From 06d1543cc785845924d39bbfce7042bf555bacaf Mon Sep 17 00:00:00 2001 From: Saurabh Kumar Date: Mon, 25 Sep 2023 13:39:17 +0530 Subject: [PATCH] Organisation Scan Start on children (#1605) --- deepfence_server/handler/scan_reports.go | 2 +- .../reporters/scan/scan_reporters.go | 31 +++++++++++++++++-- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/deepfence_server/handler/scan_reports.go b/deepfence_server/handler/scan_reports.go index 0be1c5f97b..82ea87b5ed 100644 --- a/deepfence_server/handler/scan_reports.go +++ b/deepfence_server/handler/scan_reports.go @@ -408,7 +408,7 @@ func (h *Handler) StartComplianceScanHandler(w http.ResponseWriter, r *http.Requ return } } else { - nodes = reqs.NodeIds + nodes = cloudNodeIds } var scanTrigger model.NodeIdentifier diff --git a/deepfence_server/reporters/scan/scan_reporters.go b/deepfence_server/reporters/scan/scan_reporters.go index 86846cea96..4f8a32ed20 100644 --- a/deepfence_server/reporters/scan/scan_reporters.go +++ b/deepfence_server/reporters/scan/scan_reporters.go @@ -416,8 +416,8 @@ func GetCloudAccountIDs(ctx context.Context, cloudProviderIds []model.NodeIdenti nres, err := tx.Run(` MATCH (n:CloudNode) - WHERE n.cloud_provider IN $node_ids - RETURN n.node_id`, + WHERE n.node_id IN $node_ids + RETURN n.node_id, n.cloud_provider`, map[string]interface{}{"node_ids": NodeIdentifierToIdList(cloudProviderIds)}) if err != nil { return res, err @@ -427,13 +427,38 @@ func GetCloudAccountIDs(ctx context.Context, cloudProviderIds []model.NodeIdenti if err != nil { return res, err } - + orgNodeIds := []string{} for _, rec := range recs { + cloudProvider := rec.Values[1].(string) + if cloudProvider == model.PostureProviderAWSOrg || cloudProvider == model.PostureProviderGCPOrg { + orgNodeIds = append(orgNodeIds, rec.Values[0].(string)) + continue + } res = append(res, model.NodeIdentifier{ NodeId: rec.Values[0].(string), NodeType: controls.ResourceTypeToString(controls.CloudAccount), }) } + if len(orgNodeIds) > 0 { + nres, err = tx.Run(` + MATCH (n:CloudNode) -[:IS_CHILD] -> (m) + WHERE n.node_id IN $node_ids + RETURN m.node_id`, + map[string]interface{}{"node_ids": orgNodeIds}) + if err != nil { + return res, err + } + recs, err = nres.Collect() + if err != nil { + return res, err + } + for _, rec := range recs { + res = append(res, model.NodeIdentifier{ + NodeId: rec.Values[0].(string), + NodeType: controls.ResourceTypeToString(controls.CloudAccount), + }) + } + } return res, nil }