feat: improve background scan reports enqueue logic (#5810)

* feat: improve background scan reports enqueue logic

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* delay

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* delay

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* aggregation delay

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl timeout

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* delay

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl timeout

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

pkg/controllers/report/aggregate/controller.go

@@ -36,6 +36,7 @@ const (
 	ControllerName = "aggregate-report-controller"
 	maxRetries     = 10
 	mergeLimit     = 1000
+	enqueueDelay   = 30 * time.Second
 )
 
 type controller struct {
@@ -94,15 +95,14 @@ func NewController(
 		metadataCache:  metadataCache,
 		chunkSize:      chunkSize,
 	}
-	delay := 15 * time.Second
+	controllerutils.AddDelayedExplicitEventHandlers(logger, polrInformer.Informer(), c.queue, enqueueDelay, keyFunc)
-	controllerutils.AddDelayedExplicitEventHandlers(logger, polrInformer.Informer(), c.queue, delay, keyFunc)
+	controllerutils.AddDelayedExplicitEventHandlers(logger, cpolrInformer.Informer(), c.queue, enqueueDelay, keyFunc)
-	controllerutils.AddDelayedExplicitEventHandlers(logger, cpolrInformer.Informer(), c.queue, delay, keyFunc)
+	controllerutils.AddDelayedExplicitEventHandlers(logger, bgscanrInformer.Informer(), c.queue, enqueueDelay, keyFunc)
-	controllerutils.AddDelayedExplicitEventHandlers(logger, bgscanrInformer.Informer(), c.queue, delay, keyFunc)
+	controllerutils.AddDelayedExplicitEventHandlers(logger, cbgscanrInformer.Informer(), c.queue, enqueueDelay, keyFunc)
-	controllerutils.AddDelayedExplicitEventHandlers(logger, cbgscanrInformer.Informer(), c.queue, delay, keyFunc)
 	enqueueFromAdmr := func(obj metav1.Object) {
 		// no need to consider non aggregated reports
 		if controllerutils.HasLabel(obj, reportutils.LabelAggregatedReport) {
-			c.queue.AddAfter(keyFunc(obj), delay)
+			c.queue.AddAfter(keyFunc(obj), enqueueDelay)
 		}
 	}
 	controllerutils.AddEventHandlersT(

pkg/controllers/report/background/controller.go

@@ -39,6 +39,7 @@ const (
 	ControllerName         = "background-scan-controller"
 	maxRetries             = 10
 	annotationLastScanTime = "audit.kyverno.io/last-scan-time"
+	enqueueDelay           = 30 * time.Second
 )
 
 type controller struct {
@@ -107,17 +108,10 @@ func NewController(
 		if eventType == resource.Deleted {
 			return
 		}
-		selector, err := reportutils.SelectorResourceUidEquals(uid)
-		if err != nil {
-			logger.Error(err, "failed to create label selector")
-		}
-		if err := c.enqueue(selector); err != nil {
-			logger.Error(err, "failed to enqueue")
-		}
 		if res.Namespace == "" {
-			c.queue.Add(string(uid))
+			c.queue.AddAfter(string(uid), enqueueDelay)
 		} else {
-			c.queue.Add(res.Namespace + "/" + string(uid))
+			c.queue.AddAfter(res.Namespace+"/"+string(uid), enqueueDelay)
 		}
 	})
 	return &c
@@ -390,7 +384,7 @@ func (c *controller) getMeta(namespace, name string) (metav1.Object, error) {
 	}
 }
 
-func (c *controller) reconcile(ctx context.Context, logger logr.Logger, key, namespace, name string) error {
+func (c *controller) reconcile(ctx context.Context, logger logr.Logger, _, namespace, name string) error {
 	// try to find resource from the cache
 	uid := types.UID(name)
 	resource, gvk, exists := c.metadataCache.GetResourceHash(uid)

pkg/controllers/report/utils/utils.go

@@ -59,15 +59,7 @@ func ReportsAreIdentical(before, after kyvernov1alpha2.ReportInterface) bool {
 	if !reflect.DeepEqual(before.GetAnnotations(), after.GetAnnotations()) {
 		return false
 	}
-	bLabels := sets.New[string]()
+	if !reflect.DeepEqual(before.GetLabels(), after.GetLabels()) {
-	aLabels := sets.New[string]()
-	for key := range before.GetLabels() {
-		bLabels.Insert(key)
-	}
-	for key := range after.GetLabels() {
-		aLabels.Insert(key)
-	}
-	if !aLabels.Equal(bLabels) {
 		return false
 	}
 	b := before.GetResults()

test/conformance/kuttl/kuttl-test.yaml

@@ -3,7 +3,7 @@ kind: TestSuite
 testDirs:
 - ./test/conformance/kuttl
 startKIND: false
-# timeout: 15
+timeout: 90
 parallel: 1
 fullName: true
 skipTestRegex: '_.+'

test/conformance/kuttl/reports/background/test-report-background-mode/01-pod.yaml

@@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- pod.yaml
+assert:
+- pod-assert.yaml

test/conformance/kuttl/reports/background/test-report-background-mode/02-policy.yaml

@@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy.yaml
+assert:
+- policy-assert.yaml

test/conformance/kuttl/reports/background/test-report-background-mode/03-report.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+assert:
+- report-assert.yaml

test/conformance/kuttl/reports/background/test-report-background-mode/99-cleanup.yaml

@@ -1,4 +0,0 @@
-apiVersion: kuttl.dev/v1beta1
-kind: TestStep
-commands:
-  - command: kubectl delete -f 01-manifests.yaml,02-cpol.yaml --force --wait=true --ignore-not-found=true

test/conformance/kuttl/reports/background/test-report-background-mode/README.md

@@ -1,3 +1,10 @@
 # Title
 
 This test checks that a Policy Report is created with an entry that is as expected.
+
+## Steps
+
+1.  - Create a pod
+1.  - Create a cluster policy
+    - Assert the policy becomes ready
+1.  - Assert a report is created for the pod/policy