using the new options column

ManageIQ · Jul 18, 2017 · 98c29af · 98c29af
1 parent 651a0d0
commit 98c29af
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 9 deletions.
diff --git a/app/models/manageiq/providers/kubernetes/container_manager.rb b/app/models/manageiq/providers/kubernetes/container_manager.rb
@@ -14,6 +14,7 @@ class ManageIQ::Providers::Kubernetes::ContainerManager < ManageIQ::Providers::C
   require_nested :Scanning
 
   include ManageIQ::Providers::Kubernetes::ContainerManagerMixin
+  include ManageIQ::Providers::Kubernetes::ContainerManager::Options
 
   # This is the API version that we use and support throughout the entire code
   # (parsers, events, etc.). It should be explicitly selected here and not

diff --git a/app/models/manageiq/providers/kubernetes/container_manager/options.rb b/app/models/manageiq/providers/kubernetes/container_manager/options.rb
@@ -0,0 +1,41 @@
+module ManageIQ::Providers::Kubernetes::ContainerManager::Options
+  extend ActiveSupport::Concern
+
+  def settings_options
+    {
+      :image_inspector_options => {
+        :http_proxy  => {
+          :label     => N_('HTTP Proxy'),
+          :help_text => N_('HTTP Proxy to connect image inspector pods to the internet'),
+        },
+        :https_proxy => {
+          :label     => N_('HTTPS Proxy'),
+          :help_text => N_('HTTPS Proxy to connect image inspector pods to the internet'),
+        },
+        :no_proxy    => {
+          :label     => N_('NO Proxy'),
+          :help_text => N_('NO Proxy lists urls that should\'nt be sent to any proxy'),
+        },
+        :repository  => {
+          :label          => N_('Image-Inspector Repository'),
+          :help_text      => N_('Image-Inspector Repository'),
+          :global_default => Settings.ems.ems_kubernetes.image_inspector_repository,
+        },
+        :registry    => {
+          :label          => N_('Image-Inspector Registry'),
+          :help_text      => N_('Registry to provide the image inspector repository'),
+          :global_default => Settings.ems.ems_kubernetes.image_inspector_registry,
+        },
+        :image_tag   => {
+          :label          => N_('Image-Inspector Tag'),
+          :help_text      => N_('Image-Inspector image tag'),
+          :global_default => ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job::INSPECTOR_IMAGE_TAG,
+        },
+        :cve_url     => {
+          :label     => N_('CVE location'),
+          :help_text => N_('Enables defining a URL for XCCDF file instead of accessing the Internet'),
+        },
+      }
+    }
+  end
+end
diff --git a/app/models/manageiq/providers/kubernetes/container_manager/scanning/job.rb b/app/models/manageiq/providers/kubernetes/container_manager/scanning/job.rb
@@ -13,7 +13,6 @@ class ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job < Job
   ERRCODE_NOTFOUND = 404
   IMAGE_INSPECTOR_SA = 'inspector-admin'
   INSPECTOR_ADMIN_SECRET_PATH = '/var/run/secrets/kubernetes.io/inspector-admin-secret-'
-  ATTRIBUTE_SECTION = 'cluster_settings'
   PROXY_ENV_VARIABLES = %w(no_proxy http_proxy https_proxy)
 
   def load_transitions
@@ -348,6 +347,7 @@ def inspector_admin_secret
   end
 
   def pod_definition(inspector_admin_secret_name)
+    @ems_options = ext_management_system.options[:image_inspector_options]
     pod_def = {
       :apiVersion => "v1",
       :kind       => "Pod",
@@ -409,6 +409,7 @@ def pod_definition(inspector_admin_secret_name)
     }
 
     add_secret_to_pod_def(pod_def, inspector_admin_secret_name) unless inspector_admin_secret_name.blank?
+    add_cve_url(pod_def)
     Kubeclient::Resource.new(pod_def)
   end
 
@@ -425,17 +426,25 @@ def add_secret_to_pod_def(pod_def, inspector_admin_secret_name)
   end
 
   def inspector_image
-    registry = ::Settings.ems.ems_kubernetes.image_inspector_registry
-    repo = ::Settings.ems.ems_kubernetes.image_inspector_repository
-    "#{registry}/#{repo}:#{INSPECTOR_IMAGE_TAG}"
+    registry = @ems_options[:registry] || ::Settings.ems.ems_kubernetes.image_inspector_registry
+    repo = @ems_options[:repository] || ::Settings.ems.ems_kubernetes.image_inspector_repository
+    tag = @ems_options[:image_tag] || INSPECTOR_IMAGE_TAG
+    "#{registry}/#{repo}:#{tag}"
   end
 
   def inspector_proxy_env_variables
-    settings = ext_management_system.custom_attributes
-    settings.where(:section => ATTRIBUTE_SECTION,
-                   :name    => PROXY_ENV_VARIABLES).each_with_object([]) do |att, env|
-      env << {:name  => att.name.upcase,
-              :value => att.value} unless att.value.blank?
+    PROXY_ENV_VARIABLES.each_with_object([]) do |var_name, env|
+      if @ems_options.keys.include?(var_name.to_sym)
+        var_value = @ems_options[var_name.to_sym]
+        env << {:name  => var_name.upcase,
+                :value => var_value}
+      end
+    end
+  end
+
+  def add_cve_url(pod_def)
+    if @ems_options.include?(:cve_url)
+      pod_def[:spec][:containers][0][:command].append("--cve-url=#{@ems_options[:cve_url]}")
     end
   end
 end