wip aws-s3

components/consumers/aws-s3/BUILD

@@ -0,0 +1,30 @@
+subinclude(
+    "//build/defs:buildkit",
+    "//build/defs:dracon",
+)
+
+go_binary(
+    name = "aws-s3",
+    srcs = [
+        "main.go",
+    ],
+    deps = [
+        "//api/proto/v1",
+        "//components/consumers",
+        "//pkg/enumtransformers",
+    ],
+)
+
+buildkit_distroless_image(
+    name = "image",
+    srcs = [":aws-s3"],
+)
+
+dracon_component(
+    name = "aws-s3",
+    images = [
+        ":image",
+    ],
+    task = "task.yaml",
+    visibility = ["//examples/pipelines/..."],
+)

components/consumers/aws-s3/kustomization.yaml

@@ -0,0 +1,68 @@
+# DO NOT EDIT. Code generated by:
+# github.com/ocurity/dracon//build/tools/kustomize-component-generator.
+
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - task.yaml
+patches:
+  # Add the Task to the Tekton Pipeline.
+  - patch: |
+      apiVersion: tekton.dev/v1beta1
+      kind: Pipeline
+      metadata:
+        name: unused
+      spec:
+        workspaces:
+          - name: source-code-ws
+        tasks:
+          - name: consumer-stdout-json
+            taskRef:
+              name: consumer-stdout-json
+            workspaces:
+              - name: source-code-ws
+                workspace: source-code-ws
+    target:
+      kind: Pipeline
+  # Add anchors to Task.
+  - patch: |
+      apiVersion: tekton.dev/v1beta1
+      kind: Task
+      metadata:
+        name: consumer-stdout-json
+        labels:
+          v1.dracon.ocurity.com/component: consumer
+      spec:
+        params:
+          - name: anchors
+            type: array
+            description: A list of tasks that this task depends on using their anchors.
+            default: []
+        results:
+          - name: anchor
+            description: An anchor to allow other tasks to depend on this task.
+        steps:
+          - name: anchor
+            image: docker.io/busybox:1.35.0
+            script: echo "$(context.task.name)" > "$(results.anchor.path)"
+    target:
+      kind: Task
+      name: consumer-stdout-json
+  # If we have an enricher-aggregator task in the pipeline (added by the
+  # enricher-aggregator component), make the consumer depend on the completion of
+  # it.
+  - patch: |
+      apiVersion: tekton.dev/v1beta1
+      kind: Pipeline
+      metadata:
+        name: unused
+      spec:
+        tasks:
+          - name: consumer-stdout-json
+            params:
+              - name: anchors
+                value:
+                  - $(tasks.enricher-aggregator.results.anchor)
+    target:
+      kind: Pipeline
+      annotationSelector: v1.dracon.ocurity.com/has-enricher-aggregator=true

components/consumers/aws-s3/main.go

@@ -0,0 +1,69 @@
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/s3/s3manager"
+
+	"github.com/ocurity/dracon/components/consumers"
+)
+
+var (
+	bucket string
+	region string
+)
+
+func main() {
+	flag.StringVar(&bucket, "bucket", "", "s3 bucket name")
+	flag.StringVar(&region, "region", "", "s3 bucket region")
+
+	if err := consumers.ParseFlags(); err != nil {
+		log.Fatal(err)
+	}
+	if consumers.Raw {
+		responses, err := consumers.LoadToolResponse()
+		if err != nil {
+			log.Fatal("could not load raw results, file malformed: ", err)
+		}
+		s3Data, err := json.Marshal(responses)
+		if err != nil {
+			log.Fatal("could not marshal results, err:", err)
+		}
+		filename := fmt.Sprintf("ocurity scan %s-%s", responses[0].GetScanInfo().GetScanUuid(), responses[0].GetToolName())
+		sendToS3(filename, bucket, region, s3Data)
+	} else {
+		responses, err := consumers.LoadEnrichedToolResponse()
+		if err != nil {
+			log.Fatal("could not load enriched results, file malformed: ", err)
+		}
+		filename := fmt.Sprintf("ocurity scan %s-%s", responses[0].OriginalResults.GetScanInfo().GetScanUuid(), responses[0].OriginalResults.GetToolName())
+		s3Data, err := json.Marshal(responses)
+		if err != nil {
+			log.Fatal("could not marshal results, err:", err)
+		}
+		sendToS3(filename, bucket, region, s3Data)
+	}
+}
+func sendToS3(filename, bucket, region string, data []byte) {
+
+	sess, err := session.NewSession(&aws.Config{
+		Region: aws.String(region)},
+	)
+	uploader := s3manager.NewUploader(sess)
+	_, err = uploader.Upload(&s3manager.UploadInput{
+		Bucket: aws.String(bucket),
+		Key:    aws.String(filename),
+		Body:   bytes.NewReader(data),
+	})
+	if err != nil {
+		log.Fatalf("Unable to upload %q to %q, %v", filename, bucket, err)
+	}
+
+	fmt.Printf("Successfully uploaded %q to %q\n", filename, bucket)
+}

components/consumers/aws-s3/task.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: consumer-aws-s3
+  labels:
+    v1.dracon.ocurity.com/component: consumer
+spec:
+  workspaces:
+    - name: source-code-ws
+      description: The workspace containing the source-code to scan.
+  steps:
+  - name: run-consumer
+    imagePullPolicy: IfNotPresent
+    image: ghcr.io/ocurity/dracon/components/consumers/aws-s3/image:latest
+    command: ["/app/components/consumers/aws-s3/aws-s3"]
+    args:
+      - "-in"
+      - "$(workspaces.source-code-ws.path)/.dracon/enrichers/"