Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(Conftest): Error: configmap references non-existent config key #511

Merged
merged 1 commit into from
Apr 20, 2021

Conversation

danielpacak
Copy link
Contributor

@danielpacak danielpacak commented Apr 19, 2021

When we created a scan Job for config audits it referred directly
to the starboard-conftest-config ConfigMap. However, the ConfigMap
might have changed before the Job was run. When we removed a policy
from the ConfigMap the Job got stuck in the Pending state due to
non-existent config key error.

The solution is to copy policies to a temporary Secret and associate
it with the scan Job so we're agnostic to changes of the
starboard-conftest-config ConfigMap.

Resolves: #509

Signed-off-by: Daniel Pacak [email protected]

@codecov
Copy link

codecov bot commented Apr 19, 2021

Codecov Report

Merging #511 (eb5a05b) into main (118f987) will increase coverage by 0.13%.
The diff coverage is 92.68%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #511      +/-   ##
==========================================
+ Coverage   70.62%   70.76%   +0.13%     
==========================================
  Files          62       62              
  Lines        4024     4019       -5     
==========================================
+ Hits         2842     2844       +2     
+ Misses        873      868       -5     
+ Partials      309      307       -2     
Impacted Files Coverage Δ
pkg/plugin/conftest/plugin.go 87.97% <92.68%> (+0.85%) ⬆️
pkg/operator/controller/vulnerabilityreport.go 66.66% <0.00%> (+0.41%) ⬆️
pkg/operator/controller/ciskubebenchreport.go 67.20% <0.00%> (+2.15%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 118f987...eb5a05b. Read the comment docs.

@danielpacak danielpacak marked this pull request as ready for review April 20, 2021 07:52
When we created a scan Job for config audits it referred directly
to the starboard-conftest-config ConfigMap. However, the ConfigMap
might have changed before the Job was run. When we removed a policy
from the ConfigMap the Job got stuck in the Pending state due to
non-existent config key error.

The solution is to copy policies to a temporary Secret and associate
it with the scan Job so we're agnostic to changes of the
starboard-conftest-config ConfigMap.

Resolves: #509

Signed-off-by: Daniel Pacak <[email protected]>
@danielpacak danielpacak added this to the Release v0.10.1 milestone Apr 20, 2021
@danielpacak danielpacak requested review from itaysk and deven0t and removed request for itaysk April 20, 2021 08:33
Copy link
Collaborator

@deven0t deven0t left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@danielpacak danielpacak merged commit 0ccb209 into main Apr 20, 2021
@danielpacak danielpacak deleted the issue_509 branch April 20, 2021 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Conftest: configmap references non-existent config key: *****.rego
2 participants