From 47177d6ae5b7f6557569887b2dcf7b15c89f9101 Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Fri, 15 Nov 2024 13:35:30 +0100 Subject: [PATCH] add calculated checksum to metadata annotations Signed-off-by: Matthias Bertschy --- go.mod | 71 +-- go.sum | 118 ++--- .../networkpolicy/v1/networkpolicy.go | 6 +- pkg/apis/softwarecomposition/types.go | 6 +- pkg/apiserver/apiserver.go | 6 +- .../file/applicationprofile_processor.go | 11 +- .../file/applicationprofile_processor_test.go | 21 +- .../configurationscansummarystorage_test.go | 24 +- .../file/dynamicpathdetector/analyze_opens.go | 4 + .../file/generatednetworkpolicy_test.go | 16 +- .../file/networkneighborhood_processor.go | 5 +- .../networkneighborhood_processor_test.go | 10 +- pkg/registry/file/processor.go | 9 +- pkg/registry/file/processor_test.go | 49 ++ pkg/registry/file/storage.go | 47 +- pkg/registry/file/storage_test.go | 100 +++- .../file/vulnerabilitysummarystorage_test.go | 52 ++- pkg/registry/file/watch_test.go | 41 +- pkg/utils/synchronizer.go | 41 ++ pkg/utils/synchronizer_test.go | 123 +++++ pkg/utils/testdata/networkPolicy.json | 83 ++++ pkg/utils/testdata/networkPolicyCleaned.json | 59 +++ pkg/utils/testdata/node.json | 435 ++++++++++++++++++ pkg/utils/testdata/nodeCleaned.json | 402 ++++++++++++++++ pkg/utils/testdata/pod.json | 165 +++++++ 25 files changed, 1708 insertions(+), 196 deletions(-) create mode 100644 pkg/registry/file/processor_test.go create mode 100644 pkg/utils/synchronizer.go create mode 100644 pkg/utils/synchronizer_test.go create mode 100644 pkg/utils/testdata/networkPolicy.json create mode 100644 pkg/utils/testdata/networkPolicyCleaned.json create mode 100644 pkg/utils/testdata/node.json create mode 100644 pkg/utils/testdata/nodeCleaned.json create mode 100644 pkg/utils/testdata/pod.json diff --git a/go.mod b/go.mod index 3d1e5cd93..387472586 100644 --- a/go.mod +++ b/go.mod @@ -2,20 +2,23 @@ module github.com/kubescape/storage -go 1.22.3 +go 1.22.5 + +toolchain go1.23.3 require ( + github.com/SergJa/jsonhash v0.0.0-20210531165746-fc45f346aa74 github.com/anchore/syft v1.3.0 github.com/armosec/utils-k8s-go v0.0.26 github.com/containers/common v0.60.4 github.com/deckarep/golang-set/v2 v2.6.0 github.com/didip/tollbooth/v7 v7.0.2 - github.com/go-logr/zapr v1.2.4 + github.com/go-logr/zapr v1.3.0 github.com/gogo/protobuf v1.3.2 github.com/goradd/maps v0.1.5 github.com/kinbiko/jsonassert v1.1.1 github.com/kubescape/go-logger v0.0.23 - github.com/kubescape/k8s-interface v0.0.162 + github.com/kubescape/k8s-interface v0.0.177 github.com/ncw/directio v1.0.5 github.com/olvrng/ujson v1.1.0 github.com/puzpuzpuz/xsync/v2 v2.4.1 @@ -23,14 +26,15 @@ require ( github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 go.opentelemetry.io/otel v1.30.0 + go.uber.org/multierr v1.11.0 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 k8s.io/api v0.29.0 k8s.io/apimachinery v0.29.0 - k8s.io/apiserver v0.26.2 + k8s.io/apiserver v0.29.0 k8s.io/client-go v0.29.0 - k8s.io/code-generator v0.26.2 - k8s.io/component-base v0.27.2 + k8s.io/code-generator v0.29.0 + k8s.io/component-base v0.29.0 k8s.io/klog/v2 v2.130.1 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 k8s.io/utils v0.0.0-20230726121419-3b25d923346b @@ -39,7 +43,7 @@ require ( require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/pquerna/cachecontrol v0.2.0 // indirect - github.com/stripe/stripe-go/v74 v74.28.0 // indirect + github.com/stripe/stripe-go/v74 v74.30.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect ) @@ -50,17 +54,19 @@ require ( github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4 // indirect github.com/anchore/stereoscope v0.0.3-0.20240423181235-8b297badafd5 // indirect github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect - github.com/armosec/armoapi-go v0.0.329 // indirect - github.com/armosec/gojay v1.2.15 // indirect - github.com/armosec/utils-go v0.0.56 // indirect + github.com/armosec/armoapi-go v0.0.393 // indirect + github.com/armosec/gojay v1.2.17 // indirect + github.com/armosec/utils-go v0.0.57 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/becheran/wildmatch-go v1.0.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect github.com/briandowns/spinner v1.23.1 // indirect + github.com/cenkalti/backoff v2.2.1+incompatible // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 // indirect github.com/containerd/containerd v1.7.18 // indirect github.com/containerd/errdefs v0.1.0 // indirect github.com/coreos/go-oidc v2.2.1+incompatible // indirect @@ -71,14 +77,14 @@ require ( github.com/docker/docker v27.1.1+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.2 // indirect github.com/docker/go-connections v0.5.0 // indirect - github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/evanphx/json-patch v4.12.0+incompatible // indirect + github.com/emicklei/go-restful/v3 v3.11.3 // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/facebookincubator/nvdtools v0.1.5 // indirect github.com/fatih/color v1.17.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/francoispqt/gojay v1.2.13 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.0 // indirect + github.com/gabriel-vasile/mimetype v1.4.3 // indirect github.com/github/go-spdx/v2 v2.2.0 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -89,7 +95,7 @@ require ( github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/cel-go v0.17.7 // indirect - github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-containerregistry v0.20.0 // indirect github.com/google/gofuzz v1.2.0 // indirect @@ -98,8 +104,8 @@ require ( github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/hcl v1.0.0 // indirect - github.com/imdario/mergo v0.3.15 // indirect + github.com/hashicorp/hcl v1.0.1-vault-5 // indirect + github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jinzhu/copier v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -109,7 +115,7 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect @@ -119,22 +125,22 @@ require ( github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect - github.com/pelletier/go-toml/v2 v2.1.0 // indirect + github.com/pelletier/go-toml/v2 v2.1.1 // indirect github.com/pierrec/lz4/v4 v4.1.15 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.10.1 // indirect - github.com/sagikazarmark/locafero v0.3.0 // indirect + github.com/prometheus/client_golang v1.18.0 // indirect + github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect + github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect github.com/seccomp/libseccomp-golang v0.10.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/sourcegraph/conc v0.3.0 // indirect - github.com/spf13/cast v1.5.1 // indirect + github.com/spf13/cast v1.6.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.17.0 // indirect + github.com/spf13/viper v1.18.2 // indirect github.com/stoewer/go-strcase v1.2.0 // indirect github.com/sylabs/squashfs v0.6.1 // indirect github.com/therootcompany/xz v1.0.1 // indirect @@ -147,7 +153,7 @@ require ( go.etcd.io/etcd/api/v3 v3.5.10 // indirect go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect go.etcd.io/etcd/client/v3 v3.5.10 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect go.opentelemetry.io/contrib/instrumentation/runtime v0.55.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.6.0 // indirect @@ -163,7 +169,6 @@ require ( go.opentelemetry.io/otel/sdk/metric v1.30.0 // indirect go.opentelemetry.io/otel/trace v1.30.0 // indirect go.opentelemetry.io/proto/otlp v1.3.1 // indirect - go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.27.0 // indirect golang.org/x/mod v0.20.0 // indirect golang.org/x/net v0.29.0 // indirect @@ -174,6 +179,7 @@ require ( golang.org/x/text v0.18.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.24.0 // indirect + google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/grpc v1.67.0 // indirect @@ -184,17 +190,20 @@ require ( gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/apiextensions-apiserver v0.29.0 // indirect k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect - k8s.io/kms v0.26.2 // indirect + k8s.io/kms v0.29.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect - sigs.k8s.io/controller-runtime v0.15.0 // indirect + sigs.k8s.io/controller-runtime v0.17.2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) replace ( - github.com/openvex/go-vex => github.com/slashben/go-vex v0.0.0-20231012123606-f58e5ee0e14e + //github.com/openvex/go-vex => github.com/slashben/go-vex v0.0.0-20231012123606-f58e5ee0e14e + //github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.16.0 + //github.com/prometheus/common => github.com/prometheus/common v0.44.0 google.golang.org/grpc => google.golang.org/grpc v1.56.3 k8s.io/api => k8s.io/api v0.0.0-20231101171312-cd0ecb048ea5 k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20231102051132-bc0a03b4342c diff --git a/go.sum b/go.sum index c9542b461..68502ee1c 100644 --- a/go.sum +++ b/go.sum @@ -38,7 +38,7 @@ cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRY cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= -cloud.google.com/go v0.110.10 h1:LXy9GEO+timppncPIAZoOj3l58LIU9k+kn48AN7IO3Y= +cloud.google.com/go v0.111.0 h1:YHLKNupSD1KqjDbQ3+LVdQ81h/UJbJyZG203cEfnQgM= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= @@ -613,6 +613,8 @@ github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3 github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= +github.com/SergJa/jsonhash v0.0.0-20210531165746-fc45f346aa74 h1:zZX7V5abnOB0VTEFnwYxwbuot0GCZUjQZQpjHKnG1Kk= +github.com/SergJa/jsonhash v0.0.0-20210531165746-fc45f346aa74/go.mod h1:GE9lvSMBrKhFDkoh660mCThn1v7/jfb1r0Z+DpUX4zQ= github.com/acobaugh/osrelease v0.1.0 h1:Yb59HQDGGNhCj4suHaFQQfBps5wyoKLSSX/J/+UifRE= github.com/acobaugh/osrelease v0.1.0/go.mod h1:4bFEs0MtgHNHBrmHCt67gNisnabCRAlzdVasCEGHTWY= github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls= @@ -651,19 +653,18 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armosec/armoapi-go v0.0.329 h1:dFBRekSD4NNwmZo91Ovtfwas900MLdI1vvEErr1BApc= -github.com/armosec/armoapi-go v0.0.329/go.mod h1:owUDyS9ME9jkpAkz8nZA7/CQj2m8gMx/uTyeal4LHAo= -github.com/armosec/gojay v1.2.15 h1:sSB2vnAvacUNkw9nzUYZKcPzhJOyk6/5LK2JCNdmoZY= -github.com/armosec/gojay v1.2.15/go.mod h1:vzVAaay2TWJAngOpxu8aqLbye9jMgoKleuAOK+xsOts= -github.com/armosec/utils-go v0.0.56 h1:fxn+xH0hxfvyKOTTotl0s+UWPNPPajgHX0mrTW8qhFc= -github.com/armosec/utils-go v0.0.56/go.mod h1:1HwWqN+gi13UoouZpv+6PXxTNPK1WjvHH/bx69P25X8= +github.com/armosec/armoapi-go v0.0.393 h1:NrL9UssEthHJQApLoy3qUvRmNQDQRMFLphZ6hoBBMcE= +github.com/armosec/armoapi-go v0.0.393/go.mod h1:THr0weLNkxJvZPgwk2GSCtGWw4ERGDYo81g9MqHOUwk= +github.com/armosec/gojay v1.2.17 h1:VSkLBQzD1c2V+FMtlGFKqWXNsdNvIKygTKJI9ysY8eM= +github.com/armosec/gojay v1.2.17/go.mod h1:vuvX3DlY0nbVrJ0qCklSS733AWMoQboq3cFyuQW9ybc= +github.com/armosec/utils-go v0.0.57 h1:0RaqexK+t7HeKWfldBv2C1JiLLGuUx9FP0DGWDNRJpg= +github.com/armosec/utils-go v0.0.57/go.mod h1:4wfINE8JTQ6EHvSL2jki0Q3/D1j6oDi6sxxrtAEug74= github.com/armosec/utils-k8s-go v0.0.26 h1:gVSV1mrALyphaesc+JXbx9SfbxLqfgg1KvvC1/0Hfkk= github.com/armosec/utils-k8s-go v0.0.26/go.mod h1:WL2brx3tszxeSl1yHac0oAVJUg3o22HYh1dPjaSfjXU= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA= github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -679,6 +680,8 @@ github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBT github.com/briandowns/spinner v1.23.1 h1:t5fDPmScwUjozhDj4FA46p5acZWIPXYE30qW2Ptu650= github.com/briandowns/spinner v1.23.1/go.mod h1:LaZeM4wm2Ywy6vO571mvhQNRcWfRUnXOs0RcKV0wYKM= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= +github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= +github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -686,8 +689,9 @@ github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -701,8 +705,9 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= +github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/containerd/containerd v1.7.18 h1:jqjZTQNfXGoEaZdW1WwPU0RqSn1Bm2Ay/KJPUuO8nao= github.com/containerd/containerd v1.7.18/go.mod h1:IYEk9/IO6wAPUz2bCMVUbsfXjzw5UNP5fLz4PsUygQ4= github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= @@ -742,8 +747,8 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= -github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.11.3 h1:yagOQz/38xJmcNeZJtrUcKjkHRltIaIFXKWeG1SkWGE= +github.com/emicklei/go-restful/v3 v3.11.3/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= @@ -755,8 +760,8 @@ github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0+ github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= -github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/facebookincubator/flog v0.0.0-20190930132826-d2511d0ce33c/go.mod h1:QGzNH9ujQ2ZUr/CjDGZGWeDAVStrWNjHeEcjJL96Nuk= github.com/facebookincubator/nvdtools v0.1.5 h1:jbmDT1nd6+k+rlvKhnkgMokrCAzHoASWE5LtHbX2qFQ= github.com/facebookincubator/nvdtools v0.1.5/go.mod h1:Kh55SAWnjckS96TBSrXI99KrEKH4iB0OJby3N8GRJO4= @@ -776,14 +781,14 @@ github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/ github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= -github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= -github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/gabriel-vasile/mimetype v1.4.0 h1:Cn9dkdYsMIu56tGho+fqzh7XmvY2YyGU0FnbhiOsEro= -github.com/gabriel-vasile/mimetype v1.4.0/go.mod h1:fA8fi6KUiG7MgQQ+mEWotXoEOvmxRtOJlERCzSmRvr8= +github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= +github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/github/go-spdx/v2 v2.2.0 h1:yBBLMasHA70Ujd35OpL/OjJOWWVNXcJGbars0GinGRI= github.com/github/go-spdx/v2 v2.2.0/go.mod h1:hMCrsFgT0QnCwn7G8gxy/MxMpy67WgZrwFeISTn0o6w= @@ -804,13 +809,12 @@ github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpx github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= -github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= @@ -881,8 +885,8 @@ github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9 github.com/google/cel-go v0.17.7 h1:6ebJFzu1xO2n7TLtN+UBqShGBhlD85bhvglh5DpcfqQ= github.com/google/cel-go v0.17.7/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= +github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -1003,8 +1007,9 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= -github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= +github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY= github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= @@ -1017,8 +1022,8 @@ github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSAS github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= -github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= @@ -1065,8 +1070,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kubescape/go-logger v0.0.23 h1:5xh+Nm8eGImhFbtippRKLaFgsvlKE1ufvQhNM2P/570= github.com/kubescape/go-logger v0.0.23/go.mod h1:Ayg7g769c7sXVB+P3fkJmbsJpoEmMmaUf9jeo+XuC3U= -github.com/kubescape/k8s-interface v0.0.162 h1:tIXwuB7073GJV3OPgGMS4kXBh7N709NscVYiePMCvU4= -github.com/kubescape/k8s-interface v0.0.162/go.mod h1:oF+Yxug3Kpfu9Yr2j63wy7gwswrKXpiqI0mLk/7gF/s= +github.com/kubescape/k8s-interface v0.0.177 h1:x+8agex4PSMubInFHprVG6y0E3AVhm1PvAHzSH7ehMs= +github.com/kubescape/k8s-interface v0.0.177/go.mod h1:1jA1z5uLLyVkGxWjlT9WibUvcE+chK4g9Hrxg+GajP4= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= @@ -1096,8 +1101,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= @@ -1153,8 +1158,8 @@ github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144T github.com/pborman/indent v1.2.1 h1:lFiviAbISHv3Rf0jcuh489bi06hj98JsVMtIDZQb9yM= github.com/pborman/indent v1.2.1/go.mod h1:FitS+t35kIYtB5xWTZAPhnmrxcciEEOdbyrrpz5K6Vw= github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= -github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= +github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI= +github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= @@ -1180,26 +1185,26 @@ github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= +github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= +github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= +github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= +github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= -github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/puzpuzpuz/xsync/v2 v2.4.1 h1:aGdE1C/HaR/QC6YAFdtZXi60Df8/qBIrs8PKrzkItcM= github.com/puzpuzpuz/xsync/v2 v2.4.1/go.mod h1:gD2H2krq/w52MfPLE+Uy64TzJDVY7lP2znR9qmR35kU= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= @@ -1215,8 +1220,8 @@ github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfF github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig= -github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9cJvm4SvQ= -github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U= +github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ= +github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e h1:7q6NSFZDeGfvvtIRwBrU/aegEYJYmvev0cHAwo17zZQ= @@ -1267,8 +1272,8 @@ github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcD github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= -github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= +github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= +github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= @@ -1276,8 +1281,8 @@ github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= -github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI= -github.com/spf13/viper v1.17.0/go.mod h1:BmMMMLQXSbcHK6KAOiFLz0l5JHrU89OdIRHvsk0+yVI= +github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ= +github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk= github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -1297,8 +1302,8 @@ github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/stripe/stripe-go/v74 v74.28.0 h1:ItzPPy+cjMKbR3Oihknt/8dv6PANp3hTThUGZjhF9lc= -github.com/stripe/stripe-go/v74 v74.28.0/go.mod h1:f9L6LvaXa35ja7eyvP6GQswoaIPaBRvGAimAO+udbBw= +github.com/stripe/stripe-go/v74 v74.30.0 h1:0Kf0KkeFnY7iRhOwvTerX0Ia1BRw+eV1CVJ51mGYAUY= +github.com/stripe/stripe-go/v74 v74.30.0/go.mod h1:f9L6LvaXa35ja7eyvP6GQswoaIPaBRvGAimAO+udbBw= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= @@ -1367,8 +1372,8 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 h1:PzIubN4/sjByhDRHLviCjJuweBXWFZWhghjg7cS28+M= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0/go.mod h1:Ct6zzQEuGK3WpJs2n4dn+wfJYzd/+hNnxMRTWjGn30M= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= go.opentelemetry.io/contrib/instrumentation/runtime v0.55.0 h1:GotCpbh7YkCHdFs+hYMdvAEyGsBZifFognqrOnBwyJM= @@ -1405,14 +1410,12 @@ go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= @@ -1538,7 +1541,6 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210505024714-0287a6fb4125/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -2035,8 +2037,8 @@ google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOl google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ= -google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= +google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac h1:ZL/Teoy/ZGnzyrqK/Optxxp2pmVh+fmJ97slxSRyzUg= +google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:+Rvu7ElI+aLzyDQhpHMFMMltsD6m7nqpuWDd2CwJw3k= google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= @@ -2104,6 +2106,8 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= k8s.io/api v0.0.0-20231101171312-cd0ecb048ea5 h1:ZfnjV6xXqx4UGcyZm6uANo3TRx2ZzzARWc4sJzdRXOg= k8s.io/api v0.0.0-20231101171312-cd0ecb048ea5/go.mod h1:pe4ymgKfZ6OhusBquRSk+Kqm3zLI7wDLZQoGKcHdLLc= +k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= +k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= k8s.io/apimachinery v0.0.0-20231102051132-bc0a03b4342c h1:Th/caFaWZVyvYMxncoveIgNKY8VvDImU4QFKC3raj9w= k8s.io/apimachinery v0.0.0-20231102051132-bc0a03b4342c/go.mod h1:yFk3nwBh/jXlkMvRKH7BKtX7saT1lRmmGV6Ru0cTSUA= k8s.io/apiserver v0.0.0-20231101172914-798e645af694 h1:HA4DTzrYeaaK4xnOadvOqaA0yCEEuQeqPSXKy52Es2I= @@ -2164,8 +2168,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 h1:TgtAeesdhpm2SGwkQasmbeqDo8th5wOBA5h/AjTKA4I= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0/go.mod h1:VHVDI/KrK4fjnV61bE2g3sA7tiETLn8sooImelsCx3Y= -sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU= -sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk= +sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= +sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy.go b/pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy.go index 9d3ed6fa4..0bcf1577a 100644 --- a/pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy.go +++ b/pkg/apis/softwarecomposition/networkpolicy/v1/networkpolicy.go @@ -21,10 +21,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -const ( - storageV1ApiVersion = "spdx.softwarecomposition.kubescape.io" -) - func GenerateNetworkPolicy(networkNeighbors softwarecomposition.NetworkNeighbors, knownServers []softwarecomposition.KnownServer, timeProvider metav1.Time) (softwarecomposition.GeneratedNetworkPolicy, error) { if !IsAvailable(networkNeighbors) { return softwarecomposition.GeneratedNetworkPolicy{}, fmt.Errorf("networkNeighbors %s/%s status annotation is not ready nor completed", networkNeighbors.Namespace, networkNeighbors.Name) @@ -60,7 +56,7 @@ func GenerateNetworkPolicy(networkNeighbors softwarecomposition.NetworkNeighbors generatedNetworkPolicy := softwarecomposition.GeneratedNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "GeneratedNetworkPolicy", - APIVersion: storageV1ApiVersion, + APIVersion: softwarecomposition.GroupName, }, ObjectMeta: metav1.ObjectMeta{ Name: networkNeighbors.Name, diff --git a/pkg/apis/softwarecomposition/types.go b/pkg/apis/softwarecomposition/types.go index 1be969b80..8003b526c 100644 --- a/pkg/apis/softwarecomposition/types.go +++ b/pkg/apis/softwarecomposition/types.go @@ -23,6 +23,8 @@ import ( "github.com/containers/common/pkg/seccomp" "github.com/kubescape/storage/pkg/apis/softwarecomposition/consts" + "golang.org/x/text/cases" + "golang.org/x/text/language" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -640,7 +642,7 @@ func (e *HTTPEndpoint) GetHeaders() (map[string][]string, error) { headers := make(map[string][]string) // Unmarshal the JSON into the map - err := json.Unmarshal([]byte(e.Headers), &headers) + err := json.Unmarshal(e.Headers, &headers) if err != nil { return nil, err } @@ -683,7 +685,7 @@ func (e HTTPEndpoint) String() string { s.WriteString(sep) } // Capitalize the first letter of the direction - s.WriteString(strings.Title(string(e.Direction))) + s.WriteString(cases.Title(language.English, cases.NoLower).String(string(e.Direction))) } headers, err := e.GetHeaders() diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 52350b69d..3d1af8584 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -142,10 +142,10 @@ func (c completedConfig) New() (*WardleServer, error) { var ( osFs = afero.NewOsFs() - storageImpl = file.NewStorageImpl(osFs, file.DefaultStorageRoot) + storageImpl = file.NewStorageImpl(osFs, file.DefaultStorageRoot, Scheme) - applicationProfileStorageImpl = file.NewStorageImplWithCollector(osFs, file.DefaultStorageRoot, file.NewApplicationProfileProcessor()) - networkNeighborhoodStorageImpl = file.NewStorageImplWithCollector(osFs, file.DefaultStorageRoot, file.NewNetworkNeighborhoodProcessor()) + applicationProfileStorageImpl = file.NewStorageImplWithCollector(osFs, file.DefaultStorageRoot, Scheme, file.NewApplicationProfileProcessor()) + networkNeighborhoodStorageImpl = file.NewStorageImplWithCollector(osFs, file.DefaultStorageRoot, Scheme, file.NewNetworkNeighborhoodProcessor()) configScanStorageImpl = file.NewConfigurationScanSummaryStorage(storageImpl) vulnerabilitySummaryStorage = file.NewVulnerabilitySummaryStorage(storageImpl) generatedNetworkPolicyStorage = file.NewGeneratedNetworkPolicyStorage(storageImpl) diff --git a/pkg/registry/file/applicationprofile_processor.go b/pkg/registry/file/applicationprofile_processor.go index c857a3cbb..dfb1c0069 100644 --- a/pkg/registry/file/applicationprofile_processor.go +++ b/pkg/registry/file/applicationprofile_processor.go @@ -5,7 +5,6 @@ import ( "os" "strconv" - mapset "github.com/deckarep/golang-set/v2" "github.com/kubescape/go-logger" loggerhelpers "github.com/kubescape/go-logger/helpers" "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" @@ -61,7 +60,7 @@ func (a ApplicationProfileProcessor) PreSave(object runtime.Object) error { profile.Spec.InitContainers = processContainers(profile.Spec.InitContainers) profile.Spec.Containers = processContainers(profile.Spec.Containers) - profile.Spec.Architectures = mapset.Sorted(mapset.NewThreadUnsafeSet(profile.Spec.Architectures...)) + profile.Spec.Architectures = DeflateSortString(profile.Spec.Architectures) // check the size of the profile if size > a.maxApplicationProfileSize { @@ -83,18 +82,14 @@ func deflateApplicationProfileContainer(container softwarecomposition.Applicatio opens = DeflateStringer(container.Opens) } - if opens == nil { - opens = []softwarecomposition.OpenCalls{} - } - endpoints := dynamicpathdetector.AnalyzeEndpoints(&container.Endpoints, dynamicpathdetector.NewPathAnalyzer(EndpointDynamicThreshold)) return softwarecomposition.ApplicationProfileContainer{ Name: container.Name, - Capabilities: mapset.Sorted(mapset.NewThreadUnsafeSet(container.Capabilities...)), + Capabilities: DeflateSortString(container.Capabilities), Execs: DeflateStringer(container.Execs), Opens: opens, - Syscalls: mapset.Sorted(mapset.NewThreadUnsafeSet(container.Syscalls...)), + Syscalls: DeflateSortString(container.Syscalls), SeccompProfile: container.SeccompProfile, Endpoints: endpoints, ImageTag: container.ImageTag, diff --git a/pkg/registry/file/applicationprofile_processor_test.go b/pkg/registry/file/applicationprofile_processor_test.go index b2fb5dd91..6e7ace0d7 100644 --- a/pkg/registry/file/applicationprofile_processor_test.go +++ b/pkg/registry/file/applicationprofile_processor_test.go @@ -89,47 +89,36 @@ func TestApplicationProfileProcessor_PreSave(t *testing.T) { Architectures: []string{"amd64", "arm64"}, EphemeralContainers: []softwarecomposition.ApplicationProfileContainer{ { - Name: "ephemeralContainer", - Capabilities: []string{}, + Name: "ephemeralContainer", Execs: []softwarecomposition.ExecCalls{ {Path: "/bin/bash", Args: []string{"-c", "echo abc"}}, }, - Opens: []softwarecomposition.OpenCalls{}, - Syscalls: []string{}, }, }, InitContainers: []softwarecomposition.ApplicationProfileContainer{ { - Name: "initContainer", - Capabilities: []string{}, + Name: "initContainer", Execs: []softwarecomposition.ExecCalls{ {Path: "/bin/bash", Args: []string{"-c", "echo hello"}}, }, - Opens: []softwarecomposition.OpenCalls{}, - Syscalls: []string{}, }, }, Containers: []softwarecomposition.ApplicationProfileContainer{ { - Name: "container1", - Capabilities: []string{}, + Name: "container1", Execs: []softwarecomposition.ExecCalls{ {Path: "/usr/bin/ls", Args: []string{"-l", "/tmp"}}, {Path: "/usr/bin/ls", Args: []string{"-l", "/home"}}, }, - Opens: []softwarecomposition.OpenCalls{}, - Syscalls: []string{}, }, { - Name: "container2", - Capabilities: []string{}, + Name: "container2", Execs: []softwarecomposition.ExecCalls{ {Path: "/usr/bin/ping", Args: []string{"localhost"}}, }, Opens: []softwarecomposition.OpenCalls{ {Path: "/etc/hosts", Flags: []string{"O_CLOEXEC", "O_RDONLY"}}, }, - Syscalls: []string{}, Endpoints: []softwarecomposition.HTTPEndpoint{ { Endpoint: ":443/abc", @@ -243,7 +232,7 @@ func TestDeflateRulePolicies(t *testing.T) { }, want: map[string]softwarecomposition.RulePolicy{ "rule1": { - AllowedProcesses: []string{}, + AllowedProcesses: nil, AllowedContainer: true, }, }, diff --git a/pkg/registry/file/configurationscansummarystorage_test.go b/pkg/registry/file/configurationscansummarystorage_test.go index 1ea18cc1a..b5bc67ed5 100644 --- a/pkg/registry/file/configurationscansummarystorage_test.go +++ b/pkg/registry/file/configurationscansummarystorage_test.go @@ -6,15 +6,17 @@ import ( "github.com/kubescape/storage/pkg/apis/softwarecomposition" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" + "github.com/kubescape/storage/pkg/generated/clientset/versioned/scheme" "github.com/spf13/afero" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apiserver/pkg/storage" ) func TestConfigurationScanSummaryStorage_Count(t *testing.T) { - storageImpl := NewStorageImpl(afero.NewMemMapFs(), "") + storageImpl := NewStorageImpl(afero.NewMemMapFs(), "", nil) configScanSummaryStorage := NewConfigurationScanSummaryStorage(storageImpl) count, err := configScanSummaryStorage.Count("random") @@ -27,7 +29,7 @@ func TestConfigurationScanSummaryStorage_Count(t *testing.T) { } func TestConfigurationScanSummaryStorage_Create(t *testing.T) { - storageImpl := NewStorageImpl(afero.NewMemMapFs(), "") + storageImpl := NewStorageImpl(afero.NewMemMapFs(), "", nil) configScanSummaryStorage := NewConfigurationScanSummaryStorage(storageImpl) err := configScanSummaryStorage.Create(context.TODO(), "", nil, nil, 0) @@ -38,7 +40,7 @@ func TestConfigurationScanSummaryStorage_Create(t *testing.T) { } func TestConfigurationScanSummaryStorage_Delete(t *testing.T) { - storageImpl := NewStorageImpl(afero.NewMemMapFs(), "") + storageImpl := NewStorageImpl(afero.NewMemMapFs(), "", nil) configScanSummaryStorage := NewConfigurationScanSummaryStorage(storageImpl) err := configScanSummaryStorage.Delete(context.TODO(), "", nil, nil, nil, nil) @@ -49,7 +51,7 @@ func TestConfigurationScanSummaryStorage_Delete(t *testing.T) { } func TestConfigurationScanSummaryStorage_Watch(t *testing.T) { - storageImpl := NewStorageImpl(afero.NewMemMapFs(), "") + storageImpl := NewStorageImpl(afero.NewMemMapFs(), "", nil) configScanSummaryStorage := NewConfigurationScanSummaryStorage(storageImpl) _, err := configScanSummaryStorage.Watch(context.TODO(), "", storage.ListOptions{}) @@ -60,7 +62,7 @@ func TestConfigurationScanSummaryStorage_Watch(t *testing.T) { } func TestConfigurationScanSummaryStorage_GuaranteedUpdate(t *testing.T) { - storageImpl := NewStorageImpl(afero.NewMemMapFs(), "") + storageImpl := NewStorageImpl(afero.NewMemMapFs(), "", nil) configScanSummaryStorage := NewConfigurationScanSummaryStorage(storageImpl) err := configScanSummaryStorage.GuaranteedUpdate(context.TODO(), "", nil, false, nil, nil, nil) @@ -107,14 +109,16 @@ func TestConfigurationScanSummaryStorage_Get(t *testing.T) { }, } - realStorage := NewStorageImpl(afero.NewMemMapFs(), "/") + sch := scheme.Scheme + require.NoError(t, softwarecomposition.AddToScheme(sch)) + realStorage := NewStorageImpl(afero.NewMemMapFs(), "/", sch) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { configScanSummaryStorage := NewConfigurationScanSummaryStorage(realStorage) if tt.create { - wlObj := &softwarecomposition.WorkloadConfigurationScanSummary{} + wlObj := &softwarecomposition.WorkloadConfigurationScanSummary{ObjectMeta: v1.ObjectMeta{Annotations: map[string]string{}}} _ = realStorage.Create(context.TODO(), "/spdx.softwarecomposition.kubescape.io/workloadconfigurationscansummaries/kubescape/toto", wlObj, nil, 0) } @@ -173,14 +177,16 @@ func TestConfigurationScanSummaryStorage_GetList(t *testing.T) { }, } - realStorage := NewStorageImpl(afero.NewMemMapFs(), "/") + sch := scheme.Scheme + require.NoError(t, softwarecomposition.AddToScheme(sch)) + realStorage := NewStorageImpl(afero.NewMemMapFs(), "/", sch) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { configScanSummaryStorage := NewConfigurationScanSummaryStorage(realStorage) if tt.create { - wlObj := &softwarecomposition.WorkloadConfigurationScanSummary{} + wlObj := &softwarecomposition.WorkloadConfigurationScanSummary{ObjectMeta: v1.ObjectMeta{Annotations: map[string]string{}}} _ = realStorage.Create(context.TODO(), "/spdx.softwarecomposition.kubescape.io/workloadconfigurationscansummaries/kubescape/toto", wlObj, nil, 0) } diff --git a/pkg/registry/file/dynamicpathdetector/analyze_opens.go b/pkg/registry/file/dynamicpathdetector/analyze_opens.go index 387dcc836..b8a0e5243 100644 --- a/pkg/registry/file/dynamicpathdetector/analyze_opens.go +++ b/pkg/registry/file/dynamicpathdetector/analyze_opens.go @@ -10,6 +10,10 @@ import ( ) func AnalyzeOpens(opens []types.OpenCalls, analyzer *PathAnalyzer) ([]types.OpenCalls, error) { + if opens == nil { + return nil, nil + } + dynamicOpens := make(map[string]types.OpenCalls) for _, open := range opens { _, _ = AnalyzeOpen(open.Path, analyzer) diff --git a/pkg/registry/file/generatednetworkpolicy_test.go b/pkg/registry/file/generatednetworkpolicy_test.go index 6e88abad2..0dc1351a9 100644 --- a/pkg/registry/file/generatednetworkpolicy_test.go +++ b/pkg/registry/file/generatednetworkpolicy_test.go @@ -5,6 +5,8 @@ import ( "testing" helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" + "github.com/kubescape/storage/pkg/generated/clientset/versioned/scheme" + "github.com/stretchr/testify/require" "github.com/kubescape/storage/pkg/apis/softwarecomposition" "github.com/spf13/afero" @@ -134,7 +136,9 @@ func TestGeneratedNetworkPolicyStorage_Get(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - realStorage := NewStorageImpl(afero.NewMemMapFs(), "/") + sch := scheme.Scheme + require.NoError(t, softwarecomposition.AddToScheme(sch)) + realStorage := NewStorageImpl(afero.NewMemMapFs(), "/", sch) generatedNetworkPolicyStorage := NewGeneratedNetworkPolicyStorage(realStorage) if tt.create { @@ -177,7 +181,7 @@ func TestGeneratedNetworkPolicyStorage_Get(t *testing.T) { } func TestGeneratedNetworkPolicyStorage_Count(t *testing.T) { - storageImpl := NewStorageImpl(afero.NewMemMapFs(), "") + storageImpl := NewStorageImpl(afero.NewMemMapFs(), "", nil) generatedNetworkPolicyStorage := NewGeneratedNetworkPolicyStorage(storageImpl) count, err := generatedNetworkPolicyStorage.Count("random") @@ -190,7 +194,7 @@ func TestGeneratedNetworkPolicyStorage_Count(t *testing.T) { } func TestGeneratedNetworkPolicyStorage_Create(t *testing.T) { - storageImpl := NewStorageImpl(afero.NewMemMapFs(), "") + storageImpl := NewStorageImpl(afero.NewMemMapFs(), "", nil) generatedNetworkPolicyStorage := NewGeneratedNetworkPolicyStorage(storageImpl) err := generatedNetworkPolicyStorage.Create(context.TODO(), "", nil, nil, 0) @@ -201,7 +205,7 @@ func TestGeneratedNetworkPolicyStorage_Create(t *testing.T) { } func TestGeneratedNetworkPolicyStorage_Delete(t *testing.T) { - storageImpl := NewStorageImpl(afero.NewMemMapFs(), "") + storageImpl := NewStorageImpl(afero.NewMemMapFs(), "", nil) generatedNetworkPolicyStorage := NewGeneratedNetworkPolicyStorage(storageImpl) err := generatedNetworkPolicyStorage.Delete(context.TODO(), "", nil, nil, nil, nil) @@ -212,7 +216,7 @@ func TestGeneratedNetworkPolicyStorage_Delete(t *testing.T) { } func TestGeneratedNetworkPolicyStorage_Watch(t *testing.T) { - storageImpl := NewStorageImpl(afero.NewMemMapFs(), "") + storageImpl := NewStorageImpl(afero.NewMemMapFs(), "", nil) generatedNetworkPolicyStorage := NewGeneratedNetworkPolicyStorage(storageImpl) _, err := generatedNetworkPolicyStorage.Watch(context.TODO(), "", storage.ListOptions{}) @@ -223,7 +227,7 @@ func TestGeneratedNetworkPolicyStorage_Watch(t *testing.T) { } func TestGeneratedNetworkPolicyStorage_GuaranteedUpdate(t *testing.T) { - storageImpl := NewStorageImpl(afero.NewMemMapFs(), "") + storageImpl := NewStorageImpl(afero.NewMemMapFs(), "", nil) generatedNetworkPolicyStorage := NewGeneratedNetworkPolicyStorage(storageImpl) err := generatedNetworkPolicyStorage.GuaranteedUpdate(context.TODO(), "", nil, false, nil, nil, nil) diff --git a/pkg/registry/file/networkneighborhood_processor.go b/pkg/registry/file/networkneighborhood_processor.go index 292b63099..f498a6410 100644 --- a/pkg/registry/file/networkneighborhood_processor.go +++ b/pkg/registry/file/networkneighborhood_processor.go @@ -83,6 +83,9 @@ func deflateNetworkNeighborhoodContainer(container softwarecomposition.NetworkNe // DNSNames are deduplicated // Ports are merged on Name func deflateNetworkNeighbors(in []softwarecomposition.NetworkNeighbor) []softwarecomposition.NetworkNeighbor { + if in == nil { + return nil + } out := make([]softwarecomposition.NetworkNeighbor, 0) seen := map[string]int{} toDeflate := mapset.NewThreadUnsafeSet[int]() @@ -97,7 +100,7 @@ func deflateNetworkNeighbors(in []softwarecomposition.NetworkNeighbor) []softwar } } for _, i := range mapset.Sorted(toDeflate) { - out[i].DNSNames = mapset.Sorted(mapset.NewThreadUnsafeSet(out[i].DNSNames...)) + out[i].DNSNames = DeflateSortString(out[i].DNSNames) out[i].Ports = DeflateStringer(out[i].Ports) } return out diff --git a/pkg/registry/file/networkneighborhood_processor_test.go b/pkg/registry/file/networkneighborhood_processor_test.go index 1cf7342e7..75c95fab9 100644 --- a/pkg/registry/file/networkneighborhood_processor_test.go +++ b/pkg/registry/file/networkneighborhood_processor_test.go @@ -79,20 +79,18 @@ func TestNetworkNeighborhoodProcessor_PreSave(t *testing.T) { { Name: "ephemeralContainer", Ingress: []softwarecomposition.NetworkNeighbor{ - {Identifier: "a", Ports: []softwarecomposition.NetworkPort{{Name: "80"}, {Name: "443"}}, DNSNames: []string{}}, + {Identifier: "a", Ports: []softwarecomposition.NetworkPort{{Name: "80"}, {Name: "443"}}}, {Identifier: "b", Ports: []softwarecomposition.NetworkPort{{Name: "80"}}}, - {Identifier: "c", Ports: []softwarecomposition.NetworkPort{{Name: "80"}}, DNSNames: []string{}}, + {Identifier: "c", Ports: []softwarecomposition.NetworkPort{{Name: "80"}}}, }, - Egress: []softwarecomposition.NetworkNeighbor{}, }, }, InitContainers: []softwarecomposition.NetworkNeighborhoodContainer{ { Name: "initContainer", Ingress: []softwarecomposition.NetworkNeighbor{ - {Identifier: "a", Ports: []softwarecomposition.NetworkPort{{Name: "80"}}, DNSNames: []string{}}, + {Identifier: "a", Ports: []softwarecomposition.NetworkPort{{Name: "80"}}}, }, - Egress: []softwarecomposition.NetworkNeighbor{}, }, }, Containers: []softwarecomposition.NetworkNeighborhoodContainer{ @@ -102,14 +100,12 @@ func TestNetworkNeighborhoodProcessor_PreSave(t *testing.T) { {Identifier: "a", Ports: []softwarecomposition.NetworkPort{{Name: "80"}}}, {Identifier: "c", Ports: []softwarecomposition.NetworkPort{{Name: "8080"}}}, }, - Egress: []softwarecomposition.NetworkNeighbor{}, }, { Name: "container2", Ingress: []softwarecomposition.NetworkNeighbor{ {Identifier: "a", Ports: []softwarecomposition.NetworkPort{{Name: "80"}}}, }, - Egress: []softwarecomposition.NetworkNeighbor{}, }, }, }, diff --git a/pkg/registry/file/processor.go b/pkg/registry/file/processor.go index 846325eb4..0442addaf 100644 --- a/pkg/registry/file/processor.go +++ b/pkg/registry/file/processor.go @@ -42,8 +42,15 @@ func DeflateRulePolicies(in map[string]softwarecomposition.RulePolicy) map[strin } for key, item := range in { - item.AllowedProcesses = mapset.Sorted(mapset.NewThreadUnsafeSet(item.AllowedProcesses...)) + item.AllowedProcesses = DeflateSortString(item.AllowedProcesses) in[key] = item } return in } + +func DeflateSortString(in []string) []string { + if in == nil { + return nil + } + return mapset.Sorted(mapset.NewThreadUnsafeSet(in...)) +} diff --git a/pkg/registry/file/processor_test.go b/pkg/registry/file/processor_test.go new file mode 100644 index 000000000..383191888 --- /dev/null +++ b/pkg/registry/file/processor_test.go @@ -0,0 +1,49 @@ +package file + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestDeflateSortString(t *testing.T) { + tests := []struct { + name string + in []string + want []string + }{ + { + name: "nil", + }, + { + name: "empty", + in: []string{}, + want: []string{}, + }, + { + name: "single", + in: []string{"a"}, + want: []string{"a"}, + }, + { + name: "single duplicates", + in: []string{"a", "a", "a"}, + want: []string{"a"}, + }, + { + name: "multiple", + in: []string{"c", "a", "b"}, + want: []string{"a", "b", "c"}, + }, + { + name: "multiple duplicates", + in: []string{"a", "c", "a", "b", "c", "b", "a"}, + want: []string{"a", "b", "c"}, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equalf(t, tt.want, DeflateSortString(tt.in), "DeflateSortString(%v)", tt.in) + }) + } +} diff --git a/pkg/registry/file/storage.go b/pkg/registry/file/storage.go index e6d55db40..851654b66 100644 --- a/pkg/registry/file/storage.go +++ b/pkg/registry/file/storage.go @@ -16,6 +16,8 @@ import ( "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" + "github.com/kubescape/storage/pkg/apis/softwarecomposition" + "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" "github.com/kubescape/storage/pkg/utils" "github.com/spf13/afero" "go.opentelemetry.io/otel" @@ -25,6 +27,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/conversion" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/storage" ) @@ -56,6 +59,7 @@ type StorageImpl struct { locks utils.MapMutex[string] processor Processor root string + scheme *runtime.Scheme versioner storage.Versioner watchDispatcher *watchDispatcher } @@ -63,6 +67,7 @@ type StorageImpl struct { // StorageQuerier wraps the storage.Interface and adds some extra methods which are used by the storage implementation. type StorageQuerier interface { storage.Interface + CalculateChecksum(in runtime.Object) (string, error) GetByNamespace(ctx context.Context, apiVersion, kind, namespace string, listObj runtime.Object) error GetByCluster(ctx context.Context, apiVersion, kind string, listObj runtime.Object) error } @@ -71,16 +76,17 @@ var _ storage.Interface = &StorageImpl{} var _ StorageQuerier = &StorageImpl{} -func NewStorageImpl(appFs afero.Fs, root string) StorageQuerier { - return NewStorageImplWithCollector(appFs, root, DefaultProcessor{}) +func NewStorageImpl(appFs afero.Fs, root string, scheme *runtime.Scheme) StorageQuerier { + return NewStorageImplWithCollector(appFs, root, scheme, DefaultProcessor{}) } -func NewStorageImplWithCollector(appFs afero.Fs, root string, processor Processor) StorageQuerier { +func NewStorageImplWithCollector(appFs afero.Fs, root string, scheme *runtime.Scheme, processor Processor) StorageQuerier { return &StorageImpl{ appFs: appFs, locks: utils.NewMapMutex[string](), processor: processor, root: root, + scheme: scheme, versioner: storage.APIObjectVersioner{}, watchDispatcher: newWatchDispatcher(), } @@ -169,6 +175,13 @@ func (s *StorageImpl) writeFiles(key string, obj runtime.Object, metaOut runtime } // extract metadata metadata := extractMetadata(obj) + // calculate checksum + checksum, err := s.CalculateChecksum(obj) + if err != nil { + return fmt.Errorf("calculate checksum: %w", err) + } + // add checksum to metadata + metadata.(metav1.Object).GetAnnotations()[helpersv1.SyncChecksumMetadataKey] = checksum // write metadata metadataEncoder := json.NewEncoder(metadataFile) if err := metadataEncoder.Encode(metadata); err != nil { @@ -731,6 +744,34 @@ func (s *StorageImpl) appendJsonObjectFromFile(path string, v reflect.Value) err return nil } +func (s *StorageImpl) CalculateChecksum(in runtime.Object) (string, error) { + // convert to v1beta1 object + obj, err := s.scheme.ConvertToVersion(in, v1beta1.SchemeGroupVersion) + if err != nil { + return "", fmt.Errorf("convert to v1beta1: %w", err) + } + utils.RemoveManagedFields(obj.(metav1.Object)) + // add type meta information to the object + sl := strings.Split(reflect.ValueOf(obj).Elem().Type().String(), ".") + for len(sl) < 2 { + sl = append(sl, "") + } + obj.GetObjectKind().SetGroupVersionKind(schema.GroupVersionKind{ + Group: softwarecomposition.GroupName, + Version: sl[0], + Kind: sl[1], + }) + b, err := json.Marshal(obj) + if err != nil { + return "", fmt.Errorf("marshal object: %w", err) + } + hash, err := utils.CanonicalHash(b) + if err != nil { + return "", fmt.Errorf("calculate checksum: %w", err) + } + return hash, nil +} + func getNamespaceFromKey(key string) string { keySplit := strings.Split(key, "/") if len(keySplit) != 4 { diff --git a/pkg/registry/file/storage_test.go b/pkg/registry/file/storage_test.go index c748d1326..6733b0a4b 100644 --- a/pkg/registry/file/storage_test.go +++ b/pkg/registry/file/storage_test.go @@ -8,9 +8,12 @@ import ( "fmt" "testing" + "github.com/kubescape/storage/pkg/apis/softwarecomposition" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" + "github.com/kubescape/storage/pkg/generated/clientset/versioned/scheme" "github.com/spf13/afero" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apiserver/pkg/storage" @@ -74,7 +77,7 @@ func TestStorageImpl_Count(t *testing.T) { fpath := DefaultStorageRoot + f _ = afero.WriteFile(fs, fpath, []byte(""), 0644) } - s := NewStorageImpl(fs, DefaultStorageRoot) + s := NewStorageImpl(fs, DefaultStorageRoot, nil) got, err := s.Count(tt.key) if (err != nil) != tt.wantErr { t.Errorf("Count() error = %v, wantErr %v", err, tt.wantErr) @@ -116,7 +119,8 @@ func TestStorageImpl_Create(t *testing.T) { key: "/spdx.softwarecomposition.kubescape.io/sbomsyfts/kubescape/toto", obj: &v1beta1.SBOMSyft{ ObjectMeta: v1.ObjectMeta{ - Name: "toto", + Name: "toto", + Annotations: map[string]string{}, }, }, }, @@ -127,6 +131,7 @@ func TestStorageImpl_Create(t *testing.T) { key: "/spdx.softwarecomposition.kubescape.io/sbomsyfts/kubescape/toto", obj: &v1beta1.SBOMSyft{ ObjectMeta: v1.ObjectMeta{ + Annotations: map[string]string{}, Name: "toto", ManagedFields: []v1.ManagedFieldsEntry{{Manager: "node-agent"}}, }, @@ -137,6 +142,9 @@ func TestStorageImpl_Create(t *testing.T) { ObjectMeta: v1.ObjectMeta{ Name: "toto", ResourceVersion: "1", + Annotations: map[string]string{ + "kubescape.io/sync-checksum": "c1cabafe2019d04e697774db7bc943c2d9012ff3ccf5ea78af2179f5558e764d", + }, }, }, }, @@ -149,7 +157,9 @@ func TestStorageImpl_Create(t *testing.T) { } else { fs = afero.NewMemMapFs() } - s := NewStorageImpl(fs, DefaultStorageRoot) + sch := scheme.Scheme + require.NoError(t, softwarecomposition.AddToScheme(sch)) + s := NewStorageImpl(fs, DefaultStorageRoot, sch) err := s.Create(context.TODO(), tt.args.key, tt.args.obj, tt.args.out, tt.args.in4) if tt.wantErr { assert.Error(t, err) @@ -238,7 +248,7 @@ func TestStorageImpl_Delete(t *testing.T) { fpath := getStoredMetadataFilepath(DefaultStorageRoot, tt.args.key) _ = afero.WriteFile(fs, fpath, []byte(tt.content), 0644) } - s := NewStorageImpl(fs, DefaultStorageRoot) + s := NewStorageImpl(fs, DefaultStorageRoot, nil) if err := s.Delete(context.TODO(), tt.args.key, tt.args.out, tt.args.in3, tt.args.in4, tt.args.in5); (err != nil) != tt.wantErr { t.Errorf("Delete() error = %v, wantErr %v", err, tt.wantErr) } @@ -335,9 +345,9 @@ func TestStorageImpl_Get(t *testing.T) { path := getStoredPayloadFilepath(DefaultStorageRoot, tt.args.key) _ = afero.WriteFile(fs, path, []byte(tt.content), 0644) } - s := NewStorageImpl(fs, DefaultStorageRoot) + s := NewStorageImpl(fs, DefaultStorageRoot, nil) if err := s.Get(context.TODO(), tt.args.key, tt.args.opts, tt.args.objPtr); !tt.wantErr(t, err) { - t.Errorf("Get() error = %v, wantErr %v", err, tt.wantErr) + t.Errorf("Get() error = %v, wantErr %v", err, tt.wantErr(t, err)) } if tt.want != nil { assert.Equal(t, tt.want, tt.args.objPtr) @@ -350,20 +360,23 @@ func TestStorageImpl_GetList(t *testing.T) { objs := map[string]runtime.Object{ "/spdx.softwarecomposition.kubescape.io/sbomsyfts/kubescape/toto": &v1beta1.SBOMSyft{ ObjectMeta: v1.ObjectMeta{ - Name: "toto", - Namespace: "kubescape", + Name: "toto", + Namespace: "kubescape", + Annotations: map[string]string{}, }, }, "/spdx.softwarecomposition.kubescape.io/sbomsyfts/kubescape/titi": &v1beta1.SBOMSyft{ ObjectMeta: v1.ObjectMeta{ - Name: "titi", - Namespace: "kubescape", + Name: "titi", + Namespace: "kubescape", + Annotations: map[string]string{}, }, }, "/spdx.softwarecomposition.kubescape.io/sbomsyfts/other/tata": &v1beta1.SBOMSyft{ ObjectMeta: v1.ObjectMeta{ - Name: "tata", - Namespace: "other", + Name: "tata", + Namespace: "other", + Annotations: map[string]string{}, }, }, } @@ -405,7 +418,9 @@ func TestStorageImpl_GetList(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot) + sch := scheme.Scheme + require.NoError(t, softwarecomposition.AddToScheme(sch)) + s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot, sch) for k, v := range objs { err := s.Create(context.Background(), k, v.DeepCopyObject(), nil, 0) assert.NoError(t, err) @@ -422,7 +437,8 @@ func TestStorageImpl_GuaranteedUpdate(t *testing.T) { count := 0 toto := &v1beta1.SBOMSyft{ ObjectMeta: v1.ObjectMeta{ - Name: "toto", + Name: "toto", + Annotations: map[string]string{}, }, Spec: v1beta1.SBOMSyftSpec{ Metadata: v1beta1.SPDXMeta{ @@ -436,6 +452,7 @@ func TestStorageImpl_GuaranteedUpdate(t *testing.T) { ObjectMeta: v1.ObjectMeta{ Name: "toto", ResourceVersion: "1", + Annotations: map[string]string{}, }, Spec: v1beta1.SBOMSyftSpec{ Metadata: v1beta1.SPDXMeta{ @@ -449,6 +466,7 @@ func TestStorageImpl_GuaranteedUpdate(t *testing.T) { ObjectMeta: v1.ObjectMeta{ Name: "toto", ResourceVersion: "3", + Annotations: map[string]string{}, }, Spec: v1beta1.SBOMSyftSpec{ Metadata: v1beta1.SPDXMeta{ @@ -462,6 +480,7 @@ func TestStorageImpl_GuaranteedUpdate(t *testing.T) { ObjectMeta: v1.ObjectMeta{ Name: "toto", ResourceVersion: "1", + Annotations: map[string]string{}, }, Spec: v1beta1.SBOMSyftSpec{ Metadata: v1beta1.SPDXMeta{ @@ -555,7 +574,9 @@ func TestStorageImpl_GuaranteedUpdate(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot) + sch := scheme.Scheme + require.NoError(t, softwarecomposition.AddToScheme(sch)) + s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot, sch) if tt.create { err := s.Create(context.Background(), tt.args.key, toto.DeepCopyObject(), nil, 0) assert.NoError(t, err) @@ -593,14 +614,14 @@ func TestStorageImpl_Versioner(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot) + s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot, nil) assert.Equal(t, tt.want, s.Versioner()) }) } } func BenchmarkWriteFiles(b *testing.B) { - s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot).(*StorageImpl) + s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot, nil).(*StorageImpl) key := "/spdx.softwarecomposition.kubescape.io/sbomsyfts/kubescape/toto" obj := &v1beta1.SBOMSyft{ ObjectMeta: v1.ObjectMeta{ @@ -618,3 +639,48 @@ func BenchmarkWriteFiles(b *testing.B) { } b.ReportAllocs() } + +func Test_calculateChecksum(t *testing.T) { + tests := []struct { + name string + obj runtime.Object + want string + wantErr assert.ErrorAssertionFunc + }{ + { + name: "applicationprofile", + obj: &softwarecomposition.ApplicationProfile{ + ObjectMeta: v1.ObjectMeta{ + Name: "toto", + Namespace: "default", + Annotations: map[string]string{ + "key": "value", + }, + }, + Spec: softwarecomposition.ApplicationProfileSpec{ + Architectures: []string{"amd64"}, + Containers: []softwarecomposition.ApplicationProfileContainer{{ + Name: "nginx", + Execs: []softwarecomposition.ExecCalls{{ + Path: "/usr/sbin/nginx", + }}, + }}, + }, + }, + want: "5816a857c672b2d147d3c2a4e5c5c86716ec4be951dad16a77c7e760ff15658b", + wantErr: assert.NoError, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + sch := scheme.Scheme + require.NoError(t, softwarecomposition.AddToScheme(sch)) + s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot, sch) + got, err := s.CalculateChecksum(tt.obj) + if !tt.wantErr(t, err, fmt.Sprintf("CalculateChecksum(%v)", tt.obj)) { + return + } + assert.Equalf(t, tt.want, got, "CalculateChecksum(%v)", tt.obj) + }) + } +} diff --git a/pkg/registry/file/vulnerabilitysummarystorage_test.go b/pkg/registry/file/vulnerabilitysummarystorage_test.go index 41f568234..572f2656a 100644 --- a/pkg/registry/file/vulnerabilitysummarystorage_test.go +++ b/pkg/registry/file/vulnerabilitysummarystorage_test.go @@ -6,8 +6,10 @@ import ( "github.com/kubescape/storage/pkg/apis/softwarecomposition" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" + "github.com/kubescape/storage/pkg/generated/clientset/versioned/scheme" "github.com/spf13/afero" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apiserver/pkg/storage" @@ -37,7 +39,7 @@ func TestVulnSummaryStorageImpl_Create(t *testing.T) { wantErr: true, }, } - realStorage := NewStorageImpl(afero.NewMemMapFs(), "/") + realStorage := NewStorageImpl(afero.NewMemMapFs(), "/", nil) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -73,7 +75,7 @@ func TestVulnSummaryStorageImpl_Delete(t *testing.T) { wantErr: true, }, } - realStorage := NewStorageImpl(afero.NewMemMapFs(), "/") + realStorage := NewStorageImpl(afero.NewMemMapFs(), "/", nil) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -105,7 +107,7 @@ func TestVulnSummaryStorageImpl_Watch(t *testing.T) { wantErr: true, }, } - realStorage := NewStorageImpl(afero.NewMemMapFs(), "/") + realStorage := NewStorageImpl(afero.NewMemMapFs(), "/", nil) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -159,7 +161,11 @@ func TestVulnSummaryStorageImpl_GetList(t *testing.T) { }, }, keyCreatedObj: []string{"/spdx.softwarecomposition.kubescape.io/vulnerabilitymanifestsummaries/any/any"}, - createdObj: []*softwarecomposition.VulnerabilityManifestSummary{{}}, + createdObj: []*softwarecomposition.VulnerabilityManifestSummary{{ + ObjectMeta: v1.ObjectMeta{ + Annotations: map[string]string{}, + }, + }}, }, createObj: true, wantErr: false, @@ -228,8 +234,9 @@ func TestVulnSummaryStorageImpl_GetList(t *testing.T) { createdObj: []*softwarecomposition.VulnerabilityManifestSummary{ { ObjectMeta: v1.ObjectMeta{ - Name: "any", - Namespace: "any", + Name: "any", + Namespace: "any", + Annotations: map[string]string{}, }, Spec: softwarecomposition.VulnerabilityManifestSummarySpec{ Severities: softwarecomposition.SeveritySummary{ @@ -242,8 +249,9 @@ func TestVulnSummaryStorageImpl_GetList(t *testing.T) { }, { ObjectMeta: v1.ObjectMeta{ - Name: "any", - Namespace: "many", + Name: "any", + Namespace: "many", + Annotations: map[string]string{}, }, Spec: softwarecomposition.VulnerabilityManifestSummarySpec{ Severities: softwarecomposition.SeveritySummary{ @@ -263,7 +271,9 @@ func TestVulnSummaryStorageImpl_GetList(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { t.Logf("expected scope on entry: %v", tt.args.expectedObj.Items) - realStorage := NewStorageImpl(afero.NewMemMapFs(), "/") + sch := scheme.Scheme + require.NoError(t, softwarecomposition.AddToScheme(sch)) + realStorage := NewStorageImpl(afero.NewMemMapFs(), "/", sch) if tt.createObj { for i, obj := range tt.args.createdObj { err := realStorage.Create(context.TODO(), tt.args.keyCreatedObj[i], obj, nil, 0) @@ -311,7 +321,7 @@ func TestVulnSummaryStorageImpl_GuaranteedUpdate(t *testing.T) { wantErr: true, }, } - realStorage := NewStorageImpl(afero.NewMemMapFs(), "/") + realStorage := NewStorageImpl(afero.NewMemMapFs(), "/", nil) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -343,7 +353,7 @@ func TestVulnSummaryStorageImpl_Count(t *testing.T) { wantErr: true, }, } - realStorage := NewStorageImpl(afero.NewMemMapFs(), "/") + realStorage := NewStorageImpl(afero.NewMemMapFs(), "/", nil) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -392,7 +402,11 @@ func TestVulnSummaryStorageImpl_Get(t *testing.T) { }, }, keyCreatedObj: []string{"/spdx.softwarecomposition.kubescape.io/vulnerabilitymanifestsummaries/any/any"}, - createdObj: []*softwarecomposition.VulnerabilityManifestSummary{{}}, + createdObj: []*softwarecomposition.VulnerabilityManifestSummary{{ + ObjectMeta: v1.ObjectMeta{ + Annotations: map[string]string{}, + }, + }}, }, createObj: true, wantErr: false, }, @@ -420,12 +434,22 @@ func TestVulnSummaryStorageImpl_Get(t *testing.T) { }, }, keyCreatedObj: []string{"/spdx.softwarecomposition.kubescape.io/vulnerabilitymanifestsummaries/any/any", "/spdx.softwarecomposition.kubescape.io/vulnerabilitymanifestsummaries/any/many"}, - createdObj: []*softwarecomposition.VulnerabilityManifestSummary{{}, {}}, + createdObj: []*softwarecomposition.VulnerabilityManifestSummary{{ + ObjectMeta: v1.ObjectMeta{ + Annotations: map[string]string{}, + }, + }, { + ObjectMeta: v1.ObjectMeta{ + Annotations: map[string]string{}, + }, + }}, }, createObj: true, wantErr: false, }, } - realStorage := NewStorageImpl(afero.NewMemMapFs(), "/") + sch := scheme.Scheme + require.NoError(t, softwarecomposition.AddToScheme(sch)) + realStorage := NewStorageImpl(afero.NewMemMapFs(), "/", sch) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/pkg/registry/file/watch_test.go b/pkg/registry/file/watch_test.go index 4386931d7..68219c9e0 100644 --- a/pkg/registry/file/watch_test.go +++ b/pkg/registry/file/watch_test.go @@ -5,9 +5,12 @@ import ( "testing" "time" + "github.com/kubescape/storage/pkg/apis/softwarecomposition" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" + "github.com/kubescape/storage/pkg/generated/clientset/versioned/scheme" "github.com/spf13/afero" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/watch" @@ -79,7 +82,7 @@ func TestFileSystemStorageWatchReturnsDistinctWatchers(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot) + s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot, nil) got1, _ := s.Watch(context.TODO(), tt.args.key, tt.args.opts) got1chan := got1.ResultChan() @@ -100,6 +103,9 @@ func TestFilesystemStorageWatchPublishing(t *testing.T) { obj = &v1beta1.SBOMSyft{ObjectMeta: v1.ObjectMeta{ Name: "some-sbom", ResourceVersion: "1", + Annotations: map[string]string{ + "kubescape.io/sync-checksum": "f01df40a881e487bda097444c66c52f99b821fd6a6a6b69fcde94ed81f3bf4e1", + }, }} ) tt := []struct { @@ -111,14 +117,14 @@ func TestFilesystemStorageWatchPublishing(t *testing.T) { name: "Create should publish to the appropriate single channel", start: map[string]int{keyK: 1}, inputObjects: map[string]*v1beta1.SBOMSyft{ - keyK + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom"}}, + keyK + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom", Annotations: map[string]string{}}}, }, want: map[string][]watch.Event{keyK: {{Type: watch.Added, Object: obj}}}, }, { name: "Create should publish to all watchers on the relevant key", start: map[string]int{keyK: 3}, inputObjects: map[string]*v1beta1.SBOMSyft{ - keyK + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom"}}, + keyK + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom", Annotations: map[string]string{}}}, }, want: map[string][]watch.Event{keyK: { {Type: watch.Added, Object: obj}, @@ -129,21 +135,19 @@ func TestFilesystemStorageWatchPublishing(t *testing.T) { name: "Creating on key different than the watch should produce no event", start: map[string]int{keyK: 3, keyN: 1}, inputObjects: map[string]*v1beta1.SBOMSyft{ - keyN + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom"}}, + keyN + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom", Annotations: map[string]string{}}}, }, - want: map[string][]watch.Event{keyN: {{Type: watch.Added, Object: obj}}, keyK: {}}, }, { name: "Creating on key not being watched should produce no events", start: map[string]int{keyK: 1}, inputObjects: map[string]*v1beta1.SBOMSyft{ - keyN + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom"}}, + keyN + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom", Annotations: map[string]string{}}}, }, - want: map[string][]watch.Event{keyN: {}}, }, { name: "Sending to stopped watch should not produce an event", start: map[string]int{keyN: 3}, inputObjects: map[string]*v1beta1.SBOMSyft{ - keyN + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom"}}, + keyN + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom", Annotations: map[string]string{}}}, }, stopBefore: map[string]int{keyN: 1}, want: map[string][]watch.Event{keyN: { @@ -154,7 +158,7 @@ func TestFilesystemStorageWatchPublishing(t *testing.T) { name: "Stopping watch after send shouldn't deadlock", start: map[string]int{keyN: 3}, inputObjects: map[string]*v1beta1.SBOMSyft{ - keyN + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom"}}, + keyN + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom", Annotations: map[string]string{}}}, }, stopAfter: map[string]int{keyN: 0}, want: map[string][]watch.Event{keyN: { @@ -166,7 +170,7 @@ func TestFilesystemStorageWatchPublishing(t *testing.T) { name: "Stopping watch twice is ok", start: map[string]int{keyN: 3}, inputObjects: map[string]*v1beta1.SBOMSyft{ - keyN + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom"}}, + keyN + "/some-sbom": {ObjectMeta: v1.ObjectMeta{Name: "some-sbom", Annotations: map[string]string{}}}, }, stopBefore: map[string]int{keyN: 1}, stopAfter: map[string]int{keyN: 1}, @@ -178,7 +182,9 @@ func TestFilesystemStorageWatchPublishing(t *testing.T) { for _, tc := range tt { t.Run(tc.name, func(t *testing.T) { - s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot) + sch := scheme.Scheme + require.NoError(t, softwarecomposition.AddToScheme(sch)) + s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot, sch) ctx := context.Background() opts := storage.ListOptions{} @@ -224,7 +230,7 @@ func TestFilesystemStorageWatchPublishing(t *testing.T) { // Assert the expected events for key, wantEvents := range tc.want { - gotEvents := []watch.Event{} + var gotEvents []watch.Event for _, w := range watchers[key] { select { case ev, ok := <-w.ResultChan(): @@ -249,6 +255,7 @@ func TestWatchGuaranteedUpdateProducesMatchingEvents(t *testing.T) { ObjectMeta: v1.ObjectMeta{ Name: "toto", ResourceVersion: "1", + Annotations: map[string]string{}, }, } @@ -290,14 +297,16 @@ func TestWatchGuaranteedUpdateProducesMatchingEvents(t *testing.T) { } for _, tc := range tt { t.Run(tc.name, func(t *testing.T) { - s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot) + sch := scheme.Scheme + require.NoError(t, softwarecomposition.AddToScheme(sch)) + s := NewStorageImpl(afero.NewMemMapFs(), DefaultStorageRoot, sch) opts := storage.ListOptions{} watchers := map[string][]watch.Interface{} for key, watchCount := range tc.inputWatchesByKey { for i := 0; i < watchCount; i++ { - watch, _ := s.Watch(context.TODO(), key, opts) - watchers[key] = append(watchers[key], watch) + wtch, _ := s.Watch(context.TODO(), key, opts) + watchers[key] = append(watchers[key], wtch) } } @@ -305,7 +314,7 @@ func TestWatchGuaranteedUpdateProducesMatchingEvents(t *testing.T) { _ = s.GuaranteedUpdate(context.TODO(), tc.args.key, destination, tc.args.ignoreNotFound, tc.args.preconditions, tc.args.tryUpdate, tc.args.cachedExistingObject) for key, expectedEvents := range tc.expectedEvents { - gotEvents := []watch.Event{} + var gotEvents []watch.Event for _, w := range watchers[key] { select { case ev := <-w.ResultChan(): diff --git a/pkg/utils/synchronizer.go b/pkg/utils/synchronizer.go new file mode 100644 index 000000000..c77e87472 --- /dev/null +++ b/pkg/utils/synchronizer.go @@ -0,0 +1,41 @@ +package utils + +import ( + "encoding/hex" + "fmt" + + "github.com/SergJa/jsonhash" + "go.uber.org/multierr" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +func CanonicalHash(in []byte) (string, error) { + hash, err := jsonhash.CalculateJsonHash(in, []string{ + ".status.conditions", // avoid Pod.status.conditions.lastProbeTime: null + }) + if err != nil { + return "", err + } + return hex.EncodeToString(hash[:]), nil +} + +func RemoveManagedFields(d metav1.Object) { + // Remove managed fields + d.SetManagedFields(nil) + // Remove last-applied-configuration annotation + ann := d.GetAnnotations() + delete(ann, "kubectl.kubernetes.io/last-applied-configuration") + d.SetAnnotations(ann) +} + +func RemoveSpecificFields(d *unstructured.Unstructured, fields [][]string) error { + var errs error + for _, f := range fields { + err := unstructured.SetNestedField(d.Object, nil, f...) + if err != nil { + errs = multierr.Append(errs, fmt.Errorf("failed to remove field %s: %w", f, err)) + } + } + return errs +} diff --git a/pkg/utils/synchronizer_test.go b/pkg/utils/synchronizer_test.go new file mode 100644 index 000000000..663c3e18b --- /dev/null +++ b/pkg/utils/synchronizer_test.go @@ -0,0 +1,123 @@ +package utils + +import ( + "encoding/json" + "os" + "testing" + + "github.com/kinbiko/jsonassert" + "github.com/stretchr/testify/assert" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +func FileContent(path string) []byte { + b, _ := os.ReadFile(path) + return b +} + +func FileToUnstructured(path string) *unstructured.Unstructured { + b, _ := os.ReadFile(path) + u := &unstructured.Unstructured{} + _ = u.UnmarshalJSON(b) + return u +} + +func TestCanonicalHash(t *testing.T) { + tests := []struct { + name string + in []byte + want string + wantErr bool + }{ + { + name: "error", + in: []byte("test"), + wantErr: true, + }, + { + name: "empty", + in: []byte("{}"), + want: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + }, + { + name: "simple", + in: []byte(`{"a":"b"}`), + want: "baf4fd048ca2e8f75d531af13c5869eaa8e38c3020e1dfcebe3c3ac019a3bab2", + }, + { + name: "pod", + in: FileContent("testdata/pod.json"), + want: "1ae52b23166388144c602360fb73dd68736e88943f6e16fab1bf07347484f8e8", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := CanonicalHash(tt.in) + if (err != nil) != tt.wantErr { + t.Errorf("CanonicalHash() error = %v, wantErr %v", err, tt.wantErr) + return + } + assert.Equal(t, tt.want, got) + }) + } +} + +func TestRemoveManagedFields(t *testing.T) { + tests := []struct { + name string + obj *unstructured.Unstructured + want []byte + }{ + { + name: "Remove fields from networkPolicy", + obj: FileToUnstructured("testdata/networkPolicy.json"), + want: FileContent("testdata/networkPolicyCleaned.json"), + }, + { + name: "Do nothing if no managedFields", + obj: FileToUnstructured("testdata/pod.json"), + want: FileContent("testdata/pod.json"), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + RemoveManagedFields(tt.obj) + ja := jsonassert.New(t) + b, err := json.Marshal(tt.obj.Object) + assert.NoError(t, err) + ja.Assertf(string(b), string(tt.want)) + }) + } +} + +func TestRemoveSpecificFields(t *testing.T) { + tests := []struct { + name string + fields [][]string + obj *unstructured.Unstructured + want []byte + }{ + { + name: "remove fields from node", + fields: [][]string{{"status", "conditions"}}, + obj: FileToUnstructured("testdata/node.json"), + want: FileContent("testdata/nodeCleaned.json"), + }, + { + name: "remove no fields from pod", + fields: [][]string{}, + obj: FileToUnstructured("testdata/pod.json"), + want: FileContent("testdata/pod.json"), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := RemoveSpecificFields(tt.obj, tt.fields) + assert.NoError(t, err) + ja := jsonassert.New(t) + b, err := json.Marshal(tt.obj.Object) + assert.NoError(t, err) + ja.Assertf(string(b), string(tt.want)) + }) + } +} diff --git a/pkg/utils/testdata/networkPolicy.json b/pkg/utils/testdata/networkPolicy.json new file mode 100644 index 000000000..d26856d1a --- /dev/null +++ b/pkg/utils/testdata/networkPolicy.json @@ -0,0 +1,83 @@ +{ + "kind": "NetworkPolicy", + "apiVersion": "networking.k8s.io/v1", + "metadata": { + "name": "argocd-dex-server-network-policy", + "namespace": "argocd", + "uid": "1976d83a-4745-4e2b-8e43-799b15e7b4a2", + "resourceVersion": "856454", + "generation": 1, + "creationTimestamp": "2023-12-21T15:11:15Z", + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"NetworkPolicy\",\"metadata\":{\"annotations\":{},\"name\":\"argocd-dex-server-network-policy\",\"namespace\":\"argocd\"},\"spec\":{\"ingress\":[{\"from\":[{\"podSelector\":{\"matchLabels\":{\"app.kubernetes.io/name\":\"argocd-server\"}}}],\"ports\":[{\"port\":5556,\"protocol\":\"TCP\"},{\"port\":5557,\"protocol\":\"TCP\"}]},{\"from\":[{\"namespaceSelector\":{}}],\"ports\":[{\"port\":5558,\"protocol\":\"TCP\"}]}],\"podSelector\":{\"matchLabels\":{\"app.kubernetes.io/name\":\"argocd-dex-server\"}},\"policyTypes\":[\"Ingress\"]}}\n" + }, + "managedFields": [ + { + "manager": "kubectl-client-side-apply", + "operation": "Update", + "apiVersion": "networking.k8s.io/v1", + "time": "2023-12-21T15:11:15Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:kubectl.kubernetes.io/last-applied-configuration": {} + } + }, + "f:spec": { + "f:ingress": {}, + "f:podSelector": {}, + "f:policyTypes": {} + } + } + } + ] + }, + "spec": { + "podSelector": { + "matchLabels": { + "app.kubernetes.io/name": "argocd-dex-server" + } + }, + "ingress": [ + { + "ports": [ + { + "protocol": "TCP", + "port": 5556 + }, + { + "protocol": "TCP", + "port": 5557 + } + ], + "from": [ + { + "podSelector": { + "matchLabels": { + "app.kubernetes.io/name": "argocd-server" + } + } + } + ] + }, + { + "ports": [ + { + "protocol": "TCP", + "port": 5558 + } + ], + "from": [ + { + "namespaceSelector": {} + } + ] + } + ], + "policyTypes": [ + "Ingress" + ] + } +} diff --git a/pkg/utils/testdata/networkPolicyCleaned.json b/pkg/utils/testdata/networkPolicyCleaned.json new file mode 100644 index 000000000..950d423e8 --- /dev/null +++ b/pkg/utils/testdata/networkPolicyCleaned.json @@ -0,0 +1,59 @@ +{ + "kind": "NetworkPolicy", + "apiVersion": "networking.k8s.io/v1", + "metadata": { + "name": "argocd-dex-server-network-policy", + "namespace": "argocd", + "uid": "1976d83a-4745-4e2b-8e43-799b15e7b4a2", + "resourceVersion": "856454", + "generation": 1, + "creationTimestamp": "2023-12-21T15:11:15Z", + "annotations": {} + }, + "spec": { + "podSelector": { + "matchLabels": { + "app.kubernetes.io/name": "argocd-dex-server" + } + }, + "ingress": [ + { + "ports": [ + { + "protocol": "TCP", + "port": 5556 + }, + { + "protocol": "TCP", + "port": 5557 + } + ], + "from": [ + { + "podSelector": { + "matchLabels": { + "app.kubernetes.io/name": "argocd-server" + } + } + } + ] + }, + { + "ports": [ + { + "protocol": "TCP", + "port": 5558 + } + ], + "from": [ + { + "namespaceSelector": {} + } + ] + } + ], + "policyTypes": [ + "Ingress" + ] + } +} diff --git a/pkg/utils/testdata/node.json b/pkg/utils/testdata/node.json new file mode 100644 index 000000000..a96da91f0 --- /dev/null +++ b/pkg/utils/testdata/node.json @@ -0,0 +1,435 @@ +{ + "apiVersion": "v1", + "kind": "Node", + "metadata": { + "annotations": { + "alpha.kubernetes.io/provided-node-ip": "10.1.17.10", + "csi.volume.kubernetes.io/nodeid": "{\"ebs.csi.aws.com\":\"i-099ef91944855a3fe\"}", + "node.alpha.kubernetes.io/ttl": "0", + "volumes.kubernetes.io/controller-managed-attach-detach": "true" + }, + "creationTimestamp": "2024-02-22T15:34:14Z", + "labels": { + "beta.kubernetes.io/arch": "amd64", + "beta.kubernetes.io/instance-type": "m5.large", + "beta.kubernetes.io/os": "linux", + "eks.amazonaws.com/capacityType": "ON_DEMAND", + "eks.amazonaws.com/nodegroup": "dev-general-purpose", + "eks.amazonaws.com/nodegroup-image": "ami-01e9ddd1133df4709", + "env": "dev", + "failure-domain.beta.kubernetes.io/region": "eu-west-1", + "failure-domain.beta.kubernetes.io/zone": "eu-west-1a", + "k8s.io/cloud-provider-aws": "4f9e76a978be69f0320476d8299e6345", + "kubernetes.io/arch": "amd64", + "kubernetes.io/hostname": "ip-10-1-17-10.eu-west-1.compute.internal", + "kubernetes.io/os": "linux", + "node.kubernetes.io/instance-type": "m5.large", + "provisioner.cast.ai/node-id": "d688acf0-ea8e-4ab0-8f4b-958f3c8145c4", + "subgroup": "gp", + "topology.ebs.csi.aws.com/zone": "eu-west-1a", + "topology.kubernetes.io/region": "eu-west-1", + "topology.kubernetes.io/zone": "eu-west-1a" + }, + "name": "ip-10-1-17-10.eu-west-1.compute.internal", + "resourceVersion": "748258858", + "uid": "820a5099-c22f-4826-82e9-a3596c778e90" + }, + "spec": { + "providerID": "aws:///eu-west-1a/i-099ef91944855a3fe" + }, + "status": { + "addresses": [ + { + "address": "10.1.17.10", + "type": "InternalIP" + }, + { + "address": "18.201.14.225", + "type": "ExternalIP" + }, + { + "address": "ip-10-1-17-10.eu-west-1.compute.internal", + "type": "Hostname" + }, + { + "address": "ip-10-1-17-10.eu-west-1.compute.internal", + "type": "InternalDNS" + }, + { + "address": "ec2-18-201-14-225.eu-west-1.compute.amazonaws.com", + "type": "ExternalDNS" + } + ], + "allocatable": { + "attachable-volumes-aws-ebs": "25", + "cpu": "1930m", + "ephemeral-storage": "18242267924", + "hugepages-1Gi": "0", + "hugepages-2Mi": "0", + "memory": "7220184Ki", + "pods": "29" + }, + "capacity": { + "attachable-volumes-aws-ebs": "25", + "cpu": "2", + "ephemeral-storage": "20959212Ki", + "hugepages-1Gi": "0", + "hugepages-2Mi": "0", + "memory": "7910360Ki", + "pods": "29" + }, + "conditions": [ + { + "lastHeartbeatTime": "2024-02-29T06:18:37Z", + "lastTransitionTime": "2024-02-22T15:34:13Z", + "message": "kubelet has sufficient memory available", + "reason": "KubeletHasSufficientMemory", + "status": "False", + "type": "MemoryPressure" + }, + { + "lastHeartbeatTime": "2024-02-29T06:18:37Z", + "lastTransitionTime": "2024-02-22T15:34:13Z", + "message": "kubelet has no disk pressure", + "reason": "KubeletHasNoDiskPressure", + "status": "False", + "type": "DiskPressure" + }, + { + "lastHeartbeatTime": "2024-02-29T06:18:37Z", + "lastTransitionTime": "2024-02-22T15:34:13Z", + "message": "kubelet has sufficient PID available", + "reason": "KubeletHasSufficientPID", + "status": "False", + "type": "PIDPressure" + }, + { + "lastHeartbeatTime": "2024-02-29T06:18:37Z", + "lastTransitionTime": "2024-02-22T15:34:30Z", + "message": "kubelet is posting ready status", + "reason": "KubeletReady", + "status": "True", + "type": "Ready" + } + ], + "daemonEndpoints": { + "kubeletEndpoint": { + "Port": 10250 + } + }, + "images": [ + { + "names": [ + "docker.io/apachepulsar/pulsar-all@sha256:fd3e027771f08eb224a3a9e8874514f0f258a0356059120d3f25f151f96506c8", + "docker.io/apachepulsar/pulsar-all:2.10.2" + ], + "sizeBytes": 2648867873 + }, + { + "names": [ + "dreg.armo.cloud:443/portal-backend@sha256:5454525ff0550ef9ccce3db57feabec68183f57f945c69a9634dd7e032084786", + "dreg.armo.cloud:443/portal-backend:1318" + ], + "sizeBytes": 178896658 + }, + { + "names": [ + "docker.io/bitnami/mongodb@sha256:d8c93cb3ab205e9d144ec00ef04d9d8ca733e7b4dd9bc5b4bea5866f47b73bc5", + "docker.io/bitnami/mongodb:4.2.8-debian-10-r33" + ], + "sizeBytes": 174546726 + }, + { + "names": [ + "quay.io/argoproj/argocd@sha256:5f1de1b4d959868c1e006e08d46361c8f019d9730e74bc1feeab8c7b413f1187", + "quay.io/argoproj/argocd:v2.10.1" + ], + "sizeBytes": 169935379 + }, + { + "names": [ + "quay.io/argoproj/argocd@sha256:6a5d0e909b6ad106cef2b7ce73df509b09dc33da9c27e69775c8777084554c52", + "quay.io/argoproj/argocd:v2.7.7" + ], + "sizeBytes": 147277137 + }, + { + "names": [ + "registry.k8s.io/ingress-nginx/controller@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd" + ], + "sizeBytes": 113903192 + }, + { + "names": [ + "docker.io/grafana/agent@sha256:df177cf6e405258fe78a73d164526a57d5239c9e912ec48cd549bb1a533a9344", + "docker.io/grafana/agent:v0.35.2" + ], + "sizeBytes": 88247981 + }, + { + "names": [ + "quay.io/armosec/event-ingester-service@sha256:8d98f7234432e06e11f66857ca6ed434d668171408b84368e77b9a6eaa2a1f86", + "quay.io/armosec/event-ingester-service:rc-v0.0.237-279" + ], + "sizeBytes": 83685504 + }, + { + "names": [ + "quay.io/armosec/event-ingester-service@sha256:e51dde89d01de86614e9b26bc32f05e6803ed968653ad573979bb1e227f96948", + "quay.io/armosec/event-ingester-service:rc-v0.0.236-277" + ], + "sizeBytes": 83684676 + }, + { + "names": [ + "quay.io/armosec/event-ingester-service@sha256:023ec24f24a348f36dea5a02327a864457bfc18f1361167c1a13e56faa7ee5a6", + "quay.io/armosec/event-ingester-service:v0.0.236" + ], + "sizeBytes": 83684647 + }, + { + "names": [ + "dreg.armo.cloud:443/backend-conf-reloader@sha256:c70d7d38f48f50bbf3bcee701c0e7f79a883ea648083847b5be01389ffed4063", + "dreg.armo.cloud:443/backend-conf-reloader:v1.0" + ], + "sizeBytes": 71840316 + }, + { + "names": [ + "quay.io/armosec/backend-conf-reloader@sha256:c2ecba824467482e802c61e80d01220808eeaa5181dba385d4836075b961a574", + "quay.io/armosec/backend-conf-reloader:v1.0" + ], + "sizeBytes": 71838291 + }, + { + "names": [ + "docker.io/grafana/promtail@sha256:626900031c4ea955ef9094bf49386eb4b6928609b5d8aa27df8172342edf1136", + "docker.io/grafana/promtail:2.4.2" + ], + "sizeBytes": 67329843 + }, + { + "names": [ + "602401143452.dkr.ecr-fips.us-east-1.amazonaws.com/amazon-k8s-cni-init:v1.13.2", + "602401143452.dkr.ecr-fips.us-east-1.amazonaws.com/amazon-k8s-cni-init:v1.13.2-eksbuild.1", + "602401143452.dkr.ecr-fips.us-east-2.amazonaws.com/amazon-k8s-cni-init:v1.13.2", + "602401143452.dkr.ecr-fips.us-east-2.amazonaws.com/amazon-k8s-cni-init:v1.13.2-eksbuild.1", + "602401143452.dkr.ecr-fips.us-west-1.amazonaws.com/amazon-k8s-cni-init:v1.13.2" + ], + "sizeBytes": 59663187 + }, + { + "names": [ + "dreg.armo.cloud:443/armo-ui-sonar-predev@sha256:9ad0f7d7526659506c2ece707dda50b0a0d275a8993ab942fdac43be00601e2b", + "dreg.armo.cloud:443/armo-ui-sonar-predev:86" + ], + "sizeBytes": 58791251 + }, + { + "names": [ + "docker.io/bitnami/mongodb-exporter@sha256:2cb375c08d9a7d4d9b4e8f937a2abae05d7daebab19cf699196d47406b905c1c", + "docker.io/bitnami/mongodb-exporter:0.11.0-debian-10-r82" + ], + "sizeBytes": 44347800 + }, + { + "names": [ + "602401143452.dkr.ecr-fips.us-east-1.amazonaws.com/amazon-k8s-cni:v1.13.2", + "602401143452.dkr.ecr-fips.us-east-1.amazonaws.com/amazon-k8s-cni:v1.13.2-eksbuild.1", + "602401143452.dkr.ecr-fips.us-east-2.amazonaws.com/amazon-k8s-cni:v1.13.2", + "602401143452.dkr.ecr-fips.us-east-2.amazonaws.com/amazon-k8s-cni:v1.13.2-eksbuild.1", + "602401143452.dkr.ecr-fips.us-west-1.amazonaws.com/amazon-k8s-cni:v1.13.2" + ], + "sizeBytes": 44059679 + }, + { + "names": [ + "docker.io/grafana/tempo@sha256:4bcaa474c47869039b738395dec656eaa87a4916a9cef69604c6d82cde63b073", + "docker.io/grafana/tempo:2.2.1" + ], + "sizeBytes": 43225658 + }, + { + "names": [ + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/kube-proxy@sha256:60be4699c5a0baa0867490358acad8041f1c981ecfe4d95d7aa35c1a5184cc9b", + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/kube-proxy:v1.24.10-eksbuild.2" + ], + "sizeBytes": 39742300 + }, + { + "names": [ + "quay.io/matthiasb_1/node-agent@sha256:3f17cd9fb5f6aee97a049288117972fb15f5734c85a0d0f5dddac781022e8587" + ], + "sizeBytes": 38353990 + }, + { + "names": [ + "quay.io/armosec/kubecop@sha256:0dac6dc01d12adb917c909a0dae267da0ee06cb4fc85644f50752c972deb38a4", + "quay.io/armosec/kubecop:v0.0.36" + ], + "sizeBytes": 36922588 + }, + { + "names": [ + "ghcr.io/dexidp/dex@sha256:f579d00721b0d842328c43a562f50343c54b0048ef2d58d6b54e750c21fc7938", + "ghcr.io/dexidp/dex:v2.37.0" + ], + "sizeBytes": 32502483 + }, + { + "names": [ + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/aws-ebs-csi-driver@sha256:71885dc32a4a1d7c9a1911589f44dcb92a28551fb60da05b6f2b246e59dac90e", + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/aws-ebs-csi-driver:v1.20.0" + ], + "sizeBytes": 30363212 + }, + { + "names": [ + "quay.io/armosec/dashboard-backend@sha256:ac2825e3cfb2ced4bff86469588dabe05c809ef42de59273122bdb2320955bcc", + "quay.io/armosec/dashboard-backend:rc-v0.0.52-1054" + ], + "sizeBytes": 28959368 + }, + { + "names": [ + "quay.io/armosec/dashboard-backend@sha256:1431c665da35889f497d3ef5742654fc1c50019be0cfc5fd98d97f89f0e61ac0", + "quay.io/armosec/dashboard-backend:rc-v0.0.51-1052", + "quay.io/armosec/dashboard-backend:v0.0.51" + ], + "sizeBytes": 28958156 + }, + { + "names": [ + "quay.io/armosec/dashboard-backend@sha256:47f1e7d95c1e671f2c817ac71581d433c6c44b7963a87b5a2431afee1d49833c", + "quay.io/armosec/dashboard-backend:v0.0.50" + ], + "sizeBytes": 28904211 + }, + { + "names": [ + "docker.io/fission/fission-bundle@sha256:3c50884b04ca48a1f0f8afcc8d107037fb9079af2421294d4aba1370832c6b3d", + "docker.io/fission/fission-bundle:v1.15.1" + ], + "sizeBytes": 21561920 + }, + { + "names": [ + "dreg.armo.cloud:443/dashboard-event-receiver@sha256:f68a1d2ad46f564ae553bf52ce67f0676437aed25298d537f77dcf12b4c3dbe0", + "dreg.armo.cloud:443/dashboard-event-receiver:284" + ], + "sizeBytes": 16393386 + }, + { + "names": [ + "quay.io/armosec/kubescape-config-service@sha256:4a7574ecfe0ae0431fed6f25431c5e8dac1480a3a70192cf4c6450b1788a7914", + "quay.io/armosec/kubescape-config-service:rc-v0.0.102-109" + ], + "sizeBytes": 15650719 + }, + { + "names": [ + "quay.io/armosec/kubescape-config-service@sha256:c9f4d1e46b2c20e887440306d0fbde3032aed41c4d413329aafc9abb77d4c8b3", + "quay.io/armosec/kubescape-config-service:rc-v0.0.102-110" + ], + "sizeBytes": 15650567 + }, + { + "names": [ + "quay.io/armosec/kubescape-config-service@sha256:f5268c58ce29220623e58f37ce2f44bf56659102f1d5703b9d1cbf06d3653a14", + "quay.io/armosec/kubescape-config-service:v0.0.101" + ], + "sizeBytes": 15648171 + }, + { + "names": [ + "quay.io/prometheus/node-exporter@sha256:d2e48098c364e61ee62d9016eed863b66331d87cf67146f2068b70ed9d9b4f98", + "quay.io/prometheus/node-exporter:v1.6.0" + ], + "sizeBytes": 11728452 + }, + { + "names": [ + "quay.io/armosec/users-notification-service@sha256:d90dd66c73eddbcb8720f092e18e2b2e8ce7cf1526a99e5881d388c6c99d441e", + "quay.io/armosec/users-notification-service:v0.0.127" + ], + "sizeBytes": 10896270 + }, + { + "names": [ + "dreg.armo.cloud:443/notification-server@sha256:338c659982df5722c6880bcec91ceb34d3391358a0df41a0b9d22e15d3ece19a", + "dreg.armo.cloud:443/notification-server:92" + ], + "sizeBytes": 6959386 + }, + { + "names": [ + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/csi-node-driver-registrar@sha256:74e13dfff1d73b0e39ae5883b5843d1672258b34f7d4757995c72d92a26bed1e", + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/csi-node-driver-registrar:v2.8.0-eks-1-27-3" + ], + "sizeBytes": 6651094 + }, + { + "names": [ + "quay.io/kubescape/host-scanner@sha256:89fe7df48898769110dc6fb96050c3a8f58dd8d8dbc795b21471bb68148516f2", + "quay.io/kubescape/host-scanner:v1.0.66" + ], + "sizeBytes": 6472151 + }, + { + "names": [ + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/livenessprobe@sha256:25b4d3f9cf686ac464a742ead16e705da3adcfe574296dd75c5c05ec7473a513", + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/livenessprobe:v2.10.0-eks-1-27-3" + ], + "sizeBytes": 6178396 + }, + { + "names": [ + "docker.io/library/busybox@sha256:6d9ac9237a84afe1516540f40a0fafdc86859b2141954b4d643af7066d598b74", + "docker.io/library/busybox:latest" + ], + "sizeBytes": 2231050 + }, + { + "names": [ + "602401143452.dkr.ecr-fips.us-east-1.amazonaws.com/eks/pause:3.5", + "602401143452.dkr.ecr-fips.us-east-2.amazonaws.com/eks/pause:3.5", + "602401143452.dkr.ecr-fips.us-west-1.amazonaws.com/eks/pause:3.5", + "602401143452.dkr.ecr-fips.us-west-2.amazonaws.com/eks/pause:3.5", + "602401143452.dkr.ecr.af-south-1.amazonaws.com/eks/pause:3.5" + ], + "sizeBytes": 298689 + } + ], + "nodeInfo": { + "architecture": "amd64", + "bootID": "735e07e4-2d03-4374-b81f-dc194db90a92", + "containerRuntimeVersion": "containerd://1.6.19", + "kernelVersion": "5.10.184-175.731.amzn2.x86_64", + "kubeProxyVersion": "v1.24.13-eks-0a21954", + "kubeletVersion": "v1.24.13-eks-0a21954", + "machineID": "ec280c68e1518670527543983845f958", + "operatingSystem": "linux", + "osImage": "Amazon Linux 2", + "systemUUID": "ec280c68-e151-8670-5275-43983845f958" + }, + "volumesAttached": [ + { + "devicePath": "", + "name": "kubernetes.io/csi/ebs.csi.aws.com^vol-04274721dcf507828" + }, + { + "devicePath": "", + "name": "kubernetes.io/csi/ebs.csi.aws.com^vol-002f3eb275d4677e9" + }, + { + "devicePath": "", + "name": "kubernetes.io/csi/ebs.csi.aws.com^vol-0431d2091bea4aff6" + } + ], + "volumesInUse": [ + "kubernetes.io/csi/ebs.csi.aws.com^vol-002f3eb275d4677e9", + "kubernetes.io/csi/ebs.csi.aws.com^vol-04274721dcf507828", + "kubernetes.io/csi/ebs.csi.aws.com^vol-0431d2091bea4aff6" + ] + } +} diff --git a/pkg/utils/testdata/nodeCleaned.json b/pkg/utils/testdata/nodeCleaned.json new file mode 100644 index 000000000..92e307061 --- /dev/null +++ b/pkg/utils/testdata/nodeCleaned.json @@ -0,0 +1,402 @@ +{ + "apiVersion": "v1", + "kind": "Node", + "metadata": { + "annotations": { + "alpha.kubernetes.io/provided-node-ip": "10.1.17.10", + "csi.volume.kubernetes.io/nodeid": "{\"ebs.csi.aws.com\":\"i-099ef91944855a3fe\"}", + "node.alpha.kubernetes.io/ttl": "0", + "volumes.kubernetes.io/controller-managed-attach-detach": "true" + }, + "creationTimestamp": "2024-02-22T15:34:14Z", + "labels": { + "beta.kubernetes.io/arch": "amd64", + "beta.kubernetes.io/instance-type": "m5.large", + "beta.kubernetes.io/os": "linux", + "eks.amazonaws.com/capacityType": "ON_DEMAND", + "eks.amazonaws.com/nodegroup": "dev-general-purpose", + "eks.amazonaws.com/nodegroup-image": "ami-01e9ddd1133df4709", + "env": "dev", + "failure-domain.beta.kubernetes.io/region": "eu-west-1", + "failure-domain.beta.kubernetes.io/zone": "eu-west-1a", + "k8s.io/cloud-provider-aws": "4f9e76a978be69f0320476d8299e6345", + "kubernetes.io/arch": "amd64", + "kubernetes.io/hostname": "ip-10-1-17-10.eu-west-1.compute.internal", + "kubernetes.io/os": "linux", + "node.kubernetes.io/instance-type": "m5.large", + "provisioner.cast.ai/node-id": "d688acf0-ea8e-4ab0-8f4b-958f3c8145c4", + "subgroup": "gp", + "topology.ebs.csi.aws.com/zone": "eu-west-1a", + "topology.kubernetes.io/region": "eu-west-1", + "topology.kubernetes.io/zone": "eu-west-1a" + }, + "name": "ip-10-1-17-10.eu-west-1.compute.internal", + "resourceVersion": "748258858", + "uid": "820a5099-c22f-4826-82e9-a3596c778e90" + }, + "spec": { + "providerID": "aws:///eu-west-1a/i-099ef91944855a3fe" + }, + "status": { + "addresses": [ + { + "address": "10.1.17.10", + "type": "InternalIP" + }, + { + "address": "18.201.14.225", + "type": "ExternalIP" + }, + { + "address": "ip-10-1-17-10.eu-west-1.compute.internal", + "type": "Hostname" + }, + { + "address": "ip-10-1-17-10.eu-west-1.compute.internal", + "type": "InternalDNS" + }, + { + "address": "ec2-18-201-14-225.eu-west-1.compute.amazonaws.com", + "type": "ExternalDNS" + } + ], + "allocatable": { + "attachable-volumes-aws-ebs": "25", + "cpu": "1930m", + "ephemeral-storage": "18242267924", + "hugepages-1Gi": "0", + "hugepages-2Mi": "0", + "memory": "7220184Ki", + "pods": "29" + }, + "capacity": { + "attachable-volumes-aws-ebs": "25", + "cpu": "2", + "ephemeral-storage": "20959212Ki", + "hugepages-1Gi": "0", + "hugepages-2Mi": "0", + "memory": "7910360Ki", + "pods": "29" + }, + "conditions": null, + "daemonEndpoints": { + "kubeletEndpoint": { + "Port": 10250 + } + }, + "images": [ + { + "names": [ + "docker.io/apachepulsar/pulsar-all@sha256:fd3e027771f08eb224a3a9e8874514f0f258a0356059120d3f25f151f96506c8", + "docker.io/apachepulsar/pulsar-all:2.10.2" + ], + "sizeBytes": 2648867873 + }, + { + "names": [ + "dreg.armo.cloud:443/portal-backend@sha256:5454525ff0550ef9ccce3db57feabec68183f57f945c69a9634dd7e032084786", + "dreg.armo.cloud:443/portal-backend:1318" + ], + "sizeBytes": 178896658 + }, + { + "names": [ + "docker.io/bitnami/mongodb@sha256:d8c93cb3ab205e9d144ec00ef04d9d8ca733e7b4dd9bc5b4bea5866f47b73bc5", + "docker.io/bitnami/mongodb:4.2.8-debian-10-r33" + ], + "sizeBytes": 174546726 + }, + { + "names": [ + "quay.io/argoproj/argocd@sha256:5f1de1b4d959868c1e006e08d46361c8f019d9730e74bc1feeab8c7b413f1187", + "quay.io/argoproj/argocd:v2.10.1" + ], + "sizeBytes": 169935379 + }, + { + "names": [ + "quay.io/argoproj/argocd@sha256:6a5d0e909b6ad106cef2b7ce73df509b09dc33da9c27e69775c8777084554c52", + "quay.io/argoproj/argocd:v2.7.7" + ], + "sizeBytes": 147277137 + }, + { + "names": [ + "registry.k8s.io/ingress-nginx/controller@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd" + ], + "sizeBytes": 113903192 + }, + { + "names": [ + "docker.io/grafana/agent@sha256:df177cf6e405258fe78a73d164526a57d5239c9e912ec48cd549bb1a533a9344", + "docker.io/grafana/agent:v0.35.2" + ], + "sizeBytes": 88247981 + }, + { + "names": [ + "quay.io/armosec/event-ingester-service@sha256:8d98f7234432e06e11f66857ca6ed434d668171408b84368e77b9a6eaa2a1f86", + "quay.io/armosec/event-ingester-service:rc-v0.0.237-279" + ], + "sizeBytes": 83685504 + }, + { + "names": [ + "quay.io/armosec/event-ingester-service@sha256:e51dde89d01de86614e9b26bc32f05e6803ed968653ad573979bb1e227f96948", + "quay.io/armosec/event-ingester-service:rc-v0.0.236-277" + ], + "sizeBytes": 83684676 + }, + { + "names": [ + "quay.io/armosec/event-ingester-service@sha256:023ec24f24a348f36dea5a02327a864457bfc18f1361167c1a13e56faa7ee5a6", + "quay.io/armosec/event-ingester-service:v0.0.236" + ], + "sizeBytes": 83684647 + }, + { + "names": [ + "dreg.armo.cloud:443/backend-conf-reloader@sha256:c70d7d38f48f50bbf3bcee701c0e7f79a883ea648083847b5be01389ffed4063", + "dreg.armo.cloud:443/backend-conf-reloader:v1.0" + ], + "sizeBytes": 71840316 + }, + { + "names": [ + "quay.io/armosec/backend-conf-reloader@sha256:c2ecba824467482e802c61e80d01220808eeaa5181dba385d4836075b961a574", + "quay.io/armosec/backend-conf-reloader:v1.0" + ], + "sizeBytes": 71838291 + }, + { + "names": [ + "docker.io/grafana/promtail@sha256:626900031c4ea955ef9094bf49386eb4b6928609b5d8aa27df8172342edf1136", + "docker.io/grafana/promtail:2.4.2" + ], + "sizeBytes": 67329843 + }, + { + "names": [ + "602401143452.dkr.ecr-fips.us-east-1.amazonaws.com/amazon-k8s-cni-init:v1.13.2", + "602401143452.dkr.ecr-fips.us-east-1.amazonaws.com/amazon-k8s-cni-init:v1.13.2-eksbuild.1", + "602401143452.dkr.ecr-fips.us-east-2.amazonaws.com/amazon-k8s-cni-init:v1.13.2", + "602401143452.dkr.ecr-fips.us-east-2.amazonaws.com/amazon-k8s-cni-init:v1.13.2-eksbuild.1", + "602401143452.dkr.ecr-fips.us-west-1.amazonaws.com/amazon-k8s-cni-init:v1.13.2" + ], + "sizeBytes": 59663187 + }, + { + "names": [ + "dreg.armo.cloud:443/armo-ui-sonar-predev@sha256:9ad0f7d7526659506c2ece707dda50b0a0d275a8993ab942fdac43be00601e2b", + "dreg.armo.cloud:443/armo-ui-sonar-predev:86" + ], + "sizeBytes": 58791251 + }, + { + "names": [ + "docker.io/bitnami/mongodb-exporter@sha256:2cb375c08d9a7d4d9b4e8f937a2abae05d7daebab19cf699196d47406b905c1c", + "docker.io/bitnami/mongodb-exporter:0.11.0-debian-10-r82" + ], + "sizeBytes": 44347800 + }, + { + "names": [ + "602401143452.dkr.ecr-fips.us-east-1.amazonaws.com/amazon-k8s-cni:v1.13.2", + "602401143452.dkr.ecr-fips.us-east-1.amazonaws.com/amazon-k8s-cni:v1.13.2-eksbuild.1", + "602401143452.dkr.ecr-fips.us-east-2.amazonaws.com/amazon-k8s-cni:v1.13.2", + "602401143452.dkr.ecr-fips.us-east-2.amazonaws.com/amazon-k8s-cni:v1.13.2-eksbuild.1", + "602401143452.dkr.ecr-fips.us-west-1.amazonaws.com/amazon-k8s-cni:v1.13.2" + ], + "sizeBytes": 44059679 + }, + { + "names": [ + "docker.io/grafana/tempo@sha256:4bcaa474c47869039b738395dec656eaa87a4916a9cef69604c6d82cde63b073", + "docker.io/grafana/tempo:2.2.1" + ], + "sizeBytes": 43225658 + }, + { + "names": [ + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/kube-proxy@sha256:60be4699c5a0baa0867490358acad8041f1c981ecfe4d95d7aa35c1a5184cc9b", + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/kube-proxy:v1.24.10-eksbuild.2" + ], + "sizeBytes": 39742300 + }, + { + "names": [ + "quay.io/matthiasb_1/node-agent@sha256:3f17cd9fb5f6aee97a049288117972fb15f5734c85a0d0f5dddac781022e8587" + ], + "sizeBytes": 38353990 + }, + { + "names": [ + "quay.io/armosec/kubecop@sha256:0dac6dc01d12adb917c909a0dae267da0ee06cb4fc85644f50752c972deb38a4", + "quay.io/armosec/kubecop:v0.0.36" + ], + "sizeBytes": 36922588 + }, + { + "names": [ + "ghcr.io/dexidp/dex@sha256:f579d00721b0d842328c43a562f50343c54b0048ef2d58d6b54e750c21fc7938", + "ghcr.io/dexidp/dex:v2.37.0" + ], + "sizeBytes": 32502483 + }, + { + "names": [ + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/aws-ebs-csi-driver@sha256:71885dc32a4a1d7c9a1911589f44dcb92a28551fb60da05b6f2b246e59dac90e", + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/aws-ebs-csi-driver:v1.20.0" + ], + "sizeBytes": 30363212 + }, + { + "names": [ + "quay.io/armosec/dashboard-backend@sha256:ac2825e3cfb2ced4bff86469588dabe05c809ef42de59273122bdb2320955bcc", + "quay.io/armosec/dashboard-backend:rc-v0.0.52-1054" + ], + "sizeBytes": 28959368 + }, + { + "names": [ + "quay.io/armosec/dashboard-backend@sha256:1431c665da35889f497d3ef5742654fc1c50019be0cfc5fd98d97f89f0e61ac0", + "quay.io/armosec/dashboard-backend:rc-v0.0.51-1052", + "quay.io/armosec/dashboard-backend:v0.0.51" + ], + "sizeBytes": 28958156 + }, + { + "names": [ + "quay.io/armosec/dashboard-backend@sha256:47f1e7d95c1e671f2c817ac71581d433c6c44b7963a87b5a2431afee1d49833c", + "quay.io/armosec/dashboard-backend:v0.0.50" + ], + "sizeBytes": 28904211 + }, + { + "names": [ + "docker.io/fission/fission-bundle@sha256:3c50884b04ca48a1f0f8afcc8d107037fb9079af2421294d4aba1370832c6b3d", + "docker.io/fission/fission-bundle:v1.15.1" + ], + "sizeBytes": 21561920 + }, + { + "names": [ + "dreg.armo.cloud:443/dashboard-event-receiver@sha256:f68a1d2ad46f564ae553bf52ce67f0676437aed25298d537f77dcf12b4c3dbe0", + "dreg.armo.cloud:443/dashboard-event-receiver:284" + ], + "sizeBytes": 16393386 + }, + { + "names": [ + "quay.io/armosec/kubescape-config-service@sha256:4a7574ecfe0ae0431fed6f25431c5e8dac1480a3a70192cf4c6450b1788a7914", + "quay.io/armosec/kubescape-config-service:rc-v0.0.102-109" + ], + "sizeBytes": 15650719 + }, + { + "names": [ + "quay.io/armosec/kubescape-config-service@sha256:c9f4d1e46b2c20e887440306d0fbde3032aed41c4d413329aafc9abb77d4c8b3", + "quay.io/armosec/kubescape-config-service:rc-v0.0.102-110" + ], + "sizeBytes": 15650567 + }, + { + "names": [ + "quay.io/armosec/kubescape-config-service@sha256:f5268c58ce29220623e58f37ce2f44bf56659102f1d5703b9d1cbf06d3653a14", + "quay.io/armosec/kubescape-config-service:v0.0.101" + ], + "sizeBytes": 15648171 + }, + { + "names": [ + "quay.io/prometheus/node-exporter@sha256:d2e48098c364e61ee62d9016eed863b66331d87cf67146f2068b70ed9d9b4f98", + "quay.io/prometheus/node-exporter:v1.6.0" + ], + "sizeBytes": 11728452 + }, + { + "names": [ + "quay.io/armosec/users-notification-service@sha256:d90dd66c73eddbcb8720f092e18e2b2e8ce7cf1526a99e5881d388c6c99d441e", + "quay.io/armosec/users-notification-service:v0.0.127" + ], + "sizeBytes": 10896270 + }, + { + "names": [ + "dreg.armo.cloud:443/notification-server@sha256:338c659982df5722c6880bcec91ceb34d3391358a0df41a0b9d22e15d3ece19a", + "dreg.armo.cloud:443/notification-server:92" + ], + "sizeBytes": 6959386 + }, + { + "names": [ + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/csi-node-driver-registrar@sha256:74e13dfff1d73b0e39ae5883b5843d1672258b34f7d4757995c72d92a26bed1e", + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/csi-node-driver-registrar:v2.8.0-eks-1-27-3" + ], + "sizeBytes": 6651094 + }, + { + "names": [ + "quay.io/kubescape/host-scanner@sha256:89fe7df48898769110dc6fb96050c3a8f58dd8d8dbc795b21471bb68148516f2", + "quay.io/kubescape/host-scanner:v1.0.66" + ], + "sizeBytes": 6472151 + }, + { + "names": [ + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/livenessprobe@sha256:25b4d3f9cf686ac464a742ead16e705da3adcfe574296dd75c5c05ec7473a513", + "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/livenessprobe:v2.10.0-eks-1-27-3" + ], + "sizeBytes": 6178396 + }, + { + "names": [ + "docker.io/library/busybox@sha256:6d9ac9237a84afe1516540f40a0fafdc86859b2141954b4d643af7066d598b74", + "docker.io/library/busybox:latest" + ], + "sizeBytes": 2231050 + }, + { + "names": [ + "602401143452.dkr.ecr-fips.us-east-1.amazonaws.com/eks/pause:3.5", + "602401143452.dkr.ecr-fips.us-east-2.amazonaws.com/eks/pause:3.5", + "602401143452.dkr.ecr-fips.us-west-1.amazonaws.com/eks/pause:3.5", + "602401143452.dkr.ecr-fips.us-west-2.amazonaws.com/eks/pause:3.5", + "602401143452.dkr.ecr.af-south-1.amazonaws.com/eks/pause:3.5" + ], + "sizeBytes": 298689 + } + ], + "nodeInfo": { + "architecture": "amd64", + "bootID": "735e07e4-2d03-4374-b81f-dc194db90a92", + "containerRuntimeVersion": "containerd://1.6.19", + "kernelVersion": "5.10.184-175.731.amzn2.x86_64", + "kubeProxyVersion": "v1.24.13-eks-0a21954", + "kubeletVersion": "v1.24.13-eks-0a21954", + "machineID": "ec280c68e1518670527543983845f958", + "operatingSystem": "linux", + "osImage": "Amazon Linux 2", + "systemUUID": "ec280c68-e151-8670-5275-43983845f958" + }, + "volumesAttached": [ + { + "devicePath": "", + "name": "kubernetes.io/csi/ebs.csi.aws.com^vol-04274721dcf507828" + }, + { + "devicePath": "", + "name": "kubernetes.io/csi/ebs.csi.aws.com^vol-002f3eb275d4677e9" + }, + { + "devicePath": "", + "name": "kubernetes.io/csi/ebs.csi.aws.com^vol-0431d2091bea4aff6" + } + ], + "volumesInUse": [ + "kubernetes.io/csi/ebs.csi.aws.com^vol-002f3eb275d4677e9", + "kubernetes.io/csi/ebs.csi.aws.com^vol-04274721dcf507828", + "kubernetes.io/csi/ebs.csi.aws.com^vol-0431d2091bea4aff6" + ] + } +} diff --git a/pkg/utils/testdata/pod.json b/pkg/utils/testdata/pod.json new file mode 100644 index 000000000..936fe1d2e --- /dev/null +++ b/pkg/utils/testdata/pod.json @@ -0,0 +1,165 @@ +{ + "apiVersion": "v1", + "kind": "Pod", + "metadata": { + "creationTimestamp": "2023-11-15T15:19:53Z", + "generateName": "nginx-748c667d99-", + "labels": { + "app": "nginx", + "pod-template-hash": "748c667d99" + }, + "name": "nginx-748c667d99-6cw4b", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-748c667d99", + "uid": "43aeb5db-771f-4483-9998-9ef1e2eed2ee" + } + ], + "resourceVersion": "129152", + "uid": "aa5e3e8f-2da5-4c38-93c0-210d3280d10f" + }, + "spec": { + "containers": [ + { + "image": "nginx", + "imagePullPolicy": "Always", + "name": "nginx", + "resources": {}, + "terminationMessagePath": "/dev/termination-log", + "terminationMessagePolicy": "File", + "volumeMounts": [ + { + "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount", + "name": "kube-api-access-fszp8", + "readOnly": true + } + ] + } + ], + "dnsPolicy": "ClusterFirst", + "enableServiceLinks": true, + "nodeName": "kind-control-plane", + "preemptionPolicy": "PreemptLowerPriority", + "priority": 0, + "restartPolicy": "Always", + "schedulerName": "default-scheduler", + "securityContext": {}, + "serviceAccount": "default", + "serviceAccountName": "default", + "terminationGracePeriodSeconds": 30, + "tolerations": [ + { + "effect": "NoExecute", + "key": "node.kubernetes.io/not-ready", + "operator": "Exists", + "tolerationSeconds": 300 + }, + { + "effect": "NoExecute", + "key": "node.kubernetes.io/unreachable", + "operator": "Exists", + "tolerationSeconds": 300 + } + ], + "volumes": [ + { + "name": "kube-api-access-fszp8", + "projected": { + "defaultMode": 420, + "sources": [ + { + "serviceAccountToken": { + "expirationSeconds": 3607, + "path": "token" + } + }, + { + "configMap": { + "items": [ + { + "key": "ca.crt", + "path": "ca.crt" + } + ], + "name": "kube-root-ca.crt" + } + }, + { + "downwardAPI": { + "items": [ + { + "fieldRef": { + "apiVersion": "v1", + "fieldPath": "metadata.namespace" + }, + "path": "namespace" + } + ] + } + } + ] + } + } + ] + }, + "status": { + "conditions": [ + { + "lastProbeTime": null, + "lastTransitionTime": "2023-11-15T15:19:53Z", + "status": "True", + "type": "Initialized" + }, + { + "lastProbeTime": null, + "lastTransitionTime": "2023-11-15T15:19:55Z", + "status": "True", + "type": "Ready" + }, + { + "lastProbeTime": null, + "lastTransitionTime": "2023-11-15T15:19:55Z", + "status": "True", + "type": "ContainersReady" + }, + { + "lastProbeTime": null, + "lastTransitionTime": "2023-11-15T15:19:53Z", + "status": "True", + "type": "PodScheduled" + } + ], + "containerStatuses": [ + { + "containerID": "containerd://1bc63d7b22a02c347be84adb772c6991eaa25d56c252d21c8553a1b79ad515c1", + "image": "docker.io/library/nginx:latest", + "imageID": "docker.io/library/nginx@sha256:86e53c4c16a6a276b204b0fd3a8143d86547c967dc8258b3d47c3a21bb68d3c6", + "lastState": {}, + "name": "nginx", + "ready": true, + "restartCount": 0, + "started": true, + "state": { + "running": { + "startedAt": "2023-11-15T15:19:55Z" + } + } + } + ], + "hostIP": "172.18.0.2", + "phase": "Running", + "podIP": "10.244.0.41", + "podIPs": [ + { + "ip": "10.244.0.41" + } + ], + "qosClass": "BestEffort", + "startTime": "2023-11-15T15:19:53Z" + } +}