Merge "(fix) CVE report not showing"

2021-03-15 17:05:36 +00:00 · 2021-03-15 17:05:36 +00:00 · ac4a99c0b3
commit ac4a99c0b3
parent 3778366fac 919809dd06
4 changed files with 36 additions and 7 deletions
--- a/charts/jarvis-system/templates/Secret-harbor-netrc.yaml
+++ b/charts/jarvis-system/templates/Secret-harbor-netrc.yaml
@ -0,0 +1,11 @@
+{{- define "Secret-harbor-netrc" -}}
+{{- $HARBOR_URL := $.Values.params.harbor.dashboard.host -}}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ template "helpers.labels.fullname" . }}-harbor-netrc
+data:
+  harbor-netrc: {{ b64enc ( printf "machine %s login %s password %s" $HARBOR_URL $.Values.config.test.ldap_username $.Values.config.test.ldap_password ) }}
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Secret-harbor-netrc" ) }}
--- a/charts/jarvis-system/templates/Task-createFailure.yaml
+++ b/charts/jarvis-system/templates/Task-createFailure.yaml
@ -21,12 +21,14 @@ spec:
        - name: gerrit-netrc
          mountPath: /run/jarvis/gerrit-netrc
          subPath: gerrit-netrc
+        - name: harbor-netrc
+          mountPath: /run/jarvis/harbor-netrc
      script: |
        #!/bin/bash
        set -eu -o pipefail -x

        # Get project information from Harbor
-        PROJECT_INFO=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H  "accept: application/json")
+        PROJECT_INFO=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H  "accept: application/json")
        PROJECT_ID=$(echo $PROJECT_INFO | jq -r '.project'[0].'project_id')

        # Get the taskRun uid from the microflow-setup-image pod
@ -47,7 +49,7 @@ spec:
        if [ $REPO_COUNT -gt 0 ]; then
            REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}')
            # Grabs the SHA256 of the corresponding artifact based off taskrun uid
-            SHA256=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H  "accept: application/json" | jq -r '.digest')
+            SHA256=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H  "accept: application/json" | jq -r '.digest')
            MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}"
        fi

@ -90,6 +92,10 @@ spec:
        items:
          - key: gerrit-netrc
            path: gerrit-netrc
+    - name: harbor-netrc
+      secret:
+        secretName: {{ template "helpers.labels.fullname" . }}-harbor-netrc
+        defaultMode: 0444
 ...
 {{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createFailure" ) }}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createFailure" ) }}
--- a/charts/jarvis-system/templates/Task-createSuccess.yaml
+++ b/charts/jarvis-system/templates/Task-createSuccess.yaml
@ -21,12 +21,15 @@ spec:
        - name: gerrit-netrc
          mountPath: /run/jarvis/gerrit-netrc
          subPath: gerrit-netrc
+        - name: harbor-netrc
+          mountPath: /run/jarvis/harbor-netrc
+
      script: |
        #!/bin/bash
        set -eu -o pipefail -x

        # Get project information from Harbor
-        PROJECT_INFO=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H  "accept: application/json")
+        PROJECT_INFO=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H  "accept: application/json")
        PROJECT_ID=$(echo $PROJECT_INFO | jq -r '.project'[0].'project_id')

        # Get the taskRun uid from the microflow-setup-image pod
@ -47,7 +50,7 @@ spec:
        if [ $REPO_COUNT -gt 0 ]; then
            REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}')
            # Grabs the SHA256 of the corresponding artifact based off taskrun uid
-            SHA256=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H  "accept: application/json" | jq -r '.digest')
+            SHA256=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H  "accept: application/json" | jq -r '.digest')
            MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}"
        fi

@ -90,6 +93,10 @@ spec:
        items:
          - key: gerrit-netrc
            path: gerrit-netrc
+    - name: harbor-netrc
+      secret:
+        secretName: {{ template "helpers.labels.fullname" . }}-harbor-netrc
+        defaultMode: 0444
 ...
 {{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createSuccess" ) }}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createSuccess" ) }}
--- a/charts/jarvis-system/values.yaml
+++ b/charts/jarvis-system/values.yaml
@ -67,4 +67,9 @@ params:
      orgid: 1
  harbor:
    dashboard:
-      host: harbor-core.jarvis.local
+      host: harbor-core.jarvis.local
+
+config:
+  test:
+    ldap_username: jarvis
+    ldap_password: password