updaters: plumb update retention in

Signed-off-by: ldelossa <ldelossa@redhat.com>

Documentation/reference/config.md

@@ -45,7 +45,9 @@ matcher:
     max_conn_pool: 0
     indexer_addr: ""
     migrations: false
-    updater_sets: []
+    period: ""
+    disable_updaters: false
+    update_retention: 2
 notifier:
     connstring: ""
     migrations: false
@@ -195,23 +197,30 @@ A "true" or "false" value
 Whether Matcher nodes handle migrations to their databases.
 ```
 
-####  updater_sets: []
+####  period: ""
 ```
-A slice of strings representing which
-updaters matcher will create.
+A time.ParseDuration parsable string
+
+Determines how often updates for new security advisories will take place.
+
+Defaults to 30 minutes.
+```
+
+####  disable_updaters: ""
+```
+A "true" or "false" value
+
+Whether to run background updates or not.
+```
+
+####  update_retention: ""
+```
+An integer value 
 
-If nil all default UpdaterSets will be used
+Sets the number of update operations to retain between garbage collection cycles.
+This should be set to a safe MAX value based on database size constraints. 
 
-The following sets are supported:
-"alpine"
-"aws"
-"debian"
-"oracle"
-"photon"
-"pyupio"
-"rhel"
-"suse"
-"ubuntu"
+Defaults to 10
 ```
 
 ### notifier: \<object\>

config/config.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/url"
 	"strings"
+	"time"
 
 	"github.com/quay/claircore/libvuln/driver"
 	"gopkg.in/yaml.v3"
@@ -122,6 +123,12 @@ func Validate(conf Config) error {
 		if conf.Notifier.ConnString == "" {
 			return fmt.Errorf("notifier mode requires a database connection string")
 		}
+		if conf.Matcher.Period == 0 {
+			conf.Matcher.Period = 30 * time.Minute
+		}
+		if conf.Matcher.UpdateRetention < 2 {
+			conf.Matcher.UpdateRetention = 10
+		}
 	case IndexerMode:
 		if conf.HTTPListenAddr == "" {
 			conf.HTTPListenAddr = DefaultAddress
@@ -144,6 +151,12 @@ func Validate(conf Config) error {
 		if err != nil {
 			return fmt.Errorf("failed to url parse matcher mode IndexAddr string: %v", err)
 		}
+		if conf.Matcher.Period == 0 {
+			conf.Matcher.Period = 30 * time.Minute
+		}
+		if conf.Matcher.UpdateRetention < 2 {
+			conf.Matcher.UpdateRetention = 10
+		}
 	case NotifierMode:
 		if conf.Notifier.ConnString == "" {
 			return fmt.Errorf("notifier mode requires a database connection string")

config/matcher.go

@@ -28,10 +28,16 @@ type Matcher struct {
 	// Period controls how often updaters are run.
 	//
 	// The default is 30 minutes.
-	Period *time.Duration `yaml:"period" json:"period"`
+	Period time.Duration `yaml:"period" json:"period"`
 	// DisableUpdaters disables the updater's running of matchers.
 	//
 	// This should be toggled on if vulnerabilities are being provided by
 	// another mechanism.
 	DisableUpdaters bool `yaml:"disable_updaters" json:"disable_updaters"`
+	// UpdateRetention controls the number of updates to retain between
+	// garbage collection periods.
+	//
+	// The lowest possible value is 2 in order to compare updates for notification
+	// purposes.
+	UpdateRetention int `yaml:"update_retention" json:"update_retention"`
 }

initialize/services.go

@@ -64,23 +64,20 @@ func (i *Init) Services() error {
 		}
 		libI, err := libindex.New(i.GlobalCTX, &opts)
 		if err != nil {
-			return clairerror.ErrNotInitialized{"failed to initialize libindex: " + err.Error()}
-		}
-		per := DefaultUpdatePeriod
-		if p := i.conf.Matcher.Period; p != nil {
-			per = *p
+			return clairerror.ErrNotInitialized{Msg: "failed to initialize libindex: " + err.Error()}
 		}
 		updaterConfigs := make(map[string]driver.ConfigUnmarshaler)
 		for name, node := range i.conf.Updaters.Config {
 			updaterConfigs[name] = node.Decode
 		}
 		libV, err := libvuln.New(i.GlobalCTX, &libvuln.Opts{
-			MaxConnPool:    int32(i.conf.Matcher.MaxConnPool),
-			ConnString:     i.conf.Matcher.ConnString,
-			Migrations:     i.conf.Matcher.Migrations,
-			UpdaterSets:    i.conf.Updaters.Sets,
-			UpdateInterval: per,
-			UpdaterConfigs: updaterConfigs,
+			MaxConnPool:     int32(i.conf.Matcher.MaxConnPool),
+			ConnString:      i.conf.Matcher.ConnString,
+			Migrations:      i.conf.Matcher.Migrations,
+			UpdaterSets:     i.conf.Updaters.Sets,
+			UpdateInterval:  i.conf.Matcher.Period,
+			UpdaterConfigs:  updaterConfigs,
+			UpdateRetention: i.conf.Matcher.UpdateRetention,
 		})
 		if err != nil {
 			return fmt.Errorf("failed to initialize libvuln: %v", err)
@@ -155,27 +152,24 @@ func (i *Init) Services() error {
 		}
 		libI, err := libindex.New(i.GlobalCTX, &opts)
 		if err != nil {
-			return clairerror.ErrNotInitialized{"failed to initialize libindex: " + err.Error()}
+			return clairerror.ErrNotInitialized{Msg: "failed to initialize libindex: " + err.Error()}
 		}
 		i.Indexer = libI
 		i.Matcher = nil
 	case config.MatcherMode:
-		per := DefaultUpdatePeriod
-		if p := i.conf.Matcher.Period; p != nil {
-			per = *p
-		}
 		updaterConfigs := make(map[string]driver.ConfigUnmarshaler)
 		for name, node := range i.conf.Updaters.Config {
 			updaterConfigs[name] = node.Decode
 		}
 		// configure a local matcher but a remote indexer
 		libV, err := libvuln.New(i.GlobalCTX, &libvuln.Opts{
-			MaxConnPool:    int32(i.conf.Matcher.MaxConnPool),
-			ConnString:     i.conf.Matcher.ConnString,
-			Migrations:     i.conf.Matcher.Migrations,
-			UpdaterSets:    i.conf.Updaters.Sets,
-			UpdateInterval: per,
-			UpdaterConfigs: updaterConfigs,
+			MaxConnPool:     int32(i.conf.Matcher.MaxConnPool),
+			ConnString:      i.conf.Matcher.ConnString,
+			Migrations:      i.conf.Matcher.Migrations,
+			UpdaterSets:     i.conf.Updaters.Sets,
+			UpdateInterval:  i.conf.Matcher.Period,
+			UpdaterConfigs:  updaterConfigs,
+			UpdateRetention: i.conf.Matcher.UpdateRetention,
 		})
 		if err != nil {
 			return fmt.Errorf("failed to initialize libvuln: %v", err)