Skip to content

Commit

Permalink
policy download refactor (tenable#618)
Browse files Browse the repository at this point in the history
  • Loading branch information
Devang Gaur authored Mar 15, 2021
1 parent 9fe74b4 commit b6732c7
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 24 deletions.
4 changes: 2 additions & 2 deletions pkg/config/global.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ const (
)

var (
policyRepoPath = filepath.Join(utils.GetHomeDir(), ".terrascan")
policyBasePath = filepath.Join(policyRepoPath, "pkg", "policies", "opa", "rego")
policyBasePath = filepath.Join(utils.GetHomeDir(), ".terrascan")
policyRepoPath = filepath.Join(policyBasePath, "pkg", "policies", "opa", "rego")
)

func init() {
Expand Down
44 changes: 23 additions & 21 deletions pkg/initialize/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ package initialize

import (
"fmt"
"io/ioutil"
"net/http"
"os"

"github.com/accurics/terrascan/pkg/config"
Expand All @@ -29,23 +29,30 @@ import (
)

var (
basePath = config.GetPolicyRepoPath()
basePolicyPath = config.GetPolicyBasePath()
policyRepoPath = config.GetPolicyRepoPath()
policyBasePath = config.GetPolicyBasePath()
repoURL = config.GetPolicyRepoURL()
branch = config.GetPolicyBranch()
noConnectionErr = fmt.Errorf("could not connect to github.com")
)

const terrascanReadmeURL string = "https://raw.githubusercontent.com/accurics/terrascan/master/README.md"

// Run initializes terrascan if not done already
func Run(isScanCmd bool) error {
zap.S().Debug("initializing terrascan")

// check if policy paths exist
if path, err := os.Stat(basePolicyPath); err == nil && path.IsDir() {
if path, err := os.Stat(policyRepoPath); err == nil && path.IsDir() {
if isScanCmd {
return nil
}
}

if !connected(terrascanReadmeURL) {
return noConnectionErr
}

// download policies
if err := DownloadPolicies(); err != nil {
return err
Expand All @@ -59,17 +66,17 @@ func Run(isScanCmd bool) error {
func DownloadPolicies() error {
zap.S().Debug("downloading policies")

tempPath, err := ioutil.TempDir("", "terrascan-")
if err != nil {
return fmt.Errorf("failed to create temporary directory. error: '%v'", err)
}
zap.S().Debugf("base directory path : %s", policyBasePath)
zap.S().Debugf("policy directory path : %s", policyRepoPath)
zap.S().Debugf("policy repo url : %s", repoURL)
zap.S().Debugf("policy repo git branch : %s", branch)

defer os.RemoveAll(tempPath)
os.RemoveAll(policyBasePath)

zap.S().Debugf("cloning terrascan repo at %s", tempPath)
zap.S().Debugf("cloning terrascan repo at %s", policyBasePath)

// clone the repo
r, err := git.PlainClone(tempPath, false, &git.CloneOptions{
r, err := git.PlainClone(policyBasePath, false, &git.CloneOptions{
URL: repoURL,
})
if err != nil {
Expand Down Expand Up @@ -99,15 +106,10 @@ func DownloadPolicies() error {
return fmt.Errorf("failed to checkout git branch '%v'. error: '%v'", branch, err)
}

// cleaning the existing cached policies at basePath
if err = os.RemoveAll(basePath); err != nil {
return fmt.Errorf("failed to clean up the directory '%s'. error: '%v'", basePath, err)
}

// move the freshly cloned repo from tempPath to basePath
if err = os.Rename(tempPath, basePath); err != nil {
return fmt.Errorf("failed to install policies to '%s'. error: '%v'", basePath, err)
}

return nil
}

func connected(url string) bool {
_, err := http.Get(url)
return err == nil
}
2 changes: 1 addition & 1 deletion pkg/policy/cloud-providers.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ var defaultIacType = make(map[supportedCloudType]supportedIacType)
var defaultIacVersion = make(map[supportedCloudType]supportedIacVersion)

var (
basePolicyPath = config.GetPolicyBasePath()
basePolicyPath = config.GetPolicyRepoPath()
)

func registerActualCloudProvider(cloudType supportedCloudType, iacTypeDefault supportedIacType, iacVersionDefault supportedIacVersion, isIndirect bool, getPolicyPaths func() []string) {
Expand Down

0 comments on commit b6732c7

Please sign in to comment.