From 0386a2f02d9260cf5f6bd8e2e42787190c1a3b4a Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Mon, 12 Oct 2020 11:00:29 +0200 Subject: [PATCH 1/4] Rename `historyLimit` to `successfulJobsHistoryLimit` This is online with the naming of the properties in Kubernetes CronJobs and allows to introduce a `failedJobsHistoryLimit` with consistent nameing. --- operator/apis/execution/v1/scheduledscan_types.go | 8 ++++---- .../controllers/execution/scheduledscan_controller.go | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/operator/apis/execution/v1/scheduledscan_types.go b/operator/apis/execution/v1/scheduledscan_types.go index c29f6b57..dd9820a5 100644 --- a/operator/apis/execution/v1/scheduledscan_types.go +++ b/operator/apis/execution/v1/scheduledscan_types.go @@ -29,13 +29,13 @@ type ScheduledScanSpec struct { // Important: Run "make" to regenerate code after modifying this file // Interval describes how often the scan should be repeated - // Examples: '12h', '7d', '30m' (only days, hours and minutes supported, specified as integers) + // Examples: '12h', '30m' Interval metav1.Duration `json:"interval"` - // HistoryLimit determines how many past Scans will be kept until the oldest one will be delted, defaults to 3. When set to 0 Scans will be deleted directly after completion - HistoryLimit int64 `json:"historyLimit,omitempty"` + // SuccessfulJobsHistoryLimit determines how many past Scans will be kept until the oldest one will be delted, defaults to 3. When set to 0 Scans will be deleted directly after completion + SuccessfulJobsHistoryLimit int64 `json:"successfulJobsHistoryLimit,omitempty"` - // Foo is an example field of ScheduledScan. Edit ScheduledScan_types.go to remove/update + // ScanSpec describes the scan which should be started regularly ScanSpec *ScanSpec `json:"scanSpec"` } diff --git a/operator/controllers/execution/scheduledscan_controller.go b/operator/controllers/execution/scheduledscan_controller.go index de4a1eb9..23d7628a 100644 --- a/operator/controllers/execution/scheduledscan_controller.go +++ b/operator/controllers/execution/scheduledscan_controller.go @@ -97,7 +97,7 @@ func (r *ScheduledScanReconciler) Reconcile(req ctrl.Request) (ctrl.Result, erro // Delete Old Scans when exceeding the history limit for i, scan := range completedScans { - if int64(i) >= int64(len(completedScans))-scheduledScan.Spec.HistoryLimit { + if int64(i) >= int64(len(completedScans))-scheduledScan.Spec.SuccessfulJobsHistoryLimit { break } if err := r.Delete(ctx, &scan, client.PropagationPolicy(metav1.DeletePropagationBackground)); (err) != nil { From 4b866ba67d1e6eb5ec6c67189a5b5c06773d2d5e Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Mon, 12 Oct 2020 11:03:06 +0200 Subject: [PATCH 2/4] Remove `handlesResultsType` in ParseDefinitions This has been replaced for a while to just use the ParseDefinitions name. Using the name enables a more direct lookup of the parseType. --- operator/apis/execution/v1/parsedefinition_types.go | 9 ++++----- .../config/samples/execution_v1_parsedefinition.yaml | 1 - 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/operator/apis/execution/v1/parsedefinition_types.go b/operator/apis/execution/v1/parsedefinition_types.go index d7e0f8df..8a496e56 100644 --- a/operator/apis/execution/v1/parsedefinition_types.go +++ b/operator/apis/execution/v1/parsedefinition_types.go @@ -29,10 +29,10 @@ type ParseDefinitionSpec struct { // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster // Important: Run "make" to regenerate code after modifying this file - // Foo is an example field of ParseDefinition. Edit ParseDefinition_types.go to remove/update - HandlesResultsType string `json:"handlesResultsType,omitempty"` - Image string `json:"image,omitempty"` - ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + // Image is the reference to the parser container image which ca transform the raw scan report into findings + Image string `json:"image,omitempty"` + // ImagePullSecrets used to access private parser images + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"` } // ParseDefinitionStatus defines the observed state of ParseDefinition @@ -42,7 +42,6 @@ type ParseDefinitionStatus struct { } // +kubebuilder:object:root=true -// +kubebuilder:printcolumn:name="Handles Type",type=string,JSONPath=`.spec.handlesResultsType`,description="Which result file type the parser is able to handle" // +kubebuilder:printcolumn:name="Image",type=string,JSONPath=`.spec.image`,description="Scanner Container Image" // ParseDefinition is the Schema for the parsedefinitions API diff --git a/operator/config/samples/execution_v1_parsedefinition.yaml b/operator/config/samples/execution_v1_parsedefinition.yaml index 7601d09f..bc1528df 100644 --- a/operator/config/samples/execution_v1_parsedefinition.yaml +++ b/operator/config/samples/execution_v1_parsedefinition.yaml @@ -3,5 +3,4 @@ kind: ParseDefinition metadata: name: "nmap-xml" spec: - handlesResultsType: nmap-xml image: securecodebox/nmap-parser From 429bd281b819a2a0a4ed4d576411efef25ca85fd Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Mon, 12 Oct 2020 12:50:38 +0200 Subject: [PATCH 3/4] Regenerate CRD's --- ...tion.securecodebox.io_parsedefinitions.yaml | 11 +++-------- ...cution.securecodebox.io_scheduledscans.yaml | 18 ++++++++---------- .../samples/execution_v1_scheduledscan.yaml | 2 +- ...tion.securecodebox.io_parsedefinitions.yaml | 11 +++-------- ...cution.securecodebox.io_scheduledscans.yaml | 18 ++++++++---------- 5 files changed, 23 insertions(+), 37 deletions(-) diff --git a/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml b/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml index 31308848..11d8db42 100644 --- a/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml +++ b/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml @@ -9,10 +9,6 @@ metadata: name: parsedefinitions.execution.securecodebox.io spec: additionalPrinterColumns: - - JSONPath: .spec.handlesResultsType - description: Which result file type the parser is able to handle - name: Handles Type - type: string - JSONPath: .spec.image description: Scanner Container Image name: Image @@ -44,13 +40,12 @@ spec: spec: description: ParseDefinitionSpec defines the desired state of ParseDefinition properties: - handlesResultsType: - description: Foo is an example field of ParseDefinition. Edit ParseDefinition_types.go - to remove/update - type: string image: + description: Image is the reference to the parser container image which + ca transform the raw scan report into findings type: string imagePullSecrets: + description: ImagePullSecrets used to access private parser images items: description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. diff --git a/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml b/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml index 636ca655..8c051aa5 100644 --- a/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml +++ b/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml @@ -59,20 +59,12 @@ spec: spec: description: ScheduledScanSpec defines the desired state of ScheduledScan properties: - historyLimit: - description: HistoryLimit determines how many past Scans will be kept - until the oldest one will be delted, defaults to 3. When set to 0 - Scans will be deleted directly after completion - format: int64 - type: integer interval: description: 'Interval describes how often the scan should be repeated - Examples: ''12h'', ''7d'', ''30m'' (only days, hours and minutes supported, - specified as integers)' + Examples: ''12h'', ''30m''' type: string scanSpec: - description: Foo is an example field of ScheduledScan. Edit ScheduledScan_types.go - to remove/update + description: ScanSpec describes the scan which should be started regularly properties: cascades: description: A label selector is a label query over a set of resources. @@ -232,6 +224,12 @@ spec: scanType: type: string type: object + successfulJobsHistoryLimit: + description: SuccessfulJobsHistoryLimit determines how many past Scans + will be kept until the oldest one will be delted, defaults to 3. When + set to 0 Scans will be deleted directly after completion + format: int64 + type: integer required: - interval - scanSpec diff --git a/operator/config/samples/execution_v1_scheduledscan.yaml b/operator/config/samples/execution_v1_scheduledscan.yaml index 0a18b0f9..469e6b61 100644 --- a/operator/config/samples/execution_v1_scheduledscan.yaml +++ b/operator/config/samples/execution_v1_scheduledscan.yaml @@ -4,7 +4,7 @@ metadata: name: scheduled-nmap-localhost spec: interval: 1m - historyLimit: 2 + successfulJobsHistoryLimit: 2 scanSpec: scanType: "nmap" parameters: diff --git a/operator/crds/execution.securecodebox.io_parsedefinitions.yaml b/operator/crds/execution.securecodebox.io_parsedefinitions.yaml index 31308848..11d8db42 100644 --- a/operator/crds/execution.securecodebox.io_parsedefinitions.yaml +++ b/operator/crds/execution.securecodebox.io_parsedefinitions.yaml @@ -9,10 +9,6 @@ metadata: name: parsedefinitions.execution.securecodebox.io spec: additionalPrinterColumns: - - JSONPath: .spec.handlesResultsType - description: Which result file type the parser is able to handle - name: Handles Type - type: string - JSONPath: .spec.image description: Scanner Container Image name: Image @@ -44,13 +40,12 @@ spec: spec: description: ParseDefinitionSpec defines the desired state of ParseDefinition properties: - handlesResultsType: - description: Foo is an example field of ParseDefinition. Edit ParseDefinition_types.go - to remove/update - type: string image: + description: Image is the reference to the parser container image which + ca transform the raw scan report into findings type: string imagePullSecrets: + description: ImagePullSecrets used to access private parser images items: description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. diff --git a/operator/crds/execution.securecodebox.io_scheduledscans.yaml b/operator/crds/execution.securecodebox.io_scheduledscans.yaml index 636ca655..8c051aa5 100644 --- a/operator/crds/execution.securecodebox.io_scheduledscans.yaml +++ b/operator/crds/execution.securecodebox.io_scheduledscans.yaml @@ -59,20 +59,12 @@ spec: spec: description: ScheduledScanSpec defines the desired state of ScheduledScan properties: - historyLimit: - description: HistoryLimit determines how many past Scans will be kept - until the oldest one will be delted, defaults to 3. When set to 0 - Scans will be deleted directly after completion - format: int64 - type: integer interval: description: 'Interval describes how often the scan should be repeated - Examples: ''12h'', ''7d'', ''30m'' (only days, hours and minutes supported, - specified as integers)' + Examples: ''12h'', ''30m''' type: string scanSpec: - description: Foo is an example field of ScheduledScan. Edit ScheduledScan_types.go - to remove/update + description: ScanSpec describes the scan which should be started regularly properties: cascades: description: A label selector is a label query over a set of resources. @@ -232,6 +224,12 @@ spec: scanType: type: string type: object + successfulJobsHistoryLimit: + description: SuccessfulJobsHistoryLimit determines how many past Scans + will be kept until the oldest one will be delted, defaults to 3. When + set to 0 Scans will be deleted directly after completion + format: int64 + type: integer required: - interval - scanSpec From 7646d7f97d8908723fd5ec104cc829f6aa1a85ee Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Mon, 12 Oct 2020 13:30:15 +0200 Subject: [PATCH 4/4] Ensure that successfulJobsHistoryLimit default is acutally 3 --- operator/apis/execution/v1/scheduledscan_types.go | 7 +++++-- operator/apis/execution/v1/zz_generated.deepcopy.go | 5 +++++ .../bases/execution.securecodebox.io_scheduledscans.yaml | 7 ++++--- operator/controllers/execution/scheduledscan_controller.go | 7 ++++++- .../crds/execution.securecodebox.io_scheduledscans.yaml | 7 ++++--- 5 files changed, 24 insertions(+), 9 deletions(-) diff --git a/operator/apis/execution/v1/scheduledscan_types.go b/operator/apis/execution/v1/scheduledscan_types.go index dd9820a5..de6f10bd 100644 --- a/operator/apis/execution/v1/scheduledscan_types.go +++ b/operator/apis/execution/v1/scheduledscan_types.go @@ -32,8 +32,11 @@ type ScheduledScanSpec struct { // Examples: '12h', '30m' Interval metav1.Duration `json:"interval"` - // SuccessfulJobsHistoryLimit determines how many past Scans will be kept until the oldest one will be delted, defaults to 3. When set to 0 Scans will be deleted directly after completion - SuccessfulJobsHistoryLimit int64 `json:"successfulJobsHistoryLimit,omitempty"` + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Minimum=0 + + // SuccessfulJobsHistoryLimit determines how many past Scans will be kept until the oldest one will be deleted, defaults to 3. When set to 0, Scans will be deleted directly after completion + SuccessfulJobsHistoryLimit *int32 `json:"successfulJobsHistoryLimit,omitempty"` // ScanSpec describes the scan which should be started regularly ScanSpec *ScanSpec `json:"scanSpec"` diff --git a/operator/apis/execution/v1/zz_generated.deepcopy.go b/operator/apis/execution/v1/zz_generated.deepcopy.go index fbae0fbc..9cc38bf6 100644 --- a/operator/apis/execution/v1/zz_generated.deepcopy.go +++ b/operator/apis/execution/v1/zz_generated.deepcopy.go @@ -564,6 +564,11 @@ func (in *ScheduledScanList) DeepCopyObject() runtime.Object { func (in *ScheduledScanSpec) DeepCopyInto(out *ScheduledScanSpec) { *out = *in out.Interval = in.Interval + if in.SuccessfulJobsHistoryLimit != nil { + in, out := &in.SuccessfulJobsHistoryLimit, &out.SuccessfulJobsHistoryLimit + *out = new(int32) + **out = **in + } if in.ScanSpec != nil { in, out := &in.ScanSpec, &out.ScanSpec *out = new(ScanSpec) diff --git a/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml b/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml index 8c051aa5..a51d9f3e 100644 --- a/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml +++ b/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml @@ -226,9 +226,10 @@ spec: type: object successfulJobsHistoryLimit: description: SuccessfulJobsHistoryLimit determines how many past Scans - will be kept until the oldest one will be delted, defaults to 3. When - set to 0 Scans will be deleted directly after completion - format: int64 + will be kept until the oldest one will be deleted, defaults to 3. + When set to 0, Scans will be deleted directly after completion + format: int32 + minimum: 0 type: integer required: - interval diff --git a/operator/controllers/execution/scheduledscan_controller.go b/operator/controllers/execution/scheduledscan_controller.go index 23d7628a..e0b9cb53 100644 --- a/operator/controllers/execution/scheduledscan_controller.go +++ b/operator/controllers/execution/scheduledscan_controller.go @@ -96,8 +96,13 @@ func (r *ScheduledScanReconciler) Reconcile(req ctrl.Request) (ctrl.Result, erro } // Delete Old Scans when exceeding the history limit + var historyLimit int32 = 3 + if scheduledScan.Spec.SuccessfulJobsHistoryLimit != nil { + historyLimit = *scheduledScan.Spec.SuccessfulJobsHistoryLimit + } + for i, scan := range completedScans { - if int64(i) >= int64(len(completedScans))-scheduledScan.Spec.SuccessfulJobsHistoryLimit { + if int32(i) >= int32(len(completedScans))-historyLimit { break } if err := r.Delete(ctx, &scan, client.PropagationPolicy(metav1.DeletePropagationBackground)); (err) != nil { diff --git a/operator/crds/execution.securecodebox.io_scheduledscans.yaml b/operator/crds/execution.securecodebox.io_scheduledscans.yaml index 8c051aa5..a51d9f3e 100644 --- a/operator/crds/execution.securecodebox.io_scheduledscans.yaml +++ b/operator/crds/execution.securecodebox.io_scheduledscans.yaml @@ -226,9 +226,10 @@ spec: type: object successfulJobsHistoryLimit: description: SuccessfulJobsHistoryLimit determines how many past Scans - will be kept until the oldest one will be delted, defaults to 3. When - set to 0 Scans will be deleted directly after completion - format: int64 + will be kept until the oldest one will be deleted, defaults to 3. + When set to 0, Scans will be deleted directly after completion + format: int32 + minimum: 0 type: integer required: - interval