(fix) CVE report not showing

Unauthenticated GET calls to Harbor are no longer supported, so
the build out of the CVE report link was not working due to the
empty information behind retrieved from Harbor. This commit updates
the GET calls to Harbor to use a netrc for authentication.

Change-Id: I65a8ecf2d567f4ac9293dc8d5f39ab40cdca4c84

charts/jarvis-system/templates/Secret-harbor-netrc.yaml

@@ -0,0 +1,11 @@
+{{- define "Secret-harbor-netrc" -}}
+{{- $HARBOR_URL := $.Values.params.harbor.dashboard.host -}}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ template "helpers.labels.fullname" . }}-harbor-netrc
+data:
+  harbor-netrc: {{ b64enc ( printf "machine %s login %s password %s" $HARBOR_URL $.Values.config.test.ldap_username $.Values.config.test.ldap_password ) }}
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Secret-harbor-netrc" ) }}

charts/jarvis-system/templates/Task-createFailure.yaml

@@ -21,12 +21,14 @@ spec:
         - name: gerrit-netrc
           mountPath: /run/jarvis/gerrit-netrc
           subPath: gerrit-netrc
+        - name: harbor-netrc
+          mountPath: /run/jarvis/harbor-netrc
       script: |
         #!/bin/bash
         set -eu -o pipefail -x
 
         # Get project information from Harbor
-        PROJECT_INFO=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H  "accept: application/json")
+        PROJECT_INFO=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H  "accept: application/json")
         PROJECT_ID=$(echo $PROJECT_INFO | jq -r '.project'[0].'project_id')
 
         # Get the taskRun uid from the microflow-setup-image pod
@@ -47,7 +49,7 @@ spec:
         if [ $REPO_COUNT -gt 0 ]; then
             REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}')
             # Grabs the SHA256 of the corresponding artifact based off taskrun uid
-            SHA256=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H  "accept: application/json" | jq -r '.digest')
+            SHA256=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H  "accept: application/json" | jq -r '.digest')
             MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}"
         fi
 
@@ -90,6 +92,10 @@ spec:
         items:
           - key: gerrit-netrc
             path: gerrit-netrc
+    - name: harbor-netrc
+      secret:
+        secretName: {{ template "helpers.labels.fullname" . }}-harbor-netrc
+        defaultMode: 0444
 ...
 {{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createFailure" ) }}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createFailure" ) }}

charts/jarvis-system/templates/Task-createSuccess.yaml

@@ -21,12 +21,15 @@ spec:
         - name: gerrit-netrc
           mountPath: /run/jarvis/gerrit-netrc
           subPath: gerrit-netrc
+        - name: harbor-netrc
+          mountPath: /run/jarvis/harbor-netrc
+
       script: |
         #!/bin/bash
         set -eu -o pipefail -x
 
         # Get project information from Harbor
-        PROJECT_INFO=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H  "accept: application/json")
+        PROJECT_INFO=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H  "accept: application/json")
         PROJECT_ID=$(echo $PROJECT_INFO | jq -r '.project'[0].'project_id')
 
         # Get the taskRun uid from the microflow-setup-image pod
@@ -47,7 +50,7 @@ spec:
         if [ $REPO_COUNT -gt 0 ]; then
             REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}')
             # Grabs the SHA256 of the corresponding artifact based off taskrun uid
-            SHA256=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H  "accept: application/json" | jq -r '.digest')
+            SHA256=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H  "accept: application/json" | jq -r '.digest')
             MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}"
         fi
 
@@ -90,6 +93,10 @@ spec:
         items:
           - key: gerrit-netrc
             path: gerrit-netrc
+    - name: harbor-netrc
+      secret:
+        secretName: {{ template "helpers.labels.fullname" . }}-harbor-netrc
+        defaultMode: 0444
 ...
 {{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createSuccess" ) }}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createSuccess" ) }}

charts/jarvis-system/values.yaml

@@ -67,4 +67,9 @@ params:
       orgid: 1
   harbor:
     dashboard:
-      host: harbor-core.jarvis.local
+      host: harbor-core.jarvis.local
+
+config:
+  test:
+    ldap_username: jarvis
+    ldap_password: password