Skip to content

Commit

Permalink
Organisation Scan Start on children (#1605)
Browse files Browse the repository at this point in the history
  • Loading branch information
@saurabh2253
saurabh2253 authored Sep 25, 2023
1 parent 80af5b6 commit 06d1543
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 4 deletions.
2 changes: 1 addition & 1 deletion deepfence_server/handler/scan_reports.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -408,7 +408,7 @@ func (h *Handler) StartComplianceScanHandler(w http.ResponseWriter, r *http.Requ
return
}
} else {
nodes = reqs.NodeIds
nodes = cloudNodeIds
}

var scanTrigger model.NodeIdentifier
Expand Down
31 changes: 28 additions & 3 deletions deepfence_server/reporters/scan/scan_reporters.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,8 +416,8 @@ func GetCloudAccountIDs(ctx context.Context, cloudProviderIds []model.NodeIdenti

nres, err := tx.Run(`
MATCH (n:CloudNode)
WHERE n.cloud_provider IN $node_ids
RETURN n.node_id`,
WHERE n.node_id IN $node_ids
RETURN n.node_id, n.cloud_provider`,
map[string]interface{}{"node_ids": NodeIdentifierToIdList(cloudProviderIds)})
if err != nil {
return res, err
Expand All @@ -427,13 +427,38 @@ func GetCloudAccountIDs(ctx context.Context, cloudProviderIds []model.NodeIdenti
if err != nil {
return res, err
}

orgNodeIds := []string{}
for _, rec := range recs {
cloudProvider := rec.Values[1].(string)
if cloudProvider == model.PostureProviderAWSOrg || cloudProvider == model.PostureProviderGCPOrg {
orgNodeIds = append(orgNodeIds, rec.Values[0].(string))
continue
}
res = append(res, model.NodeIdentifier{
NodeId: rec.Values[0].(string),
NodeType: controls.ResourceTypeToString(controls.CloudAccount),
})
}
if len(orgNodeIds) > 0 {
nres, err = tx.Run(`
MATCH (n:CloudNode) -[:IS_CHILD] -> (m)
WHERE n.node_id IN $node_ids
RETURN m.node_id`,
map[string]interface{}{"node_ids": orgNodeIds})
if err != nil {
return res, err
}
recs, err = nres.Collect()
if err != nil {
return res, err
}
for _, rec := range recs {
res = append(res, model.NodeIdentifier{
NodeId: rec.Values[0].(string),
NodeType: controls.ResourceTypeToString(controls.CloudAccount),
})
}
}

return res, nil
}
Expand Down

0 comments on commit 06d1543

Please sign in to comment.