fix cleanup of resources

main.go

@@ -59,10 +59,16 @@ func main() {
 	if err != nil {
 		panic(err.Error())
 	}
+	interval := os.Getenv("CLEANUP_INTERVAL")
+	intervalDuration, err := time.ParseDuration(interval)
+	if err != nil {
+		intervalDuration = time.Hour * 24
+		logger.L().Info("failed to parse cleanup interval, falling back to default", helpers.Error(err), helpers.String("interval", intervalDuration.String()))
+	}
 	cleanupHandler := cleanup.NewResourcesCleanupHandler(
 		afero.NewOsFs(),
 		file.DefaultStorageRoot,
-		time.Hour*24,
+		intervalDuration,
 		kubernetesAPI)
 	go cleanupHandler.StartCleanupTask()
 

pkg/cleanup/cleanup.go

@@ -23,15 +23,17 @@ import (
 type TypeCleanupHandlerFunc func(kind, path string, metadata *metav1.ObjectMeta, resourceMaps ResourceMaps) bool
 
 var resourceKindToHandler = map[string]TypeCleanupHandlerFunc{
-	// vulnerabilitysummaries is virtual
 	// configurationscansummaries is virtual
+	// vulnerabilitysummaries is virtual
 	"applicationactivities":               deleteByTemplateHashOrWlid,
 	"applicationprofiles":                 deleteByTemplateHashOrWlid,
 	"applicationprofilesummaries":         deleteByTemplateHashOrWlid,
 	"networkneighborses":                  deleteByWlid,
 	"openvulnerabilityexchangecontainers": deleteByImageId,
 	"sbomspdxv2p3filtereds":               deleteByInstanceId,
 	"sbomspdxv2p3s":                       deleteByImageId,
+	"sbomsyftfiltereds":                   deleteByInstanceId,
+	"sbomsyfts":                           deleteByImageId,
 	"sbomsummaries":                       deleteByImageId,
 	"vulnerabilitymanifests":              deleteByImageIdOrInstanceId,
 	"vulnerabilitymanifestsummaries":      deleteByWlidAndContainer,
@@ -63,7 +65,7 @@ func (h *ResourcesCleanupHandler) GetFilesToDelete() []string {
 
 func (h *ResourcesCleanupHandler) StartCleanupTask() {
 	for {
-		logger.L().Info("started cleanup task")
+		logger.L().Info("started cleanup task", helpers.String("interval", h.interval.String()))
 		h.filesToDelete = []string{}
 		var err error
 		h.resources, err = h.fetcher.FetchResources()
@@ -97,7 +99,7 @@ func (h *ResourcesCleanupHandler) StartCleanupTask() {
 
 				toDelete := handler(resourceKind, path, metadata, h.resources)
 				if toDelete {
-					logger.L().Info("deleting", helpers.String("kind", resourceKind), helpers.String("namespace", metadata.Namespace), helpers.String("name", metadata.Name))
+					logger.L().Debug("deleting", helpers.String("kind", resourceKind), helpers.String("namespace", metadata.Namespace), helpers.String("name", metadata.Name))
 					h.filesToDelete = append(h.filesToDelete, path)
 
 					jsonFilePath := path[:len(path)-len(file.MetadataExt)] + file.JsonExt
@@ -133,6 +135,7 @@ func loadMetadataFromPath(appFs afero.Fs, rootPath string) (*metav1.ObjectMeta,
 	}
 	data := metav1.ObjectMeta{
 		Annotations: map[string]string{},
+		Labels:      map[string]string{},
 	}
 	// ujson parsing
 	var parent string
@@ -154,6 +157,10 @@ func loadMetadataFromPath(appFs afero.Fs, rootPath string) (*metav1.ObjectMeta,
 			if parent == "annotations" {
 				data.Annotations[unquote(key)] = unquote(value)
 			}
+			// read labels
+			if parent == "labels" {
+				data.Labels[unquote(key)] = unquote(value)
+			}
 		}
 		return true
 	})
@@ -212,12 +219,10 @@ func deleteByWlidAndContainer(_, _ string, metadata *metav1.ObjectMeta, resource
 }
 
 func deleteByTemplateHashOrWlid(_, _ string, metadata *metav1.ObjectMeta, resourceMaps ResourceMaps) bool {
-	wlReplica, wlReplicaFound := metadata.Annotations[instanceidhandler.TemplateHashKey] // replica
+	wlReplica, wlReplicaFound := metadata.Labels[instanceidhandler.TemplateHashKey] // replica
 	if wlReplicaFound && wlReplica != "" {
 		return !resourceMaps.RunningTemplateHash.Contains(wlReplica)
 	}
-
 	// fallback to wlid
 	return deleteByWlid("", "", metadata, resourceMaps)
-
 }

pkg/cleanup/discovery.go

@@ -3,14 +3,14 @@ package cleanup
 import (
 	"context"
 	"fmt"
+	"github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
 
 	"k8s.io/client-go/discovery"
 
 	wlidPkg "github.com/armosec/utils-k8s-go/wlid"
 	sets "github.com/deckarep/golang-set/v2"
 	"github.com/goradd/maps"
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/instanceidhandler/v1"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/k8s-interface/workloadinterface"
@@ -23,6 +23,7 @@ var (
 	Workloads = sets.NewSet[string]([]string{
 		"apiservice",
 		"configmap",
+		"clusterrole",
 		"clusterrolebinding",
 		"cronjob",
 		"daemonset",
@@ -107,14 +108,15 @@ func (h *KubernetesAPI) fetchWlidsFromRunningWorkloads(resourceMaps *ResourceMap
 
 			resourceMaps.RunningWlidsToContainerNames.Set(wlid, sets.NewSet[string]())
 
-			c, ok := workloadinterface.InspectMap(workload.Object, "spec", "template", "spec", "containers")
+			c, ok := workloadinterface.InspectMap(workload.Object, append(workloadinterface.PodSpec(workload.GetKind()), "containers")...)
 			if !ok {
 				continue
 			}
 			containers := c.([]interface{})
 			for _, container := range containers {
 				name, ok := workloadinterface.InspectMap(container, "name")
 				if !ok {
+					logger.L().Debug("container has no name", helpers.String("resource", resource))
 					continue
 				}
 				nameStr := name.(string)
@@ -131,7 +133,6 @@ func (h *KubernetesAPI) fetchInstanceIdsAndImageIdsAndReplicasFromRunningPods(re
 		return fmt.Errorf("failed to list pods: %w", err)
 	}
 
-	logger.L().Info("Listing images of running containers in all pods")
 	for _, p := range pods.Items {
 		pod := workloadinterface.NewWorkloadObj(p.Object)
 
@@ -158,7 +159,6 @@ func (h *KubernetesAPI) fetchInstanceIdsAndImageIdsAndReplicasFromRunningPods(re
 				continue
 			}
 			imageIdStr := containerImageId.(string)
-			logger.L().Info("running container image", helpers.String("pod", p.GetName()), helpers.String("imageID", imageIdStr))
 			resourceMaps.RunningContainerImageIds.Add(imageIdStr)
 		}
 	}