Provide scanner with image name and info #1194
Conversation
Issue projectatomic#1190 asks for an enhancement to atomic scan where the scanner could figure out the image|container inspect information prior to the scan. We do this now by writing a file in the scanout/ dir. The file is JSON formatted and could be ingested by a scanner that needed that type of information. The path should bexi /scanout/inspect_info.json. Signed-off-by: baude <[email protected]>
|
do not merge until @navidshaikh confirms this works for him as he requested the enhancement. |
|
if @navidshaikh is happy with it, LGTM |
|
|
||
| inspect = [] | ||
| for scan_object in self.scan_list: | ||
| inspect.append(scan_object.config) |
There was a problem hiding this comment.
I think a map/dictionary is better suited here.
Like
{
scan_object.name: scan_object.config
}
While most of the time the atomic scanner execute per image, there are options to scan all(images, containers), all_images, all_containers as well. With this approach, all the scan_object configs are going to be appended, and it can become complex to map which config belong to which scan_target.
The approach for map/dictionary for inspect_info.json should help in both cases where a single scan_target or multiple are provided.
For single scan_target, using the map/dict will provide scanner with
- Image identity (name, as provided in command line)
- Its config / inspect info
For multiple scan_target, using the map/dict will provide scanner with
- Image identity (name, as provided in command line)
- Its config / inspect info
- And mapping for
scan_target:scan_target_config, providing a way to use the information in config and producing correct results intended for scan_targets
There was a problem hiding this comment.
@navidshaikh names can be a PITA if the image has multiple names. how about IDs?
There was a problem hiding this comment.
@baude : IDs sounds good. With scan_object.name I meant the identity of the scan_target.
There was a problem hiding this comment.
@baude : Thanks for putting this together.
Regarding name of scan_targets I also took a look in the backendutils module, however the scan targets are then transformed into objects.
231 _, scan_obj = beu.get_backend_and_image_obj(scan_target)
I was wondering if we could shadow the scan_target provided on the command line in the inspect output file.
Given the number of options atomic scan could work with, it can become complex as, if provided --images or say --all, the best choice is to have ID.
There was a problem hiding this comment.
How about having the SCAN_TARGET env variable in the atomic scanner, with values based on populated scan_target variable?
WDYT?
I'll be happy to collaborate for the PR, if it looks good.
Issue #1190 asks for an enhancement to atomic scan where
the scanner could figure out the image|container inspect
information prior to the scan. We do this now by writing
a file in the scanout/ dir. The file is JSON formatted
and could be ingested by a scanner that needed that type
of information. The path should bexi
/scanout/inspect_info.json.
Signed-off-by: baude [email protected]
Description
Related Bugzillas
Related Issue Numbers
Pull Request Checklist:
If your Pull request contains new features or functions, tests are required. If the PR is a bug fix and no tests exist, please consider adding some to prevent regressions.