gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix: k8s all-namespaces support (#4096)

Browse Source
This commit is contained in:
chenk
2023-04-23 20:08:37 +03:00
committed by GitHub
parent bd0c60364a
commit 107752df65
5 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/docs/references/configuration/cli/trivy_kubernetes.md
View File

@@ -27,6 +27,7 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
### Options ### Options
``` ```
-A, --all-namespaces fetch resources from all cluster namespaces
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs") --cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend --cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning --clear-cache clear image caches without scanning

2
go.mod
View File

@@ -26,7 +26,7 @@ require (
github.com/aquasecurity/tml v0.6.1 github.com/aquasecurity/tml v0.6.1
github.com/aquasecurity/trivy-db v0.0.0-20230411140759-3c2ee2168575 github.com/aquasecurity/trivy-db v0.0.0-20230411140759-3c2ee2168575
github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728 github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728
github.com/aquasecurity/trivy-kubernetes v0.4.1-0.20230413111230-522e0fca9814 github.com/aquasecurity/trivy-kubernetes v0.4.1-0.20230420095211-019a895da295
github.com/aws/aws-sdk-go v1.44.234 github.com/aws/aws-sdk-go v1.44.234
github.com/aws/aws-sdk-go-v2 v1.17.7 github.com/aws/aws-sdk-go-v2 v1.17.7
github.com/aws/aws-sdk-go-v2/config v1.18.15 github.com/aws/aws-sdk-go-v2/config v1.18.15

4
go.sum
View File

@@ -343,8 +343,8 @@ github.com/aquasecurity/trivy-db v0.0.0-20230411140759-3c2ee2168575 h1:8Y/qLPXGF
github.com/aquasecurity/trivy-db v0.0.0-20230411140759-3c2ee2168575/go.mod h1:zn8GepvD5wBkCmmtBDwh0BWfiMUxS6xfGRcTPmXRVXo= github.com/aquasecurity/trivy-db v0.0.0-20230411140759-3c2ee2168575/go.mod h1:zn8GepvD5wBkCmmtBDwh0BWfiMUxS6xfGRcTPmXRVXo=
github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728 h1:0eS+V7SXHgqoT99tV1mtMW6HL4HdoB9qGLMCb1fZp8A= github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728 h1:0eS+V7SXHgqoT99tV1mtMW6HL4HdoB9qGLMCb1fZp8A=
github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8=
github.com/aquasecurity/trivy-kubernetes v0.4.1-0.20230413111230-522e0fca9814 h1:50r4mAGLHB0yx/OX7/MY0GMN5hCLG2OcZsa1JgQfwvE= github.com/aquasecurity/trivy-kubernetes v0.4.1-0.20230420095211-019a895da295 h1:ZdQMyXrUTNhsjKMiGLNtwIpGkn0Aj7r6eRPzaJlDbYc=
github.com/aquasecurity/trivy-kubernetes v0.4.1-0.20230413111230-522e0fca9814/go.mod h1:oGiNSpa6b+3E9SxzTuaneysOP/47eQUiem5R0x0HG58= github.com/aquasecurity/trivy-kubernetes v0.4.1-0.20230420095211-019a895da295/go.mod h1:FPtS3hhfzykyaIiAIUg3vovniDP5loM9hHRa8W2+PuU=
github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=

12
pkg/flag/kubernetes_flags.go
View File

@@ -62,6 +62,13 @@ var (
Value: []string{}, Value: []string{},
Usage: "specify node-collector job tolerations (example: key1=value1:NoExecute,key2=value2:NoSchedule)", Usage: "specify node-collector job tolerations (example: key1=value1:NoExecute,key2=value2:NoSchedule)",
} }
AllNamespaces = Flag{
Name: "all-namespaces",
ConfigName: "kubernetes.all.namespaces",
Shorthand: "A",
Value: false,
Usage: "fetch resources from all cluster namespaces",
}
) )
type K8sFlagGroup struct { type K8sFlagGroup struct {
@@ -72,6 +79,7 @@ type K8sFlagGroup struct {
K8sVersion *Flag K8sVersion *Flag
Parallel *Flag Parallel *Flag
Tolerations *Flag Tolerations *Flag
AllNamespaces *Flag
} }
type K8sOptions struct { type K8sOptions struct {
@@ -82,6 +90,7 @@ type K8sOptions struct {
K8sVersion string K8sVersion string
Parallel int Parallel int
Tolerations []corev1.Toleration Tolerations []corev1.Toleration
AllNamespaces bool
} }
func NewK8sFlagGroup() *K8sFlagGroup { func NewK8sFlagGroup() *K8sFlagGroup {
@@ -93,6 +102,7 @@ func NewK8sFlagGroup() *K8sFlagGroup {
K8sVersion: &K8sVersionFlag, K8sVersion: &K8sVersionFlag,
Parallel: &ParallelFlag, Parallel: &ParallelFlag,
Tolerations: &TolerationsFlag, Tolerations: &TolerationsFlag,
AllNamespaces: &AllNamespaces,
} }
} }
@@ -109,6 +119,7 @@ func (f *K8sFlagGroup) Flags() []*Flag {
f.K8sVersion, f.K8sVersion,
f.Parallel, f.Parallel,
f.Tolerations, f.Tolerations,
f.AllNamespaces,
} }
} }
@@ -133,6 +144,7 @@ func (f *K8sFlagGroup) ToOptions() (K8sOptions, error) {
K8sVersion: getString(f.K8sVersion), K8sVersion: getString(f.K8sVersion),
Parallel: parallel, Parallel: parallel,
Tolerations: tolerations, Tolerations: tolerations,
AllNamespaces: getBool(f.AllNamespaces),
}, nil }, nil
} }

10
pkg/k8s/commands/namespace.go
View File

@@ -16,10 +16,14 @@ func namespaceRun(ctx context.Context, opts flag.Options, cluster k8s.Cluster) e
if err := validateReportArguments(opts); err != nil { if err := validateReportArguments(opts); err != nil {
return err return err
} }
var trivyk trivyk8s.TrivyK8S
if opts.AllNamespaces {
trivyk = trivyk8s.New(cluster, log.Logger).AllNamespaces()
} else {
trivyk = trivyk8s.New(cluster, log.Logger).Namespace(getNamespace(opts, cluster.GetCurrentNamespace()))
}
trivyk8s := trivyk8s.New(cluster, log.Logger).Namespace(getNamespace(opts, cluster.GetCurrentNamespace())) artifacts, err := trivyk.ListArtifacts(ctx)
artifacts, err := trivyk8s.ListArtifacts(ctx)
if err != nil { if err != nil {
return xerrors.Errorf("get k8s artifacts error: %w", err) return xerrors.Errorf("get k8s artifacts error: %w", err)
} }