From a8ea4196bd44c23714c80b2b8aab6ba455b44301 Mon Sep 17 00:00:00 2001
From: Drew Viles <drew@hudson-viles.uk>
Date: Fri, 13 Sep 2024 12:53:07 +0100
Subject: [PATCH] adding metadata prefix option to signing

---
 pkg/providers/scanner/openstack.go      | 9 +++++++--
 pkg/providers/scanner/openstack_test.go | 6 +++++-
 pkg/provisoner/openstack.go             | 6 ++++--
 pkg/util/flags/scan.go                  | 2 ++
 4 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/pkg/providers/scanner/openstack.go b/pkg/providers/scanner/openstack.go
index b8d3ce8..ba2c44c 100644
--- a/pkg/providers/scanner/openstack.go
+++ b/pkg/providers/scanner/openstack.go
@@ -15,6 +15,7 @@ import (
 	"github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/layer3/floatingips"
 	"log"
 	"os"
+	"strings"
 	"time"
 )
 
@@ -131,8 +132,12 @@ func (s *OpenStackScannerClient) CheckResults() error {
 }
 
 // TagImage Tags the image with the passed or failed property.
-func (s *OpenStackScannerClient) TagImage() error {
-	err := s.imageClient.TagImage(s.Img.Properties, s.Img.ID, s.MetaTag, "security_scan")
+func (s *OpenStackScannerClient) TagImage(metadataPrefix string) error {
+	tag := "security_scan"
+	if metadataPrefix != "" {
+		tag = strings.Join([]string{metadataPrefix, tag}, ":")
+	}
+	err := s.imageClient.TagImage(s.Img.Properties, s.Img.ID, s.MetaTag, tag)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/providers/scanner/openstack_test.go b/pkg/providers/scanner/openstack_test.go
index 1852257..774ab01 100644
--- a/pkg/providers/scanner/openstack_test.go
+++ b/pkg/providers/scanner/openstack_test.go
@@ -58,7 +58,11 @@ func TestCheckResults(t *testing.T) {
 }
 
 func TestTagImage(t *testing.T) {
-
+	//c := mock.MockOpenStackComputeClient{}
+	//i := mock.MockOpenStackImageClient{}
+	//n := mock.MockOpenStackNetworkClient{}
+	//ss3 := mock.MockS3Interface{}
+	//s := NewOpenStackScanner(&c, &i, &n, ss3, trivy.HIGH, &images.Image{})
 }
 
 func TestUploadResultsToS3(t *testing.T) {
diff --git a/pkg/provisoner/openstack.go b/pkg/provisoner/openstack.go
index 30dee52..7c567fa 100644
--- a/pkg/provisoner/openstack.go
+++ b/pkg/provisoner/openstack.go
@@ -171,7 +171,9 @@ func (s *OpenStackScanProvisioner) Prepare() error {
 	var err error
 	o := s.Opts
 
-	o.OpenStackFlags.FlavorName = o.FlavorName
+	if o.ScanFlavorName != "" {
+		o.OpenStackFlags.FlavorName = o.ScanFlavorName
+	}
 
 	cloudProvider := ostack.NewCloudsProvider(o.OpenStackFlags.CloudName)
 
@@ -302,7 +304,7 @@ func (s *OpenStackScanProvisioner) scanServer(sc *scanner.OpenStackScannerClient
 
 	// If the image is not set to auto delete, tag the image with the check result.
 	if !o.AutoDeleteImage {
-		err = sc.TagImage()
+		err = sc.TagImage(s.Opts.OpenStackCoreFlags.MetadataPrefix)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/util/flags/scan.go b/pkg/util/flags/scan.go
index a7f2aef..931464e 100644
--- a/pkg/util/flags/scan.go
+++ b/pkg/util/flags/scan.go
@@ -30,6 +30,7 @@ type ScanOptions struct {
 	ScanSingleOptions
 	ScanMultipleOptions
 
+	ScanFlavorName      string
 	AutoDeleteImage     bool
 	SkipCVECheck        bool
 	MaxSeverityScore    float64
@@ -66,6 +67,7 @@ func (o *ScanOptions) SetOptionsFromViper() {
 }
 
 func (o *ScanOptions) AddFlags(cmd *cobra.Command) {
+	StringVarWithViper(cmd, &o.ScanFlavorName, viperScanPrefix, "flavor-name", "", "--DEPRECATED-- USE THE CONFIG FILE. The flavor to use for the scan. This overrides the one supplied by the openstack config.")
 	BoolVarWithViper(cmd, &o.AutoDeleteImage, viperScanPrefix, "auto-delete-image", false, "--DEPRECATED-- USE THE CONFIG FILE. If true, the image will be deleted if a vulnerability check does not succeed - recommended when building new images.")
 	BoolVarWithViper(cmd, &o.SkipCVECheck, viperScanPrefix, "skip-cve-check", false, "--DEPRECATED-- USE THE CONFIG FILE. If true, the image will be allowed even if a vulnerability is detected.")
 	Float64VarWithViper(cmd, &o.MaxSeverityScore, viperScanPrefix, "max-severity-score", 7.0, "--DEPRECATED-- USE THE CONFIG FILE. Can be anything from 0.1 to 10.0. Anything equal to or above this value will cause a failure. (Unless skip-cve-check is supplied)")