From e5495a3221dd3d7b089239ceeb5bd445cc1dec19 Mon Sep 17 00:00:00 2001
From: Romain Arnaud <rarnaud@redhat.com>
Date: Wed, 13 Nov 2024 11:49:16 -0500
Subject: [PATCH] fix: Enable scannerV4 in ACS

Recommended configuration after reaching out the ACS team regarding RHTAPBUGS-1316.
Must not be merged before ACS has been updated to 4.6.
---
 .../rhtap-acs/scripts/test-acs-image-scan.sh  | 43 +++++++++++++++++++
 .../rhtap-acs/templates/acs-central.yaml      |  2 +-
 .../rhtap-acs/templates/tests/test.yaml       | 16 +++++++
 3 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100755 installer/charts/rhtap-acs/scripts/test-acs-image-scan.sh

diff --git a/installer/charts/rhtap-acs/scripts/test-acs-image-scan.sh b/installer/charts/rhtap-acs/scripts/test-acs-image-scan.sh
new file mode 100755
index 00000000..c8114c4f
--- /dev/null
+++ b/installer/charts/rhtap-acs/scripts/test-acs-image-scan.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+export ROX_CENTRAL_ENDPOINT="$(kubectl get secrets -n rhtap rhtap-acs-integration -o jsonpath='{.data.endpoint}' | base64 -d)"
+export ROX_API_TOKEN="$(kubectl get secrets -n rhtap rhtap-acs-integration -o jsonpath='{.data.token}' | base64 -d)"
+
+IMAGE="${IMAGE:-quay.io/fedora/fedora:36-x86_64@sha256:d6e4c7d6d1eaa24d71c8efd7432890acdc0179502224d0aaad6bb05d15ffde19}"
+
+echo "# Download roxctl cli from ${ROX_CENTRAL_ENDPOINT}"
+curl --insecure -s -L -H "Authorization: Bearer $ROX_API_TOKEN" \
+  "https://${ROX_CENTRAL_ENDPOINT}/api/cli/download/roxctl-linux" \
+  --output ./roxctl  \
+  > /dev/null
+if [ $? -ne 0 ]; then
+  note='Failed to download roxctl'
+  echo $note
+  exit 1
+fi
+chmod +x ./roxctl  > /dev/null
+echo
+
+while true; do
+  echo "# roxctl image scan"
+  date
+  if ./roxctl image scan \
+      "--insecure-skip-tls-verify" \
+      -e "${ROX_CENTRAL_ENDPOINT}" \
+      --image "$IMAGE" \
+      --output json \
+      --force; then
+    break
+  fi
+  echo "Waiting"
+  echo
+  sleep 60
+  echo "Retrying"
+done
+rm ./roxctl
+echo
+
+echo "# Success"
diff --git a/installer/charts/rhtap-acs/templates/acs-central.yaml b/installer/charts/rhtap-acs/templates/acs-central.yaml
index e4841625..09582c1a 100644
--- a/installer/charts/rhtap-acs/templates/acs-central.yaml
+++ b/installer/charts/rhtap-acs/templates/acs-central.yaml
@@ -56,7 +56,7 @@ spec:
       required ".acs.scanners.matcher is required"
         $acs.scanners.matcher | toYaml | nindent 6
     }}
-    scannerComponent: Default
+    scannerComponent: Enabled
   scanner:
     analyzer: {{-
       required ".acs.scanners.analyzer is required"
diff --git a/installer/charts/rhtap-acs/templates/tests/test.yaml b/installer/charts/rhtap-acs/templates/tests/test.yaml
index c20ddebd..e5109890 100644
--- a/installer/charts/rhtap-acs/templates/tests/test.yaml
+++ b/installer/charts/rhtap-acs/templates/tests/test.yaml
@@ -21,6 +21,22 @@ spec:
     #
 {{- include "acs.copyScripts" . | nindent 4 }}
   containers:
+    #
+    # Test ACS availibility, pending https://issues.redhat.com/browse/RFE-6727
+    #
+    - name: acs-image-scan
+      image: quay.io/codeready-toolchain/oc-client-base:latest
+      env:
+        - name: IMAGE
+          value: quay.io/fedora/fedora:36-x86_64@sha256:d6e4c7d6d1eaa24d71c8efd7432890acdc0179502224d0aaad6bb05d15ffde19
+      command:
+        - /scripts/test-acs-image-scan.sh
+      volumeMounts:
+        - name: scripts
+          mountPath: /scripts
+      securityContext:
+        runAsNonRoot: false
+        allowPrivilegeEscalation: false
 {{- range tuple "central" "central-db" "scanner" "scanner-db" }}
     #
     # Test the ACS rollout status.