⭐️ add annotations support for scanned assets#1379
Conversation
|
Also fixes #465 |
99bf72f to
072c03e
Compare
Add the ability to define custom annotations in MondooAuditConfig that get attached to all scanned assets. This allows users to tag their assets with key-value pairs for better searchability and filtering in the Mondoo Console. The annotations are passed to cnspec via: - Inventory file annotations for K8s resources, nodes, and container scans - Command-line --annotation flags for the resource watcher Closes #955 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sort annotation map keys before building CLI args to prevent spurious Kubernetes Deployment updates caused by Go's randomized map iteration. Add tests for annotation propagation across all scan controllers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Extract duplicated annotation CLI arg building into pkg/annotations.AnnotationArgs() - Add annotations.Validate() to reject empty keys, keys containing '=', and empty values - Call validation in the reconciler and resource-watcher CLI entrypoint - Strengthen test assertions to unmarshal inventory YAML and check asset annotations directly Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ions Instead of returning an error (which causes infinite requeue with backoff), set MondooOperatorDegraded condition so users can see the problem via kubectl describe. The condition is cleared when annotations become valid. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Future improvement: annotation validation should not skip full reconciliationWhen annotations fail validation, the controller currently does A future improvement would be to continue reconciliation with |
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
04a3430 to
675d6b0
Compare
|
|
||
| // AnnotationArgs converts a map of annotations into sorted CLI arguments | ||
| // suitable for passing to cnspec via --annotation key=value flags. | ||
| func AnnotationArgs(annotations map[string]string) []string { |
There was a problem hiding this comment.
In the future we may want to switch to inventory files for every scan job. That would make it more straight forward to support additional features.
Summary
annotationsfield toMondooAuditConfigSpecto allow users to define custom key-value pairsUsage Example
Implementation
Annotations are passed to cnspec via:
Asset.AddAnnotations())--annotation key=value)Test plan
make lintpassesmake testpassesCloses #955
🤖 Generated with Claude Code