Address review: logging & test coverage

vikin91 · vikin91 · commit bbc57dce0754 · 2026-01-13T11:34:36.000+01:00
diff --git a/central/sensor/service/pipeline/virtualmachineindex/pipeline.go b/central/sensor/service/pipeline/virtualmachineindex/pipeline.go
@@ -130,7 +130,7 @@ func (p *pipelineImpl) Run(ctx context.Context, clusterID string, msg *central.M
 	if p.rateLimiter == nil {
 		log.Warnf("No rate limiter found for %s. Dropping VM index report %s from cluster %s", rateLimiterWorkload, index.GetId(), clusterID)
 		if conn != nil && conn.HasCapability(centralsensor.SensorACKSupport) {
-			sendVMIndexReportResponse(ctx, index.GetId(), central.SensorACK_NACK, "nil rate limiter", injector)
+			sendVMIndexReportResponse(ctx, clusterID, index.GetId(), central.SensorACK_NACK, "nil rate limiter", injector)
 		}
 		return nil // Don't return error - would cause pipeline retry
 	}
@@ -139,7 +139,7 @@ func (p *pipelineImpl) Run(ctx context.Context, clusterID string, msg *central.M
 	if !allowed {
 		log.Infof("Dropping VM index report %s from cluster %s: %s", index.GetId(), clusterID, reason)
 		if conn != nil && conn.HasCapability(centralsensor.SensorACKSupport) {
-			sendVMIndexReportResponse(ctx, index.GetId(), central.SensorACK_NACK, reason, injector)
+			sendVMIndexReportResponse(ctx, clusterID, index.GetId(), central.SensorACK_NACK, reason, injector)
 		}
 		return nil // Don't return error - would cause pipeline retry
 	}
@@ -169,15 +169,15 @@ func (p *pipelineImpl) Run(ctx context.Context, clusterID string, msg *central.M
 
 	// Send ACK to Sensor if Sensor supports it
 	if conn != nil && conn.HasCapability(centralsensor.SensorACKSupport) {
-		sendVMIndexReportResponse(ctx, index.GetId(), central.SensorACK_ACK, "", injector)
+		sendVMIndexReportResponse(ctx, clusterID, index.GetId(), central.SensorACK_ACK, "", injector)
 	}
 	return nil
 }
 
 // sendVMIndexReportResponse sends an ACK or NACK for a VM index report.
-func sendVMIndexReportResponse(ctx context.Context, vmID string, action central.SensorACK_Action, reason string, injector common.MessageInjector) {
+func sendVMIndexReportResponse(ctx context.Context, clusterID, vmID string, action central.SensorACK_Action, reason string, injector common.MessageInjector) {
 	if injector == nil {
-		log.Debugf("Cannot send %s to Sensor - no injector", action.String())
+		log.Debugf("Cannot send %s to Sensor for cluster %s - no injector", action.String(), clusterID)
 		return
 	}
 	msg := &central.MsgToSensor{
@@ -191,8 +191,8 @@ func sendVMIndexReportResponse(ctx context.Context, vmID string, action central.
 		},
 	}
 	if err := injector.InjectMessage(ctx, msg); err != nil {
-		log.Warnf("Failed sending VM index report %s for %s: %v", action.String(), vmID, err)
+		log.Warnf("Failed sending VM index report %s for VM %s in cluster %s: %v", action.String(), vmID, clusterID, err)
 	} else {
-		log.Debugf("Sent VM index report %s for %s (reason=%q)", action.String(), vmID, reason)
+		log.Debugf("Sent VM index report %s for VM %s in cluster %s (reason=%q)", action.String(), vmID, clusterID, reason)
 	}
 }
diff --git a/central/sensor/service/pipeline/virtualmachineindex/pipeline_test.go b/central/sensor/service/pipeline/virtualmachineindex/pipeline_test.go
@@ -388,7 +388,7 @@ func TestPipelineRun_RateLimitDisabled(t *testing.T) {
 	msg := createVMIndexMessage(vmID, central.ResourceAction_SYNC_RESOURCE)
 
 	// Should process all 100 requests without rate limiting
-	for i := 0; i < 100; i++ {
+	for i := range 100 {
 		enricher.EXPECT().
 			EnrichVirtualMachineWithVulnerabilities(gomock.Any(), gomock.Any()).
 			Return(nil)
@@ -448,7 +448,7 @@ func TestPipelineRun_RateLimitEnabled(t *testing.T) {
 
 	// Send 6 requests - the first 5 should be processed successfully,
 	// the 6th should be rate-limited.
-	for i := 0; i < 6; i++ {
+	for i := range 6 {
 		err := pipeline.Run(ctxWithConn, testClusterID, msg, injector)
 		assert.NoError(t, err, "Run should not return an error even when rate-limited (request %d)", i+1)
 	}
@@ -469,6 +469,60 @@ func TestPipelineRun_RateLimitEnabled(t *testing.T) {
 	assert.Contains(t, acks[5].GetReason(), "rate limit exceeded")
 }
 
+// TestPipelineRun_RateLimitEnabled_NoACKSupport tests that when the connection
+// does not support SensorACKSupport, rate limiting still applies but no ACK/NACK
+// messages are sent.
+func TestPipelineRun_RateLimitEnabled_NoACKSupport(t *testing.T) {
+	t.Setenv(features.VirtualMachines.EnvVar(), "true")
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+
+	vmDatastore := vmDatastoreMocks.NewMockDataStore(ctrl)
+	enricher := vmEnricherMocks.NewMockVirtualMachineEnricher(ctrl)
+	rateLimiter := mustNewLimiter(t, "test-no-ack", 5, 5) // 5 req/s, bucket capacity=5
+
+	// Recording injector to capture any ACK/NACK attempts - should remain empty.
+	injector := &recordingInjector{}
+
+	// Mock connection WITHOUT SensorACKSupport capability
+	mockConn := connMocks.NewMockSensorConnection(ctrl)
+	mockConn.EXPECT().HasCapability(centralsensor.SensorACKSupport).Return(false).AnyTimes()
+
+	pipeline := &pipelineImpl{
+		vmDatastore: vmDatastore,
+		enricher:    enricher,
+		rateLimiter: rateLimiter,
+	}
+
+	vmID := "vm-1"
+	msg := createVMIndexMessage(vmID, central.ResourceAction_SYNC_RESOURCE)
+
+	// Build a context with the mocked connection that does NOT have SensorACKSupport
+	ctxWithConn := connection.WithConnection(context.Background(), mockConn)
+
+	// Expect enrichment and datastore writes ONLY for the first 5 (non-rate-limited) requests.
+	enricher.EXPECT().
+		EnrichVirtualMachineWithVulnerabilities(gomock.Any(), gomock.Any()).
+		Return(nil).
+		Times(5)
+
+	vmDatastore.EXPECT().
+		UpdateVirtualMachineScan(gomock.Any(), vmID, gomock.Any()).
+		Return(nil).
+		Times(5)
+
+	// Send 6 requests - the first 5 should be processed successfully,
+	// the 6th should be rate-limited.
+	for i := range 6 {
+		err := pipeline.Run(ctxWithConn, testClusterID, msg, injector)
+		assert.NoError(t, err, "Run should not return an error even when rate-limited (request %d)", i+1)
+	}
+
+	// Verify NO ACK/NACK messages were sent (SensorACKSupport is not available)
+	acks := injector.getSentACKs()
+	assert.Empty(t, acks, "no ACK/NACKs should be sent when SensorACKSupport is not available")
+}
+
 // TestPipelineRun_NilRateLimiter_WithACKSupport tests behavior when the rateLimiter is nil and ACKs are supported.
 // This covers the nil-limiter branch and verifies that:
 // 1. No enrichment/datastore calls occur

Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,7 @@ func (p pipelineImpl) Run(ctx context.Context, clusterID string, msg central.M`
`130`	`130`	`if p.rateLimiter == nil {`
`131`	`131`	`log.Warnf("No rate limiter found for %s. Dropping VM index report %s from cluster %s", rateLimiterWorkload, index.GetId(), clusterID)`
`132`	`132`	`if conn != nil && conn.HasCapability(centralsensor.SensorACKSupport) {`
`133`		`- sendVMIndexReportResponse(ctx, index.GetId(), central.SensorACK_NACK, "nil rate limiter", injector)`
	`133`	`+ sendVMIndexReportResponse(ctx, clusterID, index.GetId(), central.SensorACK_NACK, "nil rate limiter", injector)`
`134`	`134`	`}`
`135`	`135`	`return nil // Don't return error - would cause pipeline retry`
`136`	`136`	`}`
`@@ -139,7 +139,7 @@ func (p pipelineImpl) Run(ctx context.Context, clusterID string, msg central.M`
`139`	`139`	`if !allowed {`
`140`	`140`	`log.Infof("Dropping VM index report %s from cluster %s: %s", index.GetId(), clusterID, reason)`
`141`	`141`	`if conn != nil && conn.HasCapability(centralsensor.SensorACKSupport) {`
`142`		`- sendVMIndexReportResponse(ctx, index.GetId(), central.SensorACK_NACK, reason, injector)`
	`142`	`+ sendVMIndexReportResponse(ctx, clusterID, index.GetId(), central.SensorACK_NACK, reason, injector)`
`143`	`143`	`}`
`144`	`144`	`return nil // Don't return error - would cause pipeline retry`
`145`	`145`	`}`
`@@ -169,15 +169,15 @@ func (p pipelineImpl) Run(ctx context.Context, clusterID string, msg central.M`
`169`	`169`
`170`	`170`	`// Send ACK to Sensor if Sensor supports it`
`171`	`171`	`if conn != nil && conn.HasCapability(centralsensor.SensorACKSupport) {`
`172`		`- sendVMIndexReportResponse(ctx, index.GetId(), central.SensorACK_ACK, "", injector)`
	`172`	`+ sendVMIndexReportResponse(ctx, clusterID, index.GetId(), central.SensorACK_ACK, "", injector)`
`173`	`173`	`}`
`174`	`174`	`return nil`
`175`	`175`	`}`
`176`	`176`
`177`	`177`	`// sendVMIndexReportResponse sends an ACK or NACK for a VM index report.`
`178`		`-func sendVMIndexReportResponse(ctx context.Context, vmID string, action central.SensorACK_Action, reason string, injector common.MessageInjector) {`
	`178`	`+func sendVMIndexReportResponse(ctx context.Context, clusterID, vmID string, action central.SensorACK_Action, reason string, injector common.MessageInjector) {`
`179`	`179`	`if injector == nil {`
`180`		`- log.Debugf("Cannot send %s to Sensor - no injector", action.String())`
	`180`	`+ log.Debugf("Cannot send %s to Sensor for cluster %s - no injector", action.String(), clusterID)`
`181`	`181`	`return`
`182`	`182`	`}`
`183`	`183`	`msg := &central.MsgToSensor{`
`@@ -191,8 +191,8 @@ func sendVMIndexReportResponse(ctx context.Context, vmID string, action central.`
`191`	`191`	`},`
`192`	`192`	`}`
`193`	`193`	`if err := injector.InjectMessage(ctx, msg); err != nil {`
`194`		`- log.Warnf("Failed sending VM index report %s for %s: %v", action.String(), vmID, err)`
	`194`	`+ log.Warnf("Failed sending VM index report %s for VM %s in cluster %s: %v", action.String(), vmID, clusterID, err)`
`195`	`195`	`} else {`
`196`		`- log.Debugf("Sent VM index report %s for %s (reason=%q)", action.String(), vmID, reason)`
	`196`	`+ log.Debugf("Sent VM index report %s for VM %s in cluster %s (reason=%q)", action.String(), vmID, clusterID, reason)`
`197`	`197`	`}`
`198`	`198`	`}`