Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Support passing value overrides for configuration checks #2679

Merged
merged 3 commits into from
Aug 8, 2022
Merged

feat: Support passing value overrides for configuration checks #2679

merged 3 commits into from
Aug 8, 2022

Conversation

owenrumney
Copy link
Contributor

@owenrumney owenrumney commented Aug 8, 2022
edited
Loading

Description

Add support for passing variable files for configuration scanning

Terraform
Pass --tf-vars to override default terraform values

Helm
Support standard helm install flags (with the helm prefix)
--helm-set
--helm-values
--helm-set-string
--helm-set-file

Related issues

Remove this section if you don't have related PRs.

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)

@owenrumney owenrumney changed the title feat: Support passing value overrides feat: Support passing value overrides from configuration checks Aug 8, 2022
@owenrumney owenrumney changed the title feat: Support passing value overrides from configuration checks feat: Support passing value overrides for configuration checks Aug 8, 2022
knqyf263
knqyf263 reviewed Aug 8, 2022
View reviewed changes
pkg/flag/misconf_flags.go Outdated
@@ -53,6 +53,36 @@ var (
Value: []string{},
Usage: "Rego namespaces",
}
HelmValuesFileFlag = Flag{
Name: "helm-values",
ConfigName: "misconfiguration.helm-values",
Copy link
Collaborator

@knqyf263 knqyf263 Aug 8, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, the config format is like the following.

misconfiguration:
  helm-values:
    - values-prod.yaml
  helm-set:
    - key1=val1
    - key2=val2
  tf-vars:
    - foo.tfvars
    - bar.tfvars

Do you think grouping languages is too nested as below? I'm not sure which is better. I just would like to hear your thought.

misconfiguration:
  helm:
    values:
      - values-prod.yaml
    set:
      - key1=val1
      - key2=val2
  terraform:
    vars:
      - foo.tfvars
      - bar.tfvars

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Helm uses --set but I changed it to --helm-set to avoid collisions in the future with other configs that might be in the same files system that also wanted a --set

I like personally like how explicit the second config block is and I don't think it's too nested. @liamg - do you have an opinion?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I assume I would just change the ConfigName to misconfiguration.helm.values to achieve the second config block?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I assume I would just change the ConfigName to misconfiguration.helm.values to achieve the second config block?

Yes. misconfiguration.helm.values should work.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to misconfiguration.helm.xxxx and misconfiguration.terraform.xxx

@knqyf263
Copy link
Collaborator

knqyf263 commented Aug 8, 2022

Could you also update this page?
https://github.com/aquasecurity/trivy/blob/main/docs/docs/references/customization/config-file.md

Owen Rumney added 3 commits August 8, 2022 14:52
feat: Support passing value overrides
657c9e8 
Resolves #2276

Signed-off-by: Owen Rumney <owen.rumney@aquasec.com>
fix: change nesting of config
544c7b3 
be more explict in the configuration block to separate the languages

Signed-off-by: Owen Rumney <owen.rumney@aquasec.com>
docs: update the config file docs
13e4d66 
Signed-off-by: Owen Rumney <owen.rumney@aquasec.com>
@owenrumney
Copy link
Contributor Author

Could you also update this page? https://github.com/aquasecurity/trivy/blob/main/docs/docs/references/customization/config-file.md

Updated this with the possible config settings

@knqyf263 knqyf263 merged commit 0112385 into main Aug 8, 2022
@knqyf263
Copy link
Collaborator

knqyf263 commented Aug 8, 2022

Cool. Thanks.

@knqyf263 knqyf263 deleted the owenr-passthrough-var-files branch August 8, 2022 15:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

@liamg liamg liamg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

provide values file for misconfiguration scanning
3 participants
@owenrumney @knqyf263 @liamg