consolidate logic and external feeds url values config

Signed-off-by: Brady Todhunter <[email protected]>
anchore · Sep 16, 2021 · 1b2bb09 · 1b2bb09
1 parent d951825
commit 1b2bb09
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 37 deletions.
diff --git a/stable/anchore-engine/templates/engine_configmap.yaml b/stable/anchore-engine/templates/engine_configmap.yaml
@@ -1,26 +1,20 @@
-{{ $anchoreFeedsURL := "https://ancho.re/v1/service/feeds" }}
-{{- if .Values.anchoreEnterpriseFeeds.url }}
-{{- $anchoreFeedsURL = .Values.anchoreEnterpriseFeeds.url }}
-{{- else if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled }}
-{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
-{{- $anchoreFeedsURL = (printf "https://%s:%s/v1/feeds"  (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) }}
-{{- else }}
-{{- $anchoreFeedsURL = (printf "http://%s:%s/v1/feeds" (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) }}
-{{- end }}
-{{- end }}
+{{- $anchoreFeedsURL := "https://ancho.re/v1/service/feeds" -}}
+{{- $grypeProviderFeedsExternalURL := "https://toolbox-data.anchore.io/grype/databases/listing.json" -}}
 
-{{ $grypeProviderFeedsExternalURL := "" }}
-{{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled -}}
-{{- if .Values.anchoreEnterpriseFeeds.grypeProviderFeedsExternalURL }}
-{{- $grypeProviderFeedsExternalURL = (printf "%s/databases/grype" .Values.anchoreEnterpriseFeeds.grypeProviderFeedsExternalURL) }}
-{{- else if .Values.anchoreGlobal.internalServicesSsl.enabled }}
-{{- $grypeProviderFeedsExternalURL = (printf "https://%s:%s/v1/databases/grype"  (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) }}
-{{- else }}
-{{- $grypeProviderFeedsExternalURL = (printf "http://%s:%s/v1/databases/grype"  (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) }}
-{{- end }}
-{{ - else }}
-{{- $grypeProviderFeedsExternalURL = "https://toolbox-data.anchore.io/grype/databases/listing.json" }}
-{{- end}}
+{{- if .Values.anchoreEnterpriseFeeds.url -}}
+  {{- $urlPathSuffix := (default "" (regexFind "/v1.*$" .Values.anchoreEnterpriseFeeds.url)) -}}
+  {{- $anchoreFeedsHost := (trimSuffix $urlPathSuffix .Values.anchoreEnterpriseFeeds.url) -}}
+  {{- $anchoreFeedsURL = (printf "%s/v1/feeds" $anchoreFeedsHost) -}}
+  {{- $grypeProviderFeedsExternalURL = (printf "%s/v1/databases/grype" $anchoreFeedsHost) -}}
+{{- else if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled -}}
+  {{- if .Values.anchoreGlobal.internalServicesSsl.enabled -}}
+    {{- $anchoreFeedsURL = (printf "https://%s:%s/v1/feeds"  (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) -}}
+    {{- $grypeProviderFeedsExternalURL = (printf "https://%s:%s/v1/databases/grype"  (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) -}}
+  {{- else -}}
+    {{- $anchoreFeedsURL = (printf "http://%s:%s/v1/feeds" (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) -}}
+    {{- $grypeProviderFeedsExternalURL = (printf "http://%s:%s/v1/databases/grype"  (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) -}}
+  {{- end -}}
+{{- end -}}
 
 kind: ConfigMap
 apiVersion: v1
@@ -251,7 +245,7 @@ data:
               # grypedb feed is synced if the provider is set to grype. All the remaining feeds except for packages are ignored even if they are enabled
               grypedb:
                 enabled: {{ default "true" (.Values.anchoreGlobal.syncGrypeDB | quote) }}
-                url: {{default "https://toolbox-data.anchore.io/grype/databases/listing.json" $grypeProviderFeedsExternalURL}}
+                url: {{ $grypeProviderFeedsExternalURL }}
               # The following feeds are synced if provider is set to legacy
               # Vulnerabilities feed is the feed for distro cve sources (redhat, debian, ubuntu, oracle, alpine....)
               vulnerabilities:

diff --git a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
@@ -1,14 +1,19 @@
 {{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled -}}
 {{- $component := "enterprise-feeds" -}}
 
-{{ $grypeProviderFeedsExternalURL := "" }}
-{{- if .Values.anchoreEnterpriseFeeds.grypeProviderFeedsExternalURL }}
-{{- $grypeProviderFeedsExternalURL = .Values.anchoreEnterpriseFeeds.grypeProviderFeedsExternalURL }}
-{{- else if .Values.anchoreGlobal.internalServicesSsl.enabled }}
-{{- $grypeProviderFeedsExternalURL = (printf "https://%s:%s/v1"  (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) }}
-{{- else }}
-{{- $grypeProviderFeedsExternalURL = (printf "http://%s:%s/v1"  (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) }}
-{{- end }}
+{{- $grypeProviderFeedsExternalURL := "" -}}
+
+{{- if .Values.anchoreEnterpriseFeeds.url -}}
+  {{- $urlPathSuffix := (default "" (regexFind "/v1.*$" .Values.anchoreEnterpriseFeeds.url)) }}
+  {{- $anchoreFeedsHost := (trimSuffix $urlPathSuffix .Values.anchoreEnterpriseFeeds.url) -}}
+  {{- $grypeProviderFeedsExternalURL = (printf "%s/v1/" $anchoreFeedsHost) -}}
+{{- else -}}
+  {{- if .Values.anchoreGlobal.internalServicesSsl.enabled -}}
+    {{- $grypeProviderFeedsExternalURL = (printf "https://%s:%s/v1/"  (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) -}}
+  {{- else -}}
+    {{- $grypeProviderFeedsExternalURL = (printf "http://%s:%s/v1/"  (include "anchore-engine.enterprise-feeds.fullname" .) (.Values.anchoreEnterpriseFeeds.service.port | toString) ) -}}
+  {{- end -}}
+{{- end -}}
 
 apiVersion: v1
 kind: ConfigMap
@@ -152,7 +157,7 @@ data:
           {{- end }}
           grypedb:
             enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.grypeDriverEnabled | quote) }}
-            external_feeds_url: {{ $feedsExternalURL }}
+            external_feeds_url: {{ $grypeProviderFeedsExternalURL }}
         {{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
         ssl_enable: {{ .Values.anchoreGlobal.internalServicesSsl.enabled }}
         ssl_cert: "/home/anchore/certs/{{- .Values.anchoreGlobal.internalServicesSsl.certSecretCertName }}"

diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml
@@ -738,13 +738,10 @@ anchoreEnterpriseFeeds:
   # If enabled is set to false, set anchore-feeds-db.enabled to false to ensure that helm doesn't stand up a unneccessary postgres instance.
   enabled: true
 
-  # Set custom feeds URL if multiple Anchore deployments are using the same internal feeds service. i.e.: https://<feeds-hostname>:<feeds-port>/v1/feeds
+  # Set custom feeds URL. Useful when using a feeds service endpoint that is external from the cluster.
+  # i.e. https://<feeds-hostname>:<feeds-port>
   url: ""
 
-  # ONLY USED IF RUNNING THE GRYPE PROVIDER: 
-  # The URL of the feeds service to download Grype DB with enterprise feeds, i.e.: https://<feeds-hostname>:<feeds-port>/v1/
-  grypeProviderFeedsExternalURL: ""
-
   # Enable github advisory feeds
   githubDriverEnabled: false
   # GitHub advisory feeds require a github developer personal access token with no permission scopes selected.