From b4813c342b780b92234b34cb5e8ffaa191c1e3a1 Mon Sep 17 00:00:00 2001
From: Jacob McCann <jacob.mccann2@target.com>
Date: Sat, 31 Dec 2016 10:53:23 -0600
Subject: [PATCH] Add ability to run clair against server with internally
 signed certs

---
 main.go   | 10 ++++++++--
 plugin.go | 43 ++++++++++++++++++++++++++++++++-----------
 2 files changed, 40 insertions(+), 13 deletions(-)

diff --git a/main.go b/main.go
index bee1b19..57c40ca 100644
--- a/main.go
+++ b/main.go
@@ -24,7 +24,7 @@ func main() {
 		cli.StringFlag{
 			Name: "url",
 			Usage: "clair server URL",
-			EnvVar: "PLUGIN_URL",
+			EnvVar: "CLAIR_URL,PLUGIN_URL",
 		},
 		cli.StringFlag{
 			Name: "username",
@@ -41,6 +41,11 @@ func main() {
 			Usage: "docker image to scan with clair",
 			EnvVar: "PLUGIN_SCAN_IMAGE",
 		},
+		cli.StringFlag{
+			Name:   "ca_cert",
+			Usage:  "ca cert to trust",
+			EnvVar: "CLAIR_CA_CERT,PLUGIN_CA_CERT",
+		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
@@ -51,13 +56,14 @@ func main() {
 func run(c *cli.Context) error {
 	logrus.WithFields(logrus.Fields{
 		"Revision": revision,
-	}).Info("Drone clair Plugin Version")
+	}).Info("Drone Clair Plugin Version")
 
 	plugin := Plugin{
 		Url:       c.String("url"),
 		Username:  c.String("username"),
 		Password:  c.String("password"),
 		ScanImage: c.String("scan_image"),
+		CaCert:    c.String("ca_cert"),
 	}
 
 	return plugin.Exec()
diff --git a/plugin.go b/plugin.go
index 1a29990..bed4578 100644
--- a/plugin.go
+++ b/plugin.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"io/ioutil"
 	"os"
 	"os/exec"
 
@@ -13,6 +14,7 @@ type (
 		Username  string
 		Password  string
 		ScanImage string
+		CaCert    string
 	}
 )
 
@@ -27,21 +29,40 @@ func (p Plugin) Exec() error {
 		os.Setenv("DOCKER_PASSWORD", p.Password)
 	}
 
-	command := exec.Command(
-		"klar",
-		p.ScanImage,
-	)
+	var commands []*exec.Cmd
+
+	if p.CaCert != "" {
+		commands = append(commands, installCaCert(p.CaCert))
+	}
+
+	commands = append(commands, scanImage(p.ScanImage))
 
-	command.Stdout = os.Stdout
-	command.Stderr = os.Stderr
+	for _, command := range commands {
+		command.Stdout = os.Stdout
+		command.Stderr = os.Stderr
 
-	err := command.Run()
+		err := command.Run()
 
-	if err != nil {
-		logrus.WithFields(logrus.Fields{
-			"error": err,
-		}).Fatal("Failed to execute a command")
+		if err != nil {
+			logrus.WithFields(logrus.Fields{
+				"error": err,
+			}).Fatal("Failed to execute a command")
+		}
 	}
 
 	return nil
 }
+
+func installCaCert(cacert string) *exec.Cmd {
+	ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
+	return exec.Command(
+		"update-ca-certificates",
+	)
+}
+
+func scanImage(image string) *exec.Cmd {
+	return exec.Command(
+		"klar",
+		image,
+	)
+}