Make scanner and opa optional for metric handler (#197)

tamalsaha · ArnobKumarSaha · web-flow · commit 48371a653d6d · 2023-03-28T06:27:58.000-07:00
Co-authored-by: Arnob Kumar Saha &lt;arnob@appscode.com&gt;
Signed-off-by: Tamal Saha &lt;tamal@appscode.com&gt;
diff --git a/pkg/graph/setup.go b/pkg/graph/setup.go
@@ -101,6 +101,14 @@ func PollNewResourceTypes(cfg *restclient.Config) func(ctx context.Context) erro
 	}
 }
 
+var (
+	opaInstalled     bool
+	scannerInstalled bool
+)
+
+func OPAInstalled() bool     { return opaInstalled }
+func ScannerInstalled() bool { return scannerInstalled }
+
 func SetupGraphReconciler(mgr manager.Manager) func(ctx context.Context) error {
 	return func(ctx context.Context) error {
 		for rid := range resourceChannel {
@@ -112,8 +120,13 @@ func SetupGraphReconciler(mgr manager.Manager) func(ctx context.Context) error {
 				return err
 			}
 
+			if rid.Group == "templates.gatekeeper.sh" && rid.Kind == "ConstraintTemplate" {
+				opaInstalled = true
+			}
+
 			if rid.Group == scannerapi.SchemeGroupVersion.Group &&
 				rid.Kind == scannerapi.ResourceKindImageScanRequest {
+				scannerInstalled = true
 				if err := (&scannercontrollers.WorkloadReconciler{
 					Client: mgr.GetClient(),
 				}).SetupWithManager(mgr); err != nil {
diff --git a/pkg/metricshandler/handler.go b/pkg/metricshandler/handler.go
@@ -20,6 +20,7 @@ import (
 	"io"
 	"net/http"
 
+	"kubeops.dev/ui-server/pkg/graph"
 	"kubeops.dev/ui-server/pkg/metricsstore"
 
 	"github.com/prometheus/client_golang/prometheus/promhttp"
@@ -64,117 +65,133 @@ func (m *MetricsHandler) Install(c *mux.PathRecorderMux) {
 
 func collectMetrics(kc client.Client, w io.Writer) error {
 	generators := getFamilyGenerators()
+	if len(generators) == 0 {
+		_, err := w.Write([]byte("OK"))
+		return err
+	}
+
 	// Generate the headers for the resources metrics
 	headers := generator.ExtractMetricFamilyHeaders(generators)
 	store := metricsstore.NewMetricsStore(headers)
 
-	err := collectScannerMetrics(kc, generators, store)
-	if err != nil {
-		return err
+	offset := 0
+	if graph.ScannerInstalled() {
+		err := collectScannerMetrics(kc, generators, store)
+		if err != nil {
+			return err
+		}
+		offset = 9 // # of scanner metrics families
 	}
-	err = collectPolicyMetrics(kc, generators, store)
-	if err != nil {
-		return err
+	if graph.OPAInstalled() {
+		err := collectPolicyMetrics(kc, generators, store, offset)
+		if err != nil {
+			return err
+		}
 	}
 	return store.WriteAll(w)
 }
 
 func getFamilyGenerators() []generator.FamilyGenerator {
 	fn := func(obj interface{}) *metric.Family { return new(metric.Family) }
 	generators := make([]generator.FamilyGenerator, 0, 13)
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              scannerMetricPrefix + "cluster_cve_occurrence",
-		Help:              "CVE occurrence statistics",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              scannerMetricPrefix + "cluster_cve_occurrence_total",
-		Help:              "Cluster total CVE occurrence",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              scannerMetricPrefix + "cluster_cve_count_total",
-		Help:              "Cluster total unique CVE count",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              scannerMetricPrefix + "namespace_cve_occurrence",
-		Help:              "Namespace CVE occurrence statistics",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              scannerMetricPrefix + "namespace_cve_occurrence_total",
-		Help:              "Namespace total CVE occurrence",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              scannerMetricPrefix + "namespace_cve_count_total",
-		Help:              "Namespace total unique CVE count",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              scannerMetricPrefix + "image_cve_occurrence_total",
-		Help:              "Image total CVE occurrence",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              scannerMetricPrefix + "image_cve_count_total",
-		Help:              "Image total unique CVE count",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              scannerMetricPrefix + "image_lineage",
-		Help:              "Image Lineage",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-
-	// Policy related metrics
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              policyMetricPrefix + "cluster_violation_occurrence_total",
-		Help:              "Cluster-wide Violation Occurrence statistics",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              policyMetricPrefix + "cluster_violation_occurrence_by_constraint_type",
-		Help:              "Cluster-wide Violation Occurrence statistics by constraint type",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              policyMetricPrefix + "namespace_violation_occurrence_total",
-		Help:              "Namespace-wise total Violation Occurrence statistics",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
-	generators = append(generators, generator.FamilyGenerator{
-		Name:              policyMetricPrefix + "namespace_violation_occurrence_by_constraint_type",
-		Help:              "Namespace-wise Violation Occurrence statistics by constraint type",
-		Type:              metric.Gauge,
-		DeprecatedVersion: "",
-		GenerateFunc:      fn,
-	})
+
+	if graph.ScannerInstalled() {
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              scannerMetricPrefix + "cluster_cve_occurrence",
+			Help:              "CVE occurrence statistics",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              scannerMetricPrefix + "cluster_cve_occurrence_total",
+			Help:              "Cluster total CVE occurrence",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              scannerMetricPrefix + "cluster_cve_count_total",
+			Help:              "Cluster total unique CVE count",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              scannerMetricPrefix + "namespace_cve_occurrence",
+			Help:              "Namespace CVE occurrence statistics",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              scannerMetricPrefix + "namespace_cve_occurrence_total",
+			Help:              "Namespace total CVE occurrence",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              scannerMetricPrefix + "namespace_cve_count_total",
+			Help:              "Namespace total unique CVE count",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              scannerMetricPrefix + "image_cve_occurrence_total",
+			Help:              "Image total CVE occurrence",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              scannerMetricPrefix + "image_cve_count_total",
+			Help:              "Image total unique CVE count",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              scannerMetricPrefix + "image_lineage",
+			Help:              "Image Lineage",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+	}
+
+	if graph.OPAInstalled() {
+		// Policy related metrics
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              policyMetricPrefix + "cluster_violation_occurrence_total",
+			Help:              "Cluster-wide Violation Occurrence statistics",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              policyMetricPrefix + "cluster_violation_occurrence_by_constraint_type",
+			Help:              "Cluster-wide Violation Occurrence statistics by constraint type",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              policyMetricPrefix + "namespace_violation_occurrence_total",
+			Help:              "Namespace-wise total Violation Occurrence statistics",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+		generators = append(generators, generator.FamilyGenerator{
+			Name:              policyMetricPrefix + "namespace_violation_occurrence_by_constraint_type",
+			Help:              "Namespace-wise Violation Occurrence statistics by constraint type",
+			Type:              metric.Gauge,
+			DeprecatedVersion: "",
+			GenerateFunc:      fn,
+		})
+	}
 	return generators
 }
diff --git a/pkg/metricshandler/handler_policy.go b/pkg/metricshandler/handler_policy.go
@@ -28,14 +28,14 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-func collectPolicyMetrics(kc client.Client, generators []generator.FamilyGenerator, store *metricsstore.MetricsStore) error {
-	if clTotal, clByType, err := collectForCluster(kc, generators[9], generators[10]); err != nil {
+func collectPolicyMetrics(kc client.Client, generators []generator.FamilyGenerator, store *metricsstore.MetricsStore, offset int) error {
+	if clTotal, clByType, err := collectForCluster(kc, generators[offset], generators[offset+1]); err != nil {
 		return err
 	} else {
 		store.Add(clTotal, clByType)
 	}
 
-	if nsTotal, nsByType, err := collectForNamespace(kc, generators[11], generators[12]); err != nil {
+	if nsTotal, nsByType, err := collectForNamespace(kc, generators[offset+2], generators[offset+3]); err != nil {
 		return err
 	} else {
 		store.Add(nsTotal, nsByType)
