check for runtime_inventory.image_ttl_days = -1 (#146)

* fail when user sets runtime_inventory.image_ttl_days=-1 and prompt them to use runtime_inventory.image_ingest_overwrite
* update test snapshots

---------

Signed-off-by: Brady Todhunter <[email protected]>

stable/enterprise/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: enterprise
-version: "0.2.1"
+version: "0.2.2"
 appVersion: "4.9.3"
 kubeVersion: 1.23.x - 1.27.x || 1.23.x-x - 1.27.x-x
 description: |

stable/enterprise/files/default_config.yaml

@@ -16,7 +16,6 @@ auto_restart_services: false
 
 max_source_import_size_mb: ${ANCHORE_MAX_IMPORT_SOURCE_SIZE_MB}
 max_import_content_size_mb: ${ANCHORE_MAX_IMPORT_CONTENT_SIZE_MB}
-
 max_compressed_image_size_mb: ${ANCHORE_MAX_COMPRESSED_IMAGE_SIZE_MB}
 
 metrics:

stable/enterprise/templates/envvars_configmap.yaml

@@ -50,13 +50,17 @@ data:
   ANCHORE_ENTERPRISE_REPORTS_VULNERABILITIES_BY_ECS_CONTAINER: "true"
   ANCHORE_ENTERPRISE_REPORTS_VULNERABILITIES_BY_K8S_CONTAINER: "true"
   ANCHORE_ENTERPRISE_REPORTS_VULNERABILITIES_BY_K8S_NAMESPACE: "true"
-  ANCHORE_ENTERPRISE_RUNTIME_INVENTORY_IMAGE_TTL_DAYS: "120"
-  ANCHORE_ENTERPRISE_RUNTIME_INVENTORY_IMAGE_INGEST_OVERWRITE: "false"
-  {{- with .Values.anchoreConfig.notifications.ui_url }}
+{{- if eq (toString .Values.anchoreConfig.catalog.runtime_inventory.image_ttl_days) "-1" }}
+  {{- fail "The Value `-1` is no longer valid for `.Values.anchoreConfig.catalog.runtime_inventory.image_ttl_days`. Please use `.Values.anchoreConfig.catalog.runtime_inventory.image_ingest_overwrite=true` to force runtime inventory to be overwritten upon every update. `.Values.anchoreConfig.catalog.runtime_inventory.image_ttl_days` must be set to a value >1." -}}
+{{- else }}
+  ANCHORE_ENTERPRISE_RUNTIME_INVENTORY_IMAGE_TTL_DAYS: "{{ .Values.anchoreConfig.catalog.runtime_inventory.image_ttl_days }}"
+  ANCHORE_ENTERPRISE_RUNTIME_INVENTORY_IMAGE_INGEST_OVERWRITE: "{{ .Values.anchoreConfig.catalog.runtime_inventory.image_ingest_overwrite }}"
+{{- end }}
+{{- with .Values.anchoreConfig.notifications.ui_url }}
   ANCHORE_ENTERPRISE_UI_URL: "{{ . }}"
-  {{- else }}
+{{- else }}
   ANCHORE_ENTERPRISE_UI_URL: {{ include "enterprise.ui.fullname" . | quote }}
-  {{- end }}
+{{- end }}
   ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED: "false"
   ANCHORE_FEEDS_DRIVER_MSRC_ENABLED: "false"
   ANCHORE_FEEDS_DRIVER_NVDV2_ENABLED: "true"

stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap

@@ -62,7 +62,6 @@ should render the configmaps:
 
         max_source_import_size_mb: ${ANCHORE_MAX_IMPORT_SOURCE_SIZE_MB}
         max_import_content_size_mb: ${ANCHORE_MAX_IMPORT_CONTENT_SIZE_MB}
-
         max_compressed_image_size_mb: ${ANCHORE_MAX_COMPRESSED_IMAGE_SIZE_MB}
 
         metrics:

stable/enterprise/values.yaml

@@ -477,11 +477,15 @@ anchoreConfig:
         name: db
         config: {}
 
-    ## @param anchoreConfig.catalog.runtime_inventory.image_ttl_days TTL for images in the inventory report working set
+    ## anchoreConfig.catalog.runtime_inventory.image_ttl_days TTL for images in the inventory report working set
+    ## @param anchoreConfig.catalog.runtime_inventory.image_ingest_overwrite disables the image_ttl cycle timer.
+    ## When `image_ingest_overwrite=true` upon ingestion of inventory, removes anything previously reported by the namespace and only keep the latest inventory posted.
+    ## This new config value is used instead of setting `image_ttl_days=-1`
     ## ref: https://docs.anchore.com/current/docs/configuration/runtime_inventory/
     ##
     runtime_inventory:
-      image_ttl_days: 1
+      image_ttl_days: 120
+      image_ingest_overwrite: false
 
     ## @param anchoreConfig.catalog.down_analyzer_task_requeue Allows fast re-queueing when image status is 'analyzing' on an analyzer that is no longer in the 'up' state
     ##