fix: use latest image in install manifest (kyverno#147)

* fix: use latest image in install manifest

Signed-off-by: Vishal Choudhary <[email protected]>

* fix: bump chainsaw

Signed-off-by: Vishal Choudhary <[email protected]>

* fix: wait time for kyverno

Signed-off-by: Vishal Choudhary <[email protected]>

* fix: rv bug

Signed-off-by: Vishal Choudhary <[email protected]>

* fix: chainsaw version

Signed-off-by: Vishal Choudhary <[email protected]>

---------

Signed-off-by: Vishal Choudhary <[email protected]>
Signed-off-by: Zach Stone <[email protected]>

.github/workflows/conformance-tests.yaml

@@ -82,15 +82,13 @@ jobs:
       - name: Wait for kyverno ready
         run: |
           set -e
-          kubectl wait --namespace kyverno --for=condition=ready pod --selector '!job-name' --timeout=60s
+          kubectl wait --namespace kyverno --for=condition=ready pod --selector '!job-name' --timeout=120s
       - name: API Service status
         run: |
           set -e
           kubectl get apiservices v1alpha2.wgpolicyk8s.io v1.reports.kyverno.io
       - name: Install Chainsaw
-        uses: kyverno/action-install-chainsaw@204730d723e1fd712e54e069031290ba2c1c14bd # v0.1.6
-        with:
-          release: v0.0.9
+        uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
       - name: Test with Chainsaw
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/migration-tests.yaml

@@ -73,7 +73,7 @@ jobs:
       - name: Wait for kyverno ready
         run: |
           set -e
-          kubectl wait --namespace kyverno --for=condition=ready pod --selector '!job-name' --timeout=60s
+          kubectl wait --namespace kyverno --for=condition=ready pod --selector '!job-name' --timeout=120s
       - name: API Service status before migation
         run: |
           set -e
@@ -98,9 +98,7 @@ jobs:
           set -e
           kubectl get apiservices v1alpha2.wgpolicyk8s.io v1.reports.kyverno.io
       - name: Install Chainsaw
-        uses: kyverno/action-install-chainsaw@07b6c986572f2abaf6647c85d37cbecfddc4a6ab # v0.1.3
-        with:
-          release: v0.0.9
+        uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
       - name: Test with Chainsaw
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Makefile

@@ -158,13 +158,15 @@ codegen-helm-docs: ## Generate helm docs
 codegen-install-manifest: $(HELM) ## Create install manifest
 	@echo Generate latest install manifest... >&2
 	@$(HELM) template reports-server --namespace reports-server ./charts/reports-server/ \
+		--set image.tag=latest \
 		--set templating.enabled=true \
  		| $(SED) -e '/^#.*/d' \
 		> ./config/install.yaml
 
 codegen-install-manifest-inmemory: $(HELM) ## Create install manifest without postgres
 	@echo Generate latest install manifest... >&2
 	@$(HELM) template reports-server --namespace reports-server ./charts/reports-server/ \
+		--set image.tag=latest \
 		--set config.debug=true \
 		--set postgresql.enabled=false \
 		--set templating.enabled=true \

config/install-inmemory.yaml

@@ -183,7 +183,7 @@ spec:
             runAsUser: 1000
             seccompProfile:
               type: RuntimeDefault
-          image: "ghcr.io/kyverno/reports-server:v0.1.0-alpha.1"
+          image: "ghcr.io/kyverno/reports-server:latest"
           imagePullPolicy: IfNotPresent
           ports:
             - name: https

config/install.yaml

@@ -278,7 +278,7 @@ spec:
             runAsUser: 1000
             seccompProfile:
               type: RuntimeDefault
-          image: "ghcr.io/kyverno/reports-server:v0.1.0-alpha.1"
+          image: "ghcr.io/kyverno/reports-server:latest"
           imagePullPolicy: IfNotPresent
           ports:
             - name: https

pkg/api/cephr.go

@@ -73,6 +73,10 @@ func (c *cephrStore) List(ctx context.Context, options *metainternalversion.List
 
 	cephrList := &reportsv1.ClusterEphemeralReportList{
 		Items: make([]reportsv1.ClusterEphemeralReport, 0),
+		ListMeta: metav1.ListMeta{
+			// TODO: Fix this!!
+			ResourceVersion: "1",
+		},
 	}
 	for _, cephr := range list.Items {
 		if cephr.Labels == nil {
@@ -119,10 +123,12 @@ func (c *cephrStore) Create(ctx context.Context, obj runtime.Object, createValid
 
 	klog.Infof("creating cluster ephemeral reports name=%s", cephr.Name)
 	if !isDryRun {
-		if err := c.createCephr(cephr); err != nil {
+		r, err := c.createCephr(cephr)
+		if err != nil {
 			return nil, errors.NewBadRequest(fmt.Sprintf("cannot create cluster ephemeral report: %s", err.Error()))
 		}
-		if err := c.broadcaster.Action(watch.Added, obj); err != nil {
+		klog.Info(r.ResourceVersion)
+		if err := c.broadcaster.Action(watch.Added, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 	}
@@ -144,10 +150,11 @@ func (c *cephrStore) Update(ctx context.Context, name string, objInfo rest.Updat
 	}
 	cephr := updatedObject.(*reportsv1.ClusterEphemeralReport)
 	if forceAllowCreate {
-		if err := c.updateCephr(cephr, oldObj); err != nil {
+		r, err := c.updateCephr(cephr, oldObj)
+		if err != nil {
 			klog.ErrorS(err, "failed to update resource")
 		}
-		if err := c.broadcaster.Action(watch.Added, updatedObject); err != nil {
+		if err := c.broadcaster.Action(watch.Added, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 		return updatedObject, true, nil
@@ -174,10 +181,11 @@ func (c *cephrStore) Update(ctx context.Context, name string, objInfo rest.Updat
 
 	klog.Infof("updating cluster ephemeral reports name=%s", cephr.Name)
 	if !isDryRun {
-		if err := c.updateCephr(cephr, oldObj); err != nil {
+		r, err := c.updateCephr(cephr, oldObj)
+		if err != nil {
 			return nil, false, errors.NewBadRequest(fmt.Sprintf("cannot create cluster ephemeral report: %s", err.Error()))
 		}
-		if err := c.broadcaster.Action(watch.Modified, updatedObject); err != nil {
+		if err := c.broadcaster.Action(watch.Modified, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 	}
@@ -302,22 +310,22 @@ func (c *cephrStore) listCephr() (*reportsv1.ClusterEphemeralReportList, error)
 	return reportList, nil
 }
 
-func (c *cephrStore) createCephr(report *reportsv1.ClusterEphemeralReport) error {
+func (c *cephrStore) createCephr(report *reportsv1.ClusterEphemeralReport) (*reportsv1.ClusterEphemeralReport, error) {
 	report.ResourceVersion = fmt.Sprint(1)
 	report.UID = uuid.NewUUID()
 	report.CreationTimestamp = metav1.Now()
 
-	return c.store.ClusterEphemeralReports().Create(context.TODO(), *report)
+	return report, c.store.ClusterEphemeralReports().Create(context.TODO(), *report)
 }
 
-func (c *cephrStore) updateCephr(report *reportsv1.ClusterEphemeralReport, oldReport *reportsv1.ClusterEphemeralReport) error {
+func (c *cephrStore) updateCephr(report *reportsv1.ClusterEphemeralReport, oldReport *reportsv1.ClusterEphemeralReport) (*reportsv1.ClusterEphemeralReport, error) {
 	oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64)
 	if err != nil {
-		return errorpkg.Wrapf(err, "could not parse resource version")
+		return nil, errorpkg.Wrapf(err, "could not parse resource version")
 	}
 	report.ResourceVersion = fmt.Sprint(oldRV + 1)
 
-	return c.store.ClusterEphemeralReports().Update(context.TODO(), *report)
+	return report, c.store.ClusterEphemeralReports().Update(context.TODO(), *report)
 }
 
 func (c *cephrStore) deleteCephr(report *reportsv1.ClusterEphemeralReport) error {

pkg/api/cpolr.go

@@ -73,6 +73,10 @@ func (c *cpolrStore) List(ctx context.Context, options *metainternalversion.List
 
 	cpolrList := &v1alpha2.ClusterPolicyReportList{
 		Items: make([]v1alpha2.ClusterPolicyReport, 0),
+		ListMeta: metav1.ListMeta{
+			// TODO: Fix this!!
+			ResourceVersion: "1",
+		},
 	}
 	for _, cpolr := range list.Items {
 		if cpolr.Labels == nil {
@@ -119,10 +123,11 @@ func (c *cpolrStore) Create(ctx context.Context, obj runtime.Object, createValid
 
 	klog.Infof("creating cluster policy report name=%s", cpolr.Name)
 	if !isDryRun {
-		if err := c.createCpolr(cpolr); err != nil {
+		r, err := c.createCpolr(cpolr)
+		if err != nil {
 			return nil, errors.NewBadRequest(fmt.Sprintf("cannot create cluster policy report: %s", err.Error()))
 		}
-		if err := c.broadcaster.Action(watch.Added, obj); err != nil {
+		if err := c.broadcaster.Action(watch.Added, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 	}
@@ -144,10 +149,11 @@ func (c *cpolrStore) Update(ctx context.Context, name string, objInfo rest.Updat
 	}
 	cpolr := updatedObject.(*v1alpha2.ClusterPolicyReport)
 	if forceAllowCreate {
-		if err := c.updateCpolr(cpolr, oldObj); err != nil {
+		r, err := c.updateCpolr(cpolr, oldObj)
+		if err != nil {
 			klog.ErrorS(err, "failed to update resource")
 		}
-		if err := c.broadcaster.Action(watch.Added, updatedObject); err != nil {
+		if err := c.broadcaster.Action(watch.Added, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 		return updatedObject, true, nil
@@ -174,10 +180,11 @@ func (c *cpolrStore) Update(ctx context.Context, name string, objInfo rest.Updat
 
 	klog.Infof("updating cluster policy report name=%s", cpolr.Name)
 	if !isDryRun {
-		if err := c.updateCpolr(cpolr, oldObj); err != nil {
+		r, err := c.updateCpolr(cpolr, oldObj)
+		if err != nil {
 			return nil, false, errors.NewBadRequest(fmt.Sprintf("cannot create cluster policy report: %s", err.Error()))
 		}
-		if err := c.broadcaster.Action(watch.Modified, updatedObject); err != nil {
+		if err := c.broadcaster.Action(watch.Modified, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 	}
@@ -302,22 +309,22 @@ func (c *cpolrStore) listCpolr() (*v1alpha2.ClusterPolicyReportList, error) {
 	return reportList, nil
 }
 
-func (c *cpolrStore) createCpolr(report *v1alpha2.ClusterPolicyReport) error {
+func (c *cpolrStore) createCpolr(report *v1alpha2.ClusterPolicyReport) (*v1alpha2.ClusterPolicyReport, error) {
 	report.ResourceVersion = fmt.Sprint(1)
 	report.UID = uuid.NewUUID()
 	report.CreationTimestamp = metav1.Now()
 
-	return c.store.ClusterPolicyReports().Create(context.TODO(), *report)
+	return report, c.store.ClusterPolicyReports().Create(context.TODO(), *report)
 }
 
-func (c *cpolrStore) updateCpolr(report *v1alpha2.ClusterPolicyReport, oldReport *v1alpha2.ClusterPolicyReport) error {
+func (c *cpolrStore) updateCpolr(report *v1alpha2.ClusterPolicyReport, oldReport *v1alpha2.ClusterPolicyReport) (*v1alpha2.ClusterPolicyReport, error) {
 	oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64)
 	if err != nil {
-		return errorpkg.Wrapf(err, "could not parse resource version")
+		return nil, errorpkg.Wrapf(err, "could not parse resource version")
 	}
 	report.ResourceVersion = fmt.Sprint(oldRV + 1)
 
-	return c.store.ClusterPolicyReports().Update(context.TODO(), *report)
+	return report, c.store.ClusterPolicyReports().Update(context.TODO(), *report)
 }
 
 func (c *cpolrStore) deleteCpolr(report *v1alpha2.ClusterPolicyReport) error {

pkg/api/ephr.go

@@ -76,6 +76,10 @@ func (p *ephrStore) List(ctx context.Context, options *metainternalversion.ListO
 
 	ephrList := &reportsv1.EphemeralReportList{
 		Items: make([]reportsv1.EphemeralReport, 0),
+		ListMeta: metav1.ListMeta{
+			// TODO: Fix this!!
+			ResourceVersion: "1",
+		},
 	}
 	for _, ephr := range list.Items {
 		if ephr.Labels == nil {
@@ -130,11 +134,11 @@ func (p *ephrStore) Create(ctx context.Context, obj runtime.Object, createValida
 
 	klog.Infof("creating ephemeral reports name=%s namespace=%s", ephr.Name, ephr.Namespace)
 	if !isDryRun {
-		err := p.createEphr(ephr)
+		r, err := p.createEphr(ephr)
 		if err != nil {
 			return nil, errors.NewBadRequest(fmt.Sprintf("cannot create ephemeral report: %s", err.Error()))
 		}
-		if err := p.broadcaster.Action(watch.Added, obj); err != nil {
+		if err := p.broadcaster.Action(watch.Added, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 	}
@@ -158,10 +162,11 @@ func (p *ephrStore) Update(ctx context.Context, name string, objInfo rest.Update
 	ephr := updatedObject.(*reportsv1.EphemeralReport)
 
 	if forceAllowCreate {
-		if err := p.updateEphr(ephr, oldObj); err != nil {
+		r, err := p.updateEphr(ephr, oldObj)
+		if err != nil {
 			klog.ErrorS(err, "failed to update resource")
 		}
-		if err := p.broadcaster.Action(watch.Added, updatedObject); err != nil {
+		if err := p.broadcaster.Action(watch.Added, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 		return updatedObject, true, nil
@@ -192,11 +197,11 @@ func (p *ephrStore) Update(ctx context.Context, name string, objInfo rest.Update
 
 	klog.Infof("updating ephemeral reports name=%s namespace=%s", ephr.Name, ephr.Namespace)
 	if !isDryRun {
-		err := p.updateEphr(ephr, oldObj)
+		r, err := p.updateEphr(ephr, oldObj)
 		if err != nil {
 			return nil, false, errors.NewBadRequest(fmt.Sprintf("cannot create ephemeral report: %s", err.Error()))
 		}
-		if err := p.broadcaster.Action(watch.Modified, updatedObject); err != nil {
+		if err := p.broadcaster.Action(watch.Modified, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 	}
@@ -324,22 +329,22 @@ func (p *ephrStore) listEphr(namespace string) (*reportsv1.EphemeralReportList,
 	return reportList, nil
 }
 
-func (p *ephrStore) createEphr(report *reportsv1.EphemeralReport) error {
+func (p *ephrStore) createEphr(report *reportsv1.EphemeralReport) (*reportsv1.EphemeralReport, error) {
 	report.ResourceVersion = fmt.Sprint(1)
 	report.UID = uuid.NewUUID()
 	report.CreationTimestamp = metav1.Now()
 
-	return p.store.EphemeralReports().Create(context.TODO(), *report)
+	return report, p.store.EphemeralReports().Create(context.TODO(), *report)
 }
 
-func (p *ephrStore) updateEphr(report *reportsv1.EphemeralReport, oldReport *reportsv1.EphemeralReport) error {
+func (p *ephrStore) updateEphr(report *reportsv1.EphemeralReport, oldReport *reportsv1.EphemeralReport) (*reportsv1.EphemeralReport, error) {
 	oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64)
 	if err != nil {
-		return errorpkg.Wrapf(err, "could not parse resource version")
+		return nil, errorpkg.Wrapf(err, "could not parse resource version")
 	}
 	report.ResourceVersion = fmt.Sprint(oldRV + 1)
 
-	return p.store.EphemeralReports().Update(context.TODO(), *report)
+	return report, p.store.EphemeralReports().Update(context.TODO(), *report)
 }
 
 func (p *ephrStore) deleteEphr(report *reportsv1.EphemeralReport) error {

pkg/api/polr.go

@@ -76,6 +76,10 @@ func (p *polrStore) List(ctx context.Context, options *metainternalversion.ListO
 
 	polrList := &v1alpha2.PolicyReportList{
 		Items: make([]v1alpha2.PolicyReport, 0),
+		ListMeta: metav1.ListMeta{
+			// TODO: Fix this!!
+			ResourceVersion: "1",
+		},
 	}
 	for _, polr := range list.Items {
 		if polr.Labels == nil {
@@ -130,11 +134,12 @@ func (p *polrStore) Create(ctx context.Context, obj runtime.Object, createValida
 
 	klog.Infof("creating policy reports name=%s namespace=%s", polr.Name, polr.Namespace)
 	if !isDryRun {
-		err := p.createPolr(polr)
+		r, err := p.createPolr(polr)
 		if err != nil {
 			return nil, errors.NewBadRequest(fmt.Sprintf("cannot create policy report: %s", err.Error()))
 		}
-		if err := p.broadcaster.Action(watch.Added, obj); err != nil {
+		klog.Info(r.ResourceVersion)
+		if err := p.broadcaster.Action(watch.Added, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 	}
@@ -158,10 +163,11 @@ func (p *polrStore) Update(ctx context.Context, name string, objInfo rest.Update
 	polr := updatedObject.(*v1alpha2.PolicyReport)
 
 	if forceAllowCreate {
-		if err := p.updatePolr(polr, oldObj); err != nil {
+		r, err := p.updatePolr(polr, oldObj)
+		if err != nil {
 			klog.ErrorS(err, "failed to update resource")
 		}
-		if err := p.broadcaster.Action(watch.Added, updatedObject); err != nil {
+		if err := p.broadcaster.Action(watch.Added, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 		return updatedObject, true, nil
@@ -192,11 +198,11 @@ func (p *polrStore) Update(ctx context.Context, name string, objInfo rest.Update
 
 	klog.Infof("updating policy reports name=%s namespace=%s", polr.Name, polr.Namespace)
 	if !isDryRun {
-		err := p.updatePolr(polr, oldObj)
+		r, err := p.updatePolr(polr, oldObj)
 		if err != nil {
 			return nil, false, errors.NewBadRequest(fmt.Sprintf("cannot create policy report: %s", err.Error()))
 		}
-		if err := p.broadcaster.Action(watch.Modified, updatedObject); err != nil {
+		if err := p.broadcaster.Action(watch.Modified, r); err != nil {
 			klog.ErrorS(err, "failed to broadcast event")
 		}
 	}
@@ -324,22 +330,22 @@ func (p *polrStore) listPolr(namespace string) (*v1alpha2.PolicyReportList, erro
 	return reportList, nil
 }
 
-func (p *polrStore) createPolr(report *v1alpha2.PolicyReport) error {
+func (p *polrStore) createPolr(report *v1alpha2.PolicyReport) (*v1alpha2.PolicyReport, error) {
 	report.ResourceVersion = fmt.Sprint(1)
 	report.UID = uuid.NewUUID()
 	report.CreationTimestamp = metav1.Now()
 
-	return p.store.PolicyReports().Create(context.TODO(), *report)
+	return report, p.store.PolicyReports().Create(context.TODO(), *report)
 }
 
-func (p *polrStore) updatePolr(report *v1alpha2.PolicyReport, oldReport *v1alpha2.PolicyReport) error {
+func (p *polrStore) updatePolr(report *v1alpha2.PolicyReport, oldReport *v1alpha2.PolicyReport) (*v1alpha2.PolicyReport, error) {
 	oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64)
 	if err != nil {
-		return errorpkg.Wrapf(err, "could not parse resource version")
+		return nil, errorpkg.Wrapf(err, "could not parse resource version")
 	}
 	report.ResourceVersion = fmt.Sprint(oldRV + 1)
 
-	return p.store.PolicyReports().Update(context.TODO(), *report)
+	return report, p.store.PolicyReports().Update(context.TODO(), *report)
 }
 
 func (p *polrStore) deletePolr(report *v1alpha2.PolicyReport) error {