Invalid JSON mapping for KubernetesProtection.ClusterEnrichment() / K8sassetsClusterEnrichmentResponse #610
Description
The ClusterEnrichmentOK struct returned from client.KubernetesProtection.ClusterEnrichment(...) has K8sassetsClusterEnrichmentResponse as its payload, which expects data to be present in the JSON in a key EnrichmentData:
type K8sassetsClusterEnrichmentResponse struct {
// enrichment data
// Required: true
EnrichmentData []*K8sassetsClusterEnrichmentEntry `json:"EnrichmentData"`
// errors
Errors []*MsaAPIError `json:"errors"`
// meta
// Required: true
Meta *MsaMetaInfo `json:"meta"`
}
However the /container-security/aggregates/enrichment/clusters/entities/v1 API called by client.KubernetesProtection.ClusterEnrichment(...) actually returns data under a key resources, which can be seen by enabling debug logging or by calling the API manually:
GET /container-security/aggregates/enrichment/clusters/entities/v1?cluster_id=REDACTED HTTP/1.1
Host: api.us-2.crowdstrike.com
User-Agent: Go-http-client/1.1
Accept: application/json
Accept-Encoding: gzip
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: application/json
Date: Tue, 24 Feb 2026 01:35:18 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Cs-Region: us-2
X-Cs-Traceid: REDACTED
X-Ratelimit-Limit: 6000
X-Ratelimit-Remaining: 5998
{
"meta": {
"query_time": 0.210201402,
"powered_by": "cs.cwppcontainersecurityapi",
"trace_id": "REDACTED"
},
"resources": [
{
"cluster_id": "REDACTED",
"enrichment_data": {
"container_count": 27,
"pod_count": 13,
"node_count": 2,
"image_count": 9
}
}
],
"errors": []
}
This JSON field mismatch means response.Payload.EnrichmentData is always empty.
The error also appears to be in the original API definition, as the example on https://assets.falcon.us-2.crowdstrike.com/support/api/swagger-us2.html also lists a field EnrichmentData that is not present in the real response