search

blackducksoftware / perceivers

Kubernetes and openshift image discovery for OpsSight
Apache License 2.0
4 stars 7 forks source link

fix parse error when sha in image string (instead of expected tag) #76

Closed mattfenwick closed 6 years ago

mattfenwick commented 6 years ago

To repro:

Run an image by specifying a sha:

kubectl run --image=gcr.io/gke-verification/blackducksoftware/perceptor@sha256:9914478c9642be49e7791a7a29207c0a6194c8bf6e9690ab5902008cce8af39f hmmm

Look at the kube description:

$ kubectl describe pod hmmm-75b85df6db-48qwr
Name:           hmmm-75b85df6db-48qwr
Namespace:      default
Node:           ...
Start Time:     Fri, 07 Sep 2018 18:47:12 +0000
Labels:         pod-template-hash=3164189286
                run=hmmm
Annotations:    kubernetes.io/limit-ranger=LimitRanger plugin set: cpu request for container hmmm
Status:         Running
IP:             10.24.44.27
Controlled By:  ReplicaSet/hmmm-75b85df6db
Containers:
  hmmm:
    Container ID:   docker://9a39ec602d8a2c06347a0026283ebb35df48b8bd420bcc301184b1abc89b9f5d
    Image:          gcr.io/gke-verification/blackducksoftware/perceptor@sha256:9914478c9642be49e7791a7a29207c0a6194c8bf6e9690ab5902008cce8af39f
    Image ID:       docker-pullable://gcr.io/gke-verification/blackducksoftware/perceptor@sha256:9914478c9642be49e7791a7a29207c0a6194c8bf6e9690ab5902008cce8af39f

The problem: check out mapper/pod_mapper.go:

            name, sha, err := docker.ParseImageIDString(newCont.ImageID)
            if err != nil {
                metrics.RecordError("pod_mapper", "unable to parse kubernetes imageID")
                return nil, fmt.Errorf("unable to parse kubernetes imageID string %s from pod %s/%s: %v", newCont.ImageID, kubePod.Namespace, kubePod.Name, err)
            }
            _, tag := docker.ParseImageString(newCont.Image)
            addedCont := perceptorapi.NewContainer(*perceptorapi.NewImage(name, tag, sha), newCont.Name)
            containers = append(containers, *addedCont)

The sha is misinterpreted as a tag, and the repo is misparsed (but ignored).

Test output:

--- FAIL: TestParseWeirdStrings (0.00s)
    parseimage_test.go:176: repo: expected gcr.io/gke-verification/blackducksoftware/perceptor, got gcr.io/gke-verification/blackducksoftware/perceptor@sha256
    parseimage_test.go:180: tag: expected , got 9914478c9642be49e7791a7a29207c0a6194c8bf6e9690ab5902008cce8af39f
FAIL
coverage: 96.8% of statements
exit status 1
FAIL    github.com/blackducksoftware/perceivers/pkg/docker  0.684s