add a test

Author: sreya

go.mod

@@ -10,9 +10,11 @@ require (
 	cdr.dev/slog v1.6.2-0.20230929193652-f0c466fabe10
 	github.com/coder/coder/v2 v2.6.1-0.20240125021520-d9f5cdda9bae
 	github.com/google/go-containerregistry v0.14.0
+	github.com/google/uuid v1.5.0
 	github.com/jfrog/jfrog-client-go v1.31.6
 	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.8.4
+	go.uber.org/mock v0.4.0
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
 	k8s.io/api v0.29.1
 	k8s.io/apimachinery v0.29.1
@@ -99,7 +101,6 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c // indirect
 	github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b // indirect
-	github.com/google/uuid v1.5.0 // indirect
 	github.com/gookit/color v1.5.4 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect

jfrog/client.go

@@ -15,14 +15,18 @@ import (
 	"golang.org/x/xerrors"
 )
 
-type Client struct {
+type Client interface {
+	ScanResults(img Image) (ScanResult, error)
+}
+
+type client struct {
 	client  *jfroghttpclient.JfrogHttpClient
 	baseURL string
 	token   string
 	user    string
 }
 
-func XRayClient(url, user, token string) (*Client, error) {
+func XRayClient(url, user, token string) (Client, error) {
 	details := auth.NewXrayDetails()
 	details.SetAccessToken(token)
 	details.SetUser(user)
@@ -35,7 +39,7 @@ func XRayClient(url, user, token string) (*Client, error) {
 	if err != nil {
 		return nil, xerrors.Errorf("new xray manager: %w", err)
 	}
-	return &Client{
+	return &client{
 		client:  mgr.Client(),
 		baseURL: url,
 		user:    user,
@@ -60,7 +64,7 @@ type SecurityIssues struct {
 	Total    int `json:"total"`
 }
 
-func (c *Client) ScanResults(img Image) (ScanResult, error) {
+func (c *client) ScanResults(img Image) (ScanResult, error) {
 	path := fmt.Sprintf("%s/xray/api/v1/packages/%s/versions?search=%s", c.baseURL, img.Package, img.Version)
 	resp, body, _, err := c.client.SendGet(path, true, &httputils.HttpClientDetails{
 		User:        c.user,

jfrog/doc.go

@@ -0,0 +1,5 @@
+// package jfrog contains an abstraction for interfacing with an JFrog
+// artifactory instance.
+package jfrog
+
+//go:generate mockgen -destination ./mock.go -package jfrog github.com/coder/xray/jfrog Client

jfrog/mock.go

@@ -4,6 +4,10 @@ import (
 	"context"
 	"fmt"
 
+	"golang.org/x/xerrors"
+
+	"github.com/google/uuid"
+
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/xray/jfrog"
 
@@ -23,10 +27,11 @@ type K8sReporter struct {
 	Namespace     string
 	CoderClient   CoderClient
 	Logger        slog.Logger
-	JFrogClient   *jfrog.Client
+	JFrogClient   jfrog.Client
+	ResultsChan   chan codersdk.JFrogXrayScan
 
 	// Unexported fields are initialized on calls to Init.
-	podInformer cache.SharedIndexInformer
+	factory informers.SharedInformerFactory
 }
 
 type WorkspaceAgent struct {
@@ -35,14 +40,14 @@ type WorkspaceAgent struct {
 }
 
 func (k *K8sReporter) Init(ctx context.Context) error {
-	podFactory := informers.NewSharedInformerFactoryWithOptions(k.Client, 0, informers.WithNamespace(k.Namespace), informers.WithTweakListOptions(func(lo *v1.ListOptions) {
+	k.factory = informers.NewSharedInformerFactoryWithOptions(k.Client, 0, informers.WithNamespace(k.Namespace), informers.WithTweakListOptions(func(lo *v1.ListOptions) {
 		lo.FieldSelector = k.FieldSelector
 		lo.LabelSelector = k.LabelSelector
 	}))
 
-	k.podInformer = podFactory.Core().V1().Pods().Informer()
+	podInformer := k.factory.Core().V1().Pods().Informer()
 
-	_, err := k.podInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
+	_, err := podInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
 		AddFunc: func(obj interface{}) {
 			pod, ok := obj.(*corev1.Pod)
 			if !ok {
@@ -53,63 +58,72 @@ func (k *K8sReporter) Init(ctx context.Context) error {
 			log := k.Logger.With(
 				slog.F("pod_name", pod.Name),
 			)
-			var isWorkspace bool
 			for _, container := range pod.Spec.Containers {
-				var agentToken string
-				for _, env := range container.Env {
-					if env.Name != "CODER_AGENT_TOKEN" {
-						continue
-					}
-					isWorkspace = true
-					agentToken = env.Value
-					break
-				}
-				if agentToken == "" {
-					continue
-				}
-
 				log = log.With(
 					slog.F("container_name", container.Name),
 					slog.F("container_image", container.Image),
 				)
 
-				image, err := jfrog.ParseImage(container.Image)
-				if err != nil {
-					log.Error(ctx, "parse image", slog.Error(err))
-					return
-				}
+				scan, err := func() (codersdk.JFrogXrayScan, error) {
+					var agentToken string
+					for _, env := range container.Env {
+						if env.Name != "CODER_AGENT_TOKEN" {
+							continue
+						}
+						agentToken = env.Value
+						break
+					}
+					if agentToken == "" {
+						return codersdk.JFrogXrayScan{}, nil
+					}
 
-				scan, err := k.JFrogClient.ScanResults(image)
-				if err != nil {
-					log.Error(ctx, "fetch scan results", slog.Error(err))
-					return
-				}
+					image, err := jfrog.ParseImage(container.Image)
+					if err != nil {
+						return codersdk.JFrogXrayScan{}, xerrors.Errorf("parse image: %w", err)
+					}
 
-				manifest, err := k.CoderClient.AgentManifest(ctx, agentToken)
-				if err != nil {
-					log.Error(ctx, "Get agent manifest", slog.Error(err))
-					return
-				}
+					scan, err := k.JFrogClient.ScanResults(image)
+					if err != nil {
+						return codersdk.JFrogXrayScan{}, xerrors.Errorf("fetch scan results: %w", err)
+					}
 
-				log = log.With(
-					slog.F("workspace_id", manifest.WorkspaceID),
-					slog.F("agent_id", manifest.AgentID),
-					slog.F("workspace_name", manifest.WorkspaceName),
-				)
+					manifest, err := k.CoderClient.AgentManifest(ctx, agentToken)
+					if err != nil {
+						return codersdk.JFrogXrayScan{}, xerrors.Errorf("agent manifest: %w", err)
+					}
 
-				err = k.CoderClient.PostJFrogXrayScan(ctx, codersdk.JFrogXrayScan{
-					WorkspaceID: manifest.WorkspaceID,
-					AgentID:     manifest.AgentID,
-					Critical:    scan.SecurityIssues.Critical,
-					High:        scan.SecurityIssues.High,
-				})
+					log = log.With(
+						slog.F("workspace_id", manifest.WorkspaceID),
+						slog.F("agent_id", manifest.AgentID),
+						slog.F("workspace_name", manifest.WorkspaceName),
+					)
+
+					req := codersdk.JFrogXrayScan{
+						WorkspaceID: manifest.WorkspaceID,
+						AgentID:     manifest.AgentID,
+						Critical:    scan.SecurityIssues.Critical,
+						High:        scan.SecurityIssues.High,
+					}
+					err = k.CoderClient.PostJFrogXrayScan(ctx, req)
+					if err != nil {
+						return codersdk.JFrogXrayScan{}, xerrors.Errorf("post xray scan: %w", err)
+					}
+
+					return req, nil
+				}()
 				if err != nil {
-					log.Error(ctx, "post xray results", slog.Error(err))
-					return
+					log.Error(ctx, "scan agent", slog.Error(err))
+					break
+				}
+				if scan.AgentID != uuid.Nil {
+					log.Info(ctx, "uploaded agent results!", slog.F("pod_name", pod.Name), slog.F("namespace", pod.Namespace))
+					if k.ResultsChan != nil {
+						// This should only be populated during tests
+						// so it's ok to assume an unbuffered channel is
+						// going to block until read.
+						k.ResultsChan <- scan
+					}
 				}
-			}
-			if isWorkspace {
-				log.Info(ctx, "uploaded workspace results!", slog.F("pod_name", pod.Name), slog.F("namespace", pod.Namespace))
 			}
 		},
 	})
@@ -120,5 +134,5 @@ func (k *K8sReporter) Init(ctx context.Context) error {
 }
 
 func (k *K8sReporter) Start(stop chan struct{}) {
-	k.podInformer.Run(stop)
+	k.factory.Start(stop)
 }