From 6ba9b09a239a3b81e61b6b256b13b56cdfd70612 Mon Sep 17 00:00:00 2001
From: Christian Zunker <christian@mondoo.com>
Date: Thu, 26 Oct 2023 09:44:34 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Use=20defined=20scanner=20image?=
 =?UTF-8?q?=20also=20for=20container=20scan?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When the `MondooAuditConfig` defiens a custom image, also use it for the container scan `CronJob`.

Fixes #887

Signed-off-by: Christian Zunker <christian@mondoo.com>
---
 .../container_image/deployment_handler.go     |  2 +-
 .../deployment_handler_test.go                | 33 +++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/controllers/container_image/deployment_handler.go b/controllers/container_image/deployment_handler.go
index dc26d8145..d0f219d89 100644
--- a/controllers/container_image/deployment_handler.go
+++ b/controllers/container_image/deployment_handler.go
@@ -52,7 +52,7 @@ func (n *DeploymentHandler) Reconcile(ctx context.Context) (ctrl.Result, error)
 
 func (n *DeploymentHandler) syncCronJob(ctx context.Context) error {
 	mondooClientImage, err := n.ContainerImageResolver.CnspecImage(
-		"", "", n.MondooOperatorConfig.Spec.SkipContainerResolution)
+		n.Mondoo.Spec.Scanner.Image.Name, n.Mondoo.Spec.Scanner.Image.Tag, n.MondooOperatorConfig.Spec.SkipContainerResolution)
 	if err != nil {
 		logger.Error(err, "Failed to resolve mondoo-client container image")
 		return err
diff --git a/controllers/container_image/deployment_handler_test.go b/controllers/container_image/deployment_handler_test.go
index 9ae364266..79a80d7eb 100644
--- a/controllers/container_image/deployment_handler_test.go
+++ b/controllers/container_image/deployment_handler_test.go
@@ -82,6 +82,39 @@ func (s *DeploymentHandlerSuite) TestReconcile_Create() {
 	s.Equal(expected, created)
 }
 
+func (s *DeploymentHandlerSuite) TestReconcile_CreateWithCustomImage() {
+	d := s.createDeploymentHandler()
+
+	s.auditConfig.Spec.Scanner.Image.Name = "ubuntu"
+	s.auditConfig.Spec.Scanner.Image.Tag = "22.04"
+
+	result, err := d.Reconcile(s.ctx)
+	s.NoError(err)
+	s.True(result.IsZero())
+
+	nodes := &corev1.NodeList{}
+	s.NoError(d.KubeClient.List(s.ctx, nodes))
+
+	image, err := s.containerImageResolver.CnspecImage("ubuntu", "22.04", false)
+	s.NoError(err)
+
+	expected := CronJob(image, "", test.KubeSystemNamespaceUid, "", s.auditConfig, mondoov1alpha2.MondooOperatorConfig{})
+	s.NoError(ctrl.SetControllerReference(&s.auditConfig, expected, d.KubeClient.Scheme()))
+
+	// Set some fields that the kube client sets
+	gvk, err := apiutil.GVKForObject(expected, d.KubeClient.Scheme())
+	s.NoError(err)
+	expected.SetGroupVersionKind(gvk)
+	expected.ResourceVersion = "1"
+
+	created := &batchv1.CronJob{}
+	created.Name = expected.Name
+	created.Namespace = expected.Namespace
+	s.NoError(d.KubeClient.Get(s.ctx, client.ObjectKeyFromObject(created), created))
+
+	s.Equal(expected, created)
+}
+
 func (s *DeploymentHandlerSuite) TestReconcile_Create_PrivateRegistriesSecret() {
 	d := s.createDeploymentHandler()