test: discrepancies between owner spec and child statuses

metadataExtractor.buildImageMetadata accepts a workload's metadata and a list of container statuses, belonging to containers in a pod running said images.
this function attempts to build image metadata based on the owner's spec (for example a deployment), which contains the data about "what should be", as well as the container statuses for that pod, which contain data about "what actually is".

some discrepancies may occur between "what should be" and "what actually is".
an example we've stumbled upon happens when sidecar containers are injected (through an admission controller), causing the deployment's spec to contain a single container, but the statuses to include the injected containers.

this results in an error in buildImageMetadata that relies every container that appears in the statuses list to also appear in the spec.

this test proves the bug exists.

Author: Shesekino

test/fixtures/sidecar-containers/deployment.yaml

@@ -0,0 +1,95 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  annotations:
+    deployment.kubernetes.io/revision: "1"
+    flux.weave.works/antecedent: security-tools:helmrelease/hello-world
+  creationTimestamp: "2019-11-25T13:23:51Z"
+  generation: 2
+  labels:
+    app: hello-world
+  name: hello-world
+  namespace: security-tools
+  resourceVersion: "55787967"
+  selfLink: /apis/extensions/v1beta1/namespaces/security-tools/deployments/hello-world
+  uid: d2006330-0f86-11ea-ae05-4201c0a88014
+spec:
+  progressDeadlineSeconds: 2147483647
+  replicas: 1
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app: hello-world
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        json_logs: "true"
+        prometheus.io/scrape: "false"
+      creationTimestamp: null
+      labels:
+        app: hello-world
+    spec:
+      containers:
+      - image: eu.gcr.io/cookie/hello-world:1.20191125.132107-4664980
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /hello
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          successThreshold: 1
+          timeoutSeconds: 5
+        name: hello-world
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /hello
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          successThreshold: 1
+          timeoutSeconds: 5
+        resources:
+          limits:
+            cpu: "2"
+            memory: 512Mi
+          requests:
+            cpu: "1"
+            memory: 128Mi
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext:
+        fsGroup: 40500
+        runAsUser: 40500
+      serviceAccount: hello-world
+      serviceAccountName: hello-world
+      terminationGracePeriodSeconds: 30
+status:
+  availableReplicas: 1
+  conditions:
+  - lastTransitionTime: "2019-11-25T13:23:51Z"
+    lastUpdateTime: "2019-11-25T13:23:51Z"
+    message: Deployment has minimum availability.
+    reason: MinimumReplicasAvailable
+    status: "True"
+    type: Available
+  observedGeneration: 2
+  readyReplicas: 1
+  replicas: 1
+  updatedReplicas: 1