Skip to content

Commit

Permalink
feat: skip dirs and files by resource annotation (#165)
Browse files Browse the repository at this point in the history
Signed-off-by: chenk <hen.keinan@gmail.com>
  • Loading branch information
chen-keinan authored May 23, 2023
1 parent 3b76907 commit a293463
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 3 deletions.
2 changes: 1 addition & 1 deletion examples/trivy.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ func main() {
}

// collect node info
ar, err := trivyk8s.ListArtifactAndNodeInfo(ctx, "trivy-temp", tolerations...)
ar, err := trivyk8s.ListArtifactAndNodeInfo(ctx, "trivy-temp", map[string]string{"chen": "test"}, tolerations...)
if err != nil {
log.Fatal(err)
}
Expand Down
6 changes: 6 additions & 0 deletions pkg/artifacts/artifacts.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
type Artifact struct {
Namespace string
Kind string
Labels map[string]string
Name string
Images []string
RawResource map[string]interface{}
Expand All @@ -35,10 +36,15 @@ func FromResource(resource unstructured.Unstructured) (*Artifact, error) {
if err != nil {
return nil, err
}
var labels map[string]string
if resource.GetKind() == "Node" {
labels = resource.GetLabels()
}

return &Artifact{
Namespace: resource.GetNamespace(),
Kind: resource.GetKind(),
Labels: labels,
Name: name,
Images: images,
RawResource: resource.Object,
Expand Down
17 changes: 15 additions & 2 deletions pkg/trivyk8s/trivyk8s.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ type ArtifactsK8S interface {
// GetArtifact return kubernete scanable artifact
GetArtifact(context.Context, string, string) (*artifacts.Artifact, error)
// ListArtifactAndNodeInfo return kubernete scanable artifact and node info
ListArtifactAndNodeInfo(context.Context, string, ...corev1.Toleration) ([]*artifacts.Artifact, error)
ListArtifactAndNodeInfo(context.Context, string, map[string]string, ...corev1.Toleration) ([]*artifacts.Artifact, error)
// ListBomInfo returns kubernetes Bom (node,core components) information.
ListBomInfo(context.Context) ([]*artifacts.Artifact, error)
}
Expand Down Expand Up @@ -130,7 +130,7 @@ func (c *client) ListArtifacts(ctx context.Context) ([]*artifacts.Artifact, erro
}

// ListArtifacts returns kubernetes scannable artifacs.
func (c *client) ListArtifactAndNodeInfo(ctx context.Context, namespace string, tolerations ...corev1.Toleration) ([]*artifacts.Artifact, error) {
func (c *client) ListArtifactAndNodeInfo(ctx context.Context, namespace string, ignoreLabels map[string]string, tolerations ...corev1.Toleration) ([]*artifacts.Artifact, error) {
artifactList, err := c.ListArtifacts(ctx)
if err != nil {
return nil, err
Expand All @@ -156,6 +156,10 @@ func (c *client) ListArtifactAndNodeInfo(ctx context.Context, namespace string,
if resource.Kind != "Node" {
continue
}
if ignoreNodeByLabel(resource, ignoreLabels) {
continue
}

nodeLabels := map[string]string{
jobs.TrivyResourceName: resource.Name,
jobs.TrivyResourceKind: resource.Kind,
Expand Down Expand Up @@ -286,3 +290,12 @@ func isNodeStatusUnknown(resource unstructured.Unstructured) bool {
}
return true
}

func ignoreNodeByLabel(resource *artifacts.Artifact, ignoreLabels map[string]string) bool {
for key, val := range ignoreLabels {
if lVal, ok := resource.Labels[key]; !ok || lVal != val {
return false
}
}
return true
}

0 comments on commit a293463

Please sign in to comment.