MGMT-18903: Add 'source' column to violations by severity count SQL t…

…able to support multiple central instances in one hub (stolostron#1105) Signed-off-by: danmanor <[email protected]>
yanmxa · Sep 18, 2024 · f6a54b8 · f6a54b8
1 parent 73803d9
commit f6a54b8
Show file tree

Hide file tree

Showing 10 changed files with 259 additions and 16 deletions.
diff --git a/agent/pkg/status/controller/security/stackrox_alert_count_summary.go b/agent/pkg/status/controller/security/stackrox_alert_count_summary.go
@@ -36,7 +36,7 @@ var AlertsSummeryCountsRequest = stackRoxRequest{
 	Body:        "",
 	CacheStruct: &AlertsSummeryCountsResponse{},
 	GenerateFromCache: func(values ...any) (any, error) {
-		if len(values) != 2 {
+		if len(values) != 4 {
 			return nil, fmt.Errorf("alert summery count cache struct or ACS base URL were not provided")
 		}
 
@@ -53,8 +53,20 @@ var AlertsSummeryCountsRequest = stackRoxRequest{
 		if !ok {
 			return nil, fmt.Errorf("ACS external URL is not valid")
 		}
+
+		acsCentralNamespace, ok := values[2].(string)
+		if !ok {
+			return nil, fmt.Errorf("ACS Central namespace was not provided")
+		}
+
+		acsCentralName, ok := values[3].(string)
+		if !ok {
+			return nil, fmt.Errorf("ACS Central name was not provided")
+		}
+
 		alertCount := wiremodels.SecurityAlertCounts{
 			DetailURL: fmt.Sprintf("%s%s", acsCentralExternalHostPort, stackRoxAlertsDetailsPath),
+			Source:    fmt.Sprintf("%s/%s", acsCentralNamespace, acsCentralName),
 		}
 
 		for _, count := range alertCountSummeryResponse.Groups[0].Counts {

diff --git a/agent/pkg/status/controller/security/stackrox_syncer.go b/agent/pkg/status/controller/security/stackrox_syncer.go
@@ -416,7 +416,8 @@ func (s *StackRoxSyncer) sync(ctx context.Context, data *stackRoxData) error {
 			return fmt.Errorf("failed to make a request to central: %v", err)
 		}
 
-		messageStruct, err := request.GenerateFromCache(request.CacheStruct, data.consoleURL)
+		messageStruct, err := request.GenerateFromCache(
+			request.CacheStruct, data.consoleURL, data.key.Namespace, data.key.Name)
 		if err != nil {
 			return fmt.Errorf("failed to generate struct for kafka message: %v", err)
 		}

diff --git a/agent/pkg/status/controller/security/stackrox_syncer_test.go b/agent/pkg/status/controller/security/stackrox_syncer_test.go
@@ -303,7 +303,8 @@ var _ = Describe("StackRox syncer", func() {
 							"medium": 2,
 							"high": 3,
 							"critical": 4,
-							"detail_url": "https://my-console.com/main/violations"
+							"detail_url": "https://my-console.com/main/violations",
+							"source": "rhacs-operator/stackrox-central-services"
 						}`))
 
 						return nil
@@ -622,7 +623,8 @@ var _ = Describe("StackRox syncer", func() {
 							"medium": 2,
 							"high": 3,
 							"critical": 4,
-							"detail_url": "https://my-console.com/main/violations"
+							"detail_url": "https://my-console.com/main/violations",
+							"source": "rhacs-operator/stackrox-central-services"
 						}`))
 
 						return nil

diff --git a/manager/pkg/statussyncer/syncers/security_alert_counts_handler.go b/manager/pkg/statussyncer/syncers/security_alert_counts_handler.go
@@ -64,11 +64,13 @@ func (h *securityAlertCountsHandler) handleEvent(ctx context.Context, evt *cloud
 		High:      wireModel.High,
 		Critical:  wireModel.Critical,
 		DetailURL: wireModel.DetailURL,
+		Source:    wireModel.Source,
 	}
 
 	// Insert or update the data in the database:
 	db := database.GetGorm()
 	err := db.Clauses(clause.OnConflict{
+		Columns:   []clause.Column{{Name: "hub_name"}, {Name: "source"}},
 		UpdateAll: true,
 	}).Create(dbModel).Error
 	if err != nil {

diff --git a/operator/pkg/controllers/hubofhubs/grafana/manifests/acm-global-security-alert-counts.yaml b/operator/pkg/controllers/hubofhubs/grafana/manifests/acm-global-security-alert-counts.yaml
@@ -557,6 +557,27 @@ data:
                   }
                 ]
               },
+              {
+                "matcher": {
+                  "id": "byName",
+                  "options": "Source"
+                },
+                "properties": [
+                  {
+                    "id": "custom.cellOptions",
+                    "value": {
+                      "type": "color-text"
+                    }
+                  },
+                  {
+                    "id": "color",
+                    "value": {
+                      "fixedColor": "text",
+                      "mode": "fixed"
+                    }
+                  }
+                ]
+              },
               {
                 "matcher": {
                   "id": "byName",
@@ -698,7 +719,7 @@ data:
               "group": [],
               "metricColumn": "none",
               "rawQuery": true,
-              "rawSql": "select \n  hub_name as \"Hub\",\n  low as \"Low\",\n  medium as \"Medium\",\n  high as \"High\",\n  critical as \"Critical\",\n  detail_url as \"Detail\"\nfrom\n  security.alert_counts",
+              "rawSql": "select \n  hub_name as \"Hub\",\n  low as \"Low\",\n  medium as \"Medium\",\n  high as \"High\",\n  critical as \"Critical\",\n  detail_url as \"Detail\",\n source as \"Source\"\nfrom\n  security.alert_counts",
               "refId": "A",
               "select": [
                 [

diff --git a/operator/pkg/controllers/hubofhubs/storage/database/2.tables.sql b/operator/pkg/controllers/hubofhubs/storage/database/2.tables.sql
@@ -144,12 +144,14 @@ CREATE TABLE IF NOT EXISTS status.transport (
 );
 
 CREATE TABLE IF NOT EXISTS security.alert_counts (
-    hub_name text PRIMARY KEY,
+    hub_name text NOT NULL,
     low integer NOT NULL,
     medium integer NOT NULL,
     high integer NOT NULL,
     critical integer NOT NULL,
     detail_url text NOT NULL,
+    source text NOT NULL,
     created_at timestamp without time zone DEFAULT now() NOT NULL,
-    updated_at timestamp without time zone DEFAULT now() NOT NULL
-);
+    updated_at timestamp without time zone DEFAULT now() NOT NULL,
+    PRIMARY KEY (hub_name, source)
+);
diff --git a/operator/pkg/controllers/hubofhubs/storage/upgrade/1.upgrade.sql b/operator/pkg/controllers/hubofhubs/storage/upgrade/1.upgrade.sql
@@ -16,4 +16,4 @@ ALTER TYPE local_status.compliance_type ADD VALUE IF NOT EXISTS 'pending';
 
 ALTER TABLE event.local_policies ADD COLUMN IF NOT EXISTS event_namespace text;
 ALTER TABLE event.local_policies ADD COLUMN IF NOT EXISTS cluster_name text;
-ALTER TABLE event.local_root_policies ADD COLUMN IF NOT EXISTS event_namespace text;
+ALTER TABLE event.local_root_policies ADD COLUMN IF NOT EXISTS event_namespace text;
diff --git a/pkg/database/models/security.go b/pkg/database/models/security.go
@@ -25,6 +25,10 @@ type SecurityAlertCounts struct {
 	//	https://central-rhacs-operator.apps.../main/violations
 	DetailURL string `gorm:"column:detail_url;not null"`
 
+	// Source is the Central CR instance from which the data was retrieved.
+	// This should follow the format: "<namespace>/<name>"
+	Source string `gorm:"column:source;not null"`
+
 	// CreatedAt is the date and time when the row was created.
 	CreatedAt time.Time `gorm:"column:created_at;autoCreateTime:true"`
 

diff --git a/pkg/wire/models/security.go b/pkg/wire/models/security.go
@@ -14,9 +14,13 @@ type SecurityAlertCounts struct {
 	// Critical is the total number of critical severity alerts.
 	Critical int `json:"critical,omitempty"`
 
-	// DetailURL is the URL where the user can see the details of the alerts of the hub. This
+	// DetailURL is the URL where the user can see the details of the alerts of the Central CR instance in the hub. This
 	// will typically be the URL of the violations tab of the Stackrox Central UI:
 	//
 	//	https://central-rhacs-operator.apps.../main/violations
 	DetailURL string `json:"detail_url,omitempty"`
+
+	// Source is the Central CR instance from which the data was retrieved.
+	// This should follow the format: "<namespace>/<name>"
+	Source string `json:"source,omitempty"`
 }