using the new options column

ManageIQ · Aug 3, 2017 · e9964da · e9964da
1 parent 0f62a51
commit e9964da
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 15 deletions.
diff --git a/app/models/manageiq/providers/kubernetes/container_manager.rb b/app/models/manageiq/providers/kubernetes/container_manager.rb
@@ -14,6 +14,7 @@ class ManageIQ::Providers::Kubernetes::ContainerManager < ManageIQ::Providers::C
  require_nested :Scanning
 
  include ManageIQ::Providers::Kubernetes::ContainerManagerMixin
+ extend ManageIQ::Providers::Kubernetes::ContainerManager::Options
 
  # See HasMonitoringManagerMixin
  has_one :monitoring_manager,

diff --git a/app/models/manageiq/providers/kubernetes/container_manager/options.rb b/app/models/manageiq/providers/kubernetes/container_manager/options.rb
@@ -0,0 +1,73 @@
+module ManageIQ::Providers::Kubernetes::ContainerManager::Options
+ extend ActiveSupport::Concern
+
+ def proxy_settings
+ {
+ :http_proxy => {
+ :label => N_('HTTP Proxy'),
+ :help_text => N_('HTTP Proxy to connect ManageIQ to the provider. example: http://user:password@my_https_proxy'),
+ :global_default => VMDB::Util.http_proxy_uri,
+ },
+ }
+ end
+
+ def advanced_settings
+ {
+ :image_inspector_options => {
+ :label => N_('Image Inspector Options'),
+ :help_text => N_('Settings for Image Inspector tool'),
+ :settings => {
+ :http_proxy => {
+ :label => N_('HTTP Proxy'),
+ :help_text => N_('HTTP Proxy to connect image inspector pods to the internet. example: http://user:password@my_https_proxy'),
+ },
+ :https_proxy => {
+ :label => N_('HTTPS Proxy'),
+ :help_text => N_('HTTPS Proxy to connect image inspector pods to the internet. example: https://user:password@my_https_proxy'),
+ },
+ :no_proxy => {
+ :label => N_('NO Proxy'),
+ :help_text => N_('NO Proxy lists urls that should\'nt be sent to any proxy. example: my_file_server.org'),
+ },
+ :repository => {
+ :label => N_('Image-Inspector Repository'),
+ :help_text => N_('Image-Inspector Repository. example: openshift/image-inspector'),
+ :global_default => Settings.ems.ems_kubernetes.image_inspector_repository,
+ },
+ :registry => {
+ :label => N_('Image-Inspector Registry'),
+ :help_text => N_('Registry to provide the image inspector repository. example: docker.io'),
+ :global_default => Settings.ems.ems_kubernetes.image_inspector_registry,
+ },
+ :image_tag => {
+ :label => N_('Image-Inspector Tag'),
+ :help_text => N_('Image-Inspector image tag. example: 2.1'),
+ :global_default => ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job::INSPECTOR_IMAGE_TAG,
+ },
+ :cve_url => {
+ :label => N_('CVE location'),
+ :help_text => N_('Enables defining a URL path prefix for XCCDF file instead of accessing the default location.
+example: http://my_file_server.org:3333/xccdf_files/
+Expecting to find com.redhat.rhsa-RHEL7.ds.xml.bz2 file there.'),
+ # Future versions of image inspector will extend this.
+ },
+ }
+ }
+ }
+ end
+
+ def provider_settings
+ {
+ :proxy_settings => {
+ :label => N_('Proxy Settings'),
+ :help_text => N_('Proxy Settings for connection to the provider'),
+ :settings => proxy_settings,
+ },
+ :advanced_settings => {
+ :label => N_('Advanced Settings'),
+ :help_text => N_('Advanced Settings for provider configuration'),
+ :settings => advanced_settings,
+ }
+ }
+ end
+end
diff --git a/app/models/manageiq/providers/kubernetes/container_manager/scanning/job.rb b/app/models/manageiq/providers/kubernetes/container_manager/scanning/job.rb
@@ -13,7 +13,6 @@ class ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job < Job
  ERRCODE_NOTFOUND = 404
  IMAGE_INSPECTOR_SA = 'inspector-admin'
  INSPECTOR_ADMIN_SECRET_PATH = '/var/run/secrets/kubernetes.io/inspector-admin-secret-'
- ATTRIBUTE_SECTION = 'cluster_settings'
  PROXY_ENV_VARIABLES = %w(no_proxy http_proxy https_proxy)
 
  def load_transitions
@@ -347,6 +346,10 @@ def inspector_admin_secret
  return nil
  end
 
+ def ems_options
+ @provider_options ||= ext_management_system.options[:image_inspector_options]
+ end
+
  def pod_definition(inspector_admin_secret_name)
  pod_def = {
  :apiVersion => "v1",
@@ -409,6 +412,7 @@ def pod_definition(inspector_admin_secret_name)
  }
 
  add_secret_to_pod_def(pod_def, inspector_admin_secret_name) unless inspector_admin_secret_name.blank?
+ add_cve_url(pod_def)
  Kubeclient::Resource.new(pod_def)
  end
 
@@ -425,17 +429,25 @@ def add_secret_to_pod_def(pod_def, inspector_admin_secret_name)
  end
 
  def inspector_image
- registry = ::Settings.ems.ems_kubernetes.image_inspector_registry
- repo = ::Settings.ems.ems_kubernetes.image_inspector_repository
- "#{registry}/#{repo}:#{INSPECTOR_IMAGE_TAG}"
+ registry = ems_options[:registry] || ::Settings.ems.ems_kubernetes.image_inspector_registry
+ repo = ems_options[:repository] || ::Settings.ems.ems_kubernetes.image_inspector_repository
+ tag = ems_options[:image_tag] || INSPECTOR_IMAGE_TAG
+ "#{registry}/#{repo}:#{tag}"
  end
 
  def inspector_proxy_env_variables
- settings = ext_management_system.custom_attributes
- settings.where(:section => ATTRIBUTE_SECTION,
- :name => PROXY_ENV_VARIABLES).each_with_object([]) do |att, env|
- env << {:name => att.name.upcase,
- :value => att.value} unless att.value.blank?
+ PROXY_ENV_VARIABLES.each_with_object([]) do |var_name, env|
+ if ems_options.keys.include?(var_name.to_sym)
+ var_value = ems_options[var_name.to_sym]
+ env << {:name => var_name.upcase,
+ :value => var_value}
+ end
+ end
+ end
+
+ def add_cve_url(pod_def)
+ if ems_options.include?(:cve_url)
+ pod_def[:spec][:containers][0][:command].append("--cve-url=#{ems_options[:cve_url]}")
  end
  end
 end
diff --git a/app/models/manageiq/providers/kubernetes/container_manager_mixin.rb b/app/models/manageiq/providers/kubernetes/container_manager_mixin.rb
@@ -42,7 +42,7 @@ def kubernetes_connect(hostname, port, options)
  options[:version] || kubernetes_version,
  :ssl_options => Kubeclient::Client::DEFAULT_SSL_OPTIONS.merge(options[:ssl_options] || {}),
  :auth_options => kubernetes_auth_options(options),
- :http_proxy_uri => VMDB::Util.http_proxy_uri,
+ :http_proxy_uri => options[:http_proxy] || VMDB::Util.http_proxy_uri,
  :timeouts => {
  :open => Settings.ems.ems_kubernetes.open_timeout.to_f_with_method,
  :read => Settings.ems.ems_kubernetes.read_timeout.to_f_with_method
@@ -108,11 +108,12 @@ def ssl_cert_store(endpoint = default_endpoint)
 
  def connect(options = {})
  effective_options = options.merge(
- :hostname => options[:hostname] || address,
- :port => options[:port] || port,
- :user => options[:user] || authentication_userid(options[:auth_type]),
- :pass => options[:pass] || authentication_password(options[:auth_type]),
- :bearer => options[:bearer] || authentication_token(options[:auth_type] || 'bearer'),
+ :hostname => options[:hostname] || address,
+ :port => options[:port] || port,
+ :user => options[:user] || authentication_userid(options[:auth_type]),
+ :pass => options[:pass] || authentication_password(options[:auth_type]),
+ :bearer => options[:bearer] || authentication_token(options[:auth_type] || 'bearer'),
+ :http_proxy => self.options.fetch_path(:proxy_settings, :http_proxy),
  :ssl_options => options[:ssl_options] || {
  :verify_ssl => verify_ssl_mode,
  :cert_store => ssl_cert_store