Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package polaris for openSUSE:Factory checked 
in at 2023-06-23 21:53:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/polaris (Old)
 and      /work/SRC/openSUSE:Factory/.polaris.new.15902 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "polaris"

Fri Jun 23 21:53:09 2023 rev:19 rq:1094827 version:8.2.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/polaris/polaris.changes  2023-06-22 
23:26:44.794051334 +0200
+++ /work/SRC/openSUSE:Factory/.polaris.new.15902/polaris.changes       
2023-06-23 21:53:17.242849690 +0200
@@ -1,0 +2,6 @@
+Fri Jun 23 07:12:40 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 8.2.4:
+  * Fix nil pointer issue with webhook (#966)
+
+-------------------------------------------------------------------

Old:
----
  polaris-8.2.3.obscpio

New:
----
  polaris-8.2.4.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ polaris.spec ++++++
--- /var/tmp/diff_new_pack.Re6Fx3/_old  2023-06-23 21:53:18.162854962 +0200
+++ /var/tmp/diff_new_pack.Re6Fx3/_new  2023-06-23 21:53:18.166854985 +0200
@@ -19,7 +19,7 @@
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 
 Name:           polaris
-Version:        8.2.3
+Version:        8.2.4
 Release:        0
 Summary:        Validation of best practices in your Kubernetes clusters
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.Re6Fx3/_old  2023-06-23 21:53:18.198855168 +0200
+++ /var/tmp/diff_new_pack.Re6Fx3/_new  2023-06-23 21:53:18.202855191 +0200
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/FairwindsOps/polaris</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">8.2.3</param>
+    <param name="revision">8.2.4</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
   </service>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.Re6Fx3/_old  2023-06-23 21:53:18.218855283 +0200
+++ /var/tmp/diff_new_pack.Re6Fx3/_new  2023-06-23 21:53:18.222855306 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param 
name="url">https://github.com/FairwindsOps/polaris</param>
-              <param 
name="changesrevision">4b1d6635e06a52fbaf5d8e4746d94ec6b9313493</param></service></servicedata>
+              <param 
name="changesrevision">4ca4c8f0f536fd5055a9cfa65144bc306ddcbde2</param></service></servicedata>
 (No newline at EOF)
 

++++++ polaris-8.2.3.obscpio -> polaris-8.2.4.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/polaris-8.2.3/.circleci/config.yml 
new/polaris-8.2.4/.circleci/config.yml
--- old/polaris-8.2.3/.circleci/config.yml      2023-06-21 18:25:44.000000000 
+0200
+++ new/polaris-8.2.4/.circleci/config.yml      2023-06-22 19:22:19.000000000 
+0200
@@ -114,6 +114,7 @@
     executor: vm
     steps:
       - checkout
+      - *set_environment_variables
       - *install_k8s
       - *test_k8s
 
@@ -161,8 +162,6 @@
               only: /.*/
       - build_and_push:
           context: org-global
-          requires:
-            - test
           filters:
             branches:
               ignore: /pull\/[0-9]+/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/polaris-8.2.3/cmd/polaris/webhook.go 
new/polaris-8.2.4/cmd/polaris/webhook.go
--- old/polaris-8.2.3/cmd/polaris/webhook.go    2023-06-21 18:25:44.000000000 
+0200
+++ new/polaris-8.2.4/cmd/polaris/webhook.go    2023-06-22 19:22:19.000000000 
+0200
@@ -53,7 +53,8 @@
                        CertDir: certDir,
                        Port:    webhookPort,
                        WebhookServer: webhook.NewServer(webhook.Options{
-                               CertDir: certDir,
+                               CertDir:  certDir,
+                               Port:     webhookPort,
                                CertName: "tls.crt",
                                KeyName:  "tls.key",
                        }),
@@ -74,10 +75,10 @@
                }
 
                if enableValidations {
-                       fwebhook.NewValidateWebhook(mgr, 
fwebhook.Validator{Config: config, Client: mgr.GetClient()})
+                       fwebhook.NewValidateWebhook(mgr, config)
                }
                if enableMutations {
-                       fwebhook.NewMutateWebhook(mgr, fwebhook.Mutator{Config: 
config, Client: mgr.GetClient()})
+                       fwebhook.NewMutateWebhook(mgr, config)
                }
                logrus.Infof("Polaris webhook server listening on port %d", 
webhookPort)
                if err := mgr.Start(signals.SetupSignalHandler()); err != nil {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/polaris-8.2.3/pkg/kube/resources_test.go 
new/polaris-8.2.4/pkg/kube/resources_test.go
--- old/polaris-8.2.3/pkg/kube/resources_test.go        2023-06-21 
18:25:44.000000000 +0200
+++ new/polaris-8.2.4/pkg/kube/resources_test.go        2023-06-22 
19:22:19.000000000 +0200
@@ -16,8 +16,8 @@
 
 import (
        "bytes"
-       "fmt"
        "context"
+       "fmt"
        "os"
        "testing"
        "time"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/polaris-8.2.3/pkg/webhook/mutate.go 
new/polaris-8.2.4/pkg/webhook/mutate.go
--- old/polaris-8.2.3/pkg/webhook/mutate.go     2023-06-21 18:25:44.000000000 
+0200
+++ new/polaris-8.2.4/pkg/webhook/mutate.go     2023-06-22 19:22:19.000000000 
+0200
@@ -21,6 +21,7 @@
        "github.com/fairwindsops/polaris/pkg/mutation"
        "github.com/sirupsen/logrus"
        "gomodules.xyz/jsonpatch/v2"
+       "k8s.io/apimachinery/pkg/runtime"
        "sigs.k8s.io/controller-runtime/pkg/client"
        "sigs.k8s.io/controller-runtime/pkg/manager"
        "sigs.k8s.io/controller-runtime/pkg/webhook"
@@ -35,41 +36,66 @@
        decoder *admission.Decoder
 }
 
-var _ admission.Handler = &Mutator{}
-
 // NewMutateWebhook creates a mutating admission webhook for the apiType.
-func NewMutateWebhook(mgr manager.Manager, mutator Mutator) {
+func NewMutateWebhook(mgr manager.Manager, c config.Configuration) {
        path := "/mutate"
 
+       mutator := Mutator{
+               Client:  mgr.GetClient(),
+               decoder: admission.NewDecoder(runtime.NewScheme()),
+               Config:  c,
+       }
        mgr.GetWebhookServer().Register(path, &webhook.Admission{Handler: 
&mutator})
 }
 
 func (m *Mutator) mutate(req admission.Request) ([]jsonpatch.Operation, error) 
{
        results, kubeResources, err := 
GetValidatedResults(req.AdmissionRequest.Kind.Kind, m.decoder, req, m.Config)
        if err != nil {
+               logrus.Errorf("Error while validating resource: %v", err)
                return nil, err
        }
+       if results == nil {
+               logrus.Infof("Not mutating owned pod")
+               return nil, nil
+       }
        patches := mutation.GetMutationsFromResult(results)
        originalYaml, err := yaml.JSONToYAML(kubeResources.OriginalObjectJSON)
        if err != nil {
+               logrus.Errorf("Failed to convert JSON to YAML: %v", err)
                return nil, err
        }
        mutatedYamlStr, err := mutation.ApplyAllMutations(string(originalYaml), 
patches)
        if err != nil {
+               logrus.Errorf("Failed to apply mutations: %v", err)
+               return nil, err
+       }
+
+       mutatedJson, err := yaml.YAMLToJSON([]byte(mutatedYamlStr))
+       if err != nil {
+               logrus.Errorf("Failed to convert YAML to JSON: %v", err)
+               return nil, err
+       }
+
+       ops, err := jsonpatch.CreatePatch(kubeResources.OriginalObjectJSON, 
mutatedJson)
+       if err != nil {
+               logrus.Errorf("Failed to create patch from mutation: %v", err)
                return nil, err
        }
-       return jsonpatch.CreatePatch(originalYaml, []byte(mutatedYamlStr))
+       return ops, nil
 }
 
 // Handle for Validator to run validation checks.
 func (m *Mutator) Handle(ctx context.Context, req admission.Request) 
admission.Response {
-       logrus.Info("Starting request")
+       logrus.Info("Starting mutation request")
        patches, err := m.mutate(req)
        if err != nil {
+               logrus.Errorf("Error while getting mutations: %v", err)
                return admission.Errored(403, err)
        }
        if patches == nil {
+               logrus.Infof("No patches generated")
                return admission.Allowed("Allowed")
        }
+       logrus.Infof("Generated %d patches", len(patches))
        return admission.Patched("", patches...)
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/polaris-8.2.3/pkg/webhook/webhook.go 
new/polaris-8.2.4/pkg/webhook/webhook.go
--- old/polaris-8.2.3/pkg/webhook/webhook.go    2023-06-21 18:25:44.000000000 
+0200
+++ new/polaris-8.2.4/pkg/webhook/webhook.go    2023-06-22 19:22:19.000000000 
+0200
@@ -25,6 +25,7 @@
 
        "github.com/sirupsen/logrus"
        corev1 "k8s.io/api/core/v1"
+       "k8s.io/apimachinery/pkg/runtime"
        "sigs.k8s.io/controller-runtime/pkg/client"
        "sigs.k8s.io/controller-runtime/pkg/manager"
        "sigs.k8s.io/controller-runtime/pkg/webhook"
@@ -38,19 +39,14 @@
        Config  config.Configuration
 }
 
-// InjectDecoder injects the decoder.
-func (v *Validator) InjectDecoder(d *admission.Decoder) error {
-       logrus.Info("Injecting decoder")
-       v.decoder = d
-       return nil
-}
-
-var _ admission.Handler = &Validator{}
-
 // NewValidateWebhook creates a validating admission webhook for the apiType.
-func NewValidateWebhook(mgr manager.Manager, validator Validator) {
+func NewValidateWebhook(mgr manager.Manager, c config.Configuration) {
        path := "/validate"
-
+       validator := Validator{
+               Client:  mgr.GetClient(),
+               decoder: admission.NewDecoder(runtime.NewScheme()),
+               Config:  c,
+       }
        mgr.GetWebhookServer().Register(path, &webhook.Admission{Handler: 
&validator})
 }
 
@@ -60,35 +56,40 @@
 
 // GetValidatedResults returns the validated results.
 func GetValidatedResults(kind string, decoder *admission.Decoder, req 
admission.Request, config config.Configuration) (*validator.Result, 
kube.GenericResource, error) {
-       var controller kube.GenericResource
+       var resource kube.GenericResource
        var err error
        if kind == "Pod" {
+               if decoder == nil {
+                       panic("Decoder is nil!")
+               }
                pod := corev1.Pod{}
                err := decoder.Decode(req, &pod)
                if err != nil {
-                       return nil, controller, err
+                       logrus.Errorf("Failed to decode pod: %v", err)
+                       return nil, resource, err
                }
                if len(pod.ObjectMeta.OwnerReferences) > 0 {
                        logrus.Infof("Allowing owned pod %s/%s to pass through 
webhook", pod.ObjectMeta.Namespace, pod.ObjectMeta.Name)
-                       return nil, controller, nil
+                       return nil, resource, nil
                }
-               controller, err = kube.NewGenericResourceFromPod(pod, pod)
+               resource, err = kube.NewGenericResourceFromPod(pod, pod)
        } else {
-               controller, err = 
kube.NewGenericResourceFromBytes(req.Object.Raw)
+               resource, err = kube.NewGenericResourceFromBytes(req.Object.Raw)
        }
        if err != nil {
-               return nil, controller, err
+               logrus.Errorf("Failed to create resource: %v", err)
+               return nil, resource, err
        }
-       controllerResult, err := validator.ApplyAllSchemaChecks(&config, nil, 
controller)
+       resourceResult, err := validator.ApplyAllSchemaChecks(&config, nil, 
resource)
        if err != nil {
-               return nil, controller, err
+               return nil, resource, err
        }
-       return &controllerResult, controller, nil
+       return &resourceResult, resource, nil
 }
 
 // Handle for Validator to run validation checks.
 func (v *Validator) Handle(ctx context.Context, req admission.Request) 
admission.Response {
-       logrus.Info("Starting request")
+       logrus.Info("Starting admission request")
        result, _, err := v.handleInternal(req)
        if err != nil {
                logrus.Errorf("Error validating request: %v", err)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/polaris-8.2.3/test/webhook_cases/failing_test.pod.yaml 
new/polaris-8.2.4/test/webhook_cases/failing_test.pod.yaml
--- old/polaris-8.2.3/test/webhook_cases/failing_test.pod.yaml  1970-01-01 
01:00:00.000000000 +0100
+++ new/polaris-8.2.4/test/webhook_cases/failing_test.pod.yaml  2023-06-22 
19:22:19.000000000 +0200
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-2
+spec:
+  containers:
+  - name: nginx
+    image: nginx:latest
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/polaris-8.2.3/test/webhook_cases/passing_test.deployment.yaml 
new/polaris-8.2.4/test/webhook_cases/passing_test.deployment.yaml
--- old/polaris-8.2.3/test/webhook_cases/passing_test.deployment.yaml   
2023-06-21 18:25:44.000000000 +0200
+++ new/polaris-8.2.4/test/webhook_cases/passing_test.deployment.yaml   
2023-06-22 19:22:19.000000000 +0200
@@ -17,6 +17,7 @@
       containers:
       - name: nginx
         image: nginx:1.7.9
+        imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80
         securityContext:
@@ -26,4 +27,4 @@
           runAsNonRoot: true
           capabilities:
             drop:
-              - ALL
\ No newline at end of file
+              - ALL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/polaris-8.2.3/test/webhook_cases/passing_test.pod.yaml 
new/polaris-8.2.4/test/webhook_cases/passing_test.pod.yaml
--- old/polaris-8.2.3/test/webhook_cases/passing_test.pod.yaml  1970-01-01 
01:00:00.000000000 +0100
+++ new/polaris-8.2.4/test/webhook_cases/passing_test.pod.yaml  2023-06-22 
19:22:19.000000000 +0200
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-2
+spec:
+  containers:
+  - name: nginx
+    image: nginx:1.7.9
+    securityContext:
+      allowPrivilegeEscalation: false
+      privileged: false
+      readOnlyRootFilesystem: true
+      runAsNonRoot: true
+      capabilities:
+        drop:
+          - ALL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/polaris-8.2.3/test/webhook_cases/pod.yaml 
new/polaris-8.2.4/test/webhook_cases/pod.yaml
--- old/polaris-8.2.3/test/webhook_cases/pod.yaml       2023-06-21 
18:25:44.000000000 +0200
+++ new/polaris-8.2.4/test/webhook_cases/pod.yaml       1970-01-01 
01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: nginx-2
-spec:
-  containers:
-  - name: nginx
-    image: nginx:latest
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/polaris-8.2.3/test/webhook_test.sh 
new/polaris-8.2.4/test/webhook_test.sh
--- old/polaris-8.2.3/test/webhook_test.sh      2023-06-21 18:25:44.000000000 
+0200
+++ new/polaris-8.2.4/test/webhook_test.sh      2023-06-22 19:22:19.000000000 
+0200
@@ -60,7 +60,7 @@
     echo "Uninstalling webhook and webhook config"
     kubectl delete validatingwebhookconfigurations polaris-webhook 
--wait=false || true
     kubectl delete validatingwebhookconfigurations polaris-validate-webhook 
--wait=false || true
-    kubectl delete validatingwebhookconfigurations polaris-mutate-webhook 
--wait=false || true
+    kubectl delete mutatingwebhookconfigurations polaris-mutate-webhook 
--wait=false || true
     kubectl -n polaris delete deploy -l app=polaris --wait=false || true
     echo -e "\n\nDone cleaning up\n\n"
 }
@@ -82,11 +82,12 @@
 echo "Installing a bad deployment"
 kubectl apply -n scale-test -f 
./test/webhook_cases/failing_test.deployment.yaml
 
-echo "Installing the webhook"
+echo "Installing the webhook at version $CI_SHA1"
 helm repo add fairwinds-stable https://charts.fairwinds.com/stable
 helm install polaris fairwinds-stable/polaris --namespace polaris 
--create-namespace \
   --set dashboard.enable=false \
   --set webhook.enable=true \
+  --set webhook.mutate=true \
   --set image.tag=$CI_SHA1
 
 echo "Waiting for the webhook to come online"
@@ -105,6 +106,7 @@
     if ! kubectl apply -n tests -f $filename; then
         ALL_TESTS_PASSED=0
         echo -e "${RED}****Test Failed: Polaris prevented a resource with no 
configuration issues****${NC}"
+        kubectl logs -n polaris deploy/polaris-webhook
     else
         echo -e "${GREEN}****Test Passed: Polaris correctly allowed this 
resource****${NC}"
     fi
@@ -118,7 +120,7 @@
     if kubectl apply -n tests -f $filename; then
         ALL_TESTS_PASSED=0
         echo -e "${RED}****Test Failed: Polaris should have prevented this 
resource due to configuration issues.****${NC}"
-        kubectl logs -n polaris $(kubectl get po -oname -n polaris | grep 
webhook)
+        kubectl logs -n polaris deploy/polaris-webhook
     else
       echo -e "${GREEN}****Test Passed: Polaris correctly prevented this 
resource****${NC}"
     fi

++++++ polaris.obsinfo ++++++
--- /var/tmp/diff_new_pack.Re6Fx3/_old  2023-06-23 21:53:18.518857002 +0200
+++ /var/tmp/diff_new_pack.Re6Fx3/_new  2023-06-23 21:53:18.522857025 +0200
@@ -1,5 +1,5 @@
 name: polaris
-version: 8.2.3
-mtime: 1687364744
-commit: 4b1d6635e06a52fbaf5d8e4746d94ec6b9313493
+version: 8.2.4
+mtime: 1687454539
+commit: 4ca4c8f0f536fd5055a9cfa65144bc306ddcbde2
 

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/polaris/vendor.tar.gz 
/work/SRC/openSUSE:Factory/.polaris.new.15902/vendor.tar.gz differ: char 5, 
line 1

Reply via email to