Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace Docker Client with ORAS to handle interaction with OCI registries #456

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Replace Docker Client with ORAS to handle interaction with OCI registries #456

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
75222a3
Replace Docker Client with ORAS
Ishaanj18 Aug 22, 2024
106677b
updated const and file store limit
Ishaanj18 Aug 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 16 additions & 4 deletions recommend/recommend.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,13 +145,12 @@ func Recommend(c *k8s.Client, o common.Options, policyGenerators ...engines.Engi

labelMap := labelArrayToLabelMap(o.Labels)
if len(o.Images) == 0 {
// recommendation based on k8s manifest
// Recommendation based on K8s manifest
dps, err := c.K8sClientset.AppsV1().Deployments(o.Namespace).List(context.TODO(), v1.ListOptions{})
if err != nil {
return err
}
for _, dp := range dps.Items {

if !matchLabels(labelMap, dp.Spec.Template.Labels) {
continue
}
Expand Down Expand Up @@ -183,7 +182,6 @@ func Recommend(c *k8s.Client, o common.Options, policyGenerators ...engines.Engi

o.Tags = unique(o.Tags)
options = o
reg := registry.New(o.Config)

if err = createOutDir(o.OutDir); err != nil {
return err
Expand All @@ -205,10 +203,23 @@ func Recommend(c *k8s.Client, o common.Options, policyGenerators ...engines.Engi
Image: i,
Deployment: deployment.Name,
}
reg.Analyze(&img)

// Update: Pull the image using the OCI registry and get file and directory lists
reg := registry.New(i, []string{}, "", "") // Use the actual image name here
files, directories, err := reg.Pull(o.OutDir)
if err != nil {
log.WithError(err).Error("failed to pull the image from registry")
return err
}

log.Infof("Pulled files: %v", files)
log.Infof("Pulled directories: %v", directories)

if policyMap, msMap, err = gen.Scan(&img, o); err != nil {
log.WithError(err).Error("policy generator scan failed")
}

// Process and write the policies based on the file and directory information
writePolicyFile(policyMap, msMap)
if err := report.SectEnd(); err != nil {
log.WithError(err).Error("report section end failed")
Expand All @@ -221,3 +232,4 @@ func Recommend(c *k8s.Client, o common.Options, policyGenerators ...engines.Engi

return nil
}

20 changes: 20 additions & 0 deletions recommend/registry/const.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package registry

import "errors"

const (
DefaultTempDirPrefix = "tmp"
DefaultRegistry = "docker.io"
DefaultTag = "latest"

artifactType = "application/vnd.cncf.kubearmor.config.v1+json"
mediaType = "application/vnd.cncf.kubearmor.policy.layer.v1.yaml"

// Connect to remote repository via HTTP instead of HTTPS when
// set to "true".
EnvOCIInsecure = "KARMOR_OCI_TLS_INSECURE"
)

var (
ErrInvalidImage = errors.New("invalid image path")
)
Loading
Loading