feat(cluster-scanner): enable backend scanning with platform services (…

…#1369)
sysdiglabs · Sep 25, 2023 · e902c74 · e902c74
1 parent eaa5d46
commit e902c74
Show file tree

Hide file tree

Showing 9 changed files with 209 additions and 132 deletions.
diff --git a/charts/cluster-scanner/Chart.yaml b/charts/cluster-scanner/Chart.yaml
@@ -4,7 +4,7 @@ description: Sysdig Cluster Scanner
 
 type: application
 
-version: 0.5.6
+version: 0.6.0
 
 appVersion: "0.1.0"
 home: https://www.sysdig.com/

diff --git a/charts/cluster-scanner/README.md b/charts/cluster-scanner/README.md
diff --git a/charts/cluster-scanner/templates/_helpers.tpl b/charts/cluster-scanner/templates/_helpers.tpl
@@ -208,28 +208,37 @@ Define the proper imageRegistry to use for imageSbomExtractor
 {{/*
 Cluster scanner version compatibility check.
 
-If .Values.onPremCompatibilityVersion is set to 6.5.0 or below, it checks whether
-the provided tag is < 1.0.0 .
+If .Values.onPremCompatibilityVersion is set to a version below 6.6.0, it checks whether
+the provided tag is < 0.5.0 .
 
-Otherwise, it checks if the provided tag is >= 1.0.0 .
+Otherwise, it checks if the provided tag is >= 0.5.0 .
 
 Version tags must be semver2-compatible otherwise no check will be performed.
 */}}
 {{- define "cluster-scanner.checkVersionCompatibility" -}}
 {{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+.*" .Tag -}}
     {{- $version := semver .Tag -}}
-    {{- if and (hasKey (default .Values dict) "onPremCompatibilityVersion") (eq (semver .Values.onPremCompatibilityVersion | (semver "6.5.0").Compare) 1) -}}
-        {{- if ne ($version | (semver "1.0.0").Compare) 1 -}}
-            {{- fail (printf "incompatible version for %s, set %s expected < 1.0.0" .Component .Tag) -}}
+    {{- if and (hasKey (default .Values dict) "onPremCompatibilityVersion") (eq (semver .Values.onPremCompatibilityVersion | (semver "6.6.0").Compare) 1) -}}
+        {{- if ne ($version | (semver "0.5.0").Compare) 1 -}}
+            {{- fail (printf "incompatible version for %s, set %s expected < 0.5.0" .Component .Tag) -}}
         {{- end -}}
     {{- else -}}
-        {{- if eq ($version | (semver "1.0.0").Compare) 1 -}}
-            {{- fail (printf "incompatible version for %s, set %s expected >= 1.0.0" .Component .Tag) -}}
+        {{- if eq ($version | (semver "0.5.0").Compare) 1 -}}
+            {{- fail (printf "incompatible version for %s, set %s expected >= 0.5.0" .Component .Tag) -}}
         {{- end -}}
     {{- end -}}
 {{- end -}}
 {{- end -}}
 
+{{/*
+Generates configmap data to enable platform services if onPremCompatibility version is not set, or it is greater than 6.6.0
+*/}}
+{{- define "cluster-scanner.enablePlatformServicesConfig" -}}
+{{- if not ( and (hasKey (default .Values dict) "onPremCompatibilityVersion") (eq (semver .Values.onPremCompatibilityVersion | (semver "6.6.0").Compare) 1)) -}}
+enable_platform_services: "true"
+{{- end }}
+{{- end }}
+
 {{/*
 Return the proper image name for the Runtime Status Integrator
 */}}

diff --git a/charts/cluster-scanner/templates/configmap.yaml b/charts/cluster-scanner/templates/configmap.yaml
@@ -39,3 +39,4 @@ data:
   ise_cache_type: {{ .Values.imageSbomExtractor.cache.type }}
 {{- include "cluster-scanner.redisCacheConfig" . | nindent 2 }}
 {{- include "cluster-scanner.localCacheConfig" . | nindent 2 }}
+{{- include "cluster-scanner.enablePlatformServicesConfig" . | nindent 2 }}
diff --git a/charts/cluster-scanner/templates/deployment.yaml b/charts/cluster-scanner/templates/deployment.yaml
@@ -282,6 +282,12 @@ spec:
                 name: {{ include "cluster-scanner.fullname" . }}
                 key: rsi_js_server_metrics_port
                 optional: true
+          - name: CLUSTERSCANNER_PLATFORM_ENABLED
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "cluster-scanner.fullname" . }}
+                key: enable_platform_services
+                optional: true
           {{- range $key, $value := .Values.runtimeStatusIntegrator.env }}
           - name: "{{ $key }}"
             value: "{{ $value }}"
@@ -550,6 +556,12 @@ spec:
                 key: cache_redis_ttl
                 optional: true
           {{- end }}
+          - name: CLUSTERSCANNER_PLATFORM_ENABLED
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "cluster-scanner.fullname" . }}
+                key: enable_platform_services
+                optional: true
           {{- range $key, $value := .Values.imageSbomExtractor.env }}
           - name: "{{ $key }}"
             value: "{{ $value }}"

diff --git a/charts/cluster-scanner/tests/configmap_test.yaml b/charts/cluster-scanner/tests/configmap_test.yaml
@@ -341,3 +341,37 @@ tests:
       - equal:
           path: data.no_proxy
           value: "fake-no-proxy"
+
+  - it: "has correct platform services value when onPremCompatibilityVersion is NOT provided"
+    set:
+      global.sysdig.apiHost: "http://test.com"
+    asserts:
+      - equal:
+          path: data.enable_platform_services
+          value: "true"
+
+  - it: "has correct platform services value when onPremCompatibilityVersion is < 6.6"
+    set:
+      global.sysdig.apiHost: "http://test.com"
+      onPremCompatibilityVersion: "6.5.99"
+    asserts:
+      - isNull:
+          path: data.enable_platform_services
+
+  - it: "has correct platform services value when onPremCompatibilityVersion is = 6.6.0"
+    set:
+      global.sysdig.apiHost: "http://test.com"
+      onPremCompatibilityVersion: "6.6.0"
+    asserts:
+      - equal:
+          path: data.enable_platform_services
+          value: "true"
+
+  - it: "has correct platform services value when onPremCompatibilityVersion is > 6.6.0"
+    set:
+      global.sysdig.apiHost: "http://test.com"
+      onPremCompatibilityVersion: "6.6.1"
+    asserts:
+      - equal:
+          path: data.enable_platform_services
+          value: "true"