ROX-12835: Add support for NodeScanV2 to Sensor #3533
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| package nodescansv2 | ||
|
|
||
| import ( | ||
| "context" | ||
|
|
||
| "github.com/pkg/errors" | ||
| countMetrics "github.com/stackrox/rox/central/metrics" | ||
| "github.com/stackrox/rox/central/sensor/service/common" | ||
| "github.com/stackrox/rox/central/sensor/service/pipeline" | ||
| "github.com/stackrox/rox/central/sensor/service/pipeline/reconciliation" | ||
| "github.com/stackrox/rox/generated/internalapi/central" | ||
| "github.com/stackrox/rox/pkg/logging" | ||
| "github.com/stackrox/rox/pkg/metrics" | ||
| ) | ||
|
|
||
| var ( | ||
| log = logging.LoggerForModule() | ||
| ) | ||
|
|
||
| // GetPipeline returns an instantiation of this particular pipeline | ||
| func GetPipeline() pipeline.Fragment { | ||
| return NewPipeline() | ||
| } | ||
|
|
||
| // NewPipeline returns a new instance of Pipeline. | ||
| func NewPipeline() pipeline.Fragment { | ||
| return &pipelineImpl{} | ||
| } | ||
|
|
||
| type pipelineImpl struct { | ||
| } | ||
|
|
||
| func (p *pipelineImpl) Reconcile(ctx context.Context, clusterID string, storeMap *reconciliation.StoreMap) error { | ||
| return nil | ||
| } | ||
|
|
||
| func (p *pipelineImpl) Match(msg *central.MsgFromSensor) bool { | ||
| return msg.GetEvent().GetNodeScanV2() != nil | ||
| } | ||
|
|
||
| // Run runs the pipeline template on the input and returns the output. | ||
| func (p *pipelineImpl) Run(ctx context.Context, clusterID string, msg *central.MsgFromSensor, _ common.MessageInjector) error { | ||
| defer countMetrics.IncrementResourceProcessedCounter(pipeline.ActionToOperation(msg.GetEvent().GetAction()), metrics.NodeScanV2) | ||
|
|
||
| event := msg.GetEvent() | ||
| nodeScan := event.GetNodeScanV2() | ||
| if nodeScan == nil { | ||
| return errors.Errorf("unexpected resource type %T for node scan v2", event.GetResource()) | ||
| } | ||
|
|
||
| // TODO(ROX-12240, ROX-13053): Do something meaningful with the nodeScan | ||
| log.Infof("Central received NodeScanV2: %+v", nodeScan) | ||
|
|
||
| return nil | ||
| } | ||
|
|
||
| func (p *pipelineImpl) OnFinish(_ string) {} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| package compliance | ||
|
|
||
| import ( | ||
| "github.com/stackrox/rox/generated/internalapi/central" | ||
| "github.com/stackrox/rox/generated/storage" | ||
| "github.com/stackrox/rox/pkg/concurrency" | ||
| "github.com/stackrox/rox/sensor/common" | ||
| ) | ||
|
|
||
| // NodeScanHandler is responsible for handling the arriving NodeScanV2 messages, processing then, and sending them to central | ||
| type NodeScanHandler interface { | ||
| common.SensorComponent | ||
| } | ||
|
|
||
| // NewNodeScanHandler returns a new instance of a NodeScanHandler | ||
| func NewNodeScanHandler(ch <-chan *storage.NodeScanV2) NodeScanHandler { | ||
| return &nodeScanHandlerImpl{ | ||
| nodeScans: ch, | ||
| toCentral: make(chan *central.MsgFromSensor), | ||
|
|
||
| stopC: concurrency.NewErrorSignal(), | ||
| stoppedC: concurrency.NewErrorSignal(), | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,82 @@ | ||
| package compliance | ||
|
|
||
| import ( | ||
| "github.com/pkg/errors" | ||
| "github.com/stackrox/rox/generated/internalapi/central" | ||
| "github.com/stackrox/rox/generated/storage" | ||
| "github.com/stackrox/rox/pkg/centralsensor" | ||
| "github.com/stackrox/rox/pkg/concurrency" | ||
| ) | ||
|
|
||
| type nodeScanHandlerImpl struct { | ||
| nodeScans <-chan *storage.NodeScanV2 | ||
| toCentral chan *central.MsgFromSensor | ||
|
|
||
| stopC concurrency.ErrorSignal | ||
| stoppedC concurrency.ErrorSignal | ||
|
Contributor
Author
There was a problem hiding this comment. This seems to be a leftover. |
||
| } | ||
|
|
||
| func (c *nodeScanHandlerImpl) Capabilities() []centralsensor.SensorCapability { | ||
| return []centralsensor.SensorCapability{centralsensor.NodeScanningCap} | ||
| } | ||
|
|
||
| func (c *nodeScanHandlerImpl) ResponsesC() <-chan *central.MsgFromSensor { | ||
| return c.toCentral | ||
| } | ||
|
|
||
| func (c *nodeScanHandlerImpl) Start() error { | ||
|
Contributor
There was a problem hiding this comment. Do we want to allow multiple For example, this seems possible:
Contributor
Author
There was a problem hiding this comment. I investigated and this will cause a panic due to closing a channel twice (only when the feature-flag is enabled). I will provide a fix and a test for this. |
||
| // c.run closes chan toCentral on exit, so we do not want to close twice in case of a restart | ||
| if !c.stopC.IsDone() { | ||
| go c.run() | ||
| return nil | ||
| } | ||
| return errors.New("stopped handlers cannot be restarted") | ||
| } | ||
|
|
||
| func (c *nodeScanHandlerImpl) Stop(err error) { | ||
| c.stopC.SignalWithError(err) | ||
| } | ||
|
|
||
| func (c *nodeScanHandlerImpl) ProcessMessage(_ *central.MsgToSensor) error { | ||
| // This component doesn't actually process or handle any messages sent from Central to Sensor (yet). | ||
|
Contributor
There was a problem hiding this comment. Does this imply there is a plan to add this (I'm imagining Central requesting a scan periodically as part of reprocessing or user forcing it)?
Contributor
Author
There was a problem hiding this comment. This is added to implement the handler interface. It does not meant that we will support anything arriving from central, but we do have such possibility of we want to :) |
||
| // It uses the sensor component so that the lifecycle (start, stop) can be handled when Sensor starts up. | ||
| return nil | ||
| } | ||
|
|
||
| func (c *nodeScanHandlerImpl) run() { | ||
| defer c.stoppedC.SignalWithError(c.stopC.Err()) | ||
|
Contributor
There was a problem hiding this comment. It seems to me, that In such situation, I think it makes sense to
Contributor
Author
There was a problem hiding this comment. Got it covered! I am only not fully sure which goroutine is meant with "eliminate one forwarding goroutine" 🤔 |
||
| defer close(c.toCentral) | ||
|
|
||
| for !c.stopC.IsDone() { | ||
| select { | ||
| case <-c.stopC.Done(): | ||
| return | ||
| case scan, ok := <-c.nodeScans: | ||
| if !ok { | ||
| c.stopC.SignalWithError(errors.New("channel receiving node scans v2 is closed")) | ||
| return | ||
| } | ||
| // TODO(ROX-12943): Do something with the scan, e.g., attach NodeID | ||
| c.sendScan(scan) | ||
| } | ||
| } | ||
| } | ||
|
|
||
| func (c *nodeScanHandlerImpl) sendScan(scan *storage.NodeScanV2) { | ||
| if scan != nil { | ||
|
Contributor
There was a problem hiding this comment. up to you, but maybe we can do something like the following to remove all the indentation: |
||
| select { | ||
| case <-c.stopC.Done(): | ||
| return | ||
| case c.toCentral <- ¢ral.MsgFromSensor{ | ||
| Msg: ¢ral.MsgFromSensor_Event{ | ||
| Event: ¢ral.SensorEvent{ | ||
| Resource: ¢ral.SensorEvent_NodeScanV2{ | ||
| NodeScanV2: scan, | ||
| }, | ||
| }, | ||
| }, | ||
| }: | ||
| return | ||
|
Contributor
There was a problem hiding this comment. do we need the
Contributor
Author
There was a problem hiding this comment. No, no need for them. I will remove them. |
||
| } | ||
| } | ||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is a go1.19 thing. Since we are updating the file anyway, might as well keep it, but I have also had the displeasure of dealing with this when trying to style this repo
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I saw that and reverted to go 1.18