Add unit test for dev versions

feat(node-analyzer): Fix URLs to the docs (#1984) github_actions_ci: Update CHANGELOG and RELEASE-NOTES for node-analyzer-1.32.11 fix(shield): Fix cluster name & execute unit test in CI for the shield chart (#1986) github_actions_ci: Update CHANGELOG and RELEASE-NOTES for shield-0.1.8 chore(sysdig-deploy): Automatic version bump due to updated dependencies (#1985) Co-authored-by: draios-jenkins <[email protected]> github_actions_ci: Update CHANGELOG and RELEASE-NOTES for sysdig-deploy-1.66.7 feat(registry-scanner): check cronjob frequency to avoid misuse (#1983) github_actions_ci: Update CHANGELOG and RELEASE-NOTES for registry-scanner-1.4.1 fix: cronjob schedule check (#1987) github_actions_ci: Update CHANGELOG and RELEASE-NOTES for registry-scanner-1.4.2 fix(cluster-shield): fix type casting for ssl.verify (#1988) Co-authored-by: AlbertoBarba <[email protected]> github_actions_ci: Update CHANGELOG and RELEASE-NOTES for cluster-shield-1.4.2 chore(sysdig-deploy): Automatic version bump due to updated dependencies (#1989) Co-authored-by: AlbertoBarba <[email protected]> github_actions_ci: Update CHANGELOG and RELEASE-NOTES for sysdig-deploy-1.66.8 Add unit test for dev version
sysdiglabs · Oct 30, 2024 · fbac884 · fbac884
1 parent b984f88
commit fbac884
Show file tree

Hide file tree

Showing 28 changed files with 214 additions and 27 deletions.
diff --git a/.github/workflows/helm-unit-test.yaml b/.github/workflows/helm-unit-test.yaml
@@ -64,3 +64,6 @@ jobs:
 
       - name: Test sysdig-stackdriver-bridge
         run: helm unittest --strict ./charts/sysdig-stackdriver-bridge
+
+      - name: Test shield
+        run: helm unittest --strict -f 'tests/*/*_test.yaml' ./charts/shield
diff --git a/charts/agent/templates/_helpers.tpl b/charts/agent/templates/_helpers.tpl
@@ -592,6 +592,13 @@ true
     {{- end -}}
 {{- end -}}
 
+{{/* Check if dev version. */}}
+{{- define "agent.isDevVersion" -}}
+    {{- if eq . "dev" -}}
+        true
+    {{- end -}}
+{{- end -}}
+
 {{/* Return the name of the local forwarder configmap */}}
 {{- define "agent.localForwarderConfigMapName" }}
 {{- include "agent.configmapName" . | trunc 46 | trimSuffix "-" | printf "%s-local-forwarder" }}
@@ -606,7 +613,7 @@ true
 {{- end }}
 
 {{- define "agent.enableWindowsProbesSinglePort" }}
-    {{- if and (include "agent.isSemVer" .Values.windows.image.tag) (semverCompare "< 1.3.0-0" .Values.windows.image.tag) }}
+    {{- if or (and (include "agent.isSemVer" .Values.windows.image.tag) (semverCompare "< 1.3.0-0" .Values.windows.image.tag)) (include "agent.isDevVersion" .Values.windows.image.tag)}}
         {{- printf "false" -}}
     {{- else -}}
         {{- printf "true" -}}

diff --git a/charts/agent/tests/readiness_probe_windows_test.yaml b/charts/agent/tests/readiness_probe_windows_test.yaml
@@ -58,4 +58,32 @@ tests:
           value: 24483
       - equal:
           path: spec.template.spec.containers[0].readinessProbe.httpGet.port
-          value: 24483
+          value: 24483
+
+  - it: "Windows Agent Probes (agent = 86dedf6)"
+    set:
+      windows:
+        enabled: true
+        image:
+          tag: 86dedf6
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].livenessProbe.httpGet.port
+          value: 24483
+      - equal:
+          path: spec.template.spec.containers[0].readinessProbe.httpGet.port
+          value: 24483
+
+  - it: "Windows Agent Probes (agent = dev)"
+    set:
+      windows:
+        enabled: true
+        image:
+          tag: dev
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].livenessProbe.httpGet.port
+          value: 24484
+      - equal:
+          path: spec.template.spec.containers[0].readinessProbe.httpGet.port
+          value: 24484
diff --git a/charts/cluster-shield/CHANGELOG.md b/charts/cluster-shield/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.4.2
+### Bug Fixes
+* **cluster-shield** [f4262f0a](https://github.com/sysdiglabs/charts/commit/f4262f0aa956aa5042ef253765efa56f40e4de40): fix type casting for ssl.verify ([#1988](https://github.com/sysdiglabs/charts/issues/1988))
 # v1.4.1
 ### Chores
 * **cluster-shield** [a2e408c9](https://github.com/sysdiglabs/charts/commit/a2e408c941b097fea0a6b36f88ec9de7b30a7f9d): Automatic bump to version 1.4.0 ([#1977](https://github.com/sysdiglabs/charts/issues/1977))

diff --git a/charts/cluster-shield/Chart.yaml b/charts/cluster-shield/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: cluster-shield
 description: Cluster Shield Helm Chart for Kubernetes
 type: application
-version: 1.4.1
+version: 1.4.2
 appVersion: "1.4.0"
 maintainers:
   - name: AlbertoBarba

diff --git a/charts/cluster-shield/RELEASE-NOTES.md b/charts/cluster-shield/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
-### Chores
-- **cluster-shield** [a2e408c9](https://github.com/sysdiglabs/charts/commit/a2e408c941b097fea0a6b36f88ec9de7b30a7f9d): Automatic bump to version 1.4.0 ([#1977](https://github.com/sysdiglabs/charts/issues/1977))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/cluster-shield-1.4.0...cluster-shield-1.4.1
+### Bug Fixes
+- **cluster-shield** [f4262f0a](https://github.com/sysdiglabs/charts/commit/f4262f0aa956aa5042ef253765efa56f40e4de40): fix type casting for ssl.verify ([#1988](https://github.com/sysdiglabs/charts/issues/1988))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/cluster-shield-1.4.1...cluster-shield-1.4.2
diff --git a/charts/cluster-shield/templates/_helpers.tpl b/charts/cluster-shield/templates/_helpers.tpl
@@ -99,7 +99,8 @@ Adds kubernetes related keys to the configuration.
 {{- end -}}
 {{- end -}}
 {{- if not (hasKey (default .Values.cluster_shield.ssl dict) "verify") -}}
-{{- $_ := set $conf "ssl" (dict "verify" .Values.global.sslVerifyCertificate) -}}
+{{/* Hackish way to manage boolean values as helm do not provide `toBool` function, see https://github.com/helm/helm/issues/10382 */}}
+{{- $_ := set $conf "ssl" (printf "{\"verify\": %s}" (.Values.global.sslVerifyCertificate | toString) | fromJson) -}}
 {{- end -}}
 {{- if not .Values.cluster_shield.cluster_config.name -}}
 {{- if .Values.global.clusterConfig.name -}}

diff --git a/charts/cluster-shield/tests/global_settings_test.yaml b/charts/cluster-shield/tests/global_settings_test.yaml
@@ -52,3 +52,33 @@ tests:
           pattern: |-
             sysdig_endpoint:
               api_url: https://www.global-example.org
+
+  - it: Test genrated type with global ssl (string)
+    set:
+      global:
+        sslVerifyCertificate: "false"
+    asserts:
+      - containsDocument:
+          kind: ConfigMap
+          apiVersion: v1
+          name: sysdig-cluster-shield
+      - matchRegex:
+          path: data["cluster-shield.yaml"]
+          pattern: |-
+            ssl:
+              verify: false
+
+  - it: Test genrated type with global ssl (bool)
+    set:
+      global:
+        sslVerifyCertificate: false
+    asserts:
+      - containsDocument:
+          kind: ConfigMap
+          apiVersion: v1
+          name: sysdig-cluster-shield
+      - matchRegex:
+          path: data["cluster-shield.yaml"]
+          pattern: |-
+            ssl:
+              verify: false
diff --git a/charts/cluster-shield/values.schema.json b/charts/cluster-shield/values.schema.json
@@ -87,6 +87,18 @@
               ]
             }
           }
+        },
+        "sslVerifyCertificate": {
+          "type": [
+            "boolean",
+            "string"
+          ],
+          "enum": [
+            "true",
+            "false",
+            true,
+            false
+          ]
         }
       }
     },

diff --git a/charts/node-analyzer/CHANGELOG.md b/charts/node-analyzer/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.32.11
+### New Features
+* **node-analyzer** [d61d18f8](https://github.com/sysdiglabs/charts/commit/d61d18f8d7f3ba4c2b609ddebdb11f8f7445bc23): Fix URLs to the docs ([#1984](https://github.com/sysdiglabs/charts/issues/1984))
 # v1.32.10
 # v1.32.9
 ### Bug Fixes

diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: node-analyzer
 description: Sysdig Node Analyzer
 # currently matching Sysdig's appVersion 1.14.34
-version: 1.32.10
+version: 1.32.11
 appVersion: 12.9.2
 keywords:
   - monitoring

diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md
@@ -4,9 +4,9 @@
 
 The Node Analyzer provides a method for deploying the components for the following Sysdig Secure features:
 
-- [Runtime Scanning](https://docs.sysdig.com/en/docs/installation/sysdig-secure/#runtime-scanning)
-- [Host Scanning](https://docs.sysdig.com/en/docs/installation/sysdig-secure/#vulnerability-host-scanning)
-- [KSPM Analyzer](https://docs.sysdig.com/en/docs/installation/sysdig-secure/#compliance)
+- [Runtime Scanning](https://docs.sysdig.com//en/runtime)
+- [Host Scanning](https://docs.sysdig.com/en/host-scan/
+- [KSPM Analyzer](https://docs.sysdig.com/en/compliance/)
 
 This chart adds the Sysdig Node Analyzer to all nodes in your cluster via a DaemonSet. The Node Analyzer is deployed by default unless you set the value `nodeAnalyzer.deploy` to `false`.
 

diff --git a/charts/node-analyzer/RELEASE-NOTES.md b/charts/node-analyzer/RELEASE-NOTES.md
@@ -1,3 +1,5 @@
 # What's Changed
 
-#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.32.9...node-analyzer-1.32.10
+### New Features
+- **node-analyzer** [d61d18f8](https://github.com/sysdiglabs/charts/commit/d61d18f8d7f3ba4c2b609ddebdb11f8f7445bc23): Fix URLs to the docs ([#1984](https://github.com/sysdiglabs/charts/issues/1984))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.32.10...node-analyzer-1.32.11
diff --git a/charts/registry-scanner/CHANGELOG.md b/charts/registry-scanner/CHANGELOG.md
@@ -10,6 +10,12 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.4.2
+### Bug Fixes
+* [80d9f7e6](https://github.com/sysdiglabs/charts/commit/80d9f7e629baa61611c72a71df5a77ac328c6eed): cronjob schedule check ([#1987](https://github.com/sysdiglabs/charts/issues/1987))
+# v1.4.1
+### New Features
+* **registry-scanner** [2ebd7855](https://github.com/sysdiglabs/charts/commit/2ebd7855670ec0ed53b7c6b0ef70e3a0a630bd81): check cronjob frequency to avoid misuse ([#1983](https://github.com/sysdiglabs/charts/issues/1983))
 # v1.4.0
 ### Chores
 * **registry-scanner** [8aadffd0](https://github.com/sysdiglabs/charts/commit/8aadffd0460d8633d402a645ad4f3b4ac3f2c059): Update to v0.5.0 ([#1925](https://github.com/sysdiglabs/charts/issues/1925))

diff --git a/charts/registry-scanner/Chart.yaml b/charts/registry-scanner/Chart.yaml
@@ -4,7 +4,7 @@ description: Sysdig Registry Scanner
 type: application
 home: https://www.sysdig.com/
 icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
-version: 1.4.0
+version: 1.4.2
 appVersion: 0.5.0
 maintainers:
   - name: sysdiglabs
diff --git a/charts/registry-scanner/README.md b/charts/registry-scanner/README.md
@@ -135,7 +135,7 @@ Use the following command to deploy:
 helm upgrade --install registry-scanner \
    --namespace sysdig-agent \
    --create-namespace \
-   --version=1.4.0 \
+   --version=1.4.2 \
    --set config.secureBaseURL=<SYSDIG_SECURE_URL> \
    --set config.secureAPIToken=<SYSDIG_SECURE_API_TOKEN> \
    --set config.secureSkipTLS=true \

diff --git a/charts/registry-scanner/RELEASE-NOTES.md b/charts/registry-scanner/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
-### Chores
-- **registry-scanner** [8aadffd0](https://github.com/sysdiglabs/charts/commit/8aadffd0460d8633d402a645ad4f3b4ac3f2c059): Update to v0.5.0 ([#1925](https://github.com/sysdiglabs/charts/issues/1925))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.3.5...registry-scanner-1.4.0
+### Bug Fixes
+- [80d9f7e6](https://github.com/sysdiglabs/charts/commit/80d9f7e629baa61611c72a71df5a77ac328c6eed): cronjob schedule check ([#1987](https://github.com/sysdiglabs/charts/issues/1987))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.4.1...registry-scanner-1.4.2
diff --git a/charts/registry-scanner/templates/_helpers.tpl b/charts/registry-scanner/templates/_helpers.tpl
@@ -138,3 +138,25 @@ Fail if cronjob.timeZone is set for Kubernetes < 1.24
     {{ fail "cronjob.timeZone was specified but kubernetes version is smaller than 1.24." }}
   {{- end }}
 {{- end }}
+{{/*
+Check cronjob value
+*/}}
+{{- define "registry-scanner.checkCronSchedule" -}}
+  {{- $schedule := .Values.cronjob.schedule}}
+  {{- $parts := splitList " " $schedule -}}
+
+  {{- if eq (len $parts) 5 -}}
+    {{- $minute := index $parts 0 -}}
+    {{- $hour := index $parts 1 -}}
+    {{- $dayOfMonth := index $parts 2 -}}
+    {{- $month := index $parts 3 -}}
+    {{- $dayOfWeek := index $parts 4 -}}
+
+    {{- if and (eq $dayOfMonth "*" ) (eq $dayOfWeek "*") (eq $month "*") -}}
+      {{- if or ($hour | contains "*") ($hour | contains ",") ($hour | contains "-") ($hour | contains "/") -}}
+        # {{- printf "WARNING: You have configured the registry scanner to run on a schedule of '%s'. Running the scanner more often than every 24 hours can increase the load on your registry. The recommended configuration is to perform a scan weekly." $schedule | fail}}
+        {{- fail (printf "WARNING: You have configured the registry scanner to run on a schedule of '%s'. Running the scanner more often than every 24 hours can increase the load on your registry. The recommended configuration is to perform a scan weekly." $schedule) }}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/registry-scanner/templates/cronjob.yaml b/charts/registry-scanner/templates/cronjob.yaml
@@ -1,3 +1,4 @@
+{{- include "registry-scanner.checkCronSchedule" . }}
 {{- include "registry-scanner.validateTimeZone" . }}
 {{- if (include "registry-scanner.kubeVersionLessThan" (dict "root" . "major" 1 "minor" 21)) }}
 apiVersion: batch/v1beta1

diff --git a/charts/registry-scanner/tests/cronjob_test.yaml b/charts/registry-scanner/tests/cronjob_test.yaml
@@ -121,3 +121,53 @@ tests:
       - failedTemplate:
           # errorMessage: spec.timeZone
           errorMessage: "cronjob.timeZone was specified but kubernetes version is smaller than 1.24."
+
+  - it: sets cronjob schedule more often than 24h
+    set:
+      cronjob.schedule: "0 0 * * *"
+    asserts:
+      - equal:
+          path: spec.schedule
+          value: "0 0 * * *"
+
+  - it: sets cronjob schedule less often than 24h
+    set:
+      cronjob.schedule: "0 0 1 * *"
+    asserts:
+      - equal:
+          path: spec.schedule
+          value: "0 0 1 * *"
+
+  - it: sets cronjob schedule less often than 24h
+    set:
+      cronjob.schedule: "0 0 1 4 *"
+    asserts:
+      - equal:
+          path: spec.schedule
+          value: "0 0 1 4 *"
+  - it: sets cronjob schedule less often than 24h and slash
+    set:
+      cronjob.schedule: "0 1/2 * * *"
+    asserts:
+      - failedTemplate:
+          errorMessage: "WARNING: You have configured the registry scanner to run on a schedule of '0 1/2 * * *'. \
+           Running the scanner more often than every 24 hours can increase the load on your registry. \
+           The recommended configuration is to perform a scan weekly."
+
+  - it: sets cronjob schedule less often than 24h and comma
+    set:
+      cronjob.schedule: "0 1,2 * * *"
+    asserts:
+      - failedTemplate:
+          errorMessage: "WARNING: You have configured the registry scanner to run on a schedule of '0 1,2 * * *'. \
+           Running the scanner more often than every 24 hours can increase the load on your registry. \
+           The recommended configuration is to perform a scan weekly."
+
+  - it: sets cronjob schedule less often than 24h and dash
+    set:
+      cronjob.schedule: "0 1-2 * * *"
+    asserts:
+      - failedTemplate:
+          errorMessage: "WARNING: You have configured the registry scanner to run on a schedule of '0 1-2 * * *'. \
+           Running the scanner more often than every 24 hours can increase the load on your registry. \
+           The recommended configuration is to perform a scan weekly."
diff --git a/charts/shield/CHANGELOG.md b/charts/shield/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v0.1.8
+### Bug Fixes
+* **shield** [aa91cf17](https://github.com/sysdiglabs/charts/commit/aa91cf17a79b6cc952a069106b7db1377834cd99): Fix cluster name & execute unit test in CI for the shield chart ([#1986](https://github.com/sysdiglabs/charts/issues/1986))
 # v0.1.7
 ### New Features
 * **shield** [b4aac2cc](https://github.com/sysdiglabs/charts/commit/b4aac2cc07965aaa5e91b33568a042cc16b8bf9c): add local forwarder support to host shield  in shield chart ([#1972](https://github.com/sysdiglabs/charts/issues/1972))

diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml
@@ -13,5 +13,5 @@ maintainers:
   - name: mavimo
     email: [email protected]
 type: application
-version: 0.1.7
+version: 0.1.8
 appVersion: "1.0.0"
diff --git a/charts/shield/RELEASE-NOTES.md b/charts/shield/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
-### New Features
-- **shield** [b4aac2cc](https://github.com/sysdiglabs/charts/commit/b4aac2cc07965aaa5e91b33568a042cc16b8bf9c): add local forwarder support to host shield  in shield chart ([#1972](https://github.com/sysdiglabs/charts/issues/1972))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/cluster-shield-1.4.1...shield-0.1.7
+### Bug Fixes
+- **shield** [aa91cf17](https://github.com/sysdiglabs/charts/commit/aa91cf17a79b6cc952a069106b7db1377834cd99): Fix cluster name & execute unit test in CI for the shield chart ([#1986](https://github.com/sysdiglabs/charts/issues/1986))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/shield-0.1.7...shield-0.1.8
diff --git a/charts/shield/templates/host/_configmap_helpers.tpl b/charts/shield/templates/host/_configmap_helpers.tpl
@@ -66,7 +66,7 @@
 
 {{- define "host.configmap" }}
 {{- $config := dict
-  "cluster_name" .Values.cluster_config.name
+  "k8s_cluster_name" .Values.cluster_config.name
   "collector" (include "common.collector_endpoint" .)
   "collector_port" .Values.sysdig_endpoint.collector.port }}
 {{- $config = merge $config (dict "sysdig_api_endpoint" (include "common.secure_api_endpoint" .)) }}

diff --git a/charts/shield/tests/host/configmap-dragent-yaml_test.yaml b/charts/shield/tests/host/configmap-dragent-yaml_test.yaml
@@ -609,6 +609,16 @@ tests:
             long_float: 95.12345678912322
             long_int: 9545013498239122
 
+  - it: Set Cluster name
+    set:
+      cluster_config:
+        name: demo-cluster
+    asserts:
+      - matchRegex:
+          path: data['dragent.yaml']
+          pattern: |
+            k8s_cluster_name: demo-cluster
+
   - it: Set API endpoint
     set:
       sysdig_endpoint:

diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,12 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.66.8
+### Chores
+* **sysdig-deploy** [86b3cbd2](https://github.com/sysdiglabs/charts/commit/86b3cbd29bedb95ecb453bedec6e76b272aebadc): Automatic version bump due to updated dependencies ([#1989](https://github.com/sysdiglabs/charts/issues/1989))
+# v1.66.7
+### Chores
+* **sysdig-deploy** [21a8caa2](https://github.com/sysdiglabs/charts/commit/21a8caa201fc12cb3c671fd9fd793e249ebf5ee3): Automatic version bump due to updated dependencies ([#1985](https://github.com/sysdiglabs/charts/issues/1985))
 # v1.66.6
 ### Chores
 * **sysdig-deploy** [c95f2b41](https://github.com/sysdiglabs/charts/commit/c95f2b41c39ad8707d279c375c4d6523ac370292): Automatic version bump due to updated dependencies ([#1981](https://github.com/sysdiglabs/charts/issues/1981))