Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
This repository was archived by the owner on Sep 3, 2025. It is now read-only.
/coder-xrayPublic archive

Commit27a7d20

Browse files
committed
rename directory
1 parent45a20aa commit27a7d20

File tree

3 files changed

+97
-17
lines changed

3 files changed

+97
-17
lines changed

‎jfrog/client.go‎

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,11 +22,11 @@ type Client struct {
2222
userstring
2323
}
2424

25-
funcXRayClient(url,user,tokenstring) (*jfroghttpclient.JfrogHttpClient,error) {
25+
funcXRayClient(url,user,tokenstring) (*Client,error) {
2626
details:=auth.NewXrayDetails()
2727
details.SetAccessToken(token)
2828
details.SetUser(user)
29-
details.SetUrl("https://cdr.jfrog.io")
29+
details.SetUrl(url)
3030
conf,err:=config.NewConfigBuilder().SetServiceDetails(details).Build()
3131
iferr!=nil {
3232
returnnil,xerrors.Errorf("new config builder: %w",err)
@@ -35,7 +35,12 @@ func XRayClient(url, user, token string) (*jfroghttpclient.JfrogHttpClient, erro
3535
iferr!=nil {
3636
returnnil,xerrors.Errorf("new xray manager: %w",err)
3737
}
38-
returnmgr.Client(),nil
38+
return&Client{
39+
client:mgr.Client(),
40+
baseURL:url,
41+
user:user,
42+
token:token,
43+
},nil
3944
}
4045

4146
typesecurityResultsPayloadstruct {

‎k8s/reporter.go‎renamed to ‎reporter/reporter.go‎

Lines changed: 27 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,13 @@ import (
99
"github.com/coder/coder/v2/codersdk/agentsdk"
1010
"github.com/coder/xray/jfrog"
1111

12-
"cdr.dev/slog"
1312
corev1"k8s.io/api/core/v1"
1413
v1"k8s.io/apimachinery/pkg/apis/meta/v1"
1514
"k8s.io/client-go/informers"
1615
"k8s.io/client-go/kubernetes"
1716
"k8s.io/client-go/tools/cache"
17+
18+
"cdr.dev/slog"
1819
)
1920

2021
typeK8sReporterstruct {
@@ -29,6 +30,7 @@ type K8sReporter struct {
2930

3031
ctx context.Context
3132
podInformer cache.SharedIndexInformer
33+
errChanchanerror
3234
}
3335

3436
typeWorkspaceAgentstruct {
@@ -38,6 +40,7 @@ type WorkspaceAgent struct {
3840

3941
func (k*K8sReporter)Init(ctx context.Context)error {
4042
k.ctx=ctx
43+
k.errChan=make(chanerror)
4144

4245
podFactory:=informers.NewSharedInformerFactoryWithOptions(k.Client,0,informers.WithNamespace(k.Namespace),informers.WithTweakListOptions(func(lo*v1.ListOptions) {
4346
lo.FieldSelector=k.FieldSelector
@@ -54,6 +57,9 @@ func (k *K8sReporter) Init(ctx context.Context) error {
5457
return
5558
}
5659

60+
log:=k.Logger.With(
61+
slog.F("pod_name",pod.Name),
62+
)
5763
varisWorkspacebool
5864
for_,container:=rangepod.Spec.Containers {
5965
varagentTokenstring
@@ -69,31 +75,37 @@ func (k *K8sReporter) Init(ctx context.Context) error {
6975
continue
7076
}
7177

78+
log=log.With(
79+
slog.F("container_name",container.Name),
80+
slog.F("container_image",container.Image),
81+
)
82+
7283
image,err:=jfrog.ParseImage(container.Image)
7384
iferr!=nil {
74-
k.Logger.Error(ctx,"parse image",
75-
slog.F("pod_name",pod.Name),
76-
slog.F("container_name",container.Name),
77-
slog.F("container_image",container.Image),
78-
slog.Error(err),
79-
)
85+
log.Error(ctx,"parse image",slog.Error(err))
8086
return
8187
}
8288

8389
scan,err:=k.JFrogClient.ScanResults(image)
8490
iferr!=nil {
85-
k.Logger.Error(ctx,"fetch scan results",slog.Error(err))
91+
log.Error(ctx,"fetch scan results",slog.Error(err))
8692
return
8793
}
8894

8995
agentClient:=agentsdk.New(k.CoderURL)
9096
agentClient.SetSessionToken(agentToken)
9197
manifest,err:=agentClient.Manifest(ctx)
9298
iferr!=nil {
93-
k.Logger.Error(ctx,"Get agent manifest",slog.Error(err))
99+
log.Error(ctx,"Get agent manifest",slog.Error(err))
94100
return
95101
}
96102

103+
log=log.With(
104+
slog.F("workspace_id",manifest.WorkspaceID),
105+
slog.F("agent_id",manifest.AgentID),
106+
slog.F("workspace_name",manifest.WorkspaceName),
107+
)
108+
97109
cclient:=codersdk.New(k.CoderURL)
98110
cclient.SetSessionToken(k.CoderToken)
99111
err=cclient.PostJFrogXrayScan(ctx, codersdk.JFrogXrayScan{
@@ -103,12 +115,12 @@ func (k *K8sReporter) Init(ctx context.Context) error {
103115
High:scan.SecurityIssues.High,
104116
})
105117
iferr!=nil {
106-
k.Logger.Error(ctx,"post xray results",slog.Error(err))
118+
log.Error(ctx,"post xray results",slog.Error(err))
107119
return
108120
}
109121
}
110122
ifisWorkspace {
111-
k.Logger.Info(ctx,"uploaded workspace results!",slog.F("name",pod.Name),slog.F("namespace",pod.Namespace))
123+
log.Info(ctx,"uploaded workspace results!",slog.F("pod_name",pod.Name),slog.F("namespace",pod.Namespace))
112124
}
113125
},
114126
})
@@ -117,3 +129,7 @@ func (k *K8sReporter) Init(ctx context.Context) error {
117129
}
118130
returnnil
119131
}
132+
133+
func (k*K8sReporter)Start(stopchanstruct{}) {
134+
k.podInformer.Run(stop)
135+
}

‎root.go‎

Lines changed: 62 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,81 @@
11
package main
22

33
import (
4+
"fmt"
5+
"net/url"
46
"os"
57

68
"github.com/spf13/cobra"
9+
"golang.org/x/xerrors"
10+
"k8s.io/client-go/kubernetes"
11+
"k8s.io/client-go/tools/clientcmd"
12+
13+
"github.com/coder/xray/jfrog"
714
)
815

916
funcroot()*cobra.Command {
1017
var (
1118
coderURLstring
19+
artifactoryURLstring
20+
artifactoryUserstring
21+
artifactoryTokenstring
1222
fieldSelectorstring
1323
kubeConfigstring
1424
namespacestring
1525
labelSelectorstring
16-
artifactoryTokenstring
1726
)
18-
cmd:=&cobra.Command{}
19-
cmd.Flags().StringVarP(&coderURL,"coder-url","u",os.Getenv("CODER_URL"),"URL of the Coder instance")
27+
cmd:=&cobra.Command{
28+
Use:"scan",
29+
Short:"Scan Coder Kubernetes workspace images for vulnerabilities",
30+
RunE:func(cmd*cobra.Command,args []string)error {
31+
ifcoderURL=="" {
32+
returnxerrors.New("--coder-url is required")
33+
}
34+
35+
coderParsed,err:=url.Parse(coderURL)
36+
iferr!=nil {
37+
returnfmt.Errorf("parse coder URL: %w",err)
38+
}
39+
40+
ifartifactoryURL=="" {
41+
returnxerrors.New("--coder-url is required")
42+
}
43+
44+
_,err=url.Parse(artifactoryURL)
45+
iferr!=nil {
46+
returnfmt.Errorf("parse coder URL: %w",err)
47+
}
48+
49+
ifartifactoryUser=="" {
50+
returnxerrors.New("--artifactory-user is required")
51+
}
52+
53+
ifartifactoryToken=="" {
54+
returnxerrors.New("--artifactory-token is required")
55+
}
56+
57+
config,err:=clientcmd.BuildConfigFromFlags("",kubeConfig)
58+
iferr!=nil {
59+
returnxerrors.Errorf("build kubeconfig: %w",err)
60+
}
61+
62+
kclient,err:=kubernetes.NewForConfig(config)
63+
iferr!=nil {
64+
returnxerrors.Errorf("create kubernetes config: %w",err)
65+
}
66+
67+
jClient,err:=jfrog.XRayClient(artifactoryURL,artifactoryUser,artifactoryToken)
68+
iferr!=nil {
69+
returnxerrors.Errorf("create artifactory client: %w",err)
70+
}
71+
72+
returnnil
73+
},
74+
}
75+
cmd.Flags().StringVarP(&coderURL,"coder-url","cu",os.Getenv("CODER_URL"),"URL of the Coder instance")
76+
cmd.Flags().StringVarP(&artifactoryURL,"artifactory-url","",os.Getenv("ARTIFACTORY_URL"),"URL of the JFrog Artifactory instance")
77+
cmd.Flags().StringVarP(&artifactoryToken,"artifactory-token","",os.Getenv("ARTIFACTORY_TOKEN"),"Access Token for JFrog Artifactory instance")
78+
cmd.Flags().StringVarP(&artifactoryUser,"artifactory-user","",os.Getenv("ARTIFACTORY_USER"),"User to interface with JFrog Artifactory instance")
2079
cmd.Flags().StringVarP(&kubeConfig,"kubeconfig","k","~/.kube/config","Path to the kubeconfig file")
2180
cmd.Flags().StringVarP(&namespace,"namespace","n",os.Getenv("CODER_NAMESPACE"),"Namespace to use when listing pods")
2281
cmd.Flags().StringVarP(&fieldSelector,"field-selector","f","","Field selector to use when listing pods")

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp