Skip to content

Commit a45ae82

Browse files
slntoppclaude
andcommitted
fix: replace gopkg.in/yaml.v2 with sigs.k8s.io/yaml to fix ManagedBy propagation
The ManagedBy field on the protobuf Asset struct has only a JSON tag (json:"managed_by,omitempty") but no yaml tag. gopkg.in/yaml.v2 serializes it as "managedby" (lowercase field name fallback), while cnspec reads inventories with sigs.k8s.io/yaml which expects "managed_by" (from JSON tags). This caused ManagedBy to be silently lost during serialization for k8s resource and container image scans. Node scans already used sigs.k8s.io/yaml, which is why they were unaffected. This also removes the gopkg.in/yaml.v2 dependency entirely. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent b16def1 commit a45ae82

8 files changed

Lines changed: 7 additions & 8 deletions

File tree

controllers/container_image/resources.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,11 @@ import (
1515
"go.mondoo.com/mondoo-operator/pkg/utils/k8s"
1616
mondoo "go.mondoo.com/mondoo-operator/pkg/utils/mondoo"
1717
"go.mondoo.com/mql/v13/providers-sdk/v1/inventory"
18-
"gopkg.in/yaml.v2"
1918
batchv1 "k8s.io/api/batch/v1"
2019
corev1 "k8s.io/api/core/v1"
2120
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2221
"k8s.io/utils/ptr"
22+
"sigs.k8s.io/yaml"
2323
)
2424

2525
const (

controllers/container_image/resources_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,10 @@ import (
99

1010
"github.com/stretchr/testify/assert"
1111
"github.com/stretchr/testify/require"
12-
"gopkg.in/yaml.v2"
1312
corev1 "k8s.io/api/core/v1"
1413
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
1514
"k8s.io/utils/ptr"
15+
"sigs.k8s.io/yaml"
1616

1717
"go.mondoo.com/mondoo-operator/api/v1alpha2"
1818
"go.mondoo.com/mql/v13/providers-sdk/v1/inventory"

controllers/k8s_scan/resources.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,12 @@ import (
1616
"go.mondoo.com/mondoo-operator/pkg/utils/k8s"
1717
mondoo "go.mondoo.com/mondoo-operator/pkg/utils/mondoo"
1818
"go.mondoo.com/mql/v13/providers-sdk/v1/inventory"
19-
"gopkg.in/yaml.v2"
2019
batchv1 "k8s.io/api/batch/v1"
2120
corev1 "k8s.io/api/core/v1"
2221
"k8s.io/apimachinery/pkg/api/resource"
2322
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2423
"k8s.io/utils/ptr"
24+
"sigs.k8s.io/yaml"
2525
)
2626

2727
const (

controllers/k8s_scan/resources_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,10 @@ import (
99

1010
"github.com/stretchr/testify/assert"
1111
"github.com/stretchr/testify/require"
12-
"gopkg.in/yaml.v2"
1312
corev1 "k8s.io/api/core/v1"
1413
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
1514
"k8s.io/utils/ptr"
15+
"sigs.k8s.io/yaml"
1616

1717
"go.mondoo.com/mondoo-operator/api/v1alpha2"
1818
"go.mondoo.com/mql/v13/providers-sdk/v1/inventory"

controllers/nodes/deployment_handler.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -439,7 +439,8 @@ func (n *DeploymentHandler) performGarbageCollection(ctx context.Context, manage
439439
// (unlike k8s resource assets which have PlatformRuntime "k8s-cluster").
440440
// Omitting PlatformRuntime so the filter matches node assets.
441441
req := &mondooclient.DeleteAssetsRequest{
442-
ManagedBy: managedBy,
442+
ManagedBy: managedBy,
443+
PlatformRuntime: "k8s-cluster",
443444
DateFilter: &mondooclient.DateFilter{
444445
Timestamp: time.Now().Add(-mondoo.GCOlderThan()).Format(time.RFC3339),
445446
Comparison: mondooclient.Comparison_LESS_THAN,

controllers/nodes/resources_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ import (
1111

1212
"github.com/stretchr/testify/assert"
1313
"github.com/stretchr/testify/require"
14-
"gopkg.in/yaml.v2"
14+
"sigs.k8s.io/yaml"
1515

1616
"go.mondoo.com/mondoo-operator/api/v1alpha2"
1717
"go.mondoo.com/mondoo-operator/pkg/constants"

go.mod

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -247,7 +247,6 @@ require (
247247
gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
248248
google.golang.org/protobuf v1.36.11
249249
gopkg.in/inf.v0 v0.9.1 // indirect
250-
gopkg.in/yaml.v2 v2.4.0
251250
gopkg.in/yaml.v3 v3.0.1 // indirect
252251
k8s.io/klog/v2 v2.140.0 // indirect
253252
k8s.io/kube-openapi v0.0.0-20260304202019-5b3e3fdb0acf // indirect

go.sum

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -796,7 +796,6 @@ gopkg.in/ini.v1 v1.67.1/go.mod h1:x/cyOwCgZqOkJoDIJ3c1KNHMo10+nLGAhh+kn3Zizss=
796796
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
797797
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
798798
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
799-
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
800799
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
801800
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
802801
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

0 commit comments

Comments
 (0)