Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package marvin for openSUSE:Factory checked
in at 2025-02-22 19:04:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/marvin (Old)
and /work/SRC/openSUSE:Factory/.marvin.new.1873 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "marvin"
Sat Feb 22 19:04:36 2025 rev:5 rq:1247742 version:0.2.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/marvin/marvin.changes 2025-02-20
16:46:28.145327347 +0100
+++ /work/SRC/openSUSE:Factory/.marvin.new.1873/marvin.changes 2025-02-22
19:04:48.674437818 +0100
@@ -1,0 +2,12 @@
+Fri Feb 21 19:34:57 UTC 2025 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.2.10:
+ * fix cost limit option
+
+-------------------------------------------------------------------
+Fri Feb 21 19:33:48 UTC 2025 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.2.9:
+ * feat: add --cost-limit flag (#86)
+
+-------------------------------------------------------------------
Old:
----
marvin-0.2.8.obscpio
New:
----
marvin-0.2.10.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ marvin.spec ++++++
--- /var/tmp/diff_new_pack.KQJPLO/_old 2025-02-22 19:04:49.542473968 +0100
+++ /var/tmp/diff_new_pack.KQJPLO/_new 2025-02-22 19:04:49.542473968 +0100
@@ -17,7 +17,7 @@
Name: marvin
-Version: 0.2.8
+Version: 0.2.10
Release: 0
Summary: Scans a k8s cluster for misconfigurations and vulnerabilities
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.KQJPLO/_old 2025-02-22 19:04:49.578475467 +0100
+++ /var/tmp/diff_new_pack.KQJPLO/_new 2025-02-22 19:04:49.582475633 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/undistro/marvin</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.2.8</param>
+ <param name="revision">v0.2.10</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.KQJPLO/_old 2025-02-22 19:04:49.598476300 +0100
+++ /var/tmp/diff_new_pack.KQJPLO/_new 2025-02-22 19:04:49.602476466 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/undistro/marvin</param>
- <param
name="changesrevision">760c0c882c782098155c882d836068cedfdbecef</param></service></servicedata>
+ <param
name="changesrevision">deea8b79ea82c4290504516b06bcf360c00c758a</param></service></servicedata>
(No newline at EOF)
++++++ marvin-0.2.8.obscpio -> marvin-0.2.10.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/marvin-0.2.8/pkg/cmd/scan.go
new/marvin-0.2.10/pkg/cmd/scan.go
--- old/marvin-0.2.8/pkg/cmd/scan.go 2025-02-19 20:51:17.000000000 +0100
+++ new/marvin-0.2.10/pkg/cmd/scan.go 2025-02-21 19:07:03.000000000 +0100
@@ -50,6 +50,7 @@
SkipAnnotation *string
DisableAnnotationSkip *bool
DisableZoraBanner *bool
+ CostLimit *uint64
ctx context.Context
log logr.Logger
@@ -73,6 +74,7 @@
DisableAnnotationSkip: pointer.Bool(false),
DisableZoraBanner: pointer.Bool(false),
SkipAnnotation:
pointer.String("marvin.undistro.io/skip"),
+ CostLimit: pointer.Uint64(1000000),
}
}
@@ -100,6 +102,9 @@
if o.DisableZoraBanner != nil {
flags.BoolVar(o.DisableZoraBanner, "disable-zora-banner",
*o.DisableZoraBanner, "Disable Zora banner on output")
}
+ if o.CostLimit != nil {
+ flags.Uint64Var(o.CostLimit, "cost-limit", *o.CostLimit, "CEL
cost limit. Set 0 to disable it.")
+ }
}
// Init initializes the kubernetes clients, get server version and API
resources
@@ -213,7 +218,7 @@
log := o.log.WithValues("check", check.ID)
cr := types.NewCheckResult(check)
defer cr.UpdateStatus()
- v, err := validator.Compile(check, o.apiResources, o.kubeVersion)
+ v, err := validator.Compile(check, o.apiResources, o.kubeVersion,
*o.CostLimit)
if err != nil {
log.Error(err, "failed to compile check "+check.ID)
cr.AddError(fmt.Errorf("%s compile error: %s", check.Path,
err.Error()))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/marvin-0.2.8/pkg/validator/compiler.go
new/marvin-0.2.10/pkg/validator/compiler.go
--- old/marvin-0.2.8/pkg/validator/compiler.go 2025-02-19 20:51:17.000000000
+0100
+++ new/marvin-0.2.10/pkg/validator/compiler.go 2025-02-21 19:07:03.000000000
+0100
@@ -49,7 +49,6 @@
var programOptions = []cel.ProgramOption{
cel.EvalOptions(cel.OptOptimize),
- cel.CostLimit(1000000),
cel.InterruptCheckFrequency(100),
}
@@ -60,7 +59,7 @@
}
// Compile compiles variables and expressions of the given check and returns a
Validator
-func Compile(check types.Check, apiResources []*metav1.APIResourceList,
kubeVersion *version.Info) (Validator, error) {
+func Compile(check types.Check, apiResources []*metav1.APIResourceList,
kubeVersion *version.Info, costLimit uint64) (Validator, error) {
if len(check.Validations) == 0 {
return nil, errors.New("invalid check: a check must have at
least 1 validation")
}
@@ -69,12 +68,12 @@
return nil, fmt.Errorf("environment construction error %s",
err.Error())
}
- variables, err := compileVariables(env, check.Variables)
+ variables, err := compileVariables(env, check.Variables, costLimit)
if err != nil {
return nil, err
}
- prgs, err := compileValidations(env, check.Validations)
+ prgs, err := compileValidations(env, check.Validations, costLimit)
if err != nil {
return nil, err
}
@@ -100,10 +99,10 @@
return cel.NewEnv(opts...)
}
-func compileVariables(env *cel.Env, vars []types.Variable)
([]compiledVariable, error) {
+func compileVariables(env *cel.Env, vars []types.Variable, costLimit uint64)
([]compiledVariable, error) {
variables := make([]compiledVariable, 0, len(vars))
for _, v := range vars {
- prg, err := compileExpression(env, v.Expression, cel.AnyType)
+ prg, err := compileExpression(env, v.Expression, costLimit,
cel.AnyType)
if err != nil {
return nil, fmt.Errorf("variables[%q].expression: %s",
v.Name, err)
}
@@ -112,10 +111,10 @@
return variables, nil
}
-func compileValidations(env *cel.Env, vals []types.Validation) ([]cel.Program,
error) {
+func compileValidations(env *cel.Env, vals []types.Validation, costLimit
uint64) ([]cel.Program, error) {
prgs := make([]cel.Program, 0, len(vals))
for i, v := range vals {
- prg, err := compileExpression(env, v.Expression, cel.BoolType)
+ prg, err := compileExpression(env, v.Expression, costLimit,
cel.BoolType)
if err != nil {
return nil, fmt.Errorf("validations[%d].expression:
%s", i, err)
}
@@ -124,7 +123,7 @@
return prgs, nil
}
-func compileExpression(env *cel.Env, exp string, allowedTypes ...*cel.Type)
(cel.Program, error) {
+func compileExpression(env *cel.Env, exp string, costLimit uint64,
allowedTypes ...*cel.Type) (cel.Program, error) {
ast, issues := env.Compile(exp)
if issues != nil && issues.Err() != nil {
return nil, fmt.Errorf("type-check error: %s", issues.Err())
@@ -142,7 +141,11 @@
}
return nil, fmt.Errorf("must evaluate to one of %v",
allowedTypes)
}
- prg, err := env.Program(ast, programOptions...)
+ opts := programOptions
+ if costLimit > 0 {
+ opts = append(opts, cel.CostLimit(costLimit))
+ }
+ prg, err := env.Program(ast, opts...)
if err != nil {
return nil, fmt.Errorf("program construction error: %s", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/marvin-0.2.8/pkg/validator/compiler_test.go
new/marvin-0.2.10/pkg/validator/compiler_test.go
--- old/marvin-0.2.8/pkg/validator/compiler_test.go 2025-02-19
20:51:17.000000000 +0100
+++ new/marvin-0.2.10/pkg/validator/compiler_test.go 2025-02-21
19:07:03.000000000 +0100
@@ -104,7 +104,7 @@
}
for _, tt := range tests {
t.Run(tt.check.ID, func(t *testing.T) {
- _, err := Compile(tt.check, apiResources, kubeVersion)
+ _, err := Compile(tt.check, apiResources, kubeVersion,
1000000)
if !tt.wantErr(t, err, fmt.Sprintf("Compile(%v, %v,
%v)", tt.check, apiResources, kubeVersion)) {
return
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/marvin-0.2.8/test/builtins_test.go
new/marvin-0.2.10/test/builtins_test.go
--- old/marvin-0.2.8/test/builtins_test.go 2025-02-19 20:51:17.000000000
+0100
+++ new/marvin-0.2.10/test/builtins_test.go 2025-02-21 19:07:03.000000000
+0100
@@ -36,7 +36,7 @@
assert.True(t, ok)
assert.NotNil(t, check)
assert.NotEmpty(t, check.ID)
- v, err := validator.Compile(check, nil, nil)
+ v, err := validator.Compile(check, nil, nil, 1000000)
assert.NoError(t, err)
assert.NotNil(t, v)
for _, tt := range checkTests {
++++++ marvin.obsinfo ++++++
--- /var/tmp/diff_new_pack.KQJPLO/_old 2025-02-22 19:04:49.734481964 +0100
+++ /var/tmp/diff_new_pack.KQJPLO/_new 2025-02-22 19:04:49.738482130 +0100
@@ -1,5 +1,5 @@
name: marvin
-version: 0.2.8
-mtime: 1739994677
-commit: 760c0c882c782098155c882d836068cedfdbecef
+version: 0.2.10
+mtime: 1740161223
+commit: deea8b79ea82c4290504516b06bcf360c00c758a
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/marvin/vendor.tar.gz
/work/SRC/openSUSE:Factory/.marvin.new.1873/vendor.tar.gz differ: char 5, line 1
