Merged
Conversation
Contributor
Test Results 5 files ± 0 42 suites ±0 37m 21s ⏱️ + 2m 11s Results for commit 294d5ee. ± Comparison against base commit a00fa19. This pull request removes 2 and adds 23 tests. Note that renamed tests count towards both.♻️ This comment has been updated with latest results. |
chris-rock
force-pushed
the
chris-rock/resource-watcher
branch
3 times, most recently
from
ba19c8e to
0352cb0
Compare
This makes sure we properly identifies scanned resources as live K8s cluster resources.
Instead of scanning all resources of changed types, now scans only the specific resources that changed using cnspec's k8s-resources filter. - Added K8sResourceIdentifier to track type, namespace, and name - Updated debouncer to collect full resource identifiers - Scanner generates inventory with k8s-resources option for targeted scanning - More efficient: scans only changed resources, not all of a type Fixes #1366
Use explicit mapping between plural and singular resource type names instead of naive string manipulation. This fixes scanning for ingresses (ingresses → ingress, not ingresse) and other irregular plurals. - Add resourceTypePluralization map and ToSingular() function - Store plural form in K8sResourceIdentifier.Type - Convert to singular only in String() for cnspec k8s-resources filter - Add tests for pluralization logic Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…consistency Avoid emitting empty namespace/namespaces-exclude in inventory options, return unknown resource types as-is instead of naively stripping trailing 's', and fix plural key format in debouncer test. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When ClusterUID is not provided, ManagedBy was set to "mondoo-operator-" (with trailing hyphen). Now defaults to "mondoo-operator" and only appends the hyphen and UID when present. Also extracts IIFEs into plain variables for readability. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Make ToSingular a pure function by removing the watcherLogger call.
Also apply Go modernize lints: use slices.Contains for namespace
filtering and replace interface{} with any.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
These shared types were defined in scanner.go but used across debouncer.go, watcher.go, and their tests. Moving them to a dedicated types.go improves discoverability. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously, failures to fetch the cluster UID or integration MRN would abort the entire deployment sync. These are optional metadata for asset labeling and should not block the resource watcher from being deployed, e.g. in RBAC-restricted environments. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove unused `scheme` field from ResourceWatcher and `gvk` from resourceEventHandler (leftover from YAML serialization approach) - Move lastScanTime update to after scan completion so the rate limit interval is measured between scan completions, not scan starts - Sort discovery targets for deterministic inventory YAML output Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
chris-rock
force-pushed
the
chris-rock/resource-watcher
branch
from
0352cb0 to
b1ac12c
Compare
…notations The rebase conflict resolution missed updating this test call to include the new integrationMRN and clusterUID parameters. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add TestReconcile_ResourceWatcher to verify the resource watcher detects K8s resource changes and scans them via cnspec. The test enables the resource watcher with short debounce/scan intervals, waits for the deployment to become ready, creates a test deployment to trigger a scan, and polls until assets appear upstream and are scored. Also fix the resource watcher deployment to use MondooOperatorImage instead of CnspecImage, since the deployment runs /mondoo-operator (not cnspec). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This makes sure we properly identifies scanned resources as live K8s cluster resources. It scans only the
specific resources that changed using cnspec's k8s-resources filter.
Fixes #1366