Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4405

In Quay 3.7, unable to configure CRDA API key for java scanning

XMLWordPrintable

    • False
    • None
    • False
    • Quay Enterprise

      After following 7.4.1. Enabling Clair CRDA the key does not get configured.

      [sbhavsar@sbhavsar ~]$ oc logs sayli-registry-clair-app-564965c564-bs47h | grep -i crda

      {"level":"info","component":"crda/MatcherFactory.Matcher","time":"2022-09-02T10:19:48Z","message":"no key configured, skipping"}

      One needs to perform additional steps to get it to work

      • put clair to unmanaged. without this clair pods wont take the new configurational parameters*
      • locate latest clair config secret and edit it to add following section

      https://github.com/quay/clair/blob/main/config.yaml.sample

      *
matchers:
  names:
  - "alpine"
  - "aws"
  - "debian"
  - "oracle"
  - "photon"
  - "python"
  - "rhel"
  - "suse"
  - "ubuntu"
  - "crda"
  config:
    crda:
      url: https://gw.api.openshift.io:443
      source: quay.io
      key: a2d2656cfb32640ac6cd8f5d8b6ddab9  
      • restart the clair pods
      • check logs to see if key is configured:
      [sbhavsar@sbhavsar ~]$ oc logs sayli-registry-clair-app-564965c564-4wjpx | grep crda
{"level":"info","component":"crda/MatcherFactory.Configure","url":"https://gw.api.openshift.io:443","time":"2022-09-02T11:00:40Z","message":"configured API URL"}
{"level":"info","component":"crda/MatcherFactory.Configure","source":"quay.io","time":"2022-09-02T11:00:40Z","message":"configured source"}
{"level":"info","component":"crda/MatcherFactory.Configure","key":"a2d2656cfb32640ac6cd8f5d8b6ddab9","time":"2022-09-02T11:00:40Z","message":"configured API key"}
{"level":"info","component":"crda/MatcherFactory.Matcher","time":"2022-09-02T11:00:40Z","message":"using default ecosystems"}
{"level":"info","component":"libvuln/New","matchers":[{"name":"photon","docs":"https://pkg.go.dev/github.com/quay/claircore/photon"},{"name":"python","docs":"https://pkg.go.dev/github.com/quay/claircore/python"},{"name":"rhel","docs":"https://pkg.go.dev/github.com/quay/claircore/rhel"},{"name":"suse","docs":"https://pkg.go.dev/github.com/quay/claircore/suse"},{"name":"crda-pypi","docs":"https://pkg.go.dev/github.com/quay/claircore/crda"},{"name":"crda-maven","docs":"https://pkg.go.dev/github.com/quay/claircore/crda"},{"name":"oracle","docs":"https://pkg.go.dev/github.com/quay/claircore/oracle"}],"time":"2022-09-02T11:00:40Z","message":"matchers created"}
      • Can we further test this method and add once approved add it to the doc? 

       

              Unassigned Unassigned
              rhn-support-sbhavsar Sayali Bhavsar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: