Merge branch 'develop' into feat-flux-cd

Author: kartik-579

api/restHandler/ImageScanRestHandler.go

@@ -23,6 +23,7 @@ import (
 	"github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning"
 	securityBean "github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/bean"
 	security2 "github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/repository"
+	"github.com/devtron-labs/devtron/util/sliceUtil"
 	"net/http"
 	"strconv"
 
@@ -104,6 +105,45 @@ func (impl ImageScanRestHandlerImpl) ScanExecutionList(w http.ResponseWriter, r
 		return
 	}
 	token := r.Header.Get("token")
+	isSuperAdmin := false
+	if ok := impl.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionGet, "*"); ok {
+		isSuperAdmin = true
+	}
+	var ids []int
+	if isSuperAdmin {
+		ids = sliceUtil.NewSliceFromFuncExec(filteredDeployInfoList, func(item *security2.ImageScanDeployInfo) int {
+			return item.Id
+		})
+	} else {
+		ids, err = impl.getAuthorisedImageScanDeployInfoIds(token, filteredDeployInfoList)
+		if err != nil {
+			impl.logger.Errorw("error in getting authorised image scan deploy info ids", "err", err)
+			common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
+			return
+		}
+	}
+
+	if len(ids) == 0 {
+		responseList := make([]*securityBean.ImageScanHistoryResponse, 0)
+		common.WriteJsonResp(w, nil, &securityBean.ImageScanHistoryListingResponse{ImageScanHistoryResponse: responseList}, http.StatusOK)
+		return
+	}
+
+	results, err := impl.imageScanService.FetchScanExecutionListing(request, ids)
+	if err != nil {
+		impl.logger.Errorw("service err, ScanExecutionList", "err", err, "payload", request)
+		if util.IsErrNoRows(err) {
+			responseList := make([]*securityBean.ImageScanHistoryResponse, 0)
+			common.WriteJsonResp(w, nil, &securityBean.ImageScanHistoryListingResponse{ImageScanHistoryResponse: responseList}, http.StatusOK)
+		} else {
+			common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
+		}
+		return
+	}
+	common.WriteJsonResp(w, err, results, http.StatusOK)
+}
+
+func (impl ImageScanRestHandlerImpl) getAuthorisedImageScanDeployInfoIds(token string, filteredDeployInfoList []*security2.ImageScanDeployInfo) ([]int, error) {
 	var ids []int
 	var appRBACObjects []string
 	var envRBACObjects []string
@@ -119,8 +159,8 @@ func (impl ImageScanRestHandlerImpl) ScanExecutionList(w http.ResponseWriter, r
 
 	appObjects, envObjects, appIdtoApp, envIdToEnv, err := impl.enforcerUtil.GetAppAndEnvRBACNamesByAppAndEnvIds(IdToAppEnvPairs)
 	if err != nil {
-		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
-		return
+		impl.logger.Errorw("error in getting app and env rbac objects", "err", err)
+		return nil, err
 	}
 
 	for _, item := range filteredDeployInfoList {
@@ -136,8 +176,8 @@ func (impl ImageScanRestHandlerImpl) ScanExecutionList(w http.ResponseWriter, r
 		} else if item.ScanObjectMetaId > 0 && (item.ObjectType == ObjectTypePod) {
 			environments, err := impl.environmentService.GetByClusterId(item.ClusterId)
 			if err != nil {
-				common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
-				return
+				impl.logger.Errorw("error in getting environments for cluster", "clusterId", item.ClusterId, "err", err)
+				return nil, err
 			}
 			for _, environment := range environments {
 				podObject := environment.EnvironmentIdentifier
@@ -163,25 +203,7 @@ func (impl ImageScanRestHandlerImpl) ScanExecutionList(w http.ResponseWriter, r
 			}
 		}
 	}
-
-	if ids == nil || len(ids) == 0 {
-		responseList := make([]*securityBean.ImageScanHistoryResponse, 0)
-		common.WriteJsonResp(w, nil, &securityBean.ImageScanHistoryListingResponse{ImageScanHistoryResponse: responseList}, http.StatusOK)
-		return
-	}
-
-	results, err := impl.imageScanService.FetchScanExecutionListing(request, ids)
-	if err != nil {
-		impl.logger.Errorw("service err, ScanExecutionList", "err", err, "payload", request)
-		if util.IsErrNoRows(err) {
-			responseList := make([]*securityBean.ImageScanHistoryResponse, 0)
-			common.WriteJsonResp(w, nil, &securityBean.ImageScanHistoryListingResponse{ImageScanHistoryResponse: responseList}, http.StatusOK)
-		} else {
-			common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
-		}
-		return
-	}
-	common.WriteJsonResp(w, err, results, http.StatusOK)
+	return ids, nil
 }
 
 func (impl ImageScanRestHandlerImpl) FetchExecutionDetail(w http.ResponseWriter, r *http.Request) {

api/restHandler/app/appInfo/AppInfoRestHandler.go

@@ -87,9 +87,23 @@ func (handler AppInfoRestHandlerImpl) GetAllLabels(w http.ResponseWriter, r *htt
 		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
 		return
 	}
+	propagatedLabelsOnlyStr := r.URL.Query().Get("showPropagatedOnly")
+
+	var propagatedLabelsOnlyBool *bool
+	if propagatedLabelsOnlyStr != "" {
+		if val, err := strconv.ParseBool(propagatedLabelsOnlyStr); err == nil {
+			propagatedLabelsOnlyBool = &val
+		} else {
+			// Invalid boolean value provided, treat as null (nil)
+			propagatedLabelsOnlyBool = nil
+			handler.logger.Infow("Invalid 'showPropagatedOnly' value from quey params — defaulting to nil", propagatedLabelsOnlyStr)
+		}
+	}
+
 	token := r.Header.Get("token")
 	results := make([]*bean.AppLabelDto, 0)
-	labels, err := handler.appService.FindAll()
+
+	labels, err := handler.appService.FindAll(propagatedLabelsOnlyBool)
 	if err != nil {
 		handler.logger.Errorw("service err, GetAllLabels", "err", err)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)

go.sum

@@ -237,10 +237,10 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzq
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.13 h1:3pINq0gXOSeTw2z/vYe+j80lRpSN5Rp/8mfQORh8SmU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.13/go.mod h1:/vqxcovDPT4zqr4DjR5v7CF8ggpY1l3TSa2CIG3jmjA=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250619100439-8e8e182b498a h1:KGVcJLifitrmRj/Q6xxWDThc2bJUlJaFfrzc9PfLBnU=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250619100439-8e8e182b498a/go.mod h1:9LCkYfiWaEKIBkmxw9jX1GujvEMyHwmDtVsatffAkeU=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250619100439-8e8e182b498a h1:iQdc02/QUQ4P45Y/OEZXtbkES6+Tan2RJfg2wpJxaWQ=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250619100439-8e8e182b498a/go.mod h1:/Ciy9tD9OxZOWBDPIasM448H7uvSo4+ZJiExpfwBZpA=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250624130631-fd0c2f8fd85c h1:v+laregD1jjF1c7DUs9Aoo1alEOaOSSidgSFDAWv4uM=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250624130631-fd0c2f8fd85c/go.mod h1:9LCkYfiWaEKIBkmxw9jX1GujvEMyHwmDtVsatffAkeU=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250624130631-fd0c2f8fd85c h1:Lc6JZNufAA1gKTXfhJiEZ6BLPC9mHa89dKw0m6FmPpo=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250624130631-fd0c2f8fd85c/go.mod h1:/Ciy9tD9OxZOWBDPIasM448H7uvSo4+ZJiExpfwBZpA=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta h1:VEx1jvDgdtDPS6A1uUFoaEi0l1/oLhbr+90xOwr6sDU=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta/go.mod h1:GnuiCesvh8xyHeMCb+twm8lBR/kQzJYSKL28ZfObp1Y=
 github.com/devtron-labs/protos v0.0.3-0.20250323220609-ecf8a0f7305e h1:U6UdYbW8a7xn5IzFPd8cywjVVPfutGJCudjePAfL/Hs=

internal/sql/repository/pipelineConfig/AppLabelsRepository.go

@@ -41,7 +41,7 @@ type AppLabelRepository interface {
 	Delete(model *AppLabel, tx *pg.Tx) error
 	FindById(id int) (*AppLabel, error)
 	FindAllByIds(ids []int) ([]*AppLabel, error)
-	FindAll() ([]*AppLabel, error)
+	FindAll(propagated *bool) ([]*AppLabel, error)
 	FindByLabelKey(key string) ([]*AppLabel, error)
 	FindByAppIdAndKeyAndValue(appId int, key string, value string) (*AppLabel, error)
 	FindByLabelValue(label string) ([]*AppLabel, error)
@@ -89,9 +89,16 @@ func (impl AppLabelRepositoryImpl) FindAllByIds(ids []int) ([]*AppLabel, error)
 	err := impl.dbConnection.Model(&models).Where("id in (?)", pg.In(ids)).Order("updated_on desc").Select()
 	return models, err
 }
-func (impl AppLabelRepositoryImpl) FindAll() ([]*AppLabel, error) {
+func (impl AppLabelRepositoryImpl) FindAll(propagated *bool) ([]*AppLabel, error) {
 	var models []*AppLabel
-	err := impl.dbConnection.Model(&models).Order("updated_on desc").Select()
+	query := impl.dbConnection.Model(&models).
+		Column("app_label.*", "App").
+		Order("updated_on desc")
+	// if propagated flag is not set then show all labels
+	if propagated != nil {
+		query = query.Where("propagate = ?", *propagated)
+	}
+	err := query.Select()
 	return models, err
 }
 func (impl AppLabelRepositoryImpl) FindByLabelKey(key string) ([]*AppLabel, error) {

internal/sql/repository/pipelineConfig/CdWorfkflowRepository.go

@@ -773,31 +773,41 @@ func (impl *CdWorkflowRepositoryImpl) FindDeployedCdWorkflowRunnersByPipelineId(
 }
 
 func (impl *CdWorkflowRepositoryImpl) FindLatestCdWorkflowRunnerArtifactMetadataForAppAndEnvIds(appVsEnvIdMap map[int][]int, runnerType apiBean.WorkflowType) ([]*cdWorkflow.CdWorkflowRunnerArtifactMetadata, error) {
-	var allRunners []*cdWorkflow.CdWorkflowRunnerArtifactMetadata
+	var runners []*cdWorkflow.CdWorkflowRunnerArtifactMetadata
+
+	// Prepare the (app_id, env_id) tuple list for the query
+	tupleList := make([]interface{}, 0, len(appVsEnvIdMap))
+	for appId, envIds := range appVsEnvIdMap {
+		for _, envId := range envIds {
+			tupleList = append(tupleList, []interface{}{appId, envId})
+		}
+	}
+	if len(tupleList) == 0 {
+		return nil, nil
+	}
+
 	query := `
 WITH RankedData AS (
     SELECT 
         p.app_id AS "app_id",
         p.environment_id AS "env_id",
-		p.deleted AS "deleted",
+        p.deleted AS "deleted",
         wf.ci_artifact_id AS "ci_artifact_id",
         ci_artifact.parent_ci_artifact AS "parent_ci_artifact",
         ci_artifact.scanned AS "scanned",
         ROW_NUMBER() OVER (PARTITION BY p.app_id, p.environment_id ORDER BY cd_workflow_runner.id DESC) AS rn
     FROM cd_workflow_runner INNER JOIN cd_workflow wf ON wf.id = cd_workflow_runner.cd_workflow_id
     INNER JOIN pipeline p ON p.id = wf.pipeline_id
     INNER JOIN ci_artifact ON ci_artifact.id = wf.ci_artifact_id
-    WHERE cd_workflow_runner.workflow_type = ? AND p.app_id = ? AND p.environment_id IN (?))
+    WHERE cd_workflow_runner.workflow_type = ? 
+      AND (p.app_id, p.environment_id) IN ( ? )
+)
 SELECT "app_id","env_id","ci_artifact_id","parent_ci_artifact","scanned" FROM RankedData WHERE rn = 1 and deleted= false;
 `
-	for appId, envIds := range appVsEnvIdMap {
-		var runners []*cdWorkflow.CdWorkflowRunnerArtifactMetadata
-		_, err := impl.dbConnection.Query(&runners, query, runnerType, appId, pg.In(envIds))
-		if err != nil {
-			impl.logger.Errorw("error in getting cdWfrs by appId and envIds and runner type", "appVsEnvIdMap", appVsEnvIdMap, "err", err)
-			return nil, err
-		}
-		allRunners = append(allRunners, runners...)
+	_, err := impl.dbConnection.Query(&runners, query, runnerType, pg.In(tupleList))
+	if err != nil {
+		impl.logger.Errorw("error in getting cdWfrs by appId and envIds and runner type", "appVsEnvIdMap", appVsEnvIdMap, "err", err)
+		return nil, err
 	}
-	return allRunners, nil
+	return runners, nil
 }

pkg/app/AppCrudOperationService.go

@@ -59,7 +59,7 @@ type CrudOperationServiceConfig struct {
 type AppCrudOperationService interface {
 	Create(request *bean.AppLabelDto, tx *pg.Tx) (*bean.AppLabelDto, error)
 	FindById(id int) (*bean.AppLabelDto, error)
-	FindAll() ([]*bean.AppLabelDto, error)
+	FindAll(propagated *bool) ([]*bean.AppLabelDto, error)
 	GetAppMetaInfo(appId int, installedAppId int, envId int) (*bean.AppMetaInfoDto, error)
 	GetHelmAppMetaInfo(appId string) (*bean.AppMetaInfoDto, error)
 	GetAppLabelsForDeployment(ctx context.Context, appId int, appName, envName string) ([]byte, error)
@@ -318,9 +318,9 @@ func (impl AppCrudOperationServiceImpl) FindById(id int) (*bean.AppLabelDto, err
 	return label, nil
 }
 
-func (impl AppCrudOperationServiceImpl) FindAll() ([]*bean.AppLabelDto, error) {
+func (impl AppCrudOperationServiceImpl) FindAll(propagated *bool) ([]*bean.AppLabelDto, error) {
 	results := make([]*bean.AppLabelDto, 0)
-	models, err := impl.appLabelRepository.FindAll()
+	models, err := impl.appLabelRepository.FindAll(propagated)
 	if err != nil && err != pg.ErrNoRows {
 		impl.logger.Errorw("error in fetching FindAll app labels", "error", err)
 		return nil, err
@@ -334,6 +334,7 @@ func (impl AppCrudOperationServiceImpl) FindAll() ([]*bean.AppLabelDto, error) {
 			Key:       model.Key,
 			Value:     model.Value,
 			Propagate: model.Propagate,
+			AppName:   model.App.AppName,
 		}
 		results = append(results, dto)
 	}

pkg/bean/app.go

@@ -914,6 +914,7 @@ type AppLabelDto struct {
 	Value     string `json:"value,notnull"`
 	Propagate bool   `json:"propagate,notnull"`
 	AppId     int    `json:"appId,omitempty"`
+	AppName   string `json:"appName,omitempty"`
 	UserId    int32  `json:"-"`
 }