ISSUE-1830-2: Pushing changes

deepfence · Sep 19, 2023 · 7900621 · 7900621
1 parent 17e634c
commit 7900621
Show file tree

Hide file tree

Showing 8 changed files with 47 additions and 94 deletions.
diff --git a/deepfence_bootstrapper/controls/controls.go b/deepfence_bootstrapper/controls/controls.go
@@ -4,6 +4,7 @@
 package controls
 
 import (
+	"errors"
 	"fmt"
 	"os/exec"
 	"strings"
@@ -44,7 +45,8 @@ func SetClusterAgentControls(k8sClusterName string) {
 			log.Info().Msg("Generate Cluster Agent Diagnostic Logs")
 			return SendAgentDiagnosticLogs(req,
 				[]string{"/var/log/supervisor",
-					"/var/log/fenced/compliance-scan-logs", "/var/log/deepfenced"},
+					"/var/log/fenced/compliance-scan-logs",
+					"/var/log/deepfenced"},
 				[]string{})
 		})
 	if err != nil {
@@ -174,12 +176,16 @@ func SetAgentControls() {
 		func(req ctl.StopComplianceScanRequest) error {
 			log.Info().Msg("StopComplianceScanRequest called")
 			scanId, ok := req.BinArgs["scan_id"]
+			var err error
 			if ok {
-				linuxScanner.StopScan(scanId)
+				retVal := linuxScanner.StopScan(scanId)
+				if retVal == false {
+					err = errors.New("Failed to stop scan")
+				}
 			} else {
-				log.Error().Msg("Missing scan id in the StopComplianceScanRequest")
+				err = errors.New("Missing scan id in the StopComplianceScanRequest")
 			}
-			return nil
+			return err
 		})
 	if err != nil {
 		log.Error().Msgf("set controls: %v", err)

diff --git a/deepfence_bootstrapper/router/common.go b/deepfence_bootstrapper/router/common.go
@@ -16,11 +16,16 @@ const (
 var controls map[ctl.ActionID]func(req []byte) error
 var controls_guard sync.RWMutex
 
-func RegisterControl[T ctl.StartVulnerabilityScanRequest | ctl.StartSecretScanRequest |
-	ctl.StartComplianceScanRequest | ctl.StartMalwareScanRequest |
-	ctl.StartAgentUpgradeRequest | ctl.SendAgentDiagnosticLogsRequest |
-	ctl.DisableAgentPluginRequest | ctl.EnableAgentPluginRequest |
-	ctl.StopSecretScanRequest | ctl.StopMalwareScanRequest |
+func RegisterControl[T ctl.StartVulnerabilityScanRequest |
+	ctl.StartSecretScanRequest |
+	ctl.StartComplianceScanRequest |
+	ctl.StartMalwareScanRequest |
+	ctl.StartAgentUpgradeRequest |
+	ctl.SendAgentDiagnosticLogsRequest |
+	ctl.DisableAgentPluginRequest |
+	ctl.EnableAgentPluginRequest |
+	ctl.StopSecretScanRequest |
+	ctl.StopMalwareScanRequest |
 	ctl.StopVulnerabilityScanRequest |
 	ctl.StopComplianceScanRequest](id ctl.ActionID, callback func(req T) error) error {
 

diff --git a/deepfence_bootstrapper/router/generate_sbom.go b/deepfence_bootstrapper/router/generate_sbom.go
@@ -176,8 +176,7 @@ func GetPackageScannerJobCount() int32 {
 
 func StopVulnerabilityScan(req ctl.StopVulnerabilityScanRequest) error {
 	fmt.Printf("Stop Vulnerability Scan : %v\n", req)
-	conn, err := grpc.Dial("unix://"+packageScannerSocket, grpc.WithAuthority("dummy"),
-		grpc.WithInsecure())
+	conn, err := createPackageScannerConn()
 	if err != nil {
 		fmt.Printf("StopVulnerabilityScanJob::error in creating Vulnerability scanner client: %s\n", err.Error())
 		return err

diff --git a/deepfence_server/controls/agent.go b/deepfence_server/controls/agent.go
@@ -353,10 +353,9 @@ func ExtractStoppingAgentScans(ctx context.Context, nodeId string,
 	defer tx.Close()
 
 	r, err := tx.Run(`MATCH (s) -[:SCHEDULED]-> (n:Node{node_id:$id})
-		WHERE s.stop_requested=true
+		WHERE s.status = '`+utils.SCAN_STATUS_CANCEL_PENDING+`'
 		WITH s LIMIT $max_work
-        SET s.status = '`+utils.SCAN_STATUS_CANCELLING+`', 
-		s.updated_at = TIMESTAMP(), s.stop_requested=false
+        SET s.status = '`+utils.SCAN_STATUS_CANCELLING+`', s.updated_at = TIMESTAMP()
 		WITH s
 		RETURN s.trigger_action`,
 		map[string]interface{}{"id": nodeId, "max_work": max_work})

diff --git a/deepfence_server/handler/scan_reports.go b/deepfence_server/handler/scan_reports.go
@@ -528,19 +528,19 @@ func (h *Handler) SendScanStatus(
 }
 
 func (h *Handler) StopVulnerabilityScanHandler(w http.ResponseWriter, r *http.Request) {
-	h.stopVulnerabilityScan(w, r)
+	h.stopScan(w, r, "StopVulnerabilityScan")
 }
 
 func (h *Handler) StopSecretScanHandler(w http.ResponseWriter, r *http.Request) {
-	h.stopSecretScan(w, r)
+	h.stopScan(w, r, "StopSecretScan")
 }
 
 func (h *Handler) StopComplianceScanHandler(w http.ResponseWriter, r *http.Request) {
-	h.stopComplianceScan(w, r)
+	h.stopScan(w, r, "StopComplianceScan")
 }
 
 func (h *Handler) StopMalwareScanHandler(w http.ResponseWriter, r *http.Request) {
-	h.stopMalwareScan(w, r)
+	h.stopScan(w, r, "StopMalwareScan")
 }
 
 func (h *Handler) IngestCloudResourcesReportHandler(w http.ResponseWriter, r *http.Request) {
@@ -821,13 +821,13 @@ func (h *Handler) stopComplianceScan(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusAccepted)
 }
 
-func (h *Handler) stopVulnerabilityScan(w http.ResponseWriter, r *http.Request) {
+func (h *Handler) stopScan(w http.ResponseWriter, r *http.Request, tag string) {
 	//	Stopping scan is on best-effort basis, not guaranteed
 	defer r.Body.Close()
 	var req model.StopScanRequest
 	err := httpext.DecodeJSON(r, httpext.NoQueryParams, MaxPostRequestSize, &req)
 	if err != nil {
-		log.Error().Msgf("StopVulnerabilityScan Failed to DecodeJSON: %v", err)
+		log.Error().Msgf("%s Failed to DecodeJSON: %v", tag, err)
 		h.respondError(err, w)
 		return
 	}
@@ -839,74 +839,16 @@ func (h *Handler) stopVulnerabilityScan(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	log.Info().Msgf("StopVulnerabilityScan request, type: %s, scanid: %s", req.ScanType, req.ScanID)
-
-	err = reporters_scan.StopScan(r.Context(), req.ScanType, req.ScanID)
-	if err != nil {
-		log.Error().Msgf("Error in StopScan: %v", err)
-		h.respondError(&ValidatorError{err: err}, w)
-		return
-	}
-
-	h.AuditUserActivity(r, req.ScanType, ACTION_STOP, req, true)
-
-	w.WriteHeader(http.StatusAccepted)
-}
-
-func (h *Handler) stopSecretScan(w http.ResponseWriter, r *http.Request) {
-	//	Stopping scan is on best-effort basis, not guaranteed
-
-	defer r.Body.Close()
-	var req model.StopScanRequest
-	err := httpext.DecodeJSON(r, httpext.NoQueryParams, MaxPostRequestSize, &req)
-	if err != nil {
-		log.Error().Msgf("Failed to DecodeJSON: %v", err)
-		h.respondError(err, w)
-		return
-	}
-
-	err = h.Validator.Struct(req)
-	if err != nil {
-		log.Error().Msgf("Failed to validate the request: %v", err)
-		h.respondError(&ValidatorError{err: err}, w)
-		return
-	}
-
-	log.Info().Msgf("StopSecretScan request, type: %s, scanid: %s", req.ScanType, req.ScanID)
-
-	err = reporters_scan.StopScan(r.Context(), req.ScanType, req.ScanID)
-	if err != nil {
-		log.Error().Msgf("Error in StopScan: %v", err)
-		h.respondError(&ValidatorError{err: err}, w)
-		return
-	}
-
-	h.AuditUserActivity(r, req.ScanType, ACTION_STOP, req, true)
-
-	w.WriteHeader(http.StatusAccepted)
-}
-
-func (h *Handler) stopMalwareScan(w http.ResponseWriter, r *http.Request) {
-	//	Stopping scan is on best-effort basis, not guaranteed
-	defer r.Body.Close()
-	var req model.StopScanRequest
-	err := httpext.DecodeJSON(r, httpext.NoQueryParams, MaxPostRequestSize, &req)
-	if err != nil {
-		log.Error().Msgf("StopMalwareScan Failed to DecodeJSON: %v", err)
-		h.respondError(err, w)
-		return
-	}
-
-	err = h.Validator.Struct(req)
-	if err != nil {
-		log.Error().Msgf("Failed to validate the request: %v", err)
-		h.respondError(&ValidatorError{err: err}, w)
-		return
+	if req.ScanType == "CloudComplianceScan" {
+		log.Info().Msgf("CloudComplianceScan request, type: %s, scanid: %s",
+			req.ScanType, req.ScanID)
+		err = reporters_scan.StopCloudComplianceScan(r.Context(), req.ScanType, req.ScanID)
+	} else {
+		log.Info().Msgf("%s request, type: %s, scanid: %s",
+			tag, req.ScanType, req.ScanID)
+		err = reporters_scan.StopScan(r.Context(), req.ScanType, req.ScanID)
 	}
 
-	log.Info().Msgf("StopMalwareScan request, type: %s, scanid: %s", req.ScanType, req.ScanID)
-
-	err = reporters_scan.StopScan(r.Context(), req.ScanType, req.ScanID)
 	if err != nil {
 		log.Error().Msgf("Error in StopScan: %v", err)
 		h.respondError(&ValidatorError{err: err}, w)

diff --git a/deepfence_server/reporters/scan/scan_reporters.go b/deepfence_server/reporters/scan/scan_reporters.go
@@ -569,13 +569,14 @@ func GetCloudCompliancePendingScansList(ctx context.Context, scanType utils.Neo4
 	{
 		res, err := tx.Run(`
         MATCH (m:`+string(scanType)+`) -[:SCANNED]-> (n:CloudNode{node_id: $node_id})
-		WHERE m.stop_requested=true
-		SET m.status = $cancelling, m.stop_requested=false
+		WHERE m.status=$cancel_pending
+		SET m.status = $cancelling, m.updated_at = TIMESTAMP()
 		WITH m,n
         RETURN m.node_id, m.status, m.status_message, 
 		n.node_id, m.updated_at, n.node_name ORDER BY m.updated_at`,
 			map[string]interface{}{"node_id": nodeId,
-				"cancelling": utils.SCAN_STATUS_CANCELLING})
+				"cancel_pending": utils.SCAN_STATUS_CANCELLING,
+				"cancelling":     utils.SCAN_STATUS_CANCELLING})
 		if err != nil {
 			log.Info().Msgf("Failed to get stopping scan list for node:%s, error is:%v", nodeId, err)
 		} else {

diff --git a/deepfence_server/reporters/scan/scan_result_actions.go b/deepfence_server/reporters/scan/scan_result_actions.go
@@ -278,10 +278,10 @@ func StopScan(ctx context.Context, scanType, scanId string) error {
 
 	if _, err = tx.Run(fmt.Sprintf(query, scanType),
 		map[string]interface{}{
-			"scan_id":     scanId,
-			"starting":    utils.SCAN_STATUS_STARTING,
-			"in_progress": utils.SCAN_STATUS_INPROGRESS,
-			"cancelling":  utils.SCAN_STATUS_CANCEL_PENDING,
+			"scan_id":        scanId,
+			"starting":       utils.SCAN_STATUS_STARTING,
+			"in_progress":    utils.SCAN_STATUS_INPROGRESS,
+			"cancel_pending": utils.SCAN_STATUS_CANCEL_PENDING,
 		}); err != nil {
 		log.Error().Msgf("StopScan: Error in setting the state in neo4j: %v", err)
 		return err

diff --git a/deepfence_worker/ingesters/common.go b/deepfence_worker/ingesters/common.go
@@ -124,7 +124,8 @@ func statusesToMaps[T any](data []T) []map[string]interface{} {
 		} else {
 			old_status := old["scan_status"].(string)
 			if new_status != old_status {
-				if new_status == utils.SCAN_STATUS_SUCCESS || new_status == utils.SCAN_STATUS_FAILED {
+				if new_status == utils.SCAN_STATUS_SUCCESS ||
+					new_status == utils.SCAN_STATUS_FAILED || new_status == utils.SCAN_STATUS_CANCELLED {
 					statusBuff[scan_id] = new
 				}
 			}