Skip to content

Commit

Permalink
✨ Add container discovery to v9 os provider (#1701)
Browse files Browse the repository at this point in the history
Signed-off-by: Christian Zunker <[email protected]>
  • Loading branch information
czunker authored Sep 18, 2023
1 parent 523a2b7 commit 0e7b2f9
Show file tree
Hide file tree
Showing 6 changed files with 48 additions and 53 deletions.
4 changes: 2 additions & 2 deletions providers/os/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ var Config = plugin.Provider{
MinArgs: 0,
MaxArgs: 0,
Discovery: []string{
"containers",
"container",
"container-images",
},
Flags: []plugin.Flag{
Expand Down Expand Up @@ -170,7 +170,7 @@ var Config = plugin.Provider{
MinArgs: 1,
MaxArgs: 1,
Discovery: []string{
"containers",
"container",
"container-images",
},
Flags: []plugin.Flag{
Expand Down
6 changes: 3 additions & 3 deletions providers/os/connection/docker_container.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,9 @@ func NewDockerContainerConnection(id uint32, conf *inventory.Config, asset *inve
}

// check if we are having a container
data, err := dockerClient.ContainerInspect(context.Background(), asset.Name)
data, err := dockerClient.ContainerInspect(context.Background(), conf.Host)
if err != nil {
return nil, errors.New("cannot find container " + asset.Name)
return nil, errors.New("cannot find container " + conf.Host)
}

if !data.State.Running {
Expand All @@ -70,7 +70,7 @@ func NewDockerContainerConnection(id uint32, conf *inventory.Config, asset *inve
conn := &DockerContainerConnection{
asset: asset,
Client: dockerClient,
container: asset.Name,
container: conf.Host,
kind: "container",
runtime: "docker",
}
Expand Down
41 changes: 36 additions & 5 deletions providers/os/provider/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"go.mondoo.com/cnquery/providers/os/connection/shared"
"go.mondoo.com/cnquery/providers/os/resources"
"go.mondoo.com/cnquery/providers/os/resources/discovery/container_registry"
"go.mondoo.com/cnquery/providers/os/resources/discovery/docker_engine"
)

const (
Expand Down Expand Up @@ -49,8 +50,14 @@ func Init() *Service {
}

func parseDiscover(flags map[string]*llx.Primitive) *inventory.Discovery {
// TODO: parse me...
return &inventory.Discovery{Targets: []string{"auto"}}
discovery := &inventory.Discovery{Targets: []string{"auto"}}
if flag, ok := flags["discover"]; ok && len(flag.Array) > 0 {
discovery.Targets = []string{}
for i := range flag.Array {
discovery.Targets = append(discovery.Targets, string(flag.Array[i].Value))
}
}
return discovery
}

func (s *Service) ParseCLI(req *plugin.ParseCLIReq) (*plugin.ParseCLIRes, error) {
Expand Down Expand Up @@ -199,8 +206,16 @@ func (s *Service) Connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
}

var inv *inventory.Inventory
if conn.Asset().Connections[0].Type == "docker-registry" {
inv, err = s.discover(conn.(*connection.TarConnection))
connType := conn.Asset().Connections[0].Type
switch connType {
case "docker-registry":
tarConn := conn.(*connection.TarConnection)
inv, err = s.discoverRegistry(tarConn)
if err != nil {
return nil, err
}
case "local", "docker-container":
inv, err = s.discoverLocalContainers(conn.Asset().Connections[0])
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -436,7 +451,7 @@ func (s *Service) StoreData(req *plugin.StoreReq) (*plugin.StoreRes, error) {
return &plugin.StoreRes{}, nil
}

func (s *Service) discover(conn *connection.TarConnection) (*inventory.Inventory, error) {
func (s *Service) discoverRegistry(conn *connection.TarConnection) (*inventory.Inventory, error) {
conf := conn.Asset().Connections[0]
if conf == nil {
return nil, nil
Expand All @@ -453,3 +468,19 @@ func (s *Service) discover(conn *connection.TarConnection) (*inventory.Inventory

return inventory, nil
}

func (s *Service) discoverLocalContainers(conf *inventory.Config) (*inventory.Inventory, error) {
if conf == nil {
return nil, nil
}

resolvedAssets, err := docker_engine.DiscoverDockerEngineAssets(conf)
if err != nil {
return nil, err
}

inventory := &inventory.Inventory{}
inventory.AddAssets(resolvedAssets...)

return inventory, nil
}
21 changes: 1 addition & 20 deletions providers/os/resources/discovery/docker_engine/container.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,35 +132,16 @@ func (e *dockerEngineDiscovery) ListContainer() ([]*inventory.Asset, error) {

container := make([]*inventory.Asset, len(dContainers))
for i, dContainer := range dContainers {
name := strings.Join(DockerDisplayNames(dContainer.Names), ",")
asset := &inventory.Asset{
Name: name,
PlatformIds: []string{containerid.MondooContainerID(dContainer.ID)},
Platform: &inventory.Platform{
Kind: "container",
Runtime: "docker-container",
},
Connections: []*inventory.Config{
{
Backend: "docker-engine",
Type: "docker-container",
Host: dContainer.ID,
},
},
State: mapContainerState(dContainer.State),
Labels: make(map[string]string),
}

for key := range dContainer.Labels {
asset.Labels[key] = dContainer.Labels[key]
}

// fetch docker specific metadata
labels := map[string]string{}
labels["mondoo.com/image-id"] = dContainer.ImageID
labels["docker.io/image-name"] = dContainer.Image
labels["docker.io/names"] = name
asset.Labels = labels

container[i] = asset
}
return container, nil
Expand Down
25 changes: 2 additions & 23 deletions providers/os/resources/discovery/docker_engine/images.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (

"github.com/docker/docker/api/types"
"go.mondoo.com/cnquery/providers-sdk/v1/inventory"
"go.mondoo.com/cnquery/providers/os/id/containerid"
)

// be aware that images are prefixed with sha256:, while containers are not
Expand Down Expand Up @@ -53,34 +52,14 @@ func (e *dockerEngineDiscovery) ListImages() ([]*inventory.Asset, error) {
}

asset := &inventory.Asset{
Name: strings.Join(dImg.RepoTags, ","),
PlatformIds: []string{containerid.MondooContainerImageID(digest)},
Platform: &inventory.Platform{
Kind: "container-image",
Runtime: "docker-image",
},
Connections: []*inventory.Config{
{
Backend: "docker-image",
Host: dImg.ID,
Type: "docker-image",
Host: dImg.ID,
},
},
State: inventory.State_STATE_ONLINE,
}

// update labels
labels := map[string]string{}
for key := range dImg.Labels {
labels[key] = dImg.Labels[key]
}

labels["mondoo.com/image-id"] = dImg.ID
// project/repo:5e664d0e,gcr.io/project/repo:5e664d0e
labels["docker.io/tags"] = strings.Join(dImg.RepoTags, ",")
// gcr.io/project/repo@sha256:5248...2bee
labels["docker.io/digests"] = strings.Join(dImg.RepoDigests, ",")
asset.Labels = labels

imgs[i] = asset
}

Expand Down
4 changes: 4 additions & 0 deletions providers/os/resources/discovery/docker_engine/resolver.go
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,10 @@ func DiscoverDockerEngineAssets(conf *inventory.Config) ([]*inventory.Asset, err
// the system is using docker or podman locally
assetList := []*inventory.Asset{}

if conf.Discover == nil {
return assetList, nil
}

// discover running container: container
if stringx.Contains(conf.Discover.Targets, "all") || stringx.Contains(conf.Discover.Targets, DiscoveryContainerRunning) {
ded, err := NewDockerEngineDiscovery()
Expand Down

0 comments on commit 0e7b2f9

Please sign in to comment.