Skip to content
This repository was archived by the owner on Sep 6, 2023. It is now read-only.

Add hook priority docs #131

Closed
wants to merge 1 commit into from
Closed

Add hook priority docs #131

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions docs/api/crds/scan-completion-hook.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,31 @@ The `type` field can be either `ReadOnly` or `ReadAndWrite`.

`ReadAndWrite` hooks have the ability to update both the findings and raw scan reports. This can be used to attach additional metadata to the findings by comparing the findings to external inventory systems or APIs of cloud providers.

### Priority (Optional)

The `priority` field helps determine the execution order of the hook.
Hooks with a higher priority will be scheduled before hooks with a lower priority.
By default, hooks are given a priority of 0.
Hooks with equal priority are scheduled according to the default schedule:

1. Run ReadAndWrite hooks one by one (undefined order).
2. Once all ReadAndWrite hooks are completed, ReadOnly hooks are scheduled in parallel.

The following diagram shows an example run:

```text
Priority 2 Priority 1 Priority 0
+-------------------------------------------------------------------+ +----------------------+ +----------------------+
| +--------------+ +--------------+ +--------------+ | | +--------------+ | | +--------------+ |
| -> | ReadAndWrite |------>| ReadAndWrite |------>| ReadOnly | | | -> | ReadOnly | | ---> | -> | ReadAndWrite | |
| +--------------+ +--------------+ | +--------------+ | | +--------------+ | | +--------------+ |
--> | | | --> | | +----------------------+
| | +--------------+ | | +--------------+ |
| +--->| ReadOnly | | | -> | ReadOnly | |
| +--------------+ | | +--------------+ |
+-----------+-------------------------------------------------------+ +----------------------+
```

### Image (Required)

The `image` field contains a container image reference for the image supposed to run as the hook.
Expand Down Expand Up @@ -53,6 +78,7 @@ metadata:
name: elastic-persistence-hook
spec:
type: ReadOnly
priority: 2
image: docker.io/securecodebox/persistence-elastic:latest
imagePullSecrets:
- name: image-pull-secret
Expand Down