Add ability to run clair against server with internally signed certs

7 years ago · b4813c342b
parent 6464a6e96e
commit b4813c342b
2 changed files with 40 additions and 13 deletions
--- a/main.go
+++ b/main.go
@ -24,7 +24,7 @@ func main() {
 		cli.StringFlag{
 			Name: "url",
 			Usage: "clair server URL",
-			EnvVar: "PLUGIN_URL",
+			EnvVar: "CLAIR_URL,PLUGIN_URL",
 		},
 		cli.StringFlag{
 			Name: "username",
@ -41,6 +41,11 @@ func main() {
 			Usage: "docker image to scan with clair",
 			EnvVar: "PLUGIN_SCAN_IMAGE",
 		},
+		cli.StringFlag{
+			Name:   "ca_cert",
+			Usage:  "ca cert to trust",
+			EnvVar: "CLAIR_CA_CERT,PLUGIN_CA_CERT",
+		},
 	}

 	if err := app.Run(os.Args); err != nil {
@ -51,13 +56,14 @@ func main() {
 func run(c *cli.Context) error {
 	logrus.WithFields(logrus.Fields{
 		"Revision": revision,
-	}).Info("Drone clair Plugin Version")
+	}).Info("Drone Clair Plugin Version")

 	plugin := Plugin{
 		Url:       c.String("url"),
 		Username:  c.String("username"),
 		Password:  c.String("password"),
 		ScanImage: c.String("scan_image"),
+		CaCert:    c.String("ca_cert"),
 	}

 	return plugin.Exec()
--- a/plugin.go
+++ b/plugin.go
@ -1,6 +1,7 @@
 package main

 import (
+	"io/ioutil"
 	"os"
 	"os/exec"

@ -13,6 +14,7 @@ type (
 		Username  string
 		Password  string
 		ScanImage string
+		CaCert    string
 	}
 )

@ -27,21 +29,40 @@ func (p Plugin) Exec() error {
 		os.Setenv("DOCKER_PASSWORD", p.Password)
 	}

-	command := exec.Command(
-		"klar",
-		p.ScanImage,
-	)
+	var commands []*exec.Cmd
+
+	if p.CaCert != "" {
+		commands = append(commands, installCaCert(p.CaCert))
+	}
+
+	commands = append(commands, scanImage(p.ScanImage))

-	command.Stdout = os.Stdout
-	command.Stderr = os.Stderr
+	for _, command := range commands {
+		command.Stdout = os.Stdout
+		command.Stderr = os.Stderr

-	err := command.Run()
+		err := command.Run()

-	if err != nil {
-		logrus.WithFields(logrus.Fields{
-			"error": err,
-		}).Fatal("Failed to execute a command")
+		if err != nil {
+			logrus.WithFields(logrus.Fields{
+				"error": err,
+			}).Fatal("Failed to execute a command")
+		}
 	}

 	return nil
 }
+
+func installCaCert(cacert string) *exec.Cmd {
+	ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
+	return exec.Command(
+		"update-ca-certificates",
+	)
+}
+
+func scanImage(image string) *exec.Cmd {
+	return exec.Command(
+		"klar",
+		image,
+	)
+}