refactor: VulnerabilityReportReconciler to WorkloadController (#1068)

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
aquasecurity · Mar 25, 2022 · 674408e · 674408e
1 parent 3f241b7
commit 674408e
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 19 deletions.
diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go
@@ -3,8 +3,8 @@ package operator
 import (
 	"context"
 	"fmt"
-	"github.com/aquasecurity/starboard/pkg/compliance"
 
+	"github.com/aquasecurity/starboard/pkg/compliance"
 	"github.com/aquasecurity/starboard/pkg/configauditreport"
 	"github.com/aquasecurity/starboard/pkg/ext"
 	"github.com/aquasecurity/starboard/pkg/kube"
@@ -146,7 +146,7 @@ func Start(ctx context.Context, buildInfo starboard.BuildInfo, operatorConfig et
 			return fmt.Errorf("initializing %s plugin: %w", pluginContext.GetName(), err)
 		}
 
-		if err = (&controller.VulnerabilityReportReconciler{
+		if err = (&vulnerabilityreport.WorkloadController{
 			Logger:         ctrl.Log.WithName("reconciler").WithName("vulnerabilityreport"),
 			Config:         operatorConfig,
 			ConfigData:     starboardConfig,

diff --git a/...perator/controller/vulnerabilityreport.go → pkg/vulnerabilityreport/controller.go b/...perator/controller/vulnerabilityreport.go → pkg/vulnerabilityreport/controller.go
@@ -1,4 +1,4 @@
-package controller
+package vulnerabilityreport
 
 import (
 	. "github.com/aquasecurity/starboard/pkg/operator/predicate"
@@ -10,9 +10,9 @@ import (
 
 	"github.com/aquasecurity/starboard/pkg/apis/aquasecurity/v1alpha1"
 	"github.com/aquasecurity/starboard/pkg/kube"
+	"github.com/aquasecurity/starboard/pkg/operator/controller"
 	"github.com/aquasecurity/starboard/pkg/operator/etc"
 	"github.com/aquasecurity/starboard/pkg/starboard"
-	"github.com/aquasecurity/starboard/pkg/vulnerabilityreport"
 	"github.com/go-logr/logr"
 	appsv1 "k8s.io/api/apps/v1"
 	batchv1 "k8s.io/api/batch/v1"
@@ -27,21 +27,24 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 )
 
-type VulnerabilityReportReconciler struct {
+// WorkloadController watches Kubernetes workloads and generates
+// v1alpha1.VulnerabilityReport instances using vulnerability scanner that that
+// implements the Plugin interface.
+type WorkloadController struct {
 	logr.Logger
 	etc.Config
 	client.Client
 	kube.ObjectResolver
-	LimitChecker
+	controller.LimitChecker
 	kube.LogsReader
 	kube.SecretsReader
-	vulnerabilityreport.Plugin
+	Plugin
 	starboard.PluginContext
-	vulnerabilityreport.ReadWriter
+	ReadWriter
 	starboard.ConfigData
 }
 
-func (r *VulnerabilityReportReconciler) SetupWithManager(mgr ctrl.Manager) error {
+func (r *WorkloadController) SetupWithManager(mgr ctrl.Manager) error {
 	installModePredicate, err := InstallModePredicate(r.Config)
 	if err != nil {
 		return err
@@ -84,7 +87,7 @@ func (r *VulnerabilityReportReconciler) SetupWithManager(mgr ctrl.Manager) error
 		Complete(r.reconcileJobs())
 }
 
-func (r *VulnerabilityReportReconciler) reconcileWorkload(workloadKind kube.Kind) reconcile.Func {
+func (r *WorkloadController) reconcileWorkload(workloadKind kube.Kind) reconcile.Func {
 	return func(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 		log := r.Logger.WithValues("kind", workloadKind, "name", req.NamespacedName)
 
@@ -177,7 +180,7 @@ func (r *VulnerabilityReportReconciler) reconcileWorkload(workloadKind kube.Kind
 	}
 }
 
-func (r *VulnerabilityReportReconciler) hasReports(ctx context.Context, owner kube.ObjectRef, hash string, images kube.ContainerImages) (bool, error) {
+func (r *WorkloadController) hasReports(ctx context.Context, owner kube.ObjectRef, hash string, images kube.ContainerImages) (bool, error) {
 	// TODO FindByOwner should accept optional label selector to further narrow down search results
 	list, err := r.FindByOwner(ctx, owner)
 	if err != nil {
@@ -201,7 +204,7 @@ func (r *VulnerabilityReportReconciler) hasReports(ctx context.Context, owner ku
 	return reflect.DeepEqual(actual, expected), nil
 }
 
-func (r *VulnerabilityReportReconciler) hasActiveScanJob(ctx context.Context, owner kube.ObjectRef, hash string) (bool, *batchv1.Job, error) {
+func (r *WorkloadController) hasActiveScanJob(ctx context.Context, owner kube.ObjectRef, hash string) (bool, *batchv1.Job, error) {
 	jobName := fmt.Sprintf("scan-vulnerabilityreport-%s", kube.ComputeHash(owner))
 	job := &batchv1.Job{}
 	err := r.Get(ctx, client.ObjectKey{Namespace: r.Config.Namespace, Name: jobName}, job)
@@ -217,7 +220,7 @@ func (r *VulnerabilityReportReconciler) hasActiveScanJob(ctx context.Context, ow
 	return false, nil, nil
 }
 
-func (r *VulnerabilityReportReconciler) submitScanJob(ctx context.Context, owner client.Object) error {
+func (r *WorkloadController) submitScanJob(ctx context.Context, owner client.Object) error {
 	log := r.Logger.WithValues("kind", owner.GetObjectKind().GroupVersionKind().Kind,
 		"name", owner.GetName(), "namespace", owner.GetNamespace())
 	credentials, err := r.CredentialsByWorkload(ctx, owner)
@@ -240,7 +243,7 @@ func (r *VulnerabilityReportReconciler) submitScanJob(ctx context.Context, owner
 		return fmt.Errorf("getting scan job template labels: %w", err)
 	}
 
-	scanJob, secrets, err := vulnerabilityreport.NewScanJobBuilder().
+	scanJob, secrets, err := NewScanJobBuilder().
 		WithPlugin(r.Plugin).
 		WithPluginContext(r.PluginContext).
 		WithTimeout(r.Config.ScanJobTimeout).
@@ -293,7 +296,7 @@ func (r *VulnerabilityReportReconciler) submitScanJob(ctx context.Context, owner
 	return nil
 }
 
-func (r *VulnerabilityReportReconciler) reconcileJobs() reconcile.Func {
+func (r *WorkloadController) reconcileJobs() reconcile.Func {
 	return func(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 		log := r.Logger.WithValues("job", req.NamespacedName)
 
@@ -326,7 +329,7 @@ func (r *VulnerabilityReportReconciler) reconcileJobs() reconcile.Func {
 
 }
 
-func (r *VulnerabilityReportReconciler) processCompleteScanJob(ctx context.Context, job *batchv1.Job) error {
+func (r *WorkloadController) processCompleteScanJob(ctx context.Context, job *batchv1.Job) error {
 	log := r.Logger.WithValues("job", fmt.Sprintf("%s/%s", job.Namespace, job.Name))
 
 	ownerRef, err := kube.ObjectRefFromObjectMeta(job.ObjectMeta)
@@ -385,7 +388,7 @@ func (r *VulnerabilityReportReconciler) processCompleteScanJob(ctx context.Conte
 		}
 		_ = logsStream.Close()
 
-		reportBuilder := vulnerabilityreport.NewReportBuilder(r.Client.Scheme()).
+		reportBuilder := NewReportBuilder(r.Client.Scheme()).
 			Controller(owner).
 			Container(containerName).
 			Data(reportData).
@@ -413,7 +416,7 @@ func (r *VulnerabilityReportReconciler) processCompleteScanJob(ctx context.Conte
 	return r.deleteJob(ctx, job)
 }
 
-func (r *VulnerabilityReportReconciler) processFailedScanJob(ctx context.Context, scanJob *batchv1.Job) error {
+func (r *WorkloadController) processFailedScanJob(ctx context.Context, scanJob *batchv1.Job) error {
 	log := r.Logger.WithValues("job", fmt.Sprintf("%s/%s", scanJob.Namespace, scanJob.Name))
 
 	statuses, err := r.GetTerminatedContainersStatusesByJob(ctx, scanJob)
@@ -438,7 +441,7 @@ func (r *VulnerabilityReportReconciler) processFailedScanJob(ctx context.Context
 	return r.deleteJob(ctx, scanJob)
 }
 
-func (r *VulnerabilityReportReconciler) deleteJob(ctx context.Context, job *batchv1.Job) error {
+func (r *WorkloadController) deleteJob(ctx context.Context, job *batchv1.Job) error {
 	err := r.Client.Delete(ctx, job, client.PropagationPolicy(metav1.DeletePropagationBackground))
 	if err != nil {
 		if k8sapierror.IsNotFound(err) {

diff --git a/pkg/vulnerabilityreport/controller_test.go b/pkg/vulnerabilityreport/controller_test.go
@@ -0,0 +1 @@
+package vulnerabilityreport_test