Implement HistoryLimit for ScheduledScans

Author: J12934

operator/apis/execution/v1/scan_types.go

@@ -41,6 +41,8 @@ type ScanStatus struct {
 	// RawResultFile Filename of the result file of the scanner. e.g. `nmap-result.xml`
 	RawResultFile string `json:"rawResultFile,omitempty"`
 
+	StartTime *metav1.Time `json:"startTime,omitempty"`
+
 	// FindingCount indicates how many findings were identified in total
 	FindingCount uint64 `json:"findingCount,omitempty"`
 	// FindingSeverities indicates the count of finding with the respective severity

operator/apis/execution/v1/zz_generated.deepcopy.go

@@ -3,14 +3,18 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
   creationTimestamp: null
   name: parsedefinitions.execution.experimental.securecodebox.io
 spec:
   group: execution.experimental.securecodebox.io
   names:
     kind: ParseDefinition
+    listKind: ParseDefinitionList
     plural: parsedefinitions
-  scope: ""
+    singular: parsedefinition
+  scope: Namespaced
   validation:
     openAPIV3Schema:
       description: ParseDefinition is the Schema for the parsedefinitions API

operator/config/crd/bases/execution.experimental.securecodebox.io_parsedefinitions.yaml

@@ -3,6 +3,8 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
   creationTimestamp: null
   name: persistenceproviders.execution.experimental.securecodebox.io
 spec:
@@ -14,8 +16,10 @@ spec:
   group: execution.experimental.securecodebox.io
   names:
     kind: PersistenceProvider
+    listKind: PersistenceProviderList
     plural: persistenceproviders
-  scope: ""
+    singular: persistenceprovider
+  scope: Namespaced
   subresources: {}
   validation:
     openAPIV3Schema:
@@ -103,9 +107,13 @@ spec:
                               for env vars'
                             type: string
                           divisor:
+                            anyOf:
+                            - type: integer
+                            - type: string
                             description: Specifies the output format of the exposed
                               resources, defaults to "1"
-                            type: string
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
                           resource:
                             description: 'Required: resource to select'
                             type: string

operator/config/crd/bases/execution.experimental.securecodebox.io_persistenceproviders.yaml

@@ -3,6 +3,8 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
   creationTimestamp: null
   name: scans.execution.experimental.securecodebox.io
 spec:
@@ -32,8 +34,10 @@ spec:
   group: execution.experimental.securecodebox.io
   names:
     kind: Scan
+    listKind: ScanList
     plural: scans
-  scope: ""
+    singular: scan
+  scope: Namespaced
   subresources:
     status: {}
   validation:
@@ -102,6 +106,9 @@ spec:
               description: RawResultType determines which kind of ParseDefinition
                 will be used to turn the raw results of the scanner into findings
               type: string
+            startTime:
+              format: date-time
+              type: string
             state:
               type: string
           type: object

operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml

@@ -3,14 +3,18 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
   creationTimestamp: null
   name: scheduledscans.execution.experimental.securecodebox.io
 spec:
   group: execution.experimental.securecodebox.io
   names:
     kind: ScheduledScan
+    listKind: ScheduledScanList
     plural: scheduledscans
-  scope: ""
+    singular: scheduledscan
+  scope: Namespaced
   subresources:
     status: {}
   validation:

operator/config/crd/bases/execution.experimental.securecodebox.io_scantypes.yaml

@@ -4,7 +4,7 @@ metadata:
   name: scheduled-nmap-localhost
 spec:
   interval: 1m
-  # historyLimit: 1
+  historyLimit: 2
   scanSpec:
     scanType: "nmap"
     parameters:

operator/config/crd/bases/execution.experimental.securecodebox.io_scheduledscans.yaml

@@ -19,6 +19,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"sort"
 	"time"
 
 	"github.com/go-logr/logr"
@@ -61,7 +62,34 @@ func (r *ScheduledScanReconciler) Reconcile(req ctrl.Request) (ctrl.Result, erro
 		return ctrl.Result{}, err
 	}
 
-	log.Info("ScanInverval parsed", "interval", scheduledScan.Spec.Interval)
+	log.Info("Got Scans", "count", len(childScans.Items))
+
+	var completedScans []executionv1.Scan
+	for _, scan := range childScans.Items {
+		if scan.Status.State == "Done" {
+			completedScans = append(completedScans, scan)
+		}
+	}
+
+	sort.Slice(completedScans, func(i, j int) bool {
+		if completedScans[i].Status.StartTime == nil {
+			return completedScans[j].Status.StartTime != nil
+		}
+		return completedScans[i].Status.StartTime.Before(completedScans[j].Status.StartTime)
+	})
+
+	for i, scan := range completedScans {
+		if int64(i) >= int64(len(completedScans))-scheduledScan.Spec.HistoryLimit {
+			break
+		}
+		if err := r.Delete(ctx, &scan, client.PropagationPolicy(metav1.DeletePropagationBackground)); (err) != nil {
+			log.Error(err, "unable to delete old scan", "scan", scan)
+		} else {
+			log.V(0).Info("deleted old successful job", "scan", scan)
+		}
+	}
+
+	log.Info("ScanInterval parsed", "interval", scheduledScan.Spec.Interval)
 
 	var nextSchedule time.Time
 	if scheduledScan.Status.LastScheduleTime != nil {
@@ -83,6 +111,8 @@ func (r *ScheduledScanReconciler) Reconcile(req ctrl.Request) (ctrl.Result, erro
 			Spec: *scheduledScan.Spec.ScanSpec.DeepCopy(),
 		}
 		scan.Name = fmt.Sprintf("%s-%d", scheduledScan.Name, nextSchedule.Unix())
+		metaNow := metav1.Now()
+		scan.Status.StartTime = &metaNow
 		if err := ctrl.SetControllerReference(&scheduledScan, scan, r.Scheme); err != nil {
 			log.Error(err, "unable to set owner reference on scan")
 			return ctrl.Result{}, err
@@ -117,7 +147,7 @@ func (r *ScheduledScanReconciler) SetupWithManager(mgr ctrl.Manager) error {
 			return nil
 		}
 		// ...make sure it's a Scan belonging to a Target...
-		if owner.APIVersion != apiGVStr || owner.Kind != "Target" {
+		if owner.APIVersion != apiGVStr || owner.Kind != "ScheduledScan" {
 			return nil
 		}
 

operator/config/samples/execution_v1_scheduledscan.yaml

@@ -10,5 +10,5 @@ require (
 	k8s.io/api v0.17.2
 	k8s.io/apimachinery v0.17.2
 	k8s.io/client-go v0.17.2
-	sigs.k8s.io/controller-runtime v0.5.0
+	sigs.k8s.io/controller-runtime v0.5.2
 )