try to use checksum annotation before calculating it

Signed-off-by: Matthias Bertschy <[email protected]>
kubescape · Nov 19, 2024 · a85e243 · a85e243
1 parent 928e518
commit a85e243
Show file tree

Hide file tree

Showing 9 changed files with 466 additions and 543 deletions.
diff --git a/adapters/backend/v1/client.go b/adapters/backend/v1/client.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
+	storageutils "github.com/kubescape/storage/pkg/utils"
 	"github.com/kubescape/synchronizer/adapters"
 	"github.com/kubescape/synchronizer/domain"
 	"github.com/kubescape/synchronizer/messaging"
@@ -73,7 +74,7 @@ func (c *Client) sendServerConnectedMessage(ctx context.Context) error {
 
 func (c *Client) callVerifyObject(ctx context.Context, id domain.KindName, object []byte) error {
 	// calculate checksum
-	checksum, err := utils.CanonicalHash(object)
+	checksum, err := storageutils.CanonicalHash(object)
 	if err != nil {
 		return fmt.Errorf("calculate checksum: %w", err)
 	}

diff --git a/adapters/incluster/v1/client.go b/adapters/incluster/v1/client.go
@@ -25,6 +25,7 @@ import (
 	"github.com/kubescape/go-logger/helpers"
 	helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers"
 	spdxv1beta1 "github.com/kubescape/storage/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1"
+	storageutils "github.com/kubescape/storage/pkg/utils"
 	"github.com/kubescape/synchronizer/adapters"
 	"github.com/kubescape/synchronizer/config"
 	"github.com/kubescape/synchronizer/domain"
@@ -151,14 +152,16 @@ func (c *Client) Start(ctx context.Context) error {
 		switch {
 		case event.Type == watch.Added:
 			logger.L().Debug("added resource", helpers.String("id", id.String()))
-			newObject, err := c.getObjectFromMeta(d)
+			checksums, err := c.getChecksums(d)
 			if err != nil {
-				logger.L().Ctx(ctx).Error("cannot get object", helpers.Error(err), helpers.String("id", id.String()))
+				logger.L().Ctx(ctx).Error("cannot get checksums", helpers.Error(err), helpers.String("id", id.String()))
 				continue
 			}
-			err = c.callVerifyObject(ctx, id, newObject)
-			if err != nil {
-				logger.L().Ctx(ctx).Error("cannot handle added resource", helpers.Error(err), helpers.String("id", id.String()))
+			for _, checksum := range checksums {
+				err = c.callbacks.VerifyObject(ctx, id, checksum)
+				if err != nil {
+					logger.L().Ctx(ctx).Error("cannot handle added resource", helpers.Error(err), helpers.String("id", id.String()))
+				}
 			}
 		case event.Type == watch.Deleted:
 			logger.L().Debug("deleted resource", helpers.String("id", id.String()))
@@ -344,7 +347,7 @@ func (c *Client) callPutOrPatch(ctx context.Context, id domain.KindName, baseObj
 				return fmt.Errorf("verifying patch: %w", err)
 			}
 			// calculate checksum
-			checksum, err := utils.CanonicalHash(mergeResult)
+			checksum, err := storageutils.CanonicalHash(mergeResult)
 			if err != nil {
 				return fmt.Errorf("calculate checksum: %w", err)
 			}
@@ -371,7 +374,7 @@ func (c *Client) callPutOrPatch(ctx context.Context, id domain.KindName, baseObj
 
 func (c *Client) callVerifyObject(ctx context.Context, id domain.KindName, object []byte) error {
 	// calculate checksum
-	checksum, err := utils.CanonicalHash(object)
+	checksum, err := storageutils.CanonicalHash(object)
 	if err != nil {
 		return fmt.Errorf("calculate checksum: %w", err)
 	}
@@ -382,6 +385,29 @@ func (c *Client) callVerifyObject(ctx context.Context, id domain.KindName, objec
 	return nil
 }
 
+func (c *Client) getChecksums(d metav1.Object) ([]string, error) {
+	// TODO add multiplier here
+	checksumFromAnnotation := ""
+	if checksum, ok := d.GetAnnotations()[helpersv1.SyncChecksumMetadataKey]; ok {
+		//return []string{checksum}, nil
+		checksumFromAnnotation = checksum
+	}
+	// we have to get the object and calculate the checksum
+	object, err := c.getObjectFromMeta(d)
+	if err != nil {
+		return nil, fmt.Errorf("get object: %w", err)
+	}
+	checksum, err := storageutils.CanonicalHash(object)
+	if err != nil {
+		return nil, fmt.Errorf("calculate checksum: %w", err)
+	}
+	if checksumFromAnnotation != "" {
+		logger.L().Info("Matthias, comparing checksums", helpers.String("checksumFromAnnotation", checksumFromAnnotation), helpers.String("checksum", checksum))
+		logger.L().Info("Matthias - Checksum calculated", helpers.String("checksum", checksum), helpers.String("object", string(object)))
+	}
+	return []string{checksum}, nil
+}
+
 func (c *Client) DeleteObject(_ context.Context, id domain.KindName) error {
 	if c.Strategy == domain.PatchStrategy {
 		// remove from known resources
@@ -430,7 +456,7 @@ func (c *Client) patchObject(ctx context.Context, id domain.KindName, checksum s
 		return object, fmt.Errorf("apply patch: %w", err)
 	}
 	// verify checksum
-	newChecksum, err := utils.CanonicalHash(modified)
+	newChecksum, err := storageutils.CanonicalHash(modified)
 	if err != nil {
 		return object, fmt.Errorf("calculate checksum: %w", err)
 	}
@@ -515,7 +541,7 @@ func (c *Client) verifyObject(id domain.KindName, newChecksum string) ([]byte, e
 	if err != nil {
 		return nil, fmt.Errorf("marshal resource: %w", err)
 	}
-	checksum, err := utils.CanonicalHash(object)
+	checksum, err := storageutils.CanonicalHash(object)
 	if err != nil {
 		return object, fmt.Errorf("calculate checksum: %w", err)
 	}
@@ -540,23 +566,16 @@ func (c *Client) getExistingStorageObjects(ctx context.Context) (string, error)
 			Namespace:       d.GetNamespace(),
 			ResourceVersion: domain.ToResourceVersion(d.GetResourceVersion()),
 		}
-		obj, err := c.getResource(d.GetNamespace(), d.GetName(), false)
+		// get checksum
+		checksums, err := c.getChecksums(d)
 		if err != nil {
-			logger.L().Ctx(ctx).Error("cannot get object", helpers.Error(err), helpers.String("id", id.String()))
+			logger.L().Ctx(ctx).Error("cannot get checksums", helpers.Error(err), helpers.String("id", id.String()))
 			return nil
 		}
-		if c.multiplier > 0 {
-			c.multiplyVerifyObject(ctx, id, obj)
-		} else {
-			newObject, err := c.filterAndMarshal(obj)
-			if err != nil {
-				logger.L().Ctx(ctx).Error("cannot marshal object", helpers.Error(err), helpers.String("id", id.String()))
-				return nil
-			}
-			err = c.callVerifyObject(ctx, id, newObject)
+		for _, checksum := range checksums {
+			err = c.callbacks.VerifyObject(ctx, id, checksum)
 			if err != nil {
 				logger.L().Ctx(ctx).Error("cannot handle added resource", helpers.Error(err), helpers.String("id", id.String()))
-				return nil
 			}
 		}
 		return nil
@@ -567,40 +586,14 @@ func (c *Client) getExistingStorageObjects(ctx context.Context) (string, error)
 	return resourceVersion, nil
 }
 
-func (c *Client) multiplyVerifyObject(ctx context.Context, id domain.KindName, obj metav1.Object) {
-	objectName := id.Name
-	for i := 0; i < c.multiplier; i++ {
-		id.Name = fmt.Sprintf("%s-%d", objectName, i)
-		obj.SetName(id.Name)
-		// change the workload-name label too - if applicable
-		labels := obj.GetLabels()
-		if labels != nil {
-			if workloadName, ok := labels[helpersv1.NameMetadataKey]; ok {
-				labels[helpersv1.NameMetadataKey] = fmt.Sprintf("%s-%d", workloadName, i)
-				obj.SetLabels(labels)
-			}
-		}
-		newObject, err := c.filterAndMarshal(obj)
-		if err != nil {
-			logger.L().Ctx(ctx).Error("cannot marshal object", helpers.Error(err), helpers.String("id", id.String()))
-			continue
-		}
-		err = c.callVerifyObject(ctx, id, newObject)
-		if err != nil {
-			logger.L().Ctx(ctx).Error("cannot handle added resource", helpers.Error(err), helpers.String("id", id.String()))
-			continue
-		}
-	}
-}
-
 func (c *Client) filterAndMarshal(d metav1.Object) ([]byte, error) {
-	utils.RemoveManagedFields(d)
+	storageutils.RemoveManagedFields(d)
 	if un, ok := d.(*unstructured.Unstructured); ok {
 		fields, ok := fieldsToRemove[c.kind.String()]
 		if !ok {
 			fields = fieldsToRemove["default"]
 		}
-		if err := utils.RemoveSpecificFields(un, fields); err != nil {
+		if err := storageutils.RemoveSpecificFields(un, fields); err != nil {
 			return nil, fmt.Errorf("remove specific fields: %w", err)
 		}
 	} else {

diff --git a/adapters/mock.go b/adapters/mock.go
@@ -8,6 +8,7 @@ import (
 	jsonpatch "github.com/evanphx/json-patch"
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
+	storageutils "github.com/kubescape/storage/pkg/utils"
 	"github.com/kubescape/synchronizer/domain"
 	"github.com/kubescape/synchronizer/utils"
 	"go.uber.org/multierr"
@@ -121,7 +122,7 @@ func (m *MockAdapter) GetObject(ctx context.Context, id domain.KindName, baseObj
 				return fmt.Errorf("verifying patch: %w", err)
 			}
 			// calculate checksum
-			checksum, err := utils.CanonicalHash(mergeResult)
+			checksum, err := storageutils.CanonicalHash(mergeResult)
 			if err != nil {
 				return fmt.Errorf("calculate checksum: %w", err)
 			}
@@ -152,7 +153,7 @@ func (m *MockAdapter) patchObject(id domain.KindName, checksum string, patch []b
 	if err != nil {
 		return object, fmt.Errorf("apply patch: %w", err)
 	}
-	newChecksum, err := utils.CanonicalHash(modified)
+	newChecksum, err := storageutils.CanonicalHash(modified)
 	if err != nil {
 		return object, fmt.Errorf("calculate checksum: %w", err)
 	}
@@ -214,7 +215,7 @@ func (m *MockAdapter) verifyObject(id domain.KindName, newChecksum string) ([]by
 	if !ok {
 		return nil, fmt.Errorf("object not found")
 	}
-	checksum, err := utils.CanonicalHash(object)
+	checksum, err := storageutils.CanonicalHash(object)
 	if err != nil {
 		return nil, fmt.Errorf("calculate checksum: %w", err)
 	}
@@ -264,7 +265,7 @@ func (m *MockAdapter) TestCallPutOrPatch(ctx context.Context, id domain.KindName
 				return fmt.Errorf("verifying patch: %w", err)
 			}
 			// calculate checksum
-			checksum, err := utils.CanonicalHash(mergeResult)
+			checksum, err := storageutils.CanonicalHash(mergeResult)
 			if err != nil {
 				return fmt.Errorf("calculate checksum: %w", err)
 			}
@@ -295,7 +296,7 @@ func (m *MockAdapter) TestCallVerifyObject(ctx context.Context, id domain.KindNa
 	// store object locally - this is only for testing purposes
 	m.Resources[id.String()] = object
 	// calculate checksum
-	checksum, err := utils.CanonicalHash(object)
+	checksum, err := storageutils.CanonicalHash(object)
 	if err != nil {
 		return fmt.Errorf("calculate checksum: %w", err)
 	}

diff --git a/go.mod b/go.mod
@@ -3,7 +3,6 @@ module github.com/kubescape/synchronizer
 go 1.22.5
 
 require (
-	github.com/SergJa/jsonhash v0.0.0-20210531165746-fc45f346aa74
 	github.com/apache/pulsar-client-go v0.12.1
 	github.com/armosec/armoapi-go v0.0.393
 	github.com/armosec/utils-k8s-go v0.0.26
@@ -17,9 +16,9 @@ require (
 	github.com/kinbiko/jsonassert v1.1.1
 	github.com/kubescape/backend v0.0.20
 	github.com/kubescape/go-logger v0.0.23
-	github.com/kubescape/k8s-interface v0.0.165
+	github.com/kubescape/k8s-interface v0.0.177
 	github.com/kubescape/messaging v0.0.33
-	github.com/kubescape/storage v0.0.111
+	github.com/kubescape/storage v0.0.135
 	github.com/panjf2000/ants/v2 v2.9.1
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
 	github.com/prometheus/client_golang v1.19.0
@@ -29,7 +28,7 @@ require (
 	github.com/testcontainers/testcontainers-go v0.33.0
 	github.com/testcontainers/testcontainers-go/modules/k3s v0.33.0
 	go.uber.org/multierr v1.11.0
-	golang.org/x/mod v0.19.0
+	golang.org/x/mod v0.20.0
 	golang.org/x/net v0.29.0
 	istio.io/pkg v0.0.0-20231221211216-7635388a563e
 	k8s.io/api v0.29.4
@@ -55,6 +54,7 @@ require (
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/DataDog/zstd v1.5.5 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/SergJa/jsonhash v0.0.0-20210531165746-fc45f346aa74 // indirect
 	github.com/acobaugh/osrelease v0.1.0 // indirect
 	github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect
 	github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4 // indirect
@@ -64,23 +64,23 @@ require (
 	github.com/armosec/gojay v1.2.17 // indirect
 	github.com/armosec/utils-go v0.0.57 // indirect
 	github.com/avast/retry-go v3.0.0+incompatible // indirect
-	github.com/aws/aws-sdk-go v1.50.20 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/eks v1.28.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/iam v1.21.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
-	github.com/aws/smithy-go v1.19.0 // indirect
+	github.com/aws/aws-sdk-go v1.55.5 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.30.5 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.27.35 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.33 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.34.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/eks v1.48.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/iam v1.35.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.8 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.8 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.8 // indirect
+	github.com/aws/smithy-go v1.20.4 // indirect
 	github.com/becheran/wildmatch-go v1.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bits-and-blooms/bitset v1.13.0 // indirect
@@ -242,6 +242,7 @@ require (
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apiextensions-apiserver v0.29.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	sigs.k8s.io/controller-runtime v0.17.2 // indirect