Documentation ¶
Index ¶
- Constants
- type ControllerFactory
- type FetchProxy
- type Libindex
- func (l *Libindex) AffectedManifests(ctx context.Context, vulns []claircore.Vulnerability) (*claircore.AffectedManifests, error)
- func (l *Libindex) Close(ctx context.Context) error
- func (l *Libindex) DeleteManifests(ctx context.Context, d ...claircore.Digest) ([]claircore.Digest, error)
- func (l *Libindex) Index(ctx context.Context, manifest *claircore.Manifest) (*claircore.IndexReport, error)
- func (l *Libindex) IndexReport(ctx context.Context, hash claircore.Digest) (*claircore.IndexReport, bool, error)
- func (l *Libindex) State(ctx context.Context) (string, error)
- type LockSource
- type Options
- type RemoteFetchArena
Examples ¶
Constants ¶
const ( DefaultScanLockRetry = 5 * time.Second DefaultLayerScanConcurrency = 10 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ControllerFactory ¶
type ControllerFactory func(opts *indexer.Opts) *controller.Controller
ControllerFactory is a factory method to return a Controller during libindex runtime.
type FetchProxy ¶ added in v1.1.0
type FetchProxy struct {
// contains filtered or unexported fields
}
FetchProxy tracks the files fetched for layers.
This can be unexported if FetchArena gets unexported.
func (*FetchProxy) Close ¶ added in v1.1.0
func (p *FetchProxy) Close() error
Close marks all the layers' backing files as unused.
This method may actually delete the backing files.
type Libindex ¶
type Libindex struct { // holds dependencies for creating a libindex instance *Options // contains filtered or unexported fields }
Libindex implements the method set for scanning and indexing a Manifest.
Example ¶
package main import ( "context" "net/http" "os" "github.com/quay/claircore" "github.com/quay/claircore/datastore/postgres" "github.com/quay/claircore/libindex" "github.com/quay/claircore/pkg/ctxlock" ) func main() { ctx := context.TODO() pool, err := postgres.Connect(ctx, "connection string", "libindex-test") if err != nil { panic(err) } store, err := postgres.InitPostgresIndexerStore(ctx, pool, true) if err != nil { panic(err) } ctxLocker, err := ctxlock.New(ctx, pool) if err != nil { panic(err) } opts := &libindex.Options{ Store: store, Locker: ctxLocker, FetchArena: libindex.NewRemoteFetchArena(http.DefaultClient, os.TempDir()), // see definition for more configuration options } lib, err := libindex.New(ctx, opts, http.DefaultClient) if err != nil { panic(err) } m := &claircore.Manifest{} ir, err := lib.Index(ctx, m) if err != nil { panic(err) } if ir.State == "IndexError" { panic(ir.Err) } }
Output:
func New ¶
New creates a new instance of libindex.
The passed http.Client will be used for fetching layers and any HTTP requests made by scanners.
func (*Libindex) AffectedManifests ¶ added in v0.0.24
func (l *Libindex) AffectedManifests(ctx context.Context, vulns []claircore.Vulnerability) (*claircore.AffectedManifests, error)
AffectedManifests retrieves a list of affected manifests when provided a list of vulnerabilities.
func (*Libindex) DeleteManifests ¶ added in v1.2.0
func (l *Libindex) DeleteManifests(ctx context.Context, d ...claircore.Digest) ([]claircore.Digest, error)
DeleteManifests removes manifests specified by the provided digests.
Providing an unknown digest is not an error.
func (*Libindex) Index ¶
func (l *Libindex) Index(ctx context.Context, manifest *claircore.Manifest) (*claircore.IndexReport, error)
Index performs a scan and index of each layer within the provided Manifest.
If the index operation cannot start an error will be returned. If an error occurs during scan the error will be propagated inside the IndexReport.
type LockSource ¶ added in v1.4.5
type LockSource interface { TryLock(context.Context, string) (context.Context, context.CancelFunc) Lock(context.Context, string) (context.Context, context.CancelFunc) Close(context.Context) error }
LockSource abstracts over how locks are implemented.
An online system needs distributed locks, offline use cases can use process-local locks.
type Options ¶ added in v1.4.5
type Options struct { // Store is the interface used to persist and retrieve results of indexing. Store indexer.Store // Locker provides system-wide locks. If the indexing work is distributed the // lock should be backed by a distributed store. Locker LockSource // FetchArena is an interface tied to the lifecycle of LibIndex to enable management // of the filesystem while separate processes are dealing with layers, for example: // you can reference count downloaded layer files to avoid racing. FetchArena indexer.FetchArena // ScanLockRetry specifies how often we should try to acquire a lock for scanning a // given manifest if lock is taken. ScanLockRetry time.Duration // LayerScanConcurrency specifies the number of layers to be scanned in parallel. LayerScanConcurrency int // LayerFetchOpt is unused and kept here for backwards compatibility. LayerFetchOpt interface{} // NoLayerValidation controls whether layers are checked to actually be // content-addressed. With this option toggled off, callers can trigger // layers to be indexed repeatedly by changing the identifier in the // manifest. NoLayerValidation bool // ControllerFactory provides an alternative method for creating a scanner during libindex runtime // if nil the default factory will be used. useful for testing purposes ControllerFactory ControllerFactory // Ecosystems a list of ecosystems to use which define which package databases and coalescing methods we use Ecosystems []*indexer.Ecosystem // ScannerConfig holds functions that can be passed into configurable // scanners. They're broken out by kind, and only used if a scanner // implements the appropriate interface. // // Providing a function for a scanner that's not expecting it is not a fatal // error. ScannerConfig struct { Package, Dist, Repo map[string]func(interface{}) error } }
Options are dependencies and options for constructing an instance of libindex
type RemoteFetchArena ¶ added in v1.4.5
type RemoteFetchArena struct {
// contains filtered or unexported fields
}
RemoteFetchArena is a struct that keeps track of all the layers fetched into it, and only removes them once all the users have gone away.
Exported for use in cctool. If cctool goes away, this can get unexported. It is remote in the sense that it pulls layers from the internet.
func NewRemoteFetchArena ¶ added in v1.4.5
func NewRemoteFetchArena(wc *http.Client, root string) *RemoteFetchArena
NewRemoteFetchArena initializes the RemoteFetchArena.
This method is provided instead of a constructor function to make embedding easier.