Merge branch 'develop' into prometheus-support

sse-secure-systems · Feb 8, 2022 · 64848b8 · 64848b8
2 parents 1498adc + 6845fe7
commit 64848b8
Show file tree

Hide file tree

Showing 12 changed files with 38 additions and 24 deletions.
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 NAMESPACE = connaisseur
 IMAGE := $(shell yq e '.deployment.image' helm/values.yaml)
-COSIGN_VERSION = 1.5.0
+COSIGN_VERSION = 1.5.1
 
 .PHONY: all docker install unistall upgrade annihilate
 

diff --git a/connaisseur/workload_object.py b/connaisseur/workload_object.py
@@ -58,8 +58,13 @@ def parent_containers(self):
             name = owner["name"]
             uid = owner["uid"]
 
+            if api_version == "v1":
+                rest_path = "api"
+            else:
+                rest_path = "apis"
+
             parent = k_api.request_kube_api(
-                f"apis/{api_version}/namespaces/{self.namespace}/{kind}/{name}"
+                f"{rest_path}/{api_version}/namespaces/{self.namespace}/{kind}/{name}"
             )
 
             if parent["metadata"]["uid"] != uid:

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -10,15 +10,15 @@ COPY requirements.txt /requirements.txt
 RUN YARL_NO_EXTENSIONS=1 MULTIDICT_NO_EXTENSIONS=1 pip install --no-cache-dir --prefix=/install -r /requirements.txt
 
 # Load and verify Cosign
-FROM debian:buster-slim as cosign_loader
+FROM debian:bullseye-slim as cosign_loader
 
 SHELL ["/bin/bash", "-c"]
 ARG COSIGN_VERSION
 WORKDIR /go/cosign
 COPY docker/release-cosign.pub /go/cosign/release-cosign.pub
 
 RUN apt-get update \
- && apt-get install -y --no-install-recommends openssl=1.1.\* libssl1.1=1.1.\* ca-certificates=20200601\* wget=1.20.\* \
+ && apt-get install -y --no-install-recommends openssl=1.1.\* libssl1.1=1.1.\* ca-certificates=20210119\* wget=1.21\* \
  && wget -nv https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-linux-amd64 \
  && wget -nv https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-linux-amd64.sig \
  && openssl dgst -sha256 -verify release-cosign.pub -signature <(base64 -d cosign-linux-amd64.sig) cosign-linux-amd64 \

diff --git a/docs/overrides/main.html b/docs/overrides/main.html
@@ -6,3 +6,8 @@
         <center>&#11088; <strong> If you like Connaisseur, give it a star on <a href="https://github.com/sse-secure-systems/connaisseur">GitHub</a> or share your <a href="https://github.com/sse-secure-systems/connaisseur/discussions">feedback</a>!</strong> &#11088;</center>
 {% endblock %}
 
+{% block outdated %}
+You're not viewing the docs of the latest version.
+<a href="{{ '../' ~ base_url  }}"><strong>Click here to go to the latest version.</strong></a>
+{% endblock %}
+
diff --git a/docs/requirements_docs.txt b/docs/requirements_docs.txt
@@ -1,2 +1,2 @@
-mkdocs-material~=8.1.7
+mkdocs-material~=8.1.10
 mike~=1.1.2
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: connaisseur
 description: Helm chart for Connaisseur - a Kubernetes admission controller to integrate container image signature verification and trust pinning into a cluster.
 type: application
-version: 1.2.0
-appVersion: 2.4.0
+version: 1.2.1
+appVersion: 2.4.1
 keywords:
   - container image
   - signature

diff --git a/helm/templates/role.yaml b/helm/templates/role.yaml
@@ -7,7 +7,7 @@ metadata:
     {{- include "helm.labels" . | nindent 4 }}
 rules:
 - apiGroups: ["*"]
-  resources: ["deployments", "pods", "replicacontrollers", "replicasets", "daemonsets", "statefulsets", "jobs", "cronjobs", "imagepolicies", "mutatingwebhookconfigurations"]
+  resources: ["deployments", "pods", "replicationcontrollers", "replicasets", "daemonsets", "statefulsets", "jobs", "cronjobs", "imagepolicies", "mutatingwebhookconfigurations"]
   verbs: ["get"]
 {{- if .Values.deployment.podSecurityPolicy }}
 {{- if .Values.deployment.podSecurityPolicy.enabled }}

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -1,7 +1,7 @@
 # configure Connaisseur deployment
 deployment:
   replicasCount: 3
-  image: securesystemsengineering/connaisseur:v2.4.0
+  image: securesystemsengineering/connaisseur:v2.4.1
   imagePullPolicy: IfNotPresent
   # imagePullSecrets contains an optional list of Kubernetes Secrets, in Connaisseur namespace,
   # that are needed to access the registry containing Connaisseur image.

diff --git a/requirements_dev.txt b/requirements_dev.txt
@@ -2,9 +2,9 @@
 aioresponses~=0.7.3
 parsedatetime~=2.6
 pylint~=2.12.2
-pytest-asyncio~=0.17.2
+pytest-asyncio~=0.18.0
 pytest-cov~=3.0.0
-pytest-mock~=3.6.1
-pytest-subprocess~=1.3.2
+pytest-mock~=3.7.0
+pytest-subprocess~=1.4.0
 requests-mock~=1.9.3
-setuptools~=60.5.0
+setuptools~=60.8.1
diff --git a/scripts/changelogger.py b/scripts/changelogger.py
@@ -1,10 +1,9 @@
-import re
 import requests
-import json
 import subprocess
 import time
 import argparse
 import base64
+import logging
 
 sep = "@@__CHGLOG__@@"
 delim = "@@__CHGLOG_DELIMITER__@@"
@@ -28,8 +27,13 @@ class Commit:
     def __init__(self, hash_: str, sub_cat_: str, token: str = None):
         self.hash_ = hash_.strip()
         cat_sub_split = sub_cat_.split(":", 1)
-        self.subject_ = cat_sub_split[1].strip()
-        self.categories_ = cat_sub_split[0].split("/")
+        try:
+            self.subject_ = ":".join(cat_sub_split[1:]).strip()
+            self.categories_ = cat_sub_split[0].split("/")
+        except IndexError:
+            logging.warn("Non semantic commit")
+            self.subject_ = cat_sub_split[0]
+            self.categories_ = ["none"]
         self.token = token
         self.pr_ = self.get_pr_link()
 

diff --git a/tests/integration/deployments/stresstest.yaml b/tests/integration/deployments/stresstest.yaml
@@ -32,7 +32,7 @@ spec:
     - name: container2
       image: redis
     - name: container3
-      image: node
+      image: mongo
     - name: container4
       image: nginx
     - name: container5
@@ -56,7 +56,7 @@ spec:
     - name: container2
       image: redis
     - name: container3
-      image: node
+      image: mongo
     - name: container4
       image: nginx
     - name: container5
@@ -87,7 +87,7 @@ spec:
     - name: container2
       image: redis
     - name: container3
-      image: node
+      image: mongo
     - name: container4
       image: nginx
   initContainers:
@@ -112,12 +112,12 @@ spec:
     - name: container2
       image: redis
     - name: container3
-      image: node
+      image: mongo
   initContainers:
     - name: init1
       image: busybox
       command: ['sh', '-c', 'sleep 3600']
     - name: init2
       image: redis
     - name: init3
-      image: node
+      image: mongo
diff --git a/tests/validators/cosign/test_cosign_validator.py b/tests/validators/cosign/test_cosign_validator.py
@@ -84,7 +84,7 @@ def mock_add_kill_fake_process(monkeypatch):
     def mock_kill(self):
         return
 
-    pytest_subprocess.core.FakePopen.kill = mock_kill
+    pytest_subprocess.fake_popen.FakePopen.kill = mock_kill
 
 
 @pytest.mark.parametrize("index", [0, 1, 2])
@@ -313,7 +313,7 @@ def callback_function(input):
         stdin_callable=callback_function,
     )
 
-    mock_kill = mocker.patch("pytest_subprocess.core.FakePopen.kill")
+    mock_kill = mocker.patch("pytest_subprocess.fake_popen.FakePopen.kill")
 
     with pytest.raises(exc.CosignTimeout) as err: