diff --git a/core/core/scan.go b/core/core/scan.go index 46914dd2..2f953197 100644 --- a/core/core/scan.go +++ b/core/core/scan.go @@ -162,7 +162,7 @@ func (ks *Kubescape) Scan(ctx context.Context, scanInfo *cautils.ScanInfo) (*res // ===================== resources ===================== ctxResources, spanResources := otel.Tracer("").Start(ctxInit, "resources") - scanData, err = resourcehandler.CollectResources(ctxResources, interfaces.resourceHandler, scanInfo.PolicyIdentifier, scanData, cautils.NewProgressHandler("")) + err = resourcehandler.CollectResources(ctxResources, interfaces.resourceHandler, scanInfo.PolicyIdentifier, scanData, cautils.NewProgressHandler("")) if err != nil { spanInit.End() return resultsHandling, err diff --git a/core/pkg/policyhandler/handlepullpolicies.go b/core/pkg/policyhandler/handlepullpolicies.go index 55344e42..ef0c4ebf 100644 --- a/core/pkg/policyhandler/handlepullpolicies.go +++ b/core/pkg/policyhandler/handlepullpolicies.go @@ -27,6 +27,7 @@ type PolicyHandler struct { cachedPolicyIdentifiers *TimedCache[[]string] cachedFrameworks *TimedCache[[]reporthandling.Framework] cachedExceptions *TimedCache[[]armotypes.PostureExceptionPolicy] + cachedControlInputs *TimedCache[map[string][]string] } // NewPolicyHandler creates and returns an instance of the `PolicyHandler`. The function initializes the `PolicyHandler` only if it hasn't been previously created. @@ -38,6 +39,7 @@ func NewPolicyHandler() *PolicyHandler { cachedPolicyIdentifiers: NewTimedCache[[]string](cacheTtl), cachedFrameworks: NewTimedCache[[]reporthandling.Framework](cacheTtl), cachedExceptions: NewTimedCache[[]armotypes.PostureExceptionPolicy](cacheTtl), + cachedControlInputs: NewTimedCache[map[string][]string](cacheTtl), } } return policyHandlerInstance @@ -84,7 +86,7 @@ func (policyHandler *PolicyHandler) getPolicies(ctx context.Context, policyIdent } // get account configuration - if controlInputs, err = policyHandler.getters.ControlsInputsGetter.GetControlsInputs(cautils.ClusterName); err != nil { + if controlInputs, err = policyHandler.getControlInputs(); err != nil { logger.L().Ctx(ctx).Warning(err.Error()) } @@ -181,3 +183,17 @@ func (policyHandler *PolicyHandler) getExceptions() ([]armotypes.PostureExceptio return exceptions, err } + +func (policyHandler *PolicyHandler) getControlInputs() (map[string][]string, error) { + if cachedControlInputs, exist := policyHandler.cachedControlInputs.Get(); exist { + logger.L().Info("Using cached control inputs") + return cachedControlInputs, nil + } + + controlInputs, err := policyHandler.getters.ControlsInputsGetter.GetControlsInputs(cautils.ClusterName) + if err == nil { + policyHandler.cachedControlInputs.Set(controlInputs) + } + + return controlInputs, err +} diff --git a/core/pkg/resourcehandler/handlerpullresources.go b/core/pkg/resourcehandler/handlerpullresources.go index 542db0ce..83f50606 100644 --- a/core/pkg/resourcehandler/handlerpullresources.go +++ b/core/pkg/resourcehandler/handlerpullresources.go @@ -20,7 +20,7 @@ import ( ) // CollectResources uses the provided resource handler to collect resources and returns an updated OPASessionObj -func CollectResources(ctx context.Context, rsrcHandler IResourceHandler, policyIdentifier []cautils.PolicyIdentifier, opaSessionObj *cautils.OPASessionObj, progressListener opaprocessor.IJobProgressNotificationClient) (*cautils.OPASessionObj, error) { +func CollectResources(ctx context.Context, rsrcHandler IResourceHandler, policyIdentifier []cautils.PolicyIdentifier, opaSessionObj *cautils.OPASessionObj, progressListener opaprocessor.IJobProgressNotificationClient) error { ctx, span := otel.Tracer("").Start(ctx, "resourcehandler.CollectResources") defer span.End() opaSessionObj.Report.ClusterAPIServerInfo = rsrcHandler.GetClusterAPIServerInfo(ctx) @@ -32,7 +32,7 @@ func CollectResources(ctx context.Context, rsrcHandler IResourceHandler, policyI resourcesMap, allResources, ksResources, err := rsrcHandler.GetResources(ctx, opaSessionObj, &policyIdentifier[0].Designators, progressListener) if err != nil { - return opaSessionObj, err + return err } opaSessionObj.K8SResources = resourcesMap @@ -40,10 +40,10 @@ func CollectResources(ctx context.Context, rsrcHandler IResourceHandler, policyI opaSessionObj.ArmoResource = ksResources if (opaSessionObj.K8SResources == nil || len(*opaSessionObj.K8SResources) == 0) && (opaSessionObj.ArmoResource == nil || len(*opaSessionObj.ArmoResource) == 0) { - return opaSessionObj, fmt.Errorf("empty list of resources") + return fmt.Errorf("empty list of resources") } - return opaSessionObj, nil + return nil } func setCloudMetadata(opaSessionObj *cautils.OPASessionObj) {