🟢 get to compile cnspec again

Signed-off-by: Dominik Richter <[email protected]>

apps/cnspec/cmd/backgroundjob/healthping.go

@@ -10,7 +10,7 @@ import (
 	"time"
 
 	"github.com/rs/zerolog/log"
-	"go.mondoo.com/cnquery/upstream/health"
+	"go.mondoo.com/cnquery/providers-sdk/v1/upstream/health"
 )
 
 type healthPinger struct {

apps/cnspec/cmd/bundle.go

@@ -14,6 +14,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"go.mondoo.com/cnquery/cli/config"
+	"go.mondoo.com/cnquery/providers"
 	"go.mondoo.com/cnquery/providers-sdk/v1/upstream"
 	"go.mondoo.com/cnspec/internal/bundle"
 	"go.mondoo.com/cnspec/policy"
@@ -92,7 +93,8 @@ var policyLintCmd = &cobra.Command{
 			log.Fatal().Err(err).Msg("could not find bundle files")
 		}
 
-		result, err := bundle.Lint(files...)
+		runtime := providers.DefaultRuntime()
+		result, err := bundle.Lint(runtime.Schema(), files...)
 		if err != nil {
 			log.Fatal().Err(err).Msg("could not lint bundle files")
 		}
@@ -170,7 +172,8 @@ var policyPublishCmd = &cobra.Command{
 
 		noLint := viper.GetBool("no-lint")
 		if !noLint {
-			result, err := bundle.Lint(files...)
+			runtime := providers.DefaultRuntime()
+			result, err := bundle.Lint(runtime.Schema(), files...)
 			if err != nil {
 				log.Fatal().Err(err).Msg("could not lint bundle files")
 			}

apps/cnspec/cmd/scan.go

@@ -23,6 +23,7 @@ import (
 	"go.mondoo.com/cnquery/providers-sdk/v1/upstream"
 	"go.mondoo.com/cnspec/cli/reporter"
 	"go.mondoo.com/cnspec/policy"
+	"go.mondoo.com/cnspec/policy/scan"
 )
 
 func init() {
@@ -229,7 +230,7 @@ func getCobraScanConfig(cmd *cobra.Command, runtime *providers.Runtime, cliRes *
 		}
 	}
 
-	if len(conf.QueryPackPaths) > 0 && !conf.IsIncognito {
+	if len(conf.PolicyPaths) > 0 && !conf.IsIncognito {
 		log.Warn().Msg("Scanning with local bundles will switch into --incognito mode by default. Your results will not be sent upstream.")
 		conf.IsIncognito = true
 	}
@@ -253,7 +254,7 @@ func (c *scanConfig) loadPolicies() error {
 			return err
 		}
 
-		_, err = bundle.Compile(context.Background(), c.runtime.Schema())
+		_, err = bundle.Compile(context.Background(), c.runtime.Schema(), nil)
 		if err != nil {
 			return errors.Wrap(err, "failed to compile bundle")
 		}
@@ -265,8 +266,8 @@ func (c *scanConfig) loadPolicies() error {
 	return nil
 }
 
-func RunScan(config *scanConfig) (*policy.ReportCollection, error) {
-	opts := []scan.ScannerOption{}
+func RunScan(config *scanConfig, scannerOpts ...scan.ScannerOption) (*policy.ReportCollection, error) {
+	opts := scannerOpts
 	if config.runtime.UpstreamConfig != nil {
 		opts = append(opts, scan.WithUpstream(config.runtime.UpstreamConfig))
 	}
@@ -277,24 +278,32 @@ func RunScan(config *scanConfig) (*policy.ReportCollection, error) {
 	scanner := scan.NewLocalScanner(opts...)
 	ctx := cnquery.SetFeatures(context.Background(), config.Features)
 
+	var res *scan.ScanResult
+	var err error
 	if config.IsIncognito {
-		return scanner.RunIncognito(
+		res, err = scanner.RunIncognito(
 			ctx,
 			&scan.Job{
-				Inventory:        config.Inventory,
-				Bundle:           config.Bundle,
-				QueryPackFilters: config.QueryPackNames,
-				Props:            config.Props,
+				Inventory:     config.Inventory,
+				Bundle:        config.Bundle,
+				PolicyFilters: config.PolicyNames,
+				Props:         config.Props,
 			})
+	} else {
+		res, err = scanner.Run(
+			ctx,
+			&scan.Job{
+				Inventory:     config.Inventory,
+				Bundle:        config.Bundle,
+				PolicyFilters: config.PolicyNames,
+				Props:         config.Props,
+			})
+	}
+
+	if err != nil {
+		return nil, err
 	}
-	return scanner.Run(
-		ctx,
-		&scan.Job{
-			Inventory:        config.Inventory,
-			Bundle:           config.Bundle,
-			QueryPackFilters: config.QueryPackNames,
-			Props:            config.Props,
-		})
+	return res.GetFull(), nil
 }
 
 func printReports(report *policy.ReportCollection, conf *scanConfig, cmd *cobra.Command) {

apps/cnspec/cmd/serve_api.go

@@ -17,14 +17,11 @@ import (
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
-	cnquery_cmd "go.mondoo.com/cnquery/apps/cnquery/cmd"
 	"go.mondoo.com/cnquery/cli/config"
-	"go.mondoo.com/cnquery/cli/sysinfo"
 	"go.mondoo.com/cnquery/logger"
 	"go.mondoo.com/cnquery/providers-sdk/v1/upstream"
 	cnspec_config "go.mondoo.com/cnspec/apps/cnspec/cmd/config"
 	"go.mondoo.com/cnspec/policy/scan"
-	"go.mondoo.com/ranger-rpc"
 )
 
 func init() {
@@ -63,35 +60,18 @@ var serveApiCmd = &cobra.Command{
 			log.Fatal().Msg("no service account configured")
 		}
 
-		certAuth, err := upstream.NewServiceAccountRangerPlugin(serviceAccount)
-		if err != nil {
-			log.Error().Err(err).Msg(errorMessageServiceAccount)
-			os.Exit(cnquery_cmd.ConfigurationErrorCode)
-		}
-		plugins := []ranger.ClientPlugin{certAuth}
-		// determine information about the client
-		sysInfo, err := sysinfo.GatherSystemInfo()
-		if err != nil {
-			log.Warn().Err(err).Msg("could not gather client information")
-		}
-		plugins = append(plugins, defaultRangerPlugins(sysInfo, opts.GetFeatures())...)
-		httpClient, err := opts.GetHttpClient()
-		if err != nil {
-			log.Error().Err(err).Msg("error seting up http client")
-			os.Exit(cnquery_cmd.ConfigurationErrorCode)
-		}
-
-		httpTimeout := viper.GetUint("http-timeout")
-		httpClient.Timeout = time.Duration(httpTimeout) * time.Second
 		log.Info().Msg("using service account credentials")
 		upstreamConfig := upstream.UpstreamConfig{
 			SpaceMrn:    opts.GetParentMrn(),
 			ApiEndpoint: opts.UpstreamApiEndpoint(),
-			Plugins:     plugins,
-			HttpClient:  httpClient,
+			Incognito:   false, // because we serve, we interact with upstream, never incognito
+			Creds:       serviceAccount,
 		}
 
-		scanner := scan.NewLocalScanner(scan.WithUpstream(upstreamConfig.ApiEndpoint, upstreamConfig.SpaceMrn, upstreamConfig.HttpClient), scan.WithPlugins(plugins), scan.DisableProgressBar())
+		scanner := scan.NewLocalScanner(
+			scan.WithUpstream(&upstreamConfig),
+			scan.DisableProgressBar(),
+		)
 		if err := scanner.EnableQueue(); err != nil {
 			log.Fatal().Err(err).Msg("could not enable scan queue")
 		}

cli/reporter/json.go

@@ -44,7 +44,7 @@ type assetPrintable struct {
 	PlatformName string `protobuf:"bytes,20,opt,name=platformName,proto3" json:"platformName,omitempty"`
 }
 
-func prepareAssetsForPrinting(assets map[string]*asset.Asset) map[string]*assetPrintable {
+func prepareAssetsForPrinting(assets map[string]*inventory.Asset) map[string]*assetPrintable {
 	printableAssets := map[string]*assetPrintable{}
 	for k, a := range assets {
 		pAsset := &assetPrintable{

cli/reporter/junit.go

@@ -80,7 +80,7 @@ func ReportCollectionToJunit(r *policy.ReportCollection, out shared.OutputHelper
 }
 
 // assetPolicyTests converts asset scoring queries to Junit test cases
-func assetPolicyTests(r *policy.ReportCollection, assetMrn string, assetObj *asset.Asset, queries map[string]*explorer.Mquery) junit.Testsuite {
+func assetPolicyTests(r *policy.ReportCollection, assetMrn string, assetObj *inventory.Asset, queries map[string]*explorer.Mquery) junit.Testsuite {
 	ts := junit.Testsuite{
 		Time:      "",
 		Testcases: []junit.Testcase{},
@@ -155,7 +155,7 @@ func assetPolicyTests(r *policy.ReportCollection, assetMrn string, assetObj *ass
 }
 
 // assetPolicyTests converts asset vulnerability results to Junit test cases
-func assetMvdTests(r *policy.ReportCollection, assetMrn string, assetObj *asset.Asset) *junit.Testsuite {
+func assetMvdTests(r *policy.ReportCollection, assetMrn string, assetObj *inventory.Asset) *junit.Testsuite {
 	// check if we have a vulnerability report
 	results, ok := r.Reports[assetMrn]
 	if !ok {

cli/reporter/print.go

@@ -69,7 +69,7 @@ func (r *Reporter) scoreColored(rating policy.ScoreRating, s string) string {
 	return s
 }
 
-func getPlatforNameForAsset(asset *asset.Asset) string {
+func getPlatforNameForAsset(asset *inventory.Asset) string {
 	platformName := ""
 	if asset.Platform != nil {
 		if asset.Platform.Title == "" {

cli/reporter/print_compact.go

@@ -77,7 +77,7 @@ func (r *defaultReporter) print() error {
 
 func (r *defaultReporter) printSummary(orderedAssets []assetMrnName) {
 	assetUrl := ""
-	assetsByPlatform := make(map[string][]*asset.Asset)
+	assetsByPlatform := make(map[string][]*inventory.Asset)
 	projectId := ""
 	assetsByScore := make(map[string]int)
 	for _, assetMrnName := range orderedAssets {
@@ -217,7 +217,7 @@ func (r *defaultReporter) getScoreDistribution(assetsByScore map[string]int) []s
 	return scores
 }
 
-func (r *defaultReporter) getAssetDistribution(assetsByPlatform map[string][]*asset.Asset) []string {
+func (r *defaultReporter) getAssetDistribution(assetsByPlatform map[string][]*inventory.Asset) []string {
 	assets := []string{}
 
 	maxPlatformLength := 0
@@ -236,7 +236,7 @@ func (r *defaultReporter) getAssetDistribution(assetsByPlatform map[string][]*as
 	return assets
 }
 
-func (r *defaultReporter) printAssetsByPlatform(assetsByPlatform map[string][]*asset.Asset) {
+func (r *defaultReporter) printAssetsByPlatform(assetsByPlatform map[string][]*inventory.Asset) {
 	availablePlatforms := make([]string, 0, len(assetsByPlatform))
 	for k := range assetsByPlatform {
 		availablePlatforms = append(availablePlatforms, k)
@@ -366,7 +366,7 @@ func (r *defaultReporter) printAssetSections(orderedAssets []assetMrnName) {
 // Remove all this code and migrate it to tap or something
 // ============================= vv ============================================
 
-func (r *defaultReporter) printAssetControls(resolved *policy.ResolvedPolicy, report *policy.Report, controls map[string]*policy.Control, assetMrn string, asset *asset.Asset) {
+func (r *defaultReporter) printAssetControls(resolved *policy.ResolvedPolicy, report *policy.Report, controls map[string]*policy.Control, assetMrn string, asset *inventory.Asset) {
 	var scores []*policy.Score
 	for _, rj := range resolved.CollectorJob.ReportingJobs {
 		if rj.Type != policy.ReportingJob_CONTROL {
@@ -446,7 +446,7 @@ func (r *defaultReporter) printControl(score *policy.Score, control *policy.Cont
 	}
 }
 
-func (r *defaultReporter) printAssetQueries(resolved *policy.ResolvedPolicy, report *policy.Report, queries map[string]*explorer.Mquery, assetMrn string, asset *asset.Asset) {
+func (r *defaultReporter) printAssetQueries(resolved *policy.ResolvedPolicy, report *policy.Report, queries map[string]*explorer.Mquery, assetMrn string, asset *inventory.Asset) {
 	results := report.RawResults()
 
 	dataQueriesOutput := ""

cli/reporter/print_report.go

@@ -110,7 +110,7 @@ func (r *reportRenderer) printAsset(assetMrn string) (string, error) {
 	return res.String(), nil
 }
 
-func (r *reportRenderer) assetSummary(assetObj *asset.Asset, score *policy.Score) string {
+func (r *reportRenderer) assetSummary(assetObj *inventory.Asset, score *policy.Score) string {
 	var res bytes.Buffer
 
 	if assetObj == nil {

cli/reporter/reporter.go

@@ -11,16 +11,16 @@ import (
 
 	"go.mondoo.com/cnquery/cli/printer"
 	"go.mondoo.com/cnquery/cli/theme/colors"
-	"go.mondoo.com/cnquery/shared"
+	ee "go.mondoo.com/cnquery/explorer/executor"
 	"go.mondoo.com/cnquery/providers-sdk/v1/upstream/mvd"
+	"go.mondoo.com/cnquery/shared"
 	"go.mondoo.com/cnspec/policy"
-	"go.mondoo.com/cnspec/policy/executor"
 	"sigs.k8s.io/yaml"
 )
 
 var (
-	vulnReportDatapointChecksum = executor.MustGetOneDatapoint(executor.MustCompile("platform.vulnerabilityReport"))
-	kernelListDatapointChecksum = executor.MustGetOneDatapoint(executor.MustCompile("kernel.installed"))
+	vulnReportDatapointChecksum = ee.MustGetOneDatapoint(ee.MustCompile("platform.vulnerabilityReport"))
+	kernelListDatapointChecksum = ee.MustGetOneDatapoint(ee.MustCompile("kernel.installed"))
 )
 
 type Reporter struct {