Skip to content

feat: report audit config scan status #1515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MaxRink wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: report audit config scan status #1515

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
972598b
feat: report audit config scan status
MaxRink Jun 19, 2026
4f3eab5
ci: isolate link-check configuration
MaxRink Jun 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/actions/link-check/config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{
"aliveStatusCodes": [429, 200, 406]
}
"aliveStatusCodes": [200, 406, 429]
}
59 changes: 59 additions & 0 deletions api/v1alpha2/mondooauditconfig_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -518,6 +518,10 @@ type MondooAuditConfigStatus struct {
// Conditions includes detailed status for the MondooAuditConfig
Conditions []MondooAuditConfigCondition `json:"conditions,omitempty"`

// Scans includes the observed status of scan workloads managed by this MondooAuditConfig.
// +optional
Scans []MondooAuditConfigScanStatus `json:"scans,omitempty"`

// ReconciledByOperatorVersion contains the version of the operator which reconciled this MondooAuditConfig
ReconciledByOperatorVersion string `json:"reconciledByOperatorVersion,omitempty"`

Expand Down Expand Up @@ -555,6 +559,61 @@ type MondooAuditConfigCondition struct {
MemoryLimit string `json:"memoryLimit,omitempty"`
}

// MondooAuditConfigScanType identifies a scan workload managed by a MondooAuditConfig.
type MondooAuditConfigScanType string

const (
MondooAuditConfigScanTypeKubernetesResources MondooAuditConfigScanType = "KubernetesResources"
MondooAuditConfigScanTypeExternalKubernetesResources MondooAuditConfigScanType = "ExternalKubernetesResources"
MondooAuditConfigScanTypeContainerImages MondooAuditConfigScanType = "ContainerImages"
MondooAuditConfigScanTypeNodes MondooAuditConfigScanType = "Nodes"
)

// MondooAuditConfigScanPhase describes the latest observed state of a scan workload.
type MondooAuditConfigScanPhase string

const (
MondooAuditConfigScanPhaseDisabled MondooAuditConfigScanPhase = "Disabled"
MondooAuditConfigScanPhasePending MondooAuditConfigScanPhase = "Pending"
MondooAuditConfigScanPhaseRunning MondooAuditConfigScanPhase = "Running"
MondooAuditConfigScanPhaseSucceeded MondooAuditConfigScanPhase = "Succeeded"
MondooAuditConfigScanPhaseFailed MondooAuditConfigScanPhase = "Failed"
)

// MondooAuditConfigScanStatus reports last-run details for a scan workload.
type MondooAuditConfigScanStatus struct {
// Type identifies the scan workload.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=KubernetesResources;ExternalKubernetesResources;ContainerImages;Nodes
// +required
Type MondooAuditConfigScanType `json:"type"`
// Target identifies the scanned target, for example "local", an external cluster name, or a node name.
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
// +required
Target string `json:"target"`
// Phase is the latest observed scan phase.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=Disabled;Pending;Running;Succeeded;Failed
// +required
Phase MondooAuditConfigScanPhase `json:"phase"`
// CronJob is the Kubernetes CronJob backing this scan, if applicable.
// +optional
CronJob string `json:"cronJob,omitempty"`
// ActiveJobs lists currently active Jobs for this scan.
// +optional
ActiveJobs []string `json:"activeJobs,omitempty"`
// LastScheduleTime is the last time Kubernetes scheduled this scan.
// +optional
LastScheduleTime *metav1.Time `json:"lastScheduleTime,omitempty"`
// LastSuccessfulTime is the last time Kubernetes observed this scan complete successfully.
// +optional
LastSuccessfulTime *metav1.Time `json:"lastSuccessfulTime,omitempty"`
// Message explains the current phase in human-readable form.
// +optional
Message string `json:"message,omitempty"`
}

// MondooOperatorConfigConditionType is a valid value for MondooOperatorConfig.Status.Condition[].Type
type MondooAuditConfigConditionType string

Expand Down
35 changes: 35 additions & 0 deletions api/v1alpha2/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

59 changes: 59 additions & 0 deletions charts/mondoo-operator/crds/k8s.mondoo.com_mondooauditconfigs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1533,6 +1533,65 @@ spec:
description: ReconciledByOperatorVersion contains the version of the
operator which reconciled this MondooAuditConfig
type: string
scans:
description: Scans includes the observed status of scan workloads
managed by this MondooAuditConfig.
items:
description: MondooAuditConfigScanStatus reports last-run details
for a scan workload.
properties:
activeJobs:
description: ActiveJobs lists currently active Jobs for this
scan.
items:
type: string
type: array
cronJob:
description: CronJob is the Kubernetes CronJob backing this
scan, if applicable.
type: string
lastScheduleTime:
description: LastScheduleTime is the last time Kubernetes scheduled
this scan.
format: date-time
type: string
lastSuccessfulTime:
description: LastSuccessfulTime is the last time Kubernetes
observed this scan complete successfully.
format: date-time
type: string
message:
description: Message explains the current phase in human-readable
form.
type: string
phase:
description: Phase is the latest observed scan phase.
enum:
- Disabled
- Pending
- Running
- Succeeded
- Failed
type: string
target:
description: Target identifies the scanned target, for example
"local", an external cluster name, or a node name.
minLength: 1
type: string
type:
description: Type identifies the scan workload.
enum:
- KubernetesResources
- ExternalKubernetesResources
- ContainerImages
- Nodes
type: string
required:
- phase
- target
- type
type: object
type: array
type: object
type: object
served: true
Expand Down
101 changes: 101 additions & 0 deletions charts/mondoo-operator/files/crds/k8s.mondoo.com_mondooauditconfigs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,13 @@ spec:
clusterName:
description: ClusterName is the AKS cluster name.
type: string
endpoint:
description: |-
Endpoint optionally overrides the Kubernetes API server endpoint URL.
When set, the init container uses this URL instead of the auto-discovered endpoint.
Must start with "https://".
pattern: ^https://
type: string
loginServer:
description: |-
LoginServer is the ACR login server URL (e.g., "myregistry.azurecr.io").
Expand Down Expand Up @@ -370,6 +377,13 @@ spec:
clusterName:
description: ClusterName is the EKS cluster name.
type: string
endpoint:
description: |-
Endpoint optionally overrides the Kubernetes API server endpoint URL.
When set, the init container uses this URL instead of the auto-discovered endpoint.
Must start with "https://".
pattern: ^https://
type: string
region:
description: Region is the AWS region.
type: string
Expand All @@ -395,6 +409,13 @@ spec:
clusterName:
description: ClusterName is the GKE cluster name.
type: string
endpoint:
description: |-
Endpoint optionally overrides the Kubernetes API server endpoint URL.
When set, the init container uses this URL instead of the auto-discovered endpoint.
Must start with "https://".
pattern: ^https://
type: string
googleServiceAccount:
description: |-
GoogleServiceAccount is the Google service account to impersonate.
Expand Down Expand Up @@ -708,6 +729,13 @@ spec:
clusterName:
description: ClusterName is the AKS cluster name.
type: string
endpoint:
description: |-
Endpoint optionally overrides the Kubernetes API server endpoint URL.
When set, the init container uses this URL instead of the auto-discovered endpoint.
Must start with "https://".
pattern: ^https://
type: string
loginServer:
description: |-
LoginServer is the ACR login server URL (e.g., "myregistry.azurecr.io").
Expand Down Expand Up @@ -737,6 +765,13 @@ spec:
clusterName:
description: ClusterName is the EKS cluster name.
type: string
endpoint:
description: |-
Endpoint optionally overrides the Kubernetes API server endpoint URL.
When set, the init container uses this URL instead of the auto-discovered endpoint.
Must start with "https://".
pattern: ^https://
type: string
region:
description: Region is the AWS region.
type: string
Expand All @@ -762,6 +797,13 @@ spec:
clusterName:
description: ClusterName is the GKE cluster name.
type: string
endpoint:
description: |-
Endpoint optionally overrides the Kubernetes API server endpoint URL.
When set, the init container uses this URL instead of the auto-discovered endpoint.
Must start with "https://".
pattern: ^https://
type: string
googleServiceAccount:
description: |-
GoogleServiceAccount is the Google service account to impersonate.
Expand Down Expand Up @@ -1491,6 +1533,65 @@ spec:
description: ReconciledByOperatorVersion contains the version of the
operator which reconciled this MondooAuditConfig
type: string
scans:
description: Scans includes the observed status of scan workloads
managed by this MondooAuditConfig.
items:
description: MondooAuditConfigScanStatus reports last-run details
for a scan workload.
properties:
activeJobs:
description: ActiveJobs lists currently active Jobs for this
scan.
items:
type: string
type: array
cronJob:
description: CronJob is the Kubernetes CronJob backing this
scan, if applicable.
type: string
lastScheduleTime:
description: LastScheduleTime is the last time Kubernetes scheduled
this scan.
format: date-time
type: string
lastSuccessfulTime:
description: LastSuccessfulTime is the last time Kubernetes
observed this scan complete successfully.
format: date-time
type: string
message:
description: Message explains the current phase in human-readable
form.
type: string
phase:
description: Phase is the latest observed scan phase.
enum:
- Disabled
- Pending
- Running
- Succeeded
- Failed
type: string
target:
description: Target identifies the scanned target, for example
"local", an external cluster name, or a node name.
minLength: 1
type: string
type:
description: Type identifies the scan workload.
enum:
- KubernetesResources
- ExternalKubernetesResources
- ContainerImages
- Nodes
type: string
required:
- phase
- target
- type
type: object
type: array
type: object
type: object
served: true
Expand Down
Loading
Loading