WIP

J12934 · jorgestiga · nigthknight · J12934 · commit fb8a9f15bda4 · 2020-05-25T15:03:33.000+02:00
Co-authored-by: Jorge Estigarribia &lt;jorgestiga@hotmail.com&gt;
Co-authored-by: Yannik Fuhrmeister &lt;12710254+fuhrmeistery@users.noreply.github.com&gt;
diff --git a/operator/apis/execution/v1/scan_types.go b/operator/apis/execution/v1/scan_types.go
@@ -45,6 +45,26 @@ type ScanStatus struct {
 	RawResultFile string `json:"rawResultFile,omitempty"`
 
 	Findings FindingStats `json:"findings,omitempty"`
+
+	ReadAndWriteHookStatus []HookStatus `json:"readAndWriteHookStatus,omitempty"`
+}
+
+// HookState Describes the State of a Hook on a Scan
+type HookState string
+
+const (
+	Pending    HookState = "Pending"
+	InProgress HookState = "InProgress"
+	Completed  HookState = "Completed"
+
+	// Cancelled  HookState = "Cancelled"
+	// Failed  HookState = "Failed"
+)
+
+type HookStatus struct {
+	HookName string    `json:"hookName"`
+	State    HookState `json:"state"`
+	JobName  string    `json:"jobName"`
 }
 
 // FindingStats contains the general stats about the results of the scan
diff --git a/operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml b/operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml
@@ -113,6 +113,21 @@ spec:
               description: RawResultType determines which kind of ParseDefinition
                 will be used to turn the raw results of the scanner into findings
               type: string
+            readAndWriteHookStatus:
+              items:
+                properties:
+                  hookName:
+                    type: string
+                  jobName:
+                    type: string
+                  state:
+                    type: string
+                required:
+                - hookName
+                - jobName
+                - state
+                type: object
+              type: array
             state:
               type: string
           type: object
diff --git a/operator/config/samples/Dockerfile b/operator/config/samples/Dockerfile
@@ -1,2 +1,2 @@
 FROM alpine
-CMD [sleep, 5s]
+ENTRYPOINT [sleep, 5s]
diff --git a/operator/config/samples/execution_v1_readonlyhook.yaml b/operator/config/samples/execution_v1_readonlyhook.yaml
diff --git a/operator/config/samples/execution_v1_scan/nmap_localhost.yaml b/operator/config/samples/execution_v1_scan/nmap_localhost.yaml
@@ -1,9 +1,33 @@
-apiVersion: "execution.experimental.securecodebox.io/v1"
+apiVersion: execution.experimental.securecodebox.io/v1
 kind: Scan
 metadata:
-  name: "nmap-localhost"
+  finalizers:
+    - s3.storage.experimental.securecodebox.io
+  name: nmap-localhost
+  namespace: default
 spec:
-  scanType: "nmap"
   parameters:
-    - "-Pn"
+    - -Pn
     - localhost
+  scanType: nmap
+status:
+  state: Errored
+  errorDescription: At least one ReadOnlyHook failed, check the hooks kubernetes jobs related to the scan for more details.
+  findings:
+    categories:
+      Host: 1
+    count: 1
+    severities:
+      informational: 1
+  rawResultFile: nmap-results.xml
+  rawResultType: nmap-xml
+  readAndWriteHookStatus:
+    - hookName: luy-metadata
+      state: Completed
+      jobName: luy-metadata-123123
+    - hookName: finding-priority
+      state: Error
+      jobName: finding-priority-123123
+      error: "Job failed"
+    - hookName: hook-3
+      state: Pending
diff --git a/operator/controllers/execution/scan_controller.go b/operator/controllers/execution/scan_controller.go
@@ -113,6 +113,23 @@ func (r *ScanReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	case "Parsing":
 		err = r.checkIfParsingIsCompleted(&scan)
 	case "ParseCompleted":
+		// Hook status erstellen
+		// List all ReadAndWrite Hook -> Hook Status an Scan hängen
+		// Scan State auf ReadAndWriteHookProcessing setzen
+	case "ReadAndWriteHookProcessing":
+		// Hook Status Array durchgegen
+
+		// hook := First Array entry which is not Completed.
+
+		// if hook == "Pending" => create Job
+		// if hook == "InProgress" =>
+		//	 if job == "Completed" => hook = "Completed"
+		//	 (if job == "Failed" => hook = "Failed" => scan = "Failed")
+
+		// hook = nil => scan = "ReadAndWriteHookCompleted"
+
+		// Scan Status auf ReadAndWriteHookCompleted setzen
+	case "ReadAndWriteHookCompleted":
 		err = r.startReadOnlyHooks(&scan)
 	case "ReadOnlyHookProcessing":
 		err = r.checkIfReadOnlyHookIsCompleted(&scan)
diff --git a/persistence/persistence-elastic/templates/persistence-provider.yaml b/persistence/persistence-elastic/templates/persistence-provider.yaml
@@ -1,10 +1,11 @@
 apiVersion: "execution.experimental.securecodebox.io/v1"
-kind: PersistenceProvider
+kind: ScanCompletionHook
 metadata:
   name: {{ include "persistence-elastic.fullname" . }}
   labels:
     type: Structured
 spec:
+  type: ReadOnly
   image: "scbexperimental/persistence-elastic:latest"
   {{- if .Values.image.digest }}
   image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}@{{ .Values.image.digest }}"

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`FROM alpine`
`2`		`-CMD [sleep, 5s]`
	`2`	`+ENTRYPOINT [sleep, 5s]`