update "chart" (https://github.com/anchore/anchore-charts) from...

update "chart" (https://github.com/anchore/anchore-charts) from "anchore-engine-1.12.7" (e41ae9622408427aed876dcf91cea86d1cddf57a) to "anchore-engine-1.12.13" (f9a34a42d694e657b5f3d493f590fc3f7a8b933e)

update "chart" (https://github.com/anchore/anchore-charts) from...
update "chart" (https://github.com/anchore/anchore-charts) from "anchore-engine-1.12.7" (e41ae9622408427aed876dcf91cea86d1cddf57a) to "anchore-engine-1.12.13" (f9a34a42d694e657b5f3d493f590fc3f7a8b933e)
9366acae · bhearn · 25fd5798 · 9366acae · 9366acae · 9366acae
Commit 9366acae authored May 12, 2021 by bhearn
8 changed files
--- a/chart/templates/policy_engine_deployment.yaml
+++ b/chart/templates/policy_engine_deployment.yaml
@@ -106,10 +106,15 @@ spec:
        {{- end }}
        envFrom:
        {{- if not .Values.inject_secrets_via_env }}
+        {{- if .Values.anchoreGlobal.existingSecret }}
        - secretRef:
-            name: {{ default (include "anchore-engine.fullname" .) .Values.anchoreGlobal.existingSecret }}
+            name: {{ .Values.anchoreGlobal.existingSecret }}
+        {{- else }}
+        - secretRef:
+            name: {{ include "anchore-engine.fullname" . }}
        - secretRef:
-            name: {{ default (print (include "anchore-engine.fullname" .) "-admin-pass") .Values.anchoreGlobal.existingSecret }}
+            name: {{ print (include "anchore-engine.fullname" .) "-admin-pass" }}
+        {{- end }}
        {{- end }}
        - configMapRef:
            name: {{ template "anchore-engine.fullname" . }}-env

--- a/chart/templates/simplequeue_deployment.yaml
+++ b/chart/templates/simplequeue_deployment.yaml
@@ -92,10 +92,15 @@ spec:
        {{- end }}
        envFrom:
        {{- if not .Values.inject_secrets_via_env }}
+        {{- if .Values.anchoreGlobal.existingSecret }}
        - secretRef:
-            name: {{ default (include "anchore-engine.fullname" .) .Values.anchoreGlobal.existingSecret }}
+            name: {{ .Values.anchoreGlobal.existingSecret }}
+        {{- else }}
+        - secretRef:
+            name: {{ include "anchore-engine.fullname" . }}
        - secretRef:
-            name: {{ default (print (include "anchore-engine.fullname" .) "-admin-pass") .Values.anchoreGlobal.existingSecret }}
+            name: {{ print (include "anchore-engine.fullname" .) "-admin-pass" }}
+        {{- end }}
        {{- end }}
        - configMapRef:
            name: {{ template "anchore-engine.fullname" . }}-env

--- a/chart/templates/tests/test-scripts.yaml
+++ b/chart/templates/tests/test-scripts.yaml
+{{- include "bb-test-lib.script-configmap.base" . }}
+---
+{{- include "bb-test-lib.script-runner.base" . }}
\ No newline at end of file
--- a/chart/tests/scripts/test.sh
+++ b/chart/tests/scripts/test.sh
+#!/bin/bash
+
+# Wait for Anchore Engine API to go live
+while [ $(curl -sw '%{http_code}' -u "admin:${ANCHORE_CLI_PASS}" "${ANCHORE_CLI_URL}/swagger.json" -o /dev/null) -ne 200 ]; do
+  echo "Waiting for Anchore API..."
+  sleep 10;
+done
+
+echo "Retrieving system health..."
+status=$(anchore-cli --debug system status 2>&1)
+
+# IF status code is 200 AND all services are up
+if [[ ${status} =~ "httpcode from response: 200" && ${status} =~ "analyzer:8084): up" && ${status} =~ "simplequeue:8083): up" && ${status} =~ "policy:8087): up" && ${status} =~ "api:8228): up" && ${status} =~ "catalog:8082): up" ]]; then
+  echo "200 OK - all services up!"
+else
+  echo ${status}
+  sleep 10
+  exit 1
+fi
+
+echo "Initiating image analysis..."
+add=$(anchore-cli --debug image add docker.io/library/centos:latest 2>&1)
+
+# IF status code is 200
+if [[ ${add} =~ "httpcode from response: 200" ]]; then
+  echo "200 OK - image analysis initiated!"
+else
+  echo ${add}
+  sleep 10
+  exit 1
+fi
+
+echo "Waiting for image analysis to complete..."
+wait=$(anchore-cli --debug image wait docker.io/library/centos:latest 2>&1)
+
+# IF status code is 200
+if [[ ${wait} =~ "httpcode from response: 200" ]]; then
+  echo "200 OK - image analysis completed!"
+else
+  echo ${wait}
+  sleep 10
+  exit 1
+fi
+
+# List analyzed images
+echo "Listing analyzed images..."
+list=$(anchore-cli --debug image list 2>&1)
+
+# IF status code is 200
+if [[ ${list} =~ "httpcode from response: 200" ]]; then
+  echo "200 OK - image analysis stored!"
+else
+  echo ${list}
+  sleep 10
+  exit 1
+fi
\ No newline at end of file
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -114,7 +114,7 @@ cloudsql:
  image:
    # set repo and image tag of gce-proxy
    repository: gcr.io/cloudsql-docker/gce-proxy
-    tag: 1.12
+    tag: 1.22.0
    pullPolicy: IfNotPresent

 # Create an ingress resource for all external anchore engine services (API & Enterprise UI).
@@ -953,7 +953,7 @@ anchoreEnterpriseNotifications:
 anchoreEnterpriseUi:
  # If enabled is set to false, set anchore-ui-redis.enabled to false to ensure that helm doesn't stand up a unneccessary redis instance.
  enabled: true
-  image: registry1.dso.mil/ironbank/anchore/enterpriseui/enterpriseui:3.0.1
+  image: registry1.dso.mil/ironbank/anchore/enterpriseui/enterpriseui:3.0.2
  imagePullPolicy: IfNotPresent
  imagePullSecretName: private-registry

@@ -1067,7 +1067,7 @@ anchore-ui-redis:
  # enabled: false

  # If 'enabled: false', specify an external redis endpoint -
-  # eg redis://:<password>@hostname:6379
+  # eg redis://nouser:<password>@hostname:6379
  externalEndpoint: Null

 # Pod configuration for the helm post-install-hook enterprise engine upgrade Job

--- a/tests/cypress.json
+++ b/tests/cypress.json
-{
-  "pluginsFile": false,
-  "supportFile": false,
-  "fixturesFolder": false,
-  "env": {
-    "anchore_url": "anchore-api.bigbang.dev/v1/swagger.json"
-  }
-}
--- a/tests/cypress/integration/anchore-api-health.spec.js
+++ b/tests/cypress/integration/anchore-api-health.spec.js
-describe('Basic Anchore API', function() {
-  beforeEach(() => {
-    cy.request(Cypress.env('anchore_url')).as('anchore-api');
-  });
-  it('Validate the header', () => {
-    cy.get('@anchore-api')
-      .its('headers')
-      .its('content-type')
-      .should('include', 'application/json');
-  });
-  it('Validate the status code', () => {
-    cy.get('@anchore-api')
-      .its('status')
-      .should('equal', 200);
-  });
-  it('Validate API object', () => {
-    cy.get('@anchore-api')
-      .its('body')
-      .should('include', { basePath: '/v1' });
-  });
-})
--- a/tests/test-values.yml
+++ b/tests/test-values.yml
 istio:
  enabled: true

+bbtests:
+  scripts:
+    image: registry1.dso.mil/ironbank/anchore/cli/cli:0.9.1
+    envs:
+      ANCHORE_CLI_URL: "http://{{ template \"anchore-engine.api.fullname\" . }}:{{ .Values.anchoreApi.service.port }}/v1"
+      ANCHORE_CLI_USER: admin
+    secretEnvs:
+      - name: ANCHORE_CLI_PASS
+        valueFrom:
+          secretKeyRef:
+            name: "{{ template \"anchore-engine.fullname\" . }}-admin-pass"
+            key: ANCHORE_ADMIN_PASSWORD
+
 postgresql:
-  imagePullSecrets: private-registry-mil
  enabled: true

-anchoreGlobal:
-  imagePullSecretName: private-registry-mil
+# anchoreGlobal:

 anchoreAnalyzer:
  replicaCount: 1

-anchoreEnterpriseGlobal:
-  imagePullSecretName: private-registry-mil
+# anchoreEnterpriseGlobal:
+
+# anchore-feeds-db:

-anchore-feeds-db:
-  imagePullSecrets: private-registry-mil
-anchore-ui-redis:
-  global:
-    imagePullSecrets:
-      - private-registry-mil
+# anchore-ui-redis:
+#   global:
\ No newline at end of file