diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index 9e8b5d7de..b65404946 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -346,7 +346,7 @@ polaris: conftest: # imageRef the image reference - imageRef: docker.io/openpolicyagent/conftest:v0.25.0 + imageRef: docker.io/openpolicyagent/conftest:v0.28.2 # resources resource requests and limits resources: requests: diff --git a/docs/design/design_associating_rego_policies_with_k8s_resources.md b/docs/design/design_associating_rego_policies_with_k8s_resources.md index 17db64436..cb9589279 100644 --- a/docs/design/design_associating_rego_policies_with_k8s_resources.md +++ b/docs/design/design_associating_rego_policies_with_k8s_resources.md @@ -50,7 +50,7 @@ metadata: namespace: starboard-operator name: starboard-conftest-config data: - conftest.imageRef: openpolicyagent/conftest:v0.25.0 + conftest.imageRef: openpolicyagent/conftest:v0.28.2 conftest.resources.requests.cpu: 50 conftest.resources.requests.memory: 50M conftest.resources.limits.cpu: 300m @@ -84,7 +84,7 @@ metadata: # Introduce a way to version configuration schema. starboard.plugin.config.version: "v2" data: - conftest.imageRef: openpolicyagent/conftest:v0.25.0 + conftest.imageRef: openpolicyagent/conftest:v0.28.2 conftest.resources.requests.cpu: 50 conftest.resources.requests.memory: 50M conftest.resources.limits.cpu: 300m diff --git a/docs/integrations/config-checkers/conftest.md b/docs/integrations/config-checkers/conftest.md index 37bcdae3c..57bd5edcc 100644 --- a/docs/integrations/config-checkers/conftest.md +++ b/docs/integrations/config-checkers/conftest.md @@ -58,7 +58,7 @@ As an example, let's create the `starboard-conftest-config` ConfigMap with [file ``` kubectl create configmap starboard-conftest-config -n \ - --from-literal=conftest.imageRef=openpolicyagent/conftest:v0.25.0 \ + --from-literal=conftest.imageRef=openpolicyagent/conftest:v0.28.2 \ --from-file=conftest.library.kubernetes.rego=kubernetes/lib/kubernetes.rego \ --from-file=conftest.library.utils.rego=kubernetes/lib/utils.rego \ --from-file=conftest.policy.file_system_not_read_only.rego=kubernetes/policies/general/file_system_not_read_only.rego \ @@ -137,7 +137,7 @@ report: | CONFIGMAP KEY | DEFAULT | DESCRIPTION | | ------------------------------------ | -------------------------------------------- | ----------- | -| `conftest.imageRef` | `docker.io/openpolicyagent/conftest:v0.25.0` | Conftest image reference | +| `conftest.imageRef` | `docker.io/openpolicyagent/conftest:v0.28.2` | Conftest image reference | | `conftest.resources.requests.cpu` | `50m` | The minimum amount of CPU required to run Conftest scanner pod. | | `conftest.resources.requests.memory` | `50M` | The minimum amount of memory required to run Conftest scanner pod. | | `conftest.resources.limits.cpu` | `300m` | The maximum amount of CPU allowed to run Conftest scanner pod. | diff --git a/itest/matcher/matcher.go b/itest/matcher/matcher.go index 55c322ad1..7a5fffbeb 100644 --- a/itest/matcher/matcher.go +++ b/itest/matcher/matcher.go @@ -31,7 +31,7 @@ var ( conftestScanner = v1alpha1.Scanner{ Name: "Conftest", Vendor: "Open Policy Agent", - Version: "v0.25.0", + Version: "v0.28.2", } ) diff --git a/itest/starboard-operator/configauditreport/conftest/suite_test.go b/itest/starboard-operator/configauditreport/conftest/suite_test.go index b7a77ab6a..42b54cdd7 100644 --- a/itest/starboard-operator/configauditreport/conftest/suite_test.go +++ b/itest/starboard-operator/configauditreport/conftest/suite_test.go @@ -99,7 +99,7 @@ var _ = BeforeSuite(func() { }, Data: map[string]string{ "configAuditReports.scanner": "Conftest", - "conftest.imageRef": "docker.io/openpolicyagent/conftest:v0.25.0", + "conftest.imageRef": "docker.io/openpolicyagent/conftest:v0.28.2", }, } err = kubeClient.Create(context.Background(), starboardCM) @@ -111,7 +111,7 @@ var _ = BeforeSuite(func() { Name: starboard.GetPluginConfigMapName("Conftest"), }, Data: map[string]string{ - "conftest.imageRef": "docker.io/openpolicyagent/conftest:v0.25.0", + "conftest.imageRef": "docker.io/openpolicyagent/conftest:v0.28.2", "conftest.policy.runs_as_root.rego": runAsRootPolicy, "conftest.policy.runs_as_root.kinds": "Workload", diff --git a/itest/starboard/suite_test.go b/itest/starboard/suite_test.go index b09d99c1a..96f1e71a0 100644 --- a/itest/starboard/suite_test.go +++ b/itest/starboard/suite_test.go @@ -46,7 +46,7 @@ var ( Namespace: "starboard", }, Data: map[string]string{ - "conftest.imageRef": "docker.io/openpolicyagent/conftest:v0.25.0", + "conftest.imageRef": "docker.io/openpolicyagent/conftest:v0.28.2", "conftest.policy.runs_as_root.kinds": "Workload", "conftest.policy.runs_as_root.rego": ` package main diff --git a/pkg/plugin/conftest/plugin.go b/pkg/plugin/conftest/plugin.go index cbac3bd52..f9020a99a 100644 --- a/pkg/plugin/conftest/plugin.go +++ b/pkg/plugin/conftest/plugin.go @@ -221,7 +221,7 @@ func (p *plugin) IsApplicable(ctx starboard.PluginContext, obj client.Object) (b func (p *plugin) Init(ctx starboard.PluginContext) error { return ctx.EnsureConfig(starboard.PluginConfig{ Data: map[string]string{ - keyImageRef: "openpolicyagent/conftest:v0.25.0", + keyImageRef: "openpolicyagent/conftest:v0.28.2", keyResourcesRequestsCPU: "50m", keyResourcesRequestsMemory: "50M", keyResourcesLimitsCPU: "300m", diff --git a/pkg/plugin/conftest/plugin_test.go b/pkg/plugin/conftest/plugin_test.go index e77ae0b16..fd7100da2 100644 --- a/pkg/plugin/conftest/plugin_test.go +++ b/pkg/plugin/conftest/plugin_test.go @@ -178,7 +178,7 @@ func TestPlugin_IsApplicable(t *testing.T) { { name: "Should return false if there are no policies", configData: map[string]string{ - "conftest.imageRef": "openpolicyagent/conftest:v0.25.0", + "conftest.imageRef": "openpolicyagent/conftest:v0.28.2", }, obj: &corev1.Pod{ TypeMeta: metav1.TypeMeta{ @@ -191,7 +191,7 @@ func TestPlugin_IsApplicable(t *testing.T) { { name: "Should return true if there is at least one policy", configData: map[string]string{ - "conftest.imageRef": "openpolicyagent/conftest:v0.25.0", + "conftest.imageRef": "openpolicyagent/conftest:v0.28.2", "conftest.policy.kubernetes.kinds": "Pod", "conftest.policy.kubernetes.rego": `package main @@ -285,7 +285,7 @@ func TestPlugin_Init(t *testing.T) { ResourceVersion: "1", }, Data: map[string]string{ - "conftest.imageRef": "openpolicyagent/conftest:v0.25.0", + "conftest.imageRef": "openpolicyagent/conftest:v0.28.2", "conftest.resources.requests.cpu": "50m", "conftest.resources.requests.memory": "50M", "conftest.resources.limits.cpu": "300m", @@ -305,7 +305,7 @@ func TestPlugin_Init(t *testing.T) { ResourceVersion: "0", }, Data: map[string]string{ - "conftest.imageRef": "openpolicyagent/conftest:v0.25.0", + "conftest.imageRef": "openpolicyagent/conftest:v0.28.2", }, }).Build() @@ -337,7 +337,7 @@ func TestPlugin_Init(t *testing.T) { ResourceVersion: "0", }, Data: map[string]string{ - "conftest.imageRef": "openpolicyagent/conftest:v0.25.0", + "conftest.imageRef": "openpolicyagent/conftest:v0.28.2", }, })) }) @@ -607,7 +607,7 @@ func TestPlugin_ParseConfigAuditReportData(t *testing.T) { Namespace: "starboard-ns", }, Data: map[string]string{ - "conftest.imageRef": "openpolicyagent/conftest:v0.25.0", + "conftest.imageRef": "openpolicyagent/conftest:v0.28.2", }, }).Build()). Get() @@ -628,7 +628,7 @@ func TestPlugin_ParseConfigAuditReportData(t *testing.T) { "Scanner": Equal(v1alpha1.Scanner{ Name: "Conftest", Vendor: "Open Policy Agent", - Version: "v0.25.0", + Version: "v0.28.2", }), "Summary": Equal(v1alpha1.ConfigAuditSummary{ DangerCount: 6,