Add ability to run clair against server with internally signed certs
This commit is contained in:
Jacob McCann
parent
6464a6e96e
commit
b4813c342b
10
main.go
10
main.go
@ -24,7 +24,7 @@ func main() {
|
||||
cli.StringFlag{
|
||||
Name: "url",
|
||||
Usage: "clair server URL",
|
||||
EnvVar: "PLUGIN_URL",
|
||||
EnvVar: "CLAIR_URL,PLUGIN_URL",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "username",
|
||||
@ -41,6 +41,11 @@ func main() {
|
||||
Usage: "docker image to scan with clair",
|
||||
EnvVar: "PLUGIN_SCAN_IMAGE",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "ca_cert",
|
||||
Usage: "ca cert to trust",
|
||||
EnvVar: "CLAIR_CA_CERT,PLUGIN_CA_CERT",
|
||||
},
|
||||
}
|
||||
|
||||
if err := app.Run(os.Args); err != nil {
|
||||
@ -51,13 +56,14 @@ func main() {
|
||||
func run(c *cli.Context) error {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"Revision": revision,
|
||||
}).Info("Drone clair Plugin Version")
|
||||
}).Info("Drone Clair Plugin Version")
|
||||
|
||||
plugin := Plugin{
|
||||
Url: c.String("url"),
|
||||
Username: c.String("username"),
|
||||
Password: c.String("password"),
|
||||
ScanImage: c.String("scan_image"),
|
||||
CaCert: c.String("ca_cert"),
|
||||
}
|
||||
|
||||
return plugin.Exec()
|
||||
|
||||
43
plugin.go
43
plugin.go
@ -1,6 +1,7 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/exec"
|
||||
|
||||
@ -13,6 +14,7 @@ type (
|
||||
Username string
|
||||
Password string
|
||||
ScanImage string
|
||||
CaCert string
|
||||
}
|
||||
)
|
||||
|
||||
@ -27,21 +29,40 @@ func (p Plugin) Exec() error {
|
||||
os.Setenv("DOCKER_PASSWORD", p.Password)
|
||||
}
|
||||
|
||||
command := exec.Command(
|
||||
"klar",
|
||||
p.ScanImage,
|
||||
)
|
||||
var commands []*exec.Cmd
|
||||
|
||||
command.Stdout = os.Stdout
|
||||
command.Stderr = os.Stderr
|
||||
if p.CaCert != "" {
|
||||
commands = append(commands, installCaCert(p.CaCert))
|
||||
}
|
||||
|
||||
err := command.Run()
|
||||
commands = append(commands, scanImage(p.ScanImage))
|
||||
|
||||
if err != nil {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"error": err,
|
||||
}).Fatal("Failed to execute a command")
|
||||
for _, command := range commands {
|
||||
command.Stdout = os.Stdout
|
||||
command.Stderr = os.Stderr
|
||||
|
||||
err := command.Run()
|
||||
|
||||
if err != nil {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"error": err,
|
||||
}).Fatal("Failed to execute a command")
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func installCaCert(cacert string) *exec.Cmd {
|
||||
ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
|
||||
return exec.Command(
|
||||
"update-ca-certificates",
|
||||
)
|
||||
}
|
||||
|
||||
func scanImage(image string) *exec.Cmd {
|
||||
return exec.Command(
|
||||
"klar",
|
||||
image,
|
||||
)
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user