test workflow

fjogeleit · May 30, 2022 · 38cadcc · 38cadcc
1 parent 773ce3d
commit 38cadcc
Show file tree

Hide file tree

Showing 8 changed files with 38 additions and 9 deletions.
diff --git a/.github/workflows/cr.yaml b/.github/workflows/cr.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
         with:
           fetch-depth: 0
 
@@ -22,7 +22,7 @@ jobs:
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
       - name: Install Helm
-        uses: azure/setup-helm@v2.1
+        uses: azure/setup-helm@v1
 
       - name: Run chart-releaser
         uses: helm/chart-releaser-action@v1.2.1

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,4 @@
+# 0.0.2
+
+* Add unique ResultID props to VulnerabilityReport results
+* Remove duplicated results from ConfigAuditReport
diff --git a/charts/trivy-operator-polr-adapter/Chart.yaml b/charts/trivy-operator-polr-adapter/Chart.yaml
@@ -3,5 +3,5 @@ name: trivy-operator-polr-adapter
 description: Helm Chart to install the trivy-operator PolicyReport adapter
 
 type: application
-version: "0.0.1"
-appVersion: "0.0.1"
+version: "0.0.2"
+appVersion: "0.0.2"
diff --git a/charts/trivy-operator-polr-adapter/values.yaml b/charts/trivy-operator-polr-adapter/values.yaml
@@ -4,7 +4,7 @@ image:
   registry: ghcr.io
   repository: fjogeleit/trivy-operator-polr-adapter
   pullPolicy: IfNotPresent
-  tag: 0.0.1
+  tag: 0.0.2
 
 imagePullSecrets: []
 nameOverride: ""

diff --git a/pkg/adapters/auditr/mapper.go b/pkg/adapters/auditr/mapper.go
@@ -37,6 +37,10 @@ var (
 )
 
 func Map(report *v1alpha1.ConfigAuditReport, polr *v1alpha2.PolicyReport) (*v1alpha2.PolicyReport, bool) {
+	if len(report.Report.Checks) == 0 {
+		return nil, false
+	}
+
 	var updated bool
 
 	if polr == nil {
@@ -49,7 +53,7 @@ func Map(report *v1alpha1.ConfigAuditReport, polr *v1alpha2.PolicyReport) (*v1al
 
 	res := CreateObjectReference(report)
 
-	for _, check := range append(report.Report.Checks, report.Report.PodChecks...) {
+	for _, check := range report.Report.Checks {
 		props := map[string]string{}
 
 		for i, m := range check.Messages {

diff --git a/pkg/adapters/auditr/polr_client.go b/pkg/adapters/auditr/polr_client.go
@@ -25,7 +25,9 @@ func (p *PolicyReportClient) GenerateReport(ctx context.Context, report *v1alpha
 		}
 
 		polr, updated := Map(report, polr)
-		if updated {
+		if polr == nil {
+			return nil
+		} else if updated {
 			_, err = p.k8sClient.PolicyReports(report.Namespace).Update(ctx, polr, v1.UpdateOptions{})
 		} else {
 			_, err = p.k8sClient.PolicyReports(report.Namespace).Create(ctx, polr, v1.CreateOptions{})

diff --git a/pkg/adapters/vulnr/mapper.go b/pkg/adapters/vulnr/mapper.go
@@ -1,6 +1,7 @@
 package vulnr
 
 import (
+	"crypto/sha1"
 	"fmt"
 
 	"github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1"
@@ -38,6 +39,10 @@ var (
 )
 
 func Map(report *v1alpha1.VulnerabilityReport, polr *v1alpha2.PolicyReport) (*v1alpha2.PolicyReport, bool) {
+	if len(report.Report.Vulnerabilities) == 0 {
+		return nil, false
+	}
+
 	var updated bool
 
 	if polr == nil {
@@ -56,12 +61,15 @@ func Map(report *v1alpha1.VulnerabilityReport, polr *v1alpha2.PolicyReport) (*v1
 			score = *vuln.Score
 		}
 
+		result := MapResult(vuln.Severity)
+
 		props := map[string]string{
 			"artifact.repository": report.Report.Artifact.Repository,
 			"artifact.tag":        report.Report.Artifact.Tag,
 			"registry.server":     report.Report.Registry.Server,
 			"score":               fmt.Sprint(score),
 			"resource":            vuln.Resource,
+			"resultID":            generateID(string(res.UID), res.Name, vuln.VulnerabilityID, vuln.Resource, string(result)),
 		}
 
 		if vuln.FixedVersion != "" {
@@ -79,7 +87,7 @@ func Map(report *v1alpha1.VulnerabilityReport, polr *v1alpha2.PolicyReport) (*v1
 			Message:    vuln.Title,
 			Properties: props,
 			Resources:  []*corev1.ObjectReference{res},
-			Result:     MapResult(vuln.Severity),
+			Result:     result,
 			Severity:   MapServerity(vuln.Severity),
 			Category:   category,
 			Timestamp:  *report.CreationTimestamp.ProtoTime(),
@@ -162,3 +170,12 @@ func GeneratePolicyReportName(report *v1alpha1.VulnerabilityReport) string {
 
 	return fmt.Sprintf("%s-%s", reportPrefix, name)
 }
+
+func generateID(uid, name, policy, rule, result string) string {
+	id := fmt.Sprintf("%s_%s_%s_%s_%s", uid, name, policy, rule, result)
+
+	h := sha1.New()
+	h.Write([]byte(id))
+
+	return fmt.Sprintf("%x", h.Sum(nil))
+}
diff --git a/pkg/adapters/vulnr/polr_client.go b/pkg/adapters/vulnr/polr_client.go
@@ -25,7 +25,9 @@ func (p *PolicyReportClient) GenerateReport(ctx context.Context, report *v1alpha
 		}
 
 		polr, updated := Map(report, polr)
-		if updated {
+		if polr == nil {
+			return nil
+		} else if updated {
 			_, err = p.k8sClient.PolicyReports(report.Namespace).Update(ctx, polr, v1.UpdateOptions{})
 		} else {
 			_, err = p.k8sClient.PolicyReports(report.Namespace).Create(ctx, polr, v1.CreateOptions{})