From 85b6de4b140a2076cdc72626bce2d24aab90c26c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 14:28:31 -0600 Subject: [PATCH 1/4] chore(deps): update grafana chart + sidecar image (#567) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cgr.dev/du-uds-defenseunicorns/k8s-sidecar-fips](https://edu.chainguard.dev/chainguard/chainguard-images/reference/k8s-sidecar-fips/) ([source](https://togithub.com/chainguard-images/images/tree/HEAD/images/k8s-sidecar-fips)) | patch | `1.27.4` -> `1.27.5` | | [ghcr.io/kiwigrid/k8s-sidecar](https://togithub.com/kiwigrid/k8s-sidecar) | patch | `1.27.4` -> `1.27.5` | | [grafana](https://grafana.com) ([source](https://togithub.com/grafana/helm-charts)) | patch | `8.3.2` -> `8.3.5` | | [registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar](https://togithub.com/kiwigrid/k8s-sidecar) ([source](https://repo1.dso.mil/dsop/kiwigrid/k8s-sidecar)) | patch | `1.27.4` -> `1.27.5` | --- ### Release Notes
kiwigrid/k8s-sidecar (ghcr.io/kiwigrid/k8s-sidecar) ### [`v1.27.5`](https://togithub.com/kiwigrid/k8s-sidecar/releases/tag/1.27.5) [Compare Source](https://togithub.com/kiwigrid/k8s-sidecar/compare/1.27.4...1.27.5) ##### 📦 Dependencies - Bump kubernetes from 29.0.0 to 30.1.0 in /src - PR: [#​350](https://togithub.com/kiwigrid/k8s-sidecar/issues/350)
grafana/helm-charts (grafana) ### [`v8.3.5`](https://togithub.com/grafana/helm-charts/releases/tag/grafana-8.3.5) [Compare Source](https://togithub.com/grafana/helm-charts/compare/grafana-8.3.4...grafana-8.3.5) The leading tool for querying and visualizing time series and metrics. #### What's Changed - \[grafana] fix: Add missing version, kind to volumeClaimTemplates by [@​Nickmman](https://togithub.com/Nickmman) in [https://github.com/grafana/helm-charts/pull/3037](https://togithub.com/grafana/helm-charts/pull/3037) #### New Contributors - [@​Nickmman](https://togithub.com/Nickmman) made their first contribution in [https://github.com/grafana/helm-charts/pull/3037](https://togithub.com/grafana/helm-charts/pull/3037) **Full Changelog**: https://github.com/grafana/helm-charts/compare/synthetic-monitoring-agent-0.3.0...grafana-8.3.5 ### [`v8.3.4`](https://togithub.com/grafana/helm-charts/releases/tag/grafana-8.3.4) [Compare Source](https://togithub.com/grafana/helm-charts/compare/grafana-8.3.3...grafana-8.3.4) The leading tool for querying and visualizing time series and metrics. #### What's Changed - \[grafana] TYPO by [@​mattclegg](https://togithub.com/mattclegg) in [https://github.com/grafana/helm-charts/pull/3166](https://togithub.com/grafana/helm-charts/pull/3166) #### New Contributors - [@​mattclegg](https://togithub.com/mattclegg) made their first contribution in [https://github.com/grafana/helm-charts/pull/3166](https://togithub.com/grafana/helm-charts/pull/3166) **Full Changelog**: https://github.com/grafana/helm-charts/compare/loki-distributed-0.79.1...grafana-8.3.4 ### [`v8.3.3`](https://togithub.com/grafana/helm-charts/releases/tag/grafana-8.3.3) [Compare Source](https://togithub.com/grafana/helm-charts/compare/grafana-8.3.2...grafana-8.3.3) The leading tool for querying and visualizing time series and metrics. #### What's Changed - \[grafana] Fixed image renderer network policy namespace selector by [@​elliotcourant](https://togithub.com/elliotcourant) in [https://github.com/grafana/helm-charts/pull/3227](https://togithub.com/grafana/helm-charts/pull/3227) #### New Contributors - [@​elliotcourant](https://togithub.com/elliotcourant) made their first contribution in [https://github.com/grafana/helm-charts/pull/3227](https://togithub.com/grafana/helm-charts/pull/3227) **Full Changelog**: https://github.com/grafana/helm-charts/compare/alloy-0.5.1...grafana-8.3.3
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-core). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- src/grafana/common/zarf.yaml | 2 +- src/grafana/values/registry1-values.yaml | 2 +- src/grafana/values/unicorn-values.yaml | 2 +- src/grafana/values/upstream-values.yaml | 2 +- src/grafana/zarf.yaml | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/grafana/common/zarf.yaml b/src/grafana/common/zarf.yaml index bc614aa15..7107afc13 100644 --- a/src/grafana/common/zarf.yaml +++ b/src/grafana/common/zarf.yaml @@ -14,7 +14,7 @@ components: localPath: ../chart - name: grafana url: https://grafana.github.io/helm-charts/ - version: 8.3.2 + version: 8.3.5 namespace: grafana valuesFiles: - ../values/values.yaml diff --git a/src/grafana/values/registry1-values.yaml b/src/grafana/values/registry1-values.yaml index b32d33a08..c3a08b3ad 100644 --- a/src/grafana/values/registry1-values.yaml +++ b/src/grafana/values/registry1-values.yaml @@ -18,4 +18,4 @@ sidecar: image: registry: registry1.dso.mil repository: ironbank/kiwigrid/k8s-sidecar - tag: 1.27.4 + tag: 1.27.5 diff --git a/src/grafana/values/unicorn-values.yaml b/src/grafana/values/unicorn-values.yaml index 517e3e2a8..f0c8ee4fa 100644 --- a/src/grafana/values/unicorn-values.yaml +++ b/src/grafana/values/unicorn-values.yaml @@ -18,4 +18,4 @@ sidecar: image: registry: cgr.dev repository: du-uds-defenseunicorns/k8s-sidecar-fips - tag: 1.27.4 + tag: 1.27.5 diff --git a/src/grafana/values/upstream-values.yaml b/src/grafana/values/upstream-values.yaml index d711cae7b..171e51bcb 100644 --- a/src/grafana/values/upstream-values.yaml +++ b/src/grafana/values/upstream-values.yaml @@ -3,7 +3,7 @@ sidecar: # -- The Docker registry registry: ghcr.io repository: kiwigrid/k8s-sidecar - tag: 1.27.4 + tag: 1.27.5 image: registry: docker.io diff --git a/src/grafana/zarf.yaml b/src/grafana/zarf.yaml index b68fd6c43..0e96b2685 100644 --- a/src/grafana/zarf.yaml +++ b/src/grafana/zarf.yaml @@ -24,7 +24,7 @@ components: - docker.io/grafana/grafana:11.1.0 - docker.io/curlimages/curl:8.8.0 - docker.io/library/busybox:1.36.1 - - ghcr.io/kiwigrid/k8s-sidecar:1.27.4 + - ghcr.io/kiwigrid/k8s-sidecar:1.27.5 - name: grafana required: true @@ -39,7 +39,7 @@ components: images: - registry1.dso.mil/ironbank/opensource/grafana/grafana:11.1.0 - registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal:9.4 - - registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar:1.27.4 + - registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar:1.27.5 - name: grafana required: true @@ -55,4 +55,4 @@ components: - cgr.dev/du-uds-defenseunicorns/grafana-fips:11.1.0 - cgr.dev/du-uds-defenseunicorns/busybox-fips:1.36.1 - cgr.dev/du-uds-defenseunicorns/curl-fips:8.8.0 - - cgr.dev/du-uds-defenseunicorns/k8s-sidecar-fips:1.27.4 + - cgr.dev/du-uds-defenseunicorns/k8s-sidecar-fips:1.27.5 From e594f1366bb6a920a9cd7a945bc41ae39382f8b8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 15:02:36 -0600 Subject: [PATCH 2/4] chore(deps): update pepr to v0.32.7 (#556) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | | minor | `v0.7.1` -> `v0.8.0` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/defenseunicorns%2fuds-common/v0.8.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/defenseunicorns%2fuds-common/v0.8.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/defenseunicorns%2fuds-common/v0.7.1/v0.8.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/defenseunicorns%2fuds-common/v0.7.1/v0.8.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [pepr](https://togithub.com/defenseunicorns/pepr) | dependencies | patch | [`0.32.6` -> `0.32.7`](https://renovatebot.com/diffs/npm/pepr/0.32.6/0.32.7) | [![age](https://developer.mend.io/api/mc/badges/age/npm/pepr/0.32.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/pepr/0.32.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/pepr/0.32.6/0.32.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pepr/0.32.6/0.32.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [registry1.dso.mil/ironbank/opensource/defenseunicorns/pepr/controller](https://togithub.com/defenseunicorns/pepr) ([source](https://repo1.dso.mil/dsop/opensource/defenseunicorns/pepr/controller)) | | patch | `v0.32.6` -> `v0.32.7` | [![age](https://developer.mend.io/api/mc/badges/age/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.32.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.32.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.32.6/v0.32.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.32.6/v0.32.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [ts-jest](https://kulshekhar.github.io/ts-jest) ([source](https://togithub.com/kulshekhar/ts-jest)) | devDependencies | patch | [`29.2.0` -> `29.2.2`](https://renovatebot.com/diffs/npm/ts-jest/29.2.0/29.2.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/ts-jest/29.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/ts-jest/29.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/ts-jest/29.2.0/29.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/ts-jest/29.2.0/29.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
defenseunicorns/uds-common (defenseunicorns/uds-common) ### [`v0.8.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.8.0) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.7.1...v0.8.0) ##### Features - **compliance:** add support for extra options on compliance validate ([#​170](https://togithub.com/defenseunicorns/uds-common/issues/170)) ([d191505](https://togithub.com/defenseunicorns/uds-common/commit/d19150566784e51f7c8d31b7d37b6915cdacc410)) ##### Bug Fixes - chainguard creds/renovate match ([#​173](https://togithub.com/defenseunicorns/uds-common/issues/173)) ([49401cc](https://togithub.com/defenseunicorns/uds-common/commit/49401cc5c8000a661c6e1bc9e10e42fa6f6e2389)) ##### Miscellaneous - add cgr.dev renovate rule ([#​171](https://togithub.com/defenseunicorns/uds-common/issues/171)) ([68497f9](https://togithub.com/defenseunicorns/uds-common/commit/68497f95ffdccf5802da81f2f0c9a8f7f8fe912c)) - **deps:** update uds common support dependencies ([#​164](https://togithub.com/defenseunicorns/uds-common/issues/164)) ([6c50f47](https://togithub.com/defenseunicorns/uds-common/commit/6c50f47ecd9c75483ab70953d5c31682362377c2)) - **deps:** update uds common support dependencies ([#​169](https://togithub.com/defenseunicorns/uds-common/issues/169)) ([b6a4232](https://togithub.com/defenseunicorns/uds-common/commit/b6a4232cb030f3ea7e66041306b5cfcd9a488a98)) - update CODEOWNERS with more specific permissions ([#​175](https://togithub.com/defenseunicorns/uds-common/issues/175)) ([f2b7220](https://togithub.com/defenseunicorns/uds-common/commit/f2b722051014d64d350bd34ea087e6ffb3daf428))
defenseunicorns/pepr (pepr) ### [`v0.32.7`](https://togithub.com/defenseunicorns/pepr/releases/tag/v0.32.7) [Compare Source](https://togithub.com/defenseunicorns/pepr/compare/v0.32.6...v0.32.7) Preparing for signed releases next release. These are mostly just patches. #### What's Changed - chore: adr for store enhancement by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/933](https://togithub.com/defenseunicorns/pepr/pull/933) - chore: bump actions/download-artifact from 4.1.7 to 4.1.8 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/937](https://togithub.com/defenseunicorns/pepr/pull/937) - chore: bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/934](https://togithub.com/defenseunicorns/pepr/pull/934) - chore: bump chainguard/node-lts from `437a945` to `6d9e76d` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/935](https://togithub.com/defenseunicorns/pepr/pull/935) - chore: bump actions/upload-artifact from 4.3.3 to 4.3.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/936](https://togithub.com/defenseunicorns/pepr/pull/936) - chore: bump ts-jest from 29.1.5 to 29.2.0 in the development-dependencies group by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/941](https://togithub.com/defenseunicorns/pepr/pull/941) - chore: bump chainguard/node-lts from `6d9e76d` to `afddf0f` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/939](https://togithub.com/defenseunicorns/pepr/pull/939) - chore: bump [@​types/ramda](https://togithub.com/types/ramda) from 0.30.0 to 0.30.1 in the production-dependencies group by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/940](https://togithub.com/defenseunicorns/pepr/pull/940) - chore: bump chainguard/node-lts from `afddf0f` to `691fdeb` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/943](https://togithub.com/defenseunicorns/pepr/pull/943) - chore: bump actions/setup-node from 4.0.2 to 4.0.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/942](https://togithub.com/defenseunicorns/pepr/pull/942) - chore: bump chainguard/node-lts from `691fdeb` to `ea8ec8f` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/949](https://togithub.com/defenseunicorns/pepr/pull/949) - chore: bump anchore/scan-action from 3.6.4 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/947](https://togithub.com/defenseunicorns/pepr/pull/947) - chore: bump ts-jest from 29.2.0 to 29.2.2 in the development-dependencies group by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/948](https://togithub.com/defenseunicorns/pepr/pull/948) - chore: bump kubernetes-fluent-client from 2.6.3 to 2.6.4 in the production-dependencies group by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/950](https://togithub.com/defenseunicorns/pepr/pull/950) **Full Changelog**: https://github.com/defenseunicorns/pepr/compare/v0.32.6...v0.32.7
kulshekhar/ts-jest (ts-jest) ### [`v29.2.2`](https://togithub.com/kulshekhar/ts-jest/blob/HEAD/CHANGELOG.md#2922-2024-07-10) [Compare Source](https://togithub.com/kulshekhar/ts-jest/compare/v29.2.1...v29.2.2) ### [`v29.2.1`](https://togithub.com/kulshekhar/ts-jest/blob/HEAD/CHANGELOG.md#2921-2024-07-10) [Compare Source](https://togithub.com/kulshekhar/ts-jest/compare/v29.2.0...v29.2.1)
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-core). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- package-lock.json | 114 +++++++++++++++++++++++++++++++++++++++------- package.json | 4 +- tasks/create.yaml | 4 +- 3 files changed, 101 insertions(+), 21 deletions(-) diff --git a/package-lock.json b/package-lock.json index 60162a983..87677195e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,12 +8,12 @@ "name": "uds-core", "version": "0.5.0", "dependencies": { - "pepr": "0.32.6" + "pepr": "0.32.7" }, "devDependencies": { "@jest/globals": "29.7.0", "jest": "29.7.0", - "ts-jest": "29.2.0" + "ts-jest": "29.2.2" }, "engines": { "node": ">=20.0.0" @@ -1851,11 +1851,12 @@ } }, "node_modules/@types/ramda": { - "version": "0.30.0", - "resolved": "https://registry.npmjs.org/@types/ramda/-/ramda-0.30.0.tgz", - "integrity": "sha512-DQtfqUbSB18iM9NHbQ++kVUDuBWHMr6T2FpW1XTiksYRGjq4WnNPZLt712OEHEBJs7aMyJ68Mf2kGMOP1srVVw==", + "version": "0.30.1", + "resolved": "https://registry.npmjs.org/@types/ramda/-/ramda-0.30.1.tgz", + "integrity": "sha512-aoyF/ADPL6N+/NXXfhPWF+Qj6w1Cql59m9wX0Gi15uyF+bpzXeLd63HPdiTDE2bmLXfNcVufsDPKmbfOrOzTBA==", + "license": "MIT", "dependencies": { - "types-ramda": "^0.30.0" + "types-ramda": "^0.30.1" } }, "node_modules/@types/semver": { @@ -2251,6 +2252,13 @@ "node": ">=8" } }, + "node_modules/async": { + "version": "3.2.5", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "integrity": "sha512-baNZyqaaLhyLVKm/DlvdW051MSgO6b8eVfIezl9E5PqWxFgzLm/wQntEW4zOytVburDEr0JlALEpdOFwvErLsg==", + "dev": true, + "license": "MIT" + }, "node_modules/asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", @@ -2982,6 +2990,22 @@ "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==" }, + "node_modules/ejs": { + "version": "3.1.10", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "jake": "^10.8.5" + }, + "bin": { + "ejs": "bin/cli.js" + }, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/electron-to-chromium": { "version": "1.4.815", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.815.tgz", @@ -3491,6 +3515,39 @@ "node": "^10.12.0 || >=12.0.0" } }, + "node_modules/filelist": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "minimatch": "^5.0.1" + } + }, + "node_modules/filelist/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/filelist/node_modules/minimatch": { + "version": "5.1.6", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/fill-range": { "version": "7.1.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", @@ -4182,6 +4239,25 @@ "@pkgjs/parseargs": "^0.11.0" } }, + "node_modules/jake": { + "version": "10.9.1", + "resolved": "https://registry.npmjs.org/jake/-/jake-10.9.1.tgz", + "integrity": "sha512-61btcOHNnLnsOdtLgA5efqQWjnSi/vow5HbI7HMdKKWqvrKR1bLK3BPlJn9gcSaP2ewuamUSMB5XEy76KUIS2w==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "async": "^3.2.3", + "chalk": "^4.0.2", + "filelist": "^1.0.4", + "minimatch": "^3.1.2" + }, + "bin": { + "jake": "bin/cli.js" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/jest": { "version": "29.7.0", "resolved": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", @@ -4866,9 +4942,10 @@ } }, "node_modules/kubernetes-fluent-client": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/kubernetes-fluent-client/-/kubernetes-fluent-client-2.6.3.tgz", - "integrity": "sha512-JgOp2/Y1rNNPAYKek7wq4qL1DcF/3Bf2a39NRUL2QPhnONcrU1f/on1OPMAzz7vZ4zfH2rluMPE/nmxo5l7QAA==", + "version": "2.6.4", + "resolved": "https://registry.npmjs.org/kubernetes-fluent-client/-/kubernetes-fluent-client-2.6.4.tgz", + "integrity": "sha512-aR8SQDRD4BZA8kjWHKoMghciTfmoQekLsBz7eQy8yY+BQuHzipYALyCINDCdDCbxUQx4LWtINIifRRBm7m57JA==", + "license": "Apache-2.0", "dependencies": { "@kubernetes/client-node": "1.0.0-rc6", "byline": "5.0.0", @@ -5562,14 +5639,15 @@ } }, "node_modules/pepr": { - "version": "0.32.6", - "resolved": "https://registry.npmjs.org/pepr/-/pepr-0.32.6.tgz", - "integrity": "sha512-eX3Kb5ZDKpsG0QIEbXGaTrw+awC+TrajWOSRBc+RvoWtEz+I0c+L6VSRGckMSD9rfAVMqDkx3GsF+DuRDgcD6Q==", + "version": "0.32.7", + "resolved": "https://registry.npmjs.org/pepr/-/pepr-0.32.7.tgz", + "integrity": "sha512-6bm8tx5nxBZ1N4PtH+BzekItIHxeEn21DPut7fWNiGUfFSq6TIe75zKojJ2ERRA1kgeXB3eWucf0K65rKewylg==", + "license": "Apache-2.0", "dependencies": { - "@types/ramda": "0.30.0", + "@types/ramda": "0.30.1", "express": "4.19.2", "fast-json-patch": "3.1.1", - "kubernetes-fluent-client": "2.6.3", + "kubernetes-fluent-client": "2.6.4", "pino": "9.2.0", "pino-pretty": "11.2.1", "prom-client": "15.1.3", @@ -6654,12 +6732,14 @@ } }, "node_modules/ts-jest": { - "version": "29.2.0", - "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.2.0.tgz", - "integrity": "sha512-eFmkE9MG0+oT6nqSOcUwL+2UUmK2IvhhUV8hFDsCHnc++v2WCCbQQZh5vvjsa8sgOY/g9T0325hmkEmi6rninA==", + "version": "29.2.2", + "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.2.2.tgz", + "integrity": "sha512-sSW7OooaKT34AAngP6k1VS669a0HdLxkQZnlC7T76sckGCokXFnvJ3yRlQZGRTAoV5K19HfSgCiSwWOSIfcYlg==", "dev": true, + "license": "MIT", "dependencies": { "bs-logger": "0.x", + "ejs": "^3.0.0", "fast-json-stable-stringify": "2.x", "jest-util": "^29.0.0", "json5": "^2.2.3", diff --git a/package.json b/package.json index 1b7e6beaf..01058fdb8 100644 --- a/package.json +++ b/package.json @@ -36,12 +36,12 @@ "k3d-setup": "k3d cluster delete pepr-dev && k3d cluster create pepr-dev --k3s-arg '--debug@server:0'" }, "dependencies": { - "pepr": "0.32.6" + "pepr": "0.32.7" }, "devDependencies": { "@jest/globals": "29.7.0", "jest": "29.7.0", - "ts-jest": "29.2.0" + "ts-jest": "29.2.2" }, "jest": { "preset": "ts-jest", diff --git a/tasks/create.yaml b/tasks/create.yaml index 93e8f198a..c027a0224 100644 --- a/tasks/create.yaml +++ b/tasks/create.yaml @@ -1,5 +1,5 @@ includes: - - common: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.7.1/tasks/create.yaml + - common: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.8.0/tasks/create.yaml variables: - name: FLAVOR @@ -7,7 +7,7 @@ variables: - name: REGISTRY1_PEPR_IMAGE # renovate: datasource=docker depName=registry1.dso.mil/ironbank/opensource/defenseunicorns/pepr/controller versioning=semver - default: registry1.dso.mil/ironbank/opensource/defenseunicorns/pepr/controller:v0.32.6 + default: registry1.dso.mil/ironbank/opensource/defenseunicorns/pepr/controller:v0.32.7 tasks: - name: standard-package From cacf1b5d8bccd16a8c2381fbd0912715a78a22c2 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Wed, 17 Jul 2024 15:49:06 -0600 Subject: [PATCH 3/4] fix(ci): workflow permissions --- .github/workflows/pull-request-conditionals.yaml | 1 + .github/workflows/test.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/pull-request-conditionals.yaml b/.github/workflows/pull-request-conditionals.yaml index 7d942961a..081d210f6 100644 --- a/.github/workflows/pull-request-conditionals.yaml +++ b/.github/workflows/pull-request-conditionals.yaml @@ -11,6 +11,7 @@ permissions: id-token: write # Needed for OIDC-related operations. contents: read # Allows reading the content of the repository. pull-requests: read # Allows reading pull request metadata. + packages: read # Allows reading the published GHCR packages # Default settings for all run commands in the workflow jobs. defaults: diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 5cf31d631..ebfb38396 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -35,6 +35,7 @@ on: permissions: contents: read id-token: write # This is needed for OIDC federation. + packages: read # Allows reading the published GHCR packages jobs: test: From 5a6b9effca83f4f19344c813cf96d474ff5fdeb4 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 18 Jul 2024 15:30:49 -0600 Subject: [PATCH 4/4] fix(sso): delete orphaned SSO secrets (#578) ## Description Adds generation handling/purging logic to SSO secret flow. Also added jsdoc for the purge function. ## Related Issue Fixes https://github.com/defenseunicorns/uds-core/issues/535 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed --- src/pepr/operator/controllers/keycloak/client-sync.ts | 11 ++++++++++- src/pepr/operator/controllers/utils.ts | 11 +++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/pepr/operator/controllers/keycloak/client-sync.ts b/src/pepr/operator/controllers/keycloak/client-sync.ts index da2042370..ddc17d264 100644 --- a/src/pepr/operator/controllers/keycloak/client-sync.ts +++ b/src/pepr/operator/controllers/keycloak/client-sync.ts @@ -4,7 +4,7 @@ import { UDSConfig } from "../../../config"; import { Component, setupLogger } from "../../../logger"; import { Store } from "../../common"; import { Sso, UDSPackage } from "../../crd"; -import { getOwnerRef } from "../utils"; +import { getOwnerRef, purgeOrphans } from "../utils"; import { Client } from "./types"; let apiURL = @@ -47,6 +47,7 @@ export async function keycloak(pkg: UDSPackage) { // Get the list of clients from the package const clientReqs = pkg.spec?.sso || []; const clients: Map = new Map(); + const generation = (pkg.metadata?.generation ?? 0).toString(); for (const clientReq of clientReqs) { const client = await syncClient(clientReq, pkg); @@ -54,6 +55,12 @@ export async function keycloak(pkg: UDSPackage) { } await purgeSSOClients(pkg, [...clients.keys()]); + // Purge orphaned SSO secrets + try { + await purgeOrphans(generation, pkg.metadata!.namespace!, pkg.metadata!.name!, kind.Secret, log); + } catch (e) { + log.error(e, `Failed to purge orphaned SSO secrets in for ${pkg.metadata!.name!}: ${e}`); + } return clients; } @@ -151,6 +158,7 @@ async function syncClient( } // Create or update the client secret + const generation = (pkg.metadata?.generation ?? 0).toString(); await K8s(kind.Secret).Apply({ metadata: { namespace: pkg.metadata!.namespace, @@ -158,6 +166,7 @@ async function syncClient( name: secretName || name, labels: { "uds/package": pkg.metadata!.name, + "uds/generation": generation, }, // Use the CR as the owner ref for each VirtualService diff --git a/src/pepr/operator/controllers/utils.ts b/src/pepr/operator/controllers/utils.ts index b9c6d0ca3..7bfd9e4cf 100644 --- a/src/pepr/operator/controllers/utils.ts +++ b/src/pepr/operator/controllers/utils.ts @@ -41,6 +41,17 @@ export function getOwnerRef(cr: GenericKind): V1OwnerReference[] { ]; } +/** + * Purges orphaned Kubernetes resources of a specified kind within a namespace that do not match the provided generation. + * + * @template T + * @param {string} generation - The generation label to retain. + * @param {string} namespace - The namespace to search for resources. + * @param {string} pkgName - The package name label to filter resources. + * @param {T} kind - The Kubernetes resource kind to purge. + * @param {Logger} log - Logger instance for logging debug messages. + * @returns {Promise} - A promise that resolves when the operation is complete. + */ export async function purgeOrphans( generation: string, namespace: string,