From b6732c76921cc4491f7eaad6da92f21b083b1627 Mon Sep 17 00:00:00 2001 From: Devang Gaur Date: Tue, 16 Mar 2021 03:50:50 +0530 Subject: [PATCH] policy download refactor (#618) --- pkg/config/global.go | 4 ++-- pkg/initialize/run.go | 44 ++++++++++++++++++----------------- pkg/policy/cloud-providers.go | 2 +- 3 files changed, 26 insertions(+), 24 deletions(-) diff --git a/pkg/config/global.go b/pkg/config/global.go index 91bcc5c7e..20db033b8 100644 --- a/pkg/config/global.go +++ b/pkg/config/global.go @@ -32,8 +32,8 @@ const ( ) var ( - policyRepoPath = filepath.Join(utils.GetHomeDir(), ".terrascan") - policyBasePath = filepath.Join(policyRepoPath, "pkg", "policies", "opa", "rego") + policyBasePath = filepath.Join(utils.GetHomeDir(), ".terrascan") + policyRepoPath = filepath.Join(policyBasePath, "pkg", "policies", "opa", "rego") ) func init() { diff --git a/pkg/initialize/run.go b/pkg/initialize/run.go index cec6f36f9..c7813d0ba 100644 --- a/pkg/initialize/run.go +++ b/pkg/initialize/run.go @@ -18,7 +18,7 @@ package initialize import ( "fmt" - "io/ioutil" + "net/http" "os" "github.com/accurics/terrascan/pkg/config" @@ -29,23 +29,30 @@ import ( ) var ( - basePath = config.GetPolicyRepoPath() - basePolicyPath = config.GetPolicyBasePath() + policyRepoPath = config.GetPolicyRepoPath() + policyBasePath = config.GetPolicyBasePath() repoURL = config.GetPolicyRepoURL() branch = config.GetPolicyBranch() + noConnectionErr = fmt.Errorf("could not connect to github.com") ) +const terrascanReadmeURL string = "https://raw.githubusercontent.com/accurics/terrascan/master/README.md" + // Run initializes terrascan if not done already func Run(isScanCmd bool) error { zap.S().Debug("initializing terrascan") // check if policy paths exist - if path, err := os.Stat(basePolicyPath); err == nil && path.IsDir() { + if path, err := os.Stat(policyRepoPath); err == nil && path.IsDir() { if isScanCmd { return nil } } + if !connected(terrascanReadmeURL) { + return noConnectionErr + } + // download policies if err := DownloadPolicies(); err != nil { return err @@ -59,17 +66,17 @@ func Run(isScanCmd bool) error { func DownloadPolicies() error { zap.S().Debug("downloading policies") - tempPath, err := ioutil.TempDir("", "terrascan-") - if err != nil { - return fmt.Errorf("failed to create temporary directory. error: '%v'", err) - } + zap.S().Debugf("base directory path : %s", policyBasePath) + zap.S().Debugf("policy directory path : %s", policyRepoPath) + zap.S().Debugf("policy repo url : %s", repoURL) + zap.S().Debugf("policy repo git branch : %s", branch) - defer os.RemoveAll(tempPath) + os.RemoveAll(policyBasePath) - zap.S().Debugf("cloning terrascan repo at %s", tempPath) + zap.S().Debugf("cloning terrascan repo at %s", policyBasePath) // clone the repo - r, err := git.PlainClone(tempPath, false, &git.CloneOptions{ + r, err := git.PlainClone(policyBasePath, false, &git.CloneOptions{ URL: repoURL, }) if err != nil { @@ -99,15 +106,10 @@ func DownloadPolicies() error { return fmt.Errorf("failed to checkout git branch '%v'. error: '%v'", branch, err) } - // cleaning the existing cached policies at basePath - if err = os.RemoveAll(basePath); err != nil { - return fmt.Errorf("failed to clean up the directory '%s'. error: '%v'", basePath, err) - } - - // move the freshly cloned repo from tempPath to basePath - if err = os.Rename(tempPath, basePath); err != nil { - return fmt.Errorf("failed to install policies to '%s'. error: '%v'", basePath, err) - } - return nil } + +func connected(url string) bool { + _, err := http.Get(url) + return err == nil +} diff --git a/pkg/policy/cloud-providers.go b/pkg/policy/cloud-providers.go index 9bf75f140..447fae88e 100644 --- a/pkg/policy/cloud-providers.go +++ b/pkg/policy/cloud-providers.go @@ -50,7 +50,7 @@ var defaultIacType = make(map[supportedCloudType]supportedIacType) var defaultIacVersion = make(map[supportedCloudType]supportedIacVersion) var ( - basePolicyPath = config.GetPolicyBasePath() + basePolicyPath = config.GetPolicyRepoPath() ) func registerActualCloudProvider(cloudType supportedCloudType, iacTypeDefault supportedIacType, iacVersionDefault supportedIacVersion, isIndirect bool, getPolicyPaths func() []string) {