refactor: Remove experimental Anchore Enterprise upload functionality (…

…#1257)

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

README.md

@@ -611,28 +611,6 @@ log:
   # location to write the log file (default is not to have a log file)
   # same as SYFT_LOG_FILE env var
   file: ""
-
-# uploading package SBOM is exposed through the packages subcommand
-anchore:
-  # (feature-preview) the Anchore Enterprise Host or URL to upload results to (supported on Enterprise 3.0+)
-  # same as -H ; SYFT_ANCHORE_HOST env var
-  host: ""
-
-  # (feature-preview) the path after the host to the Anchore External API (supported on Enterprise 3.0+)
-  # same as SYFT_ANCHORE_PATH env var
-  path: ""
-
-  # (feature-preview) the username to authenticate against Anchore Enterprise (supported on Enterprise 3.0+)
-  # same as -u ; SYFT_ANCHORE_USERNAME env var
-  username: ""
-
-  # (feature-preview) the password to authenticate against Anchore Enterprise (supported on Enterprise 3.0+)
-  # same as -p ; SYFT_ANCHORE_PASSWORD env var
-  password: ""
-
-  # (feature-preview) path to dockerfile to be uploaded with the syft results to Anchore Enterprise (supported on Enterprise 3.0+)
-  # same as -d ; SYFT_ANCHORE_DOCKERFILE env var
-  dockerfile: ""
 ```
 
 ### Adding an SBOM to an image as an attestation using Syft

cmd/syft/cli/options/packages.go

@@ -14,19 +14,13 @@ import (
 )
 
 type PackagesOptions struct {
-	Scope                  string
-	Output                 []string
-	OutputTemplatePath     string
-	File                   string
-	Platform               string
-	Host                   string
-	Username               string
-	Password               string
-	Dockerfile             string
-	Exclude                []string
-	OverwriteExistingImage bool
-	ImportTimeout          uint
-	Catalogers             []string
+	Scope              string
+	Output             []string
+	OutputTemplatePath string
+	File               string
+	Platform           string
+	Exclude            []string
+	Catalogers         []string
 }
 
 var _ Interface = (*PackagesOptions)(nil)
@@ -47,30 +41,12 @@ func (o *PackagesOptions) AddFlags(cmd *cobra.Command, v *viper.Viper) error {
 	cmd.Flags().StringVarP(&o.Platform, "platform", "", "",
 		"an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux')")
 
-	cmd.Flags().StringVarP(&o.Host, "host", "H", "",
-		"the hostname or URL of the Anchore Enterprise instance to upload to")
-
-	cmd.Flags().StringVarP(&o.Username, "username", "u", "",
-		"the username to authenticate against Anchore Enterprise")
-
-	cmd.Flags().StringVarP(&o.Password, "password", "p", "",
-		"the password to authenticate against Anchore Enterprise")
-
-	cmd.Flags().StringVarP(&o.Dockerfile, "dockerfile", "d", "",
-		"include dockerfile for upload to Anchore Enterprise")
-
 	cmd.Flags().StringArrayVarP(&o.Exclude, "exclude", "", nil,
 		"exclude paths from being scanned using a glob expression")
 
 	cmd.Flags().StringArrayVarP(&o.Catalogers, "catalogers", "", nil,
 		"enable one or more package catalogers")
 
-	cmd.Flags().BoolVarP(&o.OverwriteExistingImage, "overwrite-existing-image", "", false,
-		"overwrite an existing image during the upload to Anchore Enterprise")
-
-	cmd.Flags().UintVarP(&o.ImportTimeout, "import-timeout", "", 30,
-		"set a timeout duration (in seconds) for the upload to Anchore Enterprise")
-
 	return bindPackageConfigOptions(cmd.Flags(), v)
 }
 
@@ -105,31 +81,5 @@ func bindPackageConfigOptions(flags *pflag.FlagSet, v *viper.Viper) error {
 		return err
 	}
 
-	// Upload options //////////////////////////////////////////////////////////
-
-	if err := v.BindPFlag("anchore.host", flags.Lookup("host")); err != nil {
-		return err
-	}
-
-	if err := v.BindPFlag("anchore.username", flags.Lookup("username")); err != nil {
-		return err
-	}
-
-	if err := v.BindPFlag("anchore.password", flags.Lookup("password")); err != nil {
-		return err
-	}
-
-	if err := v.BindPFlag("anchore.dockerfile", flags.Lookup("dockerfile")); err != nil {
-		return err
-	}
-
-	if err := v.BindPFlag("anchore.overwrite-existing-image", flags.Lookup("overwrite-existing-image")); err != nil {
-		return err
-	}
-
-	if err := v.BindPFlag("anchore.import-timeout", flags.Lookup("import-timeout")); err != nil {
-		return err
-	}
-
 	return nil
 }

cmd/syft/cli/packages/packages.go

@@ -3,16 +3,13 @@ package packages
 import (
 	"context"
 	"fmt"
-	"io"
-	"os"
 
 	"github.com/wagoodman/go-partybus"
 
 	"github.com/anchore/stereoscope"
 	"github.com/anchore/syft/cmd/syft/cli/eventloop"
 	"github.com/anchore/syft/cmd/syft/cli/options"
 	"github.com/anchore/syft/internal"
-	"github.com/anchore/syft/internal/anchore"
 	"github.com/anchore/syft/internal/bus"
 	"github.com/anchore/syft/internal/config"
 	"github.com/anchore/syft/internal/log"
@@ -88,13 +85,6 @@ func execWorker(app *config.Application, si source.Input, writer sbom.Writer) <-
 			errs <- fmt.Errorf("no SBOM produced for %q", si.UserInput)
 		}
 
-		if app.Anchore.Host != "" {
-			if err := runPackageSbomUpload(src, *s, app); err != nil {
-				errs <- err
-				return
-			}
-		}
-
 		bus.Publish(partybus.Event{
 			Type:  event.Exit,
 			Value: func() error { return writer.Write(*s) },
@@ -144,55 +134,6 @@ func MergeRelationships(cs ...<-chan artifact.Relationship) (relationships []art
 	return relationships
 }
 
-func runPackageSbomUpload(src *source.Source, s sbom.SBOM, app *config.Application) error {
-	log.Infof("uploading results to %s", app.Anchore.Host)
-
-	if src.Metadata.Scheme != source.ImageScheme {
-		return fmt.Errorf("unable to upload results: only images are supported")
-	}
-
-	var dockerfileContents []byte
-	if app.Anchore.Dockerfile != "" {
-		if _, err := os.Stat(app.Anchore.Dockerfile); os.IsNotExist(err) {
-			return fmt.Errorf("unable dockerfile=%q does not exist: %w", app.Anchore.Dockerfile, err)
-		}
-
-		fh, err := os.Open(app.Anchore.Dockerfile)
-		if err != nil {
-			return fmt.Errorf("unable to open dockerfile=%q: %w", app.Anchore.Dockerfile, err)
-		}
-
-		dockerfileContents, err = io.ReadAll(fh)
-		if err != nil {
-			return fmt.Errorf("unable to read dockerfile=%q: %w", app.Anchore.Dockerfile, err)
-		}
-	}
-
-	c, err := anchore.NewClient(anchore.Configuration{
-		BaseURL:  app.Anchore.Host,
-		Username: app.Anchore.Username,
-		Password: app.Anchore.Password,
-	})
-
-	if err != nil {
-		return fmt.Errorf("failed to create anchore client: %w", err)
-	}
-
-	importCfg := anchore.ImportConfig{
-		ImageMetadata:           src.Image.Metadata,
-		SBOM:                    s,
-		Dockerfile:              dockerfileContents,
-		OverwriteExistingUpload: app.Anchore.OverwriteExistingImage,
-		Timeout:                 app.Anchore.ImportTimeout,
-	}
-
-	if err := c.Import(context.Background(), importCfg); err != nil {
-		return fmt.Errorf("failed to upload results to host=%s: %+v", app.Anchore.Host, err)
-	}
-
-	return nil
-}
-
 func validateOutputOptions(app *config.Application) error {
 	var usesTemplateOutput bool
 	for _, o := range app.Outputs {

go.mod

@@ -8,12 +8,10 @@ require (
 	github.com/acobaugh/osrelease v0.1.0
 	github.com/adrg/xdg v0.3.3
 	github.com/alecthomas/jsonschema v0.0.0-20210301060011-54c507b6f074
-	github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb
 	github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
 	github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
 	github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7
-	github.com/antihax/optional v1.0.0
 	github.com/bmatcuk/doublestar/v4 v4.0.2
 	github.com/dustin/go-humanize v1.0.0
 	github.com/facebookincubator/nvdtools v0.1.4

go.sum

@@ -270,8 +270,6 @@ github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCE
 github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw=
 github.com/aliyun/credentials-go v1.2.3 h1:Vmodnr52Rz1mcbwn0kzMhLRKb6soizewuKXdfZiNemU=
 github.com/aliyun/credentials-go v1.2.3/go.mod h1:/KowD1cfGSLrLsH28Jr8W+xwoId0ywIy5lNzDz6O1vw=
-github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf h1:DYssiUV1pBmKqzKsm4mqXx8artqC0Q8HgZsVI3lMsAg=
-github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf/go.mod h1:FaODhIA06mxO1E6R32JE0TL1JWZZkmjRIAd4ULvHUKk=
 github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb h1:iDMnx6LIjtjZ46C0akqveX83WFzhpTD3eqOthawb5vU=
 github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb/go.mod h1:DmTY2Mfcv38hsHbG78xMiTDdxFtkHpgYNVDPsF2TgHk=
 github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0vW0nnNKJfJieyH/TZ9UYAnTZs5/gHTdAe8=
@@ -290,7 +288,6 @@ github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q=
-github.com/antihax/optional v1.0.0 h1:xK2lYat7ZLaVVcIuj82J8kIro4V6kDe0AUDFboUCwcg=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ=
 github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o=