feat: add effective scan config to assetScan annotations (#739)

* feat: add effective scan config to assetScan annotations * fix: missing header * test: use embed instead of multiline string * test: check JSON content in case of effective scan config annotation instead of exact string value * test: minor update * fix: overwrite effective scan config annotation if exist * style: append of cleanup effective scan annotation * Update pkg/cli/state/vmclarity.go Co-authored-by: Sam Betts <1769706+Tehsmash@users.noreply.github.com> --------- Co-authored-by: Sam Betts <1769706+Tehsmash@users.noreply.github.com>
openclarity · Oct 6, 2023 · bec52d7 · bec52d7
1 parent 84c01b5
commit bec52d7
Show file tree

Hide file tree

Showing 6 changed files with 344 additions and 5 deletions.
diff --git a/cmd/vmclarity-cli/scan/scan.go b/cmd/vmclarity-cli/scan/scan.go
@@ -114,7 +114,7 @@ var ScanCmd = &cobra.Command{
 			families.SetMountPointsForFamiliesInput(mountPoints, config)
 		}
 
-		err = cli.MarkInProgress(ctx)
+		err = cli.MarkInProgress(ctx, config)
 		if err != nil {
 			return fmt.Errorf("failed to inform server %v scan has started: %w", server, err)
 		}

diff --git a/pkg/cli/state/local.go b/pkg/cli/state/local.go
@@ -18,6 +18,7 @@ package state
 import (
 	"context"
 
+	"github.com/openclarity/vmclarity/pkg/shared/families"
 	"github.com/openclarity/vmclarity/pkg/shared/families/types"
 	"github.com/openclarity/vmclarity/pkg/shared/log"
 )
@@ -28,7 +29,7 @@ func (l *LocalState) WaitForReadyState(context.Context) error {
 	return nil
 }
 
-func (l *LocalState) MarkInProgress(ctx context.Context) error {
+func (l *LocalState) MarkInProgress(ctx context.Context, _ *families.Config) error {
 	logger := log.GetLoggerFromContextOrDiscard(ctx)
 	logger.Info("Scanning is in progress")
 	return nil

diff --git a/pkg/cli/state/manager.go b/pkg/cli/state/manager.go
@@ -18,12 +18,13 @@ package state
 import (
 	"context"
 
+	"github.com/openclarity/vmclarity/pkg/shared/families"
 	"github.com/openclarity/vmclarity/pkg/shared/families/types"
 )
 
 type Manager interface {
 	WaitForReadyState(context.Context) error
-	MarkInProgress(context.Context) error
+	MarkInProgress(context.Context, *families.Config) error
 	MarkFamilyScanInProgress(context.Context, types.FamilyType) error
 	MarkDone(context.Context, []error) error
 	IsAborted(ctx context.Context) (bool, error)

diff --git a/pkg/cli/state/testdata/effective-config.json b/pkg/cli/state/testdata/effective-config.json
@@ -0,0 +1,88 @@
+{
+  "sbom": {
+    "Enabled": true,
+    "AnalyzersList": [
+      "syft"
+    ],
+    "Inputs": [
+      {
+        "StripPathFromResult": null,
+        "Input": "test",
+        "InputType": "dir"
+      }
+    ],
+    "MergeWith": null,
+    "AnalyzersConfig": {
+      "Registry": null,
+      "Analyzer": {
+        "OutputFormat": "",
+        "AnalyzerList": [
+          "syft"
+        ],
+        "Scope": "",
+        "TrivyConfig": {
+          "Timeout": 0,
+          "CacheDir": "",
+          "TempDir": ""
+        }
+      },
+      "Scanner": null,
+      "LocalImageScan": false
+    }
+  },
+  "vulnerabilities": {
+    "Enabled": false,
+    "ScannersList": null,
+    "Inputs": null,
+    "InputFromSbom": false,
+    "ScannersConfig": null
+  },
+  "secrets": {
+    "Enabled": false,
+    "ScannersList": null,
+    "StripInputPaths": false,
+    "Inputs": null,
+    "ScannersConfig": null
+  },
+  "rootkits": {
+    "Enabled": false,
+    "ScannersList": null,
+    "StripInputPaths": false,
+    "Inputs": null,
+    "ScannersConfig": null
+  },
+  "malware": {
+    "Enabled": false,
+    "ScannersList": null,
+    "StripInputPaths": false,
+    "Inputs": null,
+    "ScannersConfig": null
+  },
+  "misconfiguration": {
+    "enabled": false,
+    "ScannersList": null,
+    "StripInputPaths": false,
+    "Inputs": null,
+    "ScannersConfig": {
+      "Lynis": {
+        "InstallPath": ""
+      }
+    }
+  },
+  "infofinder": {
+    "enabled": false,
+    "ScannersList": null,
+    "StripInputPaths": false,
+    "Inputs": null,
+    "ScannersConfig": {
+      "SSHTopology": {}
+    }
+  },
+  "exploits": {
+    "enabled": false,
+    "ScannersList": null,
+    "Inputs": null,
+    "InputFromVuln": false,
+    "ScannersConfig": null
+  }
+}
diff --git a/pkg/cli/state/vmclarity.go b/pkg/cli/state/vmclarity.go
@@ -17,19 +17,22 @@ package state
 
 import (
 	"context"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"time"
 
 	"github.com/openclarity/vmclarity/api/models"
 	"github.com/openclarity/vmclarity/pkg/shared/backendclient"
+	"github.com/openclarity/vmclarity/pkg/shared/families"
 	"github.com/openclarity/vmclarity/pkg/shared/families/types"
 	"github.com/openclarity/vmclarity/pkg/shared/log"
 	"github.com/openclarity/vmclarity/pkg/shared/utils"
 )
 
 const (
-	DefaultWaitForVolRetryInterval = 15 * time.Second
+	DefaultWaitForVolRetryInterval   = 15 * time.Second
+	effectiveScanConfigAnnotationKey = "openclarity.io/vmclarity-scanner/config"
 )
 
 type AssetScanID = models.AssetScanID
@@ -75,7 +78,7 @@ func (v *VMClarityState) WaitForReadyState(ctx context.Context) error {
 	}
 }
 
-func (v *VMClarityState) MarkInProgress(ctx context.Context) error {
+func (v *VMClarityState) MarkInProgress(ctx context.Context, config *families.Config) error {
 	assetScan, err := v.client.GetAssetScan(ctx, v.assetScanID, models.GetAssetScansAssetScanIDParams{})
 	if err != nil {
 		return fmt.Errorf("failed to get asset scan: %w", err)
@@ -100,6 +103,11 @@ func (v *VMClarityState) MarkInProgress(ctx context.Context) error {
 	assetScan.Status.General.State = &state
 	assetScan.Status.General.LastTransitionTime = utils.PointerTo(time.Now())
 
+	assetScan.Annotations, err = appendEffectiveScanConfigAnnotation(assetScan.Annotations, config)
+	if err != nil {
+		return fmt.Errorf("failed to add effective scan config annotation: %w", err)
+	}
+
 	err = v.client.PatchAssetScan(ctx, assetScan, v.assetScanID)
 	if err != nil {
 		return fmt.Errorf("failed to patch asset scan: %w", err)
@@ -407,3 +415,29 @@ func NewVMClarityState(client *backendclient.BackendClient, id AssetScanID) (*VM
 		assetScanID: id,
 	}, nil
 }
+
+func appendEffectiveScanConfigAnnotation(annotations *models.Annotations, config *families.Config) (*models.Annotations, error) {
+	var newAnnotations models.Annotations
+	if annotations != nil {
+		// Add all annotations except the effective scan config one.
+		for _, annotation := range *annotations {
+			if *annotation.Key == effectiveScanConfigAnnotationKey {
+				continue
+			}
+			newAnnotations = append(newAnnotations, annotation)
+		}
+	}
+	// Add the new effective scan config annotation
+	configJSON, err := json.Marshal(config)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal effective families config: %w", err)
+	}
+	newAnnotations = append(newAnnotations, models.Annotations{
+		{
+			Key:   utils.PointerTo(effectiveScanConfigAnnotationKey),
+			Value: utils.PointerTo(string(configJSON)),
+		},
+	}...)
+
+	return &newAnnotations, nil
+}