diff --git a/pkg/plugins/trivy/jobspec.go b/pkg/plugins/trivy/jobspec.go index 6ec8163f9..083ad5178 100644 --- a/pkg/plugins/trivy/jobspec.go +++ b/pkg/plugins/trivy/jobspec.go @@ -241,7 +241,13 @@ func CreateSbomDataAsSecret(bom v1alpha1.BOM, secretName string) (corev1.Secret, // CreateVolumeSbomFiles creates a volume and volume mount for the sbom data func CreateVolumeSbomFiles(volumeMounts *[]corev1.VolumeMount, volumes *[]corev1.Volume, secretName *string, fileName string, mountPath string, cname string) { - vname := fmt.Sprintf("sbomvol-%s", cname) + vnamePrefix := "sbomvol-" + // Truncate cname to ensure that vname fits within 63 characters including the prefix + maxCnameLength := 62 - len(vnamePrefix) + if len(cname) > maxCnameLength { + cname = cname[:maxCnameLength] + } + vname := fmt.Sprintf("%s%s", vnamePrefix, cname) sbomMount := corev1.VolumeMount{ Name: vname, MountPath: mountPath, diff --git a/pkg/plugins/trivy/jobspec_test.go b/pkg/plugins/trivy/jobspec_test.go index 0f59d73ac..e5f782953 100644 --- a/pkg/plugins/trivy/jobspec_test.go +++ b/pkg/plugins/trivy/jobspec_test.go @@ -51,35 +51,54 @@ func TestCreateSbomDataSecret(t *testing.T) { func TestCreateVolumes(t *testing.T) { testCases := []struct { - name string - vm []corev1.VolumeMount - v []corev1.Volume - cName string - sn string - fn string - mountPath string + name string + vm []corev1.VolumeMount + v []corev1.Volume + cName string + sn string + fn string + mountPath string + expectedName string }{ { - name: "cretae volumes", - vm: []corev1.VolumeMount{}, - v: []corev1.Volume{}, - sn: "test", - cName: "cname", - mountPath: "/sbom-cname", - fn: "name", + name: "create volumes with normal cname", + vm: []corev1.VolumeMount{}, + v: []corev1.Volume{}, + sn: "test", + cName: "cname", + mountPath: "/sbom-cname", + fn: "name", + expectedName: "sbomvol-cname", + }, + { + name: "create volumes with long cname", + vm: []corev1.VolumeMount{}, + v: []corev1.Volume{}, + sn: "test", + cName: "averylongcontainername1234567890averylongcontainername1234567890", + mountPath: "/sbom-longname", + fn: "name", + expectedName: "sbomvol-averylongcontainername1234567890averylongcontainername", }, } - tc := testCases[0] - t.Run(tc.name, func(t *testing.T) { - trivy.CreateVolumeSbomFiles(&tc.vm, &tc.v, &tc.sn, tc.fn, tc.mountPath, tc.cName) - assert.Equal(t, len(tc.vm), 1) - assert.Equal(t, len(tc.v), 1) - assert.Equal(t, tc.vm[0].Name, "sbomvol-cname") - assert.Equal(t, tc.vm[0].MountPath, "/sbom-cname") - assert.Equal(t, tc.v[0].Name, "sbomvol-cname") - assert.Equal(t, tc.v[0].Secret.SecretName, tc.sn) - assert.Equal(t, tc.v[0].Secret.Items[0].Key, "bom") - assert.Equal(t, tc.v[0].Secret.Items[0].Path, tc.fn) - }) + for _, tc := range testCases { + tc := tc + t.Run(tc.name, func(t *testing.T) { + trivy.CreateVolumeSbomFiles(&tc.vm, &tc.v, &tc.sn, tc.fn, tc.mountPath, tc.cName) + + assert.Equal(t, len(tc.vm), 1) + assert.Equal(t, len(tc.v), 1) + + assert.Equal(t, tc.vm[0].Name, tc.expectedName) + assert.Equal(t, tc.vm[0].MountPath, tc.mountPath) + assert.Equal(t, tc.v[0].Name, tc.expectedName) + assert.Equal(t, tc.v[0].Secret.SecretName, tc.sn) + assert.Equal(t, tc.v[0].Secret.Items[0].Key, "bom") + assert.Equal(t, tc.v[0].Secret.Items[0].Path, tc.fn) + + assert.LessOrEqual(t, len(tc.vm[0].Name), 63) + assert.LessOrEqual(t, len(tc.v[0].Name), 63) + }) + } }