Ability to Uniquely Identify Cloud Foundry Apps based on Org/Space/App Name
This feature is not Generally Available yet. You can refer to this document only if your Aqua environment is enabled with the Ability to uniquely identify Cloud Foundry appa based on Org/Space/App name feature.
TABLE OF CONTENTS
- Overview
- Changes to the existing Aqua feature
- How to Enable this feature?
- Migration of existing data to new format (optional)
Overview
This document explains Aqua's ability to scan and register Cloud Foundry apps with the same name from different organizations and spaces in Aqua and how to enable this feature.
Changes to the existing Aqua feature
You can now scan and register Cloud Foundry apps with the same name from different organizations and spaces in Aqua. In the Images > General tab, Aqua uniquely identifies the images scanned and registered based on the Organization, Space, and App Name associated with the Cloud Foundry application.
When exporting data from the Images and Vulnerability pages, the image name attribute includes the org/space/appname value.
How to Enable this feature?
This enhancement has been released with a feature flag to enable its functionality.
To enable it:
1. Upgrade to Aqua 2022.4 Update 21 (2022.4.348).
2. Enable feature flag for server and gateway by running the following commands:
a. Login to Aqua Deployment Id and Aqua instance id:
bosh vms
b. SSH to aquasec instance:
bosh ssh -d <aqua deployment id> <aqua-instanace>
c. Change to superuser:
sudo su
For Server:
i. Change directory to:
cd /var/vcap/jobs/docker-bosh-server/config
ii. Edit the server.env to add:
AQUA_FF_OVERRIDES={"SLK-66315": true}
iii. Restart the service:
docker stop <server container>
For Gateway:
i. Change directory to:
cd /var/vcap/jobs/docker-bosh-gateway/
ii. To create folder:
mkdir config
iii. Add gateway.env file:
AQUA_FF_OVERRIDES={"SLK-66315": true}
iv: Restart the service:
docker stop <gateway container>
Migration of existing data to new format (optional)
Optionally, Run the following SQL script to update existing records of scanned apps in DB to a new format of storing app names in Aqua DB:
do $$ declare registry_ids varchar[]; err_context text; repository_ids numeric; image_ids numeric; begin execute 'select array(select name from registries where detected_type=11)' into registry_ids; if ARRAY_LENGTH(registry_ids, 1) > 0 then CREATE TEMPORARY TABLE images_to_be_updated( repository_id serial4, id serial4, image_id serial4, org varchar(30), space varchar(30) ); FOR idx IN array_lower(registry_ids, 1) .. array_upper(registry_ids, 1) loop RAISE INFO '%. Migrating registry: %', idx, registry_ids[idx]; insert into images_to_be_updated ( select ri.repository_id, ri.id, im.image_id, im.custom_info->>'cf_org' as org, im.custom_info->>'cf_space' as space from registry_images ri join registry_repositories rr on ri.repository_id = rr.id join image_metadata im on ri.id = im.image_id join registries r on ri.registry_id = r."name" where r."name" = registry_ids[idx] and im.custom_info->>'cf_org' is not null and im.custom_info->>'cf_space' is not null and not starts_with(ri.name, CONCAT(im.custom_info->>'cf_org','/',im.custom_info->>'cf_space','/')) and im.custom_info->>'is_cf_prefix_migrated' is null ); select count(distinct(repository_id)) into repository_ids from images_to_be_updated; RAISE INFO '--> Migrating % repositories', repository_ids; with _repositories as (select *, row_number() over (partition by repository_id order by id) as row_number from images_to_be_updated) update registry_repositories rr set name = CONCAT(img.org,'/',img.space,'/',name) from _repositories img where rr.id = img.repository_id and img.row_number = 1; select count(distinct(id)) into image_ids from images_to_be_updated; RAISE INFO '--> Migrating % images', image_ids; update registry_images ri set name = CONCAT(img.org,'/',img.space,'/',name) from images_to_be_updated img where ri.id = img.id; RAISE INFO '--> Flagging image metadata post migration'; update image_metadata im set custom_info = custom_info || '{"is_cf_prefix_migrated":true}' from images_to_be_updated img where im.image_id = img.image_id; truncate table images_to_be_updated; END loop; RAISE INFO 'Clearing temporary space'; DROP TABLE IF EXISTS images_to_be_updated; else RAISE INFO 'No migration needed'; END if; return; EXCEPTION WHEN OTHERS then GET STACKED DIAGNOSTICS err_context = PG_EXCEPTION_CONTEXT; RAISE INFO 'Error Name:%',SQLERRM; RAISE INFO 'Error State:%', SQLSTATE; RAISE INFO 'Error Context:%', err_context; RAISE INFO 'Clearing temporary space'; DROP TABLE IF EXISTS images_to_be_updated; return; end; $$
Did you find it helpful? Yes No
Send feedback