feat: add pod namespace as tag in dtrack project (#157)

* feat: add pod namespace as tag in dtrack project This PR is to add the namespace name as tag in project of dtrack Fixes: #156 * Updated processbom interface with required args
ckotzbauer · Aug 29, 2022 · 11ba433 · 11ba433
1 parent 56e8ab4
commit 11ba433
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 10 deletions.
diff --git a/internal/processor/processor.go b/internal/processor/processor.go
@@ -96,7 +96,7 @@ func (p *Processor) scanPod(pod libk8s.PodInfo) {
 		}
 
 		for _, t := range p.Targets {
-			err = t.ProcessSbom(container.Image, sbom)
+			err = t.ProcessSbom(container.Image, sbom, pod.PodNamespace)
 			errOccurred = errOccurred || err != nil
 		}
 	}

diff --git a/internal/target/dtrack/dtrack_target.go b/internal/target/dtrack/dtrack_target.go
@@ -23,9 +23,10 @@ type DependencyTrackTarget struct {
 }
 
 const (
-	kubernetesCluster = "kubernetes-cluster"
-	sbomOperator      = "sbom-operator"
-	rawImageId        = "raw-image-id"
+	kubernetesCluster  = "kubernetes-cluster"
+	sbomOperator       = "sbom-operator"
+	rawImageId         = "raw-image-id"
+	podNamespaceTagKey = "namespace"
 )
 
 func NewDependencyTrackTarget(baseUrl, apiKey, k8sClusterId string) *DependencyTrackTarget {
@@ -49,7 +50,7 @@ func (g *DependencyTrackTarget) ValidateConfig() error {
 func (g *DependencyTrackTarget) Initialize() {
 }
 
-func (g *DependencyTrackTarget) ProcessSbom(image *libk8s.RegistryImage, sbom string) error {
+func (g *DependencyTrackTarget) ProcessSbom(image *libk8s.RegistryImage, sbom string, podNamespace string) error {
 	projectName, version := getRepoWithVersion(image)
 
 	if sbom == "" {
@@ -93,7 +94,10 @@ func (g *DependencyTrackTarget) ProcessSbom(image *libk8s.RegistryImage, sbom st
 	if !containsTag(project.Tags, rawImageId) {
 		project.Tags = append(project.Tags, dtrack.Tag{Name: fmt.Sprintf("%s=%s", rawImageId, image.ImageID)})
 	}
-
+	podNamespaceTag := podNamespaceTagKey + "=" + podNamespace
+	if !containsTag(project.Tags, podNamespaceTag) {
+		project.Tags = append(project.Tags, dtrack.Tag{Name: podNamespaceTag})
+	}
 	_, err = client.Project.Update(context.Background(), project)
 	if err != nil {
 		logrus.WithError(err).Errorf("Could not update project tags")

diff --git a/internal/target/git/git_target.go b/internal/target/git/git_target.go
@@ -67,7 +67,7 @@ func (g *GitTarget) Initialize() {
 	g.gitAccount.PrepareRepository(g.repository, g.workingTree, g.branch)
 }
 
-func (g *GitTarget) ProcessSbom(image *libk8s.RegistryImage, sbom string) error {
+func (g *GitTarget) ProcessSbom(image *libk8s.RegistryImage, sbom string, podNamespace string) error {
 	imageID := image.ImageID
 	filePath := g.ImageIDToFilePath(imageID)
 

diff --git a/internal/target/oci/oci_target.go b/internal/target/oci/oci_target.go
@@ -50,7 +50,7 @@ func (g *OciTarget) ValidateConfig() error {
 func (g *OciTarget) Initialize() {
 }
 
-func (g *OciTarget) ProcessSbom(image *libk8s.RegistryImage, sbom string) error {
+func (g *OciTarget) ProcessSbom(image *libk8s.RegistryImage, sbom string, podNamespace string) error {
 	ref, err := name.ParseReference(image.ImageID)
 	if err != nil {
 		logrus.WithError(err).Errorf("failed to parse reference %s", image.ImageID)

diff --git a/internal/target/oci/oci_target_test.go b/internal/target/oci/oci_target_test.go
@@ -16,6 +16,6 @@ func TestOci(t *testing.T) {
 	assert.NoError(t, err)
 
 	img := liboci.RegistryImage{ImageID: os.Getenv("TEST_DIGEST")}
-	err = oci.ProcessSbom(&img, string(sbom))
+	err = oci.ProcessSbom(&img, string(sbom), "TEST_NAMESPACE")
 	assert.NoError(t, err)
 }
diff --git a/internal/target/target.go b/internal/target/target.go
@@ -7,7 +7,7 @@ import (
 type Target interface {
 	Initialize()
 	ValidateConfig() error
-	ProcessSbom(image *libk8s.RegistryImage, sbom string) error
+	ProcessSbom(image *libk8s.RegistryImage, sbom string, podNamespace string) error
 	LoadImages() []*libk8s.RegistryImage
 	Remove(images []*libk8s.RegistryImage)
 }