python entrypoint dev

Dockerfile

@@ -1,7 +1,6 @@
-#FROM public.ecr.aws/amazonlinux/amazonlinux:minimal
-FROM amazonlinux:latest
+FROM alpine:edge
 
-RUN dnf install aws-cli wget unzip findutils -y
+RUN apk add aws-cli
 
 # download and unzip inspector-sbomgen
 # TODO: add a script that downloads the correct binary based on CPU arch

Makefile

@@ -0,0 +1,6 @@
+run:
+	docker build . -t plugin:latest
+	docker run -it plugin:latest
+
+test:
+	python3 -m unittest discover -s scripts/entrypoint

scripts/entrypoint/downloader.py

@@ -0,0 +1,17 @@
+import logging
+import urllib.request
+
+
+def download_file(url: str, dst: str) -> bool:
+    """
+    Download the data at 'url' and write the data
+    to a filepath specified by 'dst'.
+    Returns true on success and false on failure.
+    """
+    try:
+        urllib.request.urlretrieve(url, dst)
+    except Exception as e:
+        logging.error(e)
+        return False
+
+    return True

scripts/entrypoint/entrypoint.py

@@ -1,7 +1,11 @@
 #!/usr/bin/env python3
 
+import orchestrator
+
+
 def main():
-    print("hello world")
+    orchestrator.install_sbomgen("/usr/bin/local/inspector-sbomgen")
+
 
 if __name__ == "__main__":
     main()

scripts/entrypoint/extractor.py

@@ -0,0 +1,22 @@
+import logging
+import zipfile
+
+
+def extract_zip_file(filepath: str, dst: str) -> bool:
+    """
+    extract_zip_file extracts a zip archive, specified
+    by 'filepath'. The zip contents are written to the directory
+    specified with 'dst'. If the directory does not exist,
+    this function will create it. Returns True on success
+    or False on failure.
+    """
+    try:
+        z = zipfile.ZipFile(filepath, "r")
+        z.extractall(dst)
+        z.close()
+        return True
+
+    except Exception as e:
+        logging.error(e)
+
+    return False

scripts/entrypoint/finder.py

@@ -0,0 +1,19 @@
+import os
+
+
+def find_file_in_dir(file_name: str, dir_to_search: str) -> str:
+    """
+    find_file_in_dir takes the name of the file you
+    are looking for, 'name', and a directory to search
+    within, 'dir'. If the file is found, return the
+    absolute filepath to the subject file. If the
+    file is NOT found, return an empty string. This
+    function does not look for multiple instances
+    of the file in the subject directory.
+    """
+    for root, dirs, files in os.walk(dir_to_search):
+        if file_name in files:
+            path = os.path.join(root, file_name)
+            return path
+
+    return ""

scripts/entrypoint/orchestrator.py

@@ -0,0 +1,43 @@
+# download inspector-sbomgen
+# extract inspector-sbomgen package
+# find the inspector-sbomgen binary in the package
+# move the binary to the user's bin path
+import logging
+import os
+import platform
+import shutil
+import sys
+import tempfile
+
+import downloader
+import extractor
+import finder
+
+
+def get_sbomgen_url():
+    cpu_arch = platform.machine()
+    if cpu_arch == "x86_64":
+        return "https://amazon-inspector-sbomgen.s3.amazonaws.com/latest/linux/amd64/inspector-sbomgen.zip"
+
+    elif cpu_arch == "arm64":
+        return "https://amazon-inspector-sbomgen.s3.amazonaws.com/latest/linux/arm64/inspector-sbomgen.zip"
+
+    else:
+        logging.error(f"expected cpu architecture to be either 'x86_64' or 'arm64' but received {cpu_arch}")
+        sys.exit(1)
+
+
+def install_sbomgen(install_path: str):
+    sbomgen_url = get_sbomgen_url()
+
+    path_to_sbomgen_zip = os.path.join(tempfile.gettempdir(), "inspector-sbomgen.zip")
+    downloader.download_file(sbomgen_url, path_to_sbomgen_zip)
+
+    path_to_extracted_sbomgen_dir = os.path.join(tempfile.gettempdir(), "inspector-sbomgen")
+    extractor.extract_zip_file(path_to_sbomgen_zip, path_to_extracted_sbomgen_dir)
+
+    sbomgen_path = finder.find_file_in_dir("inspector-sbomgen", path_to_extracted_sbomgen_dir)
+    shutil.move(sbomgen_path, install_path)
+    os.chmod(install_path, 0o500)  # read and execute permissions for owner
+
+    os.system(f"{sbomgen_path} --version")

scripts/entrypoint/test_downloader.py

@@ -0,0 +1,25 @@
+import os
+import tempfile
+import unittest
+
+import downloader
+
+
+class TestDownloader(unittest.TestCase):
+
+    def test_download_file(self):
+        # setup test inputs
+        urls = [
+            "https://amazon-inspector-sbomgen.s3.amazonaws.com/latest/linux/amd64/inspector-sbomgen.zip",
+            "https://amazon-inspector-sbomgen.s3.amazonaws.com/latest/linux/arm64/inspector-sbomgen.zip"
+        ]
+        tmp_dir = tempfile.gettempdir()
+        dst = os.path.join(tmp_dir, "inspector-sbomgen.zip")
+
+        for each_url in urls:
+            self.assertTrue(downloader.download_file(each_url, dst))
+            os.remove(dst)
+
+
+if __name__ == '__main__':
+    unittest.main()

scripts/entrypoint/test_extractor.py

@@ -0,0 +1,32 @@
+import os
+import shutil
+import tempfile
+import unittest
+
+import downloader
+import extractor
+
+
+class TestExtractor(unittest.TestCase):
+
+    def test_extract_zip_file(self):
+        # setup
+        url = "https://amazon-inspector-sbomgen.s3.amazonaws.com/latest/linux/amd64/inspector-sbomgen.zip"
+        path_to_zip_file = os.path.join(tempfile.gettempdir(), "inspector-sbomgen.zip")
+        result = downloader.download_file(url, path_to_zip_file)
+        self.assertTrue(result)
+
+        # test
+        tmp_dir = tempfile.gettempdir()
+        extracted_contents_dir = os.path.join(tmp_dir, "inspector-sbomgen")
+        result = extractor.extract_zip_file(path_to_zip_file, extracted_contents_dir)
+        self.assertTrue(result)
+
+        # tear down
+        os.remove(path_to_zip_file)
+        shutil.rmtree(extracted_contents_dir)
+        return
+
+
+if __name__ == '__main__':
+    unittest.main()

scripts/entrypoint/test_finder.py

@@ -0,0 +1,37 @@
+import os
+import shutil
+import tempfile
+import unittest
+
+import downloader
+import extractor
+import finder
+
+class TestFinder(unittest.TestCase):
+
+    def test_find_sbomgen(self):
+        # setup
+        url = "https://amazon-inspector-sbomgen.s3.amazonaws.com/latest/linux/amd64/inspector-sbomgen.zip"
+        path_to_zip_file = os.path.join(tempfile.gettempdir(), "inspector-sbomgen.zip")
+        result = downloader.download_file(url, path_to_zip_file)
+        self.assertTrue(result)
+
+        tmp_dir = tempfile.gettempdir()
+        extracted_contents_dir = os.path.join(tmp_dir, "inspector-sbomgen")
+        result = extractor.extract_zip_file(path_to_zip_file, extracted_contents_dir)
+        self.assertTrue(result)
+
+        # test
+        want = "inspector-sbomgen"
+        got = finder.find_file_in_dir(want, extracted_contents_dir)
+        self.assertTrue(got != "")
+        self.assertEqual(want, os.path.basename(got))
+
+        # tear down
+        os.remove(path_to_zip_file)
+        shutil.rmtree(extracted_contents_dir)
+        return
+
+
+if __name__ == '__main__':
+    unittest.main()