bug(k8s): scan for k8s v1.31.1 not working

[afdesk]

Description

Trivy kubernetes scan gets stuck in Kubernetes v1.31.* (tested for v1.31.1).

Reason

it seems it appears here kubernetes/kubernetes#126067

the docs - Difference between "Complete" and "SuccessCriteriaMet":

The similar job conditions, Complete and SuccessCriteriaMet, are different in the following ways:

* Complete means that all pods completed and either all of them were successful or the Job already had SuccessCriteriaMet=true.
* SuccessCriteriaMet means that the job meets at least one of successPolicies.

So, the job could have both conditions, Complete and SuccessCriteriaMet.

Solution

To resolve this issue @fl0pp5 suggested next solution:

https://github.com/aquasecurity/trivy-kubernetes/blob/b070991579cacd7634052dee2e250350d6e493e8/pkg/jobs/runnable_job.go#L68
On v1.31.1 condition.Type == batchv1.JobSuccessCriteriaMet but we await batchv1.JobComplete

@@ -65,7 +65,7 @@ func (r *runnableJob) Run(ctx context.Context) error {
                                return
                        }
                        switch condition := newJob.Status.Conditions[0]; condition.Type {
-                       case batchv1.JobComplete:
+                       case batchv1.JobComplete, batchv1.JobSuccessCriteriaMet:
                                complete <- nil
                        case batchv1.JobFailed:

Discussed in #7705

[siennathesane]

I can confirm this also happens in 1.31.1 on k3s but no 1.30.5.

[simar7]

@afdesk I've moved it to the next (v0.58.0) milestone for now as I'm not sure how much work is needed to finish it, what do you think?

[afdesk]

@afdesk I've moved it to the next (v0.58.0) milestone for now as I'm not sure how much work is needed to finish it, what do you think?

The PR was merged yesterday aquasecurity/trivy-kubernetes#403
I'm testing and will create a PR here in a few hours.
Let me please do it. thanks