Don't reconcile if trivy-metadata file yet not uploaded (#30)

Signed-off-by: Arnob kumar saha <arnob@appscode.com>
kubeops · Oct 9, 2023 · 23c381b · 23c381b
1 parent c991a65
commit 23c381b
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 7 deletions.
diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go
@@ -235,6 +235,7 @@ func (c completedConfig) New(ctx context.Context) (*ScannerServer, error) {
 		c.ExtraConfig.TrivyImage,
 		c.ExtraConfig.TrivyDBCacherImage,
 		c.ExtraConfig.FileServerAddr,
+		c.ExtraConfig.FileServerFilesDir,
 		c.ExtraConfig.ScanRequestTTLPeriod,
 		c.ExtraConfig.Workspace,
 	)).SetupWithManager(mgr); err != nil {

diff --git a/pkg/controllers/scanreport/controller.go b/pkg/controllers/scanreport/controller.go
@@ -39,6 +39,9 @@ type ImageScanReportReconciler struct {
 }
 
 func (r *ImageScanReportReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	if !fileserver.MetadataFileExists(r.FileServerDir) {
+		return ctrl.Result{RequeueAfter: time.Minute}, nil
+	}
 	log := log.FromContext(ctx)
 
 	var isrp api.ImageScanReport

diff --git a/pkg/controllers/scanrequest/helpers.go b/pkg/controllers/scanrequest/helpers.go
@@ -57,11 +57,7 @@ func EnsureScanReport(kc client.Client, imageRef string, resp trivy.BackendRespo
 		klog.Infof("%v ImageScanReport has been created\n", obj.GetName())
 	}
 
-	_, err = cu.PatchStatus(context.TODO(), kc, &api.ImageScanReport{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: api.GetReportName(img.Name),
-		},
-	}, func(obj client.Object) client.Object {
+	_, err = cu.PatchStatus(context.TODO(), kc, obj, func(obj client.Object) client.Object {
 		rep := obj.(*api.ImageScanReport)
 		rep.Status.Version = resp.TrivyVersion
 		rep.Status.Report = resp.Report

diff --git a/pkg/controllers/scanrequest/reconciler.go b/pkg/controllers/scanrequest/reconciler.go
@@ -23,6 +23,7 @@ import (
 	api "kubeops.dev/scanner/apis/scanner/v1alpha1"
 	"kubeops.dev/scanner/apis/trivy"
 	"kubeops.dev/scanner/pkg/backend"
+	"kubeops.dev/scanner/pkg/fileserver"
 
 	"github.com/nats-io/nats.go"
 	batch "k8s.io/api/batch/v1"
@@ -44,6 +45,7 @@ type Reconciler struct {
 	trivyImage           string
 	trivyDBCacherImage   string
 	fileServerAddr       string
+	fileServerDir        string
 	scanRequestTTLPeriod time.Duration
 	workspace            string
 }
@@ -57,7 +59,7 @@ type RequestReconciler struct {
 func NewImageScanRequestReconciler(
 	kc client.Client,
 	nc *nats.Conn,
-	scannedImage, trivyImage, trivyDBCacherImage, fsAddr string,
+	scannedImage, trivyImage, trivyDBCacherImage, fsAddr, fileServerDir string,
 	garbageCol time.Duration,
 	workspace string,
 ) *Reconciler {
@@ -68,12 +70,17 @@ func NewImageScanRequestReconciler(
 		trivyImage:           trivyImage,
 		trivyDBCacherImage:   trivyDBCacherImage,
 		fileServerAddr:       fsAddr,
+		fileServerDir:        fileServerDir,
 		scanRequestTTLPeriod: garbageCol,
 		workspace:            workspace,
 	}
 }
 
 func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	if !fileserver.MetadataFileExists(r.fileServerDir) {
+		return ctrl.Result{RequeueAfter: time.Minute}, nil
+	}
+
 	log := log.FromContext(ctx)
 
 	log.Info("Reconciling for ", "req", req)
@@ -140,7 +147,7 @@ func (r *RequestReconciler) freshScanRequired() (bool, error) {
 	if err != nil {
 		return true, client.IgnoreNotFound(err)
 	}
-	if isrp.Status.Phase == api.ImageScanReportPhaseOutdated {
+	if isrp.Status.Phase == api.ImageScanReportPhaseOutdated || isrp.Status.Phase == "" {
 		return true, nil
 	}
 	return false, r.updateStatusAsReportAlreadyExists(&isrp)

diff --git a/pkg/fileserver/lib.go b/pkg/fileserver/lib.go
@@ -154,3 +154,9 @@ func VulnerabilityDBLastUpdatedAt(fsDir string) (*trivy.Time, error) {
 	}
 	return &ver.UpdatedAt, nil
 }
+
+func MetadataFileExists(fsDir string) bool {
+	fileName := filepath.Join(fsDir, "trivy", "metadata.json")
+	_, err := os.Stat(fileName)
+	return !os.IsNotExist(err)
+}