⭐ k8s: filter discovery by label selectors#8448
Conversation
|
All contributors have signed the CLA ✍️ ✅ |
|
I have read the Mondoo CLA Document and I hereby sign the CLA |
96ab1d6 to
13e9f8c
Compare
|
/review |
|
recheck |
871c79e to
364b4a7
Compare
364b4a7 to
a043e43
Compare
a043e43 to
76d641b
Compare
76d641b to
565052d
Compare
| func admissionRequestObjectDict(aRequest *admissionv1.AdmissionRequest) (map[string]any, error) { | ||
| if aRequest == nil { | ||
| return nil, errors.New("admission review request is nil") | ||
| } | ||
| if len(aRequest.Object.Raw) == 0 { | ||
| return nil, errors.New("admission review request object is empty") | ||
| } | ||
| obj, err := resources.ResourcesFromManifest(bytes.NewReader(aRequest.Object.Raw)) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| if len(obj) == 0 { | ||
| return nil, errors.New("admission review request object did not contain any resources") | ||
| } | ||
| return convert.JsonToDict(obj[0]) | ||
| } |
There was a problem hiding this comment.
🟡 warning — admissionRequestObjectDict is defined here but never called from production code — only from TestAdmissionRequestObjectDictRejectsMalformedRequestObject in the test file. If it's intended for future use, consider deferring it until it has a caller; otherwise remove it to avoid dead code. The validation logic it duplicates already exists inline in assetFromAdmissionReview.
| Long: "namespace-label-selector", | ||
| Type: plugin.FlagType_String, | ||
| Default: "", | ||
| Desc: "Only include Kubernetes namespaces matching the label selector", |
There was a problem hiding this comment.
this is also discovering all the objects under the selected namespace. I think it's worth mentioning it explicitly in the docs.
imilchev
left a comment
There was a problem hiding this comment.
Overall, looks good. Added 1 small comment + your PR needs a rebase. Once these are resolved, we can merge it
Summary
Review fixes
Tests
git diff --checkcd providers/k8s && go test ./resources -run 'TestAssetFromAdmissionReview|TestLabelSelectorFilters'cd providers/k8s && go test ./provider ./resourcesgo test ./provider ./resources -count=1go test ./... -count=1git -c core.fsmonitor=false diff --check