feat: exclude node by label (#168)

* feat: exclude node by label

Signed-off-by: chenk <[email protected]>

* feat: exclude node by label

Signed-off-by: chenk <[email protected]>

---------

Signed-off-by: chenk <[email protected]>

pkg/trivyk8s/trivyk8s.go

@@ -292,6 +292,9 @@ func isNodeStatusUnknown(resource unstructured.Unstructured) bool {
 }
 
 func ignoreNodeByLabel(resource *artifacts.Artifact, ignoreLabels map[string]string) bool {
+	if len(ignoreLabels) == 0 {
+		return false
+	}
 	var matchingLabels int
 	for key, val := range ignoreLabels {
 		if lVal, ok := resource.Labels[key]; ok && lVal == val {

pkg/trivyk8s/trivyk8s_test.go

@@ -0,0 +1,43 @@
+package trivyk8s
+
+import (
+	"testing"
+
+	"github.com/aquasecurity/trivy-kubernetes/pkg/artifacts"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIgnoreNodeByLabel(t *testing.T) {
+	tests := []struct {
+		name          string
+		ignoredLabels map[string]string
+		artifact      *artifacts.Artifact
+		want          bool
+	}{
+		{
+			name:          "no ignore labels",
+			ignoredLabels: map[string]string{},
+			artifact:      &artifacts.Artifact{Labels: map[string]string{"a": "b"}},
+			want:          false,
+		},
+		{
+			name:          "matching ignore labels",
+			ignoredLabels: map[string]string{"a": "b"},
+			artifact:      &artifacts.Artifact{Labels: map[string]string{"a": "b"}},
+			want:          true,
+		},
+		{
+			name:          "non matching ignore labels",
+			ignoredLabels: map[string]string{"a": "b", "c": "d"},
+			artifact:      &artifacts.Artifact{Labels: map[string]string{"a": "b"}},
+			want:          false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := ignoreNodeByLabel(tt.artifact, tt.ignoredLabels)
+			assert.Equal(t, got, tt.want)
+		})
+	}
+}