Resolve "Add LABEL_ALLOWLIST_REGEX to pipeline"
Closes #230 (closed)
This MR allows additional labels in the hardening_manifest.yaml on per project after approval basis. additionalProperties not used because it allows all additional properties, whereas just using PatternProperties allows. Will need to add LABEL_ALLOWLIST_REGEX to CI variables for https://repo1.dso.mil/dsop/aqua-security/enterprise before merging.
Tested locally, with the following results:
export LABEL_ALLOWLIST_REGEX='^com\.aquasec[a-zA-Z0-9_.-]*$'hardening_manifest.yaml with incorrect labels
org.opencontainers.image.title: "console-5.3"
## Human-readable description of the software packaged in the image
org.opencontainers.image.description: "Aqua Security Enterprise - console"
## License(s) under which contained software is distributed
org.opencontainers.image.licenses: "proprietary"
## URL to find more information on the image
# org.opencontainers.image.url: "FIXME"
## Name of the distributing entity, organization or individual
org.opencontainers.image.vendor: "Aqua Security"
org.opencontainers.image.version: "5.3.21026-ubi8"
## Keywords to help with search (ex. "cicd,gitops,golang")
mil.dso.ironbank.image.keywords: "FIXME"
## This value can be "opensource" or "commercial"
mil.dso.ironbank.image.type: "commercial"
## Product the image belongs to for grouping multiple images
# mil.dso.ironbank.product.name: "FIXME"
mil.dso.ironbank.foo.bar: "foobar"
test.arbitrary: "something"
com.aquasec: "test"
com.aquasec..builddate: "2021-01-26T09:44:48"
com.aquasec.c ommit: "3e586a1"
com.aquasec. component: "console"
com.aquasec.\nrelease: "5.3.0"
com.aquasec./version: "5.3.0"
com.aquasec.dod.commit: "a2831d5"
com.aquasec.dod.builddate: "2021-02-12T01:23+02:00"
com.aquasec.baseimage: "registry1.dsop.io/ironbank/redhat/ubi/ubi8-minimal:8.3"hardening_manifest.yaml with correct labels
org.opencontainers.image.title: "console-5.3"
## Human-readable description of the software packaged in the image
org.opencontainers.image.description: "Aqua Security Enterprise - console"
## License(s) under which contained software is distributed
org.opencontainers.image.licenses: "proprietary"
## URL to find more information on the image
# org.opencontainers.image.url: "FIXME"
## Name of the distributing entity, organization or individual
org.opencontainers.image.vendor: "Aqua Security"
org.opencontainers.image.version: "5.3.21026-ubi8"
## Keywords to help with search (ex. "cicd,gitops,golang")
mil.dso.ironbank.image.keywords: "FIXME"
## This value can be "opensource" or "commercial"
mil.dso.ironbank.image.type: "commercial"
## Product the image belongs to for grouping multiple images
# mil.dso.ironbank.product.name: "FIXME"
com.aquasec: "sdaf"
com.aquasec.builddate: "2021-01-26T09:44:48"
com.aquasec.commit: "3e586a1"
com.aquasec.component: "console"
com.aquasec.release: "5.3.0"
com.aquasec.version: "5.3.0"
com.aquasec.dod.commit: "a2831d5"
com.aquasec.dod.builddate: "2021-02-12T01:23+02:00"
com.aquasec.baseimage: "registry1.dsop.io/ironbank/redhat/ubi/ubi8-minimal:8.3"All incorrect labels included
ERROR: 'com.aquasec..builddate' does not match '^[a-z0-9]([.-]?[a-z0-9]+)*$'builddate resolved
ERROR: 'com.aquasec.c ommit' does not match '^[a-z0-9]([.-]?[a-z0-9]+)*$'builddate, commit resolved
ERROR: 'com.aquasec. component' does not match '^[a-z0-9]([.-]?[a-z0-9]+)*$'builddate, commit, component resolved
ERROR: 'com.aquasec.\\nrelease' does not match '^[a-z0-9]([.-]?[a-z0-9]+)*$'builddate, commit, component, release resolved
ERROR: 'com.aquasec./version' does not match '^[a-z0-9]([.-]?[a-z0-9]+)*$'builddate, commit, component, release, version resolved
ERROR: 'mil.dso.ironbank.foo.bar', 'test.arbitrary' do not match any of the regexes: '^com\\.aquasec[a-zA-Z0-9_.-]*$'builddate, commit, component, release, version, and non com.aquasec labels resolved
INFO: JSON is validated