🧹 fix cloud tests (#1022)

* fix cloud tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix default cnspec tag for cloud tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * allow disabling the resource monitor Signed-off-by: Ivan Milchev <ivan@mondoo.com> * revert timeout increase Signed-off-by: Ivan Milchev <ivan@mondoo.com> * remove sleep for oom node scan test Signed-off-by: Ivan Milchev <ivan@mondoo.com> * try more reliable schedule for jobs Signed-off-by: Ivan Milchev <ivan@mondoo.com> * remove more sleeps Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>
mondoohq · Feb 22, 2024 · 8c08438 · 8c08438
1 parent 1b106cd
commit 8c08438
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 11 deletions.
diff --git a/.github/workflows/cloud-tests.yaml b/.github/workflows/cloud-tests.yaml
@@ -8,7 +8,7 @@ on:
       cnspecImageTag:
         required: true
         type: string
-        default: edge-latest-rootless
+        default: latest-rootless
         description: The image tag to use for the cnspec image
       mondooOperatorImageTag:
         required: true
@@ -35,7 +35,7 @@ on:
 
 env:
   MONDOO_OPERATOR_IMAGE_TAG: ${{ github.event.inputs.mondooOperatorImageTag || 'main' }}
-  CNSPEC_IMAGE_TAG: ${{ github.event.inputs.cnspecImageTag || 'edge-latest-rootless' }}
+  CNSPEC_IMAGE_TAG: ${{ github.event.inputs.cnspecImageTag || 'latest-rootless' }}
 
 jobs:
   aks-integration-test:

diff --git a/controllers/resource_monitor/debouncer/debouncer.go b/controllers/resource_monitor/debouncer/debouncer.go
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"go.mondoo.com/mondoo-operator/controllers/resource_monitor/scan_api_store"
+	"go.mondoo.com/mondoo-operator/pkg/feature_flags"
 	"go.mondoo.com/mondoo-operator/pkg/utils"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
@@ -90,5 +91,9 @@ func (d *debouncer) Start(ctx context.Context, managedBy string) {
 }
 
 func (d *debouncer) Add(res string) {
+	// If the resource monitor is disabled ignore the update
+	if feature_flags.GetDisableResourceMonitor() {
+		return
+	}
 	d.resChan <- res
 }
diff --git a/pkg/feature_flags/feature_flags.go b/pkg/feature_flags/feature_flags.go
@@ -14,6 +14,7 @@ const FeatureFlagPrefix = "FEATURE_"
 
 var (
 	enableAdmissionReviewDiscovery bool
+	disableResourceMonitor         bool
 	allFeatureFlags                = make(map[string]string)
 )
 
@@ -45,12 +46,18 @@ func GetAdmissionReviewDiscovery() bool {
 	return enableAdmissionReviewDiscovery
 }
 
+func GetDisableResourceMonitor() bool {
+	return disableResourceMonitor
+}
+
 func setGlobalFlags(k, v string) {
 	if v != "true" && v != "1" {
 		return
 	}
 	switch k {
 	case "FEATURE_ENABLE_ADMISSION_REVIEW_DISCOVERY":
 		enableAdmissionReviewDiscovery = true
+	case "FEATURE_DISABLE_RESOURCE_MONITOR":
+		disableResourceMonitor = true
 	}
 }
diff --git a/tests/framework/installer/installer.go b/tests/framework/installer/installer.go
@@ -18,8 +18,10 @@ import (
 	"go.mondoo.com/mondoo-operator/pkg/utils/k8s"
 	"go.mondoo.com/mondoo-operator/tests/framework/utils"
 	"go.uber.org/zap"
+	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
 )
 
 const (
@@ -94,6 +96,29 @@ func (i *MondooInstaller) InstallOperator() error {
 		return fmt.Errorf("failed to create mondoo-operator manifest(s): %v ", err)
 	}
 
+	// Disable the resource monitor for the integratio ntests to make sure we don't run scans in parallel
+	err = i.K8sHelper.ExecuteWithRetries(func() (bool, error) {
+		deployment := &appsv1.Deployment{}
+		if err := i.K8sHelper.Clientset.Get(
+			i.ctx,
+			types.NamespacedName{Name: "mondoo-operator-controller-manager", Namespace: i.Settings.Namespace},
+			deployment); err != nil {
+			return false, nil
+		}
+
+		deployment.Spec.Template.Spec.Containers[0].Env = append(deployment.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
+			Name:  "FEATURE_DISABLE_RESOURCE_MONITOR",
+			Value: "1",
+		})
+		if err := i.K8sHelper.Clientset.Update(i.ctx, deployment); err != nil {
+			return false, nil
+		}
+		return true, nil
+	})
+	if err != nil {
+		return fmt.Errorf("failed to disable resource monitor feature flag: %v", err)
+	}
+
 	if err := i.CreateClientSecret(i.Settings.Namespace); err != nil {
 		return err
 	}

diff --git a/tests/framework/utils/audit_config.go b/tests/framework/utils/audit_config.go
@@ -4,7 +4,9 @@
 package utils
 
 import (
+	"fmt"
 	"os"
+	"time"
 
 	mondoov2 "go.mondoo.com/mondoo-operator/api/v1alpha2"
 	"go.mondoo.com/mondoo-operator/pkg/utils/mondoo"
@@ -34,6 +36,9 @@ func init() {
 // This means that using this function in unit tests might result in strange behavior. For unit tests use
 // DefaultAuditConfig instead.
 func DefaultAuditConfigMinimal(ns string, workloads, containers, nodes, admission bool) mondoov2.MondooAuditConfig {
+	now := time.Now()
+	startScan := now.Add(time.Minute).Add(time.Second * 30)
+	schedule := fmt.Sprintf("%d * * * *", startScan.Minute())
 	auditConfig := mondoov2.MondooAuditConfig{
 		ObjectMeta: v1.ObjectMeta{
 			Name:      "mondoo-client",
@@ -43,10 +48,19 @@ func DefaultAuditConfigMinimal(ns string, workloads, containers, nodes, admissio
 			ConsoleIntegration:   mondoov2.ConsoleIntegration{Enable: true},
 			MondooCredsSecretRef: corev1.LocalObjectReference{Name: MondooClientSecret},
 			MondooTokenSecretRef: corev1.LocalObjectReference{Name: MondooTokenSecret},
-			KubernetesResources:  mondoov2.KubernetesResources{Enable: workloads},
-			Containers:           mondoov2.Containers{Enable: containers},
-			Nodes:                mondoov2.Nodes{Enable: nodes},
-			Admission:            mondoov2.Admission{Enable: admission},
+			KubernetesResources: mondoov2.KubernetesResources{
+				Enable:   workloads,
+				Schedule: schedule,
+			},
+			Containers: mondoov2.Containers{
+				Enable:   containers,
+				Schedule: schedule,
+			},
+			Nodes: mondoov2.Nodes{
+				Enable:   nodes,
+				Schedule: schedule,
+			},
+			Admission: mondoov2.Admission{Enable: admission},
 		},
 	}
 

diff --git a/tests/integration/audit_config_base_suite.go b/tests/integration/audit_config_base_suite.go
@@ -550,8 +550,6 @@ func (s *AuditConfigBaseSuite) testOOMScanAPI(auditConfig mondoov2.MondooAuditCo
 
 	s.Require().True(s.testCluster.K8sHelper.WaitUntilMondooClientSecretExists(s.ctx, s.auditConfig.Namespace), "Mondoo SA not created")
 
-	time.Sleep(10 * time.Second)
-
 	// This will take some time, because:
 	// reconcile needs to happen
 	err := s.testCluster.K8sHelper.CheckForDegradedCondition(&auditConfig, mondoov2.ScanAPIDegraded, corev1.ConditionTrue)
@@ -637,9 +635,6 @@ func (s *AuditConfigBaseSuite) testOOMNodeScan(auditConfig mondoov2.MondooAuditC
 		"The amount of node scanning CronJobs is not equal to the amount of cluster nodes. expected: %d; actual: %d",
 		len(nodeList.Items), len(cronJobs.Items))
 
-	// Wait some time for the CronJob to trigger
-	time.Sleep(50 * time.Second)
-
 	// This will take some time, because:
 	// reconcile needs to happen
 	// a new replicaset should be created