adding logs

core/cautils/customerloader.go

@@ -69,7 +69,10 @@ type ITenantConfig interface {
 	// getters
 	GetContextName() string
 	GetAccountID() string
-	GetTennatEmail() string
+	GetTenantEmail() string
+	GetToken() string
+	GetClientID() string
+	GetSecretKey() string
 	GetConfigObj() *ConfigObj
 	// GetBackendAPI() getter.IBackend
 	// GenerateURL()
@@ -88,7 +91,6 @@ type LocalConfig struct {
 
 func NewLocalConfig(
 	backendAPI getter.IBackend, customerGUID, clusterName string) *LocalConfig {
-	var configObj *ConfigObj
 
 	lc := &LocalConfig{
 		backendAPI: backendAPI,
@@ -96,13 +98,9 @@ func NewLocalConfig(
 	}
 	// get from configMap
 	if existsConfigFile() { // get from file
-		configObj, _ = loadConfigFromFile()
-	} else {
-		configObj = &ConfigObj{}
-	}
-	if configObj != nil {
-		lc.configObj = configObj
+		loadConfigFromFile(lc.configObj)
 	}
+
 	if customerGUID != "" {
 		lc.configObj.AccountID = customerGUID // override config customerGUID
 	}
@@ -119,9 +117,12 @@ func NewLocalConfig(
 }
 
 func (lc *LocalConfig) GetConfigObj() *ConfigObj { return lc.configObj }
-func (lc *LocalConfig) GetTennatEmail() string   { return lc.configObj.CustomerAdminEMail }
+func (lc *LocalConfig) GetTenantEmail() string   { return lc.configObj.CustomerAdminEMail }
 func (lc *LocalConfig) GetAccountID() string     { return lc.configObj.AccountID }
+func (lc *LocalConfig) GetClientID() string      { return lc.configObj.ClientID }
+func (lc *LocalConfig) GetSecretKey() string     { return lc.configObj.SecretKey }
 func (lc *LocalConfig) GetContextName() string   { return lc.configObj.ClusterName }
+func (lc *LocalConfig) GetToken() string         { return lc.configObj.Token }
 func (lc *LocalConfig) IsConfigFound() bool      { return existsConfigFile() }
 func (lc *LocalConfig) SetTenant() error {
 
@@ -191,7 +192,7 @@ type ClusterConfig struct {
 }
 
 func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, customerGUID, clusterName string) *ClusterConfig {
-	var configObj *ConfigObj
+	// var configObj *ConfigObj
 	c := &ClusterConfig{
 		k8s:                k8s,
 		backendAPI:         backendAPI,
@@ -200,15 +201,14 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 		configMapNamespace: getConfigMapNamespace(),
 	}
 
-	// get from configMap
+	// first, load from configMap
 	if c.existsConfigMap() {
-		configObj, _ = c.loadConfigFromConfigMap()
+		c.loadConfigFromConfigMap()
 	}
-	if configObj == nil && existsConfigFile() { // get from file
-		configObj, _ = loadConfigFromFile()
-	}
-	if configObj != nil {
-		c.configObj = configObj
+
+	// second, load from file
+	if existsConfigFile() { // get from file
+		loadConfigFromFile(c.configObj)
 	}
 	if customerGUID != "" {
 		c.configObj.AccountID = customerGUID // override config customerGUID
@@ -234,7 +234,10 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 func (c *ClusterConfig) GetConfigObj() *ConfigObj { return c.configObj }
 func (c *ClusterConfig) GetDefaultNS() string     { return c.configMapNamespace }
 func (c *ClusterConfig) GetAccountID() string     { return c.configObj.AccountID }
-func (c *ClusterConfig) GetTennatEmail() string   { return c.configObj.CustomerAdminEMail }
+func (c *ClusterConfig) GetClientID() string      { return c.configObj.ClientID }
+func (c *ClusterConfig) GetSecretKey() string     { return c.configObj.SecretKey }
+func (c *ClusterConfig) GetTenantEmail() string   { return c.configObj.CustomerAdminEMail }
+func (c *ClusterConfig) GetToken() string         { return c.configObj.Token }
 func (c *ClusterConfig) IsConfigFound() bool      { return existsConfigFile() || c.existsConfigMap() }
 
 func (c *ClusterConfig) SetTenant() error {
@@ -282,18 +285,26 @@ func (c *ClusterConfig) ToMapString() map[string]interface{} {
 	}
 	return m
 }
-func (c *ClusterConfig) loadConfigFromConfigMap() (*ConfigObj, error) {
+func (c *ClusterConfig) loadConfigFromConfigMap() error {
 	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
 	if err != nil {
-		return nil, err
+		return err
 	}
 
-	if bData, err := json.Marshal(configMap.Data); err == nil {
-		return readConfig(bData)
-	}
-	return nil, nil
+	return loadConfigFromData(c.configObj, configMap.Data)
 }
 
+func loadConfigFromData(co *ConfigObj, data map[string]string) error {
+	var e error
+	if jsonConf, ok := data["config.json"]; ok {
+		e = readConfig([]byte(jsonConf), co)
+	}
+	if bData, err := json.Marshal(data); err == nil {
+		e = readConfig(bData, co)
+	}
+
+	return e
+}
 func (c *ClusterConfig) existsConfigMap() bool {
 	_, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
 	// TODO - check if has customerGUID
@@ -411,28 +422,27 @@ func (c *ClusterConfig) updateConfigData(configMap *corev1.ConfigMap) {
 		}
 	}
 }
-func loadConfigFromFile() (*ConfigObj, error) {
+func loadConfigFromFile(configObj *ConfigObj) error {
 	dat, err := os.ReadFile(ConfigFileFullPath())
 	if err != nil {
-		return nil, err
+		return err
 	}
-
-	return readConfig(dat)
+	return readConfig(dat, configObj)
 }
-func readConfig(dat []byte) (*ConfigObj, error) {
+func readConfig(dat []byte, configObj *ConfigObj) error {
 
 	if len(dat) == 0 {
-		return nil, nil
+		return nil
 	}
-	configObj := &ConfigObj{}
+
 	if err := json.Unmarshal(dat, configObj); err != nil {
-		return nil, err
+		return err
 	}
 	if configObj.AccountID == "" {
 		configObj.AccountID = configObj.CustomerGUID
 	}
 	configObj.CustomerGUID = ""
-	return configObj, nil
+	return nil
 }
 
 // Check if the customer is submitted

core/cautils/customerloader_test.go

@@ -0,0 +1,193 @@
+package cautils
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+)
+
+func mockConfigObj() *ConfigObj {
+	return &ConfigObj{
+		AccountID:          "aaa",
+		ClientID:           "bbb",
+		SecretKey:          "ccc",
+		ClusterName:        "ddd",
+		CustomerAdminEMail: "ab@cd",
+		Token:              "eee",
+	}
+}
+func mockLocalConfig() *LocalConfig {
+	return &LocalConfig{
+		backendAPI: nil,
+		configObj:  mockConfigObj(),
+	}
+}
+
+func mockClusterConfig() *ClusterConfig {
+	return &ClusterConfig{
+		backendAPI: nil,
+		configObj:  mockConfigObj(),
+	}
+}
+func TestConfig(t *testing.T) {
+	co := mockConfigObj()
+	cop := ConfigObj{}
+
+	assert.NoError(t, json.Unmarshal(co.Config(), &cop))
+	assert.Equal(t, co.AccountID, cop.AccountID)
+	assert.Equal(t, co.ClientID, cop.ClientID)
+	assert.Equal(t, co.SecretKey, cop.SecretKey)
+	assert.Equal(t, "", cop.ClusterName)        // Not copied to bytes
+	assert.Equal(t, "", cop.CustomerAdminEMail) // Not copied to bytes
+	assert.Equal(t, "", cop.Token)              // Not copied to bytes
+
+}
+
+func TestITenantConfig(t *testing.T) {
+	var lc ITenantConfig
+	var c ITenantConfig
+	lc = mockLocalConfig()
+	c = mockClusterConfig()
+
+	co := mockConfigObj()
+
+	// test LocalConfig methods
+	assert.Equal(t, co.AccountID, lc.GetAccountID())
+	assert.Equal(t, co.ClientID, lc.GetClientID())
+	assert.Equal(t, co.SecretKey, lc.GetSecretKey())
+	assert.Equal(t, co.ClusterName, lc.GetContextName())
+	assert.Equal(t, co.CustomerAdminEMail, lc.GetTenantEmail())
+	assert.Equal(t, co.Token, lc.GetToken())
+
+	// test ClusterConfig methods
+	assert.Equal(t, co.AccountID, c.GetAccountID())
+	assert.Equal(t, co.ClientID, c.GetClientID())
+	assert.Equal(t, co.SecretKey, c.GetSecretKey())
+	assert.Equal(t, co.ClusterName, c.GetContextName())
+	assert.Equal(t, co.CustomerAdminEMail, c.GetTenantEmail())
+	assert.Equal(t, co.Token, c.GetToken())
+}
+
+func TestUpdateConfigData(t *testing.T) {
+	c := mockClusterConfig()
+
+	configMap := &corev1.ConfigMap{}
+
+	c.updateConfigData(configMap)
+
+	assert.Equal(t, c.GetAccountID(), configMap.Data["accountID"])
+	assert.Equal(t, c.GetClientID(), configMap.Data["clientID"])
+	assert.Equal(t, c.GetSecretKey(), configMap.Data["secretKey"])
+}
+
+func TestReadConfig(t *testing.T) {
+	com := mockConfigObj()
+	co := &ConfigObj{}
+
+	b, e := json.Marshal(com)
+	assert.NoError(t, e)
+
+	readConfig(b, co)
+
+	assert.Equal(t, com.AccountID, co.AccountID)
+	assert.Equal(t, com.ClientID, co.ClientID)
+	assert.Equal(t, com.SecretKey, co.SecretKey)
+	assert.Equal(t, com.ClusterName, co.ClusterName)
+	assert.Equal(t, com.CustomerAdminEMail, co.CustomerAdminEMail)
+	assert.Equal(t, com.Token, co.Token)
+}
+
+func TestLoadConfigFromData(t *testing.T) {
+
+	// use case: all data is in base config
+	{
+		c := mockClusterConfig()
+		co := mockConfigObj()
+
+		configMap := &corev1.ConfigMap{}
+
+		c.updateConfigData(configMap)
+
+		c.configObj = &ConfigObj{}
+
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.Equal(t, c.GetAccountID(), co.AccountID)
+		assert.Equal(t, c.GetClientID(), co.ClientID)
+		assert.Equal(t, c.GetSecretKey(), co.SecretKey)
+		assert.Equal(t, c.GetContextName(), co.ClusterName)
+		assert.Equal(t, c.GetTenantEmail(), co.CustomerAdminEMail)
+		assert.Equal(t, c.GetToken(), co.Token)
+	}
+
+	// use case: all data is in config.json
+	{
+		c := mockClusterConfig()
+
+		co := mockConfigObj()
+		configMap := &corev1.ConfigMap{
+			Data: make(map[string]string),
+		}
+
+		configMap.Data["config.json"] = string(c.GetConfigObj().Config())
+		c.configObj = &ConfigObj{}
+
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.Equal(t, c.GetAccountID(), co.AccountID)
+		assert.Equal(t, c.GetClientID(), co.ClientID)
+		assert.Equal(t, c.GetSecretKey(), co.SecretKey)
+	}
+
+	// use case: some data is in config.json
+	{
+		c := mockClusterConfig()
+		configMap := &corev1.ConfigMap{
+			Data: make(map[string]string),
+		}
+
+		// add to map
+		configMap.Data["clientID"] = c.configObj.ClientID
+		configMap.Data["secretKey"] = c.configObj.SecretKey
+
+		// delete the content
+		c.configObj.ClientID = ""
+		c.configObj.SecretKey = ""
+
+		configMap.Data["config.json"] = string(c.GetConfigObj().Config())
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.NotEmpty(t, c.GetAccountID())
+		assert.NotEmpty(t, c.GetClientID())
+		assert.NotEmpty(t, c.GetSecretKey())
+	}
+
+	// use case: some data is in config.json
+	{
+		c := mockClusterConfig()
+		configMap := &corev1.ConfigMap{
+			Data: make(map[string]string),
+		}
+
+		c.configObj.AccountID = "tttt"
+
+		// add to map
+		configMap.Data["accountID"] = mockConfigObj().AccountID
+		configMap.Data["clientID"] = c.configObj.ClientID
+		configMap.Data["secretKey"] = c.configObj.SecretKey
+
+		// delete the content
+		c.configObj.ClientID = ""
+		c.configObj.SecretKey = ""
+
+		configMap.Data["config.json"] = string(c.GetConfigObj().Config())
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.Equal(t, mockConfigObj().AccountID, c.GetAccountID())
+		assert.NotEmpty(t, c.GetClientID())
+		assert.NotEmpty(t, c.GetSecretKey())
+	}
+
+}

core/cautils/getter/armoapi.go

@@ -147,7 +147,8 @@ func (armoAPI *ArmoAPI) IsLoggedIn() bool              { return armoAPI.loggedIn
 func (armoAPI *ArmoAPI) GetClientID() string           { return armoAPI.clientID }
 func (armoAPI *ArmoAPI) GetSecretKey() string          { return armoAPI.secretKey }
 func (armoAPI *ArmoAPI) GetFrontendURL() string        { return armoAPI.feURL }
-func (armoAPI *ArmoAPI) GetAPIURL() string             { return armoAPI.apiURL }
+func (armoAPI *ArmoAPI) GetApiURL() string             { return armoAPI.apiURL }
+func (armoAPI *ArmoAPI) GetAuthURL() string            { return armoAPI.authURL }
 func (armoAPI *ArmoAPI) GetReportReceiverURL() string  { return armoAPI.erURL }
 func (armoAPI *ArmoAPI) SetAccountID(accountID string) { armoAPI.accountID = accountID }
 func (armoAPI *ArmoAPI) SetClientID(clientID string)   { armoAPI.clientID = clientID }

core/cautils/getter/armoapiutils.go

@@ -9,23 +9,11 @@ import (
 	"strings"
 )
 
-func parseHost(urlObj *url.URL) {
-	if strings.Contains(urlObj.Host, "http://") {
-		urlObj.Scheme = "http"
-		urlObj.Host = strings.Replace(urlObj.Host, "http://", "", 1)
-	} else {
-		urlObj.Scheme = "https"
-		urlObj.Host = strings.Replace(urlObj.Host, "https://", "", 1)
-	}
-}
-
 var NativeFrameworks = []string{"nsa", "mitre", "armobest", "devopsbest"}
 
 func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {
 	u := url.URL{}
-	u.Host = armoAPI.GetAPIURL()
-	parseHost(&u)
-
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoFrameworks"
 	q := u.Query()
 	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
@@ -42,9 +30,7 @@ func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {
 
 func (armoAPI *ArmoAPI) getListFrameworkURL() string {
 	u := url.URL{}
-	u.Host = armoAPI.GetAPIURL()
-	parseHost(&u)
-
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoFrameworks"
 	q := u.Query()
 	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
@@ -54,8 +40,7 @@ func (armoAPI *ArmoAPI) getListFrameworkURL() string {
 }
 func (armoAPI *ArmoAPI) getExceptionsURL(clusterName string) string {
 	u := url.URL{}
-	u.Host = armoAPI.GetAPIURL()
-	parseHost(&u)
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoPostureExceptions"
 
 	q := u.Query()
@@ -70,8 +55,7 @@ func (armoAPI *ArmoAPI) getExceptionsURL(clusterName string) string {
 
 func (armoAPI *ArmoAPI) exceptionsURL(exceptionsPolicyName string) string {
 	u := url.URL{}
-	u.Host = armoAPI.GetAPIURL()
-	parseHost(&u)
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/postureExceptionPolicy"
 
 	q := u.Query()
@@ -93,8 +77,7 @@ func (armoAPI *ArmoAPI) getAccountConfigDefault(clusterName string) string {
 
 func (armoAPI *ArmoAPI) getAccountConfig(clusterName string) string {
 	u := url.URL{}
-	u.Host = armoAPI.GetAPIURL()
-	parseHost(&u)
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoCustomerConfiguration"
 
 	q := u.Query()
@@ -109,22 +92,21 @@ func (armoAPI *ArmoAPI) getAccountConfig(clusterName string) string {
 
 func (armoAPI *ArmoAPI) getAccountURL() string {
 	u := url.URL{}
-	u.Host = armoAPI.GetAPIURL()
-	parseHost(&u)
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/createTenant"
 	return u.String()
 }
 
 func (armoAPI *ArmoAPI) getApiToken() string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Path = "frontegg/identity/resources/auth/v1/api-token"
+	u.Scheme, u.Host = parseHost(armoAPI.GetAuthURL())
+	u.Path = "identity/resources/auth/v1/api-token"
 	return u.String()
 }
 
 func (armoAPI *ArmoAPI) getOpenidCustomers() string {
 	u := url.URL{}
-	u.Scheme = "https"
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/openid_customers"
 	return u.String()
 }
@@ -183,3 +165,12 @@ func (armoAPI *ArmoAPI) getCustomerGUIDFallBack() string {
 	}
 	return "11111111-1111-1111-1111-111111111111"
 }
+
+func parseHost(host string) (string, string) {
+	if strings.HasPrefix(host, "http://") {
+		return "http", strings.Replace(host, "http://", "", 1)
+	}
+
+	// default scheme
+	return "https", strings.Replace(host, "https://", "", 1)
+}

core/core/download.go

@@ -130,7 +130,7 @@ func downloadFramework(downloadInfo *metav1.DownloadInfo) error {
 
 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())
 
-	g := getPolicyGetter(nil, tenant.GetTennatEmail(), true, nil)
+	g := getPolicyGetter(nil, tenant.GetTenantEmail(), true, nil)
 
 	if downloadInfo.Name == "" {
 		// if framework name not specified - download all frameworks
@@ -172,7 +172,7 @@ func downloadControl(downloadInfo *metav1.DownloadInfo) error {
 
 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())
 
-	g := getPolicyGetter(nil, tenant.GetTennatEmail(), false, nil)
+	g := getPolicyGetter(nil, tenant.GetTenantEmail(), false, nil)
 
 	if downloadInfo.Name == "" {
 		// TODO - support

core/core/list.go

@@ -45,7 +45,7 @@ func (ks *Kubescape) List(listPolicies *metav1.ListPolicies) error {
 
 func listFrameworks(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface
-	g := getPolicyGetter(nil, tenant.GetTennatEmail(), true, nil)
+	g := getPolicyGetter(nil, tenant.GetTenantEmail(), true, nil)
 
 	return listFrameworksNames(g), nil
 }
@@ -53,7 +53,7 @@ func listFrameworks(listPolicies *metav1.ListPolicies) ([]string, error) {
 func listControls(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface
 
-	g := getPolicyGetter(nil, tenant.GetTennatEmail(), false, nil)
+	g := getPolicyGetter(nil, tenant.GetTenantEmail(), false, nil)
 	l := getter.ListName
 	if listPolicies.ListIDs {
 		l = getter.ListID

core/core/scan.go

@@ -124,7 +124,7 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH
 	downloadReleasedPolicy := getter.NewDownloadReleasedPolicy() // download config inputs from github release
 
 	// set policy getter only after setting the customerGUID
-	scanInfo.Getters.PolicyGetter = getPolicyGetter(scanInfo.UseFrom, interfaces.tenantConfig.GetTennatEmail(), scanInfo.FrameworkScan, downloadReleasedPolicy)
+	scanInfo.Getters.PolicyGetter = getPolicyGetter(scanInfo.UseFrom, interfaces.tenantConfig.GetTenantEmail(), scanInfo.FrameworkScan, downloadReleasedPolicy)
 	scanInfo.Getters.ControlsInputsGetter = getConfigInputsGetter(scanInfo.ControlsInputs, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
 	scanInfo.Getters.ExceptionsGetter = getExceptionsGetter(scanInfo.UseExceptions)
 

core/pkg/registryadaptors/armosec/v1/civarmoadaptor.go

@@ -51,7 +51,7 @@ func (armoCivAdaptor *ArmoCivAdaptor) GetImageVulnerability(imageID *registryvul
 	pageNumber := 1
 	request := V2ListRequest{PageSize: &pageSize, PageNum: &pageNumber, InnerFilters: filter, OrderBy: "timestamp:desc"}
 	requestBody, _ := json.Marshal(request)
-	requestUrl := fmt.Sprintf("https://%s/api/v1/vulnerability/scanResultsDetails?customerGUID=%s", armoCivAdaptor.armoAPI.GetAPIURL(), armoCivAdaptor.armoAPI.GetAccountID())
+	requestUrl := fmt.Sprintf("https://%s/api/v1/vulnerability/scanResultsDetails?customerGUID=%s", armoCivAdaptor.armoAPI.GetApiURL(), armoCivAdaptor.armoAPI.GetAccountID())
 
 	resp, err := armoCivAdaptor.armoAPI.Post(requestUrl, map[string]string{"Content-Type": "application/json"}, requestBody)
 	if err != nil {

core/pkg/registryadaptors/armosec/v1/civarmoadaptorutils.go

@@ -14,7 +14,7 @@ func (armoCivAdaptor *ArmoCivAdaptor) getImageLastScanId(imageID *registryvulner
 	pageNumber := 1
 	request := V2ListRequest{PageSize: &pageSize, PageNum: &pageNumber, InnerFilters: filter, OrderBy: "timestamp:desc"}
 	requestBody, _ := json.Marshal(request)
-	requestUrl := fmt.Sprintf("https://%s/api/v1/vulnerability/scanResultsSumSummary?customerGUID=%s", armoCivAdaptor.armoAPI.GetAPIURL(), armoCivAdaptor.armoAPI.GetAccountID())
+	requestUrl := fmt.Sprintf("https://%s/api/v1/vulnerability/scanResultsSumSummary?customerGUID=%s", armoCivAdaptor.armoAPI.GetApiURL(), armoCivAdaptor.armoAPI.GetAccountID())
 
 	resp, err := armoCivAdaptor.armoAPI.Post(requestUrl, map[string]string{"Content-Type": "application/json"}, requestBody)
 	if err != nil {

core/pkg/resourcehandler/k8sresources.go

@@ -88,7 +88,7 @@ func (k8sHandler *K8sResourceHandler) GetResources(sessionObj *cautils.OPASessio
 			logger.L().Warning("failed to collect image vulnerabilities", helpers.Error(err))
 		}
 		if isEmptyImgVulns(*armoResourceMap) {
-			cautils.SetInfoMapForResources("image scanning not configured. For more information: https://hub.armo.cloud/docs/cluster-vulnerability-scanning", imgVulnResources, sessionObj.InfoMap)
+			cautils.SetInfoMapForResources("image scanning is not configured. for more information: https://hub.armo.cloud/docs/cluster-vulnerability-scanning", imgVulnResources, sessionObj.InfoMap)
 		}
 	}
 

httphandler/README.md

@@ -1,26 +1,85 @@
 # Kubescape HTTP Handler Package
 
-> This is a beta version, we might make some changes before publishing the official Prometheus support
-
-Running `kubescape` will start up a webserver on port `8080` which will serve the following paths: 
+Running `kubescape` will start up a webserver on port `8080` which will serve the following API's: 
 
 ### Trigger scan
 
-* POST `/v1/scan` - Trigger a kubescape scan. The server will return an ID and will execute the scanning asynchronously 
-* * `wait`: scan synchronously (return results and not ID). Use only in small clusters are with an increased timeout
-* * `keep`: Do not delete results from local storage after returning
+* POST `/v1/scan` - trigger a kubescape scan. The server will return an ID and will execute the scanning asynchronously. the request body should look [as followed](#trigger-scan-object).
+* * `wait=true`: scan synchronously (return results and not ID). Use only in small clusters or with an increased timeout. default is `wait=false`
+* * `keep=true`: do not delete results from local storage after returning. default is `keep=false`
+* POST `/v1/metrics` - trigger kubescape for Prometheus support. [read more](examples/prometheus/README.md)
+
+[Response](#response-object):
+
+```
+{
+  "id": <str>,                      // scan ID
+  "type": "busy",                   // response object type
+  "response": <message:string>      // message indicating scanning is still in process
+}
+```
+
+> When scanning was triggered with the `wait=true` query param, the response is like the [`/v1/results` API](#get-results) response
 
 ### Get results
-* GET `/v1/results` -  Request kubescape scan results
-* * query `id=<string>` -> ID returned when triggering the scan action. If empty will return latest results
-* * query `keep` -> Do not delete results from local storage after returning
+* GET `/v1/results` -  request kubescape scan results
+* * query `id=<string>` -> request results of a specific scan ID. If empty will return latest results
+* * query `keep=true` -> keep the results in the local storage after returning. default is `keep=false` - the results will be deleted from local storage after they are returned
 
+[Response](#response-object):
+
+When scanning was done successfully
+```
+{
+  "id": <str>,                      // scan ID
+  "type": "v1results",              // response object type
+  "response": <object:v1results>    // v1 results payload
+}
+```
+
+When scanning failed
+```
+{
+  "id": <str>,                  // scan ID
+  "type": "error",              // response object type
+  "response": <error:string>    // error string
+}
+```
+
+When scanning is in progress
+```
+{
+  "id": <str>,                    // scan ID
+  "type": "busy",                 // response object type
+  "response": <message:string>    // message indicating scanning is still in process
+}
+```
 ### Check scanning progress status
 Check the scanning status - is the scanning in progress or done. This is meant for a waiting mechanize since the API does not return the entire results object when the scanning is done
 
 * GET `/v1/status` -  Request kubescape scan status
 * * query `id=<string>` -> Check status of a specific scan. If empty will check if any scan is in progress
 
+[Response](#response-object):
+
+When scanning is in progress
+```
+{
+  "id": <str>,                    // scan ID
+  "type": "busy",                 // response object type
+  "response": <message:string>    // message indicating scanning is still in process
+}
+```
+
+When scanning is not in progress
+```
+{
+  "id": <str>,                    // scan ID
+  "type": "notBusy",              // response object type
+  "response": <message:string>    // message indicating scanning is done in process
+}
+```
+
 ### Delete cached results
 * DELETE `/v1/results` - Delete kubescape scan results from storage. If empty will delete latest results
 * * query `id=<string>`: Delete ID of specific results 
@@ -32,10 +91,10 @@ Check the scanning status - is the scanning in progress or done. This is meant f
 * `/livez` - will respond 200 is server is alive
 * `/readyz` - will respond 200 if server can receive requests 
 
-## Trigger Kubescape scan
+## Objects
+
+### Trigger scan object
 
-POST /v1/scan
-body:
 ```
 {
   "format": <str>,               // results format [default: json] (same as 'kubescape scan --format')
@@ -51,7 +110,8 @@ body:
 }
 ```
 
-Response body:
+### Response object
+
 ```
 {
   "id": <str>,                      // scan ID
@@ -59,10 +119,12 @@ Response body:
   "response": <object:interface>    // response payload as list of bytes
 }
 ```
+#### Response object types
 
-Response body types:
 *  "v1results" - v1 results object
-*  "id" - id string
+*  "busy" - server is busy processing previous requests 
+*  "notBusy" - server is not busy processing previous requests
+*  "ready" - server is done processing request and results are ready  
 *  "error" - error object
 
 ## API Examples

httphandler/examples/prometheus/README.md

@@ -110,13 +110,4 @@ kubescape_control_count_resources_excluded{name="<control name>",url="<docs url>
 kubescape_control_count_resources_passed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
 ```
 
-#### Resources metrics
-The resources metrics give you the ability to prioritize fixing the resources by the number of controls that failed 
-
-```
-# Number of controls that failed for this particular resource
-kubescape_resource_count_controls_failed{apiVersion="<>",kind="<>",namespace="<>",name="<>"} <counter>
-
-# Number of controls that where excluded for this particular resource
-kubescape_resource_count_controls_excluded{apiVersion="<>",kind="<>",namespace="<>",name="<>"} <counter>
-```
+ 

httphandler/handlerequests/v1/datastructuremethods_test.go

@@ -72,6 +72,17 @@ func TestSetTargetInScanInfo(t *testing.T) {
 		assert.True(t, scanInfo.ScanAll)
 		assert.Equal(t, 0, len(scanInfo.PolicyIdentifier))
 	}
+	{
+		req := &utilsmetav1.PostScanRequest{
+			TargetType:  apisv1.KindFramework,
+			TargetNames: []string{},
+		}
+		scanInfo := &cautils.ScanInfo{}
+		setTargetInScanInfo(req, scanInfo)
+		assert.True(t, scanInfo.FrameworkScan)
+		assert.True(t, scanInfo.ScanAll)
+		assert.Equal(t, 0, len(scanInfo.PolicyIdentifier))
+	}
 	{
 		req := &utilsmetav1.PostScanRequest{
 			TargetType:  apisv1.KindFramework,

httphandler/handlerequests/v1/prometheus.go

@@ -9,47 +9,57 @@ import (
 	"github.com/armosec/kubescape/v2/core/cautils"
 	"github.com/armosec/kubescape/v2/core/cautils/logger"
 	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
-	"github.com/armosec/kubescape/v2/core/core"
+	utilsapisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
 	"github.com/google/uuid"
 )
 
 // Metrics http listener for prometheus support
 func (handler *HTTPHandler) Metrics(w http.ResponseWriter, r *http.Request) {
-	if handler.state.isBusy() { // if already scanning the cluster
-		message := fmt.Sprintf("scan '%s' in action", handler.state.getID())
-		logger.L().Info("server is busy", helpers.String("message", message), helpers.Time())
-		w.WriteHeader(http.StatusServiceUnavailable)
-		w.Write([]byte(message))
-		return
-	}
-
-	handler.state.setBusy()
-	defer handler.state.setNotBusy()
 
 	scanID := uuid.NewString()
-	handler.state.setID(scanID)
+	handler.state.setBusy(scanID)
+	defer handler.state.setNotBusy(scanID)
 
 	resultsFile := filepath.Join(OutputDir, scanID)
+	scanInfo := getPrometheusDefaultScanCommand(scanID, resultsFile)
 
-	// trigger scanning
-	logger.L().Info(handler.state.getID(), helpers.String("action", "triggering scan"), helpers.Time())
-	ks := core.NewKubescape()
-	results, err := ks.Scan(getPrometheusDefaultScanCommand(scanID, resultsFile))
-	if err != nil {
+	scanParams := &scanRequestParams{
+		scanQueryParams: &ScanQueryParams{
+			ReturnResults: true,
+			KeepResults:   false,
+		},
+		scanInfo: scanInfo,
+		scanID:   scanID,
+	}
+
+	handler.scanResponseChan.set(scanID) // add scan to channel
+	defer handler.scanResponseChan.delete(scanID)
+
+	// send to scan queue
+	logger.L().Info("requesting scan", helpers.String("scanID", scanID), helpers.String("api", "v1/metrics"))
+	handler.scanRequestChan <- scanParams
+
+	// wait for scan to complete
+	results := <-handler.scanResponseChan.get(scanID)
+	defer removeResultsFile(scanID) // remove json format results file
+	defer os.Remove(resultsFile)    // remove prometheus format results file
+
+	// handle response
+	if results.Type == utilsapisv1.ErrorScanResponseType {
 		w.WriteHeader(http.StatusInternalServerError)
-		w.Write([]byte(fmt.Sprintf("failed to complete scan. reason: %s", err.Error())))
+		w.Write(responseToBytes(results))
 		return
 	}
-	results.HandleResults()
-	logger.L().Info(handler.state.getID(), helpers.String("action", "done scanning"), helpers.Time())
 
+	// read prometheus format results file
 	f, err := os.ReadFile(resultsFile)
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
-		w.Write([]byte(fmt.Sprintf("failed read results from file. reason: %s", err.Error())))
+		results.Type = utilsapisv1.ErrorScanResponseType
+		results.Response = fmt.Sprintf("failed read results from file. reason: %s", err.Error())
+		w.Write(responseToBytes(results))
 		return
 	}
-	os.Remove(resultsFile)
 
 	w.WriteHeader(http.StatusOK)
 	w.Write(f)
@@ -57,6 +67,8 @@ func (handler *HTTPHandler) Metrics(w http.ResponseWriter, r *http.Request) {
 
 func getPrometheusDefaultScanCommand(scanID, resultsFile string) *cautils.ScanInfo {
 	scanInfo := defaultScanInfo()
+	scanInfo.Submit = false // do not submit results every scan
+	scanInfo.Local = true   // do not submit results every scan
 	scanInfo.FrameworkScan = true
 	scanInfo.ScanAll = true                                                        // scan all frameworks
 	scanInfo.ScanID = scanID                                                       // scan ID

httphandler/handlerequests/v1/requestparser.go

@@ -0,0 +1,110 @@
+package v1
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"sync"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	utilsmetav1 "github.com/armosec/opa-utils/httpserver/meta/v1"
+	"github.com/gorilla/schema"
+)
+
+type scanResponseChan struct {
+	scanResponseChan map[string]chan *utilsmetav1.Response
+	mtx              sync.RWMutex
+}
+
+// get response object chan
+func (resChan *scanResponseChan) get(key string) chan *utilsmetav1.Response {
+	resChan.mtx.RLock()
+	defer resChan.mtx.RUnlock()
+	return resChan.scanResponseChan[key]
+}
+
+// set chan for response object
+func (resChan *scanResponseChan) set(key string) {
+	resChan.mtx.Lock()
+	defer resChan.mtx.Unlock()
+	resChan.scanResponseChan[key] = make(chan *utilsmetav1.Response)
+}
+
+// push response object to chan
+func (resChan *scanResponseChan) push(key string, resp *utilsmetav1.Response) {
+	resChan.mtx.Lock()
+	defer resChan.mtx.Unlock()
+	if _, ok := resChan.scanResponseChan[key]; ok {
+		resChan.scanResponseChan[key] <- resp
+	}
+}
+
+// delete channel
+func (resChan *scanResponseChan) delete(key string) {
+	resChan.mtx.Lock()
+	defer resChan.mtx.Unlock()
+	delete(resChan.scanResponseChan, key)
+}
+func newScanResponseChan() *scanResponseChan {
+	return &scanResponseChan{
+		scanResponseChan: make(map[string]chan *utilsmetav1.Response),
+		mtx:              sync.RWMutex{},
+	}
+}
+
+type ScanQueryParams struct {
+	ReturnResults bool `schema:"wait"` // wait for scanning to complete (synchronized request)
+	KeepResults   bool `schema:"keep"` // do not delete results after returning (relevant only for synchronized requests)
+}
+
+type ResultsQueryParams struct {
+	ScanID      string `schema:"id"`
+	KeepResults bool   `schema:"keep"` // do not delete results after returning (default will delete results)
+	AllResults  bool   `schema:"all"`  // delete all results
+}
+
+type StatusQueryParams struct {
+	ScanID string `schema:"id"`
+}
+
+// scanRequestParams params passed to channel
+type scanRequestParams struct {
+	scanInfo        *cautils.ScanInfo // request as received from api
+	scanQueryParams *ScanQueryParams  // request as received from api
+	scanID          string            // generated scan ID
+}
+
+func getScanParamsFromRequest(r *http.Request, scanID string) (*scanRequestParams, error) {
+	defer r.Body.Close()
+
+	scanRequestParams := &scanRequestParams{}
+
+	scanQueryParams := &ScanQueryParams{}
+	if err := schema.NewDecoder().Decode(scanQueryParams, r.URL.Query()); err != nil {
+		return scanRequestParams, fmt.Errorf("failed to parse query params, reason: %s", err.Error())
+	}
+
+	readBuffer, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		// handler.writeError(w, fmt.Errorf("failed to read request body, reason: %s", err.Error()), scanID)
+		return scanRequestParams, fmt.Errorf("failed to read request body, reason: %s", err.Error())
+	}
+
+	logger.L().Info("REST API received scan request", helpers.String("body", string(readBuffer)))
+
+	scanRequest := &utilsmetav1.PostScanRequest{}
+	if err := json.Unmarshal(readBuffer, &scanRequest); err != nil {
+		return scanRequestParams, fmt.Errorf("failed to parse request payload, reason: %s", err.Error())
+	}
+
+	scanInfo := getScanCommand(scanRequest, scanID)
+
+	scanRequestParams.scanID = scanID
+	scanRequestParams.scanQueryParams = scanQueryParams
+	scanRequestParams.scanInfo = scanInfo
+
+	return scanRequestParams, nil
+}

httphandler/handlerequests/v1/requestparser_test.go

@@ -0,0 +1,76 @@
+package v1
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"testing"
+
+	utilsmetav1 "github.com/armosec/opa-utils/httpserver/meta/v1"
+	"github.com/armosec/utils-go/boolutils"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetScanParamsFromRequest(t *testing.T) {
+	{
+		body := utilsmetav1.PostScanRequest{
+			Submit:      boolutils.BoolPointer(true),
+			HostScanner: boolutils.BoolPointer(true),
+			Account:     "aaaaaaaaaa",
+		}
+
+		jsonBytes, err := json.Marshal(body)
+		assert.NoError(t, err)
+
+		u := url.URL{
+			Scheme:   "http",
+			Host:     "bla",
+			Path:     "bla",
+			RawQuery: "wait=true&keep=true",
+		}
+		request, err := http.NewRequest(http.MethodPost, u.String(), bytes.NewReader(jsonBytes))
+		assert.NoError(t, err)
+
+		scanID := "ccccccc"
+
+		req, err := getScanParamsFromRequest(request, scanID)
+		assert.NoError(t, err)
+		assert.Equal(t, scanID, req.scanID)
+		assert.True(t, req.scanQueryParams.KeepResults)
+		assert.True(t, req.scanQueryParams.ReturnResults)
+		assert.True(t, req.scanInfo.HostSensorEnabled.GetBool())
+		assert.True(t, req.scanInfo.Submit)
+		assert.Equal(t, "aaaaaaaaaa", req.scanInfo.Account)
+	}
+
+	{
+		body := utilsmetav1.PostScanRequest{
+			Submit:      boolutils.BoolPointer(false),
+			HostScanner: boolutils.BoolPointer(false),
+			Account:     "aaaaaaaaaa",
+		}
+
+		jsonBytes, err := json.Marshal(body)
+		assert.NoError(t, err)
+
+		u := url.URL{
+			Scheme: "http",
+			Host:   "bla",
+			Path:   "bla",
+		}
+		request, err := http.NewRequest(http.MethodPost, u.String(), bytes.NewReader(jsonBytes))
+		assert.NoError(t, err)
+
+		scanID := "ccccccc"
+
+		req, err := getScanParamsFromRequest(request, scanID)
+		assert.NoError(t, err)
+		assert.Equal(t, scanID, req.scanID)
+		assert.False(t, req.scanQueryParams.KeepResults)
+		assert.False(t, req.scanQueryParams.ReturnResults)
+		assert.False(t, req.scanInfo.HostSensorEnabled.GetBool())
+		assert.False(t, req.scanInfo.Submit)
+		assert.Equal(t, "aaaaaaaaaa", req.scanInfo.Account)
+	}
+}

httphandler/handlerequests/v1/requestshandler.go

@@ -1,11 +1,8 @@
 package v1
 
 import (
-	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/http"
-	"sync"
 
 	utilsapisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
 	utilsmetav1 "github.com/armosec/opa-utils/httpserver/meta/v1"
@@ -19,35 +16,27 @@ import (
 var OutputDir = "./results"
 var FailedOutputDir = "./failed"
 
-type ScanQueryParams struct {
-	ReturnResults bool `schema:"wait"` // wait for scanning to complete (synchronized request)
-	KeepResults   bool `schema:"keep"` // do not delete results after returning (relevant only for synchronized requests)
-}
-
-type ResultsQueryParams struct {
-	ScanID      string `schema:"id"`
-	KeepResults bool   `schema:"keep"` // do not delete results after returning (default will delete results)
-	AllResults  bool   `schema:"all"`  // delete all results
-}
-
-type StatusQueryParams struct {
-	ScanID string `schema:"id"`
-}
-
 type HTTPHandler struct {
-	state *serverState
+	state            *serverState
+	scanResponseChan *scanResponseChan
+	scanRequestChan  chan *scanRequestParams
 }
 
 func NewHTTPHandler() *HTTPHandler {
-	return &HTTPHandler{
-		state: newServerState(),
+	handler := &HTTPHandler{
+		state:            newServerState(),
+		scanRequestChan:  make(chan *scanRequestParams),
+		scanResponseChan: newScanResponseChan(),
 	}
+	go handler.executeScan()
+
+	return handler
 }
 
 // ============================================== STATUS ========================================================
 // Status API
 func (handler *HTTPHandler) Status(w http.ResponseWriter, r *http.Request) {
-	defer handler.recover(w)
+	defer handler.recover(w, "")
 
 	if r.Method != http.MethodGet {
 		w.WriteHeader(http.StatusMethodNotAllowed)
@@ -59,120 +48,88 @@ func (handler *HTTPHandler) Status(w http.ResponseWriter, r *http.Request) {
 
 	statusQueryParams := &StatusQueryParams{}
 	if err := schema.NewDecoder().Decode(statusQueryParams, r.URL.Query()); err != nil {
-		handler.writeError(w, fmt.Errorf("failed to parse query params, reason: %s", err.Error()))
+		w.WriteHeader(http.StatusInternalServerError)
+		handler.writeError(w, fmt.Errorf("failed to parse query params, reason: %s", err.Error()), "")
 		return
 	}
+	logger.L().Info("requesting status", helpers.String("scanID", statusQueryParams.ScanID), helpers.String("api", "v1/status"))
 
-	if !handler.state.isBusy() {
+	w.WriteHeader(http.StatusOK)
+	if !handler.state.isBusy(statusQueryParams.ScanID) {
 		response.Type = utilsapisv1.NotBusyScanResponseType
+		logger.L().Debug("status: not busy", helpers.String("ID", statusQueryParams.ScanID))
 		w.Write(responseToBytes(&response))
 		return
 	}
 
-	currentScanID := handler.state.getID()
-	if statusQueryParams.ScanID != "" && currentScanID != statusQueryParams.ScanID {
-		response.Type = utilsapisv1.NotBusyScanResponseType
-		w.Write(responseToBytes(&response))
-		return
+	if statusQueryParams.ScanID == "" {
+		statusQueryParams.ScanID = handler.state.getLatestID()
 	}
 
-	response.Response = currentScanID
-	response.ID = currentScanID
+	response.Response = statusQueryParams.ScanID
+	response.ID = statusQueryParams.ScanID
 	response.Type = utilsapisv1.BusyScanResponseType
+
+	logger.L().Debug("status: busy", helpers.String("ID", statusQueryParams.ScanID))
 	w.Write(responseToBytes(&response))
 }
 
 // ============================================== SCAN ========================================================
-// Scan API - TODO: break down to functions
+// Scan API
 func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
 
-	defer handler.recover(w)
+	// generate id
+	scanID := uuid.NewString()
 
-	defer r.Body.Close()
+	defer handler.recover(w, scanID)
 
 	if r.Method != http.MethodPost {
 		w.WriteHeader(http.StatusMethodNotAllowed)
 		return
 	}
-	response := utilsmetav1.Response{}
 	w.Header().Set("Content-Type", "application/json")
 
-	scanQueryParams := &ScanQueryParams{}
-	if err := schema.NewDecoder().Decode(scanQueryParams, r.URL.Query()); err != nil {
-		handler.writeError(w, fmt.Errorf("failed to parse query params, reason: %s", err.Error()))
-		return
-	}
-	if handler.state.isBusy() {
-		// TODO - Add to queue
-		w.WriteHeader(http.StatusOK)
-		response.Response = handler.state.getID()
-		response.ID = handler.state.getID()
-		response.Type = utilsapisv1.IDScanResponseType
-		w.Write(responseToBytes(&response))
-		return
-	}
-
-	handler.state.setBusy()
-
-	// generate id
-	scanID := uuid.NewString()
-	handler.state.setID(scanID)
-	response.ID = scanID
-	response.Type = utilsapisv1.IDScanResponseType
-
-	readBuffer, err := ioutil.ReadAll(r.Body)
+	scanRequestParams, err := getScanParamsFromRequest(r, scanID)
 	if err != nil {
-		handler.writeError(w, fmt.Errorf("failed to read request body, reason: %s", err.Error()))
+		handler.writeError(w, err, "")
 		return
 	}
 
-	logger.L().Info("REST API received scan request", helpers.String("body", string(readBuffer)))
+	handler.state.setBusy(scanID)
 
-	scanRequest := utilsmetav1.PostScanRequest{}
-	if err := json.Unmarshal(readBuffer, &scanRequest); err != nil {
-		handler.writeError(w, fmt.Errorf("failed to parse request payload, reason: %s", err.Error()))
-		return
-	}
+	response := &utilsmetav1.Response{}
+	response.ID = scanID
+	response.Type = utilsapisv1.BusyScanResponseType
+	response.Response = fmt.Sprintf("scanning '%s' is in progress", scanID)
 
-	var wg sync.WaitGroup
-	if scanQueryParams.ReturnResults {
-		wg.Add(1)
-	} else {
-		wg.Add(0)
-	}
-	statusCode := http.StatusOK
+	handler.scanResponseChan.set(scanID) // add channel
+	defer handler.scanResponseChan.delete(scanID)
+
+	// you must use a goroutine since the executeScan function is not always listening to the channel
 	go func() {
-		// execute scan in the background
+		// send to scanning handler
+		logger.L().Info("requesting scan", helpers.String("scanID", scanID), helpers.String("api", "v1/scan"))
+		handler.scanRequestChan <- scanRequestParams
+	}()
 
-		logger.L().Info("scan triggered", helpers.String("ID", scanID))
+	if scanRequestParams.scanQueryParams.ReturnResults {
+		// wait for scan to complete
+		response = <-handler.scanResponseChan.get(scanID)
 
-		results, err := scan(&scanRequest, scanID)
-		if err != nil {
-			logger.L().Error("scanning failed", helpers.String("ID", scanID), helpers.Error(err))
-			if scanQueryParams.ReturnResults {
-				response.Type = utilsapisv1.ErrorScanResponseType
-				response.Response = err.Error()
-				statusCode = http.StatusInternalServerError
-			}
-		} else {
-			logger.L().Success("done scanning", helpers.String("ID", scanID))
-			if scanQueryParams.ReturnResults {
-				response.Type = utilsapisv1.ResultsV1ScanResponseType
-				response.Response = results
-				wg.Done()
-			}
-		}
-		if scanQueryParams.ReturnResults && !scanQueryParams.KeepResults {
+		if scanRequestParams.scanQueryParams.KeepResults {
+			// delete results after returning
 			logger.L().Debug("deleting results", helpers.String("ID", scanID))
 			removeResultsFile(scanID)
 		}
-		handler.state.setNotBusy()
-	}()
+	}
 
-	wg.Wait()
+	statusCode := http.StatusOK
+	if response.Type == utilsapisv1.ErrorScanResponseType {
+		statusCode = http.StatusInternalServerError
+	}
 
 	w.WriteHeader(statusCode)
-	w.Write(responseToBytes(&response))
+	w.Write(responseToBytes(response))
 }
 
 // ============================================== RESULTS ========================================================
@@ -182,15 +139,16 @@ func (handler *HTTPHandler) Results(w http.ResponseWriter, r *http.Request) {
 	response := utilsmetav1.Response{}
 	w.Header().Set("Content-Type", "application/json")
 
-	defer handler.recover(w)
+	defer handler.recover(w, "")
 
 	defer r.Body.Close()
 
 	resultsQueryParams := &ResultsQueryParams{}
 	if err := schema.NewDecoder().Decode(resultsQueryParams, r.URL.Query()); err != nil {
-		handler.writeError(w, fmt.Errorf("failed to parse query params, reason: %s", err.Error()))
+		handler.writeError(w, fmt.Errorf("failed to parse query params, reason: %s", err.Error()), "")
 		return
 	}
+	logger.L().Info("requesting results", helpers.String("scanID", resultsQueryParams.ScanID), helpers.String("api", "v1/results"), helpers.String("method", r.Method))
 
 	if resultsQueryParams.ScanID == "" {
 		resultsQueryParams.ScanID = handler.state.getLatestID()
@@ -198,22 +156,22 @@ func (handler *HTTPHandler) Results(w http.ResponseWriter, r *http.Request) {
 
 	if resultsQueryParams.ScanID == "" { // if no scan found
 		logger.L().Info("empty scan ID")
-		w.WriteHeader(http.StatusBadRequest) // Should we return ok?
-		response.Response = "latest scan not found. trigger again"
+		w.WriteHeader(http.StatusBadRequest)
+		response.Response = "latest scan not found"
 		response.Type = utilsapisv1.ErrorScanResponseType
 		w.Write(responseToBytes(&response))
 		return
 	}
 	response.ID = resultsQueryParams.ScanID
 
-	if handler.state.isBusy() { // if requested ID is still scanning
-		if resultsQueryParams.ScanID == handler.state.getID() {
-			logger.L().Info("scan in process", helpers.String("ID", resultsQueryParams.ScanID))
-			w.WriteHeader(http.StatusOK)
-			response.Response = "scanning in progress"
-			w.Write(responseToBytes(&response))
-			return
-		}
+	if handler.state.isBusy(resultsQueryParams.ScanID) { // if requested ID is still scanning
+		logger.L().Info("scan in process", helpers.String("ID", resultsQueryParams.ScanID))
+		w.WriteHeader(http.StatusOK)
+		response.Type = utilsapisv1.BusyScanResponseType
+		response.Response = fmt.Sprintf("scanning '%s' in progress", resultsQueryParams.ScanID)
+		w.Write(responseToBytes(&response))
+		return
+
 	}
 
 	switch r.Method {
@@ -259,15 +217,10 @@ func (handler *HTTPHandler) Ready(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }
 
-func responseToBytes(res *utilsmetav1.Response) []byte {
-	b, _ := json.Marshal(res)
-	return b
-}
-
-func (handler *HTTPHandler) recover(w http.ResponseWriter) {
+func (handler *HTTPHandler) recover(w http.ResponseWriter, scanID string) {
 	response := utilsmetav1.Response{}
 	if err := recover(); err != nil {
-		handler.state.setNotBusy()
+		handler.state.setNotBusy(scanID)
 		logger.L().Error("recover", helpers.Error(fmt.Errorf("%v", err)))
 		w.WriteHeader(http.StatusInternalServerError)
 		response.Response = fmt.Sprintf("%v", err)
@@ -276,11 +229,11 @@ func (handler *HTTPHandler) recover(w http.ResponseWriter) {
 	}
 }
 
-func (handler *HTTPHandler) writeError(w http.ResponseWriter, err error) {
+func (handler *HTTPHandler) writeError(w http.ResponseWriter, err error, scanID string) {
 	response := utilsmetav1.Response{}
 	w.WriteHeader(http.StatusBadRequest)
 	response.Response = err.Error()
 	response.Type = utilsapisv1.ErrorScanResponseType
 	w.Write(responseToBytes(&response))
-	handler.state.setNotBusy()
+	handler.state.setNotBusy(scanID)
 }

httphandler/handlerequests/v1/requestshandler_test.go

@@ -0,0 +1,32 @@
+package v1
+
+// ============================================== STATUS ========================================================
+// Status API
+// func TestStatus(t *testing.T) {
+
+// 	{
+// 		httpHandler := NewHTTPHandler()
+
+// 		u := url.URL{
+// 			Scheme:   "http",
+// 			Host:     "bla",
+// 			Path:     "bla",
+// 			RawQuery: "wait=true&keep=true",
+// 		}
+// 		request, err := http.NewRequest(http.MethodPost, u.String(), nil)
+// 		httpHandler.Status(nil, request)
+
+// 		assert.NoError(t, err)
+
+// 		scanID := "ccccccc"
+
+// 		req, err := getScanParamsFromRequest(request, scanID)
+// 		assert.NoError(t, err)
+// 		assert.Equal(t, scanID, req.scanID)
+// 		assert.True(t, req.scanQueryParams.KeepResults)
+// 		assert.True(t, req.scanQueryParams.ReturnResults)
+// 		assert.True(t, *req.scanRequest.HostScanner)
+// 		assert.True(t, *req.scanRequest.Submit)
+// 		assert.Equal(t, "aaaaaaaaaa", req.scanRequest.Account)
+// 	}
+// }

httphandler/handlerequests/v1/requestshandlerutils.go

@@ -9,14 +9,48 @@ import (
 
 	"github.com/armosec/kubescape/v2/core/cautils"
 	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"github.com/armosec/kubescape/v2/core/core"
+	utilsapisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
 	utilsmetav1 "github.com/armosec/opa-utils/httpserver/meta/v1"
 	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
 	"github.com/armosec/utils-go/boolutils"
 )
 
-func scan(scanRequest *utilsmetav1.PostScanRequest, scanID string) (*reporthandlingv2.PostureReport, error) {
-	scanInfo := getScanCommand(scanRequest, scanID)
+// executeScan execute the scan request passed in the channel
+func (handler *HTTPHandler) executeScan() {
+	for {
+		scanReq := <-handler.scanRequestChan
+
+		logger.L().Info("triggering scan", helpers.String("scanID", scanReq.scanID))
+
+		response := &utilsmetav1.Response{}
+
+		logger.L().Info("scan triggered", helpers.String("ID", scanReq.scanID))
+		results, err := scan(scanReq.scanInfo, scanReq.scanID)
+		if err != nil {
+			logger.L().Error("scanning failed", helpers.String("ID", scanReq.scanID), helpers.Error(err))
+			if scanReq.scanQueryParams.ReturnResults {
+				response.Type = utilsapisv1.ErrorScanResponseType
+				response.Response = err.Error()
+			}
+		} else {
+			logger.L().Success("done scanning", helpers.String("ID", scanReq.scanID))
+			if scanReq.scanQueryParams.ReturnResults {
+				response.Type = utilsapisv1.ResultsV1ScanResponseType
+				response.Response = results
+			}
+		}
+
+		handler.state.setNotBusy(scanReq.scanID)
+
+		// return results
+		handler.scanResponseChan.push(scanReq.scanID, response)
+
+	}
+}
+func scan(scanInfo *cautils.ScanInfo, scanID string) (*reporthandlingv2.PostureReport, error) {
 
 	ks := core.NewKubescape()
 	result, err := ks.Scan(scanInfo)
@@ -104,14 +138,14 @@ func defaultScanInfo() *cautils.ScanInfo {
 	scanInfo := &cautils.ScanInfo{}
 	scanInfo.FailThreshold = 100
 	scanInfo.Account = envToString("KS_ACCOUNT", "")                               // publish results to Kubescape SaaS
-	scanInfo.ExcludedNamespaces = envToString("KS_EXCLUDE_NAMESPACES", "")         // namespace to exclude
-	scanInfo.HostSensorYamlPath = envToString("KS_HOST_SCAN_YAML", "")             // namespace to exclude
-	scanInfo.IncludeNamespaces = envToString("KS_INCLUDE_NAMESPACES", "")          // namespace to include
+	scanInfo.ExcludedNamespaces = envToString("KS_EXCLUDE_NAMESPACES", "")         // namespaces to exclude
+	scanInfo.IncludeNamespaces = envToString("KS_INCLUDE_NAMESPACES", "")          // namespaces to include
+	scanInfo.HostSensorYamlPath = envToString("KS_HOST_SCAN_YAML", "")             // path to host scan YAML
 	scanInfo.FormatVersion = envToString("KS_FORMAT_VERSION", "v2")                // output format version
 	scanInfo.Format = envToString("KS_FORMAT", "json")                             // default output should be json
 	scanInfo.Submit = envToBool("KS_SUBMIT", false)                                // publish results to Kubescape SaaS
-	scanInfo.HostSensorEnabled.SetBool(envToBool("KS_ENABLE_HOST_SCANNER", false)) // enable host scanner
 	scanInfo.Local = envToBool("KS_KEEP_LOCAL", false)                             // do not publish results to Kubescape SaaS
+	scanInfo.HostSensorEnabled.SetBool(envToBool("KS_ENABLE_HOST_SCANNER", false)) // enable host scanner
 	if !envToBool("KS_DOWNLOAD_ARTIFACTS", false) {
 		scanInfo.UseArtifactsFrom = getter.DefaultLocalStore // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
 	}
@@ -136,7 +170,7 @@ func writeScanErrorToFile(err error, scanID string) error {
 	if e := os.MkdirAll(filepath.Dir(FailedOutputDir), os.ModePerm); e != nil {
 		return fmt.Errorf("failed to scan. reason: '%s'. failed to save error in file - failed to create directory. reason: %s", err.Error(), e.Error())
 	}
-	f, e := os.Create(filepath.Join(FailedOutputDir, scanID))
+	f, e := os.Create(filepath.Join(filepath.Dir(FailedOutputDir), scanID))
 	if e != nil {
 		return fmt.Errorf("failed to scan. reason: '%s'. failed to save error in file - failed to open file for writing. reason: %s", err.Error(), e.Error())
 	}
@@ -147,3 +181,9 @@ func writeScanErrorToFile(err error, scanID string) error {
 	}
 	return fmt.Errorf("failed to scan. reason: '%s'", err.Error())
 }
+
+// responseToBytes convert response object to bytes
+func responseToBytes(res *utilsmetav1.Response) []byte {
+	b, _ := json.Marshal(res)
+	return b
+}

httphandler/handlerequests/v1/serverstate.go

@@ -3,44 +3,32 @@ package v1
 import "sync"
 
 type serverState struct {
-	// response string
-	busy     bool
-	id       string
+	statusID map[string]bool
 	latestID string
 	mtx      sync.RWMutex
 }
 
-func (s *serverState) isBusy() bool {
+// isBusy is server busy with ID, if id is empty will check for latest ID
+func (s *serverState) isBusy(id string) bool {
 	s.mtx.RLock()
-	busy := s.busy
+	if id == "" {
+		id = s.latestID
+	}
+	busy := s.statusID[id]
 	s.mtx.RUnlock()
 	return busy
 }
 
-func (s *serverState) setBusy() {
+func (s *serverState) setBusy(id string) {
 	s.mtx.Lock()
-	s.busy = true
+	s.statusID[id] = true
+	s.latestID = id
 	s.mtx.Unlock()
 }
 
-func (s *serverState) setNotBusy() {
+func (s *serverState) setNotBusy(id string) {
 	s.mtx.Lock()
-	s.busy = false
-	s.latestID = s.id
-	s.id = ""
-	s.mtx.Unlock()
-}
-
-func (s *serverState) getID() string {
-	s.mtx.RLock()
-	id := s.id
-	s.mtx.RUnlock()
-	return id
-}
-
-func (s *serverState) setID(id string) {
-	s.mtx.Lock()
-	s.id = id
+	delete(s.statusID, id)
 	s.mtx.Unlock()
 }
 
@@ -51,9 +39,16 @@ func (s *serverState) getLatestID() string {
 	return id
 }
 
+func (s *serverState) len() int {
+	s.mtx.RLock()
+	l := len(s.statusID)
+	s.mtx.RUnlock()
+	return l
+}
+
 func newServerState() *serverState {
 	return &serverState{
-		busy: false,
-		mtx:  sync.RWMutex{},
+		statusID: make(map[string]bool),
+		mtx:      sync.RWMutex{},
 	}
 }