elastic · mergify · Mar 20, 2025
@@ -129,17 +129,16 @@ func (bt *vulnerability) Run(*beat.Beat) error {
 func (bt *vulnerability) runIteration() error {
 	worker, err := vuln.NewVulnerabilityWorker(bt.ctx, bt.log, bt.config, bt.bdp, bt.cdp)
 	if err != nil {
-		bt.log.Warn("vulnerability.runIteration worker creation failed")
+		bt.log.Error("vulnerability.runIteration worker creation failed")
 		bt.cancel()
 		return err
 	}
 
-	go func() {
-		worker.Run(bt.ctx)
-	}()
+	go bt.publisher.HandleEvents(bt.ctx, worker.GetChan())
 
-	bt.publisher.HandleEvents(bt.ctx, worker.GetChan())
-	bt.log.Warn("vulnerability.runIteration cycle finished")
+	worker.Run(bt.ctx)
+
+	bt.log.Info("vulnerability.runIteration cycle finished")
 	return nil
 }
 

@@ -25,6 +25,21 @@ import (
 	libbeataws "github.com/elastic/beats/v7/x-pack/libbeat/common/aws"
 )
 
+<<<<<<< HEAD
+=======
+func RetryableCodesOption(o *retry.StandardOptions) {
+	o.Retryables = append(o.Retryables, retry.RetryableHTTPStatusCode{
+		Codes: map[int]struct{}{
+			http.StatusTooManyRequests: {},
+		},
+	})
+}
+
+func awsConfigRetrier() aws.Retryer {
+	return retry.NewStandard(RetryableCodesOption)
+}
+
+>>>>>>> 68ff40dd (cnvm: Delete snapshots after scanning them (#3090))
 func InitializeAWSConfig(cfg libbeataws.ConfigAWS) (*aws.Config, error) {
 	awsConfig, err := libbeataws.InitializeAWSConfig(cfg)
 	if err != nil {

@@ -22,6 +22,7 @@ import (
 	"fmt"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/aws/retry"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	"github.com/samber/lo"
@@ -100,7 +101,17 @@ func (p *Provider) DeleteSnapshot(ctx context.Context, snapshot EBSSnapshot) err
 	if err != nil {
 		return err
 	}
-	_, err = client.DeleteSnapshot(ctx, &ec2.DeleteSnapshotInput{SnapshotId: aws.String(snapshot.SnapshotId)})
+	_, err = client.DeleteSnapshot(ctx,
+		&ec2.DeleteSnapshotInput{SnapshotId: aws.String(snapshot.SnapshotId)},
+		func(ec2Options *ec2.Options) {
+			ec2Options.Retryer = retry.NewStandard(
+				awslib.RetryableCodesOption,
+				func(retryOptions *retry.StandardOptions) {
+					retryOptions.MaxAttempts = 10
+				},
+			)
+		},
+	)
 	if err != nil {
 		return fmt.Errorf("error deleting snapshot %s: %w", snapshot.SnapshotId, err)
 	}

@@ -201,9 +201,9 @@ func (e EventsCreator) CreateEvents(ctx context.Context, scanResults chan []Resu
 				return
 			}
 
-			events := []beat.Event{}
+			events := make([]beat.Event, 0, len(data))
 			for _, res := range data {
-				events = append(events, e.generateEvent(res.reportResult, res.vulnerability, res.snapshot, res.seq))
+				events = append(events, e.generateEvent(res.reportResult, res.vulnerability, res.snapshot.Instance, res.seq))
 			}
 
 			select {
@@ -220,32 +220,32 @@ func (e EventsCreator) GetChan() chan []beat.Event {
 	return e.ch
 }
 
-func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTypes.DetectedVulnerability, snap ec2.EBSSnapshot, seq time.Time) beat.Event {
+func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTypes.DetectedVulnerability, instance ec2.Ec2Instance, seq time.Time) beat.Event {
 	timestamp := time.Now().UTC()
 	sequence := seq.Unix()
 
 	cloudSec, err := convertStructToMapStr(CloudSection{
 		Instance: Instance{
-			Id:   snap.Instance.GetResourceId(),
-			Name: snap.Instance.GetResourceName(),
+			Id:   instance.GetResourceId(),
+			Name: instance.GetResourceName(),
 		},
 		Service: Service{
 			// TODO: Support more services
 			Name: "AWS EC2",
 		},
 		Machine: Machine{
-			Type: string(snap.Instance.InstanceType),
+			Type: string(instance.InstanceType),
 			Authentication: AuthInfo{
-				Key: snap.Instance.KeyName,
+				Key: instance.KeyName,
 			},
-			LaunchTime: snap.Instance.LaunchTime,
-			Image:      snap.Instance.ImageId,
+			LaunchTime: instance.LaunchTime,
+			Image:      instance.ImageId,
 		},
-		AvailabilityZone: getAvailabilityZone(snap.Instance),
-		Region:           snap.Instance.Region,
-		Tags:             snap.Instance.GetResourceTags(),
+		AvailabilityZone: getAvailabilityZone(instance),
+		Region:           instance.Region,
+		Tags:             instance.GetResourceTags(),
 		Security: Security{
-			SecurityGroups: snap.Instance.GetResourceSecurityGroups(),
+			SecurityGroups: instance.GetResourceSecurityGroups(),
 		},
 	})
 
@@ -255,16 +255,16 @@ func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTy
 	}
 
 	hostSec, err := convertStructToMapStr(HostSection{
-		Architecture: string(snap.Instance.Architecture),
+		Architecture: string(instance.Architecture),
 		Os: Os{
 			// TODO: Investigate how to get the full os name
 			// Property "Platform PlatformValues" shows
 			// the value Windows for Windows instances; otherwise blank
 			// this only gives us information if the platform is windows or not
 			// picked "PlatformDetails" as it gives us more information
-			Platform: snap.Instance.PlatformDetails,
+			Platform: instance.PlatformDetails,
 		},
-		Name: snap.Instance.GetResourceName(),
+		Name: instance.GetResourceName(),
 	})
 
 	// TODO: Should we fail the event if we can't enrich the host section?
@@ -273,9 +273,9 @@ func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTy
 	}
 
 	networkSec, err := convertStructToMapStr(NetworkSection{
-		PrivateIp:    snap.Instance.PrivateIpAddress,
-		PublicIp:     snap.Instance.PublicIpAddress,
-		MacAddresses: snap.Instance.GetResourceMacAddresses(),
+		PrivateIp:    instance.PrivateIpAddress,
+		PublicIp:     instance.PublicIpAddress,
+		MacAddresses: instance.GetResourceMacAddresses(),
 	})
 
 	// TODO: Should we fail the event if we can't enrich the network section?
@@ -292,8 +292,8 @@ func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTy
 			"event": transformer.BuildECSEvent(sequence, timestamp, []string{vulEcsCategory}),
 			// Deprecated replaced by cloud and host fields
 			"resource": Resource{
-				ID:   snap.Instance.GetResourceId(),
-				Name: snap.Instance.GetResourceName(),
+				ID:   instance.GetResourceId(),
+				Name: instance.GetResourceName(),
 			},
 			"package": Package{
 				Path:         reportResult.Target,
@@ -342,7 +342,7 @@ func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTy
 		},
 	}
 
-	err = e.cloudDataProvider.EnrichEvent(&event, fetching.ResourceMetadata{Region: snap.Instance.Region})
+	err = e.cloudDataProvider.EnrichEvent(&event, fetching.ResourceMetadata{Region: instance.Region})
 	if err != nil {
 		e.log.Errorf("failed to enrich event with benchmark data provider: %v", err)
 	}