openclarity · fishkerez · Nov 20, 2022 · Nov 10, 2022 · Nov 10, 2022 · Nov 13, 2022
@@ -1,3 +1,3 @@
 .DS_Store
 .idea/
-bin/
+bin/
@@ -8,6 +8,15 @@ ARG VERSION
 ARG BUILD_TIMESTAMP
 ARG COMMIT_HASH
 
+# Copy runtime_scan go.mod & go.sum
+WORKDIR /build/runtime_scan
+COPY runtime_scan/go.* ./
+RUN go mod download
+
+# Copy runtime_scan code
+WORKDIR /build
+COPY runtime_scan ./runtime_scan
+
 # Copy and build backend code
 COPY . .
 RUN go build -ldflags="-s -w \

@@ -43,6 +43,7 @@ push-docker: docker ## Build and Push VMClarity docker image
 .PHONY: test
 test: ## Run Unit Tests
 	@(CGO_ENABLED=0 go test ./...)
+	@(cd runtime_scan && go test ./...)
 
 .PHONY: clean
 clean: ## Clean all build artifacts
@@ -57,10 +58,12 @@ bin/golangci-lint-${GOLANGCI_VERSION}:
 .PHONY: lint
 lint: bin/golangci-lint ## Run linter
 	./bin/golangci-lint run
+	cd runtime_scan && ../bin/golangci-lint run
 
 .PHONY: fix
 fix: bin/golangci-lint ## Fix lint violations
 	./bin/golangci-lint run --fix
+	cd runtime_scan && ../bin/golangci-lint run --fix
 
 bin/licensei: bin/licensei-${LICENSEI_VERSION}
 	@ln -sf licensei-${LICENSEI_VERSION} bin/licensei
@@ -72,11 +75,14 @@ bin/licensei-${LICENSEI_VERSION}:
 .PHONY: license-check
 license-check: bin/licensei ## Run license check
 	./bin/licensei header
-	./bin/licensei check --config=.licensei.toml
 
 .PHONY: license-cache
 license-cache: bin/licensei ## Generate license cache
 	./bin/licensei cache
 
 .PHONY: check
 check: lint test ## Run tests and linters
+
+.PHONY: gomod-tidy
+gomod-tidy:
+	cd runtime_scan && go mod tidy
@@ -0,0 +1,44 @@
+module github.com/openclarity/vmclarity/runtime_scan
+
+go 1.19
+
+require (
+	github.com/aws/aws-sdk-go-v2/config v1.17.10
+	github.com/aws/aws-sdk-go-v2/service/ec2 v1.66.0
+	github.com/satori/go.uuid v1.2.0
+	github.com/sirupsen/logrus v1.9.0
+	github.com/spf13/viper v1.14.0
+)
+
+require (
+	github.com/aws/aws-sdk-go-v2 v1.17.1 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.12.23 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.19 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.19 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.26 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.11.25 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.8 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.17.1 // indirect
+	github.com/aws/smithy-go v1.13.4 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/magiconair/properties v1.8.6 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
+	github.com/pelletier/go-toml v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
+	github.com/spf13/afero v1.9.2 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/subosito/gotenv v1.4.1 // indirect
+	golang.org/x/sys v0.0.0-20220908164124-27713097b956 // indirect
+	golang.org/x/text v0.4.0 // indirect
+	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
@@ -0,0 +1,51 @@
+// Copyright © 2022 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package aws
+
+import "github.com/spf13/viper"
+
+const (
+	AWSSubnetID                     = "AWS_SUBNET_ID"
+	AWSJobImageID                   = "AWS_JOB_IMAGE_ID"
+	defaultAWSJobImageID            = "ami-0568773882d492fc8" // ubuntu server 22.04 LTS (HVM), SSD volume type
+	AWSAttachedVolumeDeviceName     = "AWS_ATTACHED_VOLUME_DEVICE_NAME"
+	defaultAttachedVolumeDeviceName = "xvdh"
+)
+
+type Config struct {
+	AmiID      string // image id of a scanner job
+	DeviceName string // the name of the block device to attach to the scanner instance (mounted snapshot)
+	SubnetID   string // the scanner's subnet ID
+}
+
+func setConfigDefaults() {
+	viper.SetDefault(AWSJobImageID, defaultAWSJobImageID)
+	viper.SetDefault(AWSAttachedVolumeDeviceName, defaultAttachedVolumeDeviceName)
+
+	viper.AutomaticEnv()
+}
+
+func LoadConfig() *Config {
+	setConfigDefaults()
+
+	config := &Config{
+		AmiID:      viper.GetString(AWSJobImageID),
+		DeviceName: viper.GetString(AWSAttachedVolumeDeviceName),
+		SubnetID:   viper.GetString(AWSSubnetID),
+	}
+
+	return config
+}
@@ -0,0 +1,54 @@
+// Copyright © 2022 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"github.com/spf13/viper"
+
+	"github.com/openclarity/vmclarity/runtime_scan/pkg/config/aws"
+)
+
+const (
+	ScannerAWSRegion                  = "SCANNER_AWS_REGION"
+	defaultScannerAWSRegion           = "us-east-1"
+	ScannerJobResultListenPort        = "SCANNER_JOB_RESULT_LISTEN_PORT"
+	defaultScannerJobResultListenPort = 8888
+)
+
+type Config struct {
+	ScannerJobResultListenPort int
+	Region                     string // scanner region
+	AWSConfig                  *aws.Config
+}
+
+func setConfigDefaults() {
+	viper.SetDefault(ScannerAWSRegion, defaultScannerAWSRegion)
+	viper.SetDefault(ScannerJobResultListenPort, defaultScannerJobResultListenPort)
+
+	viper.AutomaticEnv()
+}
+
+func LoadConfig() (*Config, error) {
+	setConfigDefaults()
+
+	config := &Config{
+		ScannerJobResultListenPort: viper.GetInt(ScannerJobResultListenPort),
+		Region:                     viper.GetString(ScannerAWSRegion),
+		AWSConfig:                  aws.LoadConfig(),
+	}
+
+	return config, nil
+}
@@ -0,0 +1,33 @@
+// Copyright © 2022 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+type DeleteJobPolicyType string
+
+const (
+	DeleteJobPolicyAll        DeleteJobPolicyType = "All"
+	DeleteJobPolicyNever      DeleteJobPolicyType = "Never"
+	DeleteJobPolicySuccessful DeleteJobPolicyType = "Successful"
+)
+
+func (dj DeleteJobPolicyType) IsValid() bool {
+	switch dj {
+	case DeleteJobPolicyAll, DeleteJobPolicyNever, DeleteJobPolicySuccessful:
+		return true
+	default:
+		return false
+	}
+}
@@ -0,0 +1,68 @@
+// Copyright © 2022 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"time"
+
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/viper"
+
+	"github.com/openclarity/vmclarity/runtime_scan/pkg/types"
+)
+
+const (
+	JobResultTimeout = "JOB_RESULT_TIMEOUT"
+	MaxParallelism   = "MAX_PARALLELISM"
+	DeleteJobPolicy  = "DELETE_JOB_POLICY"
+)
+
+type ScanConfig struct {
+	MaxScanParallelism int
+	// instances to scan
+	Instances        []types.Instance
+	ScanScope        interface{}
+	JobResultTimeout time.Duration
+	DeleteJobPolicy  DeleteJobPolicyType
+}
+
+func setScanConfigDefaults() {
+	viper.SetDefault(MaxParallelism, "5")
+	viper.SetDefault(JobResultTimeout, "120m")
+	viper.SetDefault(DeleteJobPolicy, DeleteJobPolicySuccessful)
+
+	viper.AutomaticEnv()
+}
+
+func LoadScanConfig() *ScanConfig {
+	setScanConfigDefaults()
+
+	return &ScanConfig{
+		MaxScanParallelism: viper.GetInt(MaxParallelism),
+		JobResultTimeout:   viper.GetDuration(JobResultTimeout),
+		DeleteJobPolicy:    getDeleteJobPolicyType(viper.GetString(DeleteJobPolicy)),
+	}
+}
+
+func getDeleteJobPolicyType(policyType string) DeleteJobPolicyType {
+	deleteJobPolicy := DeleteJobPolicyType(policyType)
+	if !deleteJobPolicy.IsValid() {
+		log.Warnf("Invalid %s type - using default `%s`", DeleteJobPolicy, DeleteJobPolicySuccessful)
+		deleteJobPolicy = DeleteJobPolicySuccessful
+	}
+
+	return deleteJobPolicy
+}