From 1560e1b3742ae35258ebecf09baca904cc07ff1f Mon Sep 17 00:00:00 2001 From: Hung Nguyen Date: Thu, 11 Apr 2024 12:40:49 -0400 Subject: [PATCH 1/3] adding updates for feeds from 5.4.1 Signed-off-by: Hung Nguyen --- stable/feeds/Chart.yaml | 4 +- stable/feeds/files/default_config.yaml | 51 ++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 2 deletions(-) diff --git a/stable/feeds/Chart.yaml b/stable/feeds/Chart.yaml index 2d50e449..671f894a 100644 --- a/stable/feeds/Chart.yaml +++ b/stable/feeds/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: feeds type: application -version: "2.4.1" -appVersion: "5.4.0" +version: "2.4.2" +appVersion: "5.4.1" kubeVersion: 1.23.x - 1.27.x || 1.23.x-x - 1.29.x-x description: Anchore feeds service keywords: diff --git a/stable/feeds/files/default_config.yaml b/stable/feeds/files/default_config.yaml index 956135e0..2db8efa2 100644 --- a/stable/feeds/files/default_config.yaml +++ b/stable/feeds/files/default_config.yaml @@ -73,8 +73,16 @@ services: drivers: amzn: enabled: ${ANCHORE_FEEDS_DRIVER_AMAZON_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_AMAZON_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_AMAZON_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_AMAZON_PROVIDER_IMPORT_RESULTS_PATH}" alpine: enabled: ${ANCHORE_FEEDS_DRIVER_ALPINE_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_ALPINE_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_ALPINE_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_ALPINE_PROVIDER_IMPORT_RESULTS_PATH}" centos: enabled: false debian: @@ -82,8 +90,16 @@ services: {{- with .Values.anchoreConfig.feeds.drivers.debian.releases }} releases: {{- toYaml . | nindent 10 }} {{- end }} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_DEBIAN_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_DEBIAN_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_DEBIAN_PROVIDER_IMPORT_RESULTS_PATH}" ol: enabled: ${ANCHORE_FEEDS_DRIVER_OL_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_ORACLE_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_ORACLE_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_ORACLE_PROVIDER_IMPORT_RESULTS_PATH}" ubuntu: enabled: ${ANCHORE_FEEDS_DRIVER_UBUNTU_ENABLED} git_url: ${ANCHORE_FEEDS_DRIVER_UBUNTU_URL} @@ -91,9 +107,17 @@ services: {{- with .Values.anchoreConfig.feeds.drivers.ubuntu.releases }} releases: {{- toYaml . | nindent 10 }} {{- end }} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_UBUNTU_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_UBUNTU_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_UBUNTU_PROVIDER_IMPORT_RESULTS_PATH}" rhel: enabled: ${ANCHORE_FEEDS_DRIVER_RHEL_ENABLED} concurrency: ${ANCHORE_FEEDS_DRIVER_RHEL_CONCURRENCY} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_RHEL_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_RHEL_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_RHEL_PROVIDER_IMPORT_RESULTS_PATH}" npm: enabled: ${ANCHORE_FEEDS_DRIVER_NPM_ENABLED} gem: @@ -104,8 +128,19 @@ services: nvdv2: enabled: ${ANCHORE_FEEDS_DRIVER_NVDV2_ENABLED} api_key: ${ANCHORE_NVD_API_KEY} + overrides: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_NVD_PROVIDER_OVERRIDES_ENABLED}" + url: "${ANCHORE_ENTERPRISE_FEEDS_NVD_PROVIDER_OVERRIDES_URL}" + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_NVD_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_NVD_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_NVD_PROVIDER_IMPORT_RESULTS_PATH}" mariner: enabled: ${ANCHORE_FEEDS_DRIVER_MARINER_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_MARINER_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_MARINER_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_MARINER_PROVIDER_IMPORT_RESULTS_PATH}" msrc: enabled: ${ANCHORE_FEEDS_DRIVER_MSRC_ENABLED} {{- with .Values.anchoreConfig.feeds.drivers.msrc.whitelist }} @@ -115,6 +150,10 @@ services: github: enabled: ${ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED} token: ${ANCHORE_GITHUB_TOKEN} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_GITHUB_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_GITHUB_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_GITHUB_PROVIDER_IMPORT_RESULTS_PATH}" grypedb: enabled: ${ANCHORE_FEEDS_DRIVER_GRYPEDB_ENABLED} external_feeds_url: ${ANCHORE_FEEDS_EXTERNAL_URL} @@ -125,9 +164,21 @@ services: restore_provider_workspaces: ${ANCHORE_FEEDS_GRYPEDB_RESTORE_WORKSPACE} sles: enabled: ${ANCHORE_FEEDS_DRIVER_SLES_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_SLES_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_SLES_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_SLES_PROVIDER_IMPORT_RESULTS_PATH}" anchore_match_exclusions: enabled: ${ANCHORE_FEEDS_DRIVER_MATCH_EXCLUSIONS} wolfi: enabled: ${ANCHORE_FEEDS_DRIVER_WOLFI_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_WOLFI_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_WOLFI_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_WOLFI_PROVIDER_IMPORT_RESULTS_PATH}" chainguard: enabled: ${ANCHORE_FEEDS_DRIVER_CHAINGUARD_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_CHAINGUARD_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_CHAINGUARD_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_CHAINGUARD_PROVIDER_IMPORT_RESULTS_PATH}" From e239768a564229b8b78dbdd7f9835d96af3b7b67 Mon Sep 17 00:00:00 2001 From: Hung Nguyen Date: Thu, 11 Apr 2024 13:37:12 -0400 Subject: [PATCH 2/3] updating tests Signed-off-by: Hung Nguyen --- .../__snapshot__/configmap_test.yaml.snap | 51 +++++++++++++++++++ .../prehook_upgrade_resources_test.yaml.snap | 2 +- stable/feeds/values.yaml | 2 +- 3 files changed, 53 insertions(+), 2 deletions(-) diff --git a/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap b/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap index 3a3ff1ce..2361fcbf 100644 --- a/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap +++ b/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap @@ -74,21 +74,45 @@ should render the configmaps: drivers: amzn: enabled: ${ANCHORE_FEEDS_DRIVER_AMAZON_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_AMAZON_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_AMAZON_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_AMAZON_PROVIDER_IMPORT_RESULTS_PATH}" alpine: enabled: ${ANCHORE_FEEDS_DRIVER_ALPINE_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_ALPINE_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_ALPINE_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_ALPINE_PROVIDER_IMPORT_RESULTS_PATH}" centos: enabled: false debian: enabled: ${ANCHORE_FEEDS_DRIVER_DEBIAN_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_DEBIAN_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_DEBIAN_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_DEBIAN_PROVIDER_IMPORT_RESULTS_PATH}" ol: enabled: ${ANCHORE_FEEDS_DRIVER_OL_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_ORACLE_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_ORACLE_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_ORACLE_PROVIDER_IMPORT_RESULTS_PATH}" ubuntu: enabled: ${ANCHORE_FEEDS_DRIVER_UBUNTU_ENABLED} git_url: ${ANCHORE_FEEDS_DRIVER_UBUNTU_URL} git_branch: ${ANCHORE_FEEDS_DRIVER_UBUNTU_BRANCH} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_UBUNTU_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_UBUNTU_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_UBUNTU_PROVIDER_IMPORT_RESULTS_PATH}" rhel: enabled: ${ANCHORE_FEEDS_DRIVER_RHEL_ENABLED} concurrency: ${ANCHORE_FEEDS_DRIVER_RHEL_CONCURRENCY} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_RHEL_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_RHEL_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_RHEL_PROVIDER_IMPORT_RESULTS_PATH}" npm: enabled: ${ANCHORE_FEEDS_DRIVER_NPM_ENABLED} gem: @@ -96,13 +120,28 @@ should render the configmaps: nvdv2: enabled: ${ANCHORE_FEEDS_DRIVER_NVDV2_ENABLED} api_key: ${ANCHORE_NVD_API_KEY} + overrides: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_NVD_PROVIDER_OVERRIDES_ENABLED}" + url: "${ANCHORE_ENTERPRISE_FEEDS_NVD_PROVIDER_OVERRIDES_URL}" + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_NVD_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_NVD_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_NVD_PROVIDER_IMPORT_RESULTS_PATH}" mariner: enabled: ${ANCHORE_FEEDS_DRIVER_MARINER_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_MARINER_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_MARINER_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_MARINER_PROVIDER_IMPORT_RESULTS_PATH}" msrc: enabled: ${ANCHORE_FEEDS_DRIVER_MSRC_ENABLED} github: enabled: ${ANCHORE_FEEDS_DRIVER_GITHUB_ENABLED} token: ${ANCHORE_GITHUB_TOKEN} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_GITHUB_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_GITHUB_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_GITHUB_PROVIDER_IMPORT_RESULTS_PATH}" grypedb: enabled: ${ANCHORE_FEEDS_DRIVER_GRYPEDB_ENABLED} external_feeds_url: ${ANCHORE_FEEDS_EXTERNAL_URL} @@ -113,12 +152,24 @@ should render the configmaps: restore_provider_workspaces: ${ANCHORE_FEEDS_GRYPEDB_RESTORE_WORKSPACE} sles: enabled: ${ANCHORE_FEEDS_DRIVER_SLES_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_SLES_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_SLES_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_SLES_PROVIDER_IMPORT_RESULTS_PATH}" anchore_match_exclusions: enabled: ${ANCHORE_FEEDS_DRIVER_MATCH_EXCLUSIONS} wolfi: enabled: ${ANCHORE_FEEDS_DRIVER_WOLFI_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_WOLFI_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_WOLFI_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_WOLFI_PROVIDER_IMPORT_RESULTS_PATH}" chainguard: enabled: ${ANCHORE_FEEDS_DRIVER_CHAINGUARD_ENABLED} + import_results: + enabled: "${ANCHORE_ENTERPRISE_FEEDS_CHAINGUARD_PROVIDER_IMPORT_RESULTS_ENABLED}" + host: "${ANCHORE_ENTERPRISE_FEEDS_CHAINGUARD_PROVIDER_IMPORT_RESULTS_HOST}" + path: "${ANCHORE_ENTERPRISE_FEEDS_CHAINGUARD_PROVIDER_IMPORT_RESULTS_PATH}" kind: ConfigMap metadata: annotations: diff --git a/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap b/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap index b68b53ca..0e4b8336 100644 --- a/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap +++ b/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap @@ -143,6 +143,6 @@ should render proper initContainers: value: test-release-feeds - name: ANCHORE_PORT value: "8448" - image: docker.io/anchore/enterprise:v5.4.0 + image: docker.io/anchore/enterprise-dev:v5.4.1-rc0 imagePullPolicy: IfNotPresent name: wait-for-db diff --git a/stable/feeds/values.yaml b/stable/feeds/values.yaml index d8e126a4..131dbbf8 100644 --- a/stable/feeds/values.yaml +++ b/stable/feeds/values.yaml @@ -21,7 +21,7 @@ nameOverride: "" ## @param image Image used for feeds deployment ## -image: docker.io/anchore/enterprise:v5.4.0 +image: docker.io/anchore/enterprise-dev:v5.4.1-rc0 ## @param imagePullPolicy Image pull policy used by all deployments ## ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy From f5c820d711ed46f88f409d7ca9c4d56746509d92 Mon Sep 17 00:00:00 2001 From: Hung Nguyen Date: Mon, 15 Apr 2024 16:22:23 -0400 Subject: [PATCH 3/3] bumping image version for feeds to 5.4.1 Signed-off-by: Hung Nguyen --- stable/feeds/README.md | 8 +------- .../__snapshot__/prehook_upgrade_resources_test.yaml.snap | 2 +- stable/feeds/values.yaml | 2 +- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/stable/feeds/README.md b/stable/feeds/README.md index 613bfccc..05304411 100644 --- a/stable/feeds/README.md +++ b/stable/feeds/README.md @@ -313,7 +313,7 @@ anchoreConfig: | `url` | Set a custom feeds URL. Useful when using a feeds service endpoint that is external from the cluster. | `""` | | `fullnameOverride` | overrides the fullname set on resources | `""` | | `nameOverride` | overrides the name set on resources | `""` | -| `image` | Image used for feeds deployment | `docker.io/anchore/enterprise:v5.4.0` | +| `image` | Image used for feeds deployment | `docker.io/anchore/enterprise:v5.4.1` | | `imagePullPolicy` | Image pull policy used by all deployments | `IfNotPresent` | | `imagePullSecretName` | Name of Docker credentials secret for access to private repos | `anchore-enterprise-pullcreds` | | `serviceAccountName` | Name of a service account used to run all Feeds pods | `""` | @@ -368,7 +368,6 @@ anchoreConfig: | `configOverride` | Allows for overriding the default Anchore configuration file | `{}` | | `scripts` | Collection of helper scripts usable in all anchore enterprise pods | `{}` | - ### Anchore Feeds Configuration Parameters | Name | Description | Value | @@ -408,7 +407,6 @@ anchoreConfig: | `anchoreConfig.feeds.drivers.github.enabled` | Enable GitHub advisory feeds (requires GitHub PAT) | `false` | | `anchoreConfig.feeds.drivers.github.token` | GitHub developer personal access token with zero permission scopes | `""` | - ### Anchore Feeds Database Parameters | Name | Description | Value | @@ -423,7 +421,6 @@ anchoreConfig: | `feeds-db.primary.extraEnvVars` | An array to add extra environment variables | `[]` | | `feeds-db.image.tag` | Specifies the image to use for this chart. | `13.11.0-debian-11-r15` | - ### Feeds Gem Database Parameters | Name | Description | Value | @@ -438,7 +435,6 @@ anchoreConfig: | `gem-db.primary.extraEnvVars` | An array to add extra environment variables | `[]` | | `gem-db.image.tag` | Specifies the image to use for this chart. | `13.11.0-debian-11-r15` | - ### Anchore Feeds Upgrade Job Parameters | Name | Description | Value | @@ -457,7 +453,6 @@ anchoreConfig: | `feedsUpgradeJob.resources` | Resources for the Anchore Feeds upgrade job | `{}` | | `feedsUpgradeJob.ttlSecondsAfterFinished` | The time period in seconds the upgrade job, and it's related pods should be retained for | `-1` | - ### Ingress Parameters | Name | Description | Value | @@ -470,7 +465,6 @@ anchoreConfig: | `ingress.tls` | Configure tls for the ingress resource | `[]` | | `ingress.ingressClassName` | sets the ingress class name. As of k8s v1.18, this should be nginx | `nginx` | - ### Google CloudSQL DB Parameters | Name | Description | Value | diff --git a/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap b/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap index 0e4b8336..cf3ff883 100644 --- a/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap +++ b/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap @@ -143,6 +143,6 @@ should render proper initContainers: value: test-release-feeds - name: ANCHORE_PORT value: "8448" - image: docker.io/anchore/enterprise-dev:v5.4.1-rc0 + image: docker.io/anchore/enterprise:v5.4.1 imagePullPolicy: IfNotPresent name: wait-for-db diff --git a/stable/feeds/values.yaml b/stable/feeds/values.yaml index 131dbbf8..694a93f0 100644 --- a/stable/feeds/values.yaml +++ b/stable/feeds/values.yaml @@ -21,7 +21,7 @@ nameOverride: "" ## @param image Image used for feeds deployment ## -image: docker.io/anchore/enterprise-dev:v5.4.1-rc0 +image: docker.io/anchore/enterprise:v5.4.1 ## @param imagePullPolicy Image pull policy used by all deployments ## ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy