Add support for stopping Scans to Orchestrator

[chrisgacsal]

Description

• Add ScanWatcher to look up for Scans which status has changed to Aborted and updated all the corresponding ScanResult status to ABORTED so the Scanner Worker and the CLI could detect cancellation events.
• Update Scanner Worker to detect if the ScanResult state is changed to Aborted.

Type of Change

[ ] Bug Fix
[x] New Feature
[ ] Breaking Change
[ ] Refactor
[ ] Documentation
[ ] Other (please describe)

Checklist

• I have read the contributing guidelines
• Existing issues have been referenced (where applicable)
• I have verified this change is not present in other open pull requests
• Functionality is documented
• All code style checks pass
• New code contribution is covered by automated tests
• All new and existing tests pass

Test Plan

Manual steps to test aborting ongoing scans in live environment.

Expand

Scan configuration

Create Scan Configuration file

cat <<EOF > scanconfig.json
{
  "name": "test",
  "scanFamiliesConfig": {
     "sbom": {
       "enabled": true
     },
     "vulnerabilities": {
       "enabled": true
     },
     "exploits": {
       "enabled": true
     }
  },
  "scheduled": {
    "cronLine": "0 */4 * * *",
    "operationTime": "2023-01-20T15:46:18+00:00"
  },
  "scope": {
    "allRegions": true,
    "objectType": "AwsScanScope",
    "instanceTagSelector": [
      {
        "key": "ScanConfig",
        "value": "test"
      }
    ]
  }
}
EOF

Apply Scan Configuration to API

curl -sSf -X POST 'http://localhost:8888/api/scanConfigs' -H 'Content-Type: application/json' \
  -d @scanconfig.json \
| jq -r -e '.id' > scanconfig.id

Get Scan Configuration object from API

curl -sSf -X GET 'http://localhost:8888/api/scanConfigs/'"$(cat scanconfig.id)"'' \
| jq -r -e '.' > scanconfig.api.json

Start Scan

Start Scan using Scan Config

jq -r -e '{maxParallelScanners, name, scanFamiliesConfig, scheduled, scope} | .scheduled.operationTime = (now|todate)' \
  scanconfig.api.json \
| curl -sSf -X PUT -H 'Content-Type: application/json' 'http://localhost:8888/api/scanConfigs/'"$(cat scanconfig.id)"'' \
  -d @-

Get ongoing Scan from API using ScanConfig id

curl -sSf -G 'http://localhost:8888/api/scans' \
  --data-urlencode "\$filter=scanConfig/id eq '$(cat scanconfig.id)' and state ne 'Done' and state ne 'Failed'" \
| jq -r -e '.items[] | first' > scan.api.json

Abort Scan in progress

cat <<EOF > scan-aborted.json
{
  "state": "Aborted"
}
EOF

jq -r -e '.id' scan.api.json > scan.id \
&& curl -sSf -X PATCH -H 'Content-Type: application/json' \
  "http://localhost:8888/api/scans/$(cat scan.id)" \
  -d @scan-aborted.json \
| jq -r -e '.' > scan-aborted.api.json

[chrisgacsal]

The PR is ready for review. I have added a test plan with manual steps to verify the functionality to abort running scans.

[ghost]

Overall looking great, I've got a couple of suggestions, happy to punt them to later.