Skip to content

chore: Upgrade CF for multi-engine #2616

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
maxsmythe merged 3 commits into from
Mar 8, 2023
Merged

chore: Upgrade CF for multi-engine #2616

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
101a230
chore: Upgrade CF for multi-engine
maxsmythe Mar 6, 2023
76f990d
fix tests
maxsmythe Mar 6, 2023
adeffe6
run make manifests
maxsmythe Mar 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ require (
github.com/onsi/ginkgo/v2 v2.8.4
github.com/onsi/gomega v1.27.2
github.com/open-policy-agent/cert-controller v0.4.0
github.com/open-policy-agent/frameworks/constraint v0.0.0-20230303021054-89ae905c94d2
github.com/open-policy-agent/frameworks/constraint v0.0.0-20230304011918-d82cbe189211
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.14.0
github.com/spf13/cobra v1.6.1
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -946,8 +946,8 @@ github.com/onsi/gomega v1.27.2 h1:SKU0CXeKE/WVgIV1T61kSa3+IRE8Ekrv9rdXDwwTqnY=
github.com/onsi/gomega v1.27.2/go.mod h1:5mR3phAHpkAVIDkHEUBY6HGVsU+cpcEscrGPB4oPlZI=
github.com/open-policy-agent/cert-controller v0.4.0 h1:AQntgNq7fsoHgnoKrOk0lpRyab1na09vibeJCX4YBCs=
github.com/open-policy-agent/cert-controller v0.4.0/go.mod h1:uOQW+2tMU51vSxy1Yt162oVUTMdqLuotC0aObQxrh6k=
github.com/open-policy-agent/frameworks/constraint v0.0.0-20230303021054-89ae905c94d2 h1:+ttWrgw5pmieSfAhq843CtJ5JoEunuH/n6PCh/vj6Kk=
github.com/open-policy-agent/frameworks/constraint v0.0.0-20230303021054-89ae905c94d2/go.mod h1:jggTVbseMnEQmCSgMRXByS4P7ykSBz6pLlxsbncSALM=
github.com/open-policy-agent/frameworks/constraint v0.0.0-20230304011918-d82cbe189211 h1:Ma5rn7r3rPwyP9OXi6zNKjNDsCHYccjcno9M83SHgO0=
github.com/open-policy-agent/frameworks/constraint v0.0.0-20230304011918-d82cbe189211/go.mod h1:jggTVbseMnEQmCSgMRXByS4P7ykSBz6pLlxsbncSALM=
github.com/open-policy-agent/opa v0.49.2 h1:n8ntRq/yDWy+cmYaqSLrHXmrT3tX8WlK28vjFQdC6W8=
github.com/open-policy-agent/opa v0.49.2/go.mod h1:7L3lN5qe8xboRmEHxC5lGjo5KsRMdK+CCLiFoOCP7rU=
github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
Expand Down
10 changes: 5 additions & 5 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ import (
"github.com/go-logr/zapr"
"github.com/open-policy-agent/cert-controller/pkg/rotator"
constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego"
frameworksexternaldata "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata"
api "github.com/open-policy-agent/gatekeeper/apis"
configv1alpha1 "github.com/open-policy-agent/gatekeeper/apis/config/v1alpha1"
Expand Down Expand Up @@ -335,11 +335,11 @@ func setupControllers(mgr ctrl.Manager, sw *watch.ControllerSwitch, tracker *rea
<-setupFinished

var providerCache *frameworksexternaldata.ProviderCache
args := []local.Arg{local.Tracing(false), local.DisableBuiltins(disabledBuiltins.ToSlice()...)}
args := []rego.Arg{rego.Tracing(false), rego.DisableBuiltins(disabledBuiltins.ToSlice()...)}
mutationOpts := mutation.SystemOpts{Reporter: mutation.NewStatsReporter()}
if *externaldata.ExternalDataEnabled {
providerCache = frameworksexternaldata.NewCache()
args = append(args, local.AddExternalDataProviderCache(providerCache))
args = append(args, rego.AddExternalDataProviderCache(providerCache))
mutationOpts.ProviderCache = providerCache

certFile := filepath.Join(*certDir, certName)
Expand All @@ -359,13 +359,13 @@ func setupControllers(mgr ctrl.Manager, sw *watch.ControllerSwitch, tracker *rea
}

// register the client cert watcher to the driver
args = append(args, local.EnableExternalDataClientAuth(), local.AddExternalDataClientCertWatcher(certWatcher))
args = append(args, rego.EnableExternalDataClientAuth(), rego.AddExternalDataClientCertWatcher(certWatcher))

// register the client cert watcher to the mutation system
mutationOpts.ClientCertWatcher = certWatcher
}
// initialize OPA
driver, err := local.New(args...)
driver, err := rego.New(args...)
if err != nil {
setupLog.Error(err, "unable to set up Driver")
return err
Expand Down
56 changes: 55 additions & 1 deletion manifest_staging/charts/gatekeeper/crds/constrainttemplate-customresourcedefinition.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.11.3
labels:
gatekeeper.sh/system: "yes"
name: constrainttemplates.templates.gatekeeper.sh
Expand Down Expand Up @@ -61,6 +61,24 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template. "Rego" can only be specified in one place (either here or in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example: "Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down Expand Up @@ -156,6 +174,24 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template. "Rego" can only be specified in one place (either here or in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example: "Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down Expand Up @@ -251,6 +287,24 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template. "Rego" can only be specified in one place (either here or in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example: "Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down
2 changes: 1 addition & 1 deletion manifest_staging/charts/gatekeeper/crds/provider-customresourcedefinition.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.11.3
labels:
gatekeeper.sh/system: "yes"
name: providers.externaldata.gatekeeper.sh
Expand Down
58 changes: 56 additions & 2 deletions manifest_staging/deploy/gatekeeper.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1927,7 +1927,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.11.3
labels:
gatekeeper.sh/system: "yes"
name: constrainttemplates.templates.gatekeeper.sh
Expand Down Expand Up @@ -1986,6 +1986,24 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template. "Rego" can only be specified in one place (either here or in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example: "Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down Expand Up @@ -2081,6 +2099,24 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template. "Rego" can only be specified in one place (either here or in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example: "Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down Expand Up @@ -2176,6 +2212,24 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template. "Rego" can only be specified in one place (either here or in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example: "Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down Expand Up @@ -3048,7 +3102,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.11.3
labels:
gatekeeper.sh/system: "yes"
name: providers.externaldata.gatekeeper.sh
Expand Down
6 changes: 3 additions & 3 deletions pkg/controller/config/config_controller_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import (
"github.com/google/go-cmp/cmp"
"github.com/onsi/gomega"
constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego"
configv1alpha1 "github.com/open-policy-agent/gatekeeper/apis/config/v1alpha1"
"github.com/open-policy-agent/gatekeeper/pkg/controller/config/process"
"github.com/open-policy-agent/gatekeeper/pkg/fakes"
Expand Down Expand Up @@ -127,7 +127,7 @@ func TestReconcile(t *testing.T) {
c := testclient.NewRetryClient(mgr.GetClient())

// initialize OPA
driver, err := local.New(local.Tracing(true))
driver, err := rego.New(rego.Tracing(true))
if err != nil {
t.Fatalf("unable to set up Driver: %v", err)
}
Expand Down Expand Up @@ -382,7 +382,7 @@ func TestConfig_DeleteSyncResources(t *testing.T) {

func setupController(mgr manager.Manager, wm *watch.Manager, tracker *readiness.Tracker, events <-chan event.GenericEvent) error {
// initialize OPA
driver, err := local.New(local.Tracing(true))
driver, err := rego.New(rego.Tracing(true))
if err != nil {
return fmt.Errorf("unable to set up Driver: %w", err)
}
Expand Down
6 changes: 3 additions & 3 deletions pkg/controller/constrainttemplate/constrainttemplate_controller_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ import (
templatesv1 "github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1"
"github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1"
constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego"
statusv1beta1 "github.com/open-policy-agent/gatekeeper/apis/status/v1beta1"
"github.com/open-policy-agent/gatekeeper/pkg/fakes"
"github.com/open-policy-agent/gatekeeper/pkg/readiness"
Expand Down Expand Up @@ -162,7 +162,7 @@ func TestReconcile(t *testing.T) {
}

// initialize OPA
driver, err := local.New(local.Tracing(true))
driver, err := rego.New(rego.Tracing(true))
if err != nil {
t.Fatalf("unable to set up Driver: %v", err)
}
Expand Down Expand Up @@ -585,7 +585,7 @@ violation[{"msg": "denied!"}] {
}

// initialize OPA
driver, err := local.New(local.Tracing(true))
driver, err := rego.New(rego.Tracing(true))
if err != nil {
t.Fatalf("unable to set up Driver: %v", err)
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"github.com/onsi/gomega"
"github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1"
constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego"
podstatus "github.com/open-policy-agent/gatekeeper/apis/status/v1beta1"
"github.com/open-policy-agent/gatekeeper/pkg/controller/constrainttemplate"
"github.com/open-policy-agent/gatekeeper/pkg/fakes"
Expand Down Expand Up @@ -113,7 +113,7 @@ violation[{"msg": "denied!"}] {
}

// initialize OPA
driver, err := local.New(local.Tracing(true))
driver, err := rego.New(rego.Tracing(true))
if err != nil {
t.Fatalf("unable to set up Driver: %v", err)
}
Expand Down
6 changes: 3 additions & 3 deletions pkg/controller/externaldata/externaldata_controller_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
externaldataUnversioned "github.com/open-policy-agent/frameworks/constraint/pkg/apis/externaldata/unversioned"
externaldatav1beta1 "github.com/open-policy-agent/frameworks/constraint/pkg/apis/externaldata/v1beta1"
constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego"
frameworksexternaldata "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata"
"github.com/open-policy-agent/gatekeeper/pkg/externaldata"
"github.com/open-policy-agent/gatekeeper/pkg/readiness"
Expand Down Expand Up @@ -84,8 +84,8 @@ func TestReconcile(t *testing.T) {
pc := frameworksexternaldata.NewCache()

// initialize OPA
args := []local.Arg{local.Tracing(false), local.AddExternalDataProviderCache(pc)}
driver, err := local.New(args...)
args := []rego.Arg{rego.Tracing(false), rego.AddExternalDataProviderCache(pc)}
driver, err := rego.New(args...)
if err != nil {
t.Fatalf("unable to set up Driver: %v", err)
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/gator/opa.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@ package gator

import (
constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego"
"github.com/open-policy-agent/gatekeeper/pkg/target"
)

func NewOPAClient(includeTrace bool) (Client, error) {
driver, err := local.New(local.Tracing(includeTrace))
driver, err := rego.New(rego.Tracing(includeTrace))
if err != nil {
return nil, err
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/gator/test/test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
"github.com/open-policy-agent/frameworks/constraint/pkg/apis"
templatesv1 "github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1"
constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego"
"github.com/open-policy-agent/gatekeeper/pkg/expansion"
"github.com/open-policy-agent/gatekeeper/pkg/gator/expand"
"github.com/open-policy-agent/gatekeeper/pkg/gator/reader"
Expand All @@ -30,7 +30,7 @@ func init() {
func Test(objs []*unstructured.Unstructured, includeTrace bool) (*GatorResponses, error) {
// create the client

driver, err := local.New(local.Tracing(includeTrace))
driver, err := rego.New(rego.Tracing(includeTrace))
if err != nil {
return nil, err
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/readiness/ready_tracker_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ import (
externaldataUnversioned "github.com/open-policy-agent/frameworks/constraint/pkg/apis/externaldata/unversioned"
"github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1"
constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego"
frameworksexternaldata "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata"
"github.com/open-policy-agent/gatekeeper/pkg/controller"
"github.com/open-policy-agent/gatekeeper/pkg/controller/config/process"
Expand Down Expand Up @@ -89,7 +89,7 @@ func setupManager(t *testing.T) (manager.Manager, *watch.Manager) {

func setupOpa(t *testing.T) *constraintclient.Client {
// initialize OPA
driver, err := local.New(local.Tracing(false))
driver, err := rego.New(rego.Tracing(false))
if err != nil {
t.Fatalf("setting up Driver: %v", err)
}
Expand Down
Loading