René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Can't delete scan or scan CRD","articleBody":"## 🐞 Bug report\r\n\u003c!--\r\nThank you for reporting an issue in our project 🙌\r\n\r\nBefore opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.\r\n--\u003e\r\n\r\n### Describe the bug\r\nI was testing my setup using IAM roles. I had a few problems setting up a scan due to permissions on S3. I fixed them but then I want to delete a scan object I created and the delete gets stuck.\r\nI run:\r\n```\r\n % kubectl get scan\r\nNAME                  TYPE            STATE   FINDINGS\r\nzap-full-scan-admin   zap-full-scan           \r\n\r\n % kubectl delete scan zap-full-scan-admin\r\nscan.execution.securecodebox.io \"zap-full-scan-admin\" deleted\r\n... then it gets stuck here for one hour until my AWS session expires then:\r\nerror: You must be logged in to the server (Unauthorized)\r\nexit 1\r\n```\r\n\r\nI tried uninstalling the zap scanner and operator using helm, both uninstalled fine, but the zap scan was still there and still wouldn't delete.\r\nSo I went to the uninstallation steps page ( https://docs.securecodebox.io/docs/getting-started/uninstallation ) and deleted lurkers (there were no parsers), roles, binding and service accounts. All went good.\r\n\r\nHowever when I tried to delete the CRDs it got stuck in the scheduled scans:\r\n```\r\n% kubectl delete crd cascadingrules.cascading.securecodebox.io \\\r\nparsedefinitions.execution.securecodebox.io \\\r\nscancompletionhooks.execution.securecodebox.io \\\r\nscans.execution.securecodebox.io \\\r\nscantypes.execution.securecodebox.io \\\r\nscheduledscans.execution.securecodebox.io\r\ncustomresourcedefinition.apiextensions.k8s.io \"cascadingrules.cascading.securecodebox.io\" deleted\r\ncustomresourcedefinition.apiextensions.k8s.io \"parsedefinitions.execution.securecodebox.io\" deleted\r\ncustomresourcedefinition.apiextensions.k8s.io \"scancompletionhooks.execution.securecodebox.io\" deleted\r\ncustomresourcedefinition.apiextensions.k8s.io \"scans.execution.securecodebox.io\" deleted\r\ncustomresourcedefinition.apiextensions.k8s.io \"scantypes.execution.securecodebox.io\" deleted\r\ncustomresourcedefinition.apiextensions.k8s.io \"scheduledscans.execution.securecodebox.io\" deleted\r\n... then if got stuck here and won't finish so I ctrl+C, but notice the scans.execution.securecodebox.io which says deleted.\r\n\r\n% kubectl get crds                                   \r\nNAME                                         CREATED AT\r\nalertmanagerconfigs.monitoring.coreos.com    2021-08-04T01:47:22Z\r\nalertmanagers.monitoring.coreos.com          2021-08-04T01:47:25Z\r\neniconfigs.crd.k8s.amazonaws.com             2021-06-09T02:15:07Z\r\npodmonitors.monitoring.coreos.com            2021-08-04T01:47:27Z\r\nprobes.monitoring.coreos.com                 2021-08-04T01:47:30Z\r\nprometheuses.monitoring.coreos.com           2021-08-04T01:47:33Z\r\nprometheusrules.monitoring.coreos.com        2021-08-04T01:47:35Z\r\nprovisioners.karpenter.sh                    2021-12-14T05:33:10Z\r\nscans.execution.securecodebox.io             2022-04-07T06:54:40Z    \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c Won't delete\r\nsecuritygrouppolicies.vpcresources.k8s.aws   2021-06-09T02:15:11Z\r\nservicemonitors.monitoring.coreos.com        2021-08-04T01:47:37Z\r\nthanosrulers.monitoring.coreos.com           2021-08-04T01:47:39Z\r\n```\r\n\r\nNow, I described the scan object and found it is marked for deletion:\r\n```\r\n% kubectl describe scan zap-full-scan-admin\r\nName:         zap-full-scan-admin\r\nNamespace:    default\r\nLabels:       organization=OWASP\r\nAnnotations:  \u003cnone\u003e\r\nAPI Version:  execution.securecodebox.io/v1\r\nKind:         Scan\r\nMetadata:\r\n  Creation Timestamp:             2022-04-08T00:11:04Z\r\n  Deletion Grace Period Seconds:  0\r\n  Deletion Timestamp:             2022-04-08T00:13:07Z     \u003c\u003c\u003c\u003c\u003c so it is marked for deletion so should be deleted but it isn't\r\n  Finalizers:\r\n    s3.storage.securecodebox.io\r\n...\r\n```\r\n\r\nI decided to test and create another scan to compare with the first scan object and got:\r\n```\r\n% kubectl apply -f zap-full-scan-admin2.yaml\r\nError from server (MethodNotAllowed): error when creating \"zap-full-scan-admin.yaml\": create not allowed while custom resource definition is terminating\r\n```\r\n\r\nSo I got the scan CRD definition:\r\n```\r\n% kubectl describe crd scans.execution.securecodebox.io\r\nName:         scans.execution.securecodebox.io\r\nNamespace:    \r\nLabels:       \u003cnone\u003e\r\nAnnotations:  controller-gen.kubebuilder.io/version: v0.4.1\r\nAPI Version:  apiextensions.k8s.io/v1\r\nKind:         CustomResourceDefinition\r\nMetadata:\r\n  Creation Timestamp:             2022-04-07T06:54:40Z\r\n  Deletion Grace Period Seconds:  0\r\n  Deletion Timestamp:             2022-04-12T00:29:03Z\r\n  Finalizers:\r\n    customresourcecleanup.apiextensions.k8s.io\r\n... a loong definition\r\nStatus:\r\n  Accepted Names:\r\n    Kind:       Scan\r\n    List Kind:  ScanList\r\n    Plural:     scans\r\n    Singular:   scan\r\n  Conditions:\r\n    Last Transition Time:  2022-04-07T06:54:40Z\r\n    Message:               no conflicts found\r\n    Reason:                NoConflicts\r\n    Status:                True\r\n    Type:                  NamesAccepted\r\n    Last Transition Time:  2022-04-07T06:54:40Z\r\n    Message:               the initial names have been accepted\r\n    Reason:                InitialNamesAccepted\r\n    Status:                True\r\n    Type:                  Established\r\n    Last Transition Time:  2022-04-12T00:29:03Z\r\n    Message:               CustomResource deletion is in progress\r\n    Reason:                InstanceDeletionInProgress\r\n    Status:                True\r\n    Type:                  Terminating         \u003c\u003c\u003c\u003c\u003c So it is deleting... but its stuck for some reason\r\n  Stored Versions:\r\n    v1\r\nEvents:  \u003cnone\u003e\r\n\r\n```\r\n\r\nIn conclusion, I got a scan CRD and a scan object that won't delete and are stuck for some unknown reason.\r\n\r\n### Steps To Reproduce\r\n\u003c!--\r\nSteps to reproduce the behavior:\r\n1. Go to '...'\r\n2. Click on '....'\r\n3. Scroll down to '....'\r\n4. See error\r\n--\u003e\r\nDescribed the problem above.\r\n\r\n### Expected behavior\r\n\u003c!-- A clear and concise description of what you expected to happen. --\u003e\r\nI expect CRDs and Scans to delete correctly and be removed from kubernetes resources.\r\n\r\n### System (please complete the following information):\r\n\u003c!--\r\n - secureCodeBox Version/Release 2.11.1 / Helm Chart 3.9.1 \r\n - OS: macOS Catalina\r\n - Kubernetes Version \r\n```\r\nClient Version: version.Info{Major:\"1\", Minor:\"22\", GitVersion:\"v1.22.5\", GitCommit:\"5c99e2ac2ff9a3c549d9ca665e7bc05a3e18f07e\", GitTreeState:\"clean\", BuildDate:\"2021-12-16T08:38:33Z\", GoVersion:\"go1.16.12\", Compiler:\"gc\", Platform:\"darwin/amd64\"}\r\nServer Version: version.Info{Major:\"1\", Minor:\"21+\", GitVersion:\"v1.21.5-eks-bc4871b\", GitCommit:\"5236faf39f1b7a7dabea8df12726f25608131aa9\", GitTreeState:\"clean\", BuildDate:\"2021-10-29T23:32:16Z\", GoVersion:\"go1.16.8\", Compiler:\"gc\", Platform:\"linux/amd64\"}\r\n```\r\n--\u003e\r\n\r\n### Screenshots / Logs\r\n\u003c!-- If applicable, add screenshots to help explain your problem. --\u003e\r\n\r\n### Additional context\r\n\u003c!-- Add any other context about the problem here. --\u003e\r\n\r\n","author":{"url":"https://github.com/Spritekin","@type":"Person","name":"Spritekin"},"datePublished":"2022-04-12T01:46:55.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":6},"url":"https://github.com/1101/secureCodeBox/issues/1101"}