Added AWS Credentials Support for Scanning Private Registry #1062
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chen-keinan
suggested changes
Mar 28, 2022
| if aerr, ok := err.(awserr.Error); ok { | ||
| switch aerr.Code() { | ||
| case ecr.ErrCodeServerException: | ||
| fmt.Println(ecr.ErrCodeServerException, aerr.Error()) |
There was a problem hiding this comment.
better pass logger and use it: log.V(1).Error(aerr,ecr.ErrCodeServerException,"error somthing")
| case ecr.ErrCodeInvalidParameterException: | ||
| fmt.Println(ecr.ErrCodeInvalidParameterException, aerr.Error()) | ||
| default: | ||
| fmt.Println(aerr.Error()) |
| case ecr.ErrCodeServerException: | ||
| fmt.Println(ecr.ErrCodeServerException, aerr.Error()) | ||
| case ecr.ErrCodeInvalidParameterException: | ||
| fmt.Println(ecr.ErrCodeInvalidParameterException, aerr.Error()) |
| fmt.Println(aerr.Error()) | ||
| } | ||
| } else { | ||
| fmt.Println(err.Error()) |
|
|
||
| var credentials = *result.AuthorizationData[0].AuthorizationToken | ||
|
|
||
| sDec, _ := base64.StdEncoding.DecodeString(credentials) |
There was a problem hiding this comment.
error should not be ignored
chen-keinan
reviewed
Mar 28, 2022
| registryPasswordKey := fmt.Sprintf("%s.password", c.Name) | ||
| if config.UseECRCredentials() { | ||
| var aws_creds = GetAuthorizationToken(c.Image) | ||
| var creds (ecr_credentials) = ecr_credentials{aws_creds[0][1], aws_creds[0][2]} |
There was a problem hiding this comment.
check matrix size both row and column to avoid index out of range
chen-keinan
reviewed
Mar 28, 2022
| registryPasswordKey := fmt.Sprintf("%s.password", container.Name) | ||
| if config.UseECRCredentials() { | ||
| var aws_creds = GetAuthorizationToken(container.Image) | ||
| var creds (ecr_credentials) = ecr_credentials{aws_creds[0][1], aws_creds[0][2]} |
There was a problem hiding this comment.
check matrix size both row and column to avoid index out of range
|
@VF-mbrauer thank you for the contribution, added a few comments |
chen-keinan
added
the
managed container registry
|
|
|
Due to the new Release 0.15.0 the PR needed to be rebased. For this, a new PR has been created #1103 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added support for scanning the private registry of AWS-ECR.
Feature still in Beta-mode but usable when prerequisites are met.
Prerequisite:
K8S-Kiam or any other method IRSA (Future) to be used to allow Assuming Instance Roles.
Configurations:
Annotate the Starboard Namespace to be allowed to use KIAM:
Annotations: iam.amazonaws.com/permitted: .*Add the Role you want to Assume which has the proper right to create ECR-Credentials
Configuration in HELM value file to enable the feature
trivy.useEcrRoleCreds: false