🐛 Pass in config and user-provided annotations. (#799)

mondoohq · Oct 4, 2023 · 446ece0 · 446ece0
1 parent 043e7ee
commit 446ece0
Show file tree

Hide file tree

Showing 4 changed files with 217 additions and 175 deletions.
diff --git a/apps/cnspec/cmd/scan.go b/apps/cnspec/cmd/scan.go
@@ -185,6 +185,7 @@ type scanConfig struct {
 	PolicyPaths []string
 	PolicyNames []string
 	Props       map[string]string
+	Annotations map[string]string
 	Bundle      *policy.Bundle
 	runtime     *providers.Runtime
 
@@ -211,6 +212,20 @@ func getCobraScanConfig(cmd *cobra.Command, runtime *providers.Runtime, cliRes *
 	if err != nil {
 		log.Fatal().Err(err).Msg("failed to parse inventory")
 	}
+
+	annotations, err := cmd.Flags().GetStringToString("annotation")
+	if err != nil {
+		log.Fatal().Err(err).Msg("failed to parse annotations")
+	}
+
+	// merge the config and the user-provided annotations with the latter having precedence
+	optAnnotations := opts.Annotations
+	if optAnnotations == nil {
+		optAnnotations = map[string]string{}
+	}
+	for k, v := range annotations {
+		optAnnotations[k] = v
+	}
 	conf := scanConfig{
 		Features:       opts.GetFeatures(),
 		IsIncognito:    viper.GetBool("incognito"),
@@ -220,6 +235,7 @@ func getCobraScanConfig(cmd *cobra.Command, runtime *providers.Runtime, cliRes *
 		ScoreThreshold: viper.GetInt("score-threshold"),
 		Props:          props,
 		runtime:        runtime,
+		Annotations:    optAnnotations,
 	}
 
 	// if users want to get more information on available output options,
@@ -332,6 +348,7 @@ func RunScan(config *scanConfig, scannerOpts ...scan.ScannerOption) (*policy.Rep
 				Bundle:        config.Bundle,
 				PolicyFilters: config.PolicyNames,
 				Props:         config.Props,
+				Annotations:   config.Annotations,
 			})
 	} else {
 		res, err = scanner.Run(
@@ -341,6 +358,7 @@ func RunScan(config *scanConfig, scannerOpts ...scan.ScannerOption) (*policy.Rep
 				Bundle:        config.Bundle,
 				PolicyFilters: config.PolicyNames,
 				Props:         config.Props,
+				Annotations:   config.Annotations,
 			})
 	}
 

diff --git a/policy/scan/local_scanner.go b/policy/scan/local_scanner.go
@@ -317,6 +317,8 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up
 
 	justAssets := []*inventory.Asset{}
 	for _, asset := range assets {
+		// apply all annotations to the assets to be scanned
+		asset.asset.AddAnnotations(job.GetAnnotations())
 		asset.asset.KindString = asset.asset.GetPlatform().Kind
 		for k, v := range runtimeLabels {
 			if asset.asset.Labels == nil {