From db2c502b4a8ff8a331c998a2248cbaaa844026ed Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Tue, 28 May 2024 10:13:39 +0900 Subject: [PATCH] feat(reporter/s3): support minio (#1930) * feat(reporter/s3): support minio * feat(reporter/s3): disable config/credential: file and some providers --- config/awsconf.go | 28 ++++++++++++++++++++++++++-- reporter/s3.go | 14 +++++++++++++- subcmds/discover.go | 5 ++++- 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/config/awsconf.go b/config/awsconf.go index 2b2d484d8b..af744c87eb 100644 --- a/config/awsconf.go +++ b/config/awsconf.go @@ -10,12 +10,18 @@ import ( // AWSConf is aws config type AWSConf struct { - // AWS profile to use - Profile string `json:"profile"` + // AWS S3 Endpoint to use + S3Endpoint string `json:"s3Endpoint"` // AWS region to use Region string `json:"region"` + // AWS profile to use + Profile string `json:"profile"` + + // use credential provider + CredentialProvider CredentialProviderType `json:"credentialProvider"` + // S3 bucket name S3Bucket string `json:"s3Bucket"` @@ -25,16 +31,34 @@ type AWSConf struct { // The Server-side encryption algorithm used when storing the reports in S3 (e.g., AES256, aws:kms). S3ServerSideEncryption string `json:"s3ServerSideEncryption"` + // use s3 path style + S3UsePathStyle bool `json:"s3UsePathStyle"` + // report s3 enable Enabled bool `toml:"-" json:"-"` } +// CredentialProviderType is credential provider type +type CredentialProviderType string + +const ( + // CredentialProviderAnonymous is credential provider type: anonymous + CredentialProviderAnonymous CredentialProviderType = "anonymous" +) + // Validate configuration func (c *AWSConf) Validate() (errs []error) { if !c.Enabled { return } + switch c.CredentialProvider { + case CredentialProviderType(""): + case CredentialProviderAnonymous: + default: + errs = append(errs, fmt.Errorf("CredentialProvider: %s is not supported", c.CredentialProvider)) + } + if c.S3Bucket == "" { errs = append(errs, fmt.Errorf("S3Bucket is empty")) diff --git a/reporter/s3.go b/reporter/s3.go index 1eb027a660..c7b75ea687 100644 --- a/reporter/s3.go +++ b/reporter/s3.go @@ -33,17 +33,29 @@ type S3Writer struct { func (w S3Writer) getS3() (*s3.Client, error) { var optFns []func(*awsConfig.LoadOptions) error + if w.S3Endpoint != "" { + optFns = append(optFns, awsConfig.WithEndpointResolverWithOptions(aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) { + return aws.Endpoint{URL: w.S3Endpoint}, nil + }))) + } if w.Region != "" { optFns = append(optFns, awsConfig.WithRegion(w.Region)) } if w.Profile != "" { optFns = append(optFns, awsConfig.WithSharedConfigProfile(w.Profile)) } + switch w.CredentialProvider { + case "": + case config.CredentialProviderAnonymous: + optFns = append(optFns, awsConfig.WithCredentialsProvider(aws.AnonymousCredentials{})) + default: + return nil, xerrors.Errorf("CredentialProvider: %s is not supported", w.CredentialProvider) + } cfg, err := awsConfig.LoadDefaultConfig(context.TODO(), optFns...) if err != nil { return nil, xerrors.Errorf("Failed to load config. err: %w", err) } - return s3.NewFromConfig(cfg), nil + return s3.NewFromConfig(cfg, func(o *s3.Options) { o.UsePathStyle = w.S3UsePathStyle }), nil } // Write results to S3 diff --git a/subcmds/discover.go b/subcmds/discover.go index cb17d404b8..67da90bb7e 100644 --- a/subcmds/discover.go +++ b/subcmds/discover.go @@ -152,11 +152,14 @@ func printConfigToml(ips []string) (err error) { # https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket #[aws] -#profile = "default" +#s3Endpoint = "http://localhost:9000" #region = "ap-northeast-1" +#profile = "default" +#credentialProvider = "anonymous" #s3Bucket = "vuls" #s3ResultsDir = "/path/to/result" #s3ServerSideEncryption = "AES256" +#s3UsePathStyle = false # https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage #[azure]