From 9e523fa2c65625e38a9f9f5d683347de4834f597 Mon Sep 17 00:00:00 2001 From: Keep Focused Date: Tue, 17 Dec 2024 14:56:18 +0700 Subject: [PATCH] Added support to query the aws_ecr_image_scan_finding table using the image_digest query parameter. Closes #2356 (#2357) --- aws/table_aws_ecr_image_scan_finding.go | 27 ++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/aws/table_aws_ecr_image_scan_finding.go b/aws/table_aws_ecr_image_scan_finding.go index 5fa1ee198..7188ef6b7 100644 --- a/aws/table_aws_ecr_image_scan_finding.go +++ b/aws/table_aws_ecr_image_scan_finding.go @@ -33,7 +33,8 @@ func tableAwsEcrImageScanFinding(_ context.Context) *plugin.Table { // image_digest as it's more common/friendly to use. KeyColumns: []*plugin.KeyColumn{ {Name: "repository_name", Require: plugin.Required}, - {Name: "image_tag", Require: plugin.Required}, + {Name: "image_tag", Require: plugin.AnyOf}, + {Name: "image_digest", Require: plugin.AnyOf}, }, }, GetMatrixItemFunc: SupportedRegionMatrix(ecrv1.EndpointsID), @@ -125,8 +126,8 @@ func listAwsEcrImageScanFindings(ctx context.Context, d *plugin.QueryData, _ *pl } imageTag := d.EqualsQuals["image_tag"] + imageDigest := d.EqualsQuals["image_digest"] repositoryName := d.EqualsQuals["repository_name"] - // Limiting the results maxLimit := int32(1000) @@ -140,11 +141,27 @@ func listAwsEcrImageScanFindings(ctx context.Context, d *plugin.QueryData, _ *pl input := &ecr.DescribeImageScanFindingsInput{ MaxResults: aws.Int32(maxLimit), RepositoryName: aws.String(repositoryName.GetStringValue()), - ImageId: &types.ImageIdentifier{ - ImageTag: aws.String(imageTag.GetStringValue()), - }, } + imageInfo := &types.ImageIdentifier{} + + // Ideally, both image_tag and image_digest could be used. + // However, they cannot be passed together simultaneously. + // 1. If ImageTag is provided, it takes precedence and is used as the input parameter. + // 2. If both ImageTag and ImageDigest are provided, ImageTag will be prioritized to keep the existing table behavior unchanged. + // 3. If only ImageDigest is provided, the ImageDigest value will be used as the input parameter. + if imageTag != nil { + imageInfo.ImageTag = aws.String(imageTag.GetStringValue()) + } + if imageTag != nil && imageDigest != nil { + imageInfo.ImageTag = aws.String(imageTag.GetStringValue()) + } + if imageTag == nil && imageDigest != nil { + imageInfo.ImageDigest = aws.String(imageDigest.GetStringValue()) + } + + input.ImageId = imageInfo + paginator := ecr.NewDescribeImageScanFindingsPaginator(svc, input, func(o *ecr.DescribeImageScanFindingsPaginatorOptions) { o.Limit = maxLimit o.StopOnDuplicateToken = true