@@ -16,6 +16,7 @@ import (
1616
1717 "go.mondoo.com/mondoo-operator/api/v1alpha2"
1818 "go.mondoo.com/mondoo-operator/pkg/client/mondooclient"
19+ mondooutils "go.mondoo.com/mondoo-operator/pkg/utils/mondoo"
1920 "go.mondoo.com/mondoo-operator/pkg/version"
2021 "go.mondoo.com/mondoo-operator/tests/framework/utils"
2122)
@@ -196,6 +197,72 @@ func TestReportStatusRequestFromAuditConfig_AllError(t *testing.T) {
196197 assert .ElementsMatch (t , messages , reportStatus .Messages .Messages )
197198}
198199
200+ type mockContainerImageResolver struct {
201+ cnspecSkipValues []bool
202+ operatorSkipValues []bool
203+ }
204+
205+ func (m * mockContainerImageResolver ) CnspecImage (_ , _ , _ string , skipImageResolution bool ) (string , error ) {
206+ m .cnspecSkipValues = append (m .cnspecSkipValues , skipImageResolution )
207+ if skipImageResolution {
208+ return "ghcr.io/mondoohq/mondoo-operator/cnspec:11-rootless" , nil
209+ }
210+ return "ghcr.io/mondoohq/mondoo-operator/cnspec@sha256:abc123" , nil
211+ }
212+
213+ func (m * mockContainerImageResolver ) MondooOperatorImage (_ context.Context , _ , _ , _ string , skipImageResolution bool ) (string , error ) {
214+ m .operatorSkipValues = append (m .operatorSkipValues , skipImageResolution )
215+ if skipImageResolution {
216+ return "ghcr.io/mondoohq/mondoo-operator:latest" , nil
217+ }
218+ return "ghcr.io/mondoohq/mondoo-operator@sha256:def456" , nil
219+ }
220+
221+ func (m * mockContainerImageResolver ) WithImageRegistry (_ string ) mondooutils.ContainerImageResolver {
222+ return m
223+ }
224+
225+ func (m * mockContainerImageResolver ) WithRegistryMirrors (_ map [string ]string ) mondooutils.ContainerImageResolver {
226+ return m
227+ }
228+
229+ func (m * mockContainerImageResolver ) WithImagePullSecrets (_ []v1.LocalObjectReference ) mondooutils.ContainerImageResolver {
230+ return m
231+ }
232+
233+ func TestReportStatusRequestFromAuditConfig_SkipContainerResolution (t * testing.T ) {
234+ logger := logr.Logger {}
235+ integrationMrn := utils .RandString (10 )
236+ nodes := []v1.Node {{ObjectMeta : metav1.ObjectMeta {Name : "node1" }}}
237+ v := & k8sversion.Info {GitVersion : "v1.24.0" }
238+ m := testMondooAuditConfig ()
239+
240+ t .Run ("skipContainerResolution=false resolves digests" , func (t * testing.T ) {
241+ resolver := & mockContainerImageResolver {}
242+ reportStatus := ReportStatusRequestFromAuditConfig (context .Background (), integrationMrn , m , nodes , v , resolver , false , logger )
243+
244+ state := reportStatus .LastState .(OperatorCustomState )
245+ assert .Equal (t , "sha256:abc123" , state .CnspecImageDigest )
246+ assert .Equal (t , "sha256:def456" , state .OperatorImageDigest )
247+ // CnspecImage called twice: once for digest, once for tag (always skip=true)
248+ assert .Equal (t , []bool {false , true }, resolver .cnspecSkipValues )
249+ assert .Equal (t , []bool {false }, resolver .operatorSkipValues )
250+ })
251+
252+ t .Run ("skipContainerResolution=true skips digest resolution" , func (t * testing.T ) {
253+ resolver := & mockContainerImageResolver {}
254+ reportStatus := ReportStatusRequestFromAuditConfig (context .Background (), integrationMrn , m , nodes , v , resolver , true , logger )
255+
256+ state := reportStatus .LastState .(OperatorCustomState )
257+ assert .Empty (t , state .CnspecImageDigest )
258+ assert .Empty (t , state .OperatorImageDigest )
259+ assert .Equal (t , "11-rootless" , state .CnspecVersion )
260+ // Both calls should pass skipImageResolution=true
261+ assert .Equal (t , []bool {true , true }, resolver .cnspecSkipValues )
262+ assert .Equal (t , []bool {true }, resolver .operatorSkipValues )
263+ })
264+ }
265+
199266func testMondooAuditConfig () v1alpha2.MondooAuditConfig {
200267 return v1alpha2.MondooAuditConfig {
201268 ObjectMeta : metav1.ObjectMeta {
0 commit comments