Merge pull request #280 from intelops/pvc

Pvc

agent/kubviz/kubePreUpgrade.go

@@ -79,19 +79,21 @@ func publishK8sDepricated_Deleted_Api(result *model.Result, js nats.JetStreamCon
 }
 
 func KubePreUpgradeDetector(config *rest.Config, js nats.JetStreamContext) error {
-	swaggerdir, err := os.MkdirTemp("", "kubepug")
+	pvcMountPath := "/mnt/agent/kbz"
+	uniqueDir := fmt.Sprintf("%s/kubepug", pvcMountPath)
+	err := os.Mkdir(uniqueDir, 0755)
 	if err != nil {
 		return err
 	}
-	filename := fmt.Sprintf("%s/swagger-%s.json", swaggerdir, k8sVersion)
+
+	filename := fmt.Sprintf("%s/swagger-%s.json", uniqueDir, k8sVersion)
 	url := fmt.Sprintf("%s/%s/%s", baseURL, k8sVersion, fileURL)
 	err = downloadFile(filename, url)
 	if err != nil {
 		return err
 	}
-	defer os.RemoveAll(swaggerdir)
-	swaggerfile := filename
-	kubernetesAPIs, err := PopulateKubeAPIMap(swaggerfile)
+	defer os.RemoveAll(filename)
+	kubernetesAPIs, err := PopulateKubeAPIMap(filename)
 	if err != nil {
 		return err
 	}
@@ -102,7 +104,6 @@ func KubePreUpgradeDetector(config *rest.Config, js nats.JetStreamContext) error
 
 func PopulateKubeAPIMap(swagfile string) (model.KubernetesAPIs, error) {
 	var kubeAPIs = make(model.KubernetesAPIs)
-	// log.Infof("Populating the PopulateKubeAPIMap")
 	jsonFile, err := os.Open(swagfile)
 	if err != nil {
 		log.Error(err)

agent/kubviz/outdated.go

@@ -447,13 +447,6 @@ func splitOutlierSemvers(allSemverTags []*semver.Version) ([]*semver.Version, []
 	return outliers, remaining, nil
 }
 
-// func homeDir() string {
-// 	if h := os.Getenv("HOME"); h != "" {
-// 		return h
-// 	}
-// 	return os.Getenv("USERPROFILE")
-// }
-
 type VersionTag struct {
 	Sort    int    `json:"sort"`
 	Version string `json:"version"`

agent/kubviz/trivy.go

@@ -3,7 +3,9 @@ package main
 import (
 	"bytes"
 	"encoding/json"
+	"fmt"
 	"log"
+	"os"
 	exec "os/exec"
 	"strings"
 
@@ -29,8 +31,15 @@ func executeCommandTrivy(command string) ([]byte, error) {
 	return outc.Bytes(), err
 }
 func RunTrivyK8sClusterScan(js nats.JetStreamContext) error {
+	pvcMountPath := "/mnt/agent/kbz"
+	trivyCacheDir := fmt.Sprintf("%s/trivy-cache", pvcMountPath)
+	err := os.MkdirAll(trivyCacheDir, 0755)
+	if err != nil {
+		log.Printf("Error creating Trivy cache directory: %v\n", err)
+		return err
+	}
 	var report report.ConsolidatedReport
-	cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 60m -f json --cache-dir /tmp/.cache --debug"
+	cmdString := fmt.Sprintf("trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 60m -f json --cache-dir %s --debug", trivyCacheDir)
 	clearCacheCmd := "trivy k8s --clear-cache"
 	out, err := executeCommandTrivy(cmdString)
 	if err != nil {

agent/kubviz/trivy_image.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"encoding/json"
+	"fmt"
 	"log"
 	"os"
 	"strings"
@@ -15,6 +16,15 @@ import (
 )
 
 func RunTrivyImageScans(config *rest.Config, js nats.JetStreamContext) error {
+
+	pvcMountPath := "/mnt/agent/kbz"
+	trivyImageCacheDir := fmt.Sprintf("%s/trivy-imagecache", pvcMountPath)
+	err := os.MkdirAll(trivyImageCacheDir, 0755)
+	if err != nil {
+		log.Printf("Error creating Trivy Image cache directory: %v\n", err)
+		return err
+	}
+
 	clearCacheCmd := "trivy image --clear-cache"
 
 	images, err := ListImages(config)
@@ -25,7 +35,8 @@ func RunTrivyImageScans(config *rest.Config, js nats.JetStreamContext) error {
 
 	for _, image := range images {
 		var report types.Report
-		out, err := executeCommand("trivy image " + image.PullableImage + " --timeout 60m -f json -q --cache-dir /tmp/.cache")
+		scanCmd := fmt.Sprintf("trivy image %s --timeout 60m -f json -q --cache-dir %s", image.PullableImage, trivyImageCacheDir)
+		out, err := executeCommand(scanCmd)
 		if err != nil {
 			log.Printf("Error scanning image %s: %v", image.PullableImage, err)
 			continue // Move on to the next image in case of an error
@@ -74,12 +85,3 @@ func publishImageScanReports(report types.Report, js nats.JetStreamContext) erro
 	log.Printf("Trivy image report with ID:%s has been published\n", metrics.ID)
 	return nil
 }
-
-func cleanupCache(cacheDir string) {
-	err := os.RemoveAll(cacheDir)
-	if err != nil {
-		log.Printf("Failed to clean up cache directory %s: %v", cacheDir, err)
-	} else {
-		log.Printf("Cache directory %s cleaned up successfully", cacheDir)
-	}
-}

agent/kubviz/trivy_sbom.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"os"
 	"os/exec"
 
 	"github.com/aquasecurity/trivy/pkg/sbom/cyclonedx"
@@ -47,18 +48,20 @@ func executeCommandSbom(command string) ([]byte, error) {
 
 func RunTrivySbomScan(config *rest.Config, js nats.JetStreamContext) error {
 	clearCacheCmd := "trivy image --clear-cache"
-
-	log.Println("trivy sbom run started")
+	pvcMountPath := "/mnt/agent/kbz"
+	trivySbomCacheDir := fmt.Sprintf("%s/trivy-sbomcache", pvcMountPath)
+	err := os.MkdirAll(trivySbomCacheDir, 0755)
+	if err != nil {
+		log.Printf("Error creating Trivy cache directory: %v\n", err)
+		return err
+	}
 	images, err := ListImages(config)
-
 	if err != nil {
 		log.Printf("failed to list images: %v", err)
 	}
 	for _, image := range images {
-
-		command := fmt.Sprintf("trivy image --format cyclonedx %s %s", image.PullableImage, "--cache-dir /tmp/.cache")
-		out, err := executeCommandSbom(command)
-
+		sbomcmd := fmt.Sprintf("trivy image --format cyclonedx %s --cache-dir %s", image.PullableImage, trivySbomCacheDir)
+		out, err := executeCommandSbom(sbomcmd)
 		if err != nil {
 			log.Printf("Error executing Trivy for image sbom %s: %v", image.PullableImage, err)
 			continue // Move on to the next image in case of an error
@@ -69,7 +72,6 @@ func RunTrivySbomScan(config *rest.Config, js nats.JetStreamContext) error {
 			log.Printf("Trivy output is empty for image sbom %s", image.PullableImage)
 			continue // Move on to the next image
 		}
-
 		var report cyclonedx.BOM
 		err = json.Unmarshal(out, &report)
 		if err != nil {