chore: add cluster UID label in clusterissues and vulnerabilityreports

api/zora/v1alpha1/clusterissue_types.go

@@ -28,13 +28,14 @@ const (
 	SeverityMedium  ClusterIssueSeverity = "Medium"
 	SeverityHigh    ClusterIssueSeverity = "High"
 
-	LabelScanID   = "scanID"
-	LabelCluster  = "cluster"
-	LabelSeverity = "severity"
-	LabelIssueID  = "id"
-	LabelCategory = "category"
-	LabelPlugin   = "plugin"
-	LabelCustom   = "custom"
+	LabelScanID     = "scanID"
+	LabelCluster    = "cluster"
+	LabelClusterUID = "clusterUID"
+	LabelSeverity   = "severity"
+	LabelIssueID    = "id"
+	LabelCategory   = "category"
+	LabelPlugin     = "plugin"
+	LabelCustom     = "custom"
 )
 
 // ClusterIssueSpec defines the desired state of ClusterIssue

internal/controller/zora/clusterscan_controller.go

@@ -212,6 +212,7 @@ func (r *ClusterScanReconciler) reconcile(ctx context.Context, clusterscan *v1al
 			Suspend:            notReadyErr != nil,
 			KubexnsImage:       r.KubexnsImage,
 			ChecksConfigMap:    r.ChecksConfigMap,
+			ClusterUID:         cluster.UID,
 		}
 
 		result, err := ctrl.CreateOrUpdate(ctx, r.Client, cronJob, cronJobMutator.Mutate)

pkg/plugins/cronjob.go

@@ -21,6 +21,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/pointer"
 	ctrl "sigs.k8s.io/controller-runtime"
 
@@ -92,6 +93,7 @@ type CronJobMutator struct {
 	Suspend            bool
 	KubexnsImage       string
 	ChecksConfigMap    string
+	ClusterUID         types.UID
 }
 
 // Mutate returns a function which mutates the existing CronJob into it's desired state.
@@ -279,6 +281,10 @@ func (r *CronJobMutator) workerEnv() []corev1.EnvVar {
 			Name:  "CLUSTER_NAME",
 			Value: r.ClusterScan.Spec.ClusterRef.Name,
 		},
+		corev1.EnvVar{
+			Name:  "CLUSTER_UID",
+			Value: string(r.ClusterUID),
+		},
 		corev1.EnvVar{
 			Name: "NAMESPACE",
 			ValueFrom: &corev1.EnvVarSource{

pkg/worker/config.go

@@ -28,6 +28,7 @@ type config struct {
 	PluginName   string        `env:"PLUGIN_NAME,required"`
 	PluginType   string        `env:"PLUGIN_TYPE,required"`
 	ClusterName  string        `env:"CLUSTER_NAME,required"`
+	ClusterUID   string        `env:"CLUSTER_UID,required"`
 	Namespace    string        `env:"NAMESPACE,required"`
 	JobName      string        `env:"JOB_NAME,required"`
 	JobUID       string        `env:"JOB_UID,required"`

pkg/worker/config_test.go

@@ -38,6 +38,7 @@ func TestConfigFromEnv(t *testing.T) {
 				"PLUGIN_NAME":  "plugin",
 				"PLUGIN_TYPE":  "misconfiguration",
 				"CLUSTER_NAME": "cluster",
+				"CLUSTER_UID":  "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
 				"NAMESPACE":    "ns",
 				"JOB_NAME":     "cluster-plugin-28140229",
 				"JOB_UID":      "50c8957e-c9e1-493a-9fa4-d0786deea017",
@@ -49,6 +50,7 @@ func TestConfigFromEnv(t *testing.T) {
 				PluginName:   "plugin",
 				PluginType:   "misconfiguration",
 				ClusterName:  "cluster",
+				ClusterUID:   "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
 				Namespace:    "ns",
 				JobName:      "cluster-plugin-28140229",
 				JobUID:       "50c8957e-c9e1-493a-9fa4-d0786deea017",
@@ -63,10 +65,11 @@ func TestConfigFromEnv(t *testing.T) {
 				//"PLUGIN_NAME":  "plugin",
 				"PLUGIN_TYPE":  "misconfiguration",
 				"CLUSTER_NAME": "cluster",
-				"NAMESPACE":    "ns",
-				"JOB_NAME":     "cluster-plugin-28140229",
-				"JOB_UID":      "50c8957e-c9e1-493a-9fa4-d0786deea017",
-				"POD_NAME":     "cluster-plugin-28140229-h9kcn",
+				//"CLUSTER_UID":  "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
+				"NAMESPACE": "ns",
+				"JOB_NAME":  "cluster-plugin-28140229",
+				"JOB_UID":   "50c8957e-c9e1-493a-9fa4-d0786deea017",
+				"POD_NAME":  "cluster-plugin-28140229-h9kcn",
 			},
 			wantErr: true,
 		},
@@ -76,6 +79,7 @@ func TestConfigFromEnv(t *testing.T) {
 				"PLUGIN_NAME":   "plugin",
 				"PLUGIN_TYPE":   "vulnerability",
 				"CLUSTER_NAME":  "cluster",
+				"CLUSTER_UID":   "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
 				"NAMESPACE":     "ns",
 				"JOB_NAME":      "cluster-plugin-28140229",
 				"JOB_UID":       "50c8957e-c9e1-493a-9fa4-d0786deea017",
@@ -90,6 +94,7 @@ func TestConfigFromEnv(t *testing.T) {
 				PluginName:   "plugin",
 				PluginType:   "vulnerability",
 				ClusterName:  "cluster",
+				ClusterUID:   "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
 				Namespace:    "ns",
 				JobName:      "cluster-plugin-28140229",
 				JobUID:       "50c8957e-c9e1-493a-9fa4-d0786deea017",

pkg/worker/misconfig.go

@@ -87,13 +87,14 @@ func newClusterIssue(cfg *config, spec v1alpha1.ClusterIssueSpec, owner metav1.O
 			Namespace:       cfg.Namespace,
 			OwnerReferences: []metav1.OwnerReference{owner},
 			Labels: map[string]string{
-				v1alpha1.LabelScanID:   cfg.JobUID,
-				v1alpha1.LabelCluster:  cfg.ClusterName,
-				v1alpha1.LabelPlugin:   cfg.PluginName,
-				v1alpha1.LabelSeverity: string(spec.Severity),
-				v1alpha1.LabelIssueID:  spec.ID,
-				v1alpha1.LabelCategory: strings.ReplaceAll(spec.Category, " ", ""),
-				v1alpha1.LabelCustom:   strconv.FormatBool(spec.Custom),
+				v1alpha1.LabelScanID:     cfg.JobUID,
+				v1alpha1.LabelCluster:    cfg.ClusterName,
+				v1alpha1.LabelClusterUID: cfg.ClusterUID,
+				v1alpha1.LabelPlugin:     cfg.PluginName,
+				v1alpha1.LabelSeverity:   string(spec.Severity),
+				v1alpha1.LabelIssueID:    spec.ID,
+				v1alpha1.LabelCategory:   strings.ReplaceAll(spec.Category, " ", ""),
+				v1alpha1.LabelCustom:     strconv.FormatBool(spec.Custom),
 			},
 		},
 		Spec: spec,

pkg/worker/misconfig_test.go

@@ -61,6 +61,7 @@ func TestParseMisconfigResults(t *testing.T) {
 				cfg: &config{
 					PluginName:  "marvin",
 					ClusterName: "cluster",
+					ClusterUID:  "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
 					Namespace:   "ns",
 					JobName:     "cluster-marvin-28140229",
 					JobUID:      "50c8957e-c9e1-493a-9fa4-d0786deea017",
@@ -84,13 +85,14 @@ func TestParseMisconfigResults(t *testing.T) {
 							},
 						},
 						Labels: map[string]string{
-							v1alpha1.LabelScanID:   "50c8957e-c9e1-493a-9fa4-d0786deea017",
-							v1alpha1.LabelCluster:  "cluster",
-							v1alpha1.LabelSeverity: string(v1alpha1.SeverityMedium),
-							v1alpha1.LabelIssueID:  "M-400",
-							v1alpha1.LabelCategory: "BestPractices",
-							v1alpha1.LabelPlugin:   "marvin",
-							v1alpha1.LabelCustom:   "false",
+							v1alpha1.LabelScanID:     "50c8957e-c9e1-493a-9fa4-d0786deea017",
+							v1alpha1.LabelCluster:    "cluster",
+							v1alpha1.LabelClusterUID: "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
+							v1alpha1.LabelSeverity:   string(v1alpha1.SeverityMedium),
+							v1alpha1.LabelIssueID:    "M-400",
+							v1alpha1.LabelCategory:   "BestPractices",
+							v1alpha1.LabelPlugin:     "marvin",
+							v1alpha1.LabelCustom:     "false",
 						},
 					},
 					Spec: v1alpha1.ClusterIssueSpec{
@@ -120,13 +122,14 @@ func TestParseMisconfigResults(t *testing.T) {
 							},
 						},
 						Labels: map[string]string{
-							v1alpha1.LabelScanID:   "50c8957e-c9e1-493a-9fa4-d0786deea017",
-							v1alpha1.LabelCluster:  "cluster",
-							v1alpha1.LabelSeverity: string(v1alpha1.SeverityMedium),
-							v1alpha1.LabelIssueID:  "M-407",
-							v1alpha1.LabelCategory: "Reliability",
-							v1alpha1.LabelPlugin:   "marvin",
-							v1alpha1.LabelCustom:   "false",
+							v1alpha1.LabelScanID:     "50c8957e-c9e1-493a-9fa4-d0786deea017",
+							v1alpha1.LabelCluster:    "cluster",
+							v1alpha1.LabelClusterUID: "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
+							v1alpha1.LabelSeverity:   string(v1alpha1.SeverityMedium),
+							v1alpha1.LabelIssueID:    "M-407",
+							v1alpha1.LabelCategory:   "Reliability",
+							v1alpha1.LabelPlugin:     "marvin",
+							v1alpha1.LabelCustom:     "false",
 						},
 					},
 					Spec: v1alpha1.ClusterIssueSpec{
@@ -156,13 +159,14 @@ func TestParseMisconfigResults(t *testing.T) {
 							},
 						},
 						Labels: map[string]string{
-							v1alpha1.LabelScanID:   "50c8957e-c9e1-493a-9fa4-d0786deea017",
-							v1alpha1.LabelCluster:  "cluster",
-							v1alpha1.LabelSeverity: string(v1alpha1.SeverityLow),
-							v1alpha1.LabelIssueID:  "M-116",
-							v1alpha1.LabelCategory: "Security",
-							v1alpha1.LabelPlugin:   "marvin",
-							v1alpha1.LabelCustom:   "false",
+							v1alpha1.LabelScanID:     "50c8957e-c9e1-493a-9fa4-d0786deea017",
+							v1alpha1.LabelCluster:    "cluster",
+							v1alpha1.LabelClusterUID: "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
+							v1alpha1.LabelSeverity:   string(v1alpha1.SeverityLow),
+							v1alpha1.LabelIssueID:    "M-116",
+							v1alpha1.LabelCategory:   "Security",
+							v1alpha1.LabelPlugin:     "marvin",
+							v1alpha1.LabelCustom:     "false",
 						},
 					},
 					Spec: v1alpha1.ClusterIssueSpec{
@@ -192,13 +196,14 @@ func TestParseMisconfigResults(t *testing.T) {
 							},
 						},
 						Labels: map[string]string{
-							v1alpha1.LabelScanID:   "50c8957e-c9e1-493a-9fa4-d0786deea017",
-							v1alpha1.LabelCluster:  "cluster",
-							v1alpha1.LabelSeverity: string(v1alpha1.SeverityMedium),
-							v1alpha1.LabelIssueID:  "M-113",
-							v1alpha1.LabelCategory: "Security",
-							v1alpha1.LabelPlugin:   "marvin",
-							v1alpha1.LabelCustom:   "false",
+							v1alpha1.LabelScanID:     "50c8957e-c9e1-493a-9fa4-d0786deea017",
+							v1alpha1.LabelCluster:    "cluster",
+							v1alpha1.LabelClusterUID: "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
+							v1alpha1.LabelSeverity:   string(v1alpha1.SeverityMedium),
+							v1alpha1.LabelIssueID:    "M-113",
+							v1alpha1.LabelCategory:   "Security",
+							v1alpha1.LabelPlugin:     "marvin",
+							v1alpha1.LabelCustom:     "false",
 						},
 					},
 					Spec: v1alpha1.ClusterIssueSpec{
@@ -228,13 +233,14 @@ func TestParseMisconfigResults(t *testing.T) {
 							},
 						},
 						Labels: map[string]string{
-							v1alpha1.LabelScanID:   "50c8957e-c9e1-493a-9fa4-d0786deea017",
-							v1alpha1.LabelCluster:  "cluster",
-							v1alpha1.LabelSeverity: string(v1alpha1.SeverityLow),
-							v1alpha1.LabelIssueID:  "M-115",
-							v1alpha1.LabelCategory: "Security",
-							v1alpha1.LabelPlugin:   "marvin",
-							v1alpha1.LabelCustom:   "false",
+							v1alpha1.LabelScanID:     "50c8957e-c9e1-493a-9fa4-d0786deea017",
+							v1alpha1.LabelCluster:    "cluster",
+							v1alpha1.LabelClusterUID: "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
+							v1alpha1.LabelSeverity:   string(v1alpha1.SeverityLow),
+							v1alpha1.LabelIssueID:    "M-115",
+							v1alpha1.LabelCategory:   "Security",
+							v1alpha1.LabelPlugin:     "marvin",
+							v1alpha1.LabelCustom:     "false",
 						},
 					},
 					Spec: v1alpha1.ClusterIssueSpec{
@@ -264,13 +270,14 @@ func TestParseMisconfigResults(t *testing.T) {
 							},
 						},
 						Labels: map[string]string{
-							v1alpha1.LabelScanID:   "50c8957e-c9e1-493a-9fa4-d0786deea017",
-							v1alpha1.LabelCluster:  "cluster",
-							v1alpha1.LabelSeverity: string(v1alpha1.SeverityLow),
-							v1alpha1.LabelIssueID:  "M-202",
-							v1alpha1.LabelCategory: "Security",
-							v1alpha1.LabelPlugin:   "marvin",
-							v1alpha1.LabelCustom:   "false",
+							v1alpha1.LabelScanID:     "50c8957e-c9e1-493a-9fa4-d0786deea017",
+							v1alpha1.LabelCluster:    "cluster",
+							v1alpha1.LabelClusterUID: "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
+							v1alpha1.LabelSeverity:   string(v1alpha1.SeverityLow),
+							v1alpha1.LabelIssueID:    "M-202",
+							v1alpha1.LabelCategory:   "Security",
+							v1alpha1.LabelPlugin:     "marvin",
+							v1alpha1.LabelCustom:     "false",
 						},
 					},
 					Spec: v1alpha1.ClusterIssueSpec{
@@ -300,13 +307,14 @@ func TestParseMisconfigResults(t *testing.T) {
 							},
 						},
 						Labels: map[string]string{
-							v1alpha1.LabelScanID:   "50c8957e-c9e1-493a-9fa4-d0786deea017",
-							v1alpha1.LabelCluster:  "cluster",
-							v1alpha1.LabelSeverity: string(v1alpha1.SeverityLow),
-							v1alpha1.LabelIssueID:  "M-300",
-							v1alpha1.LabelCategory: "Security",
-							v1alpha1.LabelPlugin:   "marvin",
-							v1alpha1.LabelCustom:   "false",
+							v1alpha1.LabelScanID:     "50c8957e-c9e1-493a-9fa4-d0786deea017",
+							v1alpha1.LabelCluster:    "cluster",
+							v1alpha1.LabelClusterUID: "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
+							v1alpha1.LabelSeverity:   string(v1alpha1.SeverityLow),
+							v1alpha1.LabelIssueID:    "M-300",
+							v1alpha1.LabelCategory:   "Security",
+							v1alpha1.LabelPlugin:     "marvin",
+							v1alpha1.LabelCustom:     "false",
 						},
 					},
 					Spec: v1alpha1.ClusterIssueSpec{

pkg/worker/vuln.go

@@ -82,9 +82,10 @@ func newVulnReport(cfg *config, spec v1alpha1.VulnerabilityReportSpec, owner met
 			Namespace:       cfg.Namespace,
 			OwnerReferences: []metav1.OwnerReference{owner},
 			Labels: map[string]string{
-				v1alpha1.LabelScanID:  cfg.JobUID,
-				v1alpha1.LabelCluster: cfg.ClusterName,
-				v1alpha1.LabelPlugin:  cfg.PluginName,
+				v1alpha1.LabelScanID:     cfg.JobUID,
+				v1alpha1.LabelCluster:    cfg.ClusterName,
+				v1alpha1.LabelClusterUID: cfg.ClusterUID,
+				v1alpha1.LabelPlugin:     cfg.PluginName,
 			},
 		},
 		Spec: spec,

pkg/worker/vuln_test.go

@@ -33,9 +33,10 @@ import (
 )
 
 var labels = map[string]string{
-	v1alpha1.LabelScanID:  "50c8957e-c9e1-493a-9fa4-d0786deea017",
-	v1alpha1.LabelCluster: "cluster",
-	v1alpha1.LabelPlugin:  "trivy",
+	v1alpha1.LabelScanID:     "50c8957e-c9e1-493a-9fa4-d0786deea017",
+	v1alpha1.LabelCluster:    "cluster",
+	v1alpha1.LabelPlugin:     "trivy",
+	v1alpha1.LabelClusterUID: "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
 }
 
 var owners = []metav1.OwnerReference{
@@ -79,6 +80,7 @@ func TestParseVulnResults(t *testing.T) {
 				cfg: &config{
 					PluginName:  "trivy",
 					ClusterName: "cluster",
+					ClusterUID:  "9a1d324c-9170-4aa7-9f64-76f01c9d7989",
 					Namespace:   "ns",
 					JobName:     "cluster-trivy-28140229",
 					JobUID:      "50c8957e-c9e1-493a-9fa4-d0786deea017",