Skip to content

ROX-12943: Sensor maps the NodeInventory to Node #3892

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
vikin91 wants to merge 4 commits into from
Closed

ROX-12943: Sensor maps the NodeInventory to Node #3892

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
48e89de
Proto: Move NodeInventory into Node
vikin91 Nov 3, 2022
1398927
Do not rely on scannerV1 types in node.proto
vikin91 Jan 11, 2023
fb20a0e
Fix nil edge case in nodeinventory.go
vikin91 Jan 11, 2023
01dbe39
Attach NodeInventory to proper Node in Sensor
vikin91 Nov 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
359 changes: 359 additions & 0 deletions central/graphql/resolvers/generated.go
View file
Open in desktop

Large diffs are not rendered by default.

8 changes: 5 additions & 3 deletions central/node/datastore/dackbox/datastore/datastore_sac_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -262,9 +262,11 @@ func (s *nodeDatastoreSACSuite) TestGetNode() {
s.True(found)
s.NotNil(fetchedNode)

// Priority can have updated value, and we want to ignore it.
fetchedNode.Priority = s.testNodes[nodeID].Priority
s.Equal(*s.testNodes[nodeID], *fetchedNode)
if fetchedNode != nil {
// Priority can have updated value, and we want to ignore it.
fetchedNode.Priority = s.testNodes[nodeID].Priority
s.Equal(*s.testNodes[nodeID], *fetchedNode)
}
} else {
s.False(found)
s.Nil(fetchedNode)
Expand Down
4 changes: 0 additions & 4 deletions central/sensor/service/pipeline/all/factory.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"github.com/stackrox/rox/central/sensor/service/pipeline/networkflowupdate"
"github.com/stackrox/rox/central/sensor/service/pipeline/networkpolicies"
"github.com/stackrox/rox/central/sensor/service/pipeline/nodes"
"github.com/stackrox/rox/central/sensor/service/pipeline/nodescansv2"
"github.com/stackrox/rox/central/sensor/service/pipeline/podevents"
"github.com/stackrox/rox/central/sensor/service/pipeline/processindicators"
"github.com/stackrox/rox/central/sensor/service/pipeline/reprocessing"
Expand Down Expand Up @@ -65,9 +64,6 @@ func (s *factoryImpl) PipelineForCluster(ctx context.Context, clusterID string)
alerts.GetPipeline(),
auditlogstateupdate.GetPipeline(),
}
if features.RHCOSNodeScanning.Enabled() {
pipelines = append(pipelines, nodescansv2.GetPipeline())
}
if features.ComplianceOperatorCheckResults.Enabled() {
pipelines = append(pipelines,
complianceoperatorresults.GetPipeline(),
Expand Down
9 changes: 8 additions & 1 deletion central/sensor/service/pipeline/nodes/pipeline.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ func (p *pipelineImpl) Reconcile(ctx context.Context, clusterID string, storeMap
}

func (p *pipelineImpl) Match(msg *central.MsgFromSensor) bool {
return msg.GetEvent().GetNode() != nil
return msg.GetEvent().GetNode() != nil && msg.GetEvent().GetNode().GetNodeInventory() == nil
}

func (p *pipelineImpl) processRemove(ctx context.Context, id string) error {
Expand Down Expand Up @@ -90,6 +90,13 @@ func (p *pipelineImpl) Run(ctx context.Context, clusterID string, msg *central.M
node.ClusterName = clusterName
}

// kubectl logs deploy/central | less
if node.NodeInventory != nil {
log.Infof("Central received a Node with NodeInventory name=%s - Id=%s", node.GetClusterName(), node.GetId())
} else {
log.Infof("Central received a Node without NodeInventory name=%s - Id=%s", node.GetClusterName(), node.GetId())
}

err = p.enricher.EnrichNode(node)
if err != nil {
log.Warnf("enriching node %s:%s: %v", node.GetClusterName(), node.GetName(), err)
Expand Down
57 changes: 0 additions & 57 deletions central/sensor/service/pipeline/nodescansv2/pipeline.go
View file
Open in desktop

This file was deleted.

9 changes: 3 additions & 6 deletions compliance/collection/nodeinventorizer/fake_nodeinventory.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
timestamp "github.com/gogo/protobuf/types"
"github.com/stackrox/rox/generated/storage"
"github.com/stackrox/rox/pkg/logging"
scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1"
)

var (
Expand All @@ -19,12 +18,11 @@ type FakeNodeInventorizer struct {
func (f *FakeNodeInventorizer) Scan(nodeName string) (*storage.NodeInventory, error) {
log.Infof("Generating fake scan result message...")
msg := &storage.NodeInventory{
NodeId: "",
NodeName: nodeName,
ScanTime: timestamp.TimestampNow(),
Components: &scannerV1.Components{
Components: &storage.NodeInventory_Components{
Namespace: "Testme OS",
RhelComponents: []*scannerV1.RHELComponent{
RhelComponents: []*storage.NodeInventory_Components_RHELComponent{
{
Name: "vim-minimal",
Namespace: "rhel:8",
Expand All @@ -43,9 +41,8 @@ func (f *FakeNodeInventorizer) Scan(nodeName string) (*storage.NodeInventory, er
AddedBy: "FakeLayer",
},
},
LanguageComponents: nil,
},
Notes: []scannerV1.Note{scannerV1.Note_LANGUAGE_CVES_UNAVAILABLE},
Notes: []storage.NodeInventory_Note{storage.NodeInventory_LANGUAGE_CVES_UNAVAILABLE},
}
return msg, nil
}
42 changes: 30 additions & 12 deletions compliance/collection/nodeinventorizer/nodeinventory.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,13 @@ func (n *NodeInventoryCollector) Scan(nodeName string) (*storage.NodeInventory,
NodeName: nodeName,
ScanTime: timestamp.TimestampNow(),
Components: protoComponents,
Notes: []scannerV1.Note{scannerV1.Note_LANGUAGE_CVES_UNAVAILABLE},
Notes: []storage.NodeInventory_Note{storage.NodeInventory_LANGUAGE_CVES_UNAVAILABLE},
}

return m, nil
}

func protoComponentsFromScanComponents(c *nodes.Components) *scannerV1.Components {
func protoComponentsFromScanComponents(c *nodes.Components) *storage.NodeInventory_Components {
if c == nil {
return nil
}
Expand All @@ -66,24 +66,22 @@ func protoComponentsFromScanComponents(c *nodes.Components) *scannerV1.Component
// For now, we only care about RHEL components, but this must be extended once we support non-RHCOS
rhelComponents := convertAndDedupRHELComponents(c.CertifiedRHELComponents)

protoComponents := &scannerV1.Components{
Namespace: namespace,
OsComponents: nil,
RhelComponents: rhelComponents,
LanguageComponents: nil,
protoComponents := &storage.NodeInventory_Components{
Namespace: namespace,
RhelComponents: rhelComponents,
}
return protoComponents
}

func convertAndDedupRHELComponents(rc *database.RHELv2Components) []*scannerV1.RHELComponent {
func convertAndDedupRHELComponents(rc *database.RHELv2Components) []*storage.NodeInventory_Components_RHELComponent {
if rc == nil || rc.Packages == nil {
log.Warn("No RHEL packages found in scan result")
return nil
}

convertedComponents := make(map[string]*scannerV1.RHELComponent, 0)
convertedComponents := make(map[string]*storage.NodeInventory_Components_RHELComponent, 0)
for i, rhelc := range rc.Packages {
comp := &scannerV1.RHELComponent{
comp := &storage.NodeInventory_Components_RHELComponent{
// The loop index is used as ID, as this field only needs to be unique for each NodeInventory result slice
Id: int64(i),
Name: rhelc.Name,
Expand All @@ -92,7 +90,7 @@ func convertAndDedupRHELComponents(rc *database.RHELv2Components) []*scannerV1.R
Arch: rhelc.Arch,
Module: rhelc.Module,
Cpes: rc.CPEs,
Executables: rhelc.Executables,
Executables: convertExecutables(rhelc.Executables),
}
compKey := makeComponentKey(comp)
if compKey != "" {
Expand All @@ -108,6 +106,26 @@ func convertAndDedupRHELComponents(rc *database.RHELv2Components) []*scannerV1.R
return maps.Values(convertedComponents)
}

func makeComponentKey(component *scannerV1.RHELComponent) string {
func convertExecutables(exe []*scannerV1.Executable) []*storage.NodeInventory_Components_RHELComponent_Executable {
if exe == nil {
return nil
}
arr := make([]*storage.NodeInventory_Components_RHELComponent_Executable, len(exe))
for i, executable := range exe {
arr[i] = &storage.NodeInventory_Components_RHELComponent_Executable{
Path: executable.Path,
RequiredFeatures: make([]*storage.NodeInventory_Components_RHELComponent_Executable_FeatureNameVersion, len(executable.GetRequiredFeatures())),
}
for i2, fnv := range executable.GetRequiredFeatures() {
arr[i].RequiredFeatures[i2] = &storage.NodeInventory_Components_RHELComponent_Executable_FeatureNameVersion{
Name: fnv.GetName(),
Version: fnv.GetVersion(),
}
}
}
return arr
}

func makeComponentKey(component *storage.NodeInventory_Components_RHELComponent) string {
return component.Name + ":" + component.Version + ":" + component.Arch + ":" + component.Module
}
20 changes: 10 additions & 10 deletions compliance/collection/nodeinventorizer/nodeinventory_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ package nodeinventorizer
import (
"testing"

"github.com/stackrox/rox/generated/storage"
"github.com/stackrox/scanner/database"
scannerV1 "github.com/stackrox/scanner/generated/scanner/api/v1"
"github.com/stretchr/testify/suite"
)

Expand All @@ -19,12 +19,12 @@ type NodeInventorizerTestSuite struct {
func (s *NodeInventorizerTestSuite) TestConvertRHELComponentIDs() {
testCases := map[string]struct {
inComponents []*database.RHELv2Package
outComponents []*scannerV1.RHELComponent
outComponents []*storage.NodeInventory_Components_RHELComponent
expectedLen int
}{
"nil-inComponents": {
inComponents: nil,
outComponents: make([]*scannerV1.RHELComponent, 0),
outComponents: make([]*storage.NodeInventory_Components_RHELComponent, 0),
},
"one-component": {
inComponents: []*database.RHELv2Package{
Expand All @@ -38,7 +38,7 @@ func (s *NodeInventorizerTestSuite) TestConvertRHELComponentIDs() {
},
},
},
outComponents: []*scannerV1.RHELComponent{
outComponents: []*storage.NodeInventory_Components_RHELComponent{
{
Id: 0,
Name: "zlib",
Expand Down Expand Up @@ -66,7 +66,7 @@ func (s *NodeInventorizerTestSuite) TestConvertRHELComponentIDs() {
Arch: "x86_64",
},
},
outComponents: []*scannerV1.RHELComponent{
outComponents: []*storage.NodeInventory_Components_RHELComponent{
{
Id: 0,
Name: "zlib",
Expand Down Expand Up @@ -97,7 +97,7 @@ func (s *NodeInventorizerTestSuite) TestConvertRHELComponentIDs() {
Arch: "x86_64",
},
},
outComponents: []*scannerV1.RHELComponent{
outComponents: []*storage.NodeInventory_Components_RHELComponent{
{
Id: 0,
Name: "redhat-release",
Expand Down Expand Up @@ -129,11 +129,11 @@ func (s *NodeInventorizerTestSuite) TestConvertRHELComponentIDs() {

func (s *NodeInventorizerTestSuite) TestMakeComponentKey() {
testcases := map[string]struct {
component *scannerV1.RHELComponent
component *storage.NodeInventory_Components_RHELComponent
expected string
}{
"Full component": {
component: &scannerV1.RHELComponent{
component: &storage.NodeInventory_Components_RHELComponent{
Id: 0,
Name: "Name",
Version: "1.2.3",
Expand All @@ -143,7 +143,7 @@ func (s *NodeInventorizerTestSuite) TestMakeComponentKey() {
expected: "Name:1.2.3:x42:Mod",
},
"Missing part": {
component: &scannerV1.RHELComponent{
component: &storage.NodeInventory_Components_RHELComponent{
Id: 0,
Version: "1.2.3",
Arch: "x42",
Expand All @@ -152,7 +152,7 @@ func (s *NodeInventorizerTestSuite) TestMakeComponentKey() {
expected: ":1.2.3:x42:Mod",
},
"Internationalized": {
component: &scannerV1.RHELComponent{
component: &storage.NodeInventory_Components_RHELComponent{
Id: 0,
Name: "日本語",
Version: "1.2.3",
Expand Down
Loading