From d70f164dcb2c970bb7b8f1bd48f20f63a144881f Mon Sep 17 00:00:00 2001 From: Fabrizio Sestito Date: Thu, 28 Nov 2024 18:56:26 +0100 Subject: [PATCH 1/4] fix(storage): add missing field label conversion to VulnerabilityReport Signed-off-by: Fabrizio Sestito --- api/storage/v1alpha1/register.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/api/storage/v1alpha1/register.go b/api/storage/v1alpha1/register.go index b0201c8..d35338c 100644 --- a/api/storage/v1alpha1/register.go +++ b/api/storage/v1alpha1/register.go @@ -73,6 +73,11 @@ func AddKnownTypes(scheme *runtime.Scheme) error { if err != nil { return fmt.Errorf("unable to add field selector conversion function to SBOM: %w", err) } + + err = scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("VulnerabilityReport"), imageMetadataFieldSelectorConversion) + if err != nil { + return fmt.Errorf("unable to add field selector conversion function to VulnerabilityReport: %w", err) + } return nil } From d00e760da28467fd54a917a92b102e6ef839ddad Mon Sep 17 00:00:00 2001 From: Fabrizio Sestito Date: Thu, 28 Nov 2024 18:57:14 +0100 Subject: [PATCH 2/4] test: add selectable fields to VulnerabilityReport test CRD Signed-off-by: Fabrizio Sestito --- .../v1alpha1/vulnerabilityreport_types.go | 66 +++++++++++++++++++ ...age.sbombastic.rancher.io_scanresults.yaml | 51 -------------- ...astic.rancher.io_vulnerabilityreports.yaml | 7 ++ 3 files changed, 73 insertions(+), 51 deletions(-) create mode 100644 api/storage/v1alpha1/vulnerabilityreport_types.go delete mode 100644 test/crd/storage.sbombastic.rancher.io_scanresults.yaml diff --git a/api/storage/v1alpha1/vulnerabilityreport_types.go b/api/storage/v1alpha1/vulnerabilityreport_types.go new file mode 100644 index 0000000..e104575 --- /dev/null +++ b/api/storage/v1alpha1/vulnerabilityreport_types.go @@ -0,0 +1,66 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// VulnerabilityReportList contains a list of ScanResult +type VulnerabilityReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []VulnerabilityReport `json:"items"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:selectablefield:JSONPath=`.spec.imageMetadata.registry` +// +kubebuilder:selectablefield:JSONPath=`.spec.imageMetadata.registryURI` +// +kubebuilder:selectablefield:JSONPath=`.spec.imageMetadata.repository` +// +kubebuilder:selectablefield:JSONPath=`.spec.imageMetadata.tag` +// +kubebuilder:selectablefield:JSONPath=`.spec.imageMetadata.platform` +// +kubebuilder:selectablefield:JSONPath=`.spec.imageMetadata.digest` + +// VulnerabilityReport is the Schema for the scanresults API +type VulnerabilityReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec VulnerabilityReportSpec `json:"spec,omitempty"` + Status VulnerabilityReportStatus `json:"status,omitempty"` +} + +// VulnerabilityReportSpec defines the desired state of a VulnerabilityReport +type VulnerabilityReportSpec struct { + ImageMetadata ImageMetadata `json:"imageMetadata"` + // SARIF is the vulnerability report in SARIF format + SARIF runtime.RawExtension `json:"sarif"` +} + +// VulnerabilityReportStatus defines the observed state of ScanResult +type VulnerabilityReportStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file +} + +func (v *VulnerabilityReport) GetImageMetadata() ImageMetadata { + return v.Spec.ImageMetadata +} diff --git a/test/crd/storage.sbombastic.rancher.io_scanresults.yaml b/test/crd/storage.sbombastic.rancher.io_scanresults.yaml deleted file mode 100644 index bb65706..0000000 --- a/test/crd/storage.sbombastic.rancher.io_scanresults.yaml +++ /dev/null @@ -1,51 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - name: scanresults.storage.sbombastic.rancher.io -spec: - group: storage.sbombastic.rancher.io - names: - kind: ScanResult - listKind: ScanResultList - plural: scanresults - singular: scanresult - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ScanResult is the Schema for the scanresults API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ScanResultSpec defines the desired state of ScanResult - properties: - foo: - description: Foo is an example field of ScanResult. - type: string - type: object - status: - description: ScanResultStatus defines the observed state of ScanResult - type: object - type: object - served: true - storage: true diff --git a/test/crd/storage.sbombastic.rancher.io_vulnerabilityreports.yaml b/test/crd/storage.sbombastic.rancher.io_vulnerabilityreports.yaml index 1a39c1f..238d5b1 100644 --- a/test/crd/storage.sbombastic.rancher.io_vulnerabilityreports.yaml +++ b/test/crd/storage.sbombastic.rancher.io_vulnerabilityreports.yaml @@ -84,5 +84,12 @@ spec: description: VulnerabilityReportStatus defines the observed state of ScanResult type: object type: object + selectableFields: + - jsonPath: .spec.imageMetadata.registry + - jsonPath: .spec.imageMetadata.registryURI + - jsonPath: .spec.imageMetadata.repository + - jsonPath: .spec.imageMetadata.tag + - jsonPath: .spec.imageMetadata.platform + - jsonPath: .spec.imageMetadata.digest served: true storage: true From 2578826221995ce98055bac3b652baf9944bdcc0 Mon Sep 17 00:00:00 2001 From: Fabrizio Sestito Date: Thu, 28 Nov 2024 18:57:25 +0100 Subject: [PATCH 3/4] f Signed-off-by: Fabrizio Sestito --- .../v1alpha1/vulnerabilityreport_types.go.go | 60 ------------------- 1 file changed, 60 deletions(-) delete mode 100644 api/storage/v1alpha1/vulnerabilityreport_types.go.go diff --git a/api/storage/v1alpha1/vulnerabilityreport_types.go.go b/api/storage/v1alpha1/vulnerabilityreport_types.go.go deleted file mode 100644 index 8d4a1a6..0000000 --- a/api/storage/v1alpha1/vulnerabilityreport_types.go.go +++ /dev/null @@ -1,60 +0,0 @@ -/* -Copyright 2024. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// VulnerabilityReportList contains a list of ScanResult -type VulnerabilityReportList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []VulnerabilityReport `json:"items"` -} - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// VulnerabilityReport is the Schema for the scanresults API -type VulnerabilityReport struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec VulnerabilityReportSpec `json:"spec,omitempty"` - Status VulnerabilityReportStatus `json:"status,omitempty"` -} - -// VulnerabilityReportSpec defines the desired state of a VulnerabilityReport -type VulnerabilityReportSpec struct { - ImageMetadata ImageMetadata `json:"imageMetadata"` - // SARIF is the vulnerability report in SARIF format - SARIF runtime.RawExtension `json:"sarif"` -} - -// VulnerabilityReportStatus defines the observed state of ScanResult -type VulnerabilityReportStatus struct { - // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - // Important: Run "make" to regenerate code after modifying this file -} - -func (v *VulnerabilityReport) GetImageMetadata() ImageMetadata { - return v.Spec.ImageMetadata -} From 3ef10ecc64ffe24806394c9a41ecbe451bd9d4be Mon Sep 17 00:00:00 2001 From: Fabrizio Sestito Date: Thu, 28 Nov 2024 18:58:48 +0100 Subject: [PATCH 4/4] fix(storage): selectable fields were wrong Signed-off-by: Fabrizio Sestito --- internal/storage/matcher.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/storage/matcher.go b/internal/storage/matcher.go index 73cba39..3128c60 100644 --- a/internal/storage/matcher.go +++ b/internal/storage/matcher.go @@ -40,12 +40,12 @@ func getAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { } selectableFields := fields.Set{ - "spec.imageMetadata.Registry": imageMetadataAccessor.GetImageMetadata().Registry, - "spec.imageMetadata.RegistryURI": imageMetadataAccessor.GetImageMetadata().RegistryURI, - "spec.imageMetadata.Repository": imageMetadataAccessor.GetImageMetadata().Repository, - "spec.imageMetadata.Tag": imageMetadataAccessor.GetImageMetadata().Tag, - "spec.imageMetadata.Platform": imageMetadataAccessor.GetImageMetadata().Platform, - "spec.imageMetadata.Digest": imageMetadataAccessor.GetImageMetadata().Digest, + "spec.imageMetadata.registry": imageMetadataAccessor.GetImageMetadata().Registry, + "spec.imageMetadata.registryURI": imageMetadataAccessor.GetImageMetadata().RegistryURI, + "spec.imageMetadata.repository": imageMetadataAccessor.GetImageMetadata().Repository, + "spec.imageMetadata.tag": imageMetadataAccessor.GetImageMetadata().Tag, + "spec.imageMetadata.platform": imageMetadataAccessor.GetImageMetadata().Platform, + "spec.imageMetadata.digest": imageMetadataAccessor.GetImageMetadata().Digest, } return labels.Set(objMeta.GetLabels()), generic.MergeFieldsSets(selectableMetadata, selectableFields), nil