From 65a855ffedfb3c6a16de9464e5df32d40899ce17 Mon Sep 17 00:00:00 2001 From: vijeyash Date: Mon, 20 Nov 2023 11:08:16 +0530 Subject: [PATCH 1/4] pvc modification done in KubePreUpgrade --- agent/kubviz/kubePreUpgrade.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/agent/kubviz/kubePreUpgrade.go b/agent/kubviz/kubePreUpgrade.go index ee3a6806..590db681 100644 --- a/agent/kubviz/kubePreUpgrade.go +++ b/agent/kubviz/kubePreUpgrade.go @@ -79,19 +79,21 @@ func publishK8sDepricated_Deleted_Api(result *model.Result, js nats.JetStreamCon } func KubePreUpgradeDetector(config *rest.Config, js nats.JetStreamContext) error { - swaggerdir, err := os.MkdirTemp("", "kubepug") + pvcMountPath := "/mnt/agent/kbz" + uniqueDir := fmt.Sprintf("%s/kubepug", pvcMountPath) + err := os.Mkdir(uniqueDir, 0755) if err != nil { return err } - filename := fmt.Sprintf("%s/swagger-%s.json", swaggerdir, k8sVersion) + + filename := fmt.Sprintf("%s/swagger-%s.json", uniqueDir, k8sVersion) url := fmt.Sprintf("%s/%s/%s", baseURL, k8sVersion, fileURL) err = downloadFile(filename, url) if err != nil { return err } - defer os.RemoveAll(swaggerdir) - swaggerfile := filename - kubernetesAPIs, err := PopulateKubeAPIMap(swaggerfile) + defer os.RemoveAll(filename) + kubernetesAPIs, err := PopulateKubeAPIMap(filename) if err != nil { return err } From 002c868ec0d03d9e434a637f2e77f88ba7f12c2d Mon Sep 17 00:00:00 2001 From: vijeyash Date: Mon, 20 Nov 2023 11:33:36 +0530 Subject: [PATCH 2/4] added pvc in trivy image --- agent/kubviz/kubePreUpgrade.go | 1 - agent/kubviz/outdated.go | 7 ------- agent/kubviz/trivy_image.go | 13 ++++++++++++- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/agent/kubviz/kubePreUpgrade.go b/agent/kubviz/kubePreUpgrade.go index 590db681..11ec310f 100644 --- a/agent/kubviz/kubePreUpgrade.go +++ b/agent/kubviz/kubePreUpgrade.go @@ -104,7 +104,6 @@ func KubePreUpgradeDetector(config *rest.Config, js nats.JetStreamContext) error func PopulateKubeAPIMap(swagfile string) (model.KubernetesAPIs, error) { var kubeAPIs = make(model.KubernetesAPIs) - // log.Infof("Populating the PopulateKubeAPIMap") jsonFile, err := os.Open(swagfile) if err != nil { log.Error(err) diff --git a/agent/kubviz/outdated.go b/agent/kubviz/outdated.go index ce3a77d3..6e0e7dcd 100644 --- a/agent/kubviz/outdated.go +++ b/agent/kubviz/outdated.go @@ -447,13 +447,6 @@ func splitOutlierSemvers(allSemverTags []*semver.Version) ([]*semver.Version, [] return outliers, remaining, nil } -// func homeDir() string { -// if h := os.Getenv("HOME"); h != "" { -// return h -// } -// return os.Getenv("USERPROFILE") -// } - type VersionTag struct { Sort int `json:"sort"` Version string `json:"version"` diff --git a/agent/kubviz/trivy_image.go b/agent/kubviz/trivy_image.go index bd50e642..9af06a97 100644 --- a/agent/kubviz/trivy_image.go +++ b/agent/kubviz/trivy_image.go @@ -2,6 +2,7 @@ package main import ( "encoding/json" + "fmt" "log" "os" "strings" @@ -15,6 +16,15 @@ import ( ) func RunTrivyImageScans(config *rest.Config, js nats.JetStreamContext) error { + + pvcMountPath := "/mnt/agent/kbz" + trivyImageCacheDir := fmt.Sprintf("%s/trivy-imagecache", pvcMountPath) + err := os.MkdirAll(trivyImageCacheDir, 0755) + if err != nil { + log.Printf("Error creating Trivy Image cache directory: %v\n", err) + return err + } + clearCacheCmd := "trivy image --clear-cache" images, err := ListImages(config) @@ -25,7 +35,8 @@ func RunTrivyImageScans(config *rest.Config, js nats.JetStreamContext) error { for _, image := range images { var report types.Report - out, err := executeCommand("trivy image " + image.PullableImage + " --timeout 60m -f json -q --cache-dir /tmp/.cache") + scanCmd := fmt.Sprintf("trivy image %s --timeout 60m -f json -q --cache-dir %s", image.PullableImage, trivyImageCacheDir) + out, err := executeCommand(scanCmd) if err != nil { log.Printf("Error scanning image %s: %v", image.PullableImage, err) continue // Move on to the next image in case of an error From b2eb54a1c73bdd33fd8caca5b4406a379bf82a5a Mon Sep 17 00:00:00 2001 From: vijeyash Date: Mon, 20 Nov 2023 11:38:14 +0530 Subject: [PATCH 3/4] added pvc in trivy sbom --- agent/kubviz/trivy_image.go | 9 --------- agent/kubviz/trivy_sbom.go | 18 ++++++++++-------- 2 files changed, 10 insertions(+), 17 deletions(-) diff --git a/agent/kubviz/trivy_image.go b/agent/kubviz/trivy_image.go index 9af06a97..5486f0ba 100644 --- a/agent/kubviz/trivy_image.go +++ b/agent/kubviz/trivy_image.go @@ -85,12 +85,3 @@ func publishImageScanReports(report types.Report, js nats.JetStreamContext) erro log.Printf("Trivy image report with ID:%s has been published\n", metrics.ID) return nil } - -func cleanupCache(cacheDir string) { - err := os.RemoveAll(cacheDir) - if err != nil { - log.Printf("Failed to clean up cache directory %s: %v", cacheDir, err) - } else { - log.Printf("Cache directory %s cleaned up successfully", cacheDir) - } -} diff --git a/agent/kubviz/trivy_sbom.go b/agent/kubviz/trivy_sbom.go index 8f87ef5b..5e58bbb6 100644 --- a/agent/kubviz/trivy_sbom.go +++ b/agent/kubviz/trivy_sbom.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "log" + "os" "os/exec" "github.com/aquasecurity/trivy/pkg/sbom/cyclonedx" @@ -47,18 +48,20 @@ func executeCommandSbom(command string) ([]byte, error) { func RunTrivySbomScan(config *rest.Config, js nats.JetStreamContext) error { clearCacheCmd := "trivy image --clear-cache" - - log.Println("trivy sbom run started") + pvcMountPath := "/mnt/agent/kbz" + trivySbomCacheDir := fmt.Sprintf("%s/trivy-sbomcache", pvcMountPath) + err := os.MkdirAll(trivySbomCacheDir, 0755) + if err != nil { + log.Printf("Error creating Trivy cache directory: %v\n", err) + return err + } images, err := ListImages(config) - if err != nil { log.Printf("failed to list images: %v", err) } for _, image := range images { - - command := fmt.Sprintf("trivy image --format cyclonedx %s %s", image.PullableImage, "--cache-dir /tmp/.cache") - out, err := executeCommandSbom(command) - + sbomcmd := fmt.Sprintf("trivy image --format cyclonedx %s --cache-dir %s", image.PullableImage, trivySbomCacheDir) + out, err := executeCommandSbom(sbomcmd) if err != nil { log.Printf("Error executing Trivy for image sbom %s: %v", image.PullableImage, err) continue // Move on to the next image in case of an error @@ -69,7 +72,6 @@ func RunTrivySbomScan(config *rest.Config, js nats.JetStreamContext) error { log.Printf("Trivy output is empty for image sbom %s", image.PullableImage) continue // Move on to the next image } - var report cyclonedx.BOM err = json.Unmarshal(out, &report) if err != nil { From 0ae4bbadefaec240af76a623029db839e63084a8 Mon Sep 17 00:00:00 2001 From: vijeyash Date: Mon, 20 Nov 2023 11:41:43 +0530 Subject: [PATCH 4/4] added pvc to trivy --- agent/kubviz/trivy.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index aaf71bbb..04ee6f81 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -3,7 +3,9 @@ package main import ( "bytes" "encoding/json" + "fmt" "log" + "os" exec "os/exec" "strings" @@ -29,8 +31,15 @@ func executeCommandTrivy(command string) ([]byte, error) { return outc.Bytes(), err } func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { + pvcMountPath := "/mnt/agent/kbz" + trivyCacheDir := fmt.Sprintf("%s/trivy-cache", pvcMountPath) + err := os.MkdirAll(trivyCacheDir, 0755) + if err != nil { + log.Printf("Error creating Trivy cache directory: %v\n", err) + return err + } var report report.ConsolidatedReport - cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 60m -f json --cache-dir /tmp/.cache --debug" + cmdString := fmt.Sprintf("trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 60m -f json --cache-dir %s --debug", trivyCacheDir) clearCacheCmd := "trivy k8s --clear-cache" out, err := executeCommandTrivy(cmdString) if err != nil {