Add ability to run clair against server with internally signed certs
This commit is contained in:
Jacob McCann
parent
6464a6e96e
commit
b4813c342b
10
main.go
10
main.go
@ -24,7 +24,7 @@ func main() {
|
|||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "url",
|
Name: "url",
|
||||||
Usage: "clair server URL",
|
Usage: "clair server URL",
|
||||||
EnvVar: "PLUGIN_URL",
|
EnvVar: "CLAIR_URL,PLUGIN_URL",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "username",
|
Name: "username",
|
||||||
@ -41,6 +41,11 @@ func main() {
|
|||||||
Usage: "docker image to scan with clair",
|
Usage: "docker image to scan with clair",
|
||||||
EnvVar: "PLUGIN_SCAN_IMAGE",
|
EnvVar: "PLUGIN_SCAN_IMAGE",
|
||||||
},
|
},
|
||||||
|
cli.StringFlag{
|
||||||
|
Name: "ca_cert",
|
||||||
|
Usage: "ca cert to trust",
|
||||||
|
EnvVar: "CLAIR_CA_CERT,PLUGIN_CA_CERT",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := app.Run(os.Args); err != nil {
|
if err := app.Run(os.Args); err != nil {
|
||||||
@ -51,13 +56,14 @@ func main() {
|
|||||||
func run(c *cli.Context) error {
|
func run(c *cli.Context) error {
|
||||||
logrus.WithFields(logrus.Fields{
|
logrus.WithFields(logrus.Fields{
|
||||||
"Revision": revision,
|
"Revision": revision,
|
||||||
}).Info("Drone clair Plugin Version")
|
}).Info("Drone Clair Plugin Version")
|
||||||
|
|
||||||
plugin := Plugin{
|
plugin := Plugin{
|
||||||
Url: c.String("url"),
|
Url: c.String("url"),
|
||||||
Username: c.String("username"),
|
Username: c.String("username"),
|
||||||
Password: c.String("password"),
|
Password: c.String("password"),
|
||||||
ScanImage: c.String("scan_image"),
|
ScanImage: c.String("scan_image"),
|
||||||
|
CaCert: c.String("ca_cert"),
|
||||||
}
|
}
|
||||||
|
|
||||||
return plugin.Exec()
|
return plugin.Exec()
|
||||||
|
|||||||
29
plugin.go
29
plugin.go
@ -1,6 +1,7 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
|
||||||
@ -13,6 +14,7 @@ type (
|
|||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
ScanImage string
|
ScanImage string
|
||||||
|
CaCert string
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -27,11 +29,15 @@ func (p Plugin) Exec() error {
|
|||||||
os.Setenv("DOCKER_PASSWORD", p.Password)
|
os.Setenv("DOCKER_PASSWORD", p.Password)
|
||||||
}
|
}
|
||||||
|
|
||||||
command := exec.Command(
|
var commands []*exec.Cmd
|
||||||
"klar",
|
|
||||||
p.ScanImage,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
if p.CaCert != "" {
|
||||||
|
commands = append(commands, installCaCert(p.CaCert))
|
||||||
|
}
|
||||||
|
|
||||||
|
commands = append(commands, scanImage(p.ScanImage))
|
||||||
|
|
||||||
|
for _, command := range commands {
|
||||||
command.Stdout = os.Stdout
|
command.Stdout = os.Stdout
|
||||||
command.Stderr = os.Stderr
|
command.Stderr = os.Stderr
|
||||||
|
|
||||||
@ -42,6 +48,21 @@ func (p Plugin) Exec() error {
|
|||||||
"error": err,
|
"error": err,
|
||||||
}).Fatal("Failed to execute a command")
|
}).Fatal("Failed to execute a command")
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func installCaCert(cacert string) *exec.Cmd {
|
||||||
|
ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
|
||||||
|
return exec.Command(
|
||||||
|
"update-ca-certificates",
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
func scanImage(image string) *exec.Cmd {
|
||||||
|
return exec.Command(
|
||||||
|
"klar",
|
||||||
|
image,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user