Skip to content

Create zap config map even when config is empty#1289

Closed
the-simmon wants to merge 1 commit intomainfrom
fix/empty-zap-configmap
Closed

Create zap config map even when config is empty#1289
the-simmon wants to merge 1 commit intomainfrom
fix/empty-zap-configmap

Conversation

@the-simmon
Copy link
Copy Markdown
Contributor

@the-simmon the-simmon commented Jul 27, 2022

Zap-advanced does not create the zap-advanced-scantype-config configmap when it is installed with default values (zapConfiguration is not set). Per default zap-advaned tries to mount this configmap though.

secureCodeBox/scanners/zap-advanced/templates/zap-advanced-scan-type.yaml

Lines 6 to 16 in bfd6c45

{{- if not (empty .Values.zapConfiguration) }}
kind: ConfigMap
apiVersion: v1
metadata:
name: zap-advanced-scantype-config
labels:
{{- include "zap.labels" . | nindent 4 }}
data:
1-zap-advanced-scantype.yaml: |
{{- .Values.zapConfiguration | toYaml | nindent 4 -}}
{{- end }}

secureCodeBox/scanners/zap-advanced/values.yaml

Lines 68 to 84 in bfd6c45

extraVolumes:
- name: zap-advanced-scantype-config
configMap:
name: zap-advanced-scantype-config
- name: zap-scripts-authentication
configMap:
name: zap-scripts-authentication
- name: zap-scripts-session
configMap:
name: zap-scripts-session
# scanner.extraVolumeMounts -- Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/)
extraVolumeMounts:
- name: zap-advanced-scantype-config
mountPath: /home/securecodebox/configs/1-zap-advanced-scantype.yaml
subPath: 1-zap-advanced-scantype.yaml
readOnly: true

This mean that the tutorial on our website does not work, as it does not create the zap-advanced-scantype-config configmap manually. It fails with the following error: MountVolume.SetUp failed for volume "zap-advanced-scantype-config" : configmap "zap-advanced-scantype-config" not found.
This PR will change this behavior. Zap-advanded will create an empty zap-advanced-scantype-config configmap if no zapConfiguration is provided to ensure that the mounting of the volume works.

@the-simmon
Create zap config map even when config is empty
b8a4ea3 
Signed-off-by: Simon Hülkenberg <simon.huelkenberg@iteratec.com>
@the-simmon the-simmon added bug Bugs scanner Implement or update a security scanner labels Jul 27, 2022
@the-simmon the-simmon self-assigned this Jul 27, 2022
@github-actions
Copy link
Copy Markdown

github-actions bot commented Jul 27, 2022

MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ GIT git_diff yes no 0.16s
✅ SPELL misspell 1 0 0.05s
⚠️ YAML prettier 1 1 0.59s
✅ YAML v8r 1 0 0.37s
⚠️ YAML yamllint 1 1 0.11s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

@J12934 J12934 mentioned this pull request Aug 16, 2022
Closed
J12934 added a commit that referenced this pull request Aug 17, 2022
@J12934
Alternative fix for #1289
66c6a3c 
#1289 changes the behaviour to always create the configmap. This was intentionally changed, to allow users to manage this configmap outside of helm.

Marking this as optional allows scans without it to still work and keep this behaviour.
@J12934 J12934 mentioned this pull request Aug 17, 2022
Merged
@J12934 J12934 closed this in #1310 Aug 17, 2022
@Weltraumschaf Weltraumschaf deleted the fix/empty-zap-configmap branch February 21, 2023 19:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@renatosazup-zz renatosazup-zz renatosazup-zz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@the-simmon the-simmon

Labels

bug Bugs scanner Implement or update a security scanner

Projects

secureCodeBox
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@the-simmon @renatosazup-zz @J12934