Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package polaris for openSUSE:Factory checked in at 2024-10-23 21:11:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/polaris (Old) and /work/SRC/openSUSE:Factory/.polaris.new.26871 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polaris" Wed Oct 23 21:11:27 2024 rev:34 rq:1217273 version:9.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/polaris/polaris.changes 2024-09-29 18:10:58.170452748 +0200 +++ /work/SRC/openSUSE:Factory/.polaris.new.26871/polaris.changes 2024-10-23 21:12:33.840414944 +0200 @@ -1,0 +2,9 @@ +Wed Oct 23 09:06:43 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- add subpackages for shell completions +- Update to version 9.5.0: + * Add --merge-config flag to support merging with default + configuration (#1075) + * Fix: rolebindingRolePodExecAttach check (#1070) + +------------------------------------------------------------------- Old: ---- polaris-9.4.1.obscpio New: ---- polaris-9.5.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polaris.spec ++++++ --- /var/tmp/diff_new_pack.SNhLLq/_old 2024-10-23 21:12:35.228472891 +0200 +++ /var/tmp/diff_new_pack.SNhLLq/_new 2024-10-23 21:12:35.232473058 +0200 @@ -16,27 +16,63 @@ # -%define __arch_install_post export NO_BRP_STRIP_DEBUG=true - Name: polaris -Version: 9.4.1 +Version: 9.5.0 Release: 0 Summary: Validation of best practices in your Kubernetes clusters License: Apache-2.0 URL: https://github.com/FairwindsOps/polaris Source: polaris-%{version}.tar.gz Source1: vendor.tar.gz +BuildRequires: bash-completion +BuildRequires: fish BuildRequires: go >= 1.17 +BuildRequires: zsh %description Best Practices for Kubernetes Workload Configuration -Fairwinds' Polaris keeps your clusters sailing smoothly. It runs a variety of checks to ensure that Kubernetes pods and controllers are configured using best practices, helping you avoid problems in the future. +Fairwinds' Polaris keeps your clusters sailing smoothly. It runs a variety of +checks to ensure that Kubernetes pods and controllers are configured using best +practices, helping you avoid problems in the future. Polaris can be run in three different modes: * As a dashboard, so you can audit what's running inside your cluster. -* As an admission controller, so you can automatically reject workloads that don't adhere to your organization's policies. -* As a command-line tool, so you can test local YAML files, e.g. as part of a CI/CD process. +* As an admission controller, so you can automatically reject workloads that + don't adhere to your organization's policies. +* As a command-line tool, so you can test local YAML files, e.g. as part of a + CI/CD process. + +%package -n %{name}-bash-completion +Summary: Bash Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Requires: bash-completion +Supplements: (%{name} and bash-completion) +BuildArch: noarch + +%description -n %{name}-bash-completion +Bash command line completion support for %{name}. + +%package -n %{name}-fish-completion +Summary: Fish Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Supplements: (%{name} and fish) +BuildArch: noarch + +%description -n %{name}-fish-completion +Fish command line completion support for %{name}. + +%package -n %{name}-zsh-completion +Summary: Zsh Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Supplements: (%{name} and zsh) +BuildArch: noarch + +%description -n %{name}-zsh-completion +zsh command line completion support for %{name}. %prep %autosetup -p 1 -a 1 @@ -44,14 +80,40 @@ %build go build \ -mod=vendor \ + -buildmode=pie \ -ldflags="-X main.Version=%{version}" %install # Install the binary. -install -D -m 0755 %{name} "%{buildroot}/%{_bindir}/%{name}" +install -D -m 0755 %{name} %{buildroot}/%{_bindir}/%{name} + +# create the bash completion file +mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions/ +%{buildroot}/%{_bindir}/%{name} completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{name} + +# create the fish completion file +mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/ +%{buildroot}/%{_bindir}/%{name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{name}.fish + +# create the zsh completion file +mkdir -p %{buildroot}%{_datarootdir}/zsh/site-functions/ +%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh/site-functions/_%{name} %files %doc README.md %license LICENSE %{_bindir}/%{name} +%files -n %{name}-bash-completion +%dir %{_datarootdir}/bash-completion/completions/ +%{_datarootdir}/bash-completion/completions/%{name} + +%files -n %{name}-fish-completion +%dir %{_datarootdir}/fish +%dir %{_datarootdir}/fish/vendor_completions.d +%{_datarootdir}/fish/vendor_completions.d/%{name}.fish + +%files -n %{name}-zsh-completion +%dir %{_datarootdir}/zsh/site-functions/ +%{_datarootdir}/zsh/site-functions/_%{name} + ++++++ _service ++++++ --- /var/tmp/diff_new_pack.SNhLLq/_old 2024-10-23 21:12:35.260474227 +0200 +++ /var/tmp/diff_new_pack.SNhLLq/_new 2024-10-23 21:12:35.264474394 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/FairwindsOps/polaris</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">9.4.1</param> + <param name="revision">9.5.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.SNhLLq/_old 2024-10-23 21:12:35.284475229 +0200 +++ /var/tmp/diff_new_pack.SNhLLq/_new 2024-10-23 21:12:35.288475396 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/FairwindsOps/polaris</param> - <param name="changesrevision">be349a885dbbdfc07b0696d942ecf1de6136fd0f</param></service></servicedata> + <param name="changesrevision">073847559ad21f55e4c151b54651799db8ac0913</param></service></servicedata> (No newline at EOF) ++++++ polaris-9.4.1.obscpio -> polaris-9.5.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.4.1/cmd/polaris/root.go new/polaris-9.5.0/cmd/polaris/root.go --- old/polaris-9.4.1/cmd/polaris/root.go 2024-09-25 17:17:50.000000000 +0200 +++ new/polaris-9.5.0/cmd/polaris/root.go 2024-10-22 20:31:18.000000000 +0200 @@ -24,6 +24,7 @@ ) var ( + mergeConfig bool configPath string disallowExemptions bool disallowConfigExemptions bool @@ -42,6 +43,7 @@ func init() { // Flags + rootCmd.PersistentFlags().BoolVarP(&mergeConfig, "merge-config", "m", false, "If true, custom configuration will be merged with default configuration instead of replacing it.") rootCmd.PersistentFlags().StringVarP(&configPath, "config", "c", "", "Location of Polaris configuration file.") rootCmd.PersistentFlags().StringVarP(&kubeContext, "context", "x", "", "Set the kube context.") rootCmd.PersistentFlags().BoolVarP(&disallowExemptions, "disallow-exemptions", "", false, "Disallow any configured exemption.") @@ -65,7 +67,7 @@ logrus.SetLevel(parsedLevel) } - config, err = conf.ParseFile(configPath) + config, err = conf.MergeConfigAndParseFile(configPath, mergeConfig) if err != nil { logrus.Errorf("Error parsing config at %s: %v", configPath, err) os.Exit(1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.4.1/pkg/config/checks/rolebindingRolePodExecAttach.yaml new/polaris-9.5.0/pkg/config/checks/rolebindingRolePodExecAttach.yaml --- old/polaris-9.4.1/pkg/config/checks/rolebindingRolePodExecAttach.yaml 2024-09-25 17:17:50.000000000 +0200 +++ new/polaris-9.5.0/pkg/config/checks/rolebindingRolePodExecAttach.yaml 2024-10-22 20:31:18.000000000 +0200 @@ -17,7 +17,7 @@ const: "rbac.authorization.k8s.io" kind: type: string - const: "Role" + const: "ClusterRole" # Do not alert on default RoleBindings. - required: ["metadata"] properties: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.4.1/pkg/config/config.go new/polaris-9.5.0/pkg/config/config.go --- old/polaris-9.4.1/pkg/config/config.go 2024-09-25 17:17:50.000000000 +0200 +++ new/polaris-9.5.0/pkg/config/config.go 2024-10-22 20:31:18.000000000 +0200 @@ -52,27 +52,50 @@ //go:embed default.yaml var defaultConfig []byte -// ParseFile parses config from a file. -func ParseFile(path string) (Configuration, error) { - var rawBytes []byte +// MergeConfigAndParseFile parses config from a file. +func MergeConfigAndParseFile(customConfigPath string, mergeConfig bool) (Configuration, error) { + rawBytes, err := mergeConfigFile(customConfigPath, mergeConfig) + if err != nil { + return Configuration{}, err + } + + return Parse(rawBytes) +} + +func mergeConfigFile(customConfigPath string, mergeConfig bool) ([]byte, error) { + if customConfigPath == "" { + return defaultConfig, nil + } + + var customConfigContent []byte var err error - if path == "" { - rawBytes = defaultConfig - } else if strings.HasPrefix(path, "https://";) || strings.HasPrefix(path, "http://";) { + if strings.HasPrefix(customConfigPath, "https://";) || strings.HasPrefix(customConfigPath, "http://";) { // path is a url - response, err2 := http.Get(path) - if err2 != nil { - return Configuration{}, err2 + response, err := http.Get(customConfigPath) + if err != nil { + return nil, err + } + customConfigContent, err = io.ReadAll(response.Body) + if err != nil { + return nil, err } - rawBytes, err = io.ReadAll(response.Body) } else { // path is local - rawBytes, err = os.ReadFile(path) + customConfigContent, err = os.ReadFile(customConfigPath) + if err != nil { + return nil, err + } } - if err != nil { - return Configuration{}, err + + if mergeConfig { + mergedConfig, err := mergeYaml(defaultConfig, customConfigContent) + if err != nil { + return nil, err + } + return mergedConfig, nil } - return Parse(rawBytes) + + return customConfigContent, nil } // Parse parses config from a byte array. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.4.1/pkg/config/config_test.go new/polaris-9.5.0/pkg/config/config_test.go --- old/polaris-9.4.1/pkg/config/config_test.go 2024-09-25 17:17:50.000000000 +0200 +++ new/polaris-9.5.0/pkg/config/config_test.go 2024-10-22 20:31:18.000000000 +0200 @@ -125,7 +125,7 @@ }() time.Sleep(time.Second) - parsedConf, err = ParseFile("http://localhost:8081/exampleURL";) + parsedConf, err = MergeConfigAndParseFile("http://localhost:8081/exampleURL";, false) assert.NoError(t, err, "Expected no error when parsing YAML from URL") if err := srv.Shutdown(context.TODO()); err != nil { panic(err) @@ -136,7 +136,7 @@ func TestConfigNoServerError(t *testing.T) { var err error - _, err = ParseFile("http://localhost:8081/exampleURL";) + _, err = MergeConfigAndParseFile("http://localhost:8081/exampleURL";, false) assert.Error(t, err) assert.Regexp(t, regexp.MustCompile("connection refused"), err.Error()) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.4.1/pkg/config/merger.go new/polaris-9.5.0/pkg/config/merger.go --- old/polaris-9.4.1/pkg/config/merger.go 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.5.0/pkg/config/merger.go 2024-10-22 20:31:18.000000000 +0200 @@ -0,0 +1,45 @@ +package config + +import ( + "gopkg.in/yaml.v3" // do not change the yaml import +) + +func mergeYaml(defaultConfig, overridesConfig []byte) ([]byte, error) { + var defaultData, overrideConfig map[string]any + + err := yaml.Unmarshal([]byte(defaultConfig), &defaultData) + if err != nil { + return nil, err + } + + err = yaml.Unmarshal([]byte(overridesConfig), &overrideConfig) + if err != nil { + return nil, err + } + + mergedData := mergeYAMLMaps(defaultData, overrideConfig) + + mergedConfig, err := yaml.Marshal(mergedData) + if err != nil { + return nil, err + } + + return mergedConfig, nil +} + +func mergeYAMLMaps(defaults, overrides map[string]any) map[string]any { + for k, v := range overrides { + if vMap, ok := v.(map[string]any); ok { + // if the key exists in defaults and is a map, recursively merge + if mv1, ok := defaults[k].(map[string]any); ok { + defaults[k] = mergeYAMLMaps(mv1, vMap) + } else { + defaults[k] = vMap + } + } else { + // add or overwrite the value in defaults + defaults[k] = v + } + } + return defaults +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.4.1/pkg/config/merger_test.go new/polaris-9.5.0/pkg/config/merger_test.go --- old/polaris-9.4.1/pkg/config/merger_test.go 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.5.0/pkg/config/merger_test.go 2024-10-22 20:31:18.000000000 +0200 @@ -0,0 +1,50 @@ +package config + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +var defaults = ` +checks: + deploymentMissingReplicas: warning + priorityClassNotSet: warning + tagNotSpecified: danger +existing: + sub: + key: value +` + +var overrides = ` +checks: + pullPolicyNotAlways: ignore + tagNotSpecified: overrides +existing: + sub: + key1: value1 + new: value +new: + key: value +` + +func TestMergeYaml(t *testing.T) { + mergedContent, err := mergeYaml([]byte(defaults), []byte(overrides)) + assert.NoError(t, err) + + expectedYAML := `checks: + deploymentMissingReplicas: warning + priorityClassNotSet: warning + pullPolicyNotAlways: ignore + tagNotSpecified: overrides +existing: + new: value + sub: + key: value + key1: value1 +new: + key: value +` + + assert.Equal(t, expectedYAML, string(mergedContent)) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.4.1/test/checks/rolebindingRolePodExecAttach/success.role_binding_cluster_role_binding.yaml new/polaris-9.5.0/test/checks/rolebindingRolePodExecAttach/success.role_binding_cluster_role_binding.yaml --- old/polaris-9.4.1/test/checks/rolebindingRolePodExecAttach/success.role_binding_cluster_role_binding.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.5.0/test/checks/rolebindingRolePodExecAttach/success.role_binding_cluster_role_binding.yaml 2024-10-22 20:31:18.000000000 +0200 @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: all-operations +rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: all-operations + namespace: my-namespace +subjects: + - kind: User + name: example-user + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: all-operations + apiGroup: rbac.authorization.k8s.io ++++++ polaris.obsinfo ++++++ --- /var/tmp/diff_new_pack.SNhLLq/_old 2024-10-23 21:12:35.560486752 +0200 +++ /var/tmp/diff_new_pack.SNhLLq/_new 2024-10-23 21:12:35.560486752 +0200 @@ -1,5 +1,5 @@ name: polaris -version: 9.4.1 -mtime: 1727277470 -commit: be349a885dbbdfc07b0696d942ecf1de6136fd0f +version: 9.5.0 +mtime: 1729621878 +commit: 073847559ad21f55e4c151b54651799db8ac0913 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/polaris/vendor.tar.gz /work/SRC/openSUSE:Factory/.polaris.new.26871/vendor.tar.gz differ: char 5, line 1
