✨ add feature flag for using cnspec v10 (#1006)

Signed-off-by: Ivan Milchev <ivan@mondoo.com>

config/manager/manager.yaml

@@ -46,9 +46,6 @@ spec:
         image: controller:latest
         imagePullPolicy: IfNotPresent
         name: manager
-        env:
-          - name: FEATURE_ENABLE_V9
-            value: "true"
         securityContext:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true

controllers/container_image/resources.go

@@ -14,7 +14,6 @@ import (
 	"go.mondoo.com/mondoo-operator/pkg/constants"
 	"go.mondoo.com/mondoo-operator/pkg/feature_flags"
 	"go.mondoo.com/mondoo-operator/pkg/utils/k8s"
-	"go.uber.org/zap"
 	"gopkg.in/yaml.v2"
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -233,6 +232,7 @@ func Inventory(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig)
 				{
 					Connections: []*inventory.Config{
 						{
+							Type: "k8s",
 							Options: map[string]string{
 								"namespaces":         strings.Join(m.Spec.Filtering.Namespaces.Include, ","),
 								"namespaces-exclude": strings.Join(m.Spec.Filtering.Namespaces.Exclude, ","),
@@ -251,14 +251,6 @@ func Inventory(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig)
 		},
 	}
 
-	if feature_flags.GetEnableV9() {
-		zap.S().Info("using v9 inventory")
-		inv.Spec.Assets[0].Connections[0].Type = "k8s"
-	} else {
-		zap.S().Info("using v8 inventory")
-		inv.Spec.Assets[0].Connections[0].Backend = inventory.ProviderType_K8S
-	}
-
 	if integrationMRN != "" {
 		for i := range inv.Spec.Assets {
 			inv.Spec.Assets[i].Labels[constants.MondooAssetsIntegrationLabel] = integrationMRN

controllers/nodes/resources.go

@@ -341,6 +341,7 @@ func Inventory(node corev1.Node, integrationMRN, clusterUID string, m v1alpha2.M
 					Name: node.Name,
 					Connections: []*inventory.Config{
 						{
+							Type:       "filesystem",
 							Host:       "/mnt/host",
 							PlatformId: fmt.Sprintf("//platformid.api.mondoo.app/runtime/k8s/uid/%s/node/%s", clusterUID, node.UID),
 						},
@@ -354,12 +355,6 @@ func Inventory(node corev1.Node, integrationMRN, clusterUID string, m v1alpha2.M
 		},
 	}
 
-	if feature_flags.GetEnableV9() {
-		inv.Spec.Assets[0].Connections[0].Type = "filesystem"
-	} else {
-		inv.Spec.Assets[0].Connections[0].Backend = inventory.ProviderType_FS
-	}
-
 	if integrationMRN != "" {
 		for i := range inv.Spec.Assets {
 			inv.Spec.Assets[i].Labels[constants.MondooAssetsIntegrationLabel] = integrationMRN

pkg/client/scanapiclient/client.go

@@ -15,7 +15,6 @@ import (
 	"go.mondoo.com/cnspec/v9/policy/scan"
 	"go.mondoo.com/mondoo-operator/pkg/client/common"
 	"go.mondoo.com/mondoo-operator/pkg/constants"
-	"go.mondoo.com/mondoo-operator/pkg/feature_flags"
 )
 
 const (
@@ -102,6 +101,7 @@ func (s *scanApiClient) ScanKubernetesResources(ctx context.Context, scanOpts *S
 					{
 						Connections: []*inventory.Config{
 							{
+								Type: "k8s",
 								Options: map[string]string{
 									"namespaces":         strings.Join(scanOpts.IncludeNamespaces, ","),
 									"namespaces-exclude": strings.Join(scanOpts.ExcludeNamespaces, ","),
@@ -117,13 +117,6 @@ func (s *scanApiClient) ScanKubernetesResources(ctx context.Context, scanOpts *S
 			},
 		},
 	}
-
-	if feature_flags.GetEnableV9() {
-		scanJob.Inventory.Spec.Assets[0].Connections[0].Type = "k8s"
-	} else {
-		scanJob.Inventory.Spec.Assets[0].Connections[0].Backend = inventory.ProviderType_K8S
-	}
-
 	setIntegrationMrn(scanOpts.IntegrationMrn, scanJob)
 
 	if scanOpts.ScanContainerImages {
@@ -158,6 +151,7 @@ func (s *scanApiClient) ScheduleKubernetesResourceScan(ctx context.Context, inte
 					{
 						Connections: []*inventory.Config{
 							{
+								Type: "k8s",
 								Options: map[string]string{
 									"k8s-resources": resourceKey,
 								},
@@ -172,12 +166,6 @@ func (s *scanApiClient) ScheduleKubernetesResourceScan(ctx context.Context, inte
 		},
 	}
 
-	if feature_flags.GetEnableV9() {
-		scanJob.Inventory.Spec.Assets[0].Connections[0].Type = "k8s"
-	} else {
-		scanJob.Inventory.Spec.Assets[0].Connections[0].Backend = inventory.ProviderType_K8S
-	}
-
 	if len(managedBy) > 0 {
 		scanJob.Inventory.Spec.Assets[0].ManagedBy = managedBy
 	}

pkg/feature_flags/feature_flags.go

@@ -14,7 +14,7 @@ const FeatureFlagPrefix = "FEATURE_"
 
 var (
 	enableAdmissionReviewDiscovery bool
-	enableV9                       bool
+	enableV10                      bool
 	allFeatureFlags                = make(map[string]string)
 )
 
@@ -46,8 +46,8 @@ func GetAdmissionReviewDiscovery() bool {
 	return enableAdmissionReviewDiscovery
 }
 
-func GetEnableV9() bool {
-	return enableV9
+func GetEnableV10() bool {
+	return enableV10
 }
 
 func setGlobalFlags(k, v string) {
@@ -57,7 +57,7 @@ func setGlobalFlags(k, v string) {
 	switch k {
 	case "FEATURE_ENABLE_ADMISSION_REVIEW_DISCOVERY":
 		enableAdmissionReviewDiscovery = true
-	case "FEATURE_ENABLE_V9":
-		enableV9 = true
+	case "FEATURE_ENABLE_V10":
+		enableV10 = true
 	}
 }

pkg/utils/mondoo/container_image_resolver.go

@@ -16,13 +16,12 @@ import (
 )
 
 const (
-	CnspecImageV9              = "ghcr.io/mondoohq/mondoo-operator/cnspec"
-	CnspecTagV9                = "9-rootless"
-	OpenShiftMondooClientTagV9 = "9-ubi-rootless"
+	CnspecTagV10                = "10-rootless"
+	OpenShiftMondooClientTagV10 = "10-ubi-rootless"
 
-	CnspecImage              = "docker.io/mondoo/cnspec"
-	CnspecTag                = "8-rootless"
-	OpenShiftMondooClientTag = "8-ubi-rootless"
+	CnspecImage              = "ghcr.io/mondoohq/mondoo-operator/cnspec"
+	CnspecTag                = "9-rootless"
+	OpenShiftMondooClientTag = "9-ubi-rootless"
 	MondooOperatorImage      = "ghcr.io/mondoohq/mondoo-operator"
 )
 
@@ -64,9 +63,8 @@ func (c *containerImageResolver) CnspecImage(userImage, userTag string, skipImag
 	}
 
 	defaultImage := CnspecImage
-	if feature_flags.GetEnableV9() {
-		defaultTag = CnspecTagV9
-		defaultImage = CnspecImageV9
+	if feature_flags.GetEnableV10() {
+		defaultTag = CnspecTagV10
 	}
 	image := userImageOrDefault(defaultImage, defaultTag, userImage, userTag)
 	return c.resolveImage(image, skipImageResolution)