Puppet Class: vulnerability::install::linux

Defined in:

manifests/install/linux.pp

Summary

This class takes care of installing `grype` on linux systems.

Overview

vulnerability::install::linux

See the file “LICENSE” for the full license governing this code.

Parameters:

• version (String[1]) —

  The version of ‘grype` to install.

• temp_dir (String[1]) —

  The temporary directory to use for the installation. The default value for this is ‘/tmp`.

• root_dir (Stdlib::Absolutepath) —

  The root directory where all grype files are stored. This is an internal variable. Please be cautious when changing this.

• base_url (String[1]) —

  The base part of the URL where to download grype from. The default is: ‘github.com/anchore/grype/releases/download`, meaning we download directly from the original github source.

# File 'manifests/install/linux.pp', line 25

class vulnerability::install::linux (
  String[1]            $base_url,
  Stdlib::Absolutepath $root_dir,
  String[1]            $temp_dir,
  String[1]            $version
) {
  if $facts['grype_version'] != $version {
    $source_file = "grype_${version}_linux_amd64.tar.gz"

    unless defined(Package['tar']) {
      package { 'tar':
        ensure => 'present',
      }
    }

    file { "${temp_dir}/${source_file}":
      ensure => 'file',
      source => "${base_url}/v${version}/${source_file}",
    }

    -> exec { 'extract grype':
      command => "tar xvf ${temp_dir}/${source_file} grype",
      path    => '/bin:/usr/bin',
      cwd     => "${root_dir}/bin",
      require => Package['tar'],
    }

    -> file { "${root_dir}/bin/grype":
      ensure => 'file',
      owner  => 'root',
      mode   => '0755',
    }

    cleanup { 'cleanup grype download':
      file_name => "${temp_dir}/${source_file}",
    }
  }

  file { "${root_dir}/etc/grype_yaml.tpl":
    ensure => 'file',
    source => 'puppet:///modules/vulnerability/grype_yaml.tpl',
    owner  => 'root',
    mode   => '0755',
  }
}