diff --git a/Makefile b/Makefile
index a6d77d538..00d4ccdbc 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
NAMESPACE = connaisseur
IMAGE := $(shell yq e '.deployment.image' helm/values.yaml)
-COSIGN_VERSION = 1.5.0
+COSIGN_VERSION = 1.5.1
.PHONY: all docker install unistall upgrade annihilate
diff --git a/connaisseur/workload_object.py b/connaisseur/workload_object.py
index ee510ae70..e14535fd0 100644
--- a/connaisseur/workload_object.py
+++ b/connaisseur/workload_object.py
@@ -58,8 +58,13 @@ def parent_containers(self):
name = owner["name"]
uid = owner["uid"]
+ if api_version == "v1":
+ rest_path = "api"
+ else:
+ rest_path = "apis"
+
parent = k_api.request_kube_api(
- f"apis/{api_version}/namespaces/{self.namespace}/{kind}/{name}"
+ f"{rest_path}/{api_version}/namespaces/{self.namespace}/{kind}/{name}"
)
if parent["metadata"]["uid"] != uid:
diff --git a/docker/Dockerfile b/docker/Dockerfile
index c84536d26..a2ac532e4 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -10,7 +10,7 @@ COPY requirements.txt /requirements.txt
RUN YARL_NO_EXTENSIONS=1 MULTIDICT_NO_EXTENSIONS=1 pip install --no-cache-dir --prefix=/install -r /requirements.txt
# Load and verify Cosign
-FROM debian:buster-slim as cosign_loader
+FROM debian:bullseye-slim as cosign_loader
SHELL ["/bin/bash", "-c"]
ARG COSIGN_VERSION
@@ -18,7 +18,7 @@ WORKDIR /go/cosign
COPY docker/release-cosign.pub /go/cosign/release-cosign.pub
RUN apt-get update \
- && apt-get install -y --no-install-recommends openssl=1.1.\* libssl1.1=1.1.\* ca-certificates=20200601\* wget=1.20.\* \
+ && apt-get install -y --no-install-recommends openssl=1.1.\* libssl1.1=1.1.\* ca-certificates=20210119\* wget=1.21\* \
&& wget -nv https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-linux-amd64 \
&& wget -nv https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-linux-amd64.sig \
&& openssl dgst -sha256 -verify release-cosign.pub -signature <(base64 -d cosign-linux-amd64.sig) cosign-linux-amd64 \
diff --git a/docs/overrides/main.html b/docs/overrides/main.html
index 0d26e528a..d7fcea546 100644
--- a/docs/overrides/main.html
+++ b/docs/overrides/main.html
@@ -6,3 +6,8 @@
⭐ If you like Connaisseur, give it a star on GitHub or share your feedback! ⭐
{% endblock %}
+{% block outdated %}
+You're not viewing the docs of the latest version.
+Click here to go to the latest version.
+{% endblock %}
+
diff --git a/docs/requirements_docs.txt b/docs/requirements_docs.txt
index e9bba949d..7dc8600f8 100644
--- a/docs/requirements_docs.txt
+++ b/docs/requirements_docs.txt
@@ -1,2 +1,2 @@
-mkdocs-material~=8.1.7
+mkdocs-material~=8.1.10
mike~=1.1.2
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
index 9c1f6d5bc..27de00e4c 100644
--- a/helm/Chart.yaml
+++ b/helm/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
name: connaisseur
description: Helm chart for Connaisseur - a Kubernetes admission controller to integrate container image signature verification and trust pinning into a cluster.
type: application
-version: 1.2.0
-appVersion: 2.4.0
+version: 1.2.1
+appVersion: 2.4.1
keywords:
- container image
- signature
diff --git a/helm/templates/role.yaml b/helm/templates/role.yaml
index 26c184405..68f2aec92 100644
--- a/helm/templates/role.yaml
+++ b/helm/templates/role.yaml
@@ -7,7 +7,7 @@ metadata:
{{- include "helm.labels" . | nindent 4 }}
rules:
- apiGroups: ["*"]
- resources: ["deployments", "pods", "replicacontrollers", "replicasets", "daemonsets", "statefulsets", "jobs", "cronjobs", "imagepolicies", "mutatingwebhookconfigurations"]
+ resources: ["deployments", "pods", "replicationcontrollers", "replicasets", "daemonsets", "statefulsets", "jobs", "cronjobs", "imagepolicies", "mutatingwebhookconfigurations"]
verbs: ["get"]
{{- if .Values.deployment.podSecurityPolicy }}
{{- if .Values.deployment.podSecurityPolicy.enabled }}
diff --git a/helm/values.yaml b/helm/values.yaml
index e6f5f6334..a14e1968a 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -1,7 +1,7 @@
# configure Connaisseur deployment
deployment:
replicasCount: 3
- image: securesystemsengineering/connaisseur:v2.4.0
+ image: securesystemsengineering/connaisseur:v2.4.1
imagePullPolicy: IfNotPresent
# imagePullSecrets contains an optional list of Kubernetes Secrets, in Connaisseur namespace,
# that are needed to access the registry containing Connaisseur image.
diff --git a/requirements_dev.txt b/requirements_dev.txt
index 84cb14111..bda9db304 100644
--- a/requirements_dev.txt
+++ b/requirements_dev.txt
@@ -2,9 +2,9 @@
aioresponses~=0.7.3
parsedatetime~=2.6
pylint~=2.12.2
-pytest-asyncio~=0.17.2
+pytest-asyncio~=0.18.0
pytest-cov~=3.0.0
-pytest-mock~=3.6.1
-pytest-subprocess~=1.3.2
+pytest-mock~=3.7.0
+pytest-subprocess~=1.4.0
requests-mock~=1.9.3
-setuptools~=60.5.0
+setuptools~=60.8.1
diff --git a/scripts/changelogger.py b/scripts/changelogger.py
index 5244b6c6c..d18e68838 100644
--- a/scripts/changelogger.py
+++ b/scripts/changelogger.py
@@ -1,10 +1,9 @@
-import re
import requests
-import json
import subprocess
import time
import argparse
import base64
+import logging
sep = "@@__CHGLOG__@@"
delim = "@@__CHGLOG_DELIMITER__@@"
@@ -28,8 +27,13 @@ class Commit:
def __init__(self, hash_: str, sub_cat_: str, token: str = None):
self.hash_ = hash_.strip()
cat_sub_split = sub_cat_.split(":", 1)
- self.subject_ = cat_sub_split[1].strip()
- self.categories_ = cat_sub_split[0].split("/")
+ try:
+ self.subject_ = ":".join(cat_sub_split[1:]).strip()
+ self.categories_ = cat_sub_split[0].split("/")
+ except IndexError:
+ logging.warn("Non semantic commit")
+ self.subject_ = cat_sub_split[0]
+ self.categories_ = ["none"]
self.token = token
self.pr_ = self.get_pr_link()
diff --git a/tests/integration/deployments/stresstest.yaml b/tests/integration/deployments/stresstest.yaml
index 52350187c..9680cdb4c 100644
--- a/tests/integration/deployments/stresstest.yaml
+++ b/tests/integration/deployments/stresstest.yaml
@@ -32,7 +32,7 @@ spec:
- name: container2
image: redis
- name: container3
- image: node
+ image: mongo
- name: container4
image: nginx
- name: container5
@@ -56,7 +56,7 @@ spec:
- name: container2
image: redis
- name: container3
- image: node
+ image: mongo
- name: container4
image: nginx
- name: container5
@@ -87,7 +87,7 @@ spec:
- name: container2
image: redis
- name: container3
- image: node
+ image: mongo
- name: container4
image: nginx
initContainers:
@@ -112,7 +112,7 @@ spec:
- name: container2
image: redis
- name: container3
- image: node
+ image: mongo
initContainers:
- name: init1
image: busybox
@@ -120,4 +120,4 @@ spec:
- name: init2
image: redis
- name: init3
- image: node
+ image: mongo
diff --git a/tests/validators/cosign/test_cosign_validator.py b/tests/validators/cosign/test_cosign_validator.py
index 2a2fc8977..4d6cbe0ae 100644
--- a/tests/validators/cosign/test_cosign_validator.py
+++ b/tests/validators/cosign/test_cosign_validator.py
@@ -84,7 +84,7 @@ def mock_add_kill_fake_process(monkeypatch):
def mock_kill(self):
return
- pytest_subprocess.core.FakePopen.kill = mock_kill
+ pytest_subprocess.fake_popen.FakePopen.kill = mock_kill
@pytest.mark.parametrize("index", [0, 1, 2])
@@ -313,7 +313,7 @@ def callback_function(input):
stdin_callable=callback_function,
)
- mock_kill = mocker.patch("pytest_subprocess.core.FakePopen.kill")
+ mock_kill = mocker.patch("pytest_subprocess.fake_popen.FakePopen.kill")
with pytest.raises(exc.CosignTimeout) as err: