Fixed init ops

Signed-off-by: Afek Berger <[email protected]>

go.sum

@@ -553,8 +553,8 @@ github.com/kubescape/go-logger v0.0.23 h1:5xh+Nm8eGImhFbtippRKLaFgsvlKE1ufvQhNM2
 github.com/kubescape/go-logger v0.0.23/go.mod h1:Ayg7g769c7sXVB+P3fkJmbsJpoEmMmaUf9jeo+XuC3U=
 github.com/kubescape/k8s-interface v0.0.170 h1:EtzomWoeeIWDz7QrAEsqUDpLHQwoh2m3tZITfrE/tiE=
 github.com/kubescape/k8s-interface v0.0.170/go.mod h1:VoEoHI4Va08NiGAkYzbITF50aFMT5y4fPHRb4x2LtME=
-github.com/kubescape/storage v0.0.132 h1:OmZ/thFrh0n29yvYYTce6aoVfpgSDi5k7rwtFHHGAoA=
-github.com/kubescape/storage v0.0.132/go.mod h1:0MIrMh9DVEPmT1+d7siysH6TX+8fTjXIIedoot/6klI=
+github.com/kubescape/storage v0.0.133-0.20241114082538-8774d0f17953 h1:oTtKX44Z3COHaN3HrEnwAdUzmDXaYcV4+0CqN+IigaI=
+github.com/kubescape/storage v0.0.133-0.20241114082538-8774d0f17953/go.mod h1:0MIrMh9DVEPmT1+d7siysH6TX+8fTjXIIedoot/6klI=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=

pkg/applicationprofilemanager/v1/applicationprofile_manager.go

@@ -190,16 +190,21 @@ func (am *ApplicationProfileManager) monitorContainer(ctx context.Context, conta
 				watchedContainer.UpdateDataTicker.Reset(utils.AddJitter(am.cfg.UpdateDataPeriod, am.cfg.MaxJitterPercentage))
 			}
 			watchedContainer.SetStatus(utils.WatchedContainerStatusReady)
-			am.saveProfile(ctx, watchedContainer, container.K8s.Namespace, initOps)
-			initOps = nil
+			am.saveProfile(ctx, watchedContainer, container.K8s.Namespace, nil)
+
+			// save profile after initialaztion
+			if initOps != nil {
+				am.saveProfile(ctx, watchedContainer, container.K8s.Namespace, initOps)
+				initOps = nil
+			}
+
 		case err := <-watchedContainer.SyncChannel:
 			switch {
 			case errors.Is(err, utils.ContainerHasTerminatedError):
 				// if exit code is 0 we set the status to completed
 				if objectcache.GetTerminationExitCode(am.k8sObjectCache, container.K8s.Namespace, container.K8s.PodName, container.K8s.ContainerName, container.Runtime.ContainerID) == 0 {
 					watchedContainer.SetStatus(utils.WatchedContainerStatusCompleted)
 				}
-
 				am.saveProfile(ctx, watchedContainer, container.K8s.Namespace, nil)
 				return err
 			case errors.Is(err, utils.ContainerReachedMaxTime):

pkg/applicationprofilemanager/v1/helpers.go

@@ -109,22 +109,22 @@ func IsPolicyIncluded(existingPolicy, newPolicy *v1beta1.RulePolicy) bool {
 func GetInitOperations(containerType string, containerIndex int) []utils.PatchOperation {
 	var operations []utils.PatchOperation
 
+	ids := ruleengine.NewRuleCreator().GetAllRuleIDs()
+	rulePoliciesMap := make(map[string]v1beta1.RulePolicy)
+	for _, id := range ids {
+		rulePoliciesMap[id] = v1beta1.RulePolicy{
+			AllowedContainer: false,
+			AllowedProcesses: []string{},
+		}
+	}
+
 	createMap := utils.PatchOperation{
-		Op:    "add",
+		Op:    "replace",
 		Path:  fmt.Sprintf("/spec/%s/%d/rulePolicies", containerType, containerIndex),
-		Value: map[string]v1beta1.RulePolicy{},
+		Value: rulePoliciesMap,
 	}
 
 	operations = append(operations, createMap)
 
-	ids := ruleengine.NewRuleCreator().GetAllRuleIDs()
-	for _, id := range ids {
-		operation := utils.PatchOperation{
-			Op:    "add",
-			Path:  fmt.Sprintf("/spec/%s/%d/rulePolicies/%s", containerType, containerIndex, id),
-			Value: v1beta1.RulePolicy{},
-		}
-		operations = append(operations, operation)
-	}
 	return operations
 }