goharbor
diff --git a/‎README.md‎
Lines changed: 9 additions & 5 deletions b/‎README.md‎
Lines changed: 9 additions & 5 deletions
diff --git a/‎cmd/harbor-scanner-clair/main.go‎
Lines changed: 22 additions & 3 deletions b/‎cmd/harbor-scanner-clair/main.go‎
Lines changed: 22 additions & 3 deletions
diff --git a/‎go.mod‎
Lines changed: 1 addition & 0 deletions b/‎go.mod‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎go.sum‎
Lines changed: 2 additions & 0 deletions b/‎go.sum‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎pkg/etc/config.go‎
Lines changed: 18 additions & 10 deletions b/‎pkg/etc/config.go‎
Lines changed: 18 additions & 10 deletions
diff --git a/‎pkg/etc/config_test.go‎
Lines changed: 33 additions & 16 deletions b/‎pkg/etc/config_test.go‎
Lines changed: 33 additions & 16 deletions
diff --git a/‎pkg/persistence/redis/store.go‎
Lines changed: 6 additions & 12 deletions b/‎pkg/persistence/redis/store.go‎
Lines changed: 6 additions & 12 deletions
@@ -34,11 +34,15 @@ Configuration of the adapter is done via environment variables at startup.
 | `SCANNER_API_SERVER_IDLE_TIMEOUT`  | `60s` | The maximum amount of time to wait for the next request when keep-alives are enabled. |
 | `SCANNER_CLAIR_URL`                | `http://harbor-harbor-clair:6060` | Clair URL |
 | `SCANNER_CLAIR_DATABASE_URL`       | | The Clair database URL, it is used to fetch vulnerability database updated time of the Clair. Its format is `postgresql://user:password@host/db?sslmode=disable` |
-| `SCANNER_STORE_REDIS_URL`       | `redis://harbor-harbor-redis:6379` | Redis server URI for a redis store. |
-| `SCANNER_STORE_REDIS_NAMESPACE` | `harbor.scanner.clair:store` | A namespace for keys in a redis store. |
-| `SCANNER_STORE_REDIS_POOL_MAX_ACTIVE` | `5`  | The max number of connections allocated by the pool for a redis store. |
-| `SCANNER_STORE_REDIS_POOL_MAX_IDLE`   | `5`  | The max number of idle connections in the pool for a redis store. |
-| `SCANNER_STORE_REDIS_SCAN_JOB_TTL`    | `1h` | The time to live for persisting scan jobs and associated scan reports. |
+| `SCANNER_STORE_REDIS_URL`                     | `redis://harbor-harbor-redis:6379` | Redis server URI for a Redis store. The URI supports schemas to connect to a standalone Redis server, i.e. `redis://user:password@standalone_host:port/db-number` and Redis Sentinel deployment, i.e. `redis+sentinel://user:password@sentinel_host1:port1,sentinel_host2:port2/monitor-name/db-number`. |
+| `SCANNER_STORE_REDIS_POOL_MAX_ACTIVE`         | `5`   | The max number of connections allocated by the pool for a Redis store. |
+| `SCANNER_STORE_REDIS_POOL_MAX_IDLE`           | `5`   | The max number of idle connections in the pool for a Redis store. |
+| `SCANNER_STORE_REDIS_POOL_IDLE_TIMEOUT`       | `5m`  | Close connections after remaining idle for this duration. |
+| `SCANNER_STORE_REDIS_POOL_CONNECTION_TIMEOUT` | `1s`  | The timeout for connecting to the Redis server. |
+| `SCANNER_STORE_REDIS_POOL_READ_TIMEOUT`       | `1s`  | The timeout for reading a single Redis command reply. |
+| `SCANNER_STORE_REDIS_POOL_WRITE_TIMEOUT`      | `1s`  | The timeout for writing a single Redis command. |
+| `SCANNER_STORE_REDIS_NAMESPACE`       | `harbor.scanner.clair:store` | A namespace for keys in a redis store. |
+| `SCANNER_STORE_REDIS_SCAN_JOB_TTL`    | `1h`                         | The time to live for persisting scan jobs and associated scan reports. |
 
 ## Deploy to minikube
 
 
@@ -2,10 +2,13 @@ package main
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"os/signal"
 	"syscall"
 
+	"github.com/goharbor/harbor-scanner-clair/pkg/redisx"
+
 	"github.com/goharbor/harbor-scanner-clair/pkg/clair"
 	"github.com/goharbor/harbor-scanner-clair/pkg/etc"
 	"github.com/goharbor/harbor-scanner-clair/pkg/http/api"
@@ -30,12 +33,25 @@ func main() {
 	log.SetReportCaller(false)
 	log.SetFormatter(&log.JSONFormatter{})
 
+	if err := run(); err != nil {
+		log.Fatalf("Error: %v", err)
+	}
+}
+
+func run() (err error) {
 	config, err := etc.GetConfig()
 	if err != nil {
-		log.Fatalf("Error: %v", err)
+		err = fmt.Errorf("getting config: %v", err)
+		return
 	}
 
-	store := redis.NewStore(config.Store)
+	pool, err := redisx.NewPool(config.RedisPool)
+	if err != nil {
+		err = fmt.Errorf("constructing connection pool: %v", err)
+		return
+	}
+
+	store := redis.NewStore(pool, config.RedisStore)
 
 	workPool := work.New()
 
@@ -49,7 +65,8 @@ func main() {
 
 	clairClient, err := clair.NewClient(config.TLS, config.Clair)
 	if err != nil {
-		log.Fatalf("Error: %v", err)
+		err = fmt.Errorf("constructing clair client: %v", clairClient)
+		return
 	}
 
 	adapter := scanner.NewAdapter(registryClientFactory, clairClient, scanner.NewTransformer())
@@ -69,6 +86,7 @@ func main() {
 
 		apiServer.Shutdown(context.Background())
 		workPool.Shutdown()
+		_ = pool.Close()
 
 		close(shutdownComplete)
 	}()
@@ -77,4 +95,5 @@ func main() {
 	apiServer.ListenAndServe()
 
 	<-shutdownComplete
+	return
 }
@@ -3,6 +3,7 @@ module github.com/goharbor/harbor-scanner-clair
 go 1.13
 
 require (
+	github.com/FZambia/sentinel v1.1.0
 	github.com/Microsoft/hcsshim v0.8.6 // indirect
 	github.com/caarlos0/env/v6 v6.0.0
 	github.com/docker/distribution v2.7.1+incompatible
 
@@ -1,6 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
+github.com/FZambia/sentinel v1.1.0 h1:qrCBfxc8SvJihYNjBWgwUI93ZCvFe/PJIPTHKmlp8a8=
+github.com/FZambia/sentinel v1.1.0/go.mod h1:ytL1Am/RLlAoAXG6Kj5LNuw/TRRQrv2rt2FT26vP5gI=
 github.com/Microsoft/go-winio v0.4.11 h1:zoIOcVf0xPN1tnMVbTtEdI+P8OofVk3NObnwOQ6nK2Q=
 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
 github.com/Microsoft/hcsshim v0.8.6 h1:ZfF0+zZeYdzMIVMZHKtDKJvLHj76XCuVae/jNkjj0IA=
 
@@ -16,10 +16,11 @@ import (
 )
 
 type Config struct {
-	API   APIConfig
-	TLS   TLSConfig
-	Clair ClairConfig
-	Store Store
+	API        APIConfig
+	TLS        TLSConfig
+	Clair      ClairConfig
+	RedisPool  RedisPool
+	RedisStore RedisStore
 }
 
 type APIConfig struct {
@@ -47,12 +48,19 @@ type ClairConfig struct {
 	DatabaseURL string `env:"SCANNER_CLAIR_DATABASE_URL"`
 }
 
-type Store struct {
-	RedisURL      string        `env:"SCANNER_STORE_REDIS_URL" envDefault:"redis://harbor-harbor-redis:6379"`
-	Namespace     string        `env:"SCANNER_STORE_REDIS_NAMESPACE" envDefault:"harbor.scanner.clair:store"`
-	PoolMaxActive int           `env:"SCANNER_STORE_REDIS_POOL_MAX_ACTIVE" envDefault:"5"`
-	PoolMaxIdle   int           `env:"SCANNER_STORE_REDIS_POOL_MAX_IDLE" envDefault:"5"`
-	ScanJobTTL    time.Duration `env:"SCANNER_STORE_REDIS_SCAN_JOB_TTL" envDefault:"1h"`
+type RedisPool struct {
+	URL               string        `env:"SCANNER_STORE_REDIS_URL" envDefault:"redis://harbor-harbor-redis:6379"`
+	MaxActive         int           `env:"SCANNER_STORE_REDIS_POOL_MAX_ACTIVE" envDefault:"5"`
+	MaxIdle           int           `env:"SCANNER_STORE_REDIS_POOL_MAX_IDLE" envDefault:"5"`
+	IdleTimeout       time.Duration `env:"SCANNER_STORE_REDIS_POOL_IDLE_TIMEOUT" envDefault:"5m"`
+	ConnectionTimeout time.Duration `env:"SCANNER_STORE_REDIS_POOL_CONNECTION_TIMEOUT" envDefault:"1s"`
+	ReadTimeout       time.Duration `env:"SCANNER_STORE_REDIS_POOL_READ_TIMEOUT" envDefault:"1s"`
+	WriteTimeout      time.Duration `env:"SCANNER_STORE_REDIS_POOL_WRITE_TIMEOUT" envDefault:"1s"`
+}
+
+type RedisStore struct {
+	Namespace  string        `env:"SCANNER_STORE_REDIS_NAMESPACE" envDefault:"harbor.scanner.clair:store"`
+	ScanJobTTL time.Duration `env:"SCANNER_STORE_REDIS_SCAN_JOB_TTL" envDefault:"1h"`
 }
 
 func GetLogLevel() logrus.Level {
 
@@ -1,12 +1,13 @@
 package etc
 
 import (
-	"github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	"os"
 	"testing"
 	"time"
+
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 type Envs map[string]string
@@ -66,12 +67,18 @@ func TestGetConfig(t *testing.T) {
 				Clair: ClairConfig{
 					URL: "http://harbor-harbor-clair:6060",
 				},
-				Store: Store{
-					RedisURL:      "redis://harbor-harbor-redis:6379",
-					Namespace:     "harbor.scanner.clair:store",
-					PoolMaxActive: 5,
-					PoolMaxIdle:   5,
-					ScanJobTTL:    parseDuration(t, "1h"),
+				RedisStore: RedisStore{
+					Namespace:  "harbor.scanner.clair:store",
+					ScanJobTTL: parseDuration(t, "1h"),
+				},
+				RedisPool: RedisPool{
+					URL:               "redis://harbor-harbor-redis:6379",
+					MaxActive:         5,
+					MaxIdle:           5,
+					IdleTimeout:       parseDuration(t, "5m"),
+					ConnectionTimeout: parseDuration(t, "1s"),
+					ReadTimeout:       parseDuration(t, "1s"),
+					WriteTimeout:      parseDuration(t, "1s"),
 				},
 			},
 		},
@@ -89,6 +96,9 @@ func TestGetConfig(t *testing.T) {
 				"SCANNER_TLS_CLIENTCAS":            "test/data/ca.crt",
 
 				"SCANNER_CLAIR_URL": "https://demo.clair:7080",
+
+				"SCANNER_STORE_REDIS_POOL_MAX_ACTIVE": "3",
+				"SCANNER_STORE_REDIS_POOL_MAX_IDLE":   "10",
 			},
 			expectedConfig: Config{
 				API: APIConfig{
@@ -105,12 +115,18 @@ func TestGetConfig(t *testing.T) {
 				Clair: ClairConfig{
 					URL: "https://demo.clair:7080",
 				},
-				Store: Store{
-					RedisURL:      "redis://harbor-harbor-redis:6379",
-					Namespace:     "harbor.scanner.clair:store",
-					PoolMaxActive: 5,
-					PoolMaxIdle:   5,
-					ScanJobTTL:    parseDuration(t, "1h"),
+				RedisStore: RedisStore{
+					Namespace:  "harbor.scanner.clair:store",
+					ScanJobTTL: parseDuration(t, "1h"),
+				},
+				RedisPool: RedisPool{
+					URL:               "redis://harbor-harbor-redis:6379",
+					MaxActive:         3,
+					MaxIdle:           10,
+					IdleTimeout:       parseDuration(t, "5m"),
+					ConnectionTimeout: parseDuration(t, "1s"),
+					ReadTimeout:       parseDuration(t, "1s"),
+					WriteTimeout:      parseDuration(t, "1s"),
 				},
 			},
 		},
@@ -124,7 +140,8 @@ func TestGetConfig(t *testing.T) {
 			require.NoError(t, err)
 			assert.Equal(t, tc.expectedConfig.API, cfg.API)
 			assert.Equal(t, tc.expectedConfig.Clair, cfg.Clair)
-			assert.Equal(t, tc.expectedConfig.Store, cfg.Store)
+			assert.Equal(t, tc.expectedConfig.RedisStore, cfg.RedisStore)
+			assert.Equal(t, tc.expectedConfig.RedisPool, cfg.RedisPool)
 		})
 	}
 
 
@@ -3,6 +3,7 @@ package redis
 import (
 	"encoding/json"
 	"fmt"
+
 	"github.com/goharbor/harbor-scanner-clair/pkg/etc"
 	"github.com/goharbor/harbor-scanner-clair/pkg/harbor"
 	"github.com/goharbor/harbor-scanner-clair/pkg/job"
@@ -13,21 +14,14 @@ import (
 )
 
 type store struct {
-	cfg  etc.Store
-	pool redis.Pool
+	pool *redis.Pool
+	cfg  etc.RedisStore
 }
 
-func NewStore(cfg etc.Store) persistence.Store {
+func NewStore(pool *redis.Pool, cfg etc.RedisStore) persistence.Store {
 	return &store{
-		cfg: cfg,
-		pool: redis.Pool{
-			Dial: func() (redis.Conn, error) {
-				return redis.DialURL(cfg.RedisURL)
-			},
-			MaxIdle:   cfg.PoolMaxIdle,
-			MaxActive: cfg.PoolMaxActive,
-			Wait:      true,
-		},
+		cfg:  cfg,
+		pool: pool,
 	}
 }