Merge pull request #97 from prachidamle/read_k8s_version

Revert "Merge pull request #95 from prachidamle/revert_cis"
rancher · May 14, 2021 · 3ad8a6d · 3ad8a6d
2 parents 2c36c48 + 9afb011
commit 3ad8a6d
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 7 deletions.
diff --git a/pkg/securityscan/controller.go b/pkg/securityscan/controller.go
@@ -3,6 +3,7 @@ package securityscan
 import (
 	"context"
 	"fmt"
+	"strings"
 	"time"
 
 	v1monitoringclient "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned/typed/monitoring/v1"
@@ -193,6 +194,18 @@ func (c *Controller) registerCRD(ctx context.Context) error {
 	return factory.BatchCreateCRDs(ctx, crds...).BatchWait()
 }
 
+func (c *Controller) refreshClusterKubernetesVersion(ctx context.Context) error {
+	clusterK8sVersion, err := detectKubernetesVersion(ctx, c.kcs)
+	if err != nil {
+		return err
+	}
+	if !strings.EqualFold(clusterK8sVersion, c.KubernetesVersion) {
+		c.KubernetesVersion = clusterK8sVersion
+		logrus.Infof("New KubernetesVersion detected %v", c.KubernetesVersion)
+	}
+	return nil
+}
+
 func detectClusterProvider(ctx context.Context, k8sClient kubernetes.Interface) (string, error) {
 	provider, err := detector.DetectProvider(ctx, k8sClient)
 	if err != nil {

diff --git a/pkg/securityscan/jobHandler.go b/pkg/securityscan/jobHandler.go
@@ -93,7 +93,7 @@ func (c *Controller) handleJobs(ctx context.Context) error {
 			scancopy := scan.DeepCopy()
 
 			if !v1.ClusterScanConditionFailed.IsTrue(scan) {
-				summary, report, err := c.getScanResults(scan)
+				summary, report, err := c.getScanResults(ctx, scan)
 				if err != nil {
 					return nil, fmt.Errorf("error %v reading results of cluster scan object: %v", err, scanName)
 				}
@@ -121,7 +121,7 @@ func (c *Controller) deleteJob(jobController batchctlv1.JobController, job *batc
 	return jobController.Delete(job.Namespace, job.Name, &metav1.DeleteOptions{PropagationPolicy: &deletionPropagation})
 }
 
-func (c *Controller) getScanResults(scan *v1.ClusterScan) (*v1.ClusterScanSummary, *v1.ClusterScanReport, error) {
+func (c *Controller) getScanResults(ctx context.Context, scan *v1.ClusterScan) (*v1.ClusterScanSummary, *v1.ClusterScanReport, error) {
 	configmaps := c.coreFactory.Core().V1().ConfigMap()
 	//get the output configmap and create a report
 	outputConfigName := strings.Join([]string{`cisscan-output-for`, scan.Name}, "-")
@@ -138,7 +138,7 @@ func (c *Controller) getScanResults(scan *v1.ClusterScan) (*v1.ClusterScanSummar
 		return nil, nil, fmt.Errorf("cisScanHandler: Updated: error: got empty report from configmap %v", outputConfigName)
 	}
 
-	scanReport, err := c.createClusterScanReport(outputBytes, scan)
+	scanReport, err := c.createClusterScanReport(ctx, outputBytes, scan)
 	if err != nil {
 		return nil, nil, fmt.Errorf("cisScanHandler: Updated: error getting report from configmap %v: %v", outputConfigName, err)
 	}
@@ -165,13 +165,13 @@ func (c *Controller) getScanSummary(outputBytes []byte) (*v1.ClusterScanSummary,
 	return cisScanSummary, nil
 }
 
-func (c *Controller) createClusterScanReport(outputBytes []byte, scan *v1.ClusterScan) (*v1.ClusterScanReport, error) {
+func (c *Controller) createClusterScanReport(ctx context.Context, outputBytes []byte, scan *v1.ClusterScan) (*v1.ClusterScanReport, error) {
 	scanReport := &v1.ClusterScanReport{
 		ObjectMeta: metav1.ObjectMeta{
 			GenerateName: name.SafeConcatName("scan-report", scan.Name) + "-",
 		},
 	}
-	profile, err := c.getClusterScanProfile(scan)
+	profile, err := c.getClusterScanProfile(ctx, scan)
 	if err != nil {
 		return nil, fmt.Errorf("Error %v loading v1.ClusterScanProfile for name %v", scan.Spec.ScanProfileName, err)
 	}

diff --git a/pkg/securityscan/scanHandler.go b/pkg/securityscan/scanHandler.go
@@ -52,7 +52,7 @@ func (c *Controller) handleClusterScans(ctx context.Context) error {
 					return objects, obj.Status, fmt.Errorf("Retrying ClusterScan %v since got error: %v ", obj.Name, err)
 				}
 
-				profile, err := c.getClusterScanProfile(obj)
+				profile, err := c.getClusterScanProfile(ctx, obj)
 				if err != nil {
 					v1.ClusterScanConditionFailed.True(obj)
 					message := fmt.Sprintf("Error validating ClusterScanProfile %v, error: %v", obj.Spec.ScanProfileName, err)
@@ -171,10 +171,14 @@ func (c *Controller) isScanPresent(scanName string) (bool, error) {
 	return true, nil
 }
 
-func (c *Controller) getClusterScanProfile(scan *v1.ClusterScan) (*v1.ClusterScanProfile, error) {
+func (c *Controller) getClusterScanProfile(ctx context.Context, scan *v1.ClusterScan) (*v1.ClusterScanProfile, error) {
 	var profileName string
 	var err error
 	clusterscanprofiles := c.cisFactory.Cis().V1().ClusterScanProfile()
+	err = c.refreshClusterKubernetesVersion(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("error trying to read cluster's k8s version %v", err)
+	}
 
 	if scan.Spec.ScanProfileName != "" {
 		profileName = scan.Spec.ScanProfileName