Fix ClientServer scan (#1344)

Fixes an issue where client server setups create multiple volume mounts for ignore files, failing with a "Duplicate value" error
aquasecurity · Jul 9, 2023 · b1caf82 · b1caf82
1 parent cb0e940
commit b1caf82
Showing 1 changed file with 18 additions and 15 deletions.
diff --git a/pkg/plugins/trivy/plugin.go b/pkg/plugins/trivy/plugin.go
@@ -947,7 +947,7 @@ func (p *plugin) getPodSpecForClientServerMode(ctx trivyoperator.PluginContext,
 			MountPath: "/tmp",
 		},
 	}
-	volumeMounts = append(volumeMounts, getScanResultVolumeMount())
+
 	// add tmp volume
 	volumes := []corev1.Volume{
 		{
@@ -959,7 +959,23 @@ func (p *plugin) getPodSpecForClientServerMode(ctx trivyoperator.PluginContext,
 			},
 		},
 	}
+
+	volumeMounts = append(volumeMounts, getScanResultVolumeMount())
 	volumes = append(volumes, getScanResultVolume())
+
+	if volume, volumeMount := config.GenerateIgnoreFileVolumeIfAvailable(trivyConfigName); volume != nil && volumeMount != nil {
+		volumes = append(volumes, *volume)
+		volumeMounts = append(volumeMounts, *volumeMount)
+	}
+	if volume, volumeMount := config.GenerateIgnorePolicyVolumeIfAvailable(trivyConfigName, workload); volume != nil && volumeMount != nil {
+		volumes = append(volumes, *volume)
+		volumeMounts = append(volumeMounts, *volumeMount)
+	}
+
+	if volume, volumeMount := config.GenerateSslCertDirVolumeIfAvailable(trivyConfigName); volume != nil && volumeMount != nil {
+		volumes = append(volumes, *volume)
+		volumeMounts = append(volumeMounts, *volumeMount)
+	}
 
 	for _, container := range containersSpec {
 		env := []corev1.EnvVar{
@@ -1040,20 +1056,6 @@ func (p *plugin) getPodSpecForClientServerMode(ctx trivyoperator.PluginContext,
 			})
 		}
 
-		if volume, volumeMount := config.GenerateIgnoreFileVolumeIfAvailable(trivyConfigName); volume != nil && volumeMount != nil {
-			volumes = append(volumes, *volume)
-			volumeMounts = append(volumeMounts, *volumeMount)
-		}
-		if volume, volumeMount := config.GenerateIgnorePolicyVolumeIfAvailable(trivyConfigName, workload); volume != nil && volumeMount != nil {
-			volumes = append(volumes, *volume)
-			volumeMounts = append(volumeMounts, *volumeMount)
-		}
-
-		if volume, volumeMount := config.GenerateSslCertDirVolumeIfAvailable(trivyConfigName); volume != nil && volumeMount != nil {
-			volumes = append(volumes, *volume)
-			volumeMounts = append(volumeMounts, *volumeMount)
-		}
-
 		requirements, err := config.GetResourceRequirements()
 		if err != nil {
 			return corev1.PodSpec{}, nil, err
@@ -1330,6 +1332,7 @@ func (p *plugin) getPodSpecForStandaloneFSMode(ctx trivyoperator.PluginContext,
 			},
 		},
 	}
+
 	volumeMounts = append(volumeMounts, getScanResultVolumeMount())
 	volumes = append(volumes, getScanResultVolume())