Update exclusions check for better new user experience

.github/workflows/openshift-test.yaml

@@ -128,7 +128,7 @@ jobs:
           mv ci/openshift-test.yaml ci/openshift-test-values.yaml
           popd
         done
-        ct install --config ct-config.yaml --helm-extra-args "--timeout 600s" --helm-extra-set-args "--set=useExistingPullCredSecret=true--set=useExistingLicenseSecret=true --set=anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers=[] --set=anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types=[]"
+        ct install --config ct-config.yaml --helm-extra-args "--timeout 600s"
       env:
         KUBECONFIG: ./tmp/kubeconfig
         TARGET_BRANCH: "${{ github.event.pull_request.base.ref }}"

.github/workflows/test.yaml

@@ -99,4 +99,4 @@ jobs:
 
     - name: Run chart-testing
       if: steps.list-changed.outputs.CHANGED == 'true'
-      run: ct install --config ct-config.yaml --helm-extra-args "--timeout 600s" --helm-extra-set-args "--set=useExistingPullCredSecret=true --set=useExistingLicenseSecret=true --set=anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers=[] --set=anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types=[]"
+      run: ct install --config ct-config.yaml --helm-extra-args "--timeout 600s"

stable/enterprise/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: enterprise
-version: "3.0.0"
+version: "3.0.1"
 appVersion: "5.10.0"
 kubeVersion: 1.23.x - 1.30.x || 1.23.x-x - 1.30.x-x
 description: |

stable/enterprise/files/default_config.yaml

@@ -201,8 +201,16 @@ services:
             enabled: true
       matching:
         exclude:
-          providers: {{ .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers }}
-          package_types: {{ .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types }}
+          {{- if .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers }}
+          providers: {{ .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers | toJson }}
+          {{- else }}
+          providers: []
+          {{- end }}
+          {{- if .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types }}
+          package_types: {{ .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types | toJson }}
+          {{- else }}
+          package_types: []
+          {{- end }}
         default:
           search:
             by_cpe:

stable/enterprise/files/osaa_config.yaml

@@ -209,8 +209,16 @@ services:
             enabled: true
       matching:
         exclude:
-          providers: {{ .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers }}
-          package_types: {{ .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types }}
+          {{- if .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers }}
+          providers: {{ .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers | toJson }}
+          {{- else }}
+          providers: []
+          {{- end }}
+          {{- if .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types }}
+          package_types: {{ .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types | toJson }}
+          {{- else }}
+          package_types: []
+          {{- end }}
         default:
           search:
             by_cpe:

stable/enterprise/templates/_helpers.tpl

@@ -154,4 +154,85 @@ secretName: {{ . }}
 {{- else }}
 secretName: {{ template "enterprise.fullname" . }}-license
 {{- end }}
-{{- end -}}
+{{- end -}}
+
+{{- define "checkDriverEnabled" -}}
+  {{- $drivers := .drivers -}}
+  {{- $driverName := .driverName -}}
+  {{- $driver := index $drivers $driverName -}}
+  {{- if $driver }}
+    {{- $driverEnabled := index $driver "enabled" -}}
+    {{- if not $driverEnabled }}
+      {{- $notify := .notify -}}
+      {{- $_ := set . "notify" true -}}
+    {{- end }}
+  {{- end }}
+{{- end }}
+
+{{- define "enterprise.exclusionCheck" -}}
+
+{{ $notify := false }}
+
+{{ $feeds := index .Values "feeds" }}
+{{- if $feeds -}}
+  {{ $feedsChartEnabled := index .Values "feeds" "chartEnabled" }}
+  {{- if (not $feedsChartEnabled) -}}
+    {{ $notify = true }}
+  {{- end -}}
+
+  {{- if not $notify -}}
+    {{ $feedsExtraEnvs := index .Values "feeds" "extraEnv" }}
+    {{- if $feedsExtraEnvs -}}
+      {{- range $index, $val := $feedsExtraEnvs -}}
+        {{- if contains "ANCHORE_FEEDS_DRIVER" .name -}}
+          {{ $notify = true }}
+        {{- end -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if not $notify -}}
+    {{- $anchoreConfig := index $feeds "anchoreConfig" }}
+    {{- if $anchoreConfig }}
+      {{- $anchoreFeeds := index $anchoreConfig "feeds" }}
+      {{- if $anchoreFeeds }}
+        {{- $drivers := index $anchoreFeeds "drivers" }}
+        {{- if $drivers }}
+
+          {{- $context := dict "drivers" $drivers "notify" $notify "driverName" "gem" }}
+          {{- include "checkDriverEnabled" $context }}
+          {{- $notify = $context.notify }}
+
+          {{- $context := dict "drivers" $drivers "notify" $notify "driverName" "github" }}
+          {{- include "checkDriverEnabled" $context }}
+          {{- $notify = $context.notify }}
+
+          {{- $context := dict "drivers" $drivers "notify" $notify "driverName" "msrc" }}
+          {{- include "checkDriverEnabled" $context }}
+          {{- $notify = $context.notify }}
+
+          {{- $context := dict "drivers" $drivers "notify" $notify "driverName" "npm" }}
+          {{- include "checkDriverEnabled" $context }}
+          {{- $notify = $context.notify }}
+        {{- end -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+
+
+{{- end -}}
+
+{{- if not $notify -}}
+  {{- range $index, $val := .Values.extraEnv -}}
+    {{- if contains "ANCHORE_FEEDS_DRIVER" .name -}}
+      {{ $notify = true }}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+
+{{ if $notify }}
+    {{- $exclude_providers := required "anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers is required" .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers -}}
+    {{- $exclude_package := required "anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types is required" .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types -}}
+{{- end -}}
+
+{{- end -}}

stable/enterprise/templates/anchore_configmap.yaml

@@ -1,5 +1,4 @@
-{{- $exclude_providers := required "anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers is required" .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.providers -}}
-{{- $exclude_package := required "anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types is required" .Values.anchoreConfig.policy_engine.vulnerabilities.matching.exclude.package_types -}}
+{{- include "enterprise.exclusionCheck" . -}}
 kind: ConfigMap
 apiVersion: v1
 metadata: