mirror of
https://github.com/anchore/syft.git
synced 2026-06-10 06:18:24 +02:00
b0ab75fd89
* remove existing cataloging API Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add file cataloging config Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add package cataloging config Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add configs for cross-cutting concerns Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename CLI option configs to not require import aliases later Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update all nested structs for the Catalog struct Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update Catalog cli options - add new cataloger selection options (selection and default) - remove the excludeBinaryOverlapByOwnership - deprecate "catalogers" flag - add new javascript configuration Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * migrate relationship capabilities to separate internal package Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * refactor golang cataloger to use configuration options when creating packages Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * create internal object to facilitate reading from and writing to an SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * create a command-like object (task) to facilitate partial SBOM creation Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add cataloger selection capability - be able to parse string expressions into a set of resolved actions against sets - be able to use expressions to select/add/remove tasks to/from the final set of tasks to run Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add package, file, and environment related tasks Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update existing file catalogers to use nested UI elements Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add CreateSBOMConfig that drives the SBOM creation process Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * capture SBOM creation info as a struct Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add CreateSBOM() function Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update docs with SBOM selection help + breaking changes Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix multiple override default inputs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix deprecation flag printing to stdout Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * refactor cataloger selection description to separate object Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep expression errors and show specific suggestions only Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address additional review feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address more review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * addressed additional PR review feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix file selection references Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove guess language data generation option Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for coordinatesForSelection Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename relationship attributes Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add descriptions to relationships config fields Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * improve documentation around configuration options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add explicit errors around legacy config entries Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
85 lines
3.1 KiB
Go
85 lines
3.1 KiB
Go
package options
|
|
|
|
import (
|
|
"os"
|
|
|
|
"github.com/anchore/clio"
|
|
"github.com/anchore/stereoscope/pkg/image"
|
|
)
|
|
|
|
type RegistryCredentials struct {
|
|
Authority string `yaml:"authority" json:"authority" mapstructure:"authority"`
|
|
// IMPORTANT: do not show any credential information, use secret type to automatically redact the values
|
|
Username secret `yaml:"username" json:"username" mapstructure:"username"`
|
|
Password secret `yaml:"password" json:"password" mapstructure:"password"`
|
|
Token secret `yaml:"token" json:"token" mapstructure:"token"`
|
|
|
|
TLSCert string `yaml:"tls-cert,omitempty" json:"tls-cert,omitempty" mapstructure:"tls-cert"`
|
|
TLSKey string `yaml:"tls-key,omitempty" json:"tls-key,omitempty" mapstructure:"tls-key"`
|
|
}
|
|
|
|
type registryConfig struct {
|
|
InsecureSkipTLSVerify bool `yaml:"insecure-skip-tls-verify" json:"insecure-skip-tls-verify" mapstructure:"insecure-skip-tls-verify"`
|
|
InsecureUseHTTP bool `yaml:"insecure-use-http" json:"insecure-use-http" mapstructure:"insecure-use-http"`
|
|
Auth []RegistryCredentials `yaml:"auth" json:"auth" mapstructure:"auth"`
|
|
CACert string `yaml:"ca-cert" json:"ca-cert" mapstructure:"ca-cert"`
|
|
}
|
|
|
|
var _ clio.PostLoader = (*registryConfig)(nil)
|
|
|
|
func (cfg *registryConfig) PostLoad() error {
|
|
// there may be additional credentials provided by env var that should be appended to the set of credentials
|
|
authority, username, password, token, tlsCert, tlsKey :=
|
|
os.Getenv("SYFT_REGISTRY_AUTH_AUTHORITY"),
|
|
os.Getenv("SYFT_REGISTRY_AUTH_USERNAME"),
|
|
os.Getenv("SYFT_REGISTRY_AUTH_PASSWORD"),
|
|
os.Getenv("SYFT_REGISTRY_AUTH_TOKEN"),
|
|
os.Getenv("SYFT_REGISTRY_AUTH_TLS_CERT"),
|
|
os.Getenv("SYFT_REGISTRY_AUTH_TLS_KEY")
|
|
|
|
if hasNonEmptyCredentials(username, password, token, tlsCert, tlsKey) {
|
|
// note: we prepend the credentials such that the environment variables take precedence over on-disk configuration.
|
|
// since this PostLoad is called before the PostLoad on the Auth credentials list,
|
|
// all appropriate redactions will be added
|
|
cfg.Auth = append([]RegistryCredentials{
|
|
{
|
|
Authority: authority,
|
|
Username: secret(username),
|
|
Password: secret(password),
|
|
Token: secret(token),
|
|
TLSCert: tlsCert,
|
|
TLSKey: tlsKey,
|
|
},
|
|
}, cfg.Auth...)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func hasNonEmptyCredentials(username, password, token, tlsCert, tlsKey string) bool {
|
|
hasUserPass := username != "" && password != ""
|
|
hasToken := token != ""
|
|
hasTLSMaterial := tlsCert != "" && tlsKey != ""
|
|
return hasUserPass || hasToken || hasTLSMaterial
|
|
}
|
|
|
|
func (cfg *registryConfig) ToOptions() *image.RegistryOptions {
|
|
var auth = make([]image.RegistryCredentials, len(cfg.Auth))
|
|
for i, a := range cfg.Auth {
|
|
auth[i] = image.RegistryCredentials{
|
|
Authority: a.Authority,
|
|
Username: a.Username.String(),
|
|
Password: a.Password.String(),
|
|
Token: a.Token.String(),
|
|
ClientCert: a.TLSCert,
|
|
ClientKey: a.TLSKey,
|
|
}
|
|
}
|
|
|
|
return &image.RegistryOptions{
|
|
InsecureSkipTLSVerify: cfg.InsecureSkipTLSVerify,
|
|
InsecureUseHTTP: cfg.InsecureUseHTTP,
|
|
Credentials: auth,
|
|
CAFileOrDir: cfg.CACert,
|
|
}
|
|
}
|