feat: list cluster bom (#151)

Signed-off-by: chenk <[email protected]>
aquasecurity · May 10, 2023 · 7d503d9 · 7d503d9
1 parent 8dbe1f8
commit 7d503d9
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 22 deletions.
diff --git a/examples/trivy.go b/examples/trivy.go
@@ -8,6 +8,7 @@ import (
 	"github.com/aquasecurity/trivy-kubernetes/pkg/artifacts"
 	"github.com/aquasecurity/trivy-kubernetes/pkg/k8s"
 	"github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s"
+
 	"go.uber.org/zap"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/utils/pointer"
@@ -115,11 +116,11 @@ func main() {
 		fmt.Println(a.RawResource)
 	}
 
-	b, err := cluster.CreateClusterBom(ctx)
+	bi, err := trivyk8s.ListBomInfo(ctx)
 	if err != nil {
 		log.Fatal(err)
 	}
-	bb, err := json.Marshal(b)
+	bb, err := json.Marshal(bi)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/pkg/bom/model.go b/pkg/bom/model.go
@@ -1,10 +1,10 @@
 package bom
 
 type Result struct {
-	ID        string      `json:"name"`
-	Type      string      `json:"type,omitempty"`
-	Coponents []Component `json:"packages,omitempty"`
-	NodesInfo []NodeInfo  `json:"NodesInfo,omitempty"`
+	ID         string      `json:"name"`
+	Type       string      `json:"type,omitempty"`
+	Components []Component `json:"components,omitempty"`
+	NodesInfo  []NodeInfo  `json:"nodesInfo,omitempty"`
 }
 
 type Package struct {
@@ -21,12 +21,12 @@ type KeyValue struct {
 }
 
 type Component struct {
-	Type       string   `json:"type,omitempty"`
-	ID         string   `json:"id,omitempty"`
-	Version    string   `json:"version,omitempty"`
-	Repository string   `json:"repository,omitempty"`
-	Registry   string   `json:"registry,omitempty"`
-	Digest     string   `json:"digest,omitempty"`
+	Type       string `json:"type,omitempty"`
+	ID         string `json:"id,omitempty"`
+	Version    string `json:"version,omitempty"`
+	Repository string `json:"repository,omitempty"`
+	Registry   string `json:"registry,omitempty"`
+	Digest     string `json:"digest,omitempty"`
 }
 
 type NodeInfo struct {

diff --git a/pkg/k8s/k8s.go b/pkg/k8s/k8s.go
@@ -317,11 +317,6 @@ func (c *cluster) GetBaseComponent(imageRef name.Reference, imageName name.Refer
 }
 
 func (c *cluster) CollectNodes(components []bom.Component) ([]bom.NodeInfo, error) {
-	name, version, err := c.ClusterNameVersion()
-	if err != nil {
-		return []bom.NodeInfo{}, err
-	}
-	parent := fmt.Sprintf("%s:%s", name, version)
 	nodes, err := c.clientset.CoreV1().Nodes().List(context.Background(), metav1.ListOptions{})
 	if err != nil {
 		return []bom.NodeInfo{}, err
@@ -356,7 +351,6 @@ func (c *cluster) CollectNodes(components []bom.Component) ([]bom.NodeInfo, erro
 			Architecture:            node.Status.NodeInfo.Architecture,
 			NodeRole:                nodeRole,
 			Images:                  images,
-			Parents:                 []string{parent},
 		})
 	}
 	return nodesInfo, nil
@@ -408,10 +402,10 @@ func (c *cluster) getClusterBomInfo(components []bom.Component, nodeInfo []bom.N
 		return nil, err
 	}
 	br := &bom.Result{
-		Coponents: components,
-		ID:        fmt.Sprintf("%s@%s", name, version),
-		Type:      "Cluster",
-		NodesInfo: nodeInfo,
+		Components: components,
+		ID:         fmt.Sprintf("%s@%s", name, version),
+		Type:       "Cluster",
+		NodesInfo:  nodeInfo,
 	}
 	return br, nil
 }

diff --git a/pkg/trivyk8s/trivyk8s.go b/pkg/trivyk8s/trivyk8s.go
@@ -40,6 +40,8 @@ type ArtifactsK8S interface {
 	GetArtifact(context.Context, string, string) (*artifacts.Artifact, error)
 	// ListArtifactAndNodeInfo return kubernete scanable artifact and node info
 	ListArtifactAndNodeInfo(context.Context, ...corev1.Toleration) ([]*artifacts.Artifact, error)
+	// ListBomInfo returns kubernetes Bom (node,core components) information.
+	ListBomInfo(context.Context) ([]*artifacts.Artifact, error)
 }
 
 type client struct {
@@ -174,6 +176,45 @@ func (c *client) ListArtifactAndNodeInfo(ctx context.Context, tolerations ...cor
 	return artifactList, err
 }
 
+// ListBomInfo returns kubernetes Bom (node,core components and etc) information.
+func (c *client) ListBomInfo(ctx context.Context) ([]*artifacts.Artifact, error) {
+	artifactList := make([]*artifacts.Artifact, 0)
+	bom, err := c.cluster.CreateClusterBom(ctx)
+	if err != nil {
+		return []*artifacts.Artifact{}, err
+	}
+
+	for _, c := range bom.Components {
+		rawResource, err := rawResource(&c)
+		if err != nil {
+			return []*artifacts.Artifact{}, err
+		}
+		artifactList = append(artifactList, &artifacts.Artifact{Kind: "Pod", Name: c.ID, RawResource: rawResource})
+	}
+	for _, ni := range bom.NodesInfo {
+		rawResource, err := rawResource(&ni)
+		if err != nil {
+			return []*artifacts.Artifact{}, err
+		}
+		artifactList = append(artifactList, &artifacts.Artifact{Kind: "NodeInfo", Name: ni.NodeName, RawResource: rawResource})
+	}
+	return artifactList, err
+
+}
+
+func rawResource(resource interface{}) (map[string]interface{}, error) {
+	b, err := json.Marshal(resource)
+	if err != nil {
+		return nil, err
+	}
+	var rawResource map[string]interface{}
+	err = json.Unmarshal(b, &rawResource)
+	if err != nil {
+		return nil, err
+	}
+	return rawResource, nil
+}
+
 // GetArtifact return kubernetes scannable artifac.
 func (c *client) GetArtifact(ctx context.Context, kind, name string) (*artifacts.Artifact, error) {
 	gvr, err := c.cluster.GetGVR(kind)