added valImage to monitor image vulnerabilities #1175
Conversation
There was a problem hiding this comment.
@yt3liu: 0 warnings.
In response to this:
What this PR does, why we need it:
- generalized the pubsub client in monitoring
- moved test-infra monitoring specific stuff to alert.go
- added valImage to listen for image vulnerabilities message, send an email for all messages received
This PR does NOT create an issue in the relevant repo. This is due to when testing in my own gcp project, I didn't see anything that gives us repo specific information. Thus, for now, only send an email when receives the image vulnerability message.
Sample Email Message:
Message Data: {"name":"projects/<project-name>/occurrences/<uuid>","kind":"VULNERABILITY","notificationTime":"2019-07-23T16:54:30.902457Z"} Pubsub Message: { "ID": "626966346998275", "Data": "<base64encoded content of the above message data>", "Attributes": null, "PublishTime": "2019-07-23T16:54:31.025Z" } Raw Message: &{ID:xxxxxxxxxxxxxxxxxx Data:[...] Attributes:map[] ackID:xxxxxxxxxx PublishTime:2019-07-23 16:54:31.025 +0000 UTC receiveTime:{wall:13782682632966708414 ext:29034076097 loc:0xdd5f40} size:0 calledDone:false doneFunc:0x8115e0}Which issue(s) this PR fixes:
Part of https://github.com/knative/test-infra/issues/678Special notes to reviewers:
User-visible changes in this PR:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
knative-prow-robot
added
the
size/L
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chaodaiG, yt3liu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
knative-prow-robot
added
the
approved
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| FROM golang:1.12.1 |
There was a problem hiding this comment.
FROM golang:latest?
There was a problem hiding this comment.
Didn't know this was an option. Will try this out :)
|
|
||
| mailConfig, err := mail.NewMailConfig(*mailAddrSF, *mailPassSF) | ||
| if err != nil { | ||
| log.Fatal(err) |
There was a problem hiding this comment.
| log.Fatal(err) | |
| log.Fatalf("Failed to create mail config: %v", err) |
|
|
||
| func validateImage(w http.ResponseWriter, r *http.Request) { | ||
| log.Printf("Serving request: %s", r.URL.Path) | ||
|
|
| go func() { | ||
| err := subClient.Receive(context.Background(), func(ctx context.Context, msg *pubsub.Message) { | ||
| log.Printf("Message: %v\n", string(msg.Data)) | ||
| log.Printf("Pubsub Message: %v\n", msg) |
There was a problem hiding this comment.
whats the point of logging both? This will log the data as well?
There was a problem hiding this comment.
The one logged with string(msg.Data) prints data in a human-readable format, while printing the message directly from msg prints the message as base64encoded string.
I'd like to keep the pubsub message for debugging purposes in case there's additional attributes that gets added to the image vulnerabilities message.
# log.Printf("Message: %v\n", string(msg.Data))
Message Data: {"name":"projects/joyceyu-test/occurrences/ce3b5a33-05ed-40c2-80f2-821d38426171","kind":"DISCOVERY","notificationTime":"2019-09-12T18:04:36.630196Z"}
# log.Printf("Pubsub Message: %v\n", msg)
Pubsub Message: {
"ID": "719306958870977",
"Data": "eyJuYW1lIjoicHJvamVjdHMvam95Y2V5dS10ZXN0L29jY3VycmVuY2VzL2NlM2I1YTMzLTA1ZWQtNDBjMi04MGYyLTgyMWQzODQyNjE3MSIsImtpbmQiOiJESVNDT1ZFUlkiLCJub3RpZmljYXRpb25UaW1lIjoiMjAxOS0wOS0xMlQxODowNDozNi42MzAxOTZaIn0=",
"Attributes": null,
"PublishTime": "2019-09-12T18:04:37.058Z"
}
|
|
||
| return &Client{ | ||
| subClients: subClients, | ||
| mailClient: mconfig, |
There was a problem hiding this comment.
we should validate mConfig != nil
| log.Printf("Pubsub Message: %v\n", msg) | ||
|
|
||
| if time.Now().Sub(lastSent) > alertFreq { | ||
| err := c.mailClient.Send(recipients, "Image Vulnerabilities Detected", toMailContent(msg)) |
There was a problem hiding this comment.
combine if
if err := ...; err != nil {}
| } | ||
|
|
||
| func toMailContent(msg *pubsub.Message) string { | ||
| c := fmt.Sprintf("Message Data: %v\n", string(msg.Data)) |
There was a problem hiding this comment.
Why are we logging message and then the data from the message as well?
There was a problem hiding this comment.
From the alert receiver's perspective, the pubsub message is probably not useful. I'll update the mail content to only print out the human readable message.
| } | ||
|
|
||
| // NewValidateImageClient initialize all the resources for monitoring image vulnerabilities | ||
| func NewValidateImageClient(mconfig *mail.Config) (*Client, error) { |
|
/uncc |
|
@yt3liu what's the status of this? |
|
Issues go stale after 90 days of inactivity. Send feedback to Knative Productivity Slack channel or file an issue in knative/test-infra. /lifecycle stale |
knative-prow-robot
added
the
lifecycle/stale
|
Issues go stale after 90 days of inactivity. Send feedback to Knative Productivity Slack channel or file an issue in knative/test-infra. /lifecycle stale |
* genreconciler:nonNamespaced * Adding a force-kinds flag to the reconciler generator to allow us to generate reconcilers for non-owned types. * force-kinds --> force-genreconciler-kinds * some minor nits with the generators for non-knative types needed to be removed. * remove whitespace Co-authored-by: Nacho Cano <[email protected]>
What this PR does, why we need it:
This PR does NOT create an issue in the relevant repo. This is due to when testing in my own gcp project, I didn't see anything that gives us repo specific information. Thus, for now, only send an email when receives the image vulnerability message.
Sample Email Message:
Which issue(s) this PR fixes:
Part of knative/infra#136
Special notes to reviewers:
User-visible changes in this PR: