Skip to content

Commit

Permalink
cmtadm,*: Fix version check for Kubernetes. Again.
Browse files Browse the repository at this point in the history 
The previous version check fix was necessary but not enough.
This should *hopefully* fully fix the version check for Kubernetes.
It also adds a --force option to override the cooldown period,
as well as adds version checks for antctl, calicoctl, and cilium-cli.

Signed-off-by: David Weinehall <david.weinehall@gmail.com>
  • Loading branch information
@taotriad
taotriad committed Apr 18, 2024
1 parent 9e4d42e commit 3598c43
Show file tree
Hide file tree
Showing 10 changed files with 532 additions and 6 deletions.
396 changes: 396 additions & 0 deletions CHANGELOG/CHANGELOG-0.8.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,399 @@
* [v0.8.4](#v084)
* [Downloads](#downloads-for-v084)
* [Source Code](#source-code-for-v084)
* [Distro Packages](#distro-packages-for-v084)
* [General Release Notes](#general-release-notes-for-v084)
* [Urgent Upgrade Notes](#urgent-upgrade-notes-for-v084)
* [Changes by Component](#changes-by-component-in-v084)
* [Changes to _cmt_](#changes-to-cmt-in-v084)
* [Changes to _cmtadm_](#changes-to-cmtadm-in-v084)
* [Changes to _cmtinv_](#changes-to-cmtinv-in-v084)
* [Changes to _cmu_](#changes-to-cmu-in-v084)
* [Changes to other files](#changes-to-other-files-in-v084)
* [Fixed Issues](#fixed-issues-in-v084)
* [Known Regressions](#known-regressions-in-v084)
* [Dependencies](#dependencies-for-v084)
* [Test Results](#test-results-for-v084)
* [Bandit](#bandit-results-for-v084)
* [Coverage](#coverage-results-for-v084)
* [Flake8](#flake8-results-for-v084)
* [Pylint](#pylint-results-for-v084)
* [Regexploit](#regexploit-results-for-v084)
* [Ruff](#ruff-results-for-v084)
* [Semgrep](#semgrep-results-for-v084)
* [validate_playbooks](#validate_playbooks-results-for-v084)
* [validate_yaml](#validate_yaml-results-for-v084)
* [YAMLlint](#yamllint-results-for-v084)

# v0.8.4

## Downloads for v0.8.4

### Source Code for v0.8.4

CMT v0.8.4 does not include source code tarballs. It is just a git tag.
We aim for CMT v0.9.0 to be the first release with source code tarballs.

<!--
| Filename | sha512 hash |
| -------- | ----------- |
| [fixme](https://fixme) | `fixme` |
-->

### Distro packages for v0.8.4

CMT v0.8.4 does not include distro packages. It is just a git tag.
We aim for CMT v0.9.0 to be the first release with distro packages.

<!--
| Filename | sha512 hash |
| -------- | ----------- |
| [fixme](https://fixme) (Debian 11+ amd64 / Ubuntu 22.04+) | `fixme` |
| [fixme](https://fixme) (RHEL 9+ amd64) | `fixme` |
| [fixme](https://fixme) (SLES/openSUSE 15.4+ amd64) | `fixme` |
-->

## General Release Notes for v0.8.4

This is a tagged release of __Cluster Management Toolkit for Kubernetes__ (CMT).
It provides support for setting up Kubernetes clusters either using templates (recommended)
or step by step.

It also provides tools for managing the underlying hosts (and, optionally, hosts
that are not part of the cluster) using Ansible.

Finally it contains a Curses-based user interface (`cmu`) that provides an overview
of the cluster objects and their relations; for instance the user interface provides
links from the Pod view directly to its controller, config maps, logs, namespace,
secrets, etc.

## Urgent Upgrade Notes for v0.8.4

This release contains another fix for the Kubernetes version check.

## Changes by Component in v0.8.4

### Changes to _cmt_ in v0.8.4

No changes.

### Changes to _cmtadm_ in v0.8.4

* `cmtadm check-versions` now has a `--force` option.

### Changes to _cmtinv_ in v0.8.4

No changes.

### Changes to _cmu_ in v0.8.4

No changes.

### Changes to other files in v0.8.4

* `sources/antrea.yaml`, `sources/calico.yaml`, `sources/cilium.yaml`, and `views/__VersionData.yaml`: show version information for antctl, cilium-cli, and calicoctl (if installed).
* `sources/kubernetes.yaml` now uses the correct version check helper.
* `listgetters.py`: listgetter_files() now has an option to skip empty or missing items.

## Fixed Issues in v0.8.4

Fix version check for Kubernetes.

## Known Regressions in v0.8.4

Pylint fails to test the executables; this is an issue in Pylint though, not in CMT.

## Known Issues in v0.8.4

* The UI flickers until data has been populated; it can also flicker in certain other scenarios.
* The version data view in the UI does not refresh the version data.
The version data can be refreshed using `cmtadm cv`.
* Installing to the system path is currently not supported.

## Dependencies for v0.8.4

### Python

| PIP Name | Minimum Version | Note |
| -------------- | --------------- | --------------------------------------- |
| ansible-runner | 2.1.3 | openSUSE/SLES/RHEL, unsupported distros |
| cryptography | | openSUSE, unsupported distros |
| natsort | 8.0.2 | openSUSE/SLES/RHEL, unsupported distros |
| paramiko | | openSUSE/SLES/RHEL, unsupported distros |
| PyYAML | 6.0 | Unsupported distros |
| ujson | 5.4.0 | openSUSE/SLES/RHEL, unsupported distros |
| urllib3 | 1.26.18 | openSUSE/SLES, unsupported distros |
| validators | 0.22.0 | openSUSE/SLES/RHEL, unsupported distros |

### Distro Packages

| Package Name | Distro |
| ---------------------- | ------------------ |
| ansible | Debian/Ubuntu/SUSE |
| python3-ansible-runner | Debian/Ubuntu |
| python3-cryptographya | Debian/RHEL/Ubuntu |
| python3-natsort | Debian/Ubuntu |
| python3-paramiko | Debian/Ubuntu |
| python3-pip | Debian/Ubuntu |
| python3-pyyaml | RHEL |
| python3-ujson | Debian/Ubuntu |
| python3-urllib3 | Debian/Ubuntu/RHEL |
| python3-validators | Debian/Ubuntu |
| python3-yaml | Debian/Ubuntu |
| sshpass | All |

### Manual Installation or Unknown Distro Packages

| Software | Distro |
| -------- | ------------------- |
| ansible | Unsupported distros |
| sshpass | Unsupported distros |

## Test Results for v0.8.4

Before release the code quality has been checked with _pylint_, _flake8_, _mypy_, and _ruff_.
The code has been checked for security issues using _bandit_, _regexploit_, and _semgrep_.
The _Ansible_ playbooks have been checked using _ansible-lint_.
YAML-files have been checked using _yamllint_ and validated against predefined schemas.
Unit-test coverage has been measured using _python3-coverage_.

The results of these tests are as follows:

### Bandit Results for v0.8.4

Commandline: `bandit -c .bandit`.
Execute with `make bandit`.

Output:

```
Test results:
No issues identified.
Code scanned:
Total lines of code: 71488
Total lines skipped (#nosec): 15
Run metrics:
Total issues (by severity):
Undefined: 0.0
Low: 0.0
Medium: 0.0
High: 0.0
Total issues (by confidence):
Undefined: 0.0
Low: 0.0
Medium: 0.0
High: 0.0
Files skipped (0):
```

### Coverage Results for v0.8.4

Commandline: `python3-coverage run --branch --append <file> && python3-coverage report --sort cover --precision 1`.

Execute with:

```
make coverage
make coverage-ansible
make coverage-cluster
```

Output:

```
Name Stmts Miss Branch BrPart Cover
--------------------------------------------------------------
listgetters_async.py 119 100 58 0 10.7%
listgetters.py 1172 959 636 17 15.0%
curses_helper.py 2393 1832 1118 68 19.2%
checks.py 609 457 226 28 19.6%
networkio.py 288 218 149 6 21.1%
itemgetters.py 443 323 254 0 23.8%
logparser.py 1898 1282 1055 30 27.9%
generators.py 740 494 390 5 30.2%
infogetters.py 420 288 208 2 33.4%
kubernetes_helper.py 1433 852 748 103 33.7%
fieldgetters.py 80 39 46 11 41.3%
datagetters.py 274 148 142 11 42.5%
formatters.py 767 324 408 29 54.6%
ansible_helper.py 796 199 488 27 73.8%
cmtlib.py 604 106 346 28 80.2%
cmtio.py 423 35 240 17 91.0%
reexecutor.py 72 2 34 3 95.3%
ansithemeprint.py 211 1 80 3 98.6%
cmtvalidators.py 324 1 200 1 99.6%
commandparser.py 411 0 254 1 99.8%
about.py 19 0 0 0 100.0%
cmtio_yaml.py 34 0 6 0 100.0%
cmtpaths.py 80 0 0 0 100.0%
cmttypes.py 468 0 178 0 100.0%
cni_data.py 38 0 8 0 100.0%
helptexts.py 23 0 0 0 100.0%
kubernetes_resources.py 4 0 0 0 100.0%
objgetters.py 55 0 12 0 100.0%
pvtypes.py 2 0 0 0 100.0%
recommended_permissions.py 11 0 0 0 100.0%
--------------------------------------------------------------
TOTAL 14211 7660 7284 390 42.8%
```


### Flake8 Results for v0.8.4

Commandline: `flake8 --max-line-length 100 --ignore F841,W503 --statistics`.
Execute with `make flake8`.

Output:

No output.

### mypy Results for v0.8.4

Commandline: `mypy --ignore-missing --disallow-untyped-calls --disallow-untyped-defs --disallow-incomplete-defs --check-untyped-defs --disallow-untyped-decorators`.
Execute with `make mypy-markdown`.

| Source file | Score |
| ----------------------- | ------------------------------------------------------- |
| cmt | Success: no issues found in 1 source file |
| cmtadm | Success: no issues found in 1 source file |
| cmt-install | Success: no issues found in 1 source file |
| cmtinv | Success: no issues found in 1 source file |
| cmu | __Found 545 errors in 2 files (checked 1 source file)__ |
| about.py | Success: no issues found in 1 source file |
| ansible_helper.py | Success: no issues found in 1 source file |
| ansithemeprint.py | Success: no issues found in 1 source file |
| checks.py | Success: no issues found in 1 source file |
| cmtio.py | Success: no issues found in 1 source file |
| cmtio_yaml.py | Success: no issues found in 1 source file |
| cmtlib.py | Success: no issues found in 1 source file |
| cmtpaths.py | Success: no issues found in 1 source file |
| cmttypes.py | Success: no issues found in 1 source file |
| cmtvalidators.py | Success: no issues found in 1 source file |
| cni_data.py | Success: no issues found in 1 source file |
| commandparser.py | Success: no issues found in 1 source file |
| curses_helper.py | Success: no issues found in 1 source file |
| datagetters.py | Success: no issues found in 1 source file |
| fieldgetters.py | Success: no issues found in 1 source file |
| formatters.py | Success: no issues found in 1 source file |
| generators.py | Success: no issues found in 1 source file |
| helptexts.py | Success: no issues found in 1 source file |
| infogetters.py | Success: no issues found in 1 source file |
| itemgetters.py | Success: no issues found in 1 source file |
| kubernetes_helper.py | Success: no issues found in 1 source file |
| kubernetes_resources.py | Success: no issues found in 1 source file |
| listgetters.py | Success: no issues found in 1 source file |
| listgetters_async.py | Success: no issues found in 1 source file |
| logparser.py | __Found 103 errors in 1 file (checked 1 source file)__ |
| networkio.py | Success: no issues found in 1 source file |
| objgetters.py | Success: no issues found in 1 source file |
| pvtypes.py | Success: no issues found in 1 source file |
| reexecutor.py | Success: no issues found in 1 source file |

### Pylint Results for v0.8.4

**N/A**. Pylint seems to be broken in Debian at the moment and crashes during testing.

### Regexploit Results for v0.8.4

Commandline: `regexploit`.
Execute with `make regexploit`.

Output:

```
Running regexploit to check for ReDoS attacks
Checking executables
Processed 44 regexes
Checking libraries
Processed 117 regexes
```

### Ruff Results for v0.8.4

Commandline: `ruff`.
Execute with `make ruff`.

Output:

No output.

### Semgrep Results for v0.8.4

Commandline: `semgrep scan --exclude-rule "generic.secrets.security.detected-generic-secret.detected-generic-secret.semgrep-legacy.30980" --timeout=0 --no-git-ignore`.
Execute with `make semgrep`.

Output:

```
┌──── ○○○ ────┐
│ Semgrep CLI │
└─────────────┘
Scanning 911 files with:
✔ Semgrep OSS
✔ Basic security coverage for first-party code vulnerabilities.
✔ Semgrep Code (SAST)
✔ Find and fix vulnerabilities in the code you write with advanced scanning and expert security rules.
✘ Semgrep Supply Chain (SCA)
✘ Find and fix the reachable vulnerabilities in your OSS dependencies.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╸ 100% 0:00:38
┌──────────────┐
│ Scan Summary │
└──────────────┘
Some files were skipped or only partially analyzed.
Partially scanned: 2 files only partially analyzed due to parsing or internal Semgrep errors
Scan skipped: 73 files matching .semgrepignore patterns
For a full list of skipped files, run semgrep with the --verbose flag.
Ran 472 rules on 838 files: 0 findings.
✨ If Semgrep missed a finding, please send us feedback to let us know!
See https://semgrep.dev/docs/reporting-false-negatives/
```

### validate_playbooks Results for v0.8.4

Commandline: `ansible-lint`.
Execute with: `make validate_playbooks`.

`Passed: 0 failure(s), 0 warning(s) on 55 files. Last profile that met the validation criteria was 'production'.`

### validate_yaml Results for v0.8.4

Commandline: `tests/validate_yaml`.
Execute with: `make validate_yaml`.

Output:

```
Summary:
fail: 0
skip: 1
success: 641
total: 642
```

### YAMLlint Results for v0.8.4

Commandline: `yamllint`.
Execute with `make yamllint`.

Output:

No output.

---

* [v0.8.3](#v083)
* [Downloads](#downloads-for-v083)
* [Source Code](#source-code-for-v083)
Expand Down

0 comments on commit 3598c43

Please sign in to comment.