Skip to content

Commit 05c3464

Browse files
author
Jop Zitman
committed
Implement migration mechanism for scans that were processing hooks while upgrading
Signed-off-by: Jop Zitman <jop.zitman@secura.com>
1 parent e4d19ee commit 05c3464

7 files changed

Lines changed: 120 additions & 2 deletions

File tree

operator/apis/execution/v1/scan_types.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,8 @@ type ScanStatus struct {
9999

100100
Findings FindingStats `json:"findings,omitempty"`
101101

102+
ReadAndWriteHookStatus []HookStatus `json:"readAndWriteHookStatus,omitempty"`
103+
102104
OrderedHookStatuses [][]*HookStatus `json:"orderedHookStatuses,omitempty"`
103105
}
104106

operator/apis/execution/v1/zz_generated.deepcopy.go

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

operator/config/crd/bases/execution.securecodebox.io_scans.yaml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2898,6 +2898,29 @@ spec:
28982898
description: RawResultType determines which kind of ParseDefinition
28992899
will be used to turn the raw results of the scanner into findings
29002900
type: string
2901+
readAndWriteHookStatus:
2902+
items:
2903+
properties:
2904+
hookName:
2905+
type: string
2906+
jobName:
2907+
type: string
2908+
priority:
2909+
type: integer
2910+
state:
2911+
description: HookState Describes the State of a Hook on a Scan
2912+
type: string
2913+
type:
2914+
description: HookType Defines weather the hook should be able
2915+
to change the findings or is run in a read only mode.
2916+
type: string
2917+
required:
2918+
- hookName
2919+
- priority
2920+
- state
2921+
- type
2922+
type: object
2923+
type: array
29012924
state:
29022925
type: string
29032926
type: object

operator/controllers/execution/scans/hook_reconciler.go

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,65 @@ func (r *ScanReconciler) setHookStatus(scan *executionv1.Scan) error {
4545
return nil
4646
}
4747

48+
func (r *ScanReconciler) migrateHookStatus(scan *executionv1.Scan) error {
49+
ctx := context.Background()
50+
var scanCompletionHooks executionv1.ScanCompletionHookList
51+
r.Log.Info("Starting hook Status field migrations", "ReadAndWriteHookStatus", scan.Status.ReadAndWriteHookStatus)
52+
53+
if err := r.List(ctx, &scanCompletionHooks, client.InNamespace(scan.Namespace)); err != nil {
54+
r.Log.V(7).Info("Unable to fetch ScanCompletionHooks")
55+
return err
56+
}
57+
58+
// Add new fields to old ReadAndWriteHookStatus object and convert to pointers
59+
strSlice := make([]*executionv1.HookStatus, len(scan.Status.ReadAndWriteHookStatus))
60+
for i := range scan.Status.ReadAndWriteHookStatus {
61+
strSlice[i] = scan.Status.ReadAndWriteHookStatus[i].DeepCopy() // Keep original ReadAndWriteHookStatus field
62+
strSlice[i].Priority = 0
63+
strSlice[i].Type = executionv1.ReadAndWrite
64+
r.Log.Info("Converted ReadAndWrite hook Status", "Original", scan.Status.ReadAndWriteHookStatus[i], "New", strSlice[i])
65+
}
66+
67+
// Construct new ReadOnly HookStatus for OrderedHookStatuses
68+
var readOnlyHooks []*executionv1.HookStatus
69+
for _, hook := range scanCompletionHooks.Items {
70+
if hook.Spec.Type == executionv1.ReadOnly {
71+
hookStatus := &executionv1.HookStatus{
72+
HookName: hook.Name,
73+
Priority: 0,
74+
Type: executionv1.ReadOnly,
75+
}
76+
77+
if scan.Status.State == "ReadAndWriteHookProcessing" || scan.Status.State == "ReadAndWriteHookCompleted" {
78+
// ReadOnly hooks should not have started yet, so mark them all as pending
79+
hookStatus.State = executionv1.Pending
80+
} else if scan.Status.State == "ReadOnlyHookProcessing" {
81+
// Had already started ReadOnly hooks and should now check status.
82+
// No status for ReadOnly in old CRD, so mark everything as InProgress and let processInProgressHook update it later.
83+
hookStatus.State = executionv1.InProgress
84+
}
85+
86+
r.Log.Info("Retrieved new ReadOnly hook Status", "New", hookStatus)
87+
88+
readOnlyHooks = append(readOnlyHooks, hookStatus)
89+
}
90+
}
91+
92+
scan.Status.OrderedHookStatuses = util.OrderHookStatusesInsideAPrioClass(append(readOnlyHooks, strSlice...))
93+
scan.Status.State = "HookProcessing"
94+
95+
if err := r.Status().Update(ctx, scan); err != nil {
96+
r.Log.Error(err, "unable to update Scan status")
97+
return err
98+
}
99+
100+
r.Log.Info("Finished hook Status field migrations. ReadOnly hook statuses will be updated later.",
101+
"ReadAndWriteHookStatus", scan.Status.ReadAndWriteHookStatus,
102+
"OrderedHookStatuses", scan.Status.OrderedHookStatuses)
103+
104+
return nil
105+
}
106+
48107
func (r *ScanReconciler) executeHooks(scan *executionv1.Scan) error {
49108
ctx := context.Background()
50109

operator/controllers/execution/scans/scan_controller.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,12 @@ func (r *ScanReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.
101101
err = r.setHookStatus(&scan)
102102
case "HookProcessing":
103103
err = r.executeHooks(&scan)
104+
case "ReadAndWriteHookProcessing":
105+
fallthrough
106+
case "ReadAndWriteHookCompleted":
107+
fallthrough
108+
case "ReadOnlyHookProcessing":
109+
err = r.migrateHookStatus(&scan)
104110
}
105111
if err != nil {
106112
return ctrl.Result{}, err

operator/crds/execution.securecodebox.io_scans.yaml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2898,6 +2898,29 @@ spec:
28982898
description: RawResultType determines which kind of ParseDefinition
28992899
will be used to turn the raw results of the scanner into findings
29002900
type: string
2901+
readAndWriteHookStatus:
2902+
items:
2903+
properties:
2904+
hookName:
2905+
type: string
2906+
jobName:
2907+
type: string
2908+
priority:
2909+
type: integer
2910+
state:
2911+
description: HookState Describes the State of a Hook on a Scan
2912+
type: string
2913+
type:
2914+
description: HookType Defines weather the hook should be able
2915+
to change the findings or is run in a read only mode.
2916+
type: string
2917+
required:
2918+
- hookName
2919+
- priority
2920+
- state
2921+
- type
2922+
type: object
2923+
type: array
29012924
state:
29022925
type: string
29032926
type: object

operator/utils/orderedhookgroups.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ func FromUnorderedList(hooks []executionv1.ScanCompletionHook) [][]*executionv1.
5858

5959
groups := [][]*executionv1.HookStatus{}
6060
for _, prioClass := range prioClasses {
61-
groups = append(groups, orderHookStatusesInsideAPrioClass(hooksByPrioClass[prioClass])...)
61+
groups = append(groups, OrderHookStatusesInsideAPrioClass(hooksByPrioClass[prioClass])...)
6262
}
6363

6464
return groups
@@ -79,7 +79,7 @@ func mapHookToHookStatus(hooks []executionv1.ScanCompletionHook) []*executionv1.
7979
return hookStatuses
8080
}
8181

82-
func orderHookStatusesInsideAPrioClass(hookStatuses []*executionv1.HookStatus) [][]*executionv1.HookStatus {
82+
func OrderHookStatusesInsideAPrioClass(hookStatuses []*executionv1.HookStatus) [][]*executionv1.HookStatus {
8383
groups := [][]*executionv1.HookStatus{}
8484
readOnlyGroups := []*executionv1.HookStatus{}
8585
for _, hookStatus := range hookStatuses {

0 commit comments

Comments
 (0)