refactor: preparations for PolicyReport (#1034)

statnett · Jul 18, 2024 · 2e65566 · 2e65566
1 parent 7acf1dc
commit 2e65566
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 36 deletions.
diff --git a/internal/controller/stas/containerimagescan_status.go b/internal/controller/stas/containerimagescan_status.go
@@ -3,6 +3,7 @@ package stas
 import (
 	"context"
 	"fmt"
+	"slices"
 
 	batchv1 "k8s.io/api/batch/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -44,10 +45,9 @@ func newContainerImageStatusPatch(cis *stasv1alpha1.ContainerImageScan) *contain
 }
 
 type containerImageScanStatusPatch struct {
-	cis             *stasv1alpha1.ContainerImageScan
-	patch           *stasv1alpha1ac.ContainerImageScanApplyConfiguration
-	vulnerabilities []stasv1alpha1.Vulnerability
-	minSeverity     *stasv1alpha1.Severity
+	cis         *stasv1alpha1.ContainerImageScan
+	patch       *stasv1alpha1ac.ContainerImageScanApplyConfiguration
+	minSeverity *stasv1alpha1.Severity
 }
 
 func (p *containerImageScanStatusPatch) withCondition(c *metav1ac.ConditionApplyConfiguration) *containerImageScanStatusPatch {
@@ -56,24 +56,35 @@ func (p *containerImageScanStatusPatch) withCondition(c *metav1ac.ConditionApply
 	return p
 }
 
-func (p *containerImageScanStatusPatch) withScanJob(job *batchv1.Job) *containerImageScanStatusPatch {
+func (p *containerImageScanStatusPatch) withScanJob(job *batchv1.Job, successful bool) *containerImageScanStatusPatch {
+	now := metav1.Now()
+
 	p.patch.Status.
-		WithLastScanTime(metav1.Now()).
-		WithLastScanJobUID(job.UID)
+		WithLastScanJobUID(job.UID).
+		WithLastScanTime(now)
+
+	if successful {
+		p.patch.Status.
+			WithLastSuccessfulScanTime(now)
+	}
 
 	return p
 }
 
-func (p *containerImageScanStatusPatch) withCompletedScanJob(job *batchv1.Job, vulnerabilities []stasv1alpha1.Vulnerability, minSeverity stasv1alpha1.Severity) *containerImageScanStatusPatch {
+func (p *containerImageScanStatusPatch) withResults(vulnerabilities []stasv1alpha1.Vulnerability, minSeverity stasv1alpha1.Severity) *containerImageScanStatusPatch {
 	p.minSeverity = &minSeverity
-	p.vulnerabilities = vulnerabilities
 
-	now := metav1.Now()
+	p.patch.Status.Vulnerabilities = make([]stasv1alpha1ac.VulnerabilityApplyConfiguration, len(vulnerabilities))
+	for i, v := range vulnerabilities {
+		p.patch.Status.Vulnerabilities[i] = *vulnerabilityPatch(v)
+	}
+
+	summary := vulnerabilitySummary(vulnerabilities, minSeverity)
 	p.patch.Status.
-		WithVulnerabilitySummary(vulnerabilitySummary(vulnerabilities, minSeverity)).
-		WithLastScanTime(now).
-		WithLastScanJobUID(job.UID).
-		WithLastSuccessfulScanTime(now)
+		WithVulnerabilitySummary(stasv1alpha1ac.VulnerabilitySummary().
+			WithSeverityCount(summary.SeverityCount).
+			WithFixedCount(summary.FixedCount).
+			WithUnfixedCount(summary.UnfixedCount))
 
 	return p
 }
@@ -94,7 +105,9 @@ func (p *containerImageScanStatusPatch) apply(ctx context.Context, c client.Clie
 	var err error
 	// Repeat until resource fits in api-server by increasing minimum severity on failure.
 	for severity := *p.minSeverity; severity <= stasv1alpha1.MaxSeverity; severity++ {
-		p.patch.Status.Vulnerabilities = filterVulnerabilities(p.vulnerabilities, severity)
+		p.patch.Status.Vulnerabilities = slices.DeleteFunc(p.patch.Status.Vulnerabilities, func(v stasv1alpha1ac.VulnerabilityApplyConfiguration) bool {
+			return *v.Severity < severity
+		})
 
 		err = c.Status().Patch(ctx, p.cis, applyPatch{p.patch}, FieldValidationStrict, client.ForceOwnership, fieldOwner)
 		if !isResourceTooLargeError(err) {

diff --git a/internal/controller/stas/scan_job_controller.go b/internal/controller/stas/scan_job_controller.go
@@ -26,7 +26,6 @@ import (
 	"sigs.k8s.io/json"
 
 	stasv1alpha1 "github.com/statnett/image-scanner-operator/api/stas/v1alpha1"
-	stasv1alpha1ac "github.com/statnett/image-scanner-operator/internal/client/applyconfiguration/stas/v1alpha1"
 	"github.com/statnett/image-scanner-operator/internal/config"
 	"github.com/statnett/image-scanner-operator/internal/controller"
 	staserrors "github.com/statnett/image-scanner-operator/internal/errors"
@@ -168,7 +167,7 @@ func (r *ScanJobReconciler) reconcileCompleteJob(ctx context.Context, job *batch
 					WithReason(stasv1alpha1.ReasonScanReportDecodeError).
 					WithMessage(fmt.Sprintf("error decoding scan report JSON from job '%s': %s", job.Name, err)),
 			).
-			withScanJob(job).
+			withScanJob(job, false).
 			apply(ctx, r.Client)
 	}
 
@@ -180,7 +179,8 @@ func (r *ScanJobReconciler) reconcileCompleteJob(ctx context.Context, job *batch
 	}
 
 	return newContainerImageStatusPatch(cis).
-		withCompletedScanJob(job, vulnerabilities, minSeverity).
+		withScanJob(job, true).
+		withResults(vulnerabilities, minSeverity).
 		apply(ctx, r.Client)
 }
 
@@ -204,7 +204,7 @@ func (r *ScanJobReconciler) reconcileFailedJob(ctx context.Context, job *batchv1
 				WithReason("Error").
 				WithMessage(string(logBytes)),
 		).
-		withScanJob(job).
+		withScanJob(job, false).
 		apply(ctx, r.Client)
 }
 
@@ -336,19 +336,7 @@ func (r *ScanJobReconciler) getScanJobLogs(ctx context.Context, job *batchv1.Job
 	return r.GetLogs(ctx, client.ObjectKeyFromObject(&jobPod), trivy.ScanJobContainerName)
 }
 
-func filterVulnerabilities(orig []stasv1alpha1.Vulnerability, minSeverity stasv1alpha1.Severity) []stasv1alpha1ac.VulnerabilityApplyConfiguration {
-	var filtered []stasv1alpha1ac.VulnerabilityApplyConfiguration
-
-	for _, v := range orig {
-		if v.Severity >= minSeverity {
-			filtered = append(filtered, *vulnerabilityPatch(v))
-		}
-	}
-
-	return filtered
-}
-
-func vulnerabilitySummary(vulnerabilities []stasv1alpha1.Vulnerability, minSeverity stasv1alpha1.Severity) *stasv1alpha1ac.VulnerabilitySummaryApplyConfiguration {
+func vulnerabilitySummary(vulnerabilities []stasv1alpha1.Vulnerability, minSeverity stasv1alpha1.Severity) *stasv1alpha1.VulnerabilitySummary {
 	severityCount := make(map[string]int32)
 	for severity := minSeverity; severity <= stasv1alpha1.MaxSeverity; severity++ {
 		severityCount[severity.String()] = 0
@@ -366,8 +354,9 @@ func vulnerabilitySummary(vulnerabilities []stasv1alpha1.Vulnerability, minSever
 		}
 	}
 
-	return stasv1alpha1ac.VulnerabilitySummary().
-		WithSeverityCount(severityCount).
-		WithFixedCount(fixedCount).
-		WithUnfixedCount(unfixedCount)
+	return &stasv1alpha1.VulnerabilitySummary{
+		SeverityCount: severityCount,
+		FixedCount:    fixedCount,
+		UnfixedCount:  unfixedCount,
+	}
 }