Read the alerts.enabled flag and create PrometheusRule only if true

prachidamle · prachidamle · commit 207b7903af36 · 2020-12-15T09:48:28.000-08:00
diff --git a/main.go b/main.go
@@ -111,6 +111,10 @@ func main() {
 			Value:       "",
 			Destination: &clusterName,
 		},
+		cli.BoolFlag{
+			Name:   "alertEnabled",
+			EnvVar: "CIS_ALERTS_ENABLED",
+		},
 	}
 	app.Action = run
 
@@ -145,6 +149,7 @@ func run(c *cli.Context) {
 		SonobuoyImageTag:     sonobuoyImageTag,
 		AlertSeverity:        alertSeverity,
 		ClusterName:          clusterName,
+		AlertEnabled:         c.Bool("alertEnabled"),
 	}
 
 	if err := validateConfig(imgConfig); err != nil {
diff --git a/pkg/apis/cis.cattle.io/v1/types.go b/pkg/apis/cis.cattle.io/v1/types.go
@@ -160,4 +160,5 @@ type ScanImageConfig struct {
 	SonobuoyImageTag     string
 	AlertSeverity        string
 	ClusterName          string
+	AlertEnabled         bool
 }
diff --git a/pkg/securityscan/scanHandler.go b/pkg/securityscan/scanHandler.go
@@ -114,23 +114,24 @@ func (c *Controller) handleClusterScans(ctx context.Context) error {
 
 				objects = append(objects, cisjob.New(obj, profile, c.Name, c.ImageConfig), cmMap["configcm"], cmMap["plugincm"], cmMap["skipConfigcm"], service)
 
-				if obj.Spec.ScheduledScanConfig != nil && obj.Spec.ScheduledScanConfig.ScanAlertRule != nil {
-					if obj.Spec.ScheduledScanConfig.ScanAlertRule.AlertOnComplete || obj.Spec.ScheduledScanConfig.ScanAlertRule.AlertOnFailure {
-						if obj.Status.ScanAlertingRuleName == "" {
-							alertRule, err := cisalert.NewPrometheusRule(obj, profile, c.ImageConfig)
-							if err != nil {
-								v1.ClusterScanConditionReconciling.True(obj)
-								return objects, obj.Status, fmt.Errorf("Error when trying to create a PrometheusRule: %v", err)
-							}
-							ruleCreated, err := c.monitoringClient.PrometheusRules(v1.ClusterScanNS).Create(ctx, alertRule, metav1.CreateOptions{})
-							if err != nil {
-								logrus.Errorf("Alerts will not be sent out for this scan %v due to this error when creating PrometheusRule: %v", obj.Name, err)
-							} else {
-								obj.Status.ScanAlertingRuleName = ruleCreated.Name
-							}
-						}
+				if c.ImageConfig.AlertEnabled &&
+					obj.Spec.ScheduledScanConfig != nil &&
+					obj.Spec.ScheduledScanConfig.ScanAlertRule != nil &&
+					(obj.Spec.ScheduledScanConfig.ScanAlertRule.AlertOnComplete || obj.Spec.ScheduledScanConfig.ScanAlertRule.AlertOnFailure) &&
+					obj.Status.ScanAlertingRuleName == "" {
+					alertRule, err := cisalert.NewPrometheusRule(obj, profile, c.ImageConfig)
+					if err != nil {
+						v1.ClusterScanConditionReconciling.True(obj)
+						return objects, obj.Status, fmt.Errorf("Error when trying to create a PrometheusRule: %v", err)
+					}
+					ruleCreated, err := c.monitoringClient.PrometheusRules(v1.ClusterScanNS).Create(ctx, alertRule, metav1.CreateOptions{})
+					if err != nil {
+						logrus.Errorf("Alerts will not be sent out for this scan %v due to this error when creating PrometheusRule: %v", obj.Name, err)
+					} else {
+						obj.Status.ScanAlertingRuleName = ruleCreated.Name
 					}
 				}
+
 				if v1.ClusterScanConditionFailed.IsTrue(obj) {
 					//clear the earlier failed status
 					v1.ClusterScanConditionFailed.False(obj)

Original file line number	Diff line number	Diff line change
`@@ -160,4 +160,5 @@ type ScanImageConfig struct {`
`160`	`160`	`SonobuoyImageTag string`
`161`	`161`	`AlertSeverity string`
`162`	`162`	`ClusterName string`
	`163`	`+ AlertEnabled bool`
`163`	`164`	`}`