From fc6b3a760b646bb4ff0d4065fc5cd0058b70ca39 Mon Sep 17 00:00:00 2001 From: Teppei Fukuda Date: Tue, 2 Jul 2024 08:32:46 +0400 Subject: [PATCH] refactor: pass DB dir to trivy-db (#7057) Signed-off-by: knqyf263 --- go.mod | 4 ++-- go.sum | 7 +++--- integration/integration_test.go | 13 +++------- internal/dbtest/db.go | 13 +++++----- pkg/commands/artifact/run.go | 4 ++-- pkg/commands/clean/run.go | 2 +- pkg/commands/operation/operation.go | 19 ++++----------- pkg/commands/server/run.go | 4 ++-- pkg/db/db.go | 37 ++++++++++++++++++++++------- pkg/db/db_test.go | 31 ++++++++++++------------ pkg/rpc/server/listen.go | 29 +++++++++++----------- pkg/rpc/server/listen_test.go | 15 ++++++------ pkg/version/version.go | 3 ++- 13 files changed, 91 insertions(+), 90 deletions(-) diff --git a/go.mod b/go.mod index e1607b6b8b39..8e01f47254d2 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/aquasecurity/testdocker v0.0.0-20240613070307-2c3868d658ac github.com/aquasecurity/tml v0.6.1 github.com/aquasecurity/trivy-checks v0.13.0 - github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d + github.com/aquasecurity/trivy-db v0.0.0-20240701103400-8e907467e9ab github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20240627095026-cf9d48837f6d github.com/aws/aws-sdk-go-v2 v1.27.2 @@ -192,7 +192,7 @@ require ( github.com/containerd/ttrpc v1.2.4 // indirect github.com/containerd/typeurl/v2 v2.1.1 // indirect github.com/cpuguy83/dockercfg v0.3.1 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect diff --git a/go.sum b/go.sum index d5318916faeb..18c1ec4c2a66 100644 --- a/go.sum +++ b/go.sum @@ -771,8 +771,8 @@ github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gw github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY= github.com/aquasecurity/trivy-checks v0.13.0 h1:na6PTdY4U0uK/fjz3HNRYBxvYSJ8vgTb57a5T8Y5t9w= github.com/aquasecurity/trivy-checks v0.13.0/go.mod h1:Xec/SMVGV66I7RgUqOX9MEr+YxBqHXDVLTYmpspPi3E= -github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTUAkbGqpzt9nJsO24RAdfG+ZSiLFj0G2jO8c= -github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs= +github.com/aquasecurity/trivy-db v0.0.0-20240701103400-8e907467e9ab h1:EmpLGFgRJOstPWDpL4KW+Xap4zRYxyctXDTj5luMQdE= +github.com/aquasecurity/trivy-db v0.0.0-20240701103400-8e907467e9ab/go.mod h1:f+wSW9D5txv8S+tw4D4WNOibaUJYwvNnQuQlGQ8gO6c= github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI= github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20240627095026-cf9d48837f6d h1:z5Ug+gqNjgHzCo7rmv6wKTmyJ8E3bAVEU2AASo3740s= @@ -1019,8 +1019,9 @@ github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHf github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= diff --git a/integration/integration_test.go b/integration/integration_test.go index e9d534da3e06..c7c923af0c33 100644 --- a/integration/integration_test.go +++ b/integration/integration_test.go @@ -26,12 +26,11 @@ import ( "github.com/stretchr/testify/require" "github.com/xeipuuv/gojsonschema" - "github.com/aquasecurity/trivy-db/pkg/db" "github.com/aquasecurity/trivy-db/pkg/metadata" - "github.com/aquasecurity/trivy/internal/dbtest" "github.com/aquasecurity/trivy/pkg/clock" "github.com/aquasecurity/trivy/pkg/commands" + "github.com/aquasecurity/trivy/pkg/db" "github.com/aquasecurity/trivy/pkg/types" "github.com/aquasecurity/trivy/pkg/uuid" @@ -56,15 +55,9 @@ func initDB(t *testing.T) string { } cacheDir := dbtest.InitDB(t, fixtures) - defer db.Close() - - dbDir := filepath.Dir(db.Path(cacheDir)) - - metadataFile := filepath.Join(dbDir, "metadata.json") - f, err := os.Create(metadataFile) - require.NoError(t, err) + defer dbtest.Close() - err = json.NewEncoder(f).Encode(metadata.Metadata{ + err = metadata.NewClient(db.Dir(cacheDir)).Update(metadata.Metadata{ Version: db.SchemaVersion, NextUpdate: time.Now().Add(24 * time.Hour), UpdatedAt: time.Now(), diff --git a/internal/dbtest/db.go b/internal/dbtest/db.go index 9ef89fadba99..7976a54e8b5f 100644 --- a/internal/dbtest/db.go +++ b/internal/dbtest/db.go @@ -9,17 +9,18 @@ import ( "github.com/stretchr/testify/require" fixtures "github.com/aquasecurity/bolt-fixtures" - "github.com/aquasecurity/trivy-db/pkg/db" + trivydb "github.com/aquasecurity/trivy-db/pkg/db" jdb "github.com/aquasecurity/trivy-java-db/pkg/db" + "github.com/aquasecurity/trivy/pkg/db" ) // InitDB initializes testing database. func InitDB(t *testing.T, fixtureFiles []string) string { // Create a temp dir - dir := t.TempDir() + cacheDir := t.TempDir() - dbPath := db.Path(dir) - dbDir := filepath.Dir(dbPath) + dbDir := db.Dir(cacheDir) + dbPath := trivydb.Path(dbDir) err := os.MkdirAll(dbDir, 0700) require.NoError(t, err) @@ -30,9 +31,9 @@ func InitDB(t *testing.T, fixtureFiles []string) string { require.NoError(t, loader.Close()) // Initialize DB - require.NoError(t, db.Init(dir)) + require.NoError(t, db.Init(dbDir)) - return dir + return cacheDir } func Close() error { diff --git a/pkg/commands/artifact/run.go b/pkg/commands/artifact/run.go index db73cf58b391..82cbb439ecce 100644 --- a/pkg/commands/artifact/run.go +++ b/pkg/commands/artifact/run.go @@ -11,9 +11,9 @@ import ( "github.com/spf13/viper" "golang.org/x/xerrors" - "github.com/aquasecurity/trivy-db/pkg/db" "github.com/aquasecurity/trivy/pkg/cache" "github.com/aquasecurity/trivy/pkg/commands/operation" + "github.com/aquasecurity/trivy/pkg/db" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" @@ -295,7 +295,7 @@ func (r *runner) initDB(ctx context.Context, opts flag.Options) error { return SkipScan } - if err := db.Init(opts.CacheDir); err != nil { + if err := db.Init(db.Dir(opts.CacheDir)); err != nil { return xerrors.Errorf("error in vulnerability DB initialize: %w", err) } r.dbOpen = true diff --git a/pkg/commands/clean/run.go b/pkg/commands/clean/run.go index fb20799a571b..9d00d431b962 100644 --- a/pkg/commands/clean/run.go +++ b/pkg/commands/clean/run.go @@ -76,7 +76,7 @@ func cleanScanCache(ctx context.Context, opts flag.Options) error { func cleanVulnerabilityDB(ctx context.Context, opts flag.Options) error { log.InfoContext(ctx, "Removing vulnerability database...") - if err := db.NewClient(opts.CacheDir, true).Clear(ctx); err != nil { + if err := db.NewClient(db.Dir(opts.CacheDir), true).Clear(ctx); err != nil { return xerrors.Errorf("clear vulnerability database: %w", err) } diff --git a/pkg/commands/operation/operation.go b/pkg/commands/operation/operation.go index 63946710f1b2..92e45e5e696e 100644 --- a/pkg/commands/operation/operation.go +++ b/pkg/commands/operation/operation.go @@ -7,7 +7,6 @@ import ( "github.com/google/go-containerregistry/pkg/name" "golang.org/x/xerrors" - "github.com/aquasecurity/trivy-db/pkg/metadata" "github.com/aquasecurity/trivy/pkg/db" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/flag" @@ -24,7 +23,8 @@ func DownloadDB(ctx context.Context, appVersion, cacheDir string, dbRepository n mu.Lock() defer mu.Unlock() - client := db.NewClient(cacheDir, quiet, db.WithDBRepository(dbRepository)) + dbDir := db.Dir(cacheDir) + client := db.NewClient(dbDir, quiet, db.WithDBRepository(dbRepository)) needsUpdate, err := client.NeedsUpdate(ctx, appVersion, skipUpdate) if err != nil { return xerrors.Errorf("database error: %w", err) @@ -33,29 +33,18 @@ func DownloadDB(ctx context.Context, appVersion, cacheDir string, dbRepository n if needsUpdate { log.Info("Need to update DB") log.Info("Downloading DB...", log.String("repository", dbRepository.String())) - if err = client.Download(ctx, cacheDir, opt); err != nil { + if err = client.Download(ctx, dbDir, opt); err != nil { return xerrors.Errorf("failed to download vulnerability DB: %w", err) } } // for debug - if err = showDBInfo(cacheDir); err != nil { + if err = client.ShowInfo(); err != nil { return xerrors.Errorf("failed to show database info: %w", err) } return nil } -func showDBInfo(cacheDir string) error { - m := metadata.NewClient(cacheDir) - meta, err := m.Get() - if err != nil { - return xerrors.Errorf("something wrong with DB: %w", err) - } - log.Debug("DB info", log.Int("schema", meta.Version), log.Time("updated_at", meta.UpdatedAt), - log.Time("next_update", meta.NextUpdate), log.Time("downloaded_at", meta.DownloadedAt)) - return nil -} - // InitBuiltinPolicies downloads the built-in policies and loads them func InitBuiltinPolicies(ctx context.Context, cacheDir string, quiet, skipUpdate bool, checkBundleRepository string, registryOpts ftypes.RegistryOptions) ([]string, error) { mu.Lock() diff --git a/pkg/commands/server/run.go b/pkg/commands/server/run.go index c5f7b0da2f0b..19b24f990396 100644 --- a/pkg/commands/server/run.go +++ b/pkg/commands/server/run.go @@ -5,9 +5,9 @@ import ( "golang.org/x/xerrors" - "github.com/aquasecurity/trivy-db/pkg/db" "github.com/aquasecurity/trivy/pkg/cache" "github.com/aquasecurity/trivy/pkg/commands/operation" + "github.com/aquasecurity/trivy/pkg/db" "github.com/aquasecurity/trivy/pkg/flag" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/module" @@ -35,7 +35,7 @@ func Run(ctx context.Context, opts flag.Options) (err error) { return nil } - if err = db.Init(opts.CacheDir); err != nil { + if err = db.Init(db.Dir(opts.CacheDir)); err != nil { return xerrors.Errorf("error in vulnerability DB initialize: %w", err) } diff --git a/pkg/db/db.go b/pkg/db/db.go index e87277f93375..e4af60d092c6 100644 --- a/pkg/db/db.go +++ b/pkg/db/db.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "os" + "path/filepath" "time" "github.com/google/go-containerregistry/pkg/name" @@ -28,6 +29,10 @@ const ( var ( DefaultRepository = fmt.Sprintf("%s:%d", "ghcr.io/aquasecurity/trivy-db", db.SchemaVersion) defaultRepository, _ = name.NewTag(DefaultRepository) + + Init = db.Init + Close = db.Close + Path = db.Path ) type options struct { @@ -56,13 +61,17 @@ func WithDBRepository(dbRepository name.Reference) Option { type Client struct { *options - cacheDir string + dbDir string metadata metadata.Client quiet bool } +func Dir(cacheDir string) string { + return filepath.Join(cacheDir, "db") +} + // NewClient is the factory method for DB client -func NewClient(cacheDir string, quiet bool, opts ...Option) *Client { +func NewClient(dbDir string, quiet bool, opts ...Option) *Client { o := &options{ dbRepository: defaultRepository, } @@ -73,8 +82,8 @@ func NewClient(cacheDir string, quiet bool, opts ...Option) *Client { return &Client{ options: o, - cacheDir: cacheDir, - metadata: metadata.NewClient(cacheDir), + dbDir: dbDir, + metadata: metadata.NewClient(dbDir), quiet: quiet, } } @@ -149,7 +158,7 @@ func (c *Client) Download(ctx context.Context, dst string, opt types.RegistryOpt return xerrors.Errorf("OCI artifact error: %w", err) } - if err = art.Download(ctx, db.Dir(dst), oci.DownloadOption{MediaType: dbMediaType}); err != nil { + if err = art.Download(ctx, dst, oci.DownloadOption{MediaType: dbMediaType}); err != nil { return xerrors.Errorf("database download error: %w", err) } @@ -159,19 +168,19 @@ func (c *Client) Download(ctx context.Context, dst string, opt types.RegistryOpt return nil } -func (c *Client) Clear(ctx context.Context) error { - if err := os.RemoveAll(db.Dir(c.cacheDir)); err != nil { +func (c *Client) Clear(_ context.Context) error { + if err := os.RemoveAll(c.dbDir); err != nil { return xerrors.Errorf("failed to remove vulnerability database: %w", err) } return nil } -func (c *Client) updateDownloadedAt(ctx context.Context, dst string) error { +func (c *Client) updateDownloadedAt(ctx context.Context, dbDir string) error { log.Debug("Updating database metadata...") // We have to initialize a metadata client here // since the destination may be different from the cache directory. - client := metadata.NewClient(dst) + client := metadata.NewClient(dbDir) meta, err := client.Get() if err != nil { return xerrors.Errorf("unable to get metadata: %w", err) @@ -207,3 +216,13 @@ func (c *Client) initOCIArtifact(opt types.RegistryOptions) (*oci.Artifact, erro } return art, nil } + +func (c *Client) ShowInfo() error { + meta, err := c.metadata.Get() + if err != nil { + return xerrors.Errorf("something wrong with DB: %w", err) + } + log.Debug("DB info", log.Int("schema", meta.Version), log.Time("updated_at", meta.UpdatedAt), + log.Time("next_update", meta.NextUpdate), log.Time("downloaded_at", meta.DownloadedAt)) + return nil +} diff --git a/pkg/db/db_test.go b/pkg/db/db_test.go index d7eca907fe32..ff5e36e2b194 100644 --- a/pkg/db/db_test.go +++ b/pkg/db/db_test.go @@ -9,7 +9,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - tdb "github.com/aquasecurity/trivy-db/pkg/db" "github.com/aquasecurity/trivy-db/pkg/metadata" "github.com/aquasecurity/trivy/internal/dbtest" "github.com/aquasecurity/trivy/pkg/clock" @@ -31,7 +30,7 @@ func TestClient_NeedsUpdate(t *testing.T) { { name: "happy path", metadata: metadata.Metadata{ - Version: tdb.SchemaVersion, + Version: db.SchemaVersion, NextUpdate: timeNextUpdateDay1, }, want: true, @@ -52,7 +51,7 @@ func TestClient_NeedsUpdate(t *testing.T) { { name: "happy path with --skip-update", metadata: metadata.Metadata{ - Version: tdb.SchemaVersion, + Version: db.SchemaVersion, NextUpdate: timeNextUpdateDay1, }, skip: true, @@ -61,7 +60,7 @@ func TestClient_NeedsUpdate(t *testing.T) { { name: "skip downloading DB", metadata: metadata.Metadata{ - Version: tdb.SchemaVersion, + Version: db.SchemaVersion, NextUpdate: timeNextUpdateDay2, }, want: false, @@ -69,11 +68,11 @@ func TestClient_NeedsUpdate(t *testing.T) { { name: "newer schema version", metadata: metadata.Metadata{ - Version: tdb.SchemaVersion + 1, + Version: db.SchemaVersion + 1, NextUpdate: timeNextUpdateDay2, }, wantErr: fmt.Sprintf("the version of DB schema doesn't match. Local DB: %d, Expected: %d", - tdb.SchemaVersion+1, tdb.SchemaVersion), + db.SchemaVersion+1, db.SchemaVersion), }, { name: "--skip-update on the first run", @@ -89,12 +88,12 @@ func TestClient_NeedsUpdate(t *testing.T) { }, skip: true, wantErr: fmt.Sprintf("--skip-update cannot be specified with the old DB schema. Local DB: %d, Expected: %d", - 0, tdb.SchemaVersion), + 0, db.SchemaVersion), }, { name: "happy with old DownloadedAt", metadata: metadata.Metadata{ - Version: tdb.SchemaVersion, + Version: db.SchemaVersion, NextUpdate: timeNextUpdateDay1, DownloadedAt: time.Date(2019, 9, 30, 22, 30, 0, 0, time.UTC), }, @@ -103,7 +102,7 @@ func TestClient_NeedsUpdate(t *testing.T) { { name: "skip downloading DB with recent DownloadedAt", metadata: metadata.Metadata{ - Version: tdb.SchemaVersion, + Version: db.SchemaVersion, NextUpdate: timeNextUpdateDay1, DownloadedAt: time.Date(2019, 9, 30, 23, 30, 0, 0, time.UTC), }, @@ -113,9 +112,9 @@ func TestClient_NeedsUpdate(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - cacheDir := t.TempDir() + dbDir := db.Dir(t.TempDir()) if tt.metadata != (metadata.Metadata{}) { - meta := metadata.NewClient(cacheDir) + meta := metadata.NewClient(dbDir) err := meta.Update(tt.metadata) require.NoError(t, err) } @@ -123,7 +122,7 @@ func TestClient_NeedsUpdate(t *testing.T) { // Set a fake time ctx := clock.With(context.Background(), time.Date(2019, 10, 1, 0, 0, 0, 0, time.UTC)) - client := db.NewClient(cacheDir, true) + client := db.NewClient(dbDir, true) needsUpdate, err := client.NeedsUpdate(ctx, "test", tt.skip) switch { @@ -172,9 +171,9 @@ func TestClient_Download(t *testing.T) { // Fake DB art := dbtest.NewFakeDB(t, tt.input, dbtest.FakeDBOptions{}) - cacheDir := t.TempDir() - client := db.NewClient(cacheDir, true, db.WithOCIArtifact(art)) - err := client.Download(ctx, cacheDir, ftypes.RegistryOptions{}) + dbDir := db.Dir(t.TempDir()) + client := db.NewClient(dbDir, true, db.WithOCIArtifact(art)) + err := client.Download(ctx, dbDir, ftypes.RegistryOptions{}) if tt.wantErr != "" { require.Error(t, err) assert.ErrorContains(t, err, tt.wantErr) @@ -182,7 +181,7 @@ func TestClient_Download(t *testing.T) { } require.NoError(t, err) - meta := metadata.NewClient(cacheDir) + meta := metadata.NewClient(dbDir) got, err := meta.Get() require.NoError(t, err) diff --git a/pkg/rpc/server/listen.go b/pkg/rpc/server/listen.go index 7e2ebc6b8227..0c4484930773 100644 --- a/pkg/rpc/server/listen.go +++ b/pkg/rpc/server/listen.go @@ -13,10 +13,9 @@ import ( "github.com/twitchtv/twirp" "golang.org/x/xerrors" - "github.com/aquasecurity/trivy-db/pkg/db" "github.com/aquasecurity/trivy-db/pkg/metadata" "github.com/aquasecurity/trivy/pkg/cache" - dbc "github.com/aquasecurity/trivy/pkg/db" + "github.com/aquasecurity/trivy/pkg/db" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/utils/fsutils" @@ -31,7 +30,7 @@ const updateInterval = 1 * time.Hour type Server struct { appVersion string addr string - cacheDir string + dbDir string token string tokenHeader string dbRepository name.Reference @@ -45,7 +44,7 @@ func NewServer(appVersion, addr, cacheDir, token, tokenHeader string, dbReposito return Server{ appVersion: appVersion, addr: addr, - cacheDir: cacheDir, + dbDir: db.Dir(cacheDir), token: token, tokenHeader: tokenHeader, dbRepository: dbRepository, @@ -59,16 +58,16 @@ func (s Server) ListenAndServe(ctx context.Context, serverCache cache.Cache, ski dbUpdateWg := &sync.WaitGroup{} go func() { - worker := newDBWorker(dbc.NewClient(s.cacheDir, true, dbc.WithDBRepository(s.dbRepository))) + worker := newDBWorker(db.NewClient(s.dbDir, true, db.WithDBRepository(s.dbRepository))) for { time.Sleep(updateInterval) - if err := worker.update(ctx, s.appVersion, s.cacheDir, skipDBUpdate, dbUpdateWg, requestWg, s.RegistryOptions); err != nil { + if err := worker.update(ctx, s.appVersion, s.dbDir, skipDBUpdate, dbUpdateWg, requestWg, s.RegistryOptions); err != nil { log.Errorf("%+v\n", err) } } }() - mux := newServeMux(ctx, serverCache, dbUpdateWg, requestWg, s.token, s.tokenHeader, s.cacheDir) + mux := newServeMux(ctx, serverCache, dbUpdateWg, requestWg, s.token, s.tokenHeader, s.dbDir) log.Infof("Listening %s...", s.addr) return http.ListenAndServe(s.addr, mux) @@ -128,14 +127,14 @@ func withToken(base http.Handler, token, tokenHeader string) http.Handler { } type dbWorker struct { - dbClient *dbc.Client + dbClient *db.Client } -func newDBWorker(dbClient *dbc.Client) dbWorker { +func newDBWorker(dbClient *db.Client) dbWorker { return dbWorker{dbClient: dbClient} } -func (w dbWorker) update(ctx context.Context, appVersion, cacheDir string, +func (w dbWorker) update(ctx context.Context, appVersion, dbDir string, skipDBUpdate bool, dbUpdateWg, requestWg *sync.WaitGroup, opt types.RegistryOptions) error { log.Debug("Check for DB update...") needsUpdate, err := w.dbClient.NeedsUpdate(ctx, appVersion, skipDBUpdate) @@ -146,13 +145,13 @@ func (w dbWorker) update(ctx context.Context, appVersion, cacheDir string, } log.Info("Updating DB...") - if err = w.hotUpdate(ctx, cacheDir, dbUpdateWg, requestWg, opt); err != nil { + if err = w.hotUpdate(ctx, dbDir, dbUpdateWg, requestWg, opt); err != nil { return xerrors.Errorf("failed DB hot update: %w", err) } return nil } -func (w dbWorker) hotUpdate(ctx context.Context, cacheDir string, dbUpdateWg, requestWg *sync.WaitGroup, opt types.RegistryOptions) error { +func (w dbWorker) hotUpdate(ctx context.Context, dbDir string, dbUpdateWg, requestWg *sync.WaitGroup, opt types.RegistryOptions) error { tmpDir, err := os.MkdirTemp("", "db") if err != nil { return xerrors.Errorf("failed to create a temp dir: %w", err) @@ -175,17 +174,17 @@ func (w dbWorker) hotUpdate(ctx context.Context, cacheDir string, dbUpdateWg, re } // Copy trivy.db - if _, err = fsutils.CopyFile(db.Path(tmpDir), db.Path(cacheDir)); err != nil { + if _, err = fsutils.CopyFile(db.Path(tmpDir), db.Path(dbDir)); err != nil { return xerrors.Errorf("failed to copy the database file: %w", err) } // Copy metadata.json - if _, err = fsutils.CopyFile(metadata.Path(tmpDir), metadata.Path(cacheDir)); err != nil { + if _, err = fsutils.CopyFile(metadata.Path(tmpDir), metadata.Path(dbDir)); err != nil { return xerrors.Errorf("failed to copy the metadata file: %w", err) } log.Info("Reopening DB...") - if err = db.Init(cacheDir); err != nil { + if err = db.Init(dbDir); err != nil { return xerrors.Errorf("failed to open DB: %w", err) } diff --git a/pkg/rpc/server/listen_test.go b/pkg/rpc/server/listen_test.go index 82c8b2669bc4..8457cef042d7 100644 --- a/pkg/rpc/server/listen_test.go +++ b/pkg/rpc/server/listen_test.go @@ -14,7 +14,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - trivydb "github.com/aquasecurity/trivy-db/pkg/db" "github.com/aquasecurity/trivy-db/pkg/metadata" "github.com/aquasecurity/trivy/internal/dbtest" "github.com/aquasecurity/trivy/pkg/cache" @@ -75,17 +74,17 @@ func Test_dbWorker_update(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - cacheDir := t.TempDir() + dbDir := db.Dir(t.TempDir()) // Initialize the cache - meta := metadata.NewClient(cacheDir) + meta := metadata.NewClient(dbDir) err := meta.Update(cachedMetadata) require.NoError(t, err) - err = trivydb.Init(cacheDir) + err = db.Init(dbDir) require.NoError(t, err) - defer func() { _ = trivydb.Close() }() + defer func() { _ = db.Close() }() // Set a fake time ctx := clock.With(context.Background(), tt.now) @@ -95,11 +94,11 @@ func Test_dbWorker_update(t *testing.T) { art := dbtest.NewFakeDB(t, dbPath, dbtest.FakeDBOptions{ MediaType: tt.layerMediaType, }) - client := db.NewClient(cacheDir, true, db.WithOCIArtifact(art)) + client := db.NewClient(dbDir, true, db.WithOCIArtifact(art)) w := newDBWorker(client) var dbUpdateWg, requestWg sync.WaitGroup - err = w.update(ctx, "1.2.3", cacheDir, + err = w.update(ctx, "1.2.3", dbDir, tt.skipUpdate, &dbUpdateWg, &requestWg, ftypes.RegistryOptions{}) if tt.wantErr != "" { require.Error(t, err, tt.name) @@ -108,7 +107,7 @@ func Test_dbWorker_update(t *testing.T) { } require.NoError(t, err, tt.name) - mc := metadata.NewClient(cacheDir) + mc := metadata.NewClient(dbDir) got, err := mc.Get() require.NoError(t, err, tt.name) assert.Equal(t, tt.want, got, tt.name) diff --git a/pkg/version/version.go b/pkg/version/version.go index 4490364db9aa..60ee62bd52f1 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -6,6 +6,7 @@ import ( "github.com/aquasecurity/trivy-db/pkg/metadata" javadb "github.com/aquasecurity/trivy-java-db/pkg/db" + "github.com/aquasecurity/trivy/pkg/db" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/policy" "github.com/aquasecurity/trivy/pkg/version/app" @@ -45,7 +46,7 @@ func NewVersionInfo(cacheDir string) VersionInfo { var dbMeta *metadata.Metadata var javadbMeta *metadata.Metadata - mc := metadata.NewClient(cacheDir) + mc := metadata.NewClient(db.Dir(cacheDir)) meta, err := mc.Get() if err != nil { log.Debug("Failed to get DB metadata", log.Err(err))