From fac223a9c10a301b74d6da916091f69738eeb302 Mon Sep 17 00:00:00 2001 From: Arvind Somya Date: Mon, 11 Mar 2024 17:34:03 -0400 Subject: [PATCH] feat: remove all references to rbac-manager (#198) removing all templates, config and references to the rbac-manager service Signed-off-by: Arvind Somya --- ...est_anchoreEnterpriseRbac_value_mapping.py | 266 ---------------- stable/enterprise/Chart.yaml | 2 +- stable/enterprise/README.md | 27 +- stable/enterprise/files/default_config.yaml | 11 - stable/enterprise/templates/_names.tpl | 5 - .../templates/rbacmanager_deployment.yaml | 71 ----- stable/enterprise/templates/ui_configmap.yaml | 1 - .../__snapshot__/configmap_test.yaml.snap | 13 +- .../enterprise/tests/common_helpers_test.yaml | 18 -- .../tests/rbacmanager_resources_test.yaml | 293 ------------------ stable/enterprise/values.yaml | 60 ---- 11 files changed, 3 insertions(+), 764 deletions(-) delete mode 100644 scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py delete mode 100644 stable/enterprise/templates/rbacmanager_deployment.yaml delete mode 100644 stable/enterprise/tests/rbacmanager_resources_test.yaml diff --git a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py deleted file mode 100644 index 92565dc4..00000000 --- a/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py +++ /dev/null @@ -1,266 +0,0 @@ -import os -import shutil -import unittest -from helpers import ( - replace_keys_with_mappings, -) - -class TestReplaceKeysWithMappingsCatalog(unittest.TestCase): - def setUp(self): - self.results_dir = "test_results_dir" - - def tearDown(self): - if os.path.exists(self.results_dir): - shutil.rmtree(self.results_dir) - - def test_anchoreEnterpriseRbac_replicaCount_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.replicaCount": 2, - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'replicaCount': 2 - } - } - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) - - - def test_anchoreEnterpriseRbac_resources_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.resources.limits.cpu": 1, - "anchoreEnterpriseRbac.resources.limits.memory": "4G", - "anchoreEnterpriseRbac.resources.requests.cpu": 1, - "anchoreEnterpriseRbac.resources.requests.memory": "1G" - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'resources': { - 'limits': { - 'cpu': 1, - 'memory': '4G' - }, - 'requests': { - 'cpu': 1, - 'memory': '1G' - } - } - } - } - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) - - - def test_anchoreEnterpriseRbac_labels_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.labels.myLabel": "myValue", - "anchoreEnterpriseRbac.labels.myOtherLabel": "myOtherValue", - "anchoreEnterpriseRbac.labels.anotherLabel.with.a.dot": "qux" - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'labels': - { - 'myLabel': 'myValue', - 'myOtherLabel': 'myOtherValue', - 'anotherLabel.with.a.dot': 'qux' - } - } - } - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) - - def test_anchoreEnterpriseRbac_annotations_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.annotations.foo": "bar", - "anchoreEnterpriseRbac.annotations.bar": "baz", - "anchoreEnterpriseRbac.annotations.anotherLabel.with.a.dot": "qux" - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'annotations': - { - 'foo': 'bar', - 'bar': 'baz', - 'anotherLabel.with.a.dot': 'qux' - } - - } - } - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) - - def test_anchoreEnterpriseRbac_deploymentAnnotations_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.deploymentAnnotations.foo": "bar", - "anchoreEnterpriseRbac.deploymentAnnotations.bar": "baz", - "anchoreEnterpriseRbac.deploymentAnnotations.anotherLabel.with.a.dot": "qux" - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'deploymentAnnotations': - { - 'foo': 'bar', - 'bar': 'baz', - 'anotherLabel.with.a.dot': 'qux' - } - } - } - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) - - def test_anchoreEnterpriseRbac_nodeSelector_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.nodeSelector.name": "foo", - "anchoreEnterpriseRbac.nodeSelector.value": "bar", - "anchoreEnterpriseRbac.nodeSelector.anotherLabel.with.a.dot": "baz" - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'nodeSelector': - { - 'name': 'foo', - 'value': 'bar', - 'anotherLabel.with.a.dot': 'baz' - } - } - } - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) - - def test_anchoreEnterpriseRbac_tolerations_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.tolerations": [ - { - "name": "foo", - "value": "bar" - } - ] - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'tolerations': [ - { - 'name': 'foo', - 'value': 'bar' - } - ] - } - } - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) - - def test_anchoreEnterpriseRbac_affinity_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.affinity.name": "foo", - "anchoreEnterpriseRbac.affinity.value": "bar" - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'affinity':{ - 'name': 'foo', - 'value': 'bar' - } - } - } - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) - - def test_anchoreEnterpriseRbac_extraEnv_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.extraEnv": [ - { - "name": "foo", - "value": "bar" - } - ] - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'extraEnv': [ - { - "name": "foo", - "value": "bar" - } - ] - }, - } - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - - self.assertEqual(result[0], expected_result) - - def test_anchoreEnterpriseRbac_serviceAccountName_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.serviceAccountName": "Null" - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'serviceAccountName': "Null" - } - } - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) - - - def test_anchoreEnterpriseRbac_service_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.service.name": "Null", - "anchoreEnterpriseRbac.service.type": "ClusterIP", - "anchoreEnterpriseRbac.service.managerPort": 8082, - "anchoreEnterpriseRbac.service.annotations.foo": "bar", - "anchoreEnterpriseRbac.service.annotations.bar": "baz", - "anchoreEnterpriseRbac.service.annotations.anotherLabel.with.a.dot": "qux", - "anchoreEnterpriseRbac.service.labels": {}, - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'service': { - 'name': 'Null', - 'type': 'ClusterIP', - 'port': 8082, - 'annotations': { - 'foo': 'bar', - 'bar': 'baz', - 'anotherLabel.with.a.dot': 'qux' - }, - 'labels': {} - } - } - } - - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) - -# enabled: true - def test_anchoreEnterpriseRbac_enabled_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.enabled": True # deprecated - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},} - - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) - - def test_anchoreEnterpriseRbac_managerResources_value(self): - dot_string_dict = { - "anchoreEnterpriseRbac.managerResources.limits.cpu": 1, - "anchoreEnterpriseRbac.managerResources.limits.memory": "1G", - "anchoreEnterpriseRbac.managerResources.requests.cpu": "100m", - "anchoreEnterpriseRbac.managerResources.requests.memory": "256M" - } - expected_result = { 'postgresql': {'auth': {'username': 'anchoreengine'}}, 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}, - 'rbacManager': { - 'resources': { - 'limits': { - 'cpu': 1, - 'memory': '1G' - }, - 'requests': { - 'cpu': '100m', - 'memory': '256M' - } - } - } - } - result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml index e504af5b..6f2e0b9f 100644 --- a/stable/enterprise/Chart.yaml +++ b/stable/enterprise/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: enterprise -version: "2.4.2" +version: "2.4.3" appVersion: "5.3.0" kubeVersion: 1.23.x - 1.28.x || 1.23.x-x - 1.29.x-x description: | diff --git a/stable/enterprise/README.md b/stable/enterprise/README.md index 52089840..17c3a23e 100644 --- a/stable/enterprise/README.md +++ b/stable/enterprise/README.md @@ -419,7 +419,7 @@ stringData: [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) serves as the gateway to expose HTTP and HTTPS routes from outside the Kubernetes cluster to services within it. Routing is governed by rules specified in the Ingress resource. Kubernetes supports a variety of ingress controllers, such as AWS ALB and GCE controllers. -This Helm chart includes a foundational ingress configuration that is customizable. You can expose various Anchore Enterprise external APIs, including the core API, UI, reporting, RBAC, and feeds, by editing the `ingress` section in your values file. +This Helm chart includes a foundational ingress configuration that is customizable. You can expose various Anchore Enterprise external APIs, including the core API, UI, reporting, and feeds, by editing the `ingress` section in your values file. Ingress is disabled by default in this Helm chart. To enable it, along with the [NGINX ingress controller](https://kubernetes.github.io/ingress-nginx/) for core API and UI routes, set the `ingress.enabled` value to `true`. @@ -582,11 +582,6 @@ spec: interval: 30s path: /metrics scheme: http - # RBAC manager - - targetPort: 8229 - interval: 30s - path: /metrics - scheme: http ``` ### Scaling Individual Services @@ -687,7 +682,6 @@ The Anchore Enterprise Helm chart introduces several changes to the deployment c - `-anchore-engine-catalog` -> `-enterprise-catalog` - `-anchore-engine-enterprise-feeds` -> `-feeds` - `-anchore-engine-enterprise-notifications` -> `-enterprise-notifications` - - `-anchore-engine-enterprise-rbac` -> `-enterprise-rbac-manager` - `-anchore-engine-enterprise-reports` -> `-enterprise-reports` - `-anchore-engine-enterprise-ui` -> `-enterprise-ui` - `-anchore-engine-policy` -> `-enterprise-policy` @@ -1177,25 +1171,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `policyEngine.scratchVolume.details` | Details for the k8s volume to be created for Anchore Policy Engine scratch space | `{}` | -### Anchore RBAC Manager Parameters - -| Name | Description | Value | -| --------------------------------- | ------------------------------------------------------------- | ----------- | -| `rbacManager.replicaCount` | Number of replicas for the Anchore RBAC Manager deployment | `1` | -| `rbacManager.service.type` | Service type for Anchore RBAC Manager | `ClusterIP` | -| `rbacManager.service.port` | Service port for Anchore RBAC Manager | `8229` | -| `rbacManager.service.annotations` | Annotations for Anchore RBAC Manager service | `{}` | -| `rbacManager.service.labels` | Labels for Anchore RBAC Manager service | `{}` | -| `rbacManager.service.nodePort` | nodePort for Anchore RBAC Manager service | `""` | -| `rbacManager.extraEnv` | Set extra environment variables for Anchore RBAC Manager pods | `[]` | -| `rbacManager.resources` | Resource requests and limits for Anchore RBAC Manager pods | `{}` | -| `rbacManager.labels` | Labels for Anchore RBAC Manager pods | `{}` | -| `rbacManager.annotations` | Annotation for Anchore RBAC Manager pods | `{}` | -| `rbacManager.nodeSelector` | Node labels for Anchore RBAC Manager pod assignment | `{}` | -| `rbacManager.tolerations` | Tolerations for Anchore RBAC Manager pod assignment | `[]` | -| `rbacManager.affinity` | Affinity for Anchore RBAC Manager pod assignment | `{}` | -| `rbacManager.serviceAccountName` | Service account name for Anchore RBAC Manager pods | `""` | - ### Anchore Reports Parameters | Name | Description | Value | diff --git a/stable/enterprise/files/default_config.yaml b/stable/enterprise/files/default_config.yaml index 2c8b6b8a..b6744018 100644 --- a/stable/enterprise/files/default_config.yaml +++ b/stable/enterprise/files/default_config.yaml @@ -200,17 +200,6 @@ services: ssl_cert: ${ANCHORE_SSL_CERT} ssl_key: ${ANCHORE_SSL_KEY} - rbac_manager: - enabled: true - require_auth: true - endpoint_hostname: ${ANCHORE_ENDPOINT_HOSTNAME} - listen: '0.0.0.0' - port: ${ANCHORE_PORT} - max_request_threads: ${ANCHORE_MAX_REQUEST_THREADS} - ssl_enable: ${ANCHORE_SSL_ENABLED} - ssl_cert: ${ANCHORE_SSL_CERT} - ssl_key: ${ANCHORE_SSL_KEY} - reports: enabled: true require_auth: true diff --git a/stable/enterprise/templates/_names.tpl b/stable/enterprise/templates/_names.tpl index ef8fd399..ec057737 100644 --- a/stable/enterprise/templates/_names.tpl +++ b/stable/enterprise/templates/_names.tpl @@ -37,11 +37,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s-%s" .Release.Name $name "policy"| trunc 63 | trimSuffix "-" -}} {{- end -}} -{{- define "enterprise.rbacManager.fullname" -}} -{{- $name := default .Chart.Name .Values.global.nameOverride -}} -{{- printf "%s-%s-%s" .Release.Name $name "rbac-manager"| trunc 63 | trimSuffix "-" -}} -{{- end -}} - {{- define "enterprise.reports.fullname" -}} {{- $name := default .Chart.Name .Values.global.nameOverride -}} {{- printf "%s-%s-%s" .Release.Name $name "reports"| trunc 63 | trimSuffix "-" -}} diff --git a/stable/enterprise/templates/rbacmanager_deployment.yaml b/stable/enterprise/templates/rbacmanager_deployment.yaml deleted file mode 100644 index 53af96c2..00000000 --- a/stable/enterprise/templates/rbacmanager_deployment.yaml +++ /dev/null @@ -1,71 +0,0 @@ -{{- $component := "rbacManager" -}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "enterprise.rbacManager.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "enterprise.common.labels" (merge (dict "component" $component) .) | nindent 4 }} - annotations: {{- include "enterprise.common.annotations" (merge (dict "component" $component) .) | nindent 4 }} -spec: - selector: - matchLabels: {{- include "enterprise.common.matchLabels" (merge (dict "component" $component) .) | nindent 6 }} - replicas: {{ .Values.rbacManager.replicaCount }} - strategy: - type: Recreate - template: - metadata: - labels: {{- include "enterprise.common.labels" (merge (dict "component" $component) .) | nindent 8 }} - annotations: {{- include "enterprise.common.annotations" (merge (dict "component" $component "nil" true) .) | nindent 8 }} - {{- if and (not .Values.injectSecretsViaEnv) (not .Values.useExistingSecrets) }} - checksum/secrets: {{ include (print $.Template.BasePath "/anchore_secret.yaml") . | sha256sum }} - {{- end }} - checksum/enterprise-config: {{ include (print $.Template.BasePath "/anchore_configmap.yaml") . | sha256sum }} - spec: - {{- include "enterprise.common.podSpec" (merge (dict "component" $component) .) | indent 6 }} - volumes: {{- include "enterprise.common.volumes" . | nindent 8 }} - containers: - {{- if .Values.cloudsql.enabled }} - {{- include "enterprise.common.cloudsqlContainer" . | nindent 8 }} - {{- end }} - - name: "{{ .Chart.Name }}-{{ $component | lower }}" - image: {{ .Values.image }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - {{- with .Values.containerSecurityContext }} - securityContext: - {{ toYaml . | nindent 12 }} - {{- end }} - command: ["/bin/sh", "-c"] - args: - - {{ print (include "enterprise.common.dockerEntrypoint" .) }} rbac_manager - ports: - - containerPort: {{ .Values.rbacManager.service.port }} - name: {{ $component | lower }} - envFrom: {{- include "enterprise.common.envFrom" . | nindent 12 }} - env: {{- include "enterprise.common.environment" (merge (dict "component" $component) .) | nindent 12 }} - volumeMounts: {{- include "enterprise.common.volumeMounts" . | nindent 12 }} - livenessProbe: {{- include "enterprise.common.livenessProbe" (merge (dict "component" $component) .) | nindent 12 }} - readinessProbe: {{- include "enterprise.common.readinessProbe" (merge (dict "component" $component) .) | nindent 12 }} - {{- with .Values.rbacManager.resources }} - resources: {{- toYaml . | nindent 12 }} - {{- end }} - ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "enterprise.rbacManager.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "enterprise.common.labels" (merge (dict "component" $component) .) | nindent 4 }} - annotations: {{- include "enterprise.common.annotations" (merge (dict "component" $component) .) | nindent 4 }} -spec: - type: {{ .Values.rbacManager.service.type }} - ports: - - name: {{ $component | lower }} - port: {{ .Values.rbacManager.service.port }} - targetPort: {{ .Values.rbacManager.service.port }} - protocol: TCP - {{ include "enterprise.service.nodePort" (merge (dict "component" $component) .) }} - selector: - app.kubernetes.io/name: {{ template "enterprise.fullname" . }} - app.kubernetes.io/component: {{ $component | lower }} diff --git a/stable/enterprise/templates/ui_configmap.yaml b/stable/enterprise/templates/ui_configmap.yaml index 2957a1d1..6bd7d196 100644 --- a/stable/enterprise/templates/ui_configmap.yaml +++ b/stable/enterprise/templates/ui_configmap.yaml @@ -28,7 +28,6 @@ data: {{- end }} reports_uri: '{{- include "enterprise.setProtocol" . -}}://{{- template "enterprise.api.fullname" . -}}:{{- .Values.api.service.port -}}/v2' notifications_uri: '{{- include "enterprise.setProtocol" . -}}://{{- template "enterprise.api.fullname" . -}}:{{- .Values.api.service.port -}}/v2' - rbac_uri: '{{- include "enterprise.setProtocol" . -}}://{{- template "enterprise.api.fullname" . -}}:{{- .Values.api.service.port -}}/v2' enterprise_uri: '{{- include "enterprise.setProtocol" . -}}://{{- template "enterprise.api.fullname" . -}}:{{- .Values.api.service.port -}}/v2' # redis_uri: overridden in deployment using the `ANCHORE_REDIS_URI` environment variable # appdb_uri: overridden in deployment using the `ANCHORE_APPDB_URI` environment variable diff --git a/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap b/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap index 764816b8..2e1ee3a3 100644 --- a/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap +++ b/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap @@ -265,17 +265,6 @@ should render the configmaps: ssl_cert: ${ANCHORE_SSL_CERT} ssl_key: ${ANCHORE_SSL_KEY} - rbac_manager: - enabled: true - require_auth: true - endpoint_hostname: ${ANCHORE_ENDPOINT_HOSTNAME} - listen: '0.0.0.0' - port: ${ANCHORE_PORT} - max_request_threads: ${ANCHORE_MAX_REQUEST_THREADS} - ssl_enable: ${ANCHORE_SSL_ENABLED} - ssl_cert: ${ANCHORE_SSL_CERT} - ssl_key: ${ANCHORE_SSL_KEY} - reports: enabled: true require_auth: true @@ -522,7 +511,7 @@ should render the configmaps: 6: | apiVersion: v1 data: - config-ui.yaml: "# Anchore UI configuration\nreports_uri: 'http://test-release-enterprise-api:8228/v2'\nnotifications_uri: 'http://test-release-enterprise-api:8228/v2'\nrbac_uri: 'http://test-release-enterprise-api:8228/v2'\nenterprise_uri: 'http://test-release-enterprise-api:8228/v2'\n# redis_uri: overridden in deployment using the `ANCHORE_REDIS_URI` environment variable\n# appdb_uri: overridden in deployment using the `ANCHORE_APPDB_URI` environment variable\nlicense_path: '/home/anchore/'\nenable_ssl: false\nenable_proxy: false\nallow_shared_login: true\nredis_flushdb: true\nforce_websocket: false\nauthentication_lock:\n count: 5\n expires: 300\nappdb_config: \n native: true\n pool:\n acquire: 30000\n idle: 10000\n max: 10\n min: 0\nlog_level: 'http'\nenrich_inventory_view: true\nenable_prometheus_metrics: false\n" + config-ui.yaml: "# Anchore UI configuration\nreports_uri: 'http://test-release-enterprise-api:8228/v2'\nnotifications_uri: 'http://test-release-enterprise-api:8228/v2'\nenterprise_uri: 'http://test-release-enterprise-api:8228/v2'\n# redis_uri: overridden in deployment using the `ANCHORE_REDIS_URI` environment variable\n# appdb_uri: overridden in deployment using the `ANCHORE_APPDB_URI` environment variable\nlicense_path: '/home/anchore/'\nenable_ssl: false\nenable_proxy: false\nallow_shared_login: true\nredis_flushdb: true\nforce_websocket: false\nauthentication_lock:\n count: 5\n expires: 300\nappdb_config: \n native: true\n pool:\n acquire: 30000\n idle: 10000\n max: 10\n min: 0\nlog_level: 'http'\nenrich_inventory_view: true\nenable_prometheus_metrics: false\n" kind: ConfigMap metadata: annotations: diff --git a/stable/enterprise/tests/common_helpers_test.yaml b/stable/enterprise/tests/common_helpers_test.yaml index f6b5c630..5bf220bb 100644 --- a/stable/enterprise/tests/common_helpers_test.yaml +++ b/stable/enterprise/tests/common_helpers_test.yaml @@ -5,7 +5,6 @@ templates: - catalog_deployment.yaml - notifications_deployment.yaml - policyengine_deployment.yaml - - rbacmanager_deployment.yaml - reports_deployment.yaml - reportsworker_deployment.yaml - simplequeue_deployment.yaml @@ -29,7 +28,6 @@ backend_test_templates: &backend_test_templates - catalog_deployment.yaml - notifications_deployment.yaml - policyengine_deployment.yaml - - rbacmanager_deployment.yaml - reports_deployment.yaml - reportsworker_deployment.yaml - simplequeue_deployment.yaml @@ -40,7 +38,6 @@ test_templates: &test_templates - catalog_deployment.yaml - notifications_deployment.yaml - policyengine_deployment.yaml - - rbacmanager_deployment.yaml - reports_deployment.yaml - reportsworker_deployment.yaml - simplequeue_deployment.yaml @@ -53,7 +50,6 @@ deployment_templates: &deployment_templates - catalog_deployment.yaml - notifications_deployment.yaml - policyengine_deployment.yaml - - rbacmanager_deployment.yaml - reports_deployment.yaml - reportsworker_deployment.yaml - simplequeue_deployment.yaml @@ -136,7 +132,6 @@ tests: - catalog_deployment.yaml - notifications_deployment.yaml - policyengine_deployment.yaml - - rbacmanager_deployment.yaml - reports_deployment.yaml - simplequeue_deployment.yaml - hooks/pre-upgrade/upgrade_job.yaml @@ -161,7 +156,6 @@ tests: - catalog_deployment.yaml - notifications_deployment.yaml - policyengine_deployment.yaml - - rbacmanager_deployment.yaml - reports_deployment.yaml - simplequeue_deployment.yaml - hooks/pre-upgrade/upgrade_job.yaml @@ -187,7 +181,6 @@ tests: - catalog_deployment.yaml - notifications_deployment.yaml - policyengine_deployment.yaml - - rbacmanager_deployment.yaml - reports_deployment.yaml - simplequeue_deployment.yaml - hooks/pre-upgrade/upgrade_job.yaml @@ -622,7 +615,6 @@ tests: - catalog_deployment.yaml - notifications_deployment.yaml - policyengine_deployment.yaml - - rbacmanager_deployment.yaml - reports_deployment.yaml - reportsworker_deployment.yaml - simplequeue_deployment.yaml @@ -641,7 +633,6 @@ tests: - catalog_deployment.yaml - notifications_deployment.yaml - policyengine_deployment.yaml - - rbacmanager_deployment.yaml - reports_deployment.yaml - reportsworker_deployment.yaml - simplequeue_deployment.yaml @@ -1018,9 +1009,6 @@ tests: - matchRegex: path: data["config-ui.yaml"] pattern: "enterprise_uri: 'http://test-release-enterprise-api:8228/v2'" - - matchRegex: - path: data["config-ui.yaml"] - pattern: "rbac_uri: 'http://test-release-enterprise-api:8228/v2'" - matchRegex: path: data["config-ui.yaml"] pattern: "notifications_uri: 'http://test-release-enterprise-api:8228/v2'" @@ -1038,9 +1026,6 @@ tests: - matchRegex: path: data["config-ui.yaml"] pattern: "enterprise_uri: 'https://test-release-enterprise-api:8228/v2'" - - matchRegex: - path: data["config-ui.yaml"] - pattern: "rbac_uri: 'https://test-release-enterprise-api:8228/v2'" - matchRegex: path: data["config-ui.yaml"] pattern: "notifications_uri: 'https://test-release-enterprise-api:8228/v2'" @@ -1054,7 +1039,6 @@ tests: catalog.service.nodePort: 9999 notifications.service.nodePort: 9999 policyEngine.service.nodePort: 9999 - rbacManager.service.nodePort: 9999 reports.service.nodePort: 9999 reportsWorker.service.nodePort: 9999 simpleQueue.service.nodePort: 9999 @@ -1064,7 +1048,6 @@ tests: - catalog_deployment.yaml - notifications_deployment.yaml - policyengine_deployment.yaml - - rbacmanager_deployment.yaml - reports_deployment.yaml - reportsworker_deployment.yaml - simplequeue_deployment.yaml @@ -1084,7 +1067,6 @@ tests: - catalog_deployment.yaml - notifications_deployment.yaml - policyengine_deployment.yaml - - rbacmanager_deployment.yaml - reports_deployment.yaml - reportsworker_deployment.yaml - simplequeue_deployment.yaml diff --git a/stable/enterprise/tests/rbacmanager_resources_test.yaml b/stable/enterprise/tests/rbacmanager_resources_test.yaml deleted file mode 100644 index 01a1c81d..00000000 --- a/stable/enterprise/tests/rbacmanager_resources_test.yaml +++ /dev/null @@ -1,293 +0,0 @@ -suite: RBACManager Resources Tests -templates: - - rbacmanager_deployment.yaml - - anchore_secret.yaml - - anchore_configmap.yaml -release: - name: test-release - namespace: test-namespace -chart: - version: 9.9.9 - appVersion: 9.9.9 - -tests: - - it: should set the correct resource names - template: rbacmanager_deployment.yaml - asserts: - - equal: - path: metadata.name - value: test-release-enterprise-rbac-manager - - - it: should render component labels - template: rbacmanager_deployment.yaml - set: - rbacManager.labels: - rbacManager: test - test: foobar - asserts: - - isSubset: - path: metadata.labels - content: - rbacManager: test - test: foobar - - isSubset: - path: spec.template.metadata.labels - content: - rbacManager: test - test: foobar - template: rbacmanager_deployment.yaml - documentIndex: 0 - - - it: should render component annotations - template: rbacmanager_deployment.yaml - set: - rbacManager.annotations: - rbacManager: test - test: foobar - asserts: - - isSubset: - path: metadata.annotations - content: - rbacManager: test - test: foobar - - isSubset: - path: spec.template.metadata.annotations - content: - rbacManager: test - test: foobar - template: rbacmanager_deployment.yaml - documentIndex: 0 - - - it: should render component matchLabels - template: rbacmanager_deployment.yaml - documentIndex: 0 - asserts: - - isSubset: - path: spec.selector.matchLabels - content: - app.kubernetes.io/name: test-release-enterprise - app.kubernetes.io/component: rbacmanager - - - it: should render component replica count - template: rbacmanager_deployment.yaml - documentIndex: 0 - set: - rbacManager.replicaCount: 2 - asserts: - - equal: - path: spec.replicas - value: 2 - - - it: should render component serviceAccountName - template: rbacmanager_deployment.yaml - documentIndex: 0 - set: - rbacManager.serviceAccountName: rbacManager-test - asserts: - - equal: - path: spec.template.spec.serviceAccountName - value: rbacManager-test - - - it: should render component serviceAccountName even when global serviceAccountName is set - template: rbacmanager_deployment.yaml - documentIndex: 0 - set: - serviceAccountName: global-test - rbacManager.serviceAccountName: rbacManager-test - asserts: - - equal: - path: spec.template.spec.serviceAccountName - value: rbacManager-test - - - it: should render component nodeSelector - template: rbacmanager_deployment.yaml - documentIndex: 0 - set: - rbacManager.nodeSelector: - rbacManager: test - asserts: - - isSubset: - path: spec.template.spec.nodeSelector - content: - rbacManager: test - - - it: should render component affinity - template: rbacmanager_deployment.yaml - documentIndex: 0 - set: - rbacManager.affinity: - rbacManager: test - asserts: - - isSubset: - path: spec.template.spec.affinity - content: - rbacManager: test - - - it: should render component tolerations - template: rbacmanager_deployment.yaml - documentIndex: 0 - set: - rbacManager.tolerations: - - key: "rbacManager" - operator: "Equal" - value: "test" - effect: "NoSchedule" - asserts: - - contains: - path: spec.template.spec.tolerations - content: - key: "rbacManager" - operator: "Equal" - value: "test" - effect: "NoSchedule" - count: 1 - - - it: should render component container name - template: rbacmanager_deployment.yaml - documentIndex: 0 - asserts: - - equal: - path: spec.template.spec.containers[0].name - value: enterprise-rbacmanager - - - it: should render component entrypoint args - template: rbacmanager_deployment.yaml - documentIndex: 0 - asserts: - - matchRegex: - path: spec.template.spec.containers[0].args[0] - pattern: ^/docker-entrypoint\.sh anchore-enterprise-manager service start --no-auto-upgrade rbac_manager$ - count: 1 - - - it: should render rbacManager component environment variables - template: rbacmanager_deployment.yaml - documentIndex: 0 - set: - rbacManager.extraEnv: - - name: rbacManager - value: test - - name: test - value: foobar - asserts: - - contains: - path: spec.template.spec.containers[0].env - content: - name: ANCHORE_ENDPOINT_HOSTNAME - value: test-release-enterprise-rbac-manager - count: 1 - - contains: - path: spec.template.spec.containers[0].env - content: - name: ANCHORE_PORT - value: "8229" - count: 1 - - contains: - path: spec.template.spec.containers[0].env - content: - name: rbacManager - value: test - count: 1 - - contains: - path: spec.template.spec.containers[0].env - content: - name: test - value: foobar - - - it: should render component ports - template: rbacmanager_deployment.yaml - documentIndex: 0 - asserts: - - contains: - path: spec.template.spec.containers[0].ports - content: - name: rbacmanager - containerPort: 8229 - count: 1 - - - it: should render component probes - template: rbacmanager_deployment.yaml - documentIndex: 0 - asserts: - - isSubset: - path: spec.template.spec.containers[0].livenessProbe - content: - httpGet: - path: /health - port: rbacmanager - scheme: HTTP - initialDelaySeconds: 120 - timeoutSeconds: 10 - periodSeconds: 10 - failureThreshold: 6 - successThreshold: 1 - count: 1 - - isSubset: - path: spec.template.spec.containers[0].readinessProbe - content: - httpGet: - path: /health - port: rbacmanager - scheme: HTTP - timeoutSeconds: 10 - periodSeconds: 10 - failureThreshold: 3 - successThreshold: 1 - count: 1 - - - it: should render component resource requests & limits - template: rbacmanager_deployment.yaml - documentIndex: 0 - set: - rbacManager.resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 200m - memory: 256Mi - asserts: - - isSubset: - path: spec.template.spec.containers[0].resources.requests - content: - cpu: 100m - memory: 128Mi - count: 1 - - isSubset: - path: spec.template.spec.containers[0].resources.limits - content: - cpu: 200m - memory: 256Mi - count: 1 - - - it: should render component service type - template: rbacmanager_deployment.yaml - documentIndex: 1 - asserts: - - equal: - path: spec.type - value: ClusterIP - count: 1 - - - it: should render component service ports - template: rbacmanager_deployment.yaml - documentIndex: 1 - asserts: - - contains: - path: spec.ports - content: - name: rbacmanager - port: 8229 - targetPort: 8229 - protocol: TCP - count: 1 - - - it: should render component service selectors - template: rbacmanager_deployment.yaml - documentIndex: 1 - asserts: - - isSubset: - path: spec.selector - content: - app.kubernetes.io/name: test-release-enterprise - app.kubernetes.io/component: rbacmanager - count: 1 diff --git a/stable/enterprise/values.yaml b/stable/enterprise/values.yaml index 183b1c90..395fc497 100644 --- a/stable/enterprise/values.yaml +++ b/stable/enterprise/values.yaml @@ -1006,66 +1006,6 @@ policyEngine: scratchVolume: details: {} -########################################### -## @section Anchore RBAC Manager Parameters -########################################### -rbacManager: - ## @param rbacManager.replicaCount Number of replicas for the Anchore RBAC Manager deployment - ## - replicaCount: 1 - - ## @param rbacManager.service.type Service type for Anchore RBAC Manager - ## @param rbacManager.service.port Service port for Anchore RBAC Manager - ## @param rbacManager.service.annotations Annotations for Anchore RBAC Manager service - ## @param rbacManager.service.labels Labels for Anchore RBAC Manager service - ## @param rbacManager.service.nodePort nodePort for Anchore RBAC Manager service - ## - service: - type: ClusterIP - port: 8229 - annotations: {} - labels: {} - nodePort: "" - - ## @param rbacManager.extraEnv Set extra environment variables for Anchore RBAC Manager pods - ## - extraEnv: [] - - ## @param rbacManager.resources Resource requests and limits for Anchore RBAC Manager pods - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - ## Commented values below are just a suggested baseline. Contact Anchore support for deployment specific recommendations. - ## - resources: {} - # requests: - # cpu: 100m - # memory: 500Mi - # limits: - # memory: 500Mi - - ## @param rbacManager.labels Labels for Anchore RBAC Manager pods - ## - labels: {} - - ## @param rbacManager.annotations Annotation for Anchore RBAC Manager pods - ## - annotations: {} - - ## @param rbacManager.nodeSelector Node labels for Anchore RBAC Manager pod assignment - ## - nodeSelector: {} - - ## @param rbacManager.tolerations Tolerations for Anchore RBAC Manager pod assignment - ## - tolerations: [] - - ## @param rbacManager.affinity Affinity for Anchore RBAC Manager pod assignment - ## - affinity: {} - - ## @param rbacManager.serviceAccountName Service account name for Anchore RBAC Manager pods - ## - serviceAccountName: "" - ######################################## ## @section Anchore Reports Parameters ########################################