Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Have optional result server #590

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Have optional result server #590

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions bundle/manifests/compliance.openshift.io_compliancescans.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,12 @@ spec:
rawResultStorage:
description: Specifies settings that pertain to raw result storage.
properties:
disabled:
default: false
description: Specifies if the raw result storage is disabled.
This is useful in case the raw results are not needed. Defaults
to false.
type: boolean
nodeSelector:
additionalProperties:
type: string
Expand Down
6 changes: 6 additions & 0 deletions bundle/manifests/compliance.openshift.io_compliancesuites.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,12 @@ spec:
rawResultStorage:
description: Specifies settings that pertain to raw result storage.
properties:
disabled:
default: false
description: Specifies if the raw result storage is disabled.
This is useful in case the raw results are not needed.
Defaults to false.
type: boolean
nodeSelector:
additionalProperties:
type: string
Expand Down
5 changes: 5 additions & 0 deletions bundle/manifests/compliance.openshift.io_scansettings.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,11 @@ spec:
rawResultStorage:
description: Specifies settings that pertain to raw result storage.
properties:
disabled:
default: false
description: Specifies if the raw result storage is disabled. This
is useful in case the raw results are not needed. Defaults to false.
type: boolean
nodeSelector:
additionalProperties:
type: string
Expand Down
5 changes: 3 additions & 2 deletions cmd/manager/common.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@ package manager

import (
"fmt"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/discovery"
"os"
"path/filepath"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/discovery"

ocpcfgv1 "github.com/openshift/api/config/v1"
mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1"
"github.com/spf13/cobra"
Expand Down
69 changes: 38 additions & 31 deletions cmd/manager/resultcollector.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,20 +64,21 @@ func init() {
}

type scapresultsConfig struct {
ArfFile string
XccdfFile string
ExitCodeFile string
CmdOutputFile string
WarningsOutputFile string
ScanName string
ConfigMapName string
NodeName string
Namespace string
ResultServerURI string
Timeout int64
Cert string
Key string
CA string
ArfFile string
XccdfFile string
ExitCodeFile string
CmdOutputFile string
WarningsOutputFile string
ScanName string
ConfigMapName string
NodeName string
Namespace string
ResultServerURI string
Timeout int64
Cert string
Key string
CA string
DisableRawResultUpload bool
}

func defineResultcollectorFlags(cmd *cobra.Command) {
Expand All @@ -95,7 +96,7 @@ func defineResultcollectorFlags(cmd *cobra.Command) {
cmd.Flags().String("tls-client-cert", "", "The path to the client and CA PEM cert bundle.")
cmd.Flags().String("tls-client-key", "", "The path to the client PEM key.")
cmd.Flags().String("tls-ca", "", "The path to the CA certificate.")

cmd.Flags().Bool("disable-raw-upload", false, "Setting to true to disable upload raw arf result")
flags := cmd.Flags()

// Add flags registered by imported packages (e.g. glog and
Expand All @@ -117,6 +118,7 @@ func parseConfig(cmd *cobra.Command) *scapresultsConfig {
conf.CA = getValidStringArg(cmd, "tls-ca")
conf.Timeout, _ = cmd.Flags().GetInt64("timeout")
conf.ResultServerURI, _ = cmd.Flags().GetString("resultserveruri")
conf.DisableRawResultUpload, _ = cmd.Flags().GetBool("disable-raw-upload")
// Set default if needed
if conf.ResultServerURI == "" {
conf.ResultServerURI = "http://" + conf.ScanName + "-rs:8080/"
Expand Down Expand Up @@ -370,31 +372,36 @@ func uploadErrorConfigMap(errorMsg *resultFileContents, exitcode string,
}

func handleCompleteSCAPResults(exitcode string, scapresultsconf *scapresultsConfig, client *complianceCrClient) {
arfContents, err := readResultsFile(scapresultsconf.ArfFile, scapresultsconf.Timeout)
if err != nil {
cmdLog.Error(err, "Failed to read ARF file")
os.Exit(1)
}
defer arfContents.close()

xccdfContents, err := readResultsFile(scapresultsconf.XccdfFile, scapresultsconf.Timeout)
if err != nil {
cmdLog.Error(err, "Failed to read XCCDF file")
os.Exit(1)
}
defer xccdfContents.close()

var wg sync.WaitGroup
wg.Add(2)
go func() {
serverUploadErr := uploadToResultServer(arfContents, scapresultsconf)
if serverUploadErr != nil {
cmdLog.Error(serverUploadErr, "Failed to upload results to server")
numWG := 1
if !scapresultsconf.DisableRawResultUpload {
numWG++
}
wg.Add(numWG)

if !scapresultsconf.DisableRawResultUpload {
arfContents, err := readResultsFile(scapresultsconf.ArfFile, scapresultsconf.Timeout)
if err != nil {
cmdLog.Error(err, "Failed to read ARF file")
os.Exit(1)
}
cmdLog.Info("Uploaded to resultserver")
wg.Done()
}()
defer arfContents.close()
go func() {
serverUploadErr := uploadToResultServer(arfContents, scapresultsconf)
if serverUploadErr != nil {
cmdLog.Error(serverUploadErr, "Failed to upload results to server")
os.Exit(1)
}
cmdLog.Info("Uploaded to resultserver")
wg.Done()
}()
}

go func() {
cmUploadErr := uploadResultConfigMap(xccdfContents, exitcode, scapresultsconf, client)
Expand Down
6 changes: 6 additions & 0 deletions config/crd/bases/compliance.openshift.io_compliancescans.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,12 @@ spec:
rawResultStorage:
description: Specifies settings that pertain to raw result storage.
properties:
disabled:
default: false
description: Specifies if the raw result storage is disabled.
This is useful in case the raw results are not needed. Defaults
to false.
type: boolean
nodeSelector:
additionalProperties:
type: string
Expand Down
6 changes: 6 additions & 0 deletions config/crd/bases/compliance.openshift.io_compliancesuites.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,12 @@ spec:
rawResultStorage:
description: Specifies settings that pertain to raw result storage.
properties:
disabled:
default: false
description: Specifies if the raw result storage is disabled.
This is useful in case the raw results are not needed.
Defaults to false.
type: boolean
nodeSelector:
additionalProperties:
type: string
Expand Down
5 changes: 5 additions & 0 deletions config/crd/bases/compliance.openshift.io_scansettings.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,11 @@ spec:
rawResultStorage:
description: Specifies settings that pertain to raw result storage.
properties:
disabled:
default: false
description: Specifies if the raw result storage is disabled. This
is useful in case the raw results are not needed. Defaults to false.
type: boolean
nodeSelector:
additionalProperties:
type: string
Expand Down
3 changes: 2 additions & 1 deletion pkg/apis/compliance/v1alpha1/complianceremediation_types_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
package v1alpha1

import (
"reflect"

. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"reflect"
)

var _ = Describe("Testing ComplianceRemediation API", func() {
Expand Down
5 changes: 5 additions & 0 deletions pkg/apis/compliance/v1alpha1/compliancescan_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,11 @@ type ComplianceScanType string
// When changing the defaults, remember to change also the DefaultRawStorageSize and
// DefaultStorageRotation constants
type RawResultStorageSettings struct {
// Specifies if the raw result storage is disabled. This is useful in case
// the raw results are not needed. Defaults to false.
// +kubebuilder:validation:Default=false
// +kubebuilder:default=false
Disabled bool `json:"disabled,omitempty"`
// Specifies the amount of storage to ask for storing the raw results. Note that
// if re-scans happen, the new results will also need to be stored. Defaults to 1Gi.
// +kubebuilder:validation:Default=1Gi
Expand Down
46 changes: 25 additions & 21 deletions pkg/controller/compliancescan/compliancescan_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -335,26 +335,29 @@ func (r *ReconcileComplianceScan) phaseLaunchingHandler(h scanTypeHandler, logge
return reconcile.Result{}, err
}

if err = r.handleResultServerSecret(scan, logger); err != nil {
logger.Error(err, "Cannot create result server cert secret")
return reconcile.Result{}, err
}
if !scan.Spec.RawResultStorage.Disabled {
if err = r.handleResultServerSecret(scan, logger); err != nil {
logger.Error(err, "Cannot create result server cert secret")
return reconcile.Result{}, err
}

if err = r.handleResultClientSecret(scan, logger); err != nil {
logger.Error(err, "Cannot create result Client cert secret")
return reconcile.Result{}, err
}
if err = r.handleResultClientSecret(scan, logger); err != nil {
logger.Error(err, "Cannot create result Client cert secret")
return reconcile.Result{}, err
}

if resume, err := r.handleRawResultsForScan(scan, logger); err != nil || !resume {
if err != nil {
logger.Error(err, "Cannot create the PersistentVolumeClaims")
if resume, err := r.handleRawResultsForScan(scan, logger); err != nil || !resume {
if err != nil {
logger.Error(err, "Cannot create the PersistentVolumeClaims")
}
return reconcile.Result{}, err
}

if err = r.createResultServer(scan, logger); err != nil {
logger.Error(err, "Cannot create result server")
return reconcile.Result{}, err
}
return reconcile.Result{}, err
}

if err = r.createResultServer(scan, logger); err != nil {
logger.Error(err, "Cannot create result server")
return reconcile.Result{}, err
}

if err = r.handleRuntimeKubeletConfig(scan, logger); err != nil {
Expand Down Expand Up @@ -745,11 +748,12 @@ func (r *ReconcileComplianceScan) phaseDoneHandler(h scanTypeHandler, instance *
}
} else {
// If we're done with the scan but we're not cleaning up just yet.

// scale down resultserver so it's not still listening for requests.
if err := r.scaleDownResultServer(instance, logger); err != nil {
logger.Error(err, "Cannot scale down result server")
return reconcile.Result{}, err
if !instance.Spec.RawResultStorage.Disabled {
// scale down resultserver so it's not still listening for requests.
if err := r.scaleDownResultServer(instance, logger); err != nil {
logger.Error(err, "Cannot scale down result server")
return reconcile.Result{}, err
}
}
}

Expand Down
Loading
Loading