diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index a2d79607..d19ac6d0 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -74,6 +74,24 @@ jobs: DOCKER_USER: ${{ secrets.ANCHORECI_DOCKER_USER }} DOCKER_PASS: ${{ secrets.ANCHORECI_DOCKER_PASS }} + - name: Check if anchore-engine endpoint is required for admission controller chart + id: engine_required + run: | + if [[ -n $(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep 'anchore-admission-controller') ]]; then + echo "File in the 'stable/anchore-admission-controller' directory was changed. We need an engine deployment" + echo "::set-output name=changed::true" + else + echo "No files in 'stable/anchore-admission-controller' directory were changed. Skipping engine deployment" + echo "::set-output name=changed::false" + fi + shell: bash + + - name: Deploy Engine + if: steps.engine_required.outputs.changed == 'true' + run: | + helm install engine anchore/anchore-engine --namespace anchore --wait + kubectl --namespace anchore get pods + - name: Run chart-testing if: steps.list-changed.outputs.CHANGED == 'true' run: ct install --config ct-config.yaml diff --git a/scripts/enterprise-value-converter/helpers.py b/scripts/enterprise-value-converter/helpers.py index 5acd1e9b..3175cb72 100644 --- a/scripts/enterprise-value-converter/helpers.py +++ b/scripts/enterprise-value-converter/helpers.py @@ -131,21 +131,22 @@ def replace_keys_with_mappings(dot_string_dict, results_dir): write_to_file(f"{dotstring_key}: no longer used\n", os.path.join(logs_dir, log_file_name), "a") continue - # serviceName.annotations - if len(keys) > 1 and keys[1] in ['annotations', 'labels', 'nodeSelector', 'affinity', 'deploymentAnnotations']: - if val != {}: - val = { - '.'.join(keys[2:]): val - } - keys = keys[:2] # serviceName.service.annotations - elif len(keys) > 2 and keys[2] in ['annotations', 'labels']: + if len(keys) > 2 and keys[2] in ['annotations', 'labels']: if val != {}: val = { '.'.join(keys[3:]): val } keys = keys[:3] + # serviceName.annotations + elif len(keys) > 1 and keys[1] in ['annotations', 'labels', 'nodeSelector', 'deploymentAnnotations']: + if val != {}: + val = { + '.'.join(keys[2:]): val + } + keys = keys[:2] + update_result = False errored = True diff --git a/scripts/enterprise-value-converter/tests/test_anchoreCatalog_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreCatalog_value_mapping.py index a04a571b..a295b8b5 100644 --- a/scripts/enterprise-value-converter/tests/test_anchoreCatalog_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreCatalog_value_mapping.py @@ -217,15 +217,13 @@ def test_anchoreCatalog_tolerations_value(self): def test_anchoreCatalog_affinity_value(self): dot_string_dict = { "anchoreCatalog.affinity.name": "foo", - "anchoreCatalog.affinity.value": "bar", - "anchoreCatalog.affinity.anotherLabel.with.a.dot": "baz" + "anchoreCatalog.affinity.value": "bar" } expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, 'catalog': { 'affinity':{ 'name': 'foo', - 'value': 'bar', - 'anotherLabel.with.a.dot': 'baz' + 'value': 'bar' } } } diff --git a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseEngineUpgradeJob_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseEngineUpgradeJob_value_mapping.py index cd71e864..80a0fb01 100644 --- a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseEngineUpgradeJob_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseEngineUpgradeJob_value_mapping.py @@ -133,15 +133,13 @@ def test_anchoreEnterpriseEngineUpgradeJob_tolerations_value(self): def test_anchoreEnterpriseEngineUpgradeJob_affinity_value(self): dot_string_dict = { "anchoreEnterpriseEngineUpgradeJob.affinity.name": "foo", - "anchoreEnterpriseEngineUpgradeJob.affinity.value": "bar", - "anchoreEnterpriseEngineUpgradeJob.affinity.anotherLabel.with.a.dot": "baz" + "anchoreEnterpriseEngineUpgradeJob.affinity.value": "bar" } expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, 'upgradeJob': { 'affinity':{ 'name': 'foo', - 'value': 'bar', - 'anotherLabel.with.a.dot': 'baz' + 'value': 'bar' } } } diff --git a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeedsUpgradeJob_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeedsUpgradeJob_value_mapping.py index 988f1fef..14c830f8 100644 --- a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeedsUpgradeJob_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeedsUpgradeJob_value_mapping.py @@ -144,16 +144,14 @@ def test_anchoreEnterpriseFeedsUpgradeJob_tolerations_value(self): def test_anchoreEnterpriseFeedsUpgradeJob_affinity_value(self): dot_string_dict = { "anchoreEnterpriseFeedsUpgradeJob.affinity.name": "foo", - "anchoreEnterpriseFeedsUpgradeJob.affinity.value": "bar", - "anchoreEnterpriseFeedsUpgradeJob.affinity.anotherLabel.with.a.dot": "baz" + "anchoreEnterpriseFeedsUpgradeJob.affinity.value": "bar" } expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, 'feeds': { 'feedsUpgradeJob': { 'affinity':{ 'name': 'foo', - 'value': 'bar', - 'anotherLabel.with.a.dot': 'baz' + 'value': 'bar' } } } diff --git a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeeds_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeeds_value_mapping.py index d622f560..32268e45 100644 --- a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeeds_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeeds_value_mapping.py @@ -165,15 +165,13 @@ def test_anchoreEnterpriseFeeds_tolerations_value(self): def test_anchoreEnterpriseFeeds_affinity_value(self): dot_string_dict = { "anchoreEnterpriseFeeds.affinity.name": "foo", - "anchoreEnterpriseFeeds.affinity.value": "bar", - "anchoreEnterpriseFeeds.affinity.anotherLabel.with.a.dot": "baz" + "anchoreEnterpriseFeeds.affinity.value": "bar" } expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, 'feeds': { 'affinity':{ 'name': 'foo', - 'value': 'bar', - 'anotherLabel.with.a.dot': 'baz' + 'value': 'bar' } } } diff --git a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseNotifications_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseNotifications_value_mapping.py index 29a7bfcb..a4abbbe8 100644 --- a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseNotifications_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseNotifications_value_mapping.py @@ -161,15 +161,13 @@ def test_anchoreEnterpriseNotifications_tolerations_value(self): def test_anchoreEnterpriseNotifications_affinity_value(self): dot_string_dict = { "anchoreEnterpriseNotifications.affinity.name": "foo", - "anchoreEnterpriseNotifications.affinity.value": "bar", - "anchoreEnterpriseNotifications.affinity.anotherLabel.with.a.dot": "baz" + "anchoreEnterpriseNotifications.affinity.value": "bar" } expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, 'notifications': { 'affinity':{ 'name': 'foo', - 'value': 'bar', - 'anotherLabel.with.a.dot': 'baz' + 'value': 'bar' } } } diff --git a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py index 1b8c6ec4..308d545c 100644 --- a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py @@ -153,15 +153,13 @@ def test_anchoreEnterpriseRbac_tolerations_value(self): def test_anchoreEnterpriseRbac_affinity_value(self): dot_string_dict = { "anchoreEnterpriseRbac.affinity.name": "foo", - "anchoreEnterpriseRbac.affinity.value": "bar", - "anchoreEnterpriseRbac.affinity.anotherLabel.with.a.dot": "baz" + "anchoreEnterpriseRbac.affinity.value": "bar" } expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, 'rbacManager': { 'affinity':{ 'name': 'foo', - 'value': 'bar', - 'anotherLabel.with.a.dot': 'baz' + 'value': 'bar' } } } diff --git a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseReports_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseReports_value_mapping.py index 20fad903..789ccd31 100644 --- a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseReports_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseReports_value_mapping.py @@ -161,15 +161,13 @@ def test_anchoreEnterpriseReports_tolerations_value(self): def test_anchoreEnterpriseReports_affinity_value(self): dot_string_dict = { "anchoreEnterpriseReports.affinity.name": "foo", - "anchoreEnterpriseReports.affinity.value": "bar", - "anchoreEnterpriseReports.affinity.anotherLabel.with.a.dot": "baz" + "anchoreEnterpriseReports.affinity.value": "bar" } expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, 'reports': { 'affinity':{ 'name': 'foo', - 'value': 'bar', - 'anotherLabel.with.a.dot': 'baz' + 'value': 'bar' } } } diff --git a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseUi_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseUi_value_mapping.py index 2ef88db1..57e67e72 100644 --- a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseUi_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseUi_value_mapping.py @@ -176,14 +176,12 @@ def test_anchoreEnterpriseUi_affinity_value(self): dot_string_dict = { "anchoreEnterpriseUi.affinity.name": "foo", "anchoreEnterpriseUi.affinity.value": "bar", - "anchoreEnterpriseUi.affinity.anotherLabel.with.a.dot": "baz" } expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, 'ui': { 'affinity':{ 'name': 'foo', 'value': 'bar', - 'anotherLabel.with.a.dot': 'baz' } } } diff --git a/scripts/enterprise-value-converter/tests/test_anchorePolicyEngine_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchorePolicyEngine_value_mapping.py index 17e3332f..00e1a821 100644 --- a/scripts/enterprise-value-converter/tests/test_anchorePolicyEngine_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchorePolicyEngine_value_mapping.py @@ -144,15 +144,13 @@ def test_anchorePolicyEngine_tolerations_value(self): def test_anchorePolicyEngine_affinity_value(self): dot_string_dict = { - "anchorePolicyEngine.affinity.name": "foo", - "anchorePolicyEngine.affinity.with.a.dot.name": "bar" + "anchorePolicyEngine.affinity.name": "foo" } expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, 'policyEngine': { 'affinity': { - 'name': 'foo', - 'with.a.dot.name': 'bar' + 'name': 'foo' } } } diff --git a/scripts/enterprise-value-converter/tests/test_anchoreSimpleQueue_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreSimpleQueue_value_mapping.py index 74e6bc95..69551464 100644 --- a/scripts/enterprise-value-converter/tests/test_anchoreSimpleQueue_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreSimpleQueue_value_mapping.py @@ -154,14 +154,12 @@ def test_anchoreSimpleQueue_affinity_value(self): dot_string_dict = { "anchoreSimpleQueue.affinity.name": "foo", "anchoreSimpleQueue.affinity.value": "bar", - "anchoreSimpleQueue.affinity.anotherLabel.with.a.dot": "baz" } expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, 'simpleQueue': { 'affinity':{ 'name': 'foo', 'value': 'bar', - 'anotherLabel.with.a.dot': 'baz' } } } diff --git a/stable/anchore-admission-controller/Chart.yaml b/stable/anchore-admission-controller/Chart.yaml index ddf85753..9b820450 100644 --- a/stable/anchore-admission-controller/Chart.yaml +++ b/stable/anchore-admission-controller/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: anchore-admission-controller -version: 0.4.7 -appVersion: 0.4.0 +version: 0.5.0 +appVersion: 0.5.0 description: A kubernetes admission controller for validating and mutating webhooks that operates against Anchore Engine to make access decisions and annotations home: https://github.com/anchore/kubernetes-admission-controller maintainers: diff --git a/stable/anchore-admission-controller/ci/fake-values.yaml b/stable/anchore-admission-controller/ci/fake-values.yaml index 3d1c6db8..2983ae32 100644 --- a/stable/anchore-admission-controller/ci/fake-values.yaml +++ b/stable/anchore-admission-controller/ci/fake-values.yaml @@ -4,3 +4,4 @@ credentials: password: password1 - username: user2 password: password2 +anchoreEndpoint: http://engine-anchore-engine-api:8228 diff --git a/stable/anchore-admission-controller/values.yaml b/stable/anchore-admission-controller/values.yaml index 3d1ca196..738365c5 100644 --- a/stable/anchore-admission-controller/values.yaml +++ b/stable/anchore-admission-controller/values.yaml @@ -5,7 +5,7 @@ fullnameOverride: Null replicaCount: 1 logVerbosity: 3 -image: "anchore/kubernetes-admission-controller:v0.4.0" +image: "anchore/kubernetes-admission-controller:v0.5.0" imagePullPolicy: IfNotPresent # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml index 4cb93c9a..1b65d43a 100644 --- a/stable/enterprise/Chart.yaml +++ b/stable/enterprise/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: enterprise -version: "0.2.1" +version: "0.2.2" appVersion: "4.9.3" kubeVersion: 1.23.x - 1.27.x || 1.23.x-x - 1.27.x-x description: | diff --git a/stable/enterprise/README.md b/stable/enterprise/README.md index e9fffea7..b78fbdea 100644 --- a/stable/enterprise/README.md +++ b/stable/enterprise/README.md @@ -883,7 +883,8 @@ rbacManager: | `anchoreConfig.catalog.event_log` | Event log for webhooks, YAML configuration | `{}` | | `anchoreConfig.catalog.analysis_archive` | Custom analysis archive YAML configuration | `{}` | | `anchoreConfig.catalog.object_store` | Custom object storage YAML configuration | `{}` | -| `anchoreConfig.catalog.runtime_inventory.image_ttl_days` | TTL for images in the inventory report working set | `1` | +| `anchoreConfig.catalog.runtime_inventory.image_ttl_days` | TTL for images in the inventory report working set | `120` | +| `anchoreConfig.catalog.runtime_inventory.image_ingest_overwrite` | disables the image_ttl cycle timer. | `false` | | `anchoreConfig.catalog.down_analyzer_task_requeue` | Allows fast re-queueing when image status is 'analyzing' on an analyzer that is no longer in the 'up' state | `true` | | `anchoreConfig.policy_engine.cycle_timers.feed_sync` | Interval to run a feed sync to get latest cve data | `14400` | | `anchoreConfig.policy_engine.cycle_timers.feed_sync_checker` | Interval between checks to see if there needs to be a task queued | `3600` | diff --git a/stable/enterprise/templates/envvars_configmap.yaml b/stable/enterprise/templates/envvars_configmap.yaml index 482d2bc4..17aab83b 100644 --- a/stable/enterprise/templates/envvars_configmap.yaml +++ b/stable/enterprise/templates/envvars_configmap.yaml @@ -50,15 +50,19 @@ data: ANCHORE_ENTERPRISE_REPORTS_VULNERABILITIES_BY_ECS_CONTAINER: "true" ANCHORE_ENTERPRISE_REPORTS_VULNERABILITIES_BY_K8S_CONTAINER: "true" ANCHORE_ENTERPRISE_REPORTS_VULNERABILITIES_BY_K8S_NAMESPACE: "true" - ANCHORE_ENTERPRISE_RUNTIME_INVENTORY_IMAGE_TTL_DAYS: "120" - ANCHORE_ENTERPRISE_RUNTIME_INVENTORY_IMAGE_INGEST_OVERWRITE: "false" - {{- with .Values.anchoreConfig.notifications.ui_url }} +{{- if eq (toString .Values.anchoreConfig.catalog.runtime_inventory.image_ttl_days) "-1" }} + {{- fail "The Value `-1` is no longer valid for `.Values.anchoreConfig.catalog.runtime_inventory.image_ttl_days`. Please use `.Values.anchoreConfig.catalog.runtime_inventory.image_ingest_overwrite=true` to force runtime inventory to be overwritten upon every update. `.Values.anchoreConfig.catalog.runtime_inventory.image_ttl_days` must be set to a value >1." -}} +{{- else }} + ANCHORE_ENTERPRISE_RUNTIME_INVENTORY_IMAGE_TTL_DAYS: "{{ .Values.anchoreConfig.catalog.runtime_inventory.image_ttl_days }}" + ANCHORE_ENTERPRISE_RUNTIME_INVENTORY_IMAGE_INGEST_OVERWRITE: "{{ .Values.anchoreConfig.catalog.runtime_inventory.image_ingest_overwrite }}" +{{- end }} +{{- with .Values.anchoreConfig.notifications.ui_url }} ANCHORE_ENTERPRISE_UI_URL: "{{ . }}" - {{- else }} +{{- else }} ANCHORE_ENTERPRISE_UI_URL: {{ include "enterprise.ui.fullname" . | quote }} - {{- end }} - ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED: "false" - ANCHORE_FEEDS_DRIVER_MSRC_ENABLED: "false" +{{- end }} + ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED: {{ dig "anchoreConfig" "feeds" "drivers" "github" "enabled" "false" .Values.feeds | quote }} + ANCHORE_FEEDS_DRIVER_MSRC_ENABLED: {{ dig "anchoreConfig" "feeds" "drivers" "msrc" "enabled" "false" .Values.feeds | quote }} ANCHORE_FEEDS_DRIVER_NVDV2_ENABLED: "true" ANCHORE_FEEDS_DRIVER_PACKAGES_ENABLED: "false" ANCHORE_FEEDS_SSL_VERIFY: "{{ .Values.anchoreConfig.internalServicesSSL.verifyCerts }}" diff --git a/stable/enterprise/templates/ingress.yaml b/stable/enterprise/templates/ingress.yaml index ed71ad72..ab157683 100644 --- a/stable/enterprise/templates/ingress.yaml +++ b/stable/enterprise/templates/ingress.yaml @@ -15,7 +15,7 @@ metadata: labels: {{- include "enterprise.common.labels" (merge (dict "component" $component) .) | nindent 4 }} annotations: {{- include "enterprise.common.annotations" (merge (dict "component" $component) .) | nindent 4 }} spec: -{{- if .Values.ingress.ingressClassName }} +{{- if and .Values.ingress.ingressClassName (not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class")) }} ingressClassName: {{ .Values.ingress.ingressClassName }} {{- end }} {{- if .Values.ingress.tls }} diff --git a/stable/enterprise/tests/configmap_test.yaml b/stable/enterprise/tests/configmap_test.yaml index 662459ec..3433c48e 100644 --- a/stable/enterprise/tests/configmap_test.yaml +++ b/stable/enterprise/tests/configmap_test.yaml @@ -37,3 +37,101 @@ tests: tmp_dir: /test log_level: DEBUG + + - it: should set the msrc and github drivers if set + template: templates/envvars_configmap.yaml + set: + feeds.anchoreConfig.feeds.drivers.github.enabled: true + feeds.anchoreConfig.feeds.drivers.msrc.enabled: true + asserts: + - equal: + path: data["ANCHORE_FEEDS_DRIVER_MSRC_ENABLED"] + value: "true" + - equal: + path: data["ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED"] + value: "true" + + - it: should not throw a templating error if feeds.something is set but drivers are not + template: templates/envvars_configmap.yaml + set: + feeds.chartEnabled: false + asserts: + - equal: + path: data["ANCHORE_FEEDS_DRIVER_MSRC_ENABLED"] + value: "false" + - equal: + path: data["ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED"] + value: "false" + + - it: should set the msrc and github drivers if set differently + template: templates/envvars_configmap.yaml + set: + feeds.anchoreConfig.feeds.drivers.github.enabled: false + feeds.anchoreConfig.feeds.drivers.msrc.enabled: true + asserts: + - equal: + path: data["ANCHORE_FEEDS_DRIVER_MSRC_ENABLED"] + value: "true" + - equal: + path: data["ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED"] + value: "false" + + - it: should not throw a templating error if feeds.anchoreConfig.something is set but drivers are not + template: templates/envvars_configmap.yaml + set: + feeds.anchoreConfig.log_level: ERROR + asserts: + - equal: + path: data["ANCHORE_FEEDS_DRIVER_MSRC_ENABLED"] + value: "false" + - equal: + path: data["ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED"] + value: "false" + + - it: should not throw a templating error if feeds.anchoreConfig.feeds.something is set but drivers are not + template: templates/envvars_configmap.yaml + set: + feeds.anchoreConfig.feeds.cycle_timers.driver_sync: 9001 + asserts: + - equal: + path: data["ANCHORE_FEEDS_DRIVER_MSRC_ENABLED"] + value: "false" + - equal: + path: data["ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED"] + value: "false" + + - it: should not throw a templating error if feeds.anchoreConfig.feeds.drivers.something is set but github and msrc drivers are not + template: templates/envvars_configmap.yaml + set: + feeds.anchoreConfig.feeds.drivers.npm.enabled: true + asserts: + - equal: + path: data["ANCHORE_FEEDS_DRIVER_MSRC_ENABLED"] + value: "false" + - equal: + path: data["ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED"] + value: "false" + + - it: should set the msrc and github drivers correctly if only one is set + template: templates/envvars_configmap.yaml + set: + feeds.anchoreConfig.feeds.drivers.github.enabled: true + asserts: + - equal: + path: data["ANCHORE_FEEDS_DRIVER_MSRC_ENABLED"] + value: "false" + - equal: + path: data["ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED"] + value: "true" + + - it: should set the msrc and github drivers correctly if only the other is set + template: templates/envvars_configmap.yaml + set: + feeds.anchoreConfig.feeds.drivers.msrc.enabled: true + asserts: + - equal: + path: data["ANCHORE_FEEDS_DRIVER_MSRC_ENABLED"] + value: "true" + - equal: + path: data["ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED"] + value: "false" \ No newline at end of file diff --git a/stable/enterprise/tests/ingress_resources_test.yaml b/stable/enterprise/tests/ingress_resources_test.yaml new file mode 100644 index 00000000..11e157f2 --- /dev/null +++ b/stable/enterprise/tests/ingress_resources_test.yaml @@ -0,0 +1,30 @@ +suite: Ingress Resources Tests +templates: + - ingress.yaml +release: + name: test-release + namespace: test-namespace +chart: + version: 9.9.9 + appVersion: 9.9.9 + +tests: + - it: should render classname if annotation is not set + set: + ingress.enabled: true + template: ingress.yaml + asserts: + - equal: + path: spec.ingressClassName + value: nginx + + - it: should not render classname if annotation is set + set: + ingress.enabled: true + ingress: + annotations: + "kubernetes.io/ingress.class": "nginx" + template: ingress.yaml + asserts: + - notExists: + path: spec.ingressClassName diff --git a/stable/enterprise/values.yaml b/stable/enterprise/values.yaml index e07c9e14..f71ef032 100644 --- a/stable/enterprise/values.yaml +++ b/stable/enterprise/values.yaml @@ -478,10 +478,14 @@ anchoreConfig: config: {} ## @param anchoreConfig.catalog.runtime_inventory.image_ttl_days TTL for images in the inventory report working set + ## @param anchoreConfig.catalog.runtime_inventory.image_ingest_overwrite disables the image_ttl cycle timer. + ## When `image_ingest_overwrite=true` upon ingestion of inventory, removes anything previously reported by the namespace and only keep the latest inventory posted. + ## This new config value is used instead of setting `image_ttl_days=-1` ## ref: https://docs.anchore.com/current/docs/configuration/runtime_inventory/ ## runtime_inventory: - image_ttl_days: 1 + image_ttl_days: 120 + image_ingest_overwrite: false ## @param anchoreConfig.catalog.down_analyzer_task_requeue Allows fast re-queueing when image status is 'analyzing' on an analyzer that is no longer in the 'up' state ##