Update PolicyReporter to 2.22.4

Replace results in existing PolicyReport instead of appending to them.

operator/charts/netchecks/Chart.yaml

@@ -6,13 +6,13 @@ icon: https://raw.githubusercontent.com/hardbyte/netchecks/main/.github/logo.png
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.14
+version: 0.1.15
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.5.1"
+appVersion: "0.5.2"
 sources:
   - https://github.com/hardbyte/netchecks
 maintainers:
@@ -78,6 +78,6 @@ annotations:
               message: Http request to Kubernetes API should succeed.
 dependencies:
   - name: policy-reporter
-    version: 2.19.4
+    version: 2.22.4
     repository: https://kyverno.github.io/policy-reporter
     condition: policy-reporter.enabled

operator/examples/value-in-configmap.yaml

@@ -9,7 +9,6 @@ apiVersion: netchecks.io/v1
 kind: NetworkAssertion
 metadata:
   name: k8s-config-check
-  namespace: default
   annotations:
     description: Assert probe can access configmap data
 spec:

operator/netchecks_operator/main.py

@@ -473,17 +473,18 @@ def upsert_policy_report(probe_results, assertion_name, namespace, pod_name):
         # ]
 
         # Instead we use a JSON Merge Patch syntax (with the entire existing body)
+        # Replace the summary
         summary_json_merge_patch_body = {
             k: report_summary[k] if k in report_summary else None for k in "pass fail warn error skip".split()
         }
         policy_report_body["summary"] = summary_json_merge_patch_body
 
-        # Append the new results to the existing results
-        policy_report_body["results"] = policy_report["results"] + report_results
+        # Replace the results (old ones are policy_report["results"])
+        policy_report_body["results"] = report_results
 
         # Limit the number of results to the configured maximum
-        logger.info("Max limit", max_results=settings.policy_report_max_results)
         if len(policy_report_body["results"]) > settings.policy_report_max_results:
+            logger.info("Truncating PolicyReport results", max_results=settings.policy_report_max_results)
             policy_report_body["results"] = policy_report_body["results"][-settings.policy_report_max_results :]
 
         crd_api.patch_namespaced_custom_object(

operator/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "netcheck-operator"
-version = "0.5.1"
+version = "0.5.2"
 description = "Netcheck is a cloud native tool for specifying and regularly checking assertions about network conditions. Organisations use netcheck to proactively verify whether security controls are working as intended, alerting them to misconfiguration and potential threats."
 authors = ["Brian Thorne <[email protected]>"]
 readme = "README.md"

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "netcheck"
-version = "0.5.1"
+version = "0.5.2"
 description = "Netchecks is a cloud native tool for specifying and regularly checking assertions about network conditions. Use netchecks to proactively verify whether security controls are working as intended, alerting on misconfiguration."
 authors = ["Brian Thorne <[email protected]>"]
 readme = "README.md"