✨ refactor: use ManagedByLabel for consistency in asset management

Author: slntopp

controllers/container_image/resources.go

@@ -13,6 +13,7 @@ import (
 	"go.mondoo.com/mondoo-operator/pkg/constants"
 	"go.mondoo.com/mondoo-operator/pkg/feature_flags"
 	"go.mondoo.com/mondoo-operator/pkg/utils/k8s"
+	mondoo "go.mondoo.com/mondoo-operator/pkg/utils/mondoo"
 	"go.mondoo.com/mql/v13/providers-sdk/v1/inventory"
 	"gopkg.in/yaml.v2"
 	batchv1 "k8s.io/api/batch/v1"
@@ -233,7 +234,7 @@ func Inventory(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig,
 					Labels: map[string]string{
 						"k8s.mondoo.com/kind": "node",
 					},
-					ManagedBy: "mondoo-operator-" + clusterUID,
+					ManagedBy: mondoo.ManagedByLabel(clusterUID),
 				},
 			},
 		},

controllers/k8s_scan/deployment_handler.go

@@ -598,8 +598,7 @@ func (n *DeploymentHandler) garbageCollectIfNeeded(ctx context.Context, clusterU
 		return
 	}
 
-	managedBy := "mondoo-operator-" + clusterUid
-	if err := n.performGarbageCollection(ctx, managedBy); err != nil {
+	if err := n.performGarbageCollection(ctx, mondoo.ManagedByLabel(clusterUid)); err != nil {
 		logger.Error(err, "Failed to perform garbage collection of K8s resource scan assets")
 	}
 

controllers/k8s_scan/resources.go

@@ -14,6 +14,7 @@ import (
 	"go.mondoo.com/mondoo-operator/pkg/constants"
 	"go.mondoo.com/mondoo-operator/pkg/feature_flags"
 	"go.mondoo.com/mondoo-operator/pkg/utils/k8s"
+	mondoo "go.mondoo.com/mondoo-operator/pkg/utils/mondoo"
 	"go.mondoo.com/mql/v13/providers-sdk/v1/inventory"
 	"gopkg.in/yaml.v2"
 	batchv1 "k8s.io/api/batch/v1"
@@ -954,7 +955,7 @@ func Inventory(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig,
 					Labels: map[string]string{
 						"k8s.mondoo.com/kind": "cluster",
 					},
-					ManagedBy: "mondoo-operator-" + clusterUID,
+					ManagedBy: mondoo.ManagedByLabel(clusterUID),
 				},
 			},
 		},
@@ -1024,7 +1025,7 @@ func ExternalClusterInventory(integrationMRN, operatorClusterUID string, cluster
 						"mondoo.com/cluster-name":  cluster.Name,
 						"mondoo.com/external-scan": "true",
 					},
-					ManagedBy: "mondoo-operator-" + operatorClusterUID,
+					ManagedBy: mondoo.ManagedByLabel(operatorClusterUID),
 				},
 			},
 		},

controllers/nodes/deployment_handler.go

@@ -422,7 +422,7 @@ func (n *DeploymentHandler) garbageCollectIfNeeded(ctx context.Context, clusterU
 		return
 	}
 
-	managedBy := "mondoo-operator-" + clusterUid
+	managedBy := mondoo.ManagedByLabel(clusterUid)
 	if err := n.performGarbageCollection(ctx, managedBy); err != nil {
 		logger.Error(err, "Failed to perform garbage collection of node scan assets")
 	}

controllers/nodes/resources.go

@@ -21,6 +21,7 @@ import (
 	"go.mondoo.com/mondoo-operator/pkg/constants"
 	"go.mondoo.com/mondoo-operator/pkg/utils/gomemlimit"
 	"go.mondoo.com/mondoo-operator/pkg/utils/k8s"
+	mondoo "go.mondoo.com/mondoo-operator/pkg/utils/mondoo"
 	"go.mondoo.com/mql/v13/providers-sdk/v1/inventory"
 )
 
@@ -388,7 +389,7 @@ func Inventory(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig)
 					Labels: map[string]string{
 						"k8s.mondoo.com/kind": "node",
 					},
-					ManagedBy: "mondoo-operator-" + clusterUID,
+					ManagedBy: mondoo.ManagedByLabel(clusterUID),
 				},
 			},
 		},

controllers/resource_watcher/scanner.go

@@ -17,6 +17,7 @@ import (
 	"sigs.k8s.io/yaml"
 
 	"go.mondoo.com/mondoo-operator/pkg/annotations"
+	mondoo "go.mondoo.com/mondoo-operator/pkg/utils/mondoo"
 )
 
 var scannerLogger = ctrl.Log.WithName("resource-watcher-scanner")
@@ -162,10 +163,7 @@ func (s *Scanner) generateInventory(resources []K8sResourceIdentifier) ([]byte,
 		opts["namespaces-exclude"] = strings.Join(s.config.NamespacesExclude, ",")
 	}
 
-	managedBy := "mondoo-operator"
-	if s.config.ClusterUID != "" {
-		managedBy = "mondoo-operator-" + s.config.ClusterUID
-	}
+	managedBy := mondoo.ManagedByLabel(s.config.ClusterUID)
 
 	inv := &inventory.Inventory{
 		Metadata: &inventory.ObjectMeta{

pkg/utils/mondoo/gc.go

@@ -21,6 +21,15 @@ import (
 
 const defaultGCOlderThan = 2 * time.Hour
 
+// ManagedByLabel returns the ManagedBy value for assets owned by this operator instance.
+// The cluster UID uniquely identifies which operator instance manages the assets.
+func ManagedByLabel(clusterUID string) string {
+	if clusterUID == "" {
+		return "mondoo-operator"
+	}
+	return "mondoo-operator-" + clusterUID
+}
+
 // GCOlderThan returns the duration threshold for garbage collection.
 // It defaults to 2h but can be overridden via the MONDOO_GC_OLDER_THAN env var
 // (accepts any value parseable by time.ParseDuration, e.g. "5m", "30s").