Skip to content
This repository has been archived by the owner on Oct 14, 2024. It is now read-only.

feat(plugin): enable binary plugin support #1794

Merged
merged 23 commits into from
Jul 8, 2024
Merged

feat(plugin): enable binary plugin support #1794

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
620bef8
refactor(plugin): rename containermanager to pluginruntimehandler
zsoltkacsandi Jun 13, 2024
ea6f83d
refactor(plugin): rename containerManager to containerRuntimeHandler
zsoltkacsandi Jun 13, 2024
7a2a991
refactor(plugin): rename pluginruntimehandler to runtimehandler
zsoltkacsandi Jun 14, 2024
8169864
feat(plugin): add binary runtime handler
zsoltkacsandi Jun 13, 2024
8e90ef6
feat(plugin): add `binary_mode` config
akijakya Jun 18, 2024
355f2fb
refactor(plugins): binary mode only in linux build
akijakya Jun 20, 2024
e2a3c44
docs(plugin): add warning
zsoltkacsandi Jun 21, 2024
8ab18a1
chore(plugin): go mod tidy
akijakya Jun 21, 2024
a7099a9
fix(plugin): fix linter warnings
zsoltkacsandi Jun 24, 2024
2a103a5
fix(plugin): add mutex to prevent possible race condition during star…
zsoltkacsandi Jun 24, 2024
69e7a44
fix(plugin): fix log streaming
zsoltkacsandi Jun 24, 2024
fefea69
fix(plugin): move plugins into the user's home directory
zsoltkacsandi Jun 24, 2024
927848f
fix(plugin): unmount on panic
zsoltkacsandi Jun 24, 2024
42ce799
fix(plugin): cleanup image after unmount
akijakya Jun 24, 2024
29f6587
fix(plugin): stopping gracefully if the context is cancelled
zsoltkacsandi Jun 24, 2024
7c22bb5
Update plugins/runner/internal/runtimehandler/binary/handler.go
zsoltkacsandi Jun 24, 2024
0fb40fc
refactor(plugin): move deferred unmount
zsoltkacsandi Jun 24, 2024
65060fe
refactor(plugin): move deferred unmount
zsoltkacsandi Jun 24, 2024
85e68b5
fix(plugin): fix input dir permission
zsoltkacsandi Jun 25, 2024
69b6ed9
refactor: scanner/utils/containerrootfs->utils/fsutils/
akijakya Jun 27, 2024
62a0fa6
chore: make gen
akijakya Jun 27, 2024
4a1dca1
fix(plugin): linter issues
akijakya Jun 27, 2024
a132d5c
fix(utils): use replace in go.mod for core package
akijakya Jul 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .families.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,9 +131,10 @@ rootkits:

plugins:
enabled: false
binary_mode: false
scanners_list:
- "kics"
inputs:
inputs:
- input: "/tmp"
input_type: "rootfs"
scanners_config:
Expand Down
2 changes: 2 additions & 0 deletions api/openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2087,6 +2087,8 @@ components:
properties:
enabled:
type: boolean
binary_mode:
type: boolean
scanners_list:
type: array
items:
Expand Down
344 changes: 172 additions & 172 deletions api/server/internal/server/server.gen.go
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions api/types/types.gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion cli/state/testdata/effective-config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@
"Enabled": false,
"ScannersList": null,
"Inputs": null,
"ScannersConfig": null
"ScannersConfig": null,
"BinaryMode": null
}
}
1 change: 1 addition & 0 deletions orchestrator/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,7 @@ require (
github.com/openclarity/vmclarity/containerruntimediscovery/types v0.7.1 // indirect
github.com/openclarity/vmclarity/plugins/runner v0.7.1 // indirect
github.com/openclarity/vmclarity/plugins/sdk-go v0.7.1 // indirect
github.com/openclarity/vmclarity/utils v0.7.1 // indirect
github.com/openclarity/yara-rule-server v0.3.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
Expand Down
1 change: 1 addition & 0 deletions orchestrator/watcher/assetscan/families.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,7 @@ func withPluginsConfig(config *apitypes.PluginsConfig, _ *ScannerConfig) Familie
ScannersList: *config.ScannersList,
Inputs: nil, // rootfs directory will be determined by the CLI after mount.
ScannersConfig: &scannersConfig,
BinaryMode: config.BinaryMode,
}
}
}
Expand Down
80 changes: 68 additions & 12 deletions plugins/runner/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,62 +6,116 @@ require (
github.com/deepmap/oapi-codegen/v2 v2.2.0
github.com/docker/docker v26.1.4+incompatible
github.com/docker/go-connections v0.5.0
github.com/hashicorp/go-multierror v1.1.1
github.com/openclarity/vmclarity/core v0.7.1
github.com/openclarity/vmclarity/plugins/sdk-go v0.7.1
github.com/openclarity/vmclarity/utils v0.7.1
)

require (
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/Microsoft/hcsshim v0.12.3 // indirect
github.com/adrg/xdg v0.4.0 // indirect
github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537 // indirect
github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect
github.com/anchore/stereoscope v0.0.3-0.20240501181043-2e9894674185 // indirect
github.com/becheran/wildmatch-go v1.0.0 // indirect
github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
github.com/containerd/cgroups/v3 v3.0.3 // indirect
github.com/containerd/containerd v1.7.17 // indirect
github.com/containerd/continuity v0.4.3 // indirect
github.com/containerd/errdefs v0.1.0 // indirect
github.com/containerd/fifo v1.1.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
github.com/containerd/ttrpc v1.2.4 // indirect
github.com/containerd/typeurl/v2 v2.1.1 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/cli v26.1.3+incompatible // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
github.com/docker/docker-credential-helpers v0.8.1 // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/gabriel-vasile/mimetype v1.4.3 // indirect
github.com/gabriel-vasile/mimetype v1.4.4 // indirect
github.com/getkin/kin-openapi v0.124.0 // indirect
github.com/go-logr/logr v1.4.1 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.20.2 // indirect
github.com/go-openapi/swag v0.22.8 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.20.0 // indirect
github.com/go-test/deep v1.1.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/go-containerregistry v0.19.2 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/invopop/yaml v0.2.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/klauspost/compress v1.17.8 // indirect
github.com/labstack/echo/v4 v4.12.0 // indirect
github.com/labstack/gommon v0.4.2 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/sys/mountinfo v0.7.1 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/moby/sys/signal v0.7.0 // indirect
github.com/moby/sys/user v0.1.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
github.com/opencontainers/runtime-spec v1.2.0 // indirect
github.com/opencontainers/selinux v1.11.0 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/perimeterx/marshmallow v1.1.5 // indirect
github.com/pierrec/lz4/v4 v4.1.15 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/sylabs/sif/v2 v2.16.0 // indirect
github.com/sylabs/squashfs v0.6.1 // indirect
github.com/therootcompany/xz v1.0.1 // indirect
github.com/ulikunitz/xz v0.5.12 // indirect
github.com/valyala/bytebufferpool v1.0.0 // indirect
github.com/valyala/fasttemplate v1.2.2 // indirect
github.com/vbatts/tar-split v0.11.5 // indirect
github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect
github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
go.opentelemetry.io/otel v1.24.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 // indirect
go.opentelemetry.io/otel/metric v1.24.0 // indirect
go.opentelemetry.io/otel/sdk v1.24.0 // indirect
go.opentelemetry.io/otel/trace v1.24.0 // indirect
golang.org/x/crypto v0.23.0 // indirect
golang.org/x/crypto v0.24.0 // indirect
golang.org/x/mod v0.17.0 // indirect
golang.org/x/net v0.25.0 // indirect
golang.org/x/sys v0.20.0 // indirect
golang.org/x/text v0.15.0 // indirect
golang.org/x/net v0.26.0 // indirect
golang.org/x/sync v0.7.0 // indirect
golang.org/x/sys v0.21.0 // indirect
golang.org/x/text v0.16.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.21.0 // indirect
google.golang.org/grpc v1.62.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240311173647-c811ad7063a7 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
google.golang.org/grpc v1.63.2 // indirect
google.golang.org/protobuf v1.34.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
gotest.tools/v3 v3.5.1 // indirect
Expand All @@ -70,4 +124,6 @@ require (
replace (
github.com/openclarity/vmclarity/core => ../../core
github.com/openclarity/vmclarity/plugins/sdk-go => ../sdk-go
github.com/openclarity/vmclarity/scanner => ../../scanner
github.com/openclarity/vmclarity/utils => ../../utils
)
Loading
Loading