Merge pull request #209 from anchore/account-routing

anchore · May 10, 2024 · 07b4ac2 · 07b4ac2
2 parents f714781 + 9f7883d
commit 07b4ac2
Show file tree

Hide file tree

Showing 12 changed files with 476 additions and 54 deletions.
diff --git a/anchore-k8s-inventory.yaml b/anchore-k8s-inventory.yaml
@@ -43,6 +43,15 @@ namespace-selectors:
 
   ignore-empty: false
 
+account-routes:
+   # Example
+   # account:
+   #   user: username
+   #   password: password
+   #   namespaces:
+   #     - default
+   #     - ^kube-*
+
 # Kubernetes API configuration parameters (should not need tuning)
 kubernetes:
   # Sets the request timeout for kubernetes API requests

diff --git a/cmd/root.go b/cmd/root.go
@@ -47,18 +47,20 @@ var rootCmd = &cobra.Command{
 		case mode.PeriodicPolling:
 			pkg.PeriodicallyGetInventoryReport(appConfig)
 		default:
-			report, err := pkg.GetInventoryReport(appConfig)
+			reports, err := pkg.GetInventoryReports(appConfig)
 			if appConfig.Dev.ProfileCPU {
 				pprof.StopCPUProfile()
 			}
 			if err != nil {
 				log.Errorf("Failed to get Image Results: %+v", err)
 				os.Exit(1)
 			}
-			err = pkg.HandleReport(report, appConfig)
-			if err != nil {
-				log.Errorf("Failed to handle Image Results: %+v", err)
-				os.Exit(1)
+			for account, report := range reports {
+				err = pkg.HandleReport(report, appConfig, account)
+				if err != nil {
+					log.Errorf("Failed to handle Image Results: %+v", err)
+					os.Exit(1)
+				}
 			}
 		}
 	},

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -46,6 +46,7 @@ type Application struct {
 	Namespaces                      []string          `mapstructure:"namespaces"`
 	KubernetesRequestTimeoutSeconds int64             `mapstructure:"kubernetes-request-timeout-seconds"`
 	NamespaceSelectors              NamespaceSelector `mapstructure:"namespace-selectors"`
+	AccountRoutes                   AccountRoutes     `mapstructure:"account-routes"`
 	MissingRegistryOverride         string            `mapstructure:"missing-registry-override"`
 	MissingTagPolicy                MissingTagConf    `mapstructure:"missing-tag-policy"`
 	RunMode                         mode.Mode
@@ -69,6 +70,14 @@ type NamespaceSelector struct {
 	IgnoreEmpty bool     `mapstructure:"ignore-empty"`
 }
 
+type AccountRoutes map[string]AccountRouteDetails
+
+type AccountRouteDetails struct {
+	User       string   `mapstructure:"user"`
+	Password   string   `mapstructure:"password"`
+	Namespaces []string `mapstructure:"namespaces"`
+}
+
 // KubernetesAPI details the configuration for interacting with the k8s api server
 type KubernetesAPI struct {
 	RequestTimeoutSeconds int64 `mapstructure:"request-timeout-seconds"`
@@ -128,6 +137,7 @@ func setNonCliDefaultValues(v *viper.Viper) {
 	v.SetDefault("missing-registry-override", "")
 	v.SetDefault("missing-tag-policy.policy", "digest")
 	v.SetDefault("missing-tag-policy.tag", "UNKNOWN")
+	v.SetDefault("account-routes", AccountRoutes{})
 	v.SetDefault("namespaces", []string{})
 	v.SetDefault("namespace-selectors.include", []string{})
 	v.SetDefault("namespace-selectors.exclude", []string{})

diff --git a/internal/config/config_test.go b/internal/config/config_test.go
@@ -4,9 +4,8 @@ import (
 	"flag"
 	"testing"
 
-	"github.com/spf13/viper"
-
 	"github.com/anchore/go-testutils"
+	"github.com/spf13/viper"
 )
 
 var update = flag.Bool("update", false, "update the *.golden files for config string output")
@@ -68,3 +67,55 @@ func TestSensitiveConfigString(t *testing.T) {
 		t.Errorf("Config string does not match expected\nactual: %s\nexpected: %s", actual, expected)
 	}
 }
+
+func TestAnchoreInfo_IsValid(t *testing.T) {
+	type fields struct {
+		URL      string
+		User     string
+		Password string
+		Account  string
+		HTTP     HTTPConfig
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   bool
+	}{
+		{
+			name: "valid",
+			fields: fields{
+				URL:      "http://anchore.example.com",
+				User:     "admin",
+				Password: "foobar",
+				Account:  "admin",
+				HTTP:     HTTPConfig{},
+			},
+			want: true,
+		},
+		{
+			name: "invalid",
+			fields: fields{
+				URL:      "http://anchore.example.com",
+				User:     "",
+				Password: "foobar",
+				Account:  "admin",
+				HTTP:     HTTPConfig{},
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			anchore := &AnchoreInfo{
+				URL:      tt.fields.URL,
+				User:     tt.fields.User,
+				Password: tt.fields.Password,
+				Account:  tt.fields.Account,
+				HTTP:     tt.fields.HTTP,
+			}
+			if got := anchore.IsValid(); got != tt.want {
+				t.Errorf("AnchoreInfo.IsValid() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/internal/config/test-fixtures/snapshot/TestDefaultConfigString.golden b/internal/config/test-fixtures/snapshot/TestDefaultConfigString.golden
@@ -31,6 +31,7 @@ namespaceselectors:
   include: []
   exclude: []
   ignoreempty: false
+accountroutes: {}
 missingregistryoverride: ""
 missingtagpolicy:
   policy: digest

diff --git a/internal/config/test-fixtures/snapshot/TestEmptyConfigString.golden b/internal/config/test-fixtures/snapshot/TestEmptyConfigString.golden
@@ -31,6 +31,7 @@ namespaceselectors:
   include: []
   exclude: []
   ignoreempty: false
+accountroutes: {}
 missingregistryoverride: ""
 missingtagpolicy:
   policy: ""

diff --git a/internal/config/test-fixtures/snapshot/TestSensitiveConfigString.golden b/internal/config/test-fixtures/snapshot/TestSensitiveConfigString.golden
@@ -31,6 +31,7 @@ namespaceselectors:
   include: []
   exclude: []
   ignoreempty: false
+accountroutes: {}
 missingregistryoverride: ""
 missingtagpolicy:
   policy: digest

diff --git a/pkg/client/client_test.go b/pkg/client/client_test.go
@@ -0,0 +1,86 @@
+// Wraps some of the initialization details for the k8s clientset
+package client
+
+import (
+	"testing"
+
+	"github.com/anchore/k8s-inventory/internal/config"
+	"github.com/stretchr/testify/assert"
+	"k8s.io/client-go/rest"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+)
+
+func TestGetClientSet(t *testing.T) {
+	type args struct {
+		kubeConfig *rest.Config
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "happy path",
+			args: args{
+				kubeConfig: &rest.Config{},
+			},
+			wantErr: false,
+		},
+		{
+			name: "sad path",
+			args: args{
+				kubeConfig: &rest.Config{
+					AuthProvider: &clientcmdapi.AuthProviderConfig{},
+					ExecProvider: &clientcmdapi.ExecConfig{},
+				},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			_, err := GetClientSet(tt.args.kubeConfig)
+			if tt.wantErr {
+				assert.Error(t, err)
+			}
+		})
+	}
+}
+
+func TestGetKubeConfig(t *testing.T) {
+	type args struct {
+		appConfig *config.Application
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "use default",
+			args: args{
+				appConfig: &config.Application{},
+			},
+			wantErr: false,
+		},
+		{
+			name: "use in-cluster",
+			args: args{
+				appConfig: &config.Application{
+					KubeConfig: config.KubeConf{
+						Path: "use-in-cluster",
+					},
+				},
+			},
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			_, err := GetKubeConfig(tt.args.appConfig)
+			if tt.wantErr {
+				assert.Error(t, err)
+			}
+		})
+	}
+}