrox/rox/sensor/common/scannerclient" - scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" -) - -var ( - // ErrNoLocalScanner indicates there is no Secured Cluster local Scanner connection. - // This happens if it's not desired or if there is a connection error. - ErrNoLocalScanner = errors.New("No local Scanner connection") - - log = logging.LoggerForModule() -) - -// ScanImage runs the pipeline required to scan an image with a local Scanner. -// TODO(ROX-9281): add retries for rate-limiting. -//nolint:revive -func ScanImage(ctx context.Context, centralClient v1.ImageServiceClient, ci *storage.ContainerImage) (*storage.Image, error) { - // 1. Check if Central already knows about this image. - // If Central already knows about it, then return its results. - img, err := centralClient.GetImage(ctx, &v1.GetImageRequest{ - Id: ci.GetId(), - StripDescription: true, - }) - if err == nil { - return img, nil - } - - // The image either does not exist in Central yet or there was some other error when reaching out. - // Attempt to scan locally. - - // 2. Check if there is a local Scanner. - // No need to continue if there is no local Scanner. - scannerClient := scannerclient.GRPCClientSingleton() - if scannerClient == nil { - return nil, ErrNoLocalScanner - } - - // 3. Find the registry in which this image lives. - reg, err := registry.Singleton().GetRegistryForImage(ci.GetName()) - if err != nil { - return nil, errors.Wrap(err, "determining image registry") - } - - name := ci.GetName().GetFullName() - image := types.ToImage(ci) - - // 4. Retrieve the metadata for the image from the registry. - metadata, err := reg.Metadata(image) - if err != nil { - log.Debugf("Failed to get metadata for image %s: %v", name, err) - return nil, errors.Wrap(err, "getting image metadata") - } - log.Debugf("Retrieved metadata for image %s: %v", name, metadata) - - // 5. Get the image analysis from the local Scanner. - scanResp, err := scannerClient.GetImageAnalysis(ctx, image, reg.Config()) - if err != nil { - return nil, errors.Wrapf(err, "scanning image %s", name) - } - if scanResp.GetStatus() != scannerV1.ScanStatus_SUCCEEDED { - return nil, errors.Wrapf(err, "scan failed for image %s", name) - } - - // 6. Get the image's vulnerabilities from Central. - centralResp, err := centralClient.GetImageVulnerabilitiesInternal(ctx, &v1.GetImageVulnerabilitiesInternalRequest{ - ImageId: image.GetId(), - ImageName: image.GetName(), - Metadata: metadata, - Components: scanResp.GetComponents(), - Notes: scanResp.GetNotes(), - }) - if err != nil { - return nil, errors.Wrapf(err, "retrieving image vulnerabilities for %s", name) - } - - // 7. Return the completely scanned image. - return centralResp.GetImage(), nil -} diff --git a/sensor/common/scannerclient/grpc_client.go b/sensor/common/scannerclient/grpc_client.go deleted file mode 100644 index 127d2ae4c7592..0000000000000 --- a/sensor/common/scannerclient/grpc_client.go +++ /dev/null @@ -1,88 +0,0 @@ -package scannerclient - -import ( - "context" - "strings" - - "github.com/pkg/errors" - "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/pkg/clientconn" - "github.com/stackrox/rox/pkg/images/utils" - "github.com/stackrox/rox/pkg/logging" - "github.com/stackrox/rox/pkg/mtls" - "github.com/stackrox/rox/pkg/registries/types" - scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" -) - -var ( - log = logging.LoggerForModule() -) - -// client is a Scanner gRPC client. -type client struct { - client scannerV1.ImageScanServiceClient - conn *grpc.ClientConn -} - -// dial Scanner and return a new client. -// dial is non-blocking and returns a non-nil error upon configuration error. -func dial(endpoint string) (*client, error) { - if endpoint == "" { - return nil, errors.New("Invalid Scanner endpoint (empty)") - } - - endpoint = strings.TrimPrefix(endpoint, "https://") - if strings.Contains(endpoint, "://") { - return nil, errors.Errorf("Scanner endpoint has unsupported scheme: %s", endpoint) - } - - tlsConfig, err := clientconn.TLSConfig(mtls.ScannerSubject, clientconn.TLSConfigOptions{ - UseClientCert: clientconn.MustUseClientCert, - }) - if err != nil { - return nil, errors.Wrap(err, "failed to initialize Scanner TLS config") - } - - // This is non-blocking. If we ever want this to block, - // then add the grpc.WithBlock() DialOption. - conn, err := grpc.Dial(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) - if err != nil { - return nil, errors.Wrap(err, "failed to dial Scanner") - } - - log.Infof("Dialing Scanner at %s", endpoint) - - return &client{ - client: scannerV1.NewImageScanServiceClient(conn), - conn: conn, - }, nil -} - -// GetImageAnalysis retrieves the image analysis results for the given image. -func (c *client) GetImageAnalysis(ctx context.Context, image *storage.Image, cfg *types.Config) (*scannerV1.GetImageComponentsResponse, error) { - name := image.GetName().GetFullName() - - resp, err := c.client.GetImageComponents(ctx, &scannerV1.GetImageComponentsRequest{ - Image: utils.GetFullyQualifiedFullName(image), - Registry: &scannerV1.RegistryData{ - Url: cfg.URL, - Username: cfg.Username, - Password: cfg.Password, - Insecure: cfg.Insecure, - }, - }) - if err != nil { - log.Debugf("Unable to get image components from local Scanner for image %s: %v", name, err) - return nil, errors.Wrap(err, "getting image components from scanner") - } - - log.Debugf("Received image components from local Scanner for image %s", name) - - return resp, nil -} - -func (c *client) Close() error { - return c.conn.Close() -} diff --git a/sensor/common/scannerclient/singleton.go b/sensor/common/scannerclient/singleton.go deleted file mode 100644 index 0ac0c68e22489..0000000000000 --- a/sensor/common/scannerclient/singleton.go +++ /dev/null @@ -1,29 +0,0 @@ -package scannerclient - -import ( - "github.com/stackrox/rox/pkg/env" - "github.com/stackrox/rox/pkg/sync" - "github.com/stackrox/rox/pkg/utils" -) - -var ( - once sync.Once - scannerClient *client -) - -// GRPCClientSingleton returns a gRPC client to a local Scanner. -// Only one client per Sensor is required. -func GRPCClientSingleton() *client { - once.Do(func() { - if !env.UseLocalScanner.BooleanSetting() { - log.Info("No local Scanner connection desired") - return - } - - var err error - scannerClient, err = dial(env.ScannerGRPCEndpoint.Setting()) - // If err is not nil, then there was a configuration error. - _ = utils.Should(err) - }) - return scannerClient -} diff --git a/sensor/kubernetes/listener/resources/secrets_test.go b/sensor/kubernetes/listener/resources/secrets_test.go index 6b79ceed8171e..14a4f3b4d66b5 100644 --- a/sensor/kubernetes/listener/resources/secrets_test.go +++ b/sensor/kubernetes/listener/resources/secrets_test.go @@ -5,7 +5,6 @@ import ( "testing" "github.com/stackrox/rox/generated/internalapi/central" - "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/registries/types" "github.com/stackrox/rox/pkg/testutils" @@ -83,27 +82,11 @@ func testOpenShiftRegistrySecret311(t *testing.T) { _ = d.ProcessEvent(openshift311DockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) - imgName := &storage.ImageName{ - Registry: "docker-registry.default.svc.cluster.local:5000", - Remote: "dummy/nginx", - Tag: "1.18.0", - FullName: "docker-registry.default.svc.cluster.local:5000/stackrox/nginx:1.18.0", - } - - reg, err := regStore.GetRegistryForImage(imgName) - assert.Nil(t, reg) - assert.Error(t, err) - - imgName = &storage.ImageName{ - Registry: "docker-registry.default.svc.cluster.local:5000", - Remote: "test-ns/nginx", - Tag: "1.18.0", - FullName: "docker-registry.default.svc.cluster.local:5000/stackrox/nginx:1.18.0", - } + assert.Nil(t, regStore.GetAllInNamespace("random-ns")) - reg, err = regStore.GetRegistryForImage(imgName) - assert.NotNil(t, reg) - assert.NoError(t, err) + regs := regStore.GetAllInNamespace(openshift311DockerConfigSecret.GetNamespace()) + assert.NotNil(t, regs) + assert.Len(t, regs.GetAll(), 1) expectedRegConfig := &types.Config{ Username: "serviceaccount", @@ -114,8 +97,7 @@ func testOpenShiftRegistrySecret311(t *testing.T) { Autogenerated: false, } - assert.Equal(t, "docker-registry.default.svc.cluster.local:5000", reg.Name()) - assert.Equal(t, expectedRegConfig, reg.Config()) + assert.Equal(t, expectedRegConfig, regs.GetAll()[0].Config()) } func TestOpenShiftRegistrySecret_4x(t *testing.T) { @@ -128,27 +110,11 @@ func testOpenShiftRegistrySecret4x(t *testing.T) { _ = d.ProcessEvent(openshift4xDockerConfigSecret, nil, central.ResourceAction_CREATE_RESOURCE) - imgName := &storage.ImageName{ - Registry: "image-registry.openshift-image-registry.svc:5000", - Remote: "dummy/nginx", - Tag: "1.18.0", - FullName: "image-registry.openshift-image-registry.svc:5000/stackrox/nginx:1.18.0", - } - - reg, err := regStore.GetRegistryForImage(imgName) - assert.Nil(t, reg) - assert.Error(t, err) - - imgName = &storage.ImageName{ - Registry: "image-registry.openshift-image-registry.svc:5000", - Remote: "test-ns/nginx", - Tag: "1.18.0", - FullName: "image-registry.openshift-image-registry.svc:5000/stackrox/nginx:1.18.0", - } + assert.Nil(t, regStore.GetAllInNamespace("random-ns")) - reg, err = regStore.GetRegistryForImage(imgName) - assert.NotNil(t, reg) - assert.NoError(t, err) + regs := regStore.GetAllInNamespace(openshift4xDockerConfigSecret.GetNamespace()) + assert.NotNil(t, regs) + assert.Len(t, regs.GetAll(), 1) expectedRegConfig := &types.Config{ Username: "serviceaccount", @@ -159,6 +125,5 @@ func testOpenShiftRegistrySecret4x(t *testing.T) { Autogenerated: false, } - assert.Equal(t, "image-registry.openshift-image-registry.svc:5000", reg.Name()) - assert.Equal(t, expectedRegConfig, reg.Config()) + assert.Equal(t, expectedRegConfig, regs.GetAll()[0].Config()) }