feat: improve background scan reports enqueue logic (#5810)

* feat: improve background scan reports enqueue logic Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * delay Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * delay Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation delay Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl timeout Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * delay Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl timeout Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-28 02:18:15 +00:00 · 2023-01-03 14:51:37 +01:00 · 2023-01-03 14:51:37 +01:00 · aaab55a036
commit aaab55a036
parent ffb204cdaa
14 changed files with 37 additions and 32 deletions
--- a/pkg/controllers/report/aggregate/controller.go
+++ b/pkg/controllers/report/aggregate/controller.go
@ -36,6 +36,7 @@ const (
 	ControllerName = "aggregate-report-controller"
 	maxRetries     = 10
 	mergeLimit     = 1000
+	enqueueDelay   = 30 * time.Second
 )

 type controller struct {
@ -94,15 +95,14 @@ func NewController(
 		metadataCache:  metadataCache,
 		chunkSize:      chunkSize,
 	}
-	delay := 15 * time.Second
-	controllerutils.AddDelayedExplicitEventHandlers(logger, polrInformer.Informer(), c.queue, delay, keyFunc)
-	controllerutils.AddDelayedExplicitEventHandlers(logger, cpolrInformer.Informer(), c.queue, delay, keyFunc)
-	controllerutils.AddDelayedExplicitEventHandlers(logger, bgscanrInformer.Informer(), c.queue, delay, keyFunc)
-	controllerutils.AddDelayedExplicitEventHandlers(logger, cbgscanrInformer.Informer(), c.queue, delay, keyFunc)
+	controllerutils.AddDelayedExplicitEventHandlers(logger, polrInformer.Informer(), c.queue, enqueueDelay, keyFunc)
+	controllerutils.AddDelayedExplicitEventHandlers(logger, cpolrInformer.Informer(), c.queue, enqueueDelay, keyFunc)
+	controllerutils.AddDelayedExplicitEventHandlers(logger, bgscanrInformer.Informer(), c.queue, enqueueDelay, keyFunc)
+	controllerutils.AddDelayedExplicitEventHandlers(logger, cbgscanrInformer.Informer(), c.queue, enqueueDelay, keyFunc)
 	enqueueFromAdmr := func(obj metav1.Object) {
 		// no need to consider non aggregated reports
 		if controllerutils.HasLabel(obj, reportutils.LabelAggregatedReport) {
-			c.queue.AddAfter(keyFunc(obj), delay)
+			c.queue.AddAfter(keyFunc(obj), enqueueDelay)
 		}
 	}
 	controllerutils.AddEventHandlersT(
--- a/pkg/controllers/report/background/controller.go
+++ b/pkg/controllers/report/background/controller.go
@ -39,6 +39,7 @@ const (
 	ControllerName         = "background-scan-controller"
 	maxRetries             = 10
 	annotationLastScanTime = "audit.kyverno.io/last-scan-time"
+	enqueueDelay           = 30 * time.Second
 )

 type controller struct {
@ -107,17 +108,10 @@ func NewController(
 		if eventType == resource.Deleted {
 			return
 		}
-		selector, err := reportutils.SelectorResourceUidEquals(uid)
-		if err != nil {
-			logger.Error(err, "failed to create label selector")
-		}
-		if err := c.enqueue(selector); err != nil {
-			logger.Error(err, "failed to enqueue")
-		}
 		if res.Namespace == "" {
-			c.queue.Add(string(uid))
+			c.queue.AddAfter(string(uid), enqueueDelay)
 		} else {
-			c.queue.Add(res.Namespace + "/" + string(uid))
+			c.queue.AddAfter(res.Namespace+"/"+string(uid), enqueueDelay)
 		}
 	})
 	return &c
@ -390,7 +384,7 @@ func (c *controller) getMeta(namespace, name string) (metav1.Object, error) {
 	}
 }

-func (c *controller) reconcile(ctx context.Context, logger logr.Logger, key, namespace, name string) error {
+func (c *controller) reconcile(ctx context.Context, logger logr.Logger, _, namespace, name string) error {
 	// try to find resource from the cache
 	uid := types.UID(name)
 	resource, gvk, exists := c.metadataCache.GetResourceHash(uid)
--- a/pkg/controllers/report/utils/utils.go
+++ b/pkg/controllers/report/utils/utils.go
@ -59,15 +59,7 @@ func ReportsAreIdentical(before, after kyvernov1alpha2.ReportInterface) bool {
 	if !reflect.DeepEqual(before.GetAnnotations(), after.GetAnnotations()) {
 		return false
 	}
-	bLabels := sets.New[string]()
-	aLabels := sets.New[string]()
-	for key := range before.GetLabels() {
-		bLabels.Insert(key)
-	}
-	for key := range after.GetLabels() {
-		aLabels.Insert(key)
-	}
-	if !aLabels.Equal(bLabels) {
+	if !reflect.DeepEqual(before.GetLabels(), after.GetLabels()) {
 		return false
 	}
 	b := before.GetResults()
--- a/test/conformance/kuttl/kuttl-test.yaml
+++ b/test/conformance/kuttl/kuttl-test.yaml
@ -3,7 +3,7 @@ kind: TestSuite
 testDirs:
 - ./test/conformance/kuttl
 startKIND: false
-# timeout: 15
+timeout: 90
 parallel: 1
 fullName: true
 skipTestRegex: '_.+'
--- a/test/conformance/kuttl/reports/background/test-report-background-mode/01-pod.yaml
+++ b/test/conformance/kuttl/reports/background/test-report-background-mode/01-pod.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- pod.yaml
+assert:
+- pod-assert.yaml
--- a/test/conformance/kuttl/reports/background/test-report-background-mode/02-policy.yaml
+++ b/test/conformance/kuttl/reports/background/test-report-background-mode/02-policy.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy.yaml
+assert:
+- policy-assert.yaml
--- a/test/conformance/kuttl/reports/background/test-report-background-mode/03-report.yaml
+++ b/test/conformance/kuttl/reports/background/test-report-background-mode/03-report.yaml
@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+assert:
+- report-assert.yaml
--- a/test/conformance/kuttl/reports/background/test-report-background-mode/99-cleanup.yaml
+++ b/test/conformance/kuttl/reports/background/test-report-background-mode/99-cleanup.yaml
@ -1,4 +0,0 @@
-apiVersion: kuttl.dev/v1beta1
-kind: TestStep
-commands:
-  - command: kubectl delete -f 01-manifests.yaml,02-cpol.yaml --force --wait=true --ignore-not-found=true
--- a/test/conformance/kuttl/reports/background/test-report-background-mode/README.md
+++ b/test/conformance/kuttl/reports/background/test-report-background-mode/README.md
@ -1,3 +1,10 @@
 # Title

-This test checks that a Policy Report is created with an entry that is as expected.
+This test checks that a Policy Report is created with an entry that is as expected.
+
+## Steps
+
+1.  - Create a pod
+1.  - Create a cluster policy
+    - Assert the policy becomes ready
+1.  - Assert a report is created for the pod/policy
--- a/test/conformance/kuttl/reports/background/test-report-background-mode/pod-assert.yaml
+++ b/test/conformance/kuttl/reports/background/test-report-background-mode/pod-assert.yaml
--- a/test/conformance/kuttl/reports/background/test-report-background-mode/01-manifests.yaml
+++ b/test/conformance/kuttl/reports/background/test-report-background-mode/01-manifests.yaml
--- a/test/conformance/kuttl/reports/background/test-report-background-mode/policy-assert.yaml
+++ b/test/conformance/kuttl/reports/background/test-report-background-mode/policy-assert.yaml
--- a/test/conformance/kuttl/reports/background/test-report-background-mode/02-cpol.yaml
+++ b/test/conformance/kuttl/reports/background/test-report-background-mode/02-cpol.yaml
--- a/test/conformance/kuttl/reports/background/test-report-background-mode/report-assert.yaml
+++ b/test/conformance/kuttl/reports/background/test-report-background-mode/report-assert.yaml
@ -24,4 +24,4 @@ summary:
  fail: 1
  pass: 0
  skip: 0
-  warn: 0
+  warn: 0