Merge pull request #160 from abnamro/2412943-resc-liveness-and-readiness-probe

2412943 resc liveness and readiness probe

Author: amrityamrout

.github/workflows/k8-infra-ci.yaml

@@ -104,7 +104,7 @@ jobs:
         cd ${{ env.KUBERNETES_INFRA_DIR }}
         # Running temporary exit code 0 till all the issues are fixed
         datree config set offline local
-        datree test resc_helm_template.yaml --only-k8s-files --no-record --verbose --only-k8s-files --policy-config datree-policies.yaml || exit 0
+        datree test resc_helm_template.yaml --only-k8s-files --no-record --verbose --policy-config datree-policies.yaml
 
   release-charts:
     name: Release Charts

components/resc-backend/src/resc_backend/resc_web_service/api.py

@@ -116,7 +116,7 @@ def generate_logger_config(log_file_path, debug=True):
               description="RESC API helps you to perform several operations upon findings "
                           "obtained from multiple source code repositories.",
               version=get_package_version(),
-              openapi_tags=tags_metadata, dependencies=AUTH)
+              openapi_tags=tags_metadata)
 
 if env_variables[ENABLE_CORS].lower() in ["true"]:
     origins = env_variables[CORS_ALLOWED_DOMAINS].split(', ')
@@ -129,15 +129,15 @@ def generate_logger_config(log_file_path, debug=True):
     )
 
 app.include_router(health.router, prefix=RWS_VERSION_PREFIX)
-app.include_router(common.router, prefix=RWS_VERSION_PREFIX)
-app.include_router(rules.router, prefix=RWS_VERSION_PREFIX)
-app.include_router(rule_packs.router, prefix=RWS_VERSION_PREFIX)
-app.include_router(findings.router, prefix=RWS_VERSION_PREFIX)
-app.include_router(detailed_findings.router, prefix=RWS_VERSION_PREFIX)
-app.include_router(repositories.router, prefix=RWS_VERSION_PREFIX)
-app.include_router(scans.router, prefix=RWS_VERSION_PREFIX)
-app.include_router(vcs_instances.router, prefix=RWS_VERSION_PREFIX)
-app.include_router(metrics.router, prefix=RWS_VERSION_PREFIX)
+app.include_router(common.router, prefix=RWS_VERSION_PREFIX, dependencies=AUTH)
+app.include_router(rules.router, prefix=RWS_VERSION_PREFIX, dependencies=AUTH)
+app.include_router(rule_packs.router, prefix=RWS_VERSION_PREFIX, dependencies=AUTH)
+app.include_router(findings.router, prefix=RWS_VERSION_PREFIX, dependencies=AUTH)
+app.include_router(detailed_findings.router, prefix=RWS_VERSION_PREFIX, dependencies=AUTH)
+app.include_router(repositories.router, prefix=RWS_VERSION_PREFIX, dependencies=AUTH)
+app.include_router(scans.router, prefix=RWS_VERSION_PREFIX, dependencies=AUTH)
+app.include_router(vcs_instances.router, prefix=RWS_VERSION_PREFIX, dependencies=AUTH)
+app.include_router(metrics.router, prefix=RWS_VERSION_PREFIX, dependencies=AUTH)
 
 # Apply the security headers to the app in the form of middleware
 app.middleware("http")(add_security_headers)

components/resc-vcs-scanner/src/vcs_scanner/secret_scanners/celery_worker.py

@@ -1,4 +1,4 @@
-# pylint: disable=E1101
+# pylint: disable=E1101,W0603
 # Standard Library
 import json
 import os
@@ -46,22 +46,29 @@
 rws_url = f"http://{env_variables[RESC_API_NO_AUTH_SERVICE_HOST]}:{env_variables[RESC_API_NO_AUTH_SERVICE_PORT]}"
 rws_writer: RESTAPIWriter = RESTAPIWriter(rws_url=rws_url)
 
-vcs_instances_list = load_vcs_instances(env_variables[VCS_INSTANCES_FILE_PATH])
-vcs_instances = rws_writer.write_vcs_instances(vcs_instances_list)
-
-downloaded_rule_pack_version = rws_writer.download_rule_pack()
+VCS_INSTANCES_LIST = None
+VCS_INSTANCES = None
+DOWNLOADED_RULE_PACK_VERSION = None
 
 
 @app.task(name="scan_repository", Queue=rabbitmq_queue)
 def scan_repository(repository):
-    active_rule_pack_version = rws_writer.check_active_rule_pack_version(rule_pack_version=downloaded_rule_pack_version)
+    global VCS_INSTANCES_LIST, VCS_INSTANCES, DOWNLOADED_RULE_PACK_VERSION
+    if not VCS_INSTANCES_LIST:
+        VCS_INSTANCES_LIST = load_vcs_instances(env_variables[VCS_INSTANCES_FILE_PATH])
+    if not VCS_INSTANCES:
+        VCS_INSTANCES = rws_writer.write_vcs_instances(VCS_INSTANCES_LIST)
+    if not DOWNLOADED_RULE_PACK_VERSION:
+        DOWNLOADED_RULE_PACK_VERSION = rws_writer.download_rule_pack()
+
+    active_rule_pack_version = rws_writer.check_active_rule_pack_version(rule_pack_version=DOWNLOADED_RULE_PACK_VERSION)
 
     repository_runtime = RepositoryRuntime(**json.loads(repository))
 
     logger.info(f"Received repository to scan via the queue '{rabbitmq_queue}' => "
                 f"{repository_runtime.project_key}/{repository_runtime.repository_name}")
     try:
-        vcs_instance = vcs_instances[repository_runtime.vcs_instance_name]
+        vcs_instance = VCS_INSTANCES[repository_runtime.vcs_instance_name]
 
         repository = Repository(project_key=repository_runtime.project_key,
                                 repository_id=repository_runtime.repository_id,