Skip to content
This repository was archived by the owner on Oct 14, 2020. It is now read-only.

Commit fe32373

Browse files
J12934J12934
committed
Merge Volume definition correctly
1 parent fd16a5c commit fe32373

File tree

1 file changed

+23
-16
lines changed

1 file changed

+23
-16
lines changed

operator/controllers/scan_controller.go

Lines changed: 23 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -353,6 +353,10 @@ func (r *ScanReconciler) constructJobForScan(scan *scansv1.Scan, scanTemplate *s
353353
return nil, err
354354
}
355355

356+
if len(scanTemplate.Spec.JobTemplate.Spec.Template.Spec.Containers) < 1 {
357+
return nil, errors.New("ScanTemplate must at least contain one container in which the scanner is running")
358+
}
359+
356360
job := &batch.Job{
357361
ObjectMeta: metav1.ObjectMeta{
358362
Labels: map[string]string{
@@ -367,25 +371,28 @@ func (r *ScanReconciler) constructJobForScan(scan *scansv1.Scan, scanTemplate *s
367371

368372
job.Spec.Template.Spec.ServiceAccountName = "lurcher"
369373

370-
job.Spec.Template.Spec.Volumes = []corev1.Volume{
371-
corev1.Volume{
372-
Name: "scan-results",
373-
VolumeSource: corev1.VolumeSource{
374-
EmptyDir: &corev1.EmptyDirVolumeSource{},
375-
},
376-
},
374+
// merging volume definition from ScanTemplate (if existing) with standard results volume
375+
if job.Spec.Template.Spec.Containers[0].VolumeMounts == nil || len(job.Spec.Template.Spec.Containers[0].VolumeMounts) == 0 {
376+
job.Spec.Template.Spec.Volumes = []corev1.Volume{}
377377
}
378+
job.Spec.Template.Spec.Volumes = append(job.Spec.Template.Spec.Volumes, corev1.Volume{
379+
Name: "scan-results",
380+
VolumeSource: corev1.VolumeSource{
381+
EmptyDir: &corev1.EmptyDirVolumeSource{},
382+
},
383+
})
378384

379-
var containerVolumeMounts []corev1.VolumeMount
385+
// merging volume mounts (for the primary scanner container) from ScanTemplate (if existing) with standard results volume mount
380386
if job.Spec.Template.Spec.Containers[0].VolumeMounts == nil || len(job.Spec.Template.Spec.Containers[0].VolumeMounts) == 0 {
381-
containerVolumeMounts = []corev1.VolumeMount{}
382-
} else {
383-
containerVolumeMounts = job.Spec.Template.Spec.Containers[0].VolumeMounts
384-
}
385-
job.Spec.Template.Spec.Containers[0].VolumeMounts = append(containerVolumeMounts, []corev1.VolumeMount{corev1.VolumeMount{
386-
Name: "scan-results",
387-
MountPath: "/home/securecodebox/",
388-
}}...)
387+
job.Spec.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{}
388+
}
389+
job.Spec.Template.Spec.Containers[0].VolumeMounts = append(
390+
job.Spec.Template.Spec.Containers[0].VolumeMounts,
391+
corev1.VolumeMount{
392+
Name: "scan-results",
393+
MountPath: "/home/securecodebox/",
394+
},
395+
)
389396

390397
lurcherSidecar := &corev1.Container{
391398
Name: "lurcher",

0 commit comments

Comments
 (0)