From 7dae75575f4bdae097ed94879fe0ee04d1ee3c86 Mon Sep 17 00:00:00 2001 From: Ivan Milchev Date: Tue, 23 Jan 2024 11:52:40 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20add=20feature=20flag=20for=20using?= =?UTF-8?q?=20cnspec=20v10=20(#1006)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Ivan Milchev --- config/manager/manager.yaml | 3 --- controllers/container_image/resources.go | 10 +--------- controllers/nodes/resources.go | 7 +------ pkg/client/scanapiclient/client.go | 16 ++-------------- pkg/feature_flags/feature_flags.go | 10 +++++----- pkg/utils/mondoo/container_image_resolver.go | 16 +++++++--------- 6 files changed, 16 insertions(+), 46 deletions(-) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 9b54d40a5..5c2407bc8 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -46,9 +46,6 @@ spec: image: controller:latest imagePullPolicy: IfNotPresent name: manager - env: - - name: FEATURE_ENABLE_V9 - value: "true" securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/controllers/container_image/resources.go b/controllers/container_image/resources.go index 71f49e8f3..140aa7602 100644 --- a/controllers/container_image/resources.go +++ b/controllers/container_image/resources.go @@ -14,7 +14,6 @@ import ( "go.mondoo.com/mondoo-operator/pkg/constants" "go.mondoo.com/mondoo-operator/pkg/feature_flags" "go.mondoo.com/mondoo-operator/pkg/utils/k8s" - "go.uber.org/zap" "gopkg.in/yaml.v2" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" @@ -233,6 +232,7 @@ func Inventory(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig) { Connections: []*inventory.Config{ { + Type: "k8s", Options: map[string]string{ "namespaces": strings.Join(m.Spec.Filtering.Namespaces.Include, ","), "namespaces-exclude": strings.Join(m.Spec.Filtering.Namespaces.Exclude, ","), @@ -251,14 +251,6 @@ func Inventory(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig) }, } - if feature_flags.GetEnableV9() { - zap.S().Info("using v9 inventory") - inv.Spec.Assets[0].Connections[0].Type = "k8s" - } else { - zap.S().Info("using v8 inventory") - inv.Spec.Assets[0].Connections[0].Backend = inventory.ProviderType_K8S - } - if integrationMRN != "" { for i := range inv.Spec.Assets { inv.Spec.Assets[i].Labels[constants.MondooAssetsIntegrationLabel] = integrationMRN diff --git a/controllers/nodes/resources.go b/controllers/nodes/resources.go index c6f17590a..c00712163 100644 --- a/controllers/nodes/resources.go +++ b/controllers/nodes/resources.go @@ -341,6 +341,7 @@ func Inventory(node corev1.Node, integrationMRN, clusterUID string, m v1alpha2.M Name: node.Name, Connections: []*inventory.Config{ { + Type: "filesystem", Host: "/mnt/host", PlatformId: fmt.Sprintf("//platformid.api.mondoo.app/runtime/k8s/uid/%s/node/%s", clusterUID, node.UID), }, @@ -354,12 +355,6 @@ func Inventory(node corev1.Node, integrationMRN, clusterUID string, m v1alpha2.M }, } - if feature_flags.GetEnableV9() { - inv.Spec.Assets[0].Connections[0].Type = "filesystem" - } else { - inv.Spec.Assets[0].Connections[0].Backend = inventory.ProviderType_FS - } - if integrationMRN != "" { for i := range inv.Spec.Assets { inv.Spec.Assets[i].Labels[constants.MondooAssetsIntegrationLabel] = integrationMRN diff --git a/pkg/client/scanapiclient/client.go b/pkg/client/scanapiclient/client.go index 02e783e05..29cbd1e2b 100644 --- a/pkg/client/scanapiclient/client.go +++ b/pkg/client/scanapiclient/client.go @@ -15,7 +15,6 @@ import ( "go.mondoo.com/cnspec/v9/policy/scan" "go.mondoo.com/mondoo-operator/pkg/client/common" "go.mondoo.com/mondoo-operator/pkg/constants" - "go.mondoo.com/mondoo-operator/pkg/feature_flags" ) const ( @@ -102,6 +101,7 @@ func (s *scanApiClient) ScanKubernetesResources(ctx context.Context, scanOpts *S { Connections: []*inventory.Config{ { + Type: "k8s", Options: map[string]string{ "namespaces": strings.Join(scanOpts.IncludeNamespaces, ","), "namespaces-exclude": strings.Join(scanOpts.ExcludeNamespaces, ","), @@ -117,13 +117,6 @@ func (s *scanApiClient) ScanKubernetesResources(ctx context.Context, scanOpts *S }, }, } - - if feature_flags.GetEnableV9() { - scanJob.Inventory.Spec.Assets[0].Connections[0].Type = "k8s" - } else { - scanJob.Inventory.Spec.Assets[0].Connections[0].Backend = inventory.ProviderType_K8S - } - setIntegrationMrn(scanOpts.IntegrationMrn, scanJob) if scanOpts.ScanContainerImages { @@ -158,6 +151,7 @@ func (s *scanApiClient) ScheduleKubernetesResourceScan(ctx context.Context, inte { Connections: []*inventory.Config{ { + Type: "k8s", Options: map[string]string{ "k8s-resources": resourceKey, }, @@ -172,12 +166,6 @@ func (s *scanApiClient) ScheduleKubernetesResourceScan(ctx context.Context, inte }, } - if feature_flags.GetEnableV9() { - scanJob.Inventory.Spec.Assets[0].Connections[0].Type = "k8s" - } else { - scanJob.Inventory.Spec.Assets[0].Connections[0].Backend = inventory.ProviderType_K8S - } - if len(managedBy) > 0 { scanJob.Inventory.Spec.Assets[0].ManagedBy = managedBy } diff --git a/pkg/feature_flags/feature_flags.go b/pkg/feature_flags/feature_flags.go index a4f90ac44..520e009f4 100644 --- a/pkg/feature_flags/feature_flags.go +++ b/pkg/feature_flags/feature_flags.go @@ -14,7 +14,7 @@ const FeatureFlagPrefix = "FEATURE_" var ( enableAdmissionReviewDiscovery bool - enableV9 bool + enableV10 bool allFeatureFlags = make(map[string]string) ) @@ -46,8 +46,8 @@ func GetAdmissionReviewDiscovery() bool { return enableAdmissionReviewDiscovery } -func GetEnableV9() bool { - return enableV9 +func GetEnableV10() bool { + return enableV10 } func setGlobalFlags(k, v string) { @@ -57,7 +57,7 @@ func setGlobalFlags(k, v string) { switch k { case "FEATURE_ENABLE_ADMISSION_REVIEW_DISCOVERY": enableAdmissionReviewDiscovery = true - case "FEATURE_ENABLE_V9": - enableV9 = true + case "FEATURE_ENABLE_V10": + enableV10 = true } } diff --git a/pkg/utils/mondoo/container_image_resolver.go b/pkg/utils/mondoo/container_image_resolver.go index 59cc1eccf..26305f28d 100644 --- a/pkg/utils/mondoo/container_image_resolver.go +++ b/pkg/utils/mondoo/container_image_resolver.go @@ -16,13 +16,12 @@ import ( ) const ( - CnspecImageV9 = "ghcr.io/mondoohq/mondoo-operator/cnspec" - CnspecTagV9 = "9-rootless" - OpenShiftMondooClientTagV9 = "9-ubi-rootless" + CnspecTagV10 = "10-rootless" + OpenShiftMondooClientTagV10 = "10-ubi-rootless" - CnspecImage = "docker.io/mondoo/cnspec" - CnspecTag = "8-rootless" - OpenShiftMondooClientTag = "8-ubi-rootless" + CnspecImage = "ghcr.io/mondoohq/mondoo-operator/cnspec" + CnspecTag = "9-rootless" + OpenShiftMondooClientTag = "9-ubi-rootless" MondooOperatorImage = "ghcr.io/mondoohq/mondoo-operator" ) @@ -64,9 +63,8 @@ func (c *containerImageResolver) CnspecImage(userImage, userTag string, skipImag } defaultImage := CnspecImage - if feature_flags.GetEnableV9() { - defaultTag = CnspecTagV9 - defaultImage = CnspecImageV9 + if feature_flags.GetEnableV10() { + defaultTag = CnspecTagV10 } image := userImageOrDefault(defaultImage, defaultTag, userImage, userTag) return c.resolveImage(image, skipImageResolution)