Collect jobs on finish and improved error handling (#9)

* Collect jobs on finish and improved error handling

* Update go version in ci.yaml

* tidy mods

* add inline_scanning_extra_params options

Author: airadier

.github/workflows/ci.yaml

@@ -17,7 +17,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v2
       with:
-        go-version: ^1.14
+        go-version: ^1.16
 
     - name: Check out code
       uses: actions/checkout@v2

Makefile

@@ -1,6 +1,10 @@
+.PHONY: test
+
 test:
 	ginkgo -randomizeAllSpecs -randomizeSuites -failOnPending -trace -race -progress -cover -r
 
 docker:
 	docker build -f build/Dockerfile -t sysdiglabs/harbor-scanner-sysdig-secure .
+
+push:
 	docker push sysdiglabs/harbor-scanner-sysdig-secure

build/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.14 as builder
+FROM golang:1.16 as builder
 WORKDIR /harbor-scanner-sysdig-secure
 COPY go.mod go.sum ./
 COPY . .

cmd/harbor-scanner-sysdig-secure/main.go

@@ -47,6 +47,7 @@ func configure() error {
 	pflag.Bool("inline_scanning", false, "Use Inline Scanning Adapter")
 	pflag.String("namespace_name", "", "Namespace where inline scanning jobs are spawned")
 	pflag.String("secret_name", "", "Secret which keeps the inline scanning secrets ")
+	pflag.String("inline_scanning_extra_params", "", "Extra parameters to provide to inline-scanner")
 
 	pflag.VisitAll(func(flag *pflag.Flag) { viper.BindPFlag(flag.Name, flag) })
 
@@ -77,13 +78,16 @@ func getAdapter() scanner.Adapter {
 		if err != nil {
 			log.Fatal(err)
 		}
+
 		return scanner.NewInlineAdapter(
 			client,
 			clientset,
 			viper.GetString("secure_url"),
 			viper.GetString("namespace_name"),
 			viper.GetString("secret_name"),
-			viper.GetBool("verify_ssl"))
+			viper.GetString("inline_scanning_extra_params"),
+			viper.GetBool("verify_ssl"),
+			log.StandardLogger())
 	}
 
 	log.Info("Using backend-scanning adapter")

docs/install.md

@@ -46,67 +46,22 @@ kubectl --namespace harbor-scanner-sysdig-secure port-forward $POD_NAME 8080:80
 And that's it. The new scanner adapter is deployed. Now is time to tell Harbor
 to use it, and you can find [how to configure Harbor to use Sysdig Secure Scanner Adapter](#configuring-harbor-to-use-sysdig-secure-scanner-adapter) a few lines below.
 
-### Using Inline Scanning instead of Backend Scanning
+### Using Backend Scanning instead of Inline Scanning
 
-The Inline Scanning requires a bit more of configuration. We will use a file
-to keep these settings:
+This mode is not recommended and it is supported only for legacy purposes.
+
+You will need to disable inline scan by setting `inlineScanning.enabled: false` in the values.yaml:
 
 ```yaml
 sysdig:
   secure:
     apiToken: XXX
 
 inlineScanning:
-  enabled: true
-  harbor:
-    robotAccount:
-      name: robotAccount
-      password: XXX
-    CA: |
-      -----BEGIN CERTIFICATE-----
-      ...
-      -----END CERTIFICATE-----
-```
-
-You already know [how to get the Sysdig Secure API Token](#obtaining-the-sysdig-secure-api-token)
-so that we can go to next steps.
-
-Next step is about the robot account. As long as this mode uses `docker` command
-under the hoods to perform the scanning, we need to authenticate against
-the registry using `docker`, and we will do it using a robot acount. Harbor
-folks did a pretty good job documenting [how to create a robot account](https://goharbor.io/docs/1.10/working-with-projects/project-configuration/create-robot-accounts/).
-Once you created the account, be sure you fill the values under
-`inlineScanning.harbor.robotAccount` key.
-
-Next step is to get and configure the CA certificate that Harbor uses. Again,
-Harbor folks did a great job documenting [how to download the CA certificate](https://goharbor.io/docs/1.10/working-with-projects/working-with-images/pulling-pushing-images/#download-the-harbor-certificate).
-Once you have the certificate, ensure is under the `inlineScanning.harbor.CA` key.
-Pay attention to the `|` pipe symbol because we need to keep it raw.
-
-Finally, next step is to deploy the scanner adapter:
-
-```
-$ helm repo add sysdiglabs https://sysdiglabs.github.io/charts
-"sysdiglabs" has been added to your repositories
-
-$ kubectl create namespace harbor-scanner-sysdig-secure
-namespace/harbor-scanner-sysdig-secure created
-
-$ helm -n harbor-scanner-sysdig-secure install harbor-scanner-sysdig-secure -f values.yaml sysdiglabs/harbor-scanner-sysdig-secure
-NAME: harbor-scanner-sysdig-secure
-LAST DEPLOYED: Tue Jun  9 13:38:12 2020
-NAMESPACE: harbor-scanner-sysdig-secure
-STATUS: deployed
-REVISION: 1
-NOTES:
-1. Get the application URL by running these commands:
-
-export POD_NAME=$(kubectl get pods --namespace harbor-scanner-sysdig-secure -l "app.kubernetes.io/name=harbor-scanner-sysdig-secure,app.kubernetes.io/instance=harbor-scanner-sysdig-secure" -o jsonpath="{.items[0].metadata.name}")
-echo "Visit http://127.0.0.1:8080 to use your application"
-kubectl --namespace harbor-scanner-sysdig-secure port-forward $POD_NAME 8080:80
+  enabled: false
 ```
 
-And once we deployed the scanner adapter, is time to tell Harbor to use it.
+You already know [how to get the Sysdig Secure API Token](#obtaining-the-sysdig-secure-api-token).
 
 ## Configuring Harbor to use Sysdig Secure Scanner Adapter
 

go.mod

@@ -1,18 +1,17 @@
 module github.com/sysdiglabs/harbor-scanner-sysdig-secure
 
-go 1.14
+go 1.16
 
 require (
 	github.com/golang/mock v1.4.3
 	github.com/gorilla/handlers v1.4.2
 	github.com/gorilla/mux v1.7.4
-	github.com/onsi/ginkgo v1.12.0
-	github.com/onsi/gomega v1.7.1
+	github.com/onsi/ginkgo v1.16.4
+	github.com/onsi/gomega v1.10.1
 	github.com/sirupsen/logrus v1.5.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.7.0
-	golang.org/x/sys v0.0.0-20200513112337-417ce2331b5c // indirect
-	k8s.io/api v0.18.2
-	k8s.io/apimachinery v0.18.2
-	k8s.io/client-go v0.18.2
+	k8s.io/api v0.19.13
+	k8s.io/apimachinery v0.19.13
+	k8s.io/client-go v0.19.13
 )