diff --git a/go.mod b/go.mod index 889f15a..b261eae 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( k8s.io/kubectl v0.28.5 k8s.io/utils v0.0.0-20240102154912-e7106e64919e sigs.k8s.io/controller-runtime v0.16.3 - sigs.k8s.io/kubebuilder/v3 v3.12.0 + sigs.k8s.io/kubebuilder/v3 v3.13.0 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 3c842a0..3155355 100644 --- a/go.sum +++ b/go.sum @@ -454,8 +454,8 @@ sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigw sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kubebuilder/v3 v3.12.0 h1:POh46v+T2wPGzAzcIE/eKlwZr17nn+R49elJg2Wz2qU= -sigs.k8s.io/kubebuilder/v3 v3.12.0/go.mod h1:ZJZ6jpjhh0skfehrYl7b8X/SCozhfLAU7IYV8ZN/f3s= +sigs.k8s.io/kubebuilder/v3 v3.13.0 h1:ft1r2HdI29hEgtbuk3AEjOGX5A0N3jjbSA54oZzXH5I= +sigs.k8s.io/kubebuilder/v3 v3.13.0/go.mod h1:BA3wwWd7P31jNLH9x+l5TzK6Of61SwY469ChO1+G2Cc= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/hack/generate/samples/ansible/advanced_molecule.go b/hack/generate/samples/ansible/advanced_molecule.go index 8059f31..ae77ce0 100644 --- a/hack/generate/samples/ansible/advanced_molecule.go +++ b/hack/generate/samples/ansible/advanced_molecule.go @@ -75,10 +75,6 @@ func ImplementAdvancedMolecule(sample sample.Sample, image string) { addMocksFromTestdata(sample.Dir(), sample.CommandContext()) updateDockerfile(sample.Dir()) updateConfig(sample.Dir()) - - // Replace kustomize version to v5.2.1 to enable running the - // tests on a mac with Apple Silicon - replaceKustomizeVersion(sample.Dir(), "v5.2.1") } func updateConfig(dir string) { diff --git a/hack/generate/samples/ansible/memcached.go b/hack/generate/samples/ansible/memcached.go index 3185175..e7cfc24 100644 --- a/hack/generate/samples/ansible/memcached.go +++ b/hack/generate/samples/ansible/memcached.go @@ -40,10 +40,6 @@ func ImplementMemcached(sample sample.Sample, image string) { addingMoleculeMockData(sample.Dir(), sample.Name(), gvk) } } - - // Replace kustomize version to v5.2.1 to enable running the - // tests on a mac with Apple Silicon - replaceKustomizeVersion(sample.Dir(), "v5.2.1") } // addingMoleculeMockData will customize the molecule data @@ -77,12 +73,3 @@ func addingAnsibleTask(dir string, gvk schema.GroupVersionKind) { "# TODO(user): Add fields here", "size: 1") pkg.CheckError("updating sample CR", err) } - -// replaceKustomizeVersion will replace the kustomize version used in the -// Makefile to the version specified -func replaceKustomizeVersion(dir string, version string) { - err := kbutil.ReplaceInFile(filepath.Join(dir, "Makefile"), - "curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.1.1/kustomize_v5.1.1_$(OS)_$(ARCH).tar.gz | \\", - fmt.Sprintf("curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/%s/kustomize_%s_$(OS)_$(ARCH).tar.gz | \\", version, version)) - pkg.CheckError(fmt.Sprintf("replacing kustomize version to %s", version), err) -} diff --git a/hack/tests/e2e-ansible-molecule.sh b/hack/tests/e2e-ansible-molecule.sh index 8c14101..263b858 100755 --- a/hack/tests/e2e-ansible-molecule.sh +++ b/hack/tests/e2e-ansible-molecule.sh @@ -30,9 +30,10 @@ pip3 install pyasn1==0.4.7 pyasn1-modules==0.2.6 idna==2.8 ipaddress==1.0.23 pip3 install cryptography molecule==5.1.0 pip3 install ansible-lint yamllint pip3 install docker kubernetes jmespath +pip3 install requests==2.32.2 ansible-galaxy collection install 'kubernetes.core:==2.4.0' ansible-galaxy collection install 'operator_sdk.util:==0.4.0' -ansible-galaxy collection install 'community.docker:==3.4.0' +ansible-galaxy collection install 'community.docker:==3.10.3' header_text "Copying molecule testdata scenarios" ROOTDIR="$(pwd)" diff --git a/images/ansible-operator/Dockerfile b/images/ansible-operator/Dockerfile index 7e3816e..567e518 100644 --- a/images/ansible-operator/Dockerfile +++ b/images/ansible-operator/Dockerfile @@ -25,7 +25,12 @@ RUN set -e && yum clean all && rm -rf /var/cache/yum/* \ && pip3 install --upgrade pip~=23.3.2 \ && pip3 install pipenv==2023.11.15 \ && pipenv install --deploy \ - && pipenv check \ + # NOTE: This ignored vulnerability (70612) was detected in jinja2, \ + # but the vulnerability is disputed and may never be fixed. See: \ + # - https://github.com/advisories/GHSA-f6pv-j8mr-w6rr \ + # - https://github.com/dbt-labs/dbt-core/issues/10250 \ + # - https://data.safetycli.com/v/70612/97c/ \ + && pipenv check --ignore 70612 \ && yum remove -y gcc libffi-devel openssl-devel python39-devel \ && yum clean all \ && rm -rf /var/cache/yum diff --git a/images/ansible-operator/pipfile.Dockerfile b/images/ansible-operator/pipfile.Dockerfile index 64b8de0..091c857 100644 --- a/images/ansible-operator/pipfile.Dockerfile +++ b/images/ansible-operator/pipfile.Dockerfile @@ -21,7 +21,12 @@ RUN set -e && yum clean all && rm -rf /var/cache/yum/* \ && pip3 install --upgrade pip~=23.3.2 \ && pip3 install pipenv==2023.11.15 \ && pipenv lock \ - && pipenv check \ + # NOTE: This ignored vulnerability (70612) was detected in jinja2, \ + # but the vulnerability is disputed and may never be fixed. See: \ + # - https://github.com/advisories/GHSA-f6pv-j8mr-w6rr \ + # - https://github.com/dbt-labs/dbt-core/issues/10250 \ + # - https://data.safetycli.com/v/70612/97c/ \ + && pipenv check --ignore 70612 \ && yum remove -y gcc libffi-devel openssl-devel python39-devel \ && yum clean all \ && rm -rf /var/cache/yum diff --git a/pkg/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role.go b/pkg/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role.go index e7cc3be..65ff46e 100644 --- a/pkg/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role.go +++ b/pkg/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role.go @@ -39,6 +39,7 @@ func (f *ManagerRole) SetTemplateDefaults() error { } f.TemplateBody = fmt.Sprintf(roleTemplate, machinery.NewMarkerFor(f.Path, rulesMarker)) + f.IfExistsAction = machinery.OverwriteFile return nil } diff --git a/pkg/plugins/ansible/v1/scaffolds/internal/templates/requirements.go b/pkg/plugins/ansible/v1/scaffolds/internal/templates/requirements.go index 70cb8bc..6e09376 100644 --- a/pkg/plugins/ansible/v1/scaffolds/internal/templates/requirements.go +++ b/pkg/plugins/ansible/v1/scaffolds/internal/templates/requirements.go @@ -42,5 +42,5 @@ collections: - name: cloud.common version: "2.1.1" - name: community.docker - version: "3.4.5" + version: "3.10.3" ` diff --git a/pkg/plugins/util/cleanup.go b/pkg/plugins/util/cleanup.go index b704ff4..69a9631 100644 --- a/pkg/plugins/util/cleanup.go +++ b/pkg/plugins/util/cleanup.go @@ -76,12 +76,12 @@ func UpdateKustomizationsInit() error { ` # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -#- manager_webhook_patch.yaml +#- path: manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. # 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml +#- path: webhookcainjection_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. # Uncomment the following replacements to add the cert-manager CA injection annotations diff --git a/testdata/memcached-molecule-operator/config/default/kustomization.yaml b/testdata/memcached-molecule-operator/config/default/kustomization.yaml index 133d093..e8ce9a3 100644 --- a/testdata/memcached-molecule-operator/config/default/kustomization.yaml +++ b/testdata/memcached-molecule-operator/config/default/kustomization.yaml @@ -21,10 +21,8 @@ resources: # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. - ../prometheus -patchesStrategicMerge: +patches: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml - - +- path: manager_auth_proxy_patch.yaml diff --git a/testdata/memcached-molecule-operator/config/default/manager_auth_proxy_patch.yaml b/testdata/memcached-molecule-operator/config/default/manager_auth_proxy_patch.yaml index 813841d..ac3a174 100644 --- a/testdata/memcached-molecule-operator/config/default/manager_auth_proxy_patch.yaml +++ b/testdata/memcached-molecule-operator/config/default/manager_auth_proxy_patch.yaml @@ -14,8 +14,8 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - "ALL" - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 + - "ALL" + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/testdata/memcached-molecule-operator/config/manager/manager.yaml b/testdata/memcached-molecule-operator/config/manager/manager.yaml index eac55b5..a1b9951 100644 --- a/testdata/memcached-molecule-operator/config/manager/manager.yaml +++ b/testdata/memcached-molecule-operator/config/manager/manager.yaml @@ -78,7 +78,7 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - "ALL" + - "ALL" livenessProbe: httpGet: path: /healthz diff --git a/testdata/memcached-molecule-operator/config/prometheus/monitor.yaml b/testdata/memcached-molecule-operator/config/prometheus/monitor.yaml index cf3cd4d..938d3fd 100644 --- a/testdata/memcached-molecule-operator/config/prometheus/monitor.yaml +++ b/testdata/memcached-molecule-operator/config/prometheus/monitor.yaml @@ -1,4 +1,3 @@ - # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/testdata/memcached-molecule-operator/requirements.yml b/testdata/memcached-molecule-operator/requirements.yml index af54cd6..07cabcb 100644 --- a/testdata/memcached-molecule-operator/requirements.yml +++ b/testdata/memcached-molecule-operator/requirements.yml @@ -7,4 +7,4 @@ collections: - name: cloud.common version: "2.1.1" - name: community.docker - version: "3.4.5" + version: "3.10.3"