clair: update to clair/config module

Closes: PROJQUAY-3026 Signed-off-by: Hank Donnay <hdonnay@redhat.com>
quay · Jan 17, 2022 · 8272dae · 8272dae
1 parent 18df5fb
commit 8272dae
Show file tree

Hide file tree

Showing 257 changed files with 2,222 additions and 47,913 deletions.
diff --git a/go.mod b/go.mod
@@ -10,8 +10,7 @@ require (
 	github.com/onsi/gomega v1.17.0
 	github.com/openshift/api v3.9.0+incompatible
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.53.1
-	github.com/quay/clair/v4 v4.0.0-rc.20.0.20201112172303-bb3cd669f663
-	github.com/quay/claircore v1.0.5 // indirect
+	github.com/quay/clair/config v1.1.0
 	github.com/quay/config-tool v0.1.9
 	github.com/stretchr/testify v1.7.0
 	github.com/tidwall/sjson v1.2.3

diff --git a/go.sum b/go.sum
diff --git a/pkg/kustomize/kustomize.go b/pkg/kustomize/kustomize.go
@@ -272,6 +272,7 @@ func generate(
 
 // KustomizationFor takes a `QuayRegistry` object and generates a Kustomization for it.
 func KustomizationFor(
+	log logr.Logger,
 	ctx *quaycontext.QuayRegistryContext,
 	quay *v1.QuayRegistry,
 	quayConfigFiles map[string][]byte,
@@ -372,7 +373,7 @@ func KustomizationFor(
 		)
 
 		componentConfigFiles, err := componentConfigFilesFor(
-			ctx, component.Kind, quay, quayConfigFiles,
+			log, ctx, component.Kind, quay, quayConfigFiles,
 		)
 		if componentConfigFiles == nil || err != nil {
 			continue
@@ -550,7 +551,7 @@ func Inflate(
 		overlay = overlayDir()
 	}
 
-	kustomization, err := KustomizationFor(ctx, quay, componentConfigFiles, overlay)
+	kustomization, err := KustomizationFor(log, ctx, quay, componentConfigFiles, overlay)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/kustomize/kustomize_test.go b/pkg/kustomize/kustomize_test.go
@@ -5,6 +5,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/go-logr/logr"
 	testlogr "github.com/go-logr/logr/testing"
 	objectbucket "github.com/kube-object-storage/lib-bucket-provisioner/pkg/apis/objectbucket.io/v1alpha1"
 	"github.com/stretchr/testify/assert"
@@ -169,6 +170,7 @@ var kustomizationForTests = []struct {
 
 func TestKustomizationFor(t *testing.T) {
 	assert := assert.New(t)
+	log := logr.Discard()
 
 	for _, test := range kustomizationForTests {
 		if test.expected != nil {
@@ -181,7 +183,7 @@ func TestKustomizationFor(t *testing.T) {
 			}
 		}
 
-		kustomization, err := KustomizationFor(&test.ctx, test.quayRegistry, map[string][]byte{}, "")
+		kustomization, err := KustomizationFor(log, &test.ctx, test.quayRegistry, map[string][]byte{}, "")
 
 		if test.expectedErr != "" {
 			assert.EqualError(err, test.expectedErr)

diff --git a/pkg/kustomize/secrets.go b/pkg/kustomize/secrets.go
@@ -7,9 +7,10 @@ import (
 	"net/url"
 	"os"
 	"strings"
+	"time"
 
-	"github.com/quay/clair/v4/config"
-	"github.com/quay/clair/v4/notifier/webhook"
+	"github.com/go-logr/logr"
+	"github.com/quay/clair/config"
 	"github.com/quay/config-tool/pkg/lib/fieldgroups/database"
 	"github.com/quay/config-tool/pkg/lib/fieldgroups/distributedstorage"
 	"github.com/quay/config-tool/pkg/lib/fieldgroups/hostsettings"
@@ -262,7 +263,7 @@ func ContainsComponentConfig(
 }
 
 // componentConfigFilesFor returns specific config files for managed components of a Quay registry.
-func componentConfigFilesFor(qctx *quaycontext.QuayRegistryContext, component v1.ComponentKind, quay *v1.QuayRegistry, configFiles map[string][]byte) (map[string][]byte, error) {
+func componentConfigFilesFor(log logr.Logger, qctx *quaycontext.QuayRegistryContext, component v1.ComponentKind, quay *v1.QuayRegistry, configFiles map[string][]byte) (map[string][]byte, error) {
 	switch component {
 	case v1.ComponentPostgres:
 		dbConfig, ok := configFiles["postgres.config.yaml"]
@@ -315,7 +316,7 @@ func componentConfigFilesFor(qctx *quaycontext.QuayRegistryContext, component v1
 			preSharedKey = config.(map[string]interface{})["SECURITY_SCANNER_V4_PSK"].(string)
 		}
 
-		cfg, err := clairConfigFor(quay, quayHostname, preSharedKey)
+		cfg, err := clairConfigFor(log, quay, quayHostname, preSharedKey)
 		if err != nil {
 			return nil, err
 		}
@@ -327,7 +328,7 @@ func componentConfigFilesFor(qctx *quaycontext.QuayRegistryContext, component v1
 }
 
 // clairConfigFor returns a Clair v4 config with the correct values.
-func clairConfigFor(quay *v1.QuayRegistry, quayHostname, preSharedKey string) ([]byte, error) {
+func clairConfigFor(log logr.Logger, quay *v1.QuayRegistry, quayHostname, preSharedKey string) ([]byte, error) {
 	host := strings.Join([]string{quay.GetName(), "clair-postgres"}, "-")
 	dbname := "postgres"
 	user := "postgres"
@@ -339,9 +340,9 @@ func clairConfigFor(quay *v1.QuayRegistry, quayHostname, preSharedKey string) ([
 	}
 
 	dbConn := fmt.Sprintf("host=%s port=5432 dbname=%s user=%s password=%s sslmode=disable", host, dbname, user, password)
-	config := config.Config{
+	cfg := config.Config{
 		HTTPListenAddr: ":8080",
-		LogLevel:       "info",
+		LogLevel:       config.InfoLog,
 		Indexer: config.Indexer{
 			ConnString:           dbConn,
 			ScanLockRetry:        10,
@@ -356,25 +357,32 @@ func clairConfigFor(quay *v1.QuayRegistry, quayHostname, preSharedKey string) ([
 		Notifier: config.Notifier{
 			ConnString:       dbConn,
 			Migrations:       true,
-			DeliveryInterval: "1m",
-			PollInterval:     "5m",
-			Webhook: &webhook.Config{
+			DeliveryInterval: 1 * time.Minute,
+			PollInterval:     5 * time.Minute,
+			Webhook: &config.Webhook{
 				Target:   "https://" + quayHostname + "/secscan/notification",
 				Callback: "http://" + quay.GetName() + "-clair-app/notifier/api/v1/notifications",
 			},
 		},
 		Auth: config.Auth{
 			PSK: &config.AuthPSK{
-				Key:    psk,
+				Key:    config.Base64(psk),
 				Issuer: []string{"quay", "clairctl"},
 			},
 		},
 		Metrics: config.Metrics{
 			Name: "prometheus",
 		},
 	}
+	ws, err := config.Validate(&cfg)
+	if err != nil {
+		return nil, err
+	}
+	for _, w := range ws {
+		log.V(1).Info("clair config lint", "msg", w.Error())
+	}
 
-	return yaml.Marshal(config)
+	return yaml.Marshal(cfg)
 }
 
 // From: https://gist.github.com/dopey/c69559607800d2f2f90b1b1ed4e550fb

diff --git a/vendor/github.com/go-stomp/stomp/.gitattributes b/vendor/github.com/go-stomp/stomp/.gitattributes
diff --git a/vendor/github.com/go-stomp/stomp/.gitignore b/vendor/github.com/go-stomp/stomp/.gitignore
diff --git a/vendor/github.com/go-stomp/stomp/.travis.yml b/vendor/github.com/go-stomp/stomp/.travis.yml
diff --git a/vendor/github.com/go-stomp/stomp/AUTHORS.md b/vendor/github.com/go-stomp/stomp/AUTHORS.md