From 03adaceb46077cf5b59f15c3f1d3c1144b090593 Mon Sep 17 00:00:00 2001
From: Brian Thorne <brian@thorne.link>
Date: Sat, 23 Mar 2024 00:24:54 +1300
Subject: [PATCH] Update PolicyReporter to 2.22.4 Replace results in existing
 PolicyReport instead of appending to them.

---
 .run/Netchecks Operator.run.xml           | 26 -----------------------
 operator/charts/netchecks/Chart.yaml      |  6 +++---
 operator/examples/value-in-configmap.yaml |  1 -
 operator/netchecks_operator/main.py       |  7 +++---
 operator/pyproject.toml                   |  2 +-
 pyproject.toml                            |  2 +-
 6 files changed, 9 insertions(+), 35 deletions(-)
 delete mode 100644 .run/Netchecks Operator.run.xml

diff --git a/.run/Netchecks Operator.run.xml b/.run/Netchecks Operator.run.xml
deleted file mode 100644
index 61b86a9..0000000
--- a/.run/Netchecks Operator.run.xml	
+++ /dev/null
@@ -1,26 +0,0 @@
-<component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="Netchecks Operator" type="PythonConfigurationType" factoryName="Python">
-    <module name="netchecks" />
-    <option name="ENV_FILES" value="" />
-    <option name="INTERPRETER_OPTIONS" value="" />
-    <option name="PARENT_ENVS" value="true" />
-    <envs>
-      <env name="PYTHONUNBUFFERED" value="1" />
-    </envs>
-    <option name="SDK_HOME" value="" />
-    <option name="SDK_NAME" value="Poetry (netchecks)" />
-    <option name="WORKING_DIRECTORY" value="$ProjectFileDir$/operator" />
-    <option name="IS_MODULE_SDK" value="false" />
-    <option name="ADD_CONTENT_ROOTS" value="false" />
-    <option name="ADD_SOURCE_ROOTS" value="false" />
-    <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
-    <option name="SCRIPT_NAME" value="kopf" />
-    <option name="PARAMETERS" value="run netchecks_operator/main.py --all-namespaces --liveness=http://0.0.0.0:8080/healthz" />
-    <option name="SHOW_COMMAND_LINE" value="false" />
-    <option name="EMULATE_TERMINAL" value="false" />
-    <option name="MODULE_MODE" value="true" />
-    <option name="REDIRECT_INPUT" value="false" />
-    <option name="INPUT_FILE" value="" />
-    <method v="2" />
-  </configuration>
-</component>
\ No newline at end of file
diff --git a/operator/charts/netchecks/Chart.yaml b/operator/charts/netchecks/Chart.yaml
index fb41ae2..010ac08 100644
--- a/operator/charts/netchecks/Chart.yaml
+++ b/operator/charts/netchecks/Chart.yaml
@@ -6,13 +6,13 @@ icon: https://raw.githubusercontent.com/hardbyte/netchecks/main/.github/logo.png
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.14
+version: 0.1.15
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.5.1"
+appVersion: "0.5.2"
 sources:
   - https://github.com/hardbyte/netchecks
 maintainers:
@@ -78,6 +78,6 @@ annotations:
               message: Http request to Kubernetes API should succeed.
 dependencies:
   - name: policy-reporter
-    version: 2.19.4
+    version: 2.22.4
     repository: https://kyverno.github.io/policy-reporter
     condition: policy-reporter.enabled
diff --git a/operator/examples/value-in-configmap.yaml b/operator/examples/value-in-configmap.yaml
index 8c3fbde..96fbc86 100644
--- a/operator/examples/value-in-configmap.yaml
+++ b/operator/examples/value-in-configmap.yaml
@@ -9,7 +9,6 @@ apiVersion: netchecks.io/v1
 kind: NetworkAssertion
 metadata:
   name: k8s-config-check
-  namespace: default
   annotations:
     description: Assert probe can access configmap data
 spec:
diff --git a/operator/netchecks_operator/main.py b/operator/netchecks_operator/main.py
index 903ef6a..ecd2ba3 100644
--- a/operator/netchecks_operator/main.py
+++ b/operator/netchecks_operator/main.py
@@ -473,17 +473,18 @@ def upsert_policy_report(probe_results, assertion_name, namespace, pod_name):
         # ]
 
         # Instead we use a JSON Merge Patch syntax (with the entire existing body)
+        # Replace the summary
         summary_json_merge_patch_body = {
             k: report_summary[k] if k in report_summary else None for k in "pass fail warn error skip".split()
         }
         policy_report_body["summary"] = summary_json_merge_patch_body
 
-        # Append the new results to the existing results
-        policy_report_body["results"] = policy_report["results"] + report_results
+        # Replace the results (old ones are policy_report["results"])
+        policy_report_body["results"] = report_results
 
         # Limit the number of results to the configured maximum
-        logger.info("Max limit", max_results=settings.policy_report_max_results)
         if len(policy_report_body["results"]) > settings.policy_report_max_results:
+            logger.info("Truncating PolicyReport results", max_results=settings.policy_report_max_results)
             policy_report_body["results"] = policy_report_body["results"][-settings.policy_report_max_results :]
 
         crd_api.patch_namespaced_custom_object(
diff --git a/operator/pyproject.toml b/operator/pyproject.toml
index e7791d6..562a697 100644
--- a/operator/pyproject.toml
+++ b/operator/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "netcheck-operator"
-version = "0.5.1"
+version = "0.5.2"
 description = "Netcheck is a cloud native tool for specifying and regularly checking assertions about network conditions. Organisations use netcheck to proactively verify whether security controls are working as intended, alerting them to misconfiguration and potential threats."
 authors = ["Brian Thorne <brian@hardbyte.nz>"]
 readme = "README.md"
diff --git a/pyproject.toml b/pyproject.toml
index 22390c2..29d363c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "netcheck"
-version = "0.5.1"
+version = "0.5.2"
 description = "Netchecks is a cloud native tool for specifying and regularly checking assertions about network conditions. Use netchecks to proactively verify whether security controls are working as intended, alerting on misconfiguration."
 authors = ["Brian Thorne <brian@hardbyte.nz>"]
 readme = "README.md"