func main() {
inspectorOptions := iicmd.NewDefaultImageInspectorOptions()
flag.StringVar(&inspectorOptions.URI, "docker", inspectorOptions.URI, "Daemon socket to connect to")
flag.StringVar(&inspectorOptions.Image, "image", inspectorOptions.Image, "Docker image to inspect")
flag.StringVar(&inspectorOptions.DstPath, "path", inspectorOptions.DstPath, "Destination path for the image files")
flag.StringVar(&inspectorOptions.Serve, "serve", inspectorOptions.Serve, "Host and port where to serve the image with webdav")
flag.BoolVar(&inspectorOptions.Chroot, "chroot", inspectorOptions.Chroot, "Change root when serving the image with webdav")
flag.Var(&inspectorOptions.DockerCfg, "dockercfg", "Location of the docker configuration files. May be specified more than once")
flag.StringVar(&inspectorOptions.Username, "username", inspectorOptions.Username, "username for authenticating with the docker registry")
flag.StringVar(&inspectorOptions.PasswordFile, "password-file", inspectorOptions.PasswordFile, "Location of a file that contains the password for authentication with the docker registry")
flag.StringVar(&inspectorOptions.ScanType, "scan-type", inspectorOptions.ScanType, fmt.Sprintf("The type of the scan to be done on the inspected image. Available scan types are: %v", iicmd.ScanOptions))
flag.StringVar(&inspectorOptions.ScanResultsDir, "scan-results-dir", inspectorOptions.ScanResultsDir, "The directory that will contain the results of the scan")
flag.BoolVar(&inspectorOptions.OpenScapHTML, "openscap-html-report", inspectorOptions.OpenScapHTML, "Generate an OpenScap HTML report in addition to the ARF formatted report")
flag.StringVar(&inspectorOptions.CVEUrlPath, "cve-url", inspectorOptions.CVEUrlPath, "An alternative URL source for CVE files")
flag.Parse()
if err := inspectorOptions.Validate(); err != nil {
log.Fatal(err)
}
inspector := ii.NewDefaultImageInspector(*inspectorOptions)
if err := inspector.Inspect(); err != nil {
log.Fatalf("Error inspecting image: %v", err)
}
}
func TestGetAuthConfigs(t *testing.T) {
goodNoAuth := iicmd.NewDefaultImageInspectorOptions()
goodTwoDockerCfg := iicmd.NewDefaultImageInspectorOptions()
goodTwoDockerCfg.DockerCfg.Values = []string{"test/dockercfg1", "test/dockercfg2"}
goodUserAndPass := iicmd.NewDefaultImageInspectorOptions()
goodUserAndPass.Username = "******"
goodUserAndPass.PasswordFile = "test/passwordFile1"
badUserAndPass := iicmd.NewDefaultImageInspectorOptions()
badUserAndPass.Username = "******"
badUserAndPass.PasswordFile = "test/nosuchfile"
badDockerCfgMissing := iicmd.NewDefaultImageInspectorOptions()
badDockerCfgMissing.DockerCfg.Values = []string{"test/dockercfg1", "test/nosuchfile"}
badDockerCfgWrong := iicmd.NewDefaultImageInspectorOptions()
badDockerCfgWrong.DockerCfg.Values = []string{"test/dockercfg1", "test/passwordFile1"}
badDockerCfgNoAuth := iicmd.NewDefaultImageInspectorOptions()
badDockerCfgNoAuth.DockerCfg.Values = []string{"test/dockercfg1", "test/dockercfg3"}
tests := map[string]struct {
opts *iicmd.ImageInspectorOptions
expectedAuths int
shouldFail bool
}{
"two dockercfg": {opts: goodTwoDockerCfg, expectedAuths: 3, shouldFail: false},
"username and passwordFile": {opts: goodUserAndPass, expectedAuths: 1, shouldFail: false},
"two dockercfg, one missing": {opts: badDockerCfgMissing, expectedAuths: 2, shouldFail: false},
"two dockercfg, one wrong": {opts: badDockerCfgWrong, expectedAuths: 2, shouldFail: false},
"two dockercfg, no auth": {opts: badDockerCfgNoAuth, expectedAuths: 2, shouldFail: false},
"password file doens't exist": {opts: badUserAndPass, expectedAuths: 1, shouldFail: true},
"no auths, default expected": {opts: goodNoAuth, expectedAuths: 1, shouldFail: false},
}
for k, v := range tests {
ii := &defaultImageInspector{*v.opts, InspectorMetadata{}}
auths, err := ii.getAuthConfigs()
if !v.shouldFail {
if err != nil {
t.Errorf("%s expected to succeed but received %v", k, err)
}
var authsLen int = 0
if auths != nil {
authsLen = len(auths.Configs)
}
if auths == nil || v.expectedAuths != authsLen {
t.Errorf("%s expected len to be %d but got %d from %v",
k, v.expectedAuths, authsLen, auths)
}
} else {
if err == nil {
t.Errorf("%s should have failed be it didn't", k)
}
}
}
}