Merge pull request #1310 from secureCodeBox/fix/make-zap-volume-optional

J12934 · web-flow · commit e737a3eddfca · 2022-08-17T11:28:03.000+02:00
Make ZAP-Advanced Default Config Volume Optional
diff --git a/scanners/zap-advanced/README.md b/scanners/zap-advanced/README.md
@@ -496,7 +496,7 @@ zapConfiguration:
 | scanner.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) |
 | scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
 | scanner.extraVolumeMounts | list | `[{"mountPath":"/home/securecodebox/configs/1-zap-advanced-scantype.yaml","name":"zap-advanced-scantype-config","readOnly":true,"subPath":"1-zap-advanced-scantype.yaml"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
-| scanner.extraVolumes | list | `[{"configMap":{"name":"zap-advanced-scantype-config"},"name":"zap-advanced-scantype-config"},{"configMap":{"name":"zap-scripts-authentication"},"name":"zap-scripts-authentication"},{"configMap":{"name":"zap-scripts-session"},"name":"zap-scripts-session"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.extraVolumes | list | `[{"configMap":{"name":"zap-advanced-scantype-config","optional":true},"name":"zap-advanced-scantype-config"},{"configMap":{"name":"zap-scripts-authentication"},"name":"zap-scripts-authentication"},{"configMap":{"name":"zap-scripts-session"},"name":"zap-scripts-session"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
 | scanner.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
 | scanner.image.repository | string | `"docker.io/securecodebox/scanner-zap-advanced"` | Container Image to run the scan |
 | scanner.image.tag | string | `nil` | defaults to the charts version |
diff --git a/scanners/zap-advanced/docs/README.ArtifactHub.md b/scanners/zap-advanced/docs/README.ArtifactHub.md
@@ -501,7 +501,7 @@ zapConfiguration:
 | scanner.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) |
 | scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
 | scanner.extraVolumeMounts | list | `[{"mountPath":"/home/securecodebox/configs/1-zap-advanced-scantype.yaml","name":"zap-advanced-scantype-config","readOnly":true,"subPath":"1-zap-advanced-scantype.yaml"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
-| scanner.extraVolumes | list | `[{"configMap":{"name":"zap-advanced-scantype-config"},"name":"zap-advanced-scantype-config"},{"configMap":{"name":"zap-scripts-authentication"},"name":"zap-scripts-authentication"},{"configMap":{"name":"zap-scripts-session"},"name":"zap-scripts-session"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.extraVolumes | list | `[{"configMap":{"name":"zap-advanced-scantype-config","optional":true},"name":"zap-advanced-scantype-config"},{"configMap":{"name":"zap-scripts-authentication"},"name":"zap-scripts-authentication"},{"configMap":{"name":"zap-scripts-session"},"name":"zap-scripts-session"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
 | scanner.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
 | scanner.image.repository | string | `"docker.io/securecodebox/scanner-zap-advanced"` | Container Image to run the scan |
 | scanner.image.tag | string | `nil` | defaults to the charts version |
diff --git a/scanners/zap-advanced/scanner/zapclient/zap_automation.py b/scanners/zap-advanced/scanner/zapclient/zap_automation.py
@@ -168,7 +168,7 @@ def generate_report_file(self, file_path: str, report_type: str):
             title="ZAP Report",
             template=self.get_report_template_for_file_type(report_type),
             reportdir=file_path,
-            contexts=self.__config.get_active_context_config["name"],
+            contexts=self.__config.get_active_context_config["name"] if self.__config is not None and self.__config.get_active_context_config is not None else None,
             reportfilename=report_file
         )
     
diff --git a/scanners/zap-advanced/values.yaml b/scanners/zap-advanced/values.yaml
@@ -69,6 +69,7 @@ scanner:
     - name: zap-advanced-scantype-config
       configMap:
         name: zap-advanced-scantype-config
+        optional: true
     - name: zap-scripts-authentication
       configMap:
         name: zap-scripts-authentication
@@ -100,7 +101,7 @@ scanner:
       drop:
         # scanner.securityContext.capabilities.drop[0] -- This drops all linux privileges from the container.
         - all
-  
+
   # scanner.affinity -- Optional affinity settings that control how the scanner job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)
   affinity: {}
 

Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,7 @@ def generate_report_file(self, file_path: str, report_type: str):`
`168`	`168`	`title="ZAP Report",`
`169`	`169`	`template=self.get_report_template_for_file_type(report_type),`
`170`	`170`	`reportdir=file_path,`
`171`		`- contexts=self.__config.get_active_context_config["name"],`
	`171`	`+ contexts=self.__config.get_active_context_config["name"] if self.__config is not None and self.__config.get_active_context_config is not None else None,`
`172`	`172`	`reportfilename=report_file`
`173`	`173`	`)`
`174`	`174`