Skip to content

ROX-19064: Scanner V4 CI Wait for Vulns to Load (readiness version) #19930

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dcaravel wants to merge 1 commit into
base: master
Choose a base branch
from
+31 −1
Open

ROX-19064: Scanner V4 CI Wait for Vulns to Load (readiness version) #19930

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions deploy/common/k8sbased.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -415,6 +415,12 @@ function launch_central {
)
fi

if [[ "${SCANNER_V4_VULN_READINESS:-false}" == "true" && "${ROX_SCANNER_V4:-}" != "false" ]]; then
helm_args+=(
--set customize.envVars.SCANNER_V4_MATCHER_READINESS=vulnerability
)
fi

if [[ -n "$EXTERNAL_DB" ]]; then
helm_args+=(
--set "central.db.password.value=${EXTERNAL_DB_PASSWORD}"
Expand Down Expand Up @@ -524,6 +530,9 @@ function launch_central {
"${unzip_dir}/scanner-v4/scripts/setup.sh"
fi
launch_service "${unzip_dir}" scanner-v4
if [[ "${SCANNER_V4_VULN_READINESS:-false}" == "true" ]]; then
${ORCH_CMD} -n stackrox set env deploy/scanner-v4-matcher SCANNER_V4_MATCHER_READINESS=vulnerability
fi
else
echo >&2 "WARNING: Deployment bundle does not seem to contain support for Scanner V4."
echo >&2 "WARNING: Scanner V4 will not be deployed now."
Expand Down
1 change: 1 addition & 0 deletions scripts/ci/jobs/gke_scanner_v4_install_tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
os.environ["STORE_METRICS"] = "true"
os.environ["ROX_BASELINE_GENERATION_DURATION"] = "5m"
os.environ["ROX_SCANNER_V4"] = "true"
os.environ["SCANNER_V4_VULN_READINESS"] = "false"

ClusterTestRunner(
cluster=GKECluster("scanner-v4-install-test", machine_type="e2-standard-8"),
Expand Down
1 change: 1 addition & 0 deletions scripts/ci/jobs/ocp_scanner_v4_install_tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
os.environ["STORE_METRICS"] = "true"
os.environ["ROX_BASELINE_GENERATION_DURATION"] = "5m"
os.environ["ROX_SCANNER_V4"] = "true"
os.environ["SCANNER_V4_VULN_READINESS"] = "false"
os.environ["ENABLE_OPERATOR_TESTS"] = "true"

# ROX-32314, move out
Expand Down
21 changes: 20 additions & 1 deletion tests/e2e/lib.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,7 @@ export_test_environment() {
ci_export ROX_NETFLOW_BATCHING "${ROX_NETFLOW_BATCHING:-true}"
ci_export ROX_NETFLOW_CACHE_LIMITING "${ROX_NETFLOW_CACHE_LIMITING:-true}"
ci_export ROX_TAILORED_PROFILES "${ROX_TAILORED_PROFILES:-true}"
ci_export SCANNER_V4_VULN_READINESS "${SCANNER_V4_VULN_READINESS:-true}"

if is_in_PR_context && pr_has_label ci-fail-fast; then
ci_export FAIL_FAST "true"
Expand Down Expand Up @@ -360,6 +361,11 @@ deploy_central_via_operator() {
false) scannerV4ScannerComponent="Disabled" ;;
esac

if [[ "${SCANNER_V4_VULN_READINESS:-false}" == "true" && "$scannerV4ScannerComponent" != "Disabled" ]]; then
customize_envVars+=$'\n - name: SCANNER_V4_MATCHER_READINESS'
customize_envVars+=$'\n value: "vulnerability"'
fi

CENTRAL_YAML_PATH="tests/e2e/yaml/central-cr.envsubst.yaml"
# Different yaml for midstream images
if [[ "${USE_MIDSTREAM_IMAGES}" == "true" ]]; then
Expand Down Expand Up @@ -1161,16 +1167,29 @@ wait_for_ready_deployment() {
wait_for_scanner_V4() {
local namespace="$1"
local max_seconds=${MAX_WAIT_SECONDS:-300}
local matcher_max_seconds="$max_seconds"
info "Waiting for Scanner V4 to become ready..."
if [[ "${ORCHESTRATOR_FLAVOR:-}" == "openshift" ]]; then
# OCP Interop tests are run on minimal instances and will take longer
# Allow override with MAX_WAIT_SECONDS
max_seconds=${MAX_WAIT_SECONDS:-600}
matcher_max_seconds="$max_seconds"
info "Waiting ${max_seconds}s (increased for openshift-ci provisioned clusters) for central api and $(( max_seconds * 6 )) for ingress..."
fi
if [[ "${SCANNER_V4_VULN_READINESS:-false}" == "true" ]]; then
# Slowness or timeout may indicate that a low performance disk is used by
# the Scanner V4 DB PVC. If storage class is unset the cluster default
# storage class is used.
info "SCANNER_V4_DB_STORAGE_CLASS=${SCANNER_V4_DB_STORAGE_CLASS:-<unset>}"
info "Listing available storage classes:"
kubectl describe storageclasses 2>/dev/null || true

matcher_max_seconds=${SCANNER_V4_VULN_READINESS_TIMEOUT:-2400}
info "Waiting ${matcher_max_seconds}s for matcher vulnerability readiness..."
fi

wait_for_ready_deployment "$namespace" "scanner-v4-indexer" "$max_seconds"
wait_for_ready_deployment "$namespace" "scanner-v4-matcher" "$max_seconds"
wait_for_ready_deployment "$namespace" "scanner-v4-matcher" "$matcher_max_seconds"
}

# shellcheck disable=SC2120
Expand Down
Loading