Close gRPC connections & use tickers (#1146)

* Close gRPC connections & use tickers * Fix more leaks on scanner clients
deepfence · May 26, 2023 · 7e731dd · 7e731dd
1 parent dbe273f
commit 7e731dd
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 30 deletions.
diff --git a/deepfence_agent/tools/apache/scope/probe/appclient/openapi_client_controls.go b/deepfence_agent/tools/apache/scope/probe/appclient/openapi_client_controls.go
@@ -48,9 +48,11 @@ func (ct *OpenapiClient) StartControlsWatching(nodeId string, isClusterAgent boo
 			req := ct.API().ControlsAPI.GetKubernetesClusterControls(context.Background())
 			agentId := openapi.NewModelAgentId(getMaxAllocatable(), nodeId)
 			req = req.ModelAgentId(*agentId)
+			ticker := time.NewTicker(time.Second * time.Duration(ct.PublishInterval()/2))
 			for {
+				ticker.Reset(time.Second * time.Duration(ct.PublishInterval()/2))
 				select {
-				case <-time.After(time.Second * time.Duration(ct.PublishInterval()/2)):
+				case <-ticker.C:
 				case <-ct.stopControlListening:
 					break
 				}
@@ -78,9 +80,11 @@ func (ct *OpenapiClient) StartControlsWatching(nodeId string, isClusterAgent boo
 			req := ct.API().ControlsAPI.GetAgentControls(context.Background())
 			agentId := openapi.NewModelAgentId(getMaxAllocatable(), nodeId)
 			req = req.ModelAgentId(*agentId)
+			ticker := time.NewTicker(time.Second * time.Duration(ct.PublishInterval()/2))
 			for {
+				ticker.Reset(time.Second * time.Duration(ct.PublishInterval()/2))
 				select {
-				case <-time.After(time.Second * time.Duration(ct.PublishInterval()/2)):
+				case <-ticker.C:
 				case <-ct.stopControlListening:
 					break
 				}

diff --git a/deepfence_agent/tools/apache/scope/probe/host/generate_sbom.go b/deepfence_agent/tools/apache/scope/probe/host/generate_sbom.go
@@ -27,7 +27,7 @@ func init() {
 	}
 }
 
-func createPackageScannerClient() (pb.PackageScannerClient, error) {
+func createPackageScannerConn() (*grpc.ClientConn, error) {
 	maxMsgSize := 1024 * 1024 * 1 // 1 mb
 	conn, err := grpc.Dial(
 		"unix://"+packageScannerSocket,
@@ -38,7 +38,7 @@ func createPackageScannerClient() (pb.PackageScannerClient, error) {
 	if err != nil {
 		return nil, err
 	}
-	return pb.NewPackageScannerClient(conn), nil
+	return conn, nil
 }
 
 func GenerateSbomForVulnerabilityScan(nodeType, imageName, imageId, scanId, containerId,
@@ -47,10 +47,13 @@ func GenerateSbomForVulnerabilityScan(nodeType, imageName, imageId, scanId, cont
 
 	hostName := scopeHostname.Get()
 
-	packageScannerClient, err := createPackageScannerClient()
+	conn, err := createPackageScannerConn()
 	if err != nil {
 		return err
 	}
+	defer conn.Close()
+
+	packageScannerClient := pb.NewPackageScannerClient(conn)
 	var source string
 	if nodeType == "host" {
 		source = scanPath
@@ -159,6 +162,7 @@ func GetPackageScannerJobCount() int32 {
 		log.Errorf("error in creating package scanner client: %s", err.Error())
 		return 0
 	}
+	defer conn.Close()
 	client := pb.NewScannersClient(conn)
 	jobReport, err := client.ReportJobsStatus(context.Background(), &pb.Empty{})
 	if err != nil {

diff --git a/deepfence_agent/tools/apache/scope/probe/host/malware_scanner.go b/deepfence_agent/tools/apache/scope/probe/host/malware_scanner.go
@@ -87,11 +87,18 @@ func StartMalwareScan(req ctl.StartMalwareScanRequest) error {
 		}
 	}
 
-	ssClient, err := newMalwareScannerClient()
+	conn, err := grpc.Dial("unix://"+ebpfMalwareSocketPath, grpc.WithAuthority("dummy"),
+		grpc.WithInsecure())
 	if err != nil {
+		fmt.Printf("error in creating malware scanner client: %s\n", err.Error())
 		return err
 	}
-	_, err = ssClient.FindMalwareInfo(context.Background(), &greq)
+	defer conn.Close()
+	client := pb.NewMalwareScannerClient(conn)
+	if err != nil {
+		return err
+	}
+	_, err = client.FindMalwareInfo(context.Background(), &greq)
 	if err != nil {
 		return err
 	}
@@ -101,23 +108,14 @@ func StartMalwareScan(req ctl.StartMalwareScanRequest) error {
 	return nil
 }
 
-func newMalwareScannerClient() (pb.MalwareScannerClient, error) {
-	conn, err := grpc.Dial("unix://"+ebpfMalwareSocketPath, grpc.WithAuthority("dummy"),
-		grpc.WithInsecure())
-	if err != nil {
-		fmt.Printf("error in creating malware scanner client: %s\n", err.Error())
-		return nil, err
-	}
-	return pb.NewMalwareScannerClient(conn), nil
-}
-
 func GetMalwareScannerJobCount() int32 {
 	conn, err := grpc.Dial("unix://"+ebpfMalwareSocketPath, grpc.WithAuthority("dummy"),
 		grpc.WithInsecure())
 	if err != nil {
 		fmt.Printf("error in creating malware scanner client: %s\n", err.Error())
 		return 0
 	}
+	defer conn.Close()
 	client := pb.NewScannersClient(conn)
 	jobReport, err := client.ReportJobsStatus(context.Background(), &pb.Empty{})
 	if err != nil {

diff --git a/deepfence_agent/tools/apache/scope/probe/host/secret_scanner.go b/deepfence_agent/tools/apache/scope/probe/host/secret_scanner.go
@@ -76,11 +76,15 @@ func StartSecretsScan(req ctl.StartSecretScanRequest) error {
 		}
 	}
 
-	ssClient, err := newSecretScannerClient()
+	conn, err := grpc.Dial("unix://"+ebpfSocketPath, grpc.WithAuthority("dummy"),
+		grpc.WithInsecure())
 	if err != nil {
+		fmt.Printf("error in creating secret scanner client: %s\n", err.Error())
 		return err
 	}
+	defer conn.Close()
 
+	ssClient := pb.NewSecretScannerClient(conn)
 	_, err = ssClient.FindSecretInfo(context.Background(), &greq)
 
 	if err != nil {
@@ -92,23 +96,14 @@ func StartSecretsScan(req ctl.StartSecretScanRequest) error {
 	return nil
 }
 
-func newSecretScannerClient() (pb.SecretScannerClient, error) {
-	conn, err := grpc.Dial("unix://"+ebpfSocketPath, grpc.WithAuthority("dummy"),
-		grpc.WithInsecure())
-	if err != nil {
-		fmt.Printf("error in creating secret scanner client: %s\n", err.Error())
-		return nil, err
-	}
-	return pb.NewSecretScannerClient(conn), nil
-}
-
 func GetSecretScannerJobCount() int32 {
 	conn, err := grpc.Dial("unix://"+ebpfSocketPath, grpc.WithAuthority("dummy"),
 		grpc.WithInsecure())
 	if err != nil {
 		fmt.Printf("error in creating secret scanner client: %s\n", err.Error())
 		return 0
 	}
+	defer conn.Close()
 	client := pb.NewScannersClient(conn)
 	jobReport, err := client.ReportJobsStatus(context.Background(), &pb.Empty{})
 	if err != nil {

diff --git a/deepfence_agent/tools/apache/scope/probe/real_probe.go b/deepfence_agent/tools/apache/scope/probe/real_probe.go
@@ -23,11 +23,12 @@ func (p *Probe) publishLoop() {
 	startTime := time.Now()
 	publishCount := 0
 	var lastFullReport report.Report
-
+	ticker := time.NewTicker(time.Second * time.Duration(p.publisher.PublishInterval()))
 	for {
 		var err error
+		ticker.Reset(time.Second * time.Duration(p.publisher.PublishInterval()))
 		select {
-		case <-time.After(time.Second * time.Duration(p.publisher.PublishInterval())):
+		case <-ticker.C:
 			rpt, count := p.drainAndSanitise(report.MakeReport(), p.spiedReports)
 			if count == 0 {
 				continue // No data has been collected - don't bother publishing.