Skip to content

Make Inheritlabels apply to scans and not only pods #683

New issue
New issue
Closed
#687
Closed
Make Inheritlabels apply to scans and not only pods#683
#687
Assignees
EndPositive
Labels
cascading-scansquestionFurther information is requested
@RixTmobilender

Description

@RixTmobilender
RixTmobilender
opened on Sep 29, 2021

🐞 Bug report

Describe the bug

Despite setting inheritLabels = false, the cascading Scans still include the parent scan's labels
I'm using Grafana Tanka which relies on injecting a label "tanka.dev/environment: " in order to "prune" objects within an environment, if the scans inherit this label it will force an unwanted deletion of the cascading scans

Steps To Reproduce

Execute any cascading scan with inheritlabels: false, I launched an nmap scan:

spec:
  cascades:
    inheritLabels: false
    matchExpressions:
    - key: securecodebox.io/intensive
      operator: In
      values:
      - light
      - medium
      - high
    - key: securecodebox.io/invasive
      operator: In
      values:
      - non-invasive
      - invasive
  parameters:
  - scan.me
  scanType: nmap

The Scan objects that get created through cascades, include the original scan's labels

apiVersion: execution.securecodebox.io/v1
kind: Scan
metadata:
  annotations:
    cascading.securecodebox.io/chain: securecodebox-scanners-zap-https
    cascading.securecodebox.io/matched-finding: 99652536-76a7-471e-afef-a5da7d79c62f
    cascading.securecodebox.io/parent-scan: securecodebox-scanners-network
    securecodebox.io/hook: cascading-scans
  creationTimestamp: "2021-09-29T00:18:17Z"
  finalizers:
  - s3.storage.securecodebox.io
  generateName: securecodebox-scanners-network-securecodebox-scanners-zap-https-
  generation: 2
  labels:
    tanka.dev/environment: 6a2b816247aad89622120ae34db00790e8b0e49713341819
  name: securecodebox-scanners-network-securecodebox-scanners-zap-6dmpw
  namespace: nonprod-alldevopsservices
  ownerReferences:
  - apiVersion: execution.securecodebox.io/v1
    blockOwnerDeletion: true
    controller: true
    kind: Scan
    name: securecodebox-scanners-network
    uid: 6069b242-e596-48a4-8e61-b52c38f8a02c
  resourceVersion: "497099"
  uid: 10d779f7-2fda-4bd7-ae49-0802af0e655e
spec:
  cascades:
    matchExpressions:
    - key: securecodebox.io/intensive
      operator: In
      values:
      - light
      - medium
      - high
    - key: securecodebox.io/invasive
      operator: In
      values:
      - non-invasive
      - invasive
  parameters:
  - -t
  - https://scan.me
  scanType: zap-advanced-scan
status:
  findingDownloadLink: ...
  findings:
    severities: {}
  rawResultDownloadLink: ...
  rawResultFile: zap-results.xml
  rawResultType: zap-advanced-xml
  state: Scanning

Expected behavior

Not the Scan nor the backing pod should inherit the parent scan's labels when inheritLabels: false. This isnt true for the Scan

System (please complete the following information):

  • secureCodeBox image: latest
  • helm chart: 3.1.1

Metadata

Metadata

Assignees

Labels

cascading-scansquestionFurther information is requested

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions