Skip to content

Commit

Permalink
chore: add prefixes to log messages (aquasecurity#7625)
Browse files Browse the repository at this point in the history
Signed-off-by: knqyf263 <[email protected]>
Co-authored-by: simar7 <[email protected]>
  • Loading branch information
2 people authored and fhielpos committed Dec 20, 2024
1 parent c812a84 commit f465d96
Show file tree
Hide file tree
Showing 10 changed files with 77 additions and 67 deletions.
18 changes: 9 additions & 9 deletions pkg/commands/artifact/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -470,7 +470,7 @@ func filterMisconfigAnalyzers(included, all []analyzer.Type) ([]analyzer.Type, e
return lo.Without(all, included...), nil
}

func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.ScanOptions, error) {
func (r *runner) initScannerConfig(ctx context.Context, opts flag.Options) (ScannerConfig, types.ScanOptions, error) {
target := opts.Target
if opts.Input != "" {
target = opts.Input
Expand Down Expand Up @@ -505,7 +505,7 @@ func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.Scan
var configScannerOptions misconf.ScannerOption
if opts.Scanners.Enabled(types.MisconfigScanner) || opts.ImageConfigScanners.Enabled(types.MisconfigScanner) {
var err error
configScannerOptions, err = initMisconfScannerOption(opts)
configScannerOptions, err = initMisconfScannerOption(ctx, opts)
if err != nil {
return ScannerConfig{}, types.ScanOptions{}, err
}
Expand Down Expand Up @@ -600,7 +600,7 @@ func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.Scan
}

func (r *runner) scan(ctx context.Context, opts flag.Options, initializeScanner InitializeScanner) (types.Report, error) {
scannerConfig, scanOptions, err := r.initScannerConfig(opts)
scannerConfig, scanOptions, err := r.initScannerConfig(ctx, opts)
if err != nil {
return types.Report{}, err
}
Expand All @@ -617,20 +617,20 @@ func (r *runner) scan(ctx context.Context, opts flag.Options, initializeScanner
return report, nil
}

func initMisconfScannerOption(opts flag.Options) (misconf.ScannerOption, error) {
logger := log.WithPrefix(log.PrefixMisconfiguration)
logger.Info("Misconfiguration scanning is enabled")
func initMisconfScannerOption(ctx context.Context, opts flag.Options) (misconf.ScannerOption, error) {
ctx = log.WithContextPrefix(ctx, log.PrefixMisconfiguration)
log.InfoContext(ctx, "Misconfiguration scanning is enabled")

var downloadedPolicyPaths []string
var disableEmbedded bool

downloadedPolicyPaths, err := operation.InitBuiltinPolicies(context.Background(), opts.CacheDir, opts.Quiet, opts.SkipCheckUpdate, opts.MisconfOptions.ChecksBundleRepository, opts.RegistryOpts())
downloadedPolicyPaths, err := operation.InitBuiltinChecks(ctx, opts.CacheDir, opts.Quiet, opts.SkipCheckUpdate, opts.MisconfOptions.ChecksBundleRepository, opts.RegistryOpts())
if err != nil {
if !opts.SkipCheckUpdate {
logger.Error("Falling back to embedded checks", log.Err(err))
log.ErrorContext(ctx, "Falling back to embedded checks", log.Err(err))
}
} else {
logger.Debug("Checks successfully loaded from disk")
log.DebugContext(ctx, "Checks successfully loaded from disk")
disableEmbedded = true
}

Expand Down
14 changes: 7 additions & 7 deletions pkg/commands/operation/operation.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ func DownloadDB(ctx context.Context, appVersion, cacheDir string, dbRepositories
mu.Lock()
defer mu.Unlock()

ctx = log.WithContextPrefix(ctx, "db")
ctx = log.WithContextPrefix(ctx, log.PrefixVulnerabilityDB)
dbDir := db.Dir(cacheDir)
client := db.NewClient(dbDir, quiet, db.WithDBRepository(dbRepositories))
needsUpdate, err := client.NeedsUpdate(ctx, appVersion, skipUpdate)
Expand Down Expand Up @@ -77,8 +77,8 @@ func DownloadVEXRepositories(ctx context.Context, opts flag.Options) error {

}

// InitBuiltinPolicies downloads the built-in policies and loads them
func InitBuiltinPolicies(ctx context.Context, cacheDir string, quiet, skipUpdate bool, checkBundleRepository string, registryOpts ftypes.RegistryOptions) ([]string, error) {
// InitBuiltinChecks downloads the built-in policies and loads them
func InitBuiltinChecks(ctx context.Context, cacheDir string, quiet, skipUpdate bool, checkBundleRepository string, registryOpts ftypes.RegistryOptions) ([]string, error) {
mu.Lock()
defer mu.Unlock()

Expand All @@ -96,14 +96,14 @@ func InitBuiltinPolicies(ctx context.Context, cacheDir string, quiet, skipUpdate
}

if needsUpdate {
log.Info("Need to update the built-in policies")
log.Info("Downloading the built-in policies...")
if err = client.DownloadBuiltinPolicies(ctx, registryOpts); err != nil {
log.InfoContext(ctx, "Need to update the built-in checks")
log.InfoContext(ctx, "Downloading the built-in checks...")
if err = client.DownloadBuiltinChecks(ctx, registryOpts); err != nil {
return nil, xerrors.Errorf("failed to download built-in policies: %w", err)
}
}

policyPaths, err := client.LoadBuiltinPolicies()
policyPaths, err := client.LoadBuiltinChecks()
if err != nil {
if skipUpdate {
msg := "No downloadable policies were loaded as --skip-check-update is enabled"
Expand Down
19 changes: 11 additions & 8 deletions pkg/db/db.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,30 +93,30 @@ func NewClient(dbDir string, quiet bool, opts ...Option) *Client {
func (c *Client) NeedsUpdate(ctx context.Context, cliVersion string, skip bool) (bool, error) {
meta, err := c.metadata.Get()
if err != nil {
log.Debug("There is no valid metadata file", log.Err(err))
log.DebugContext(ctx, "There is no valid metadata file", log.Err(err))
if skip {
log.Error("The first run cannot skip downloading DB")
log.ErrorContext(ctx, "The first run cannot skip downloading DB")
return false, xerrors.New("--skip-update cannot be specified on the first run")
}
meta = metadata.Metadata{Version: db.SchemaVersion}
}

if db.SchemaVersion < meta.Version {
log.Error("The Trivy version is old. Update to the latest version.", log.String("version", cliVersion))
log.ErrorContext(ctx, "Trivy version is old. Update to the latest version.", log.String("version", cliVersion))
return false, xerrors.Errorf("the version of DB schema doesn't match. Local DB: %d, Expected: %d",
meta.Version, db.SchemaVersion)
}

if skip {
log.Debug("Skipping DB update...")
log.DebugContext(ctx, "Skipping DB update...")
if err = c.validate(meta); err != nil {
return false, xerrors.Errorf("validate error: %w", err)
}
return false, nil
}

if db.SchemaVersion != meta.Version {
log.Debug("The local DB schema version does not match with supported version schema.",
log.DebugContext(ctx, "The local DB schema version does not match with supported version schema.",
log.Int("local_version", meta.Version), log.Int("supported_version", db.SchemaVersion))
return true, nil
}
Expand Down Expand Up @@ -151,7 +151,7 @@ func (c *Client) isNewDB(ctx context.Context, meta metadata.Metadata) bool {
func (c *Client) Download(ctx context.Context, dst string, opt types.RegistryOptions) error {
// Remove the metadata file under the cache directory before downloading DB
if err := c.metadata.Delete(); err != nil {
log.Debug("No metadata file")
log.DebugContext(ctx, "No metadata file")
}

if err := c.downloadDB(ctx, opt, dst); err != nil {
Expand Down Expand Up @@ -198,8 +198,11 @@ func (c *Client) initArtifacts(opt types.RegistryOptions) oci.Artifacts {
}

func (c *Client) downloadDB(ctx context.Context, opt types.RegistryOptions, dst string) error {
log.Info("Downloading vulnerability DB...")
downloadOpt := oci.DownloadOption{MediaType: dbMediaType, Quiet: c.quiet}
log.InfoContext(ctx, "Downloading vulnerability DB...")
downloadOpt := oci.DownloadOption{
MediaType: dbMediaType,
Quiet: c.quiet,
}
if err := c.initArtifacts(opt).Download(ctx, dst, downloadOpt); err != nil {
return xerrors.Errorf("failed to download vulnerability DB: %w", err)
}
Expand Down
26 changes: 15 additions & 11 deletions pkg/javadb/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,22 +43,23 @@ type Updater struct {
}

func (u *Updater) Update() error {
ctx := log.WithContextPrefix(context.Background(), log.PrefixJavaDB)
metac := db.NewMetadata(u.dbDir)

meta, err := metac.Get()
if err != nil {
if !errors.Is(err, os.ErrNotExist) {
return xerrors.Errorf("Java DB metadata error: %w", err)
} else if u.skip {
log.Error("The first run cannot skip downloading Java DB")
log.ErrorContext(ctx, "The first run cannot skip downloading Java DB")
return xerrors.New("'--skip-java-db-update' cannot be specified on the first run")
}
}

if (meta.Version != SchemaVersion || !u.isNewDB(meta)) && !u.skip {
if (meta.Version != SchemaVersion || !u.isNewDB(ctx, meta)) && !u.skip {
// Download DB
// TODO: support remote options
if err := u.downloadDB(); err != nil {
if err := u.downloadDB(ctx); err != nil {
return xerrors.Errorf("OCI artifact error: %w", err)
}

Expand All @@ -73,33 +74,36 @@ func (u *Updater) Update() error {
if err = metac.Update(meta); err != nil {
return xerrors.Errorf("Java DB metadata update error: %w", err)
}
log.Info("The Java DB is cached for 3 days. If you want to update the database more frequently, " +
log.InfoContext(ctx, "Java DB is cached for 3 days. If you want to update the database more frequently, "+
`"trivy clean --java-db" command clears the DB cache.`)
}

return nil
}

func (u *Updater) isNewDB(meta db.Metadata) bool {
func (u *Updater) isNewDB(ctx context.Context, meta db.Metadata) bool {
now := time.Now().UTC()
if now.Before(meta.NextUpdate) {
log.Debug("Java DB update was skipped because the local Java DB is the latest")
log.DebugContext(ctx, "Java DB update was skipped because the local Java DB is the latest")
return true
}

if now.Before(meta.DownloadedAt.Add(time.Hour * 24)) { // 1 day
log.Debug("Java DB update was skipped because the local Java DB was downloaded during the last day")
log.DebugContext(ctx, "Java DB update was skipped because the local Java DB was downloaded during the last day")
return true
}
return false
}

func (u *Updater) downloadDB() error {
log.Info("Downloading Java DB...")
func (u *Updater) downloadDB(ctx context.Context) error {
log.InfoContext(ctx, "Downloading Java DB...")

artifacts := oci.NewArtifacts(u.repos, u.registryOption)
downloadOpt := oci.DownloadOption{MediaType: mediaType, Quiet: u.quiet}
if err := artifacts.Download(context.Background(), u.dbDir, downloadOpt); err != nil {
downloadOpt := oci.DownloadOption{
MediaType: mediaType,
Quiet: u.quiet,
}
if err := artifacts.Download(ctx, u.dbDir, downloadOpt); err != nil {
return xerrors.Errorf("failed to download vulnerability DB: %w", err)
}

Expand Down
17 changes: 7 additions & 10 deletions pkg/k8s/commands/cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ func clusterRun(ctx context.Context, opts flag.Options, cluster k8s.Cluster) err
trivyk8s.WithExcludeOwned(opts.ExcludeOwned),
}
if opts.Scanners.AnyEnabled(types.MisconfigScanner) && !opts.DisableNodeCollector {
artifacts, err = trivyk8s.New(cluster, k8sOpts...).ListArtifactAndNodeInfo(ctx, nodeCollectorOptions(opts)...)
artifacts, err = trivyk8s.New(cluster, k8sOpts...).ListArtifactAndNodeInfo(ctx, nodeCollectorOptions(ctx, opts)...)
if err != nil {
return xerrors.Errorf("get k8s artifacts with node info error: %w", err)
}
Expand All @@ -59,20 +59,17 @@ func clusterRun(ctx context.Context, opts flag.Options, cluster k8s.Cluster) err
return runner.run(ctx, artifacts)
}

func nodeCollectorOptions(opts flag.Options) []trivyk8s.NodeCollectorOption {
func nodeCollectorOptions(ctx context.Context, opts flag.Options) []trivyk8s.NodeCollectorOption {
nodeCollectorOptions := []trivyk8s.NodeCollectorOption{
trivyk8s.WithScanJobNamespace(opts.NodeCollectorNamespace),
trivyk8s.WithIgnoreLabels(opts.ExcludeNodes),
trivyk8s.WithScanJobImageRef(opts.NodeCollectorImageRef),
trivyk8s.WithTolerations(opts.Tolerations)}

contentPath, err := operation.InitBuiltinPolicies(context.Background(),
opts.CacheDir,
opts.Quiet,
opts.SkipCheckUpdate,
opts.MisconfOptions.ChecksBundleRepository,
opts.RegistryOpts())
trivyk8s.WithTolerations(opts.Tolerations),
}

ctx = log.WithContextPrefix(ctx, log.PrefixMisconfiguration)
contentPath, err := operation.InitBuiltinChecks(ctx, opts.CacheDir, opts.Quiet, opts.SkipCheckUpdate,
opts.MisconfOptions.ChecksBundleRepository, opts.RegistryOpts())
if err != nil {
log.Error("Falling back to embedded checks", log.Err(err))
nodeCollectorOptions = append(nodeCollectorOptions,
Expand Down
2 changes: 2 additions & 0 deletions pkg/log/logger.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ const (
PrefixMisconfiguration = "misconfig"
PrefixSecret = "secret"
PrefixLicense = "license"
PrefixVulnerabilityDB = "vulndb"
PrefixJavaDB = "javadb"
)

// Logger is an alias of slog.Logger
Expand Down
8 changes: 4 additions & 4 deletions pkg/oci/artifact.go
Original file line number Diff line number Diff line change
Expand Up @@ -225,19 +225,19 @@ func NewArtifacts(repos []name.Reference, opt types.RegistryOptions, opts ...Opt
// Attempts to download next artifact if the first one fails due to a temporary error.
func (a Artifacts) Download(ctx context.Context, dst string, opt DownloadOption) error {
for i, art := range a {
log.Info("Downloading artifact...", log.String("repo", art.repository))
log.InfoContext(ctx, "Downloading artifact...", log.String("repo", art.repository))
err := art.Download(ctx, dst, opt)
if err == nil {
log.Info("Artifact successfully downloaded", log.String("repo", art.repository))
log.InfoContext(ctx, "Artifact successfully downloaded", log.String("repo", art.repository))
return nil
}

if !shouldTryOtherRepo(err) {
return xerrors.Errorf("failed to download artifact from %s: %w", art.repository, err)
}
log.Error("Failed to download artifact", log.String("repo", art.repository), log.Err(err))
log.ErrorContext(ctx, "Failed to download artifact", log.String("repo", art.repository), log.Err(err))
if i < len(a)-1 {
log.Info("Trying to download artifact from other repository...")
log.InfoContext(ctx, "Trying to download artifact from other repository...")
}
}

Expand Down
32 changes: 17 additions & 15 deletions pkg/policy/policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,20 +89,22 @@ func NewClient(cacheDir string, quiet bool, checkBundleRepo string, opts ...Opti
}, nil
}

func (c *Client) populateOCIArtifact(registryOpts types.RegistryOptions) {
func (c *Client) populateOCIArtifact(ctx context.Context, registryOpts types.RegistryOptions) {
if c.artifact == nil {
log.Debug("Loading check bundle", log.String("repository", c.checkBundleRepo))
log.DebugContext(ctx, "Loading check bundle", log.String("repository", c.checkBundleRepo))
c.artifact = oci.NewArtifact(c.checkBundleRepo, registryOpts)
}
}

// DownloadBuiltinPolicies download default policies from GitHub Pages
func (c *Client) DownloadBuiltinPolicies(ctx context.Context, registryOpts types.RegistryOptions) error {
c.populateOCIArtifact(registryOpts)
// DownloadBuiltinChecks download default policies from GitHub Pages
func (c *Client) DownloadBuiltinChecks(ctx context.Context, registryOpts types.RegistryOptions) error {
c.populateOCIArtifact(ctx, registryOpts)

dst := c.contentDir()
if err := c.artifact.Download(ctx, dst,
oci.DownloadOption{MediaType: policyMediaType, Quiet: c.quiet},
if err := c.artifact.Download(ctx, dst, oci.DownloadOption{
MediaType: policyMediaType,
Quiet: c.quiet,
},
); err != nil {
return xerrors.Errorf("download error: %w", err)
}
Expand All @@ -111,7 +113,7 @@ func (c *Client) DownloadBuiltinPolicies(ctx context.Context, registryOpts types
if err != nil {
return xerrors.Errorf("digest error: %w", err)
}
log.Debug("Digest of the built-in policies", log.String("digest", digest))
log.DebugContext(ctx, "Digest of the built-in checks", log.String("digest", digest))

// Update metadata.json with the new digest and the current date
if err = c.updateMetadata(digest, c.clock.Now()); err != nil {
Expand All @@ -121,8 +123,8 @@ func (c *Client) DownloadBuiltinPolicies(ctx context.Context, registryOpts types
return nil
}

// LoadBuiltinPolicies loads default policies
func (c *Client) LoadBuiltinPolicies() ([]string, error) {
// LoadBuiltinChecks loads default policies
func (c *Client) LoadBuiltinChecks() ([]string, error) {
f, err := os.Open(c.manifestPath())
if err != nil {
return nil, xerrors.Errorf("manifest file open error (%s): %w", c.manifestPath(), err)
Expand Down Expand Up @@ -150,7 +152,7 @@ func (c *Client) LoadBuiltinPolicies() ([]string, error) {

// NeedsUpdate returns if the default check should be updated
func (c *Client) NeedsUpdate(ctx context.Context, registryOpts types.RegistryOptions) (bool, error) {
meta, err := c.GetMetadata()
meta, err := c.GetMetadata(ctx)
if err != nil {
return true, nil
}
Expand All @@ -160,7 +162,7 @@ func (c *Client) NeedsUpdate(ctx context.Context, registryOpts types.RegistryOpt
return false, nil
}

c.populateOCIArtifact(registryOpts)
c.populateOCIArtifact(ctx, registryOpts)
digest, err := c.artifact.Digest(ctx)
if err != nil {
return false, xerrors.Errorf("digest error: %w", err)
Expand Down Expand Up @@ -211,17 +213,17 @@ func (c *Client) updateMetadata(digest string, now time.Time) error {
return nil
}

func (c *Client) GetMetadata() (*Metadata, error) {
func (c *Client) GetMetadata(ctx context.Context) (*Metadata, error) {
f, err := os.Open(c.metadataPath())
if err != nil {
log.Debug("Failed to open the check metadata", log.Err(err))
log.DebugContext(ctx, "Failed to open the check metadata", log.Err(err))
return nil, err
}
defer f.Close()

var meta Metadata
if err = json.NewDecoder(f).Decode(&meta); err != nil {
log.Warn("Check metadata decode error", log.Err(err))
log.WarnContext(ctx, "Check metadata decode error", log.Err(err))
return nil, err
}

Expand Down
4 changes: 2 additions & 2 deletions pkg/policy/policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ func TestClient_LoadBuiltinPolicies(t *testing.T) {
c, err := policy.NewClient(tt.cacheDir, true, "", policy.WithOCIArtifact(art))
require.NoError(t, err)

got, err := c.LoadBuiltinPolicies()
got, err := c.LoadBuiltinChecks()
if tt.wantErr != "" {
require.Error(t, err)
assert.Contains(t, err.Error(), tt.wantErr)
Expand Down Expand Up @@ -361,7 +361,7 @@ func TestClient_DownloadBuiltinPolicies(t *testing.T) {
c, err := policy.NewClient(tempDir, true, "", policy.WithClock(tt.clock), policy.WithOCIArtifact(art))
require.NoError(t, err)

err = c.DownloadBuiltinPolicies(context.Background(), ftypes.RegistryOptions{})
err = c.DownloadBuiltinChecks(context.Background(), ftypes.RegistryOptions{})
if tt.wantErr != "" {
require.Error(t, err)
assert.Contains(t, err.Error(), tt.wantErr)
Expand Down
Loading

0 comments on commit f465d96

Please sign in to comment.