configure cleanup enabled

Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>
kyverno · Apr 23, 2024 · 3b9e94c · 3b9e94c
1 parent 5a2c9ff
commit 3b9e94c
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 0 deletions.
diff --git a/charts/policy-reporter/config.yaml b/charts/policy-reporter/config.yaml
@@ -297,6 +297,7 @@ securityHub:
   accessKeyID: {{ .Values.target.securityHub.accessKeyID }}
   secretAccessKey:  {{ .Values.target.securityHub.secretAccessKey }}
   delayInSeconds: {{ .Values.target.securityHub.delayInSeconds }}
+  cleanup: {{ .Values.target.securityHub.cleanup }}
   secretRef: {{ .Values.target.securityHub.secretRef | quote }}
   mountedSecret: {{ .Values.target.securityHub.mountedSecret | quote }}
   productName: {{ .Values.target.securityHub.productName | quote }}

diff --git a/charts/policy-reporter/values.yaml b/charts/policy-reporter/values.yaml
@@ -661,6 +661,8 @@ target:
     sources: []
     # Skip already existing PolicyReportResults on startup
     skipExistingOnStartup: true
+    # Enable cleanup listener for SecurityHub
+    cleanup: false
     # Delay between AWS GetFindings API calls, to avoid hitting the API RequestLimit
     delayInSeconds: 2
     # Added as additional properties to each securityHub event

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -208,6 +208,7 @@ type SecurityHub struct {
 	AccountID         string         `mapstructure:"accountId"`
 	ProductName       string         `mapstructure:"productName"`
 	DelayInSeconds    int            `mapstructure:"delayInSeconds"`
+	Cleanup           bool           `mapstructure:"cleanup"`
 	Channels          []*SecurityHub `mapstructure:"channels"`
 }
 

diff --git a/pkg/target/securityhub/securityhub.go b/pkg/target/securityhub/securityhub.go
@@ -22,6 +22,7 @@ type Options struct {
 	Region       string
 	ProductName  string
 	Delay        time.Duration
+	Cleanup      bool
 }
 
 type client struct {
@@ -32,6 +33,7 @@ type client struct {
 	region       string
 	productName  string
 	delay        time.Duration
+	cleanup      bool
 }
 
 func (c *client) Send(result v1alpha2.PolicyReportResult) {
@@ -98,6 +100,10 @@ func (c *client) Send(result v1alpha2.PolicyReportResult) {
 }
 
 func (c *client) CleanUp(ctx context.Context, report v1alpha2.ReportInterface) {
+	if !c.cleanup {
+		return
+	}
+
 	resourceIds := toResourceIDFilter(report)
 	if len(resourceIds) == 0 {
 		return
@@ -228,6 +234,7 @@ func NewClient(options Options) target.Client {
 		options.Region,
 		options.ProductName,
 		options.Delay,
+		options.Cleanup,
 	}
 }