René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"AutoDiscovery: volume is propagated as emptyDir to ScheduledScan","articleBody":"## 🐞 Bug report\r\n\r\n### Describe the bug\r\nDeployed auto-discovery service with custom zap config and added volumes, but in ScheduledScan volume is emptyDir, but must be configMap.\r\n\r\n### Steps To Reproduce\r\n1. Create configMap with zap config.\r\n2. Deploy configmap with serviceDiscovery config:\r\n```yaml\r\nserviceAutoDiscovery:\r\n    enabled: true\r\n    scanConfigs:\r\n      - scanType: zap-advanced-scan\r\n        name: \"zap\"\r\n        parameters:\r\n          - \"-t\"\r\n          - \"{{ .Host.Type }}://{{ .Service.Name }}.{{ .Service.Namespace }}.svc:{{ .Host.Port }}\"\r\n        repeatInterval: \"168h\"\r\n        labels: {}\r\n        annotations:\r\n          defectdojo.securecodebox.io/product-type-name: \"SecureCodeBox\"\r\n          defectdojo.securecodebox.io/product-name: \"{{ .Cluster.Name }} | {{ .Namespace.Name }} | {{ .Target.Name }}\"\r\n          defectdojo.securecodebox.io/product-tags: \"cluster/{{ .Cluster.Name }},namespace/{{ .Namespace.Name }}\"\r\n          defectdojo.securecodebox.io/engagement-name: \"{{ .Target.Name }}\"\r\n          defectdojo.securecodebox.io/engagement-version: \"{{if (index .Target.Labels `app.kubernetes.io/version`) }}{{ index .Target.Labels `app.kubernetes.io/version` }}{{end}}\"\r\n        volumes:\r\n          - name: zap-advanced-scan-config\r\n            configMap:\r\n              name: zap-advanced-scan-config\r\n              optional: true\r\n        volumeMounts:\r\n          - name: zap-advanced-scan-config\r\n            mountPath: /home/securecodebox/configs/2-zap-advanced-scan.yaml\r\n            subPath: 2-zap-advanced-scan.yaml\r\n            readOnly: true\r\n        hookSelector: {}\r\n        env: []\r\n```\r\n3. Observer ScheduledScan\r\n```shell\r\nk get -n default scheduledscan juice-shop-service-zap-port-3000 -o jsonpath='{ .spec }' | jq\r\n```\r\n```json\r\n{\r\n  \"interval\": \"168h0m0s\",\r\n  \"retriggerOnScanTypeChange\": true,\r\n  \"scanSpec\": {\r\n    \"parameters\": [\r\n      \"-t\",\r\n      \"http://juice-shop.default.svc:3000\"\r\n    ],\r\n    \"resourceMode\": \"namespaceLocal\",\r\n    \"scanType\": \"zap-advanced-scan\",\r\n    \"volumeMounts\": [\r\n      {\r\n        \"mountPath\": \"/home/securecodebox/configs/2-zap-advanced-scan.yaml\",\r\n        \"name\": \"zap-advanced-scan-config\",\r\n        \"readOnly\": true,\r\n        \"subPath\": \"2-zap-advanced-scan.yaml\"\r\n      }\r\n    ],\r\n    \"volumes\": [\r\n      {\r\n        \"name\": \"zap-advanced-scan-config\"\r\n      }\r\n    ]\r\n  }\r\n}\r\n```\r\n4. pod will be created with emptyDir.\r\n\r\n### Expected behavior\r\nvolume propagated to pod\r\n\r\n### System (please complete the following information):\r\n - secureCodeBox Version: 4.9.0\r\n - Kubernetes Version: 1.30\r\n\r\n### Additional context\r\nI checked source, I saw there just reference to `corev1.Volume` https://github.com/secureCodeBox/secureCodeBox/blob/main/auto-discovery/kubernetes/pkg/config/autodiscovery_config.go#L76\r\nSo I don't understand why auto-discovery ignores configMap.\r\n","author":{"url":"https://github.com/paraddise","@type":"Person","name":"paraddise"},"datePublished":"2024-10-21T10:04:08.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":1},"url":"https://github.com/2724/secureCodeBox/issues/2724"}