diff --git a/controllers/k8s_scan/deployment_handler.go b/controllers/k8s_scan/deployment_handler.go index 2d21327ac..0a5a0256e 100644 --- a/controllers/k8s_scan/deployment_handler.go +++ b/controllers/k8s_scan/deployment_handler.go @@ -82,7 +82,7 @@ func (n *DeploymentHandler) syncCronJob(ctx context.Context) error { } existing := &batchv1.CronJob{} - desired := CronJob(mondooOperatorImage, integrationMrn, clusterUid, *n.Mondoo, *n.MondooOperatorConfig) + desired := CronJob(mondooOperatorImage, integrationMrn, clusterUid, *n.Mondoo) if err := ctrl.SetControllerReference(n.Mondoo, desired, n.KubeClient.Scheme()); err != nil { logger.Error(err, "Failed to set ControllerReference", "namespace", desired.Namespace, "name", desired.Name) return err diff --git a/controllers/k8s_scan/deployment_handler_test.go b/controllers/k8s_scan/deployment_handler_test.go index 3ffa076a6..09c41297e 100644 --- a/controllers/k8s_scan/deployment_handler_test.go +++ b/controllers/k8s_scan/deployment_handler_test.go @@ -95,7 +95,7 @@ func (s *DeploymentHandlerSuite) TestReconcile_Create() { image, err := s.containerImageResolver.MondooOperatorImage("", "", false) s.NoError(err) - expected := CronJob(image, "", test.KubeSystemNamespaceUid, s.auditConfig, mondoov1alpha2.MondooOperatorConfig{}) + expected := CronJob(image, "", test.KubeSystemNamespaceUid, s.auditConfig) s.NoError(ctrl.SetControllerReference(&s.auditConfig, expected, d.KubeClient.Scheme())) // Set some fields that the kube client sets @@ -149,7 +149,7 @@ func (s *DeploymentHandlerSuite) TestReconcile_Create_ConsoleIntegration() { image, err := s.containerImageResolver.MondooOperatorImage("", "", false) s.NoError(err) - expected := CronJob(image, integrationMrn, test.KubeSystemNamespaceUid, s.auditConfig, mondoov1alpha2.MondooOperatorConfig{}) + expected := CronJob(image, integrationMrn, test.KubeSystemNamespaceUid, s.auditConfig) s.NoError(ctrl.SetControllerReference(&s.auditConfig, expected, d.KubeClient.Scheme())) // Set some fields that the kube client sets @@ -179,7 +179,7 @@ func (s *DeploymentHandlerSuite) TestReconcile_Update() { s.NoError(err) // Make sure a cron job exists with different container command - cronJob := CronJob(image, "", "", s.auditConfig, mondoov1alpha2.MondooOperatorConfig{}) + cronJob := CronJob(image, "", "", s.auditConfig) cronJob.Spec.JobTemplate.Spec.Template.Spec.Containers[0].Command = []string{"test-command"} s.NoError(d.KubeClient.Create(s.ctx, cronJob)) @@ -187,7 +187,7 @@ func (s *DeploymentHandlerSuite) TestReconcile_Update() { s.NoError(err) s.True(result.IsZero()) - expected := CronJob(image, "", test.KubeSystemNamespaceUid, s.auditConfig, mondoov1alpha2.MondooOperatorConfig{}) + expected := CronJob(image, "", test.KubeSystemNamespaceUid, s.auditConfig) s.NoError(ctrl.SetControllerReference(&s.auditConfig, expected, d.KubeClient.Scheme())) // Set some fields that the kube client sets diff --git a/controllers/k8s_scan/resources.go b/controllers/k8s_scan/resources.go index e935de7f4..ec1deed56 100644 --- a/controllers/k8s_scan/resources.go +++ b/controllers/k8s_scan/resources.go @@ -25,7 +25,7 @@ import ( const CronJobNameSuffix = "-k8s-scan" -func CronJob(image, integrationMrn, clusterUid string, m v1alpha2.MondooAuditConfig, cfg v1alpha2.MondooOperatorConfig) *batchv1.CronJob { +func CronJob(image, integrationMrn, clusterUid string, m v1alpha2.MondooAuditConfig) *batchv1.CronJob { ls := CronJobLabels(m) cronTab := fmt.Sprintf("%d * * * *", time.Now().Add(1*time.Minute).Minute()) @@ -57,10 +57,6 @@ func CronJob(image, integrationMrn, clusterUid string, m v1alpha2.MondooAuditCon containerArgs = append(containerArgs, []string{"--set-managed-by", scannedAssetsManagedBy}...) } - if cfg.Spec.HttpProxy != nil { - containerArgs = append(containerArgs, []string{"--api-proxy", *cfg.Spec.HttpProxy}...) - } - return &batchv1.CronJob{ ObjectMeta: metav1.ObjectMeta{ Name: CronJobName(m.Name), diff --git a/controllers/nodes/deployment_handler.go b/controllers/nodes/deployment_handler.go index 36880efad..f9441871c 100644 --- a/controllers/nodes/deployment_handler.go +++ b/controllers/nodes/deployment_handler.go @@ -88,7 +88,7 @@ func (n *DeploymentHandler) syncCronJob(ctx context.Context) error { } existing := &batchv1.CronJob{} - desired := CronJob(mondooClientImage, node, *n.Mondoo, n.IsOpenshift) + desired := CronJob(mondooClientImage, node, *n.Mondoo, n.IsOpenshift, *n.MondooOperatorConfig) if err := ctrl.SetControllerReference(n.Mondoo, desired, n.KubeClient.Scheme()); err != nil { logger.Error(err, "Failed to set ControllerReference", "namespace", desired.Namespace, "name", desired.Name) @@ -227,7 +227,7 @@ func (n *DeploymentHandler) cleanupCronJobsForDeletedNodes(ctx context.Context, func (n *DeploymentHandler) syncGCCronjob(ctx context.Context, mondooOperatorImage, clusterUid string) error { existing := &batchv1.CronJob{} - desired := GarbageCollectCronJob(mondooOperatorImage, clusterUid, *n.Mondoo, *n.MondooOperatorConfig) + desired := GarbageCollectCronJob(mondooOperatorImage, clusterUid, *n.Mondoo) if err := ctrl.SetControllerReference(n.Mondoo, desired, n.KubeClient.Scheme()); err != nil { logger.Error(err, "Failed to set ControllerReference", "namespace", desired.Namespace, "name", desired.Name) diff --git a/controllers/nodes/deployment_handler_test.go b/controllers/nodes/deployment_handler_test.go index c79b4fc86..4b993114b 100644 --- a/controllers/nodes/deployment_handler_test.go +++ b/controllers/nodes/deployment_handler_test.go @@ -16,7 +16,7 @@ import ( "time" "github.com/stretchr/testify/suite" - mondoov1alpha2 "go.mondoo.com/mondoo-operator/api/v1alpha2" + "go.mondoo.com/mondoo-operator/api/v1alpha2" "go.mondoo.com/mondoo-operator/pkg/client/mondooclient" "go.mondoo.com/mondoo-operator/pkg/constants" "go.mondoo.com/mondoo-operator/pkg/utils/mondoo" @@ -42,14 +42,14 @@ type DeploymentHandlerSuite struct { scheme *runtime.Scheme containerImageResolver mondoo.ContainerImageResolver - auditConfig mondoov1alpha2.MondooAuditConfig + auditConfig v1alpha2.MondooAuditConfig fakeClientBuilder *fake.ClientBuilder } func (s *DeploymentHandlerSuite) SetupSuite() { s.ctx = context.Background() s.scheme = clientgoscheme.Scheme - s.Require().NoError(mondoov1alpha2.AddToScheme(s.scheme)) + s.Require().NoError(v1alpha2.AddToScheme(s.scheme)) s.containerImageResolver = fakeMondoo.NewNoOpContainerImageResolver() } @@ -237,7 +237,7 @@ func (s *DeploymentHandlerSuite) TestReconcile_CreateCronJobs() { s.NoError(err) for _, n := range nodes.Items { - expected := CronJob(image, n, s.auditConfig, false) + expected := CronJob(image, n, s.auditConfig, false, v1alpha2.MondooOperatorConfig{}) s.NoError(ctrl.SetControllerReference(&s.auditConfig, expected, d.KubeClient.Scheme())) // Set some fields that the kube client sets @@ -259,7 +259,7 @@ func (s *DeploymentHandlerSuite) TestReconcile_CreateCronJobs() { s.NoError(err) // Verify node garbage collection cronjob - expected := GarbageCollectCronJob(operatorImage, "abcdefg", s.auditConfig, mondoov1alpha2.MondooOperatorConfig{}) + expected := GarbageCollectCronJob(operatorImage, "abcdefg", s.auditConfig) s.NoError(ctrl.SetControllerReference(&s.auditConfig, expected, d.KubeClient.Scheme())) // Set some fields that the kube client sets @@ -287,7 +287,7 @@ func (s *DeploymentHandlerSuite) TestReconcile_UpdateCronJobs() { s.NoError(err) // Make sure a cron job exists for one of the nodes - cronJob := CronJob(image, nodes.Items[1], s.auditConfig, false) + cronJob := CronJob(image, nodes.Items[1], s.auditConfig, false, v1alpha2.MondooOperatorConfig{}) cronJob.Spec.JobTemplate.Spec.Template.Spec.Containers[0].Command = []string{"test-command"} s.NoError(d.KubeClient.Create(s.ctx, cronJob)) @@ -296,7 +296,7 @@ func (s *DeploymentHandlerSuite) TestReconcile_UpdateCronJobs() { s.True(result.IsZero()) for i, n := range nodes.Items { - expected := CronJob(image, n, s.auditConfig, false) + expected := CronJob(image, n, s.auditConfig, false, v1alpha2.MondooOperatorConfig{}) s.NoError(ctrl.SetControllerReference(&s.auditConfig, expected, d.KubeClient.Scheme())) // Set some fields that the kube client sets @@ -349,7 +349,7 @@ func (s *DeploymentHandlerSuite) TestReconcile_CleanCronJobsForDeletedNodes() { s.Equal(1, len(cronJobs.Items)) - expected := CronJob(image, nodes.Items[0], s.auditConfig, false) + expected := CronJob(image, nodes.Items[0], s.auditConfig, false, v1alpha2.MondooOperatorConfig{}) s.NoError(ctrl.SetControllerReference(&s.auditConfig, expected, d.KubeClient.Scheme())) // Set some fields that the kube client sets @@ -467,7 +467,7 @@ func (s *DeploymentHandlerSuite) createDeploymentHandler() DeploymentHandler { KubeClient: s.fakeClientBuilder.Build(), Mondoo: &s.auditConfig, ContainerImageResolver: s.containerImageResolver, - MondooOperatorConfig: &mondoov1alpha2.MondooOperatorConfig{}, + MondooOperatorConfig: &v1alpha2.MondooOperatorConfig{}, } } diff --git a/controllers/nodes/resources.go b/controllers/nodes/resources.go index fcaeaf8ab..8ffeb79a5 100644 --- a/controllers/nodes/resources.go +++ b/controllers/nodes/resources.go @@ -41,7 +41,7 @@ const ( ignoreAnnotationValue = "ignore" ) -func CronJob(image string, node corev1.Node, m v1alpha2.MondooAuditConfig, isOpenshift bool) *batchv1.CronJob { +func CronJob(image string, node corev1.Node, m v1alpha2.MondooAuditConfig, isOpenshift bool, cfg v1alpha2.MondooOperatorConfig) *batchv1.CronJob { ls := CronJobLabels(m) cronTab := fmt.Sprintf("%d * * * *", time.Now().Add(1*time.Minute).Minute()) @@ -55,6 +55,10 @@ func CronJob(image string, node corev1.Node, m v1alpha2.MondooAuditConfig, isOpe "--score-threshold", "0", } + if cfg.Spec.HttpProxy != nil { + cmd = append(cmd, []string{"--api-proxy", *cfg.Spec.HttpProxy}...) + } + return &batchv1.CronJob{ ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ @@ -189,7 +193,7 @@ func CronJob(image string, node corev1.Node, m v1alpha2.MondooAuditConfig, isOpe } } -func GarbageCollectCronJob(image, clusterUid string, m v1alpha2.MondooAuditConfig, cfg v1alpha2.MondooOperatorConfig) *batchv1.CronJob { +func GarbageCollectCronJob(image, clusterUid string, m v1alpha2.MondooAuditConfig) *batchv1.CronJob { ls := CronJobLabels(m) cronTab := fmt.Sprintf("%d */2 * * *", time.Now().Add(1*time.Minute).Minute()) @@ -211,10 +215,6 @@ func GarbageCollectCronJob(image, clusterUid string, m v1alpha2.MondooAuditConfi containerArgs = append(containerArgs, []string{"--filter-managed-by", scannedAssetsManagedBy}...) } - if cfg.Spec.HttpProxy != nil { - containerArgs = append(containerArgs, []string{"--api-proxy", *cfg.Spec.HttpProxy}...) - } - return &batchv1.CronJob{ ObjectMeta: metav1.ObjectMeta{ Name: GarbageCollectCronJobName(m.Name), diff --git a/controllers/nodes/resources_test.go b/controllers/nodes/resources_test.go index a0b1a5fa4..4326fcbda 100644 --- a/controllers/nodes/resources_test.go +++ b/controllers/nodes/resources_test.go @@ -153,7 +153,7 @@ func TestResources(t *testing.T) { }, } mac := *test.mondooauditconfig() - cronJobSepc := CronJob("test123", *testNode, mac, false) + cronJobSepc := CronJob("test123", *testNode, mac, false, v1alpha2.MondooOperatorConfig{}) assert.Equal(t, test.expectedResources, cronJobSepc.Spec.JobTemplate.Spec.Template.Spec.Containers[0].Resources) }) } @@ -166,7 +166,7 @@ func TestCronJob_PrivilegedOpenshift(t *testing.T) { }, } mac := testMondooAuditConfig() - cronJobSepc := CronJob("test123", *testNode, *mac, true) + cronJobSepc := CronJob("test123", *testNode, *mac, true, v1alpha2.MondooOperatorConfig{}) assert.True(t, *cronJobSepc.Spec.JobTemplate.Spec.Template.Spec.Containers[0].SecurityContext.Privileged) assert.True(t, *cronJobSepc.Spec.JobTemplate.Spec.Template.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation) } @@ -178,7 +178,7 @@ func TestCronJob_Privileged(t *testing.T) { }, } mac := testMondooAuditConfig() - cronJobSepc := CronJob("test123", *testNode, *mac, false) + cronJobSepc := CronJob("test123", *testNode, *mac, false, v1alpha2.MondooOperatorConfig{}) assert.False(t, *cronJobSepc.Spec.JobTemplate.Spec.Template.Spec.Containers[0].SecurityContext.Privileged) assert.False(t, *cronJobSepc.Spec.JobTemplate.Spec.Template.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation) }