Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow using upstream creds from scan job #209

Merged
merged 6 commits into from
Nov 28, 2022
Merged

Allow using upstream creds from scan job #209

merged 6 commits into from
Nov 28, 2022

Conversation

preslavgerchev
Copy link
Contributor

Allow the scanner to use credentials from an inventory job. Only works if that's enabled via EnableJobCredentials

@preslavgerchev preslavgerchev mentioned this pull request Nov 24, 2022
Merged
chris-rock
chris-rock reviewed Nov 24, 2022
View reviewed changes
policy/scan/local_scanner.go Outdated
spaceMrn := s.spaceMrn
jobCredentials := job.Inventory.Spec.UpstreamCredentals

if s.useJobCredentials && jobCredentials != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

semantically we could call it:

  • useJobCredentials - in this case I would expect that all jobs need their own credentials, no fall back to default credentials
  • allowJobCredentials - here job credentials are optional

Depending on what you want to achieve, we need to decide for the wording and then implement it accordinly

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I went with the latter (AllowJobCredentials) as I feel that's a bit more flexible

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect, makes a lot of sense. We can restrict that further going forward if we need to

chris-rock
chris-rock reviewed Nov 28, 2022
View reviewed changes
policy/scan/local_scanner.go Show resolved Hide resolved
policy/scan/local_scanner.go Outdated Show resolved Hide resolved
chris-rock
chris-rock approved these changes Nov 28, 2022
View reviewed changes
Copy link
Member

@chris-rock chris-rock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @preslavgerchev

@preslavgerchev preslavgerchev merged commit c504b83 into main Nov 28, 2022
@preslavgerchev preslavgerchev deleted the preslav/upstream-creds branch November 28, 2022 18:08
@github-actions github-actions bot locked and limited conversation to collaborators Nov 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@chris-rock chris-rock chris-rock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@preslavgerchev @chris-rock