From d9ebdde436dacdde0485204c63894c8ada5cd8b1 Mon Sep 17 00:00:00 2001 From: cnwaldron <72021941+cnwaldron@users.noreply.github.com> Date: Wed, 15 Nov 2023 14:17:26 -0500 Subject: [PATCH] try pushing current changes --- ...curity.github.io_exposedsecretreports.yaml | 9 ++- ...curity.github.io_vulnerabilityreports.yaml | 7 +- deploy/static/trivy-operator.yaml | 78 ++++++++++--------- .../v1alpha1/vulnerability_types.go | 12 +-- .../v1alpha1/zz_generated.deepcopy.go | 17 ++++ 5 files changed, 73 insertions(+), 50 deletions(-) diff --git a/deploy/helm/crds/aquasecurity.github.io_exposedsecretreports.yaml b/deploy/helm/crds/aquasecurity.github.io_exposedsecretreports.yaml index 096a92e1d..7ab16719b 100644 --- a/deploy/helm/crds/aquasecurity.github.io_exposedsecretreports.yaml +++ b/deploy/helm/crds/aquasecurity.github.io_exposedsecretreports.yaml @@ -99,15 +99,16 @@ spec: os: description: OS is the Operating System of the Artifact properties: + eosl: + description: Eosl is true if OS version has reached end of service + life + type: boolean family: description: Operating System Family type: string name: - description: Name or version of the OS + description: Name or version of the OS type: string - eosl: - description: Eosl is the End of Service Life and is true if the OS version being used has reached it's end of service life - type: boolean type: object registry: description: Registry is the registry the Artifact was pulled from. diff --git a/deploy/helm/crds/aquasecurity.github.io_vulnerabilityreports.yaml b/deploy/helm/crds/aquasecurity.github.io_vulnerabilityreports.yaml index 00683f189..26f800fec 100644 --- a/deploy/helm/crds/aquasecurity.github.io_vulnerabilityreports.yaml +++ b/deploy/helm/crds/aquasecurity.github.io_vulnerabilityreports.yaml @@ -104,15 +104,16 @@ spec: os: description: OS is the Operating System of the Artifact properties: + eosl: + description: Eosl is true if OS version has reached end of service + life + type: boolean family: description: Operating System Family type: string name: description: Name or version of the OS type: string - eosl: - description: Eosl is the End of Service Life and is true if the OS version being used has reached it's end of service life - type: boolean type: object registry: description: Registry is the registry the Artifact was pulled from. diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index 7a20d3d51..41b7adad2 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -1374,15 +1374,16 @@ spec: os: description: OS is the Operating System of the Artifact properties: + eosl: + description: Eosl is true if OS version has reached end of service + life + type: boolean family: description: Operating System Family type: string name: description: Name or version of the OS type: string - eosl: - description: Eosl is the End of Service Life and is true if the OS version being used has reached it's end of service life - type: boolean type: object registry: description: Registry is the registry the Artifact was pulled from. @@ -1481,6 +1482,7 @@ spec: type: string required: - artifact + - os - scanner - secrets - summary @@ -2270,17 +2272,18 @@ spec: type: string type: object os: - description: OS information of the Artifact + description: OS is the Operating System of the Artifact properties: + eosl: + description: Eosl is true if OS version has reached end of service + life + type: boolean family: - description: OS family + description: Operating System Family type: string name: - description: Name of OS + description: Name or version of the OS type: string - eosl: - description: End of Service Life - type: boolean type: object registry: description: Registry is the registry the Artifact was pulled from. @@ -2437,6 +2440,7 @@ spec: type: array required: - artifact + - os - scanner - summary - updateTimestamp @@ -2721,6 +2725,25 @@ spec: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator --- +# Source: trivy-operator/templates/rbac/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: trivy-operator + labels: + app.kubernetes.io/name: trivy-operator + app.kubernetes.io/instance: trivy-operator + app.kubernetes.io/version: "0.16.4" + app.kubernetes.io/managed-by: kubectl +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: trivy-operator +subjects: + - kind: ServiceAccount + name: trivy-operator + namespace: trivy-system +--- # Source: trivy-operator/templates/rbac/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -3072,11 +3095,12 @@ rules: verbs: - get --- -# Source: trivy-operator/templates/rbac/clusterrolebinding.yaml +# Source: trivy-operator/templates/rbac/leader-election-rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: - name: trivy-operator + name: trivy-operator-leader-election + namespace: trivy-system labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator @@ -3084,8 +3108,8 @@ metadata: app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: trivy-operator + kind: Role + name: trivy-operator-leader-election subjects: - kind: ServiceAccount name: trivy-operator @@ -3119,11 +3143,11 @@ rules: verbs: - create --- -# Source: trivy-operator/templates/rbac/leader-election-rolebinding.yaml +# Source: trivy-operator/templates/rbac/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: trivy-operator-leader-election + name: trivy-operator namespace: trivy-system labels: app.kubernetes.io/name: trivy-operator @@ -3133,7 +3157,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: trivy-operator-leader-election + name: trivy-operator subjects: - kind: ServiceAccount name: trivy-operator @@ -3169,26 +3193,6 @@ rules: - get - delete --- -# Source: trivy-operator/templates/rbac/rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: trivy-operator - namespace: trivy-system - labels: - app.kubernetes.io/name: trivy-operator - app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.16.4" - app.kubernetes.io/managed-by: kubectl -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: trivy-operator -subjects: - - kind: ServiceAccount - name: trivy-operator - namespace: trivy-system ---- # Source: trivy-operator/templates/rbac/view-configauditreports-clusterrole.yaml # permissions for end users to view configauditreports apiVersion: rbac.authorization.k8s.io/v1 diff --git a/pkg/apis/aquasecurity/v1alpha1/vulnerability_types.go b/pkg/apis/aquasecurity/v1alpha1/vulnerability_types.go index 64b6fae7a..f55cf2394 100644 --- a/pkg/apis/aquasecurity/v1alpha1/vulnerability_types.go +++ b/pkg/apis/aquasecurity/v1alpha1/vulnerability_types.go @@ -63,17 +63,17 @@ type Artifact struct { // OS is the Operating System of the Artifact type OS struct { - // Family is the Operating System Family + // Eosl is true if OS version has reached end of service life // +optional - Family ostype.OSType `json:"family"` + Eosl bool `json:"eosl,omitempty"` - // Name is the generally the version of the OS + // Operating System Family // +optional - Name string `json:"name,omitempty"` + Family ostype.OSType `json:"family"` - // Eosl is the End of Service Life and is true if the OS version being used has reached it's end of service life + // Name or version of the OS // +optional - Eosl bool `json:"eosl,omitempty"` + Name string `json:"name,omitempty"` } // Vulnerability is the spec for a vulnerability record. diff --git a/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go index bc397f9b5..d3c34a4a6 100644 --- a/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go @@ -754,6 +754,7 @@ func (in *ExposedSecretReportData) DeepCopyInto(out *ExposedSecretReportData) { out.Scanner = in.Scanner out.Registry = in.Registry out.Artifact = in.Artifact + out.OS = in.OS out.Summary = in.Summary if in.Secrets != nil { in, out := &in.Secrets, &out.Secrets @@ -991,6 +992,21 @@ func (in *Metadata) DeepCopy() *Metadata { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OS) DeepCopyInto(out *OS) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OS. +func (in *OS) DeepCopy() *OS { + if in == nil { + return nil + } + out := new(OS) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OrganizationalContact) DeepCopyInto(out *OrganizationalContact) { *out = *in @@ -1435,6 +1451,7 @@ func (in *VulnerabilityReportData) DeepCopyInto(out *VulnerabilityReportData) { out.Scanner = in.Scanner out.Registry = in.Registry out.Artifact = in.Artifact + out.OS = in.OS out.Summary = in.Summary if in.Vulnerabilities != nil { in, out := &in.Vulnerabilities, &out.Vulnerabilities