diff --git a/snyk-monitor/README.md b/snyk-monitor/README.md index 3421d15e1..221e35578 100644 --- a/snyk-monitor/README.md +++ b/snyk-monitor/README.md @@ -199,13 +199,13 @@ Create the snyk-sysdig-secret in the snyk-monitor namespace: ```bash kubectl create secret generic snyk-sysdig-secret -n snyk-monitor \ --from-literal=token=$SYSDIG_RISK_SPOTLIGHT_TOKEN \ - --from-literal=region=$SYSDIG_AGENT_REGION \ + --from-literal=endpoint=$SYSDIG_ENDPOINT_URL \ --from-literal=cluster=$SYSDIG_AGENT_CLUSTER ``` SYSDIG_RISK_SPOTLIGHT_TOKEN is the "Risk Spotlight Integrations Token" and has to be generated via the Sysdig UI. To create this API token, see the [Sysdig Risk Spotlight guide](https://docs.sysdig.com/en/docs/sysdig-secure/integrations-for-sysdig-secure/risk-spotlight-integrations/#generate-a-token-for-the-integration). -SYSDIG_AGENT_REGION and SYSDIG_AGENT_CLUSTER are the ones that you configured when installing the [On Prem Sysdig Agent](https://docs.sysdig.com/en/docs/installation/agent-install-for-on-prem/#options), -global.sysdig.region and global.clusterConfig.name. +SYSDIG_ENDPOINT_URL is assiciated with your Sysdig SaaS application and region and can be identified from [here](https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/) (e.g us2.app.sysdig.com, note that 'https://' prefix has to be omitted). +SYSDIG_AGENT_CLUSTER is the one that you configured when [installing the Sysdig Agent](https://docs.sysdig.com/en/docs/installation/sysdig-secure/install-agent-components/kubernetes/#parameter-definitions) - global.clusterConfig.name. To enable Snyk to integrate with Sysdig and collect information about packages executed at runtime, use `--set sysdig.enabled=true` when installing the snyk-monitor: diff --git a/snyk-monitor/templates/deployment.yaml b/snyk-monitor/templates/deployment.yaml index 24fdd1198..49c428f62 100644 --- a/snyk-monitor/templates/deployment.yaml +++ b/snyk-monitor/templates/deployment.yaml @@ -194,11 +194,11 @@ spec: name: snyk-sysdig-secret key: token optional: true - - name: SNYK_SYSDIG_REGION_URL + - name: SNYK_SYSDIG_ENDPOINT_URL valueFrom: secretKeyRef: name: snyk-sysdig-secret - key: region + key: endpoint optional: true - name: SNYK_SYSDIG_CLUSTER_NAME valueFrom: diff --git a/src/common/config.ts b/src/common/config.ts index 4c5a9dc6a..7c44b2a15 100644 --- a/src/common/config.ts +++ b/src/common/config.ts @@ -50,12 +50,12 @@ config.SKOPEO_COMPRESSION_LEVEL = Number(config.SKOPEO_COMPRESSION_LEVEL) || 6; // return Sysdig v2 endpoint information if ( config.SYSDIG_RISK_SPOTLIGHT_TOKEN && - config.SYSDIG_REGION_URL && + config.SYSDIG_ENDPOINT_URL && config.SYSDIG_CLUSTER_NAME ) { config.SYSDIG_RISK_SPOTLIGHT_TOKEN = config.SYSDIG_RISK_SPOTLIGHT_TOKEN.trim(); - config.SYSDIG_REGION_URL = config.SYSDIG_REGION_URL.trim(); + config.SYSDIG_ENDPOINT_URL = config.SYSDIG_ENDPOINT_URL.trim(); config.SYSDIG_CLUSTER_NAME = config.SYSDIG_CLUSTER_NAME.trim(); } diff --git a/src/common/types.ts b/src/common/types.ts index 0cbe32445..eba8bad09 100644 --- a/src/common/types.ts +++ b/src/common/types.ts @@ -34,7 +34,7 @@ export interface Config { SYSDIG_ENDPOINT?: string; SYSDIG_TOKEN?: string; SYSDIG_RISK_SPOTLIGHT_TOKEN?: string; - SYSDIG_REGION_URL?: string; + SYSDIG_ENDPOINT_URL?: string; SYSDIG_CLUSTER_NAME?: string; HTTPS_PROXY: string | undefined; HTTP_PROXY: string | undefined; diff --git a/src/data-scraper/index.ts b/src/data-scraper/index.ts index 526330990..202cab477 100644 --- a/src/data-scraper/index.ts +++ b/src/data-scraper/index.ts @@ -16,7 +16,7 @@ const httpsAgent = new HttpsAgent({ function getSysdigUrl(): string { return ( 'https://' + - config.SYSDIG_REGION_URL + + config.SYSDIG_ENDPOINT_URL + '/api/scanning/eveintegration/v2/runtimeimages' ); } diff --git a/src/healthcheck.ts b/src/healthcheck.ts index ad9069985..2d206aead 100644 --- a/src/healthcheck.ts +++ b/src/healthcheck.ts @@ -26,7 +26,7 @@ async function healthCheck(): Promise { export function getSysdigVersion() { if ( - config.SYSDIG_REGION_URL && + config.SYSDIG_ENDPOINT_URL && config.SYSDIG_RISK_SPOTLIGHT_TOKEN && config.SYSDIG_CLUSTER_NAME ) { @@ -43,7 +43,7 @@ async function sysdigHealthCheck(): Promise { !( config.SYSDIG_CLUSTER_NAME && config.SYSDIG_RISK_SPOTLIGHT_TOKEN && - config.SYSDIG_REGION_URL + config.SYSDIG_ENDPOINT_URL ) || !(config.SYSDIG_ENDPOINT && config.SYSDIG_TOKEN) ) { diff --git a/src/index.ts b/src/index.ts index 964dc9753..231f0dbb4 100644 --- a/src/index.ts +++ b/src/index.ts @@ -71,7 +71,7 @@ async function monitor(): Promise { async function setupSysdigIntegration(): Promise { if ( !( - config.SYSDIG_REGION_URL && + config.SYSDIG_ENDPOINT_URL && config.SYSDIG_RISK_SPOTLIGHT_TOKEN && config.SYSDIG_CLUSTER_NAME ) && diff --git a/test/unit/data-scraper/scrape-data.spec.ts b/test/unit/data-scraper/scrape-data.spec.ts index d024deeab..c39f43a6a 100644 --- a/test/unit/data-scraper/scrape-data.spec.ts +++ b/test/unit/data-scraper/scrape-data.spec.ts @@ -9,13 +9,13 @@ import * as transmitterTypes from '../../../src/transmitter/types'; describe('dataScraper()', () => { describe('sysdig v2 env vars configured', () => { beforeAll(() => { - config.SYSDIG_REGION_URL = 'sysdig'; + config.SYSDIG_ENDPOINT_URL = 'sysdig'; config.SYSDIG_RISK_SPOTLIGHT_TOKEN = 'token123'; config.SYSDIG_CLUSTER_NAME = 'test-sysdig-cluster'; }); afterAll(() => { - delete config.SYSDIG_REGION_URL; + delete config.SYSDIG_ENDPOINT_URL; delete config.SYSDIG_RISK_SPOTLIGHT_TOKEN; delete config.SYSDIG_CLUSTER_NAME; }); @@ -137,7 +137,7 @@ describe('dataScraper()', () => { beforeAll(() => { config.SYSDIG_ENDPOINT = 'https://sysdig'; config.SYSDIG_TOKEN = 'token123'; - config.SYSDIG_REGION_URL = 'sysdig'; + config.SYSDIG_ENDPOINT_URL = 'sysdig'; config.SYSDIG_RISK_SPOTLIGHT_TOKEN = 'token123'; config.SYSDIG_CLUSTER_NAME = 'test-sysdig-cluster'; }); @@ -145,7 +145,7 @@ describe('dataScraper()', () => { afterAll(() => { delete config.SYSDIG_ENDPOINT; delete config.SYSDIG_TOKEN; - delete config.SYSDIG_REGION_URL; + delete config.SYSDIG_ENDPOINT_URL; delete config.SYSDIG_RISK_SPOTLIGHT_TOKEN; delete config.SYSDIG_CLUSTER_NAME; });