feat!: adds context cancellation propagation to plugin operations

BREAKING_CHANGE: policy.Provider interface method updates to accept context

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>

Author: jpower432

cmd/c2pcli/cli/subcommands/config.go

@@ -11,6 +11,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"time"
 
 	oscalTypes "github.com/defenseunicorns/go-oscal/src/types/oscal-1-1-3"
 	"github.com/oscal-compass/oscal-sdk-go/models"
@@ -23,6 +24,9 @@ import (
 	"github.com/oscal-compass/compliance-to-policy-go/v2/framework/actions"
 )
 
+// Plugin running times might be highly variable this is maximum timeout value.
+var pluginTimeout = 5 * time.Minute
+
 // Config returns a populated C2PConfig for the CLI to use.
 func Config(option *Options) (*framework.C2PConfig, error) {
 	c2pConfig := framework.DefaultConfig()

cmd/c2pcli/cli/subcommands/oscal2policy.go

@@ -76,14 +76,17 @@ func runOSCAL2Policy(ctx context.Context, option *Options) error {
 	var configSelections framework.PluginConfig = func(pluginID plugin.ID) map[string]string {
 		return option.Plugins[pluginID.String()]
 	}
-	launchedPlugins, err := manager.LaunchPolicyPlugins(foundPlugins, configSelections)
+	launchedPlugins, err := manager.LaunchPolicyPlugins(ctx, foundPlugins, configSelections)
 	// Defer clean before returning an error to avoid unterminated processes
 	defer manager.Clean()
 	if err != nil {
 		return err
 	}
 
-	err = actions.GeneratePolicy(ctx, inputContext, launchedPlugins)
+	pluginCtx, cancel := context.WithTimeout(ctx, pluginTimeout)
+	defer cancel()
+
+	err = actions.GeneratePolicy(pluginCtx, inputContext, launchedPlugins)
 	if err != nil {
 		return err
 	}

cmd/c2pcli/cli/subcommands/result2oscal.go

@@ -83,14 +83,17 @@ func runResult2Policy(ctx context.Context, option *Options) error {
 	var configSelections framework.PluginConfig = func(pluginID plugin.ID) map[string]string {
 		return option.Plugins[pluginID.String()]
 	}
-	launchedPlugins, err := manager.LaunchPolicyPlugins(foundPlugins, configSelections)
+	launchedPlugins, err := manager.LaunchPolicyPlugins(ctx, foundPlugins, configSelections)
 	// Defer clean before returning an error to avoid unterminated processes
 	defer manager.Clean()
 	if err != nil {
 		return err
 	}
 
-	results, err := actions.AggregateResults(ctx, inputContext, launchedPlugins)
+	pluginCtx, cancel := context.WithTimeout(ctx, pluginTimeout)
+	defer cancel()
+
+	results, err := actions.AggregateResults(pluginCtx, inputContext, launchedPlugins)
 	if err != nil {
 		return err
 	}

cmd/c2pcli/main.go

@@ -17,14 +17,20 @@ limitations under the License.
 package main
 
 import (
+	"context"
 	"os"
+	"os/signal"
+	"syscall"
 
 	"github.com/oscal-compass/compliance-to-policy-go/v2/cmd/c2pcli/cli"
 )
 
 func main() {
 	command := cli.New()
-	err := command.Execute()
+	ctx, cancel := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
+	defer cancel()
+
+	err := command.ExecuteContext(ctx)
 	if err != nil {
 		os.Exit(1)
 	}

cmd/kyverno-plugin/server/server.go

@@ -6,6 +6,7 @@
 package server
 
 import (
+	"context"
 	"errors"
 	"fmt"
 
@@ -34,14 +35,14 @@ func NewPlugin() *Plugin {
 	return &Plugin{}
 }
 
-func (p *Plugin) Configure(m map[string]string) error {
+func (p *Plugin) Configure(_ context.Context, m map[string]string) error {
 	if err := mapstructure.Decode(m, &p.config); err != nil {
 		return errors.New("error decoding configuration")
 	}
 	return p.config.Validate()
 }
 
-func (p *Plugin) Generate(pl policy.Policy) error {
+func (p *Plugin) Generate(_ context.Context, pl policy.Policy) error {
 	logger.Debug(fmt.Sprintf("Using resources from %s", p.config.PoliciesDir))
 	tmpdir := utils.NewTempDirectory(p.config.TempDir)
 	composer := NewOscal2Policy(p.config.PoliciesDir, tmpdir)
@@ -58,7 +59,7 @@ func (p *Plugin) Generate(pl policy.Policy) error {
 	return nil
 }
 
-func (p *Plugin) GetResults(pl policy.Policy) (policy.PVPResult, error) {
+func (p *Plugin) GetResults(_ context.Context, pl policy.Policy) (policy.PVPResult, error) {
 	results := NewResultToOscal(pl, p.config.PolicyResultsDir)
 	return results.GenerateResults()
 }

cmd/kyverno-plugin/server/server_test.go

@@ -40,12 +40,12 @@ func TestConfigure(t *testing.T) {
 	configuration := map[string]string{
 		"policy-dir": "not-exist",
 	}
-	err := plugin.Configure(configuration)
+	err := plugin.Configure(context.Background(), configuration)
 	require.EqualError(t, err, "path \"not-exist\": stat not-exist: no such file or directory")
 
 	policyDir := utils.PathFromInternalDirectory("./testdata/kyverno/policy-resources")
 	configuration["policy-dir"] = policyDir
-	err = plugin.Configure(configuration)
+	err = plugin.Configure(context.Background(), configuration)
 	require.NoError(t, err)
 }
 

cmd/ocm-plugin/server/server.go

@@ -6,6 +6,7 @@
 package server
 
 import (
+	"context"
 	"errors"
 	"os"
 	"strings"
@@ -38,14 +39,14 @@ func NewPlugin() *Plugin {
 	}
 }
 
-func (p *Plugin) Configure(m map[string]string) error {
+func (p *Plugin) Configure(_ context.Context, m map[string]string) error {
 	if err := mapstructure.Decode(m, &p.config); err != nil {
 		return errors.New("error decoding configuration")
 	}
 	return p.config.Validate()
 }
 
-func (p *Plugin) Generate(pl policy.Policy) error {
+func (p *Plugin) Generate(_ context.Context, pl policy.Policy) error {
 	tmpdir := utils.NewTempDirectory(p.config.TempDir)
 	composer := NewComposerByTempDirectory(p.config.PoliciesDir, tmpdir)
 	if err := composer.ComposeByPolicies(pl, p.config); err != nil {
@@ -79,7 +80,7 @@ func (p *Plugin) Generate(pl policy.Policy) error {
 	return nil
 }
 
-func (p *Plugin) GetResults(pl policy.Policy) (policy.PVPResult, error) {
+func (p *Plugin) GetResults(_ context.Context, pl policy.Policy) (policy.PVPResult, error) {
 	results := NewResultToOscal(pl, p.config.PolicyResultsDir, p.config.Namespace, p.config.PolicySetName)
 	return results.GenerateResults()
 }

cmd/ocm-plugin/server/server_test.go

@@ -41,7 +41,7 @@ func TestOscal2Policy(t *testing.T) {
 	plugin.config.TempDir = tempDir.GetTempDir()
 	plugin.config.OutputDir = tmpOutputDir
 	plugin.config.PolicyResultsDir = tmpOutputDir
-	require.NoError(t, plugin.Generate(testPolicy))
+	require.NoError(t, plugin.Generate(context.Background(), testPolicy))
 }
 
 func TestResult2Oscal(t *testing.T) {
@@ -154,17 +154,17 @@ func TestConfigure(t *testing.T) {
 	configuration := map[string]string{
 		"policy-dir": policyDir,
 	}
-	err := plugin.Configure(configuration)
+	err := plugin.Configure(context.Background(), configuration)
 	require.EqualError(t, err, "policy set name must be set")
 
 	configuration["policy-set-name"] = "set"
 
 	configuration["policy-dir"] = "not-exist"
-	err = plugin.Configure(configuration)
+	err = plugin.Configure(context.Background(), configuration)
 	require.EqualError(t, err, "path \"not-exist\": stat not-exist: no such file or directory")
 
 	configuration["policy-dir"] = policyDir
-	err = plugin.Configure(configuration)
+	err = plugin.Configure(context.Background(), configuration)
 	require.NoError(t, err)
 }
 

framework/actions/aggregate.go

@@ -9,10 +9,9 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"sync"
 
 	"github.com/oscal-compass/oscal-sdk-go/settings"
-	"golang.org/x/sync/semaphore"
+	"golang.org/x/sync/errgroup"
 
 	"github.com/oscal-compass/compliance-to-policy-go/v2/logging"
 	"github.com/oscal-compass/compliance-to-policy-go/v2/plugin"
@@ -27,65 +26,53 @@ func AggregateResults(ctx context.Context, inputContext *InputContext, pluginSet
 	log := logging.GetLogger("aggregator")
 
 	var allResults []policy.PVPResult
-	sem := semaphore.NewWeighted(inputContext.MaxConcurrentWeight)
-	var wg sync.WaitGroup
-	errorCh := make(chan error, len(pluginSet))
 	resultChan := make(chan policy.PVPResult, len(pluginSet))
 
+	eg, egCtx := errgroup.WithContext(ctx)
+	eg.SetLimit(inputContext.MaxConcurrency)
 	for providerId, policyPlugin := range pluginSet {
-
-		wg.Add(1)
-
-		go func(providerId plugin.ID, plugin policy.Provider) {
-			defer wg.Done()
-
-			if err := sem.Acquire(ctx, 1); err != nil {
-				errorCh <- fmt.Errorf("%s failed to acquire semaphore: %w", providerId.String(), err)
-				return
-			}
-			defer sem.Release(1)
-
-			componentTitle, err := inputContext.ProviderTitle(providerId)
-			if err != nil {
-				if errors.Is(err, ErrMissingProvider) {
-					log.Warn(fmt.Sprintf("skipping %s provider: missing validation component", providerId))
-					return
+		func(providerId plugin.ID, plugin policy.Provider) {
+			eg.Go(func() error {
+				select {
+				case <-egCtx.Done():
+					return fmt.Errorf("%s skipped due to context cancellation/timeout: %w", providerId.String(), egCtx.Err())
+				default:
 				}
-				errorCh <- err
-				return
 
-			}
-			log.Debug(fmt.Sprintf("Aggregating results for provider %s", providerId))
+				componentTitle, err := inputContext.ProviderTitle(providerId)
+				if err != nil {
+					if errors.Is(err, ErrMissingProvider) {
+						log.Warn(fmt.Sprintf("skipping %s provider: missing validation component", providerId))
+						return nil
+					}
+					return err
+				}
+				log.Debug(fmt.Sprintf("Aggregating results for provider %s", providerId))
 
-			appliedRuleSet, err := settings.ApplyToComponent(ctx, componentTitle, inputContext.Store(), inputContext.Settings)
-			if err != nil {
-				errorCh <- fmt.Errorf("failed to get rule sets for component %s: %w", componentTitle, err)
-				return
-			}
+				appliedRuleSet, err := settings.ApplyToComponent(egCtx, componentTitle, inputContext.Store(), inputContext.Settings)
+				if err != nil {
+					return fmt.Errorf("failed to get rule sets for component %s: %w", componentTitle, err)
+				}
 
-			pluginResults, err := policyPlugin.GetResults(appliedRuleSet)
-			if err != nil {
-				errorCh <- fmt.Errorf("plugin %s: %w", providerId, err)
-				return
-			}
-			resultChan <- pluginResults
+				pluginResults, err := policyPlugin.GetResults(egCtx, appliedRuleSet)
+				if err != nil {
+					return err
+				}
+				resultChan <- pluginResults
+				return nil
+			})
 		}(providerId, policyPlugin)
 	}
 
+	var err error
 	go func() {
-		wg.Wait()
-		close(errorCh)
+		err = eg.Wait()
 		close(resultChan)
 	}()
 
-	var errs []error
-	for err := range errorCh {
-		errs = append(errs, err)
-	}
-
 	for result := range resultChan {
 		allResults = append(allResults, result)
 	}
 
-	return allResults, errors.Join(errs...)
+	return allResults, err
 }

framework/actions/aggregate_test.go

@@ -7,9 +7,11 @@ package actions
 
 import (
 	"context"
+	"errors"
 	"os"
 	"sort"
 	"testing"
+	"time"
 
 	"github.com/oscal-compass/oscal-sdk-go/extensions"
 	"github.com/oscal-compass/oscal-sdk-go/models"
@@ -165,30 +167,77 @@ func TestAggregateResults_Multi(t *testing.T) {
 	providerTestObj.AssertExpectations(t)
 	providerTestObj2.AssertExpectations(t)
 	require.Len(t, gotResults, 2)
+
+	// Test with error
+	providerTestObj3 := new(policyProvider)
+	providerTestObj3.On("GetResults", policy.Policy{kyvernoRule}).Return(policy.PVPResult{}, errors.New("failed"))
+	pluginSet = map[plugin.ID]policy.Provider{
+		"ocm":     providerTestObj,
+		"kyverno": providerTestObj3,
+	}
+
+	gotResults, err = AggregateResults(context.Background(), inputContext, pluginSet)
+	require.EqualError(t, err, "failed")
+	providerTestObj.AssertExpectations(t)
+	providerTestObj3.AssertExpectations(t)
+	require.Len(t, gotResults, 1)
+
+	// Test with cancellation
+	done := make(chan struct{})
+	ctx, cancel := context.WithCancel(context.Background())
+
+	providerTestObj3.delay = 500 * time.Millisecond
+
+	go func() {
+		gotResults, err = AggregateResults(ctx, inputContext, pluginSet)
+		close(done)
+	}()
+
+	// Wait for a short period to allow some goroutines to start
+	time.Sleep(100 * time.Millisecond)
+
+	// Now, cancel.
+	cancel()
+
+	select {
+	case <-done:
+		require.EqualError(t, err, "context canceled")
+		require.Len(t, gotResults, 1)
+	case <-time.After(2 * time.Second):
+		t.Fatal("error: did not after cancellation signal within timeout")
+	}
+
 }
 
 // policyProvider is a mocked implementation of policy.Provider.
 type policyProvider struct {
 	mock.Mock
+	delay time.Duration
 }
 
-func (p *policyProvider) Configure(option map[string]string) error {
+func (p *policyProvider) Configure(_ context.Context, option map[string]string) error {
 	args := p.Called(option)
 	return args.Error(0)
 }
 
-func (p *policyProvider) Generate(policyRules policy.Policy) error {
+func (p *policyProvider) Generate(_ context.Context, policyRules policy.Policy) error {
 	sort.SliceStable(policyRules, func(i, j int) bool {
 		return policyRules[i].Rule.ID > policyRules[j].Rule.ID
 	})
 	args := p.Called(policyRules)
 	return args.Error(0)
 }
 
-func (p *policyProvider) GetResults(policyRules policy.Policy) (policy.PVPResult, error) {
+func (p *policyProvider) GetResults(ctx context.Context, policyRules policy.Policy) (policy.PVPResult, error) {
 	sort.SliceStable(policyRules, func(i, j int) bool {
 		return policyRules[i].Rule.ID > policyRules[j].Rule.ID
 	})
 	args := p.Called(policyRules)
-	return args.Get(0).(policy.PVPResult), args.Error(1)
+
+	select {
+	case <-ctx.Done():
+		return policy.PVPResult{}, ctx.Err()
+	case <-time.After(p.delay): // Simulate completing work
+		return args.Get(0).(policy.PVPResult), args.Error(1)
+	}
 }