elastic / cloudbeat / 13989782125
76%
main: 76%

LAST BUILD BRANCH: renovate/main-github.com-google-gnostic-models-0.x
DEFAULT BRANCH: main
Ran
Jobs 1
Files 224
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 75.671% (+0.05%) from 75.619%
13989782125

push

github

web-flow 
[8.x](backport #3090) cnvm: Delete snapshots after scanning them (#3127)

### Summary of your changes
Fixes various underlying issues with CNVM snapshot deletion. The logic here is to do a best-effort attempt to clean up snapshots created during the run both continuously (after we are done scanning the snapshot) and on shutdown. Cleaning old snapshots that we don't use anymore is part of https://github.com/elastic/cloudbeat/issues/3105. Issues fixed:
- `internal/flavors/vulnerability.go`: Wait for `Run()` to finish, this ensures that final snapshot clean-up is done after execution finishes
- `internal/resources/providers/awslib/ec2/provider.go`: Give extra retries to snapshot deletion, mainly avoiding "too many requests" errors
- `internal/vulnerability/snapshot.go`: New snapshot manager to handle creation, deletion and clean-up of snapshots. The deletion extends the `context.Context` with an extra 30s timeout to give a grace period to clean-up snapshots during shutdown/restart.
- `internal/vulnerability/replicator.go`: Add dependency to the snapshot manager instead of `provider` to track created snapshots
- `internal/vulnerability/scanner.go`: Delete snapshot after scanning
- `internal/vulnerability/worker.go`: `defer` a call snapshot manager's cleanup

### Screenshot/Data
1. The way I verified we avoid leftover snapshots is to change the name of the snapshots:
  ```diff
  diff --git a/internal/resources/providers/awslib/ec2/provider.go b/internal/resources/providers/awslib/ec2/provider.go
  index 14abc5bf..3faeef7d 100644
  --- a/internal/resources/providers/awslib/ec2/provider.go
  +++ b/internal/resources/providers/awslib/ec2/provider.go
  @@ -78,7 +78,7 @@ func (p *Provider) CreateSnapshots(ctx context.Context, ins *Ec2Instance) ([]EBS
 			  {
 				  ResourceType: "snapshot",
 				  Tags: []types.Tag{
  -					{Key: aws.String("Name"), Value: aws.String(fmt.Sprintf("elastic-vulnerability-%s", *ins.InstanceId))},
  +					{Key: aws.String("Name"), V... (continued)

151 of 171 new or added lines in 10 files covered. (88.3%)

1 existing line in 1 file now uncovered.

8989 of 11879 relevant lines covered (75.67%)

16.21 hits per line

New Missed Lines in Diff

Lines Coverage File
1
86.11
 -0.73% internal/vulnerability/replicator.go
2
86.05
 1.78% internal/vulnerability/worker.go
4
92.73
 internal/vulnerability/snapshot.go
5
0.0
 0.0% internal/flavors/vulnerability.go
8
73.47
 -1.34% internal/resources/providers/awslib/ec2/provider.go

Uncovered Existing Lines

Lines Coverage File
1
0.0
 0.0% internal/flavors/vulnerability.go
Jobs
ID Job ID Ran Files Coverage
1 13989782125.1 224
75.67
 GitHub Action Run
Source Files on build 13989782125