moved the validateimage files to a separate tools directory

knative · Sep 12, 2019 · 595333b · 595333b
1 parent db34047
commit 595333b
Show file tree

Hide file tree

Showing 7 changed files with 243 additions and 31 deletions.
diff --git a/images/validate-image/Dockerfile b/images/validate-image/Dockerfile
@@ -0,0 +1,30 @@
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM golang:1.12.1
+RUN apt-get update
+
+ENV TEMP_REPO_DIR /go/src/knative.dev/test-infra
+ENV TOOL_NAME validate-image
+
+# Temporarily add test-infra to the image to build custom tools
+ADD ./ $TEMP_REPO_DIR
+
+RUN make -C $TEMP_REPO_DIR/tools/$TOOL_NAME/
+RUN cp $TEMP_REPO_DIR/tools/$TOOL_NAME/$TOOL_NAME /$TOOL_NAME
+
+# Remove test-infra from the container
+RUN rm -fr $TEMP_REPO_DIR
+
+ENTRYPOINT ["/validate-image"]
diff --git a/images/validate-image/Makefile b/images/validate-image/Makefile
@@ -0,0 +1,16 @@
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+IMAGE_NAME = validate-image
+include ../../shared/Makefile.simple-image
diff --git a/tools/monitoring/main.go b/tools/monitoring/main.go
@@ -30,7 +30,6 @@ import (
 	"knative.dev/test-infra/tools/monitoring/mail"
 	msql "knative.dev/test-infra/tools/monitoring/mysql"
 	"knative.dev/test-infra/tools/monitoring/subscriber"
-	"knative.dev/test-infra/tools/monitoring/valimage"
 )
 
 var (
@@ -83,12 +82,6 @@ func main() {
 	}
 	alertClient.RunAlerting()
 
-	imageClient, err := valimage.Setup(mailConfig)
-	if err != nil {
-		log.Fatalf("Failed to set up image vulernabilties monitoring. Error: %v\n", err)
-	}
-	imageClient.Run()
-
 	// use PORT environment variable, or default to 8080
 	port := "8080"
 	if fromEnv := os.Getenv("PORT"); fromEnv != "" {

diff --git a/tools/validate-image/Makefile b/tools/validate-image/Makefile
@@ -0,0 +1,16 @@
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+all:
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build .
diff --git a/tools/validate-image/gke_deployment/validate_service.yaml b/tools/validate-image/gke_deployment/validate_service.yaml
@@ -0,0 +1,72 @@
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: validate-image
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: validate-image-service
+  namespace: validate-image
+  labels:
+    app: validate-image
+spec:
+  type: LoadBalancer
+  ports:
+  - port: 80
+    targetPort: http-server
+  selector:
+    app: validate-image
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: validate-image-app
+  namespace: validate-image
+  labels:
+    app: validate-image
+spec:
+  template:
+    metadata:
+      labels:
+        app: validate-image
+    spec:
+      containers:
+      - name: validate-image-app
+        image: gcr.io/knative-tests/test-infra/validate-image:latest
+        command: ["/validate-image"]
+        env:
+        - name: GOOGLE_APPLICATION_CREDENTIALS
+          value: /secrets/google-app-credential/knative-monitoring-credential.json
+        imagePullPolicy: Always
+        ports:
+        - name: http-server
+          containerPort: 8080
+        volumeMounts:
+        - name: sender-email-credentials
+          mountPath: /secrets/sender-email
+          readOnly: true
+        - name: google-app-credentials
+          mountPath: /secrets/google-app-credential/
+          readOnly: true
+      volumes:
+      - name: sender-email-credentials
+        secret:
+          secretName: sender-email-credentials
+      - name: google-app-credentials
+        secret:
+          secretName: google-app-credentials
diff --git a/tools/validate-image/main.go b/tools/validate-image/main.go
@@ -0,0 +1,65 @@
+// Copyright 2019 The Knative Authors
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+
+	"knative.dev/test-infra/tools/monitoring/mail"
+)
+
+func main() {
+	mailAddrSF := flag.String("sender-email", "/secrets/sender-email/mail", "Alert sender email address file")
+	mailPassSF := flag.String("sender-password", "/secrets/sender-email/password", "Alert sender email password file")
+	flag.Parse()
+
+	mailConfig, err := mail.NewMailConfig(*mailAddrSF, *mailPassSF)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	imageClient, err := NewValidateImageClient(mailConfig)
+	if err != nil {
+		log.Fatalf("Failed to create ValidateImageClient. Error: %v\n", err)
+	}
+	imageClient.Run()
+
+	// use PORT environment variable, or default to 8080
+	port := "8080"
+	if fromEnv := os.Getenv("PORT"); fromEnv != "" {
+		port = fromEnv
+	}
+
+	// register hello function to handle all requests
+	server := http.NewServeMux()
+	server.HandleFunc("/validate-image", validateImage)
+
+	// start the web server on port and accept requests
+	log.Printf("Server listening on port %s", port)
+	err = http.ListenAndServe(":"+port, server)
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func validateImage(w http.ResponseWriter, r *http.Request) {
+	log.Printf("Serving request: %s", r.URL.Path)
+
+	fmt.Fprintf(w, "Last validate-image alert sent: %v\n", lastSent)
+}
diff --git a/tools/monitoring/valimage/valImage.go → tools/validate-image/valImage.go b/tools/monitoring/valimage/valImage.go → tools/validate-image/valImage.go
@@ -12,18 +12,18 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package valimage
+package main
 
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"log"
+	"time"
 
 	"cloud.google.com/go/pubsub"
-
-	"github.com/knative/test-infra/tools/monitoring/mail"
-	"github.com/knative/test-infra/tools/monitoring/subscriber"
+	"knative.dev/test-infra/tools/monitoring/mail"
+	"knative.dev/test-infra/tools/monitoring/subscriber"
 )
 
 var (
@@ -32,7 +32,15 @@ var (
 		"sub-container-analysis-notes-v1beta1",
 		"sub-container-analysis-occurrences-v1beta1",
 	}
-	recipients = []string{"[email protected]"}
+	//recipients = []string{"[email protected]"}
+	recipients = []string{"[email protected]"}
+
+	// alertFreq is the minimum wait time before sending another image vulnerability alert
+	alertFreq = 24 * time.Hour
+
+	// Cache the last alert time in memory to prevent multiple image
+	// vulnerability alerts sent in a short duration of time.
+	lastSent = time.Time{}
 )
 
 // Client holds resources for monitoring image vulnerabilities
@@ -41,15 +49,18 @@ type Client struct {
 	mailClient *mail.Config
 }
 
-// Setup initialize all the resources for monitoring image vulnerabilities
-func Setup(mconfig *mail.Config) (*Client, error) {
-	var subClients []*subscriber.Client
+// NewValidateImageClient initialize all the resources for monitoring image vulnerabilities
+func NewValidateImageClient(mconfig *mail.Config) (*Client, error) {
+	var subClients = make([]*subscriber.Client, 0)
+
 	for _, sub := range monitoringSubs {
-		sub, err := subscriber.NewSubscriberClient(sub)
+		log.Printf("Appending sub: %v\n", sub)
+		subc, err := subscriber.NewSubscriberClient(sub)
 		if err != nil {
 			return nil, err
 		}
-		subClients = append(subClients, sub)
+		subClients = append(subClients, subc)
+		log.Printf("subclients: %v\n", subClients)
 	}
 
 	return &Client{
@@ -62,23 +73,32 @@ func Setup(mconfig *mail.Config) (*Client, error) {
 func (c *Client) Run() {
 	log.Println("Starting image vulnerabilities monitoring")
 	for _, sub := range c.subClients {
-		go func() {
-			err := sub.Receive(context.Background(), func(ctx context.Context, msg *pubsub.Message) {
-				c.sendMessage(msg)
-				msg.Ack()
-			})
-			if err != nil {
-				log.Printf("Failed to receive messages due to: %v\n", err)
-			}
-		}()
+		c.listen(sub)
 	}
 }
 
-func (c *Client) sendMessage(msg *pubsub.Message) {
-	err := c.mailClient.Send(recipients, "Image Vulnerabilities Detected", toMailContent(msg))
-	if err != nil {
-		log.Printf("Failed to send alert message %v\n", err)
-	}
+func (c *Client) listen(subClient *subscriber.Client) {
+	go func() {
+		err := subClient.Receive(context.Background(), func(ctx context.Context, msg *pubsub.Message) {
+			log.Printf("Message: %v\n", string(msg.Data))
+			log.Printf("Pubsub Message: %v\n", msg)
+
+			if time.Now().Sub(lastSent) > alertFreq {
+				err := c.mailClient.Send(recipients, "Image Vulnerabilities Detected", toMailContent(msg))
+				if err != nil {
+					log.Printf("Failed to send alert message %v\n", err)
+				} else {
+					lastSent = time.Now()
+				}
+			} else {
+				log.Println("Message not sent because an alert is sent recently.")
+			}
+			msg.Ack()
+		})
+		if err != nil {
+			log.Printf("Failed to receive messages due to: %v\n", err)
+		}
+	}()
 }
 
 func toMailContent(msg *pubsub.Message) string {