diff --git a/README.md b/README.md index f4b22c1..05270b5 100644 --- a/README.md +++ b/README.md @@ -54,23 +54,40 @@ in the following order: Anchore ECS Inventory can be configured with a configuration file. The default location the configuration file is looked for is -`~/.anchore-ecs-inventory/config.yaml`. The configuration file can be overridden +`~/.anchore-ecs-inventory.yaml`. The configuration file can be overridden with the `-c` flag. ```yaml log: - level: "debug" - # location to write the log file (by default we log to STDOUT only) + # level of logging that anchore-ecs-inventory will do { 'error' | 'info' | 'debug } + level: "info" + + # location to write the log file (default is not to have a log file) file: "./anchore-ecs-inventory.log" anchore: - url: (e.g. http://localhost:8228) - user: - password: $ANCHORE_ENTERPRISE_API_PASSWORD + # anchore enterprise api url (e.g. http://localhost:8228) + url: $ANCHORE_ECS_INVENTORY_ANCHORE_URL + + # anchore enterprise username + user: $ANCHORE_ECS_INVENTORY_ANCHORE_USER + + # anchore enterprise password + password: ANCHORE_ECS_INVENTORY_ANCHORE_PASSWORD + + # anchore enterprise account that the inventory will be sent + account: $ANCHORE_ECS_INVENTORY_ANCHORE_ACCOUNT + http: insecure: true timeout-seconds: 10 +# the aws region +region: $ANCHORE_ECS_INVENTORY_REGION + +# frequency of which to poll the region +polling-interval-seconds: 300 + quiet: false ``` diff --git a/docker-compose/anchore-ecs-inventory.yaml b/docker-compose/anchore-ecs-inventory.yaml new file mode 100644 index 0000000..fa0fd13 --- /dev/null +++ b/docker-compose/anchore-ecs-inventory.yaml @@ -0,0 +1,31 @@ +log: + # level of logging that anchore-ecs-inventory will do { 'error' | 'info' | 'debug } + level: "info" + + # location to write the log file (default is not to have a log file) + file: "" + +anchore: + # anchore enterprise api url (e.g. http://localhost:8228) + url: $ANCHORE_ECS_INVENTORY_ANCHORE_URL + + # anchore enterprise username + user: $ANCHORE_ECS_INVENTORY_ANCHORE_USER + + # anchore enterprise password + password: ANCHORE_ECS_INVENTORY_ANCHORE_PASSWORD + + # anchore enterprise account that the inventory will be sent + account: $ANCHORE_ECS_INVENTORY_ANCHORE_ACCOUNT + + http: + insecure: true + timeout-seconds: 10 + +# the aws region +region: $ANCHORE_ECS_INVENTORY_REGION + +# frequency of which to poll the region +polling-interval-seconds: 300 + +quiet: false \ No newline at end of file diff --git a/docker-compose/config.yaml b/docker-compose/config.yaml deleted file mode 100644 index 63372e3..0000000 --- a/docker-compose/config.yaml +++ /dev/null @@ -1,12 +0,0 @@ -log: - level: "info" - # location to write the log file (default is not to have a log file) - file: "./anchore-ecs-inventory.log" - -anchore: - url: http://localhost:8228 - user: admin - password: $ANCHORE_ENTERPRISE_API_PASSWORD - http: - insecure: true - timeout-seconds: 10 diff --git a/docker-compose/docker-compose.yaml b/docker-compose/docker-compose.yaml index 5f34d02..316e7ba 100644 --- a/docker-compose/docker-compose.yaml +++ b/docker-compose/docker-compose.yaml @@ -1,18 +1,15 @@ version: '2.1' + services: anchore-ecs-inventory: - volumes: - - ./config.yaml:/config.yaml:ro - image: anchore/ecs-inventory:latest + image: docker.io/anchore/ecs-inventory:latest container_name: anchore-ecs-inventory + volumes: + - ./anchore-ecs-inventory.yaml:/.anchore-ecs-inventory.yaml + - ./aws.config:/.aws/credentials environment: - ANCHORE_ENTERPRISE_API_PASSWORD: ${ANCHORE_ENTERPRISE_API_PASSWORD:-foobar} - AWS_REGION: ${AWS_REGION:-us-west-2} - AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:-bar} - AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:-foo} - command: - [ - "--config=config.yaml", - "--polling-interval-seconds=300", - "-v" - ] + ANCHORE_ECS_INVENTORY_ANCHORE_URL: ${ANCHORE_ECS_INVENTORY_ANCHORE_URL:-http://localhost:8228} + ANCHORE_ECS_INVENTORY_ANCHORE_USER: ${ANCHORE_ECS_INVENTORY_ANCHORE_USER:-admin} + ANCHORE_ECS_INVENTORY_ANCHORE_PASSWORD: ${ANCHORE_ECS_INVENTORY_ANCHORE_PASSWORD:-foobar} + ANCHORE_ECS_INVENTORY_ANCHORE_ACCOUNT: ${ANCHORE_ECS_INVENTORY_ANCHORE_ACCOUNT:-admin} + ANCHORE_ECS_INVENTORY_REGION: ${ANCHORE_ECS_INVENTORY_REGION:-eu-west-2} diff --git a/pkg/reporter/reporter.go b/pkg/reporter/reporter.go index 6b36d90..04292be 100644 --- a/pkg/reporter/reporter.go +++ b/pkg/reporter/reporter.go @@ -20,7 +20,7 @@ const ReportAPIPath = "v1/enterprise/inventories" // //nolint:gosec func Post(report Report, anchoreDetails connection.AnchoreInfo) error { - logger.Log.Info("Reporting results to Anchore") + logger.Log.Info("Reporting results to Anchore", "Account", anchoreDetails.Account) tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: anchoreDetails.HTTP.Insecure}, } @@ -54,7 +54,7 @@ func Post(report Report, anchoreDetails connection.AnchoreInfo) error { if resp.StatusCode != 200 { return fmt.Errorf("failed to report data to Anchore: %+v", resp) } - logger.Log.Debug("Successfully reported results to Anchore") + logger.Log.Debug("Successfully reported results to Anchore", "Account", anchoreDetails.Account) return nil } diff --git a/pkg/reporter/reportitem.go b/pkg/reporter/reportitem.go index 2df6e5b..9dd17f7 100644 --- a/pkg/reporter/reportitem.go +++ b/pkg/reporter/reportitem.go @@ -6,7 +6,7 @@ import ( // ReportItem represents a cluster and all it's unique images type ReportItem struct { - Namespace string `json:"namespace,omitempty"` // NOTE The key is Namespace to match the Anchore API but it's actually passed as empty string + Namespace string `json:"namespace"` // NOTE The key is Namespace to match the Anchore API but it's actually passed as empty string Images []ReportImage `json:"images"` }