feat(security): stage metrics server image
All checks were successful
CD Pipeline / workflow-shape (push) Successful in 1s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 5m17s
AWOOOI Harbor 110 Local Repair / workflow-shape (push) Successful in 1s
AWOOOI Harbor 110 Local Repair / harbor-110-local-repair (push) Successful in 20s
CD Pipeline / build-and-deploy (push) Successful in 12m44s
CD Pipeline / post-deploy-checks (push) Successful in 1m53s
All checks were successful
CD Pipeline / workflow-shape (push) Successful in 1s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 5m17s
AWOOOI Harbor 110 Local Repair / workflow-shape (push) Successful in 1s
AWOOOI Harbor 110 Local Repair / harbor-110-local-repair (push) Successful in 20s
CD Pipeline / build-and-deploy (push) Successful in 12m44s
CD Pipeline / post-deploy-checks (push) Successful in 1m53s
This commit is contained in:
@@ -54,6 +54,19 @@
|
||||
"name": "vpa-recommender",
|
||||
"container": "recommender"
|
||||
}
|
||||
},
|
||||
{
|
||||
"asset_id": "runtime-image:metrics-server-0.8.1-canary",
|
||||
"source_index_digest": "sha256:b2d2efaf5ac3b366ed0f839d2412a2c4279d4fc2a2a733f12c52133faed36c41",
|
||||
"platform_digest": "sha256:6231fb0a1ffab76c92ab880f51a0d11b290f688373647bcedff85af025dfd8a9",
|
||||
"source_config_digest": "sha256:e76b3f3568b7f440dfd477c1d6de638d7769ba34c93eef999dee418eb72bc0e3",
|
||||
"push_ref": "registry.wooo.work/awoooi/runtime-mirror/metrics-server:0.8.1-linux-amd64",
|
||||
"workload": {
|
||||
"kind": "deployment",
|
||||
"namespace": "kube-system",
|
||||
"name": "metrics-server",
|
||||
"container": "metrics-server"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -149,12 +149,13 @@ class RuntimeImageMirrorControllerTest(unittest.TestCase):
|
||||
|
||||
self.assertEqual(policy.work_item_id, "AIA-P0-006-02B")
|
||||
self.assertEqual(policy.risk_level, "high")
|
||||
self.assertEqual(len(policy.images), 3)
|
||||
self.assertEqual(len(policy.images), 4)
|
||||
by_asset = {image.asset_id: image for image in policy.images}
|
||||
self.assertEqual(
|
||||
set(by_asset),
|
||||
{
|
||||
"runtime-image:argocd-v3.3.6-canary",
|
||||
"runtime-image:metrics-server-0.8.1-canary",
|
||||
"runtime-image:redis-8.2.3-canary",
|
||||
"runtime-image:vpa-recommender-1.6.0-canary",
|
||||
},
|
||||
@@ -202,6 +203,26 @@ class RuntimeImageMirrorControllerTest(unittest.TestCase):
|
||||
self.assertEqual(vpa.workload.name, "vpa-recommender")
|
||||
self.assertEqual(vpa.workload.container, "recommender")
|
||||
self.assertEqual(vpa.workload.container_kind, "container")
|
||||
|
||||
metrics = by_asset["runtime-image:metrics-server-0.8.1-canary"]
|
||||
self.assertEqual(
|
||||
metrics.source_index_digest,
|
||||
"sha256:b2d2efaf5ac3b366ed0f839d2412a2c4279d4fc2a2a733f12c52133faed36c41",
|
||||
)
|
||||
self.assertEqual(
|
||||
metrics.platform_digest,
|
||||
"sha256:6231fb0a1ffab76c92ab880f51a0d11b290f688373647bcedff85af025dfd8a9",
|
||||
)
|
||||
self.assertEqual(
|
||||
metrics.source_config_digest,
|
||||
"sha256:e76b3f3568b7f440dfd477c1d6de638d7769ba34c93eef999dee418eb72bc0e3",
|
||||
)
|
||||
self.assertEqual(metrics.runtime_repository, "metrics-server")
|
||||
self.assertEqual(metrics.workload.kind, "deployment")
|
||||
self.assertEqual(metrics.workload.namespace, "kube-system")
|
||||
self.assertEqual(metrics.workload.name, "metrics-server")
|
||||
self.assertEqual(metrics.workload.container, "metrics-server")
|
||||
self.assertEqual(metrics.workload.container_kind, "container")
|
||||
self.assertNotIn("github.com", raw)
|
||||
self.assertNotIn("ghcr.io", raw)
|
||||
self.assertIn('"external_pull_allowed": false', raw)
|
||||
|
||||
Reference in New Issue
Block a user