fix: Remove job deletion for jobs with TTLSecondsAfterFinished set #2375
Conversation
tom1299
changed the title
| @@ -357,6 +357,10 @@ func (r *ScanJobController) completedContainers(ctx context.Context, scanJob *ba | |||
| } | |||
|
|
|||
| func (r *ScanJobController) deleteJob(ctx context.Context, job *batchv1.Job) error { | |||
| if job.Spec.TTLSecondsAfterFinished != nil && *job.Spec.TTLSecondsAfterFinished != 0 { | |||
There was a problem hiding this comment.
I read through the docs but it wasn't clear to me why we should check for both !=nil and !=0. Could you explain that?
There was a problem hiding this comment.
Actually now that you mentioned it, it seems to me that the !=0 is superfluous / not really necessary. I would remove this from the if statement.
There was a problem hiding this comment.
@simar7 I'm sorry but somehow I totally forgot to do the update. I made the change and squashed the commits so that the commit history looks better.
tom1299
force-pushed
the
vulnerability-scanjob-is-immediately-deleted
branch
from
4a7e50a to
92f70f0
Compare
|
@afdesk can you take another look? |
|
@simar7 will merge it, right? |
|
@tom1299 is it possible to write a test for this case? While it is a trivial change, it is an important one. Maybe we can use this test setup? trivy-operator/tests/envtest/controller_test.go Lines 200 to 226 in 2ed26a2 |
|
@simar7 Adding a test case like above is a very good idea. I will have a deeper look into the env tests and try to add a test case for the ttl jobs. |
|
@simar7 So I had a look at the env tests. And the main issue for adding a test case to the env tests is that the ScanJobController can not be easily added to the env test setup here. Since the var JobHasAnyCondition = predicate.NewPredicateFuncs(func(obj client.Object) bool {
if job, ok := obj.(*batchv1.Job); ok {
return len(job.Status.Conditions) > 0
}
return false
})And it is registered with func (r *ScanJobController) SetupWithManager(mgr ctrl.Manager) error {
var predicates []predicate.Predicate
if !r.ConfigData.VulnerabilityScanJobsInSameNamespace() {
predicates = append(predicates, InNamespace(r.Config.Namespace))
}
predicates = append(predicates, ManagedByTrivyOperator, IsVulnerabilityReportScan, JobHasAnyCondition)
return ctrl.NewControllerManagedBy(mgr).
For(&batchv1.Job{}, builder.WithPredicates(predicates...)).
Complete(r.reconcileJobs())
}By the way, there seems to be a redundant implementation in the if len(job.Status.Conditions) == 0 {
log.V(1).Info("Ignoring Job without conditions")
return ctrl.Result{}, nil
}Which means that the when the Predicate would be removed, the ScanJobController would still not process the job. For me this might also be an issue that needs to be fixed. So I think it would be rather hard to test the changes in the env tests. Or maybe you could give me another hint how to add a test ? Otherwise I can suggest looking into the integration tests. Maybe we could add a test case here ? |
|
As an alternative I added a integration test here 932e1a8. the tests validates that if ttl is set for scan jobs, they are not deleted immediately. What do you think about that ? Would that be a way to to the testing ? |
Description
Currently jobs are directly deleted after they are completed by the trivy-operator without honouring the jobs
ttlSecondsAfterFinishedand thus also the helm configuration parameteroperator.scanJobTTL.The change introduced in this PR will only delete the job if it has no
ttlSecondsAfterFinished.Related issues
Checklist