From 681f46272814a02d8243074715f9ac62acadb899 Mon Sep 17 00:00:00 2001 From: Katie Armstrong Date: Thu, 21 Dec 2023 12:23:05 +0000 Subject: [PATCH] fix: look for sysdig v2 first --- src/common/config.ts | 12 +- test/unit/data-scraper/scrape-data.spec.ts | 562 +++++++++++++-------- 2 files changed, 364 insertions(+), 210 deletions(-) diff --git a/src/common/config.ts b/src/common/config.ts index 4206b4b6e..4c5a9dc6a 100644 --- a/src/common/config.ts +++ b/src/common/config.ts @@ -47,12 +47,6 @@ config.EXCLUDED_NAMESPACES = loadExcludedNamespaces(); config.WORKERS_COUNT = Number(config.WORKERS_COUNT) || 10; config.SKOPEO_COMPRESSION_LEVEL = Number(config.SKOPEO_COMPRESSION_LEVEL) || 6; -// return Sysdig v1 endpoint information -if (config.SYSDIG_ENDPOINT && config.SYSDIG_TOKEN) { - config.SYSDIG_ENDPOINT = config.SYSDIG_ENDPOINT.trim(); - config.SYSDIG_TOKEN = config.SYSDIG_TOKEN.trim(); -} - // return Sysdig v2 endpoint information if ( config.SYSDIG_RISK_SPOTLIGHT_TOKEN && @@ -65,6 +59,12 @@ if ( config.SYSDIG_CLUSTER_NAME = config.SYSDIG_CLUSTER_NAME.trim(); } +// return Sysdig v1 endpoint information +if (config.SYSDIG_ENDPOINT && config.SYSDIG_TOKEN) { + config.SYSDIG_ENDPOINT = config.SYSDIG_ENDPOINT.trim(); + config.SYSDIG_TOKEN = config.SYSDIG_TOKEN.trim(); +} + /** * Important: we delete the following env vars because we don't want to proxy requests to the Kubernetes API server. * The Kubernetes client library would honor the NO/HTTP/HTTPS_PROXY env vars. diff --git a/test/unit/data-scraper/scrape-data.spec.ts b/test/unit/data-scraper/scrape-data.spec.ts index 2e2b53db5..ad180a11b 100644 --- a/test/unit/data-scraper/scrape-data.spec.ts +++ b/test/unit/data-scraper/scrape-data.spec.ts @@ -6,228 +6,382 @@ import { scrapeData, scrapeDataV1 } from '../../../src/data-scraper'; import * as transmitterTypes from '../../../src/transmitter/types'; describe('dataScraper()', () => { - beforeAll(() => { - config.SYSDIG_REGION_URL = 'sysdig'; - config.SYSDIG_RISK_SPOTLIGHT_TOKEN = 'token123'; - config.SYSDIG_CLUSTER_NAME = 'test-sysdig-cluster'; - }); + describe('sysdig v2 env vars configured', () => { + beforeAll(() => { + config.SYSDIG_REGION_URL = 'sysdig'; + config.SYSDIG_RISK_SPOTLIGHT_TOKEN = 'token123'; + config.SYSDIG_CLUSTER_NAME = 'test-sysdig-cluster'; + }); - afterAll(() => { - delete config.SYSDIG_REGION_URL; - delete config.SYSDIG_RISK_SPOTLIGHT_TOKEN; - delete config.SYSDIG_CLUSTER_NAME; - }); + afterAll(() => { + delete config.SYSDIG_REGION_URL; + delete config.SYSDIG_RISK_SPOTLIGHT_TOKEN; + delete config.SYSDIG_CLUSTER_NAME; + }); - it('correctly sends data to kubernetes-upstream', async () => { - const bodyWithToken = { - data: [ - { - imageID: 'something', - namespace: 'sysdig', - workloadName: 'workload', - workloadKind: 'Deployment', - container: 'box', - packages: [], + it('correctly sends data to kubernetes-upstream', async () => { + const bodyWithToken = { + data: [ + { + imageID: 'something', + namespace: 'sysdig', + workloadName: 'workload', + workloadKind: 'Deployment', + container: 'box', + packages: [], + }, + ], + page: { + returned: 10, + next: 'xxx', }, - ], - page: { - returned: 10, - next: 'xxx', - }, - }; - const bodyNoToken = { - data: [ - { - imageID: 'something', - namespace: 'sysdig', - workloadName: 'workload', - workloadKind: 'Deployment', - container: 'box', - packages: [], + }; + const bodyNoToken = { + data: [ + { + imageID: 'something', + namespace: 'sysdig', + workloadName: 'workload', + workloadKind: 'Deployment', + container: 'box', + packages: [], + }, + ], + page: { + returned: 10, + next: '', }, - ], - page: { - returned: 10, - next: '', - }, - }; - const expectedHeader = 'Bearer token123'; - nock('https://sysdig', { - reqheaders: { authorization: expectedHeader }, - }) - .get( - '/api/scanning/eveintegration/v2/runtimeimages?clusterName=test-sysdig-cluster&limit=10', - ) - .times(1) - .reply(200, bodyWithToken); - nock('https://sysdig', { reqheaders: { authorization: expectedHeader } }) - .get( - '/api/scanning/eveintegration/v2/runtimeimages?clusterName=test-sysdig-cluster&limit=10&cursor=xxx', - ) - .times(1) - .reply(200, bodyNoToken); - - nock('https://api.snyk.io') - .post('/v2/kubernetes-upstream/api/v1/runtime-results?version=2023-02-10') - .times(1) - .reply(200, (uri, requestBody: transmitterTypes.IRuntimeDataPayload) => { - expect(requestBody).toEqual({ - identity: { - type: 'sysdig', - sysdigVersion: 2, + }; + const expectedHeader = 'Bearer token123'; + nock('https://sysdig', { + reqheaders: { authorization: expectedHeader }, + }) + .get( + '/api/scanning/eveintegration/v2/runtimeimages?clusterName=test-sysdig-cluster&limit=10', + ) + .times(1) + .reply(200, bodyWithToken); + nock('https://sysdig', { reqheaders: { authorization: expectedHeader } }) + .get( + '/api/scanning/eveintegration/v2/runtimeimages?clusterName=test-sysdig-cluster&limit=10&cursor=xxx', + ) + .times(1) + .reply(200, bodyNoToken); + + nock('https://api.snyk.io') + .post( + '/v2/kubernetes-upstream/api/v1/runtime-results?version=2023-02-10', + ) + .times(1) + .reply( + 200, + (uri, requestBody: transmitterTypes.IRuntimeDataPayload) => { + expect(requestBody).toEqual({ + identity: { + type: 'sysdig', + sysdigVersion: 2, + }, + target: { + userLocator: expect.any(String), + cluster: expect.any(String), + agentId: expect.any(String), + }, + facts: [ + { + type: 'loadedPackages', + data: bodyWithToken.data, + }, + ], + }); }, - target: { - userLocator: expect.any(String), - cluster: expect.any(String), - agentId: expect.any(String), + ) + .post( + '/v2/kubernetes-upstream/api/v1/runtime-results?version=2023-02-10', + ) + .times(1) + .reply( + 200, + (uri, requestBody: transmitterTypes.IRuntimeDataPayload) => { + expect(requestBody).toEqual({ + identity: { + type: 'sysdig', + sysdigVersion: 2, + }, + target: { + userLocator: expect.any(String), + cluster: 'Default cluster', + agentId: expect.any(String), + }, + facts: [ + { + type: 'loadedPackages', + data: bodyNoToken.data, + }, + ], + }); }, - facts: [ - { - type: 'loadedPackages', - data: bodyWithToken.data, - }, - ], - }); + ); + + await scrapeData(); + + try { + expect(nock.isDone()).toBeTruthy(); + } catch (err) { + console.error(`nock pending mocks: ${nock.pendingMocks()}`); + throw err; + } + }); + }); + describe('when sysdig v1 and v2 env vars configured, should use v2', () => { + beforeAll(() => { + config.SYSDIG_ENDPOINT = 'https://sysdig'; + config.SYSDIG_TOKEN = 'token123'; + config.SYSDIG_REGION_URL = 'sysdig'; + config.SYSDIG_RISK_SPOTLIGHT_TOKEN = 'token123'; + config.SYSDIG_CLUSTER_NAME = 'test-sysdig-cluster'; + }); + + afterAll(() => { + delete config.SYSDIG_ENDPOINT; + delete config.SYSDIG_TOKEN; + delete config.SYSDIG_REGION_URL; + delete config.SYSDIG_RISK_SPOTLIGHT_TOKEN; + delete config.SYSDIG_CLUSTER_NAME; + }); + + it('correctly sends data to kubernetes-upstream', async () => { + const bodyWithToken = { + data: [ + { + imageID: 'something', + namespace: 'sysdig', + workloadName: 'workload', + workloadKind: 'Deployment', + container: 'box', + packages: [], + }, + ], + page: { + returned: 10, + next: 'xxx', + }, + }; + const bodyNoToken = { + data: [ + { + imageID: 'something', + namespace: 'sysdig', + workloadName: 'workload', + workloadKind: 'Deployment', + container: 'box', + packages: [], + }, + ], + page: { + returned: 10, + next: '', + }, + }; + const expectedHeader = 'Bearer token123'; + nock('https://sysdig', { + reqheaders: { authorization: expectedHeader }, }) - .post('/v2/kubernetes-upstream/api/v1/runtime-results?version=2023-02-10') - .times(1) - .reply(200, (uri, requestBody: transmitterTypes.IRuntimeDataPayload) => { - expect(requestBody).toEqual({ - identity: { - type: 'sysdig', - sysdigVersion: 2, + .get( + '/api/scanning/eveintegration/v2/runtimeimages?clusterName=test-sysdig-cluster&limit=10', + ) + .times(1) + .reply(200, bodyWithToken); + nock('https://sysdig', { reqheaders: { authorization: expectedHeader } }) + .get( + '/api/scanning/eveintegration/v2/runtimeimages?clusterName=test-sysdig-cluster&limit=10&cursor=xxx', + ) + .times(1) + .reply(200, bodyNoToken); + + nock('https://api.snyk.io') + .post( + '/v2/kubernetes-upstream/api/v1/runtime-results?version=2023-02-10', + ) + .times(1) + .reply( + 200, + (uri, requestBody: transmitterTypes.IRuntimeDataPayload) => { + expect(requestBody).toEqual({ + identity: { + type: 'sysdig', + sysdigVersion: 2, + }, + target: { + userLocator: expect.any(String), + cluster: expect.any(String), + agentId: expect.any(String), + }, + facts: [ + { + type: 'loadedPackages', + data: bodyWithToken.data, + }, + ], + }); }, - target: { - userLocator: expect.any(String), - cluster: 'Default cluster', - agentId: expect.any(String), + ) + .post( + '/v2/kubernetes-upstream/api/v1/runtime-results?version=2023-02-10', + ) + .times(1) + .reply( + 200, + (uri, requestBody: transmitterTypes.IRuntimeDataPayload) => { + expect(requestBody).toEqual({ + identity: { + type: 'sysdig', + sysdigVersion: 2, + }, + target: { + userLocator: expect.any(String), + cluster: 'Default cluster', + agentId: expect.any(String), + }, + facts: [ + { + type: 'loadedPackages', + data: bodyNoToken.data, + }, + ], + }); }, - facts: [ - { - type: 'loadedPackages', - data: bodyNoToken.data, - }, - ], - }); - }); - - await scrapeData(); - - try { - expect(nock.isDone()).toBeTruthy(); - } catch (err) { - console.error(`nock pending mocks: ${nock.pendingMocks()}`); - throw err; - } + ); + + await scrapeData(); + + try { + expect(nock.isDone()).toBeTruthy(); + } catch (err) { + console.error(`nock pending mocks: ${nock.pendingMocks()}`); + throw err; + } + }); }); }); describe('dataScraperV1()', () => { - beforeAll(() => { - config.SYSDIG_ENDPOINT = 'https://sysdig'; - config.SYSDIG_TOKEN = 'token123'; - }); + describe('when sysdig v1 and v2 env vars configured, should use v2', () => { + beforeAll(() => { + config.SYSDIG_ENDPOINT = 'https://sysdig'; + config.SYSDIG_TOKEN = 'token123'; + }); - afterAll(() => { - delete config.SYSDIG_ENDPOINT; - delete config.SYSDIG_TOKEN; - }); + afterAll(() => { + delete config.SYSDIG_ENDPOINT; + delete config.SYSDIG_TOKEN; + }); - it('correctly sends data to kubernetes-upstream', async () => { - const bodyWithToken = { - data: [ - { - imageID: 'something', - namespace: 'sysdig', - workloadName: 'workload', - workloadKind: 'Deployment', - container: 'box', - packages: [], - }, - ], - page: { - returned: 10, - next: 'xxx', - }, - }; - const bodyNoToken = { - data: [ - { - imageID: 'something', - namespace: 'sysdig', - workloadName: 'workload', - workloadKind: 'Deployment', - container: 'box', - packages: [], - }, - ], - page: { - returned: 10, - next: '', - }, - }; - const expectedHeader = 'Bearer token123'; - nock('https://sysdig', { reqheaders: { authorization: expectedHeader } }) - .get('/v1/runtimeimages?limit=10&cursor=') - .times(1) - .reply(200, bodyWithToken); - - nock('https://sysdig', { reqheaders: { authorization: expectedHeader } }) - .get('/v1/runtimeimages?limit=10&cursor=xxx') - .times(1) - .reply(200, bodyNoToken); - - nock('https://api.snyk.io') - .post('/v2/kubernetes-upstream/api/v1/runtime-results?version=2023-02-10') - .times(1) - .reply(200, (uri, requestBody: transmitterTypes.IRuntimeDataPayload) => { - expect(requestBody).toEqual({ - identity: { - type: 'sysdig', - sysdigVersion: 1, + it('correctly sends data to kubernetes-upstream', async () => { + const bodyWithToken = { + data: [ + { + imageID: 'something', + namespace: 'sysdig', + workloadName: 'workload', + workloadKind: 'Deployment', + container: 'box', + packages: [], }, - target: { - userLocator: expect.any(String), - cluster: 'Default cluster', - agentId: expect.any(String), + ], + page: { + returned: 10, + next: 'xxx', + }, + }; + const bodyNoToken = { + data: [ + { + imageID: 'something', + namespace: 'sysdig', + workloadName: 'workload', + workloadKind: 'Deployment', + container: 'box', + packages: [], }, - facts: [ - { - type: 'loadedPackages', - data: bodyWithToken.data, - }, - ], - }); - }) - .post('/v2/kubernetes-upstream/api/v1/runtime-results?version=2023-02-10') - .times(1) - .reply(200, (uri, requestBody: transmitterTypes.IRuntimeDataPayload) => { - expect(requestBody).toEqual({ - identity: { - type: 'sysdig', - sysdigVersion: 1, + ], + page: { + returned: 10, + next: '', + }, + }; + const expectedHeader = 'Bearer token123'; + nock('https://sysdig', { reqheaders: { authorization: expectedHeader } }) + .get('/v1/runtimeimages?limit=10&cursor=') + .times(1) + .reply(200, bodyWithToken); + + nock('https://sysdig', { reqheaders: { authorization: expectedHeader } }) + .get('/v1/runtimeimages?limit=10&cursor=xxx') + .times(1) + .reply(200, bodyNoToken); + + nock('https://api.snyk.io') + .post( + '/v2/kubernetes-upstream/api/v1/runtime-results?version=2023-02-10', + ) + .times(1) + .reply( + 200, + (uri, requestBody: transmitterTypes.IRuntimeDataPayload) => { + expect(requestBody).toEqual({ + identity: { + type: 'sysdig', + sysdigVersion: 1, + }, + target: { + userLocator: expect.any(String), + cluster: 'Default cluster', + agentId: expect.any(String), + }, + facts: [ + { + type: 'loadedPackages', + data: bodyWithToken.data, + }, + ], + }); }, - target: { - userLocator: expect.any(String), - cluster: 'Default cluster', - agentId: expect.any(String), + ) + .post( + '/v2/kubernetes-upstream/api/v1/runtime-results?version=2023-02-10', + ) + .times(1) + .reply( + 200, + (uri, requestBody: transmitterTypes.IRuntimeDataPayload) => { + expect(requestBody).toEqual({ + identity: { + type: 'sysdig', + sysdigVersion: 1, + }, + target: { + userLocator: expect.any(String), + cluster: 'Default cluster', + agentId: expect.any(String), + }, + facts: [ + { + type: 'loadedPackages', + data: bodyNoToken.data, + }, + ], + }); }, - facts: [ - { - type: 'loadedPackages', - data: bodyNoToken.data, - }, - ], - }); - }); - - await scrapeDataV1(); - - try { - expect(nock.isDone()).toBeTruthy(); - } catch (err) { - console.error(`nock pending mocks: ${nock.pendingMocks()}`); - throw err; - } + ); + + await scrapeDataV1(); + + try { + expect(nock.isDone()).toBeTruthy(); + } catch (err) { + console.error(`nock pending mocks: ${nock.pendingMocks()}`); + throw err; + } + }); }); });