automated commit

Signed-off-by: Public copy <41898282+github-actions[bot]@users.noreply.github.com>

images/stakater-reloader/README.md

@@ -13,7 +13,7 @@
 <!--monopod:end-->
 
 <!--overview:start-->
-Minimal image with Keda, a Kubernetes-based Event Driven Autoscaler.
+Minimal image with stakater Reloader, a Kubernetes controller to watch changes in ConfigMap and Secrets
 <!--overview:end-->
 
 <!--getting:start-->

images/stakater-reloader/metadata.yaml

@@ -3,10 +3,10 @@ image: cgr.dev/chainguard/stakater-reloader
 logo: https://storage.googleapis.com/chainguard-academy/logos/stakater-reloader.svg
 endoflife: ""
 console_summary: ""
-short_description: Minimal image with Keda, a Kubernetes-based Event Driven Autoscaler.
+short_description: Minimal image with stakater Reloader, a Kubernetes controller to watch changes in ConfigMap and Secrets
 compatibility_notes: ""
 readme_file: README.md
-upstream_url: https://keda.sh
+upstream_url: https://docs.stakater.com/reloader
 keywords:
   - application
   - kubernetes

tflib/imagetest/checks/main.tf

@@ -0,0 +1,77 @@
+data "imagetest_inventory" "this" {}
+
+resource "imagetest_harness_docker" "this" {
+  name      = "cli"
+  inventory = data.imagetest_inventory.this
+
+  privileged = false
+}
+
+resource "imagetest_feature" "openssl_fips" {
+  count = var.check_openssl_fips ? 1 : 0
+
+  name        = "openssl-fips"
+  description = "Test OpenSSL FIPS"
+  harness     = imagetest_harness_docker.this
+
+  steps = [
+    {
+      name = "Testing if FIPS module is available"
+      cmd  = <<EOT
+        set -euxo pipefail
+        docker run --rm --entrypoint openssl ${var.image_ref} list -providers  | grep -q 'fips'
+      EOT
+    },
+    {
+      name = "Testing if legacy module is unavailable"
+      cmd  = <<EOT
+        set -euxo pipefail
+        ! docker run --rm --entrypoint openssl ${var.image_ref} list -providers | grep -q 'legacy'
+      EOT
+    },
+    {
+      name = "Testing if MD5 hashing fails"
+      cmd  = <<EOT
+        set -euxo pipefail
+        ! docker run --rm --entrypoint openssl ${var.image_ref} dgst -md5 /dev/null
+      EOT
+    },
+    {
+      name = "Testing if SHA2-512 hashing succeeds"
+      cmd  = <<EOT
+        set -euxo pipefail
+        docker run --rm --entrypoint openssl ${var.image_ref} dgst -sha512 /dev/null
+      EOT
+    },
+  ]
+
+  labels = { type = "container" }
+}
+
+resource "imagetest_feature" "md5" {
+  count = var.check_openssl_md5 ? 1 : 0
+
+  name        = "md5"
+  description = "Test md5"
+  harness     = imagetest_harness_docker.this
+
+  steps = [
+    {
+      name = "Testing if md5 as hash function is available"
+      cmd  = <<EOT
+        set -euxo pipefail
+        docker run --rm --entrypoint openssl ${var.image_ref} dgst -list | grep -q md5
+      EOT
+    },
+    {
+      name = "Testing md5 by computing digest"
+      cmd  = <<EOT
+        set -euxo pipefail
+        docker run --rm --entrypoint openssl ${var.image_ref} dgst -md5 /dev/null
+      EOT
+    },
+  ]
+
+  labels = { type = "container" }
+}
+

tflib/imagetest/checks/providers.tf

@@ -0,0 +1,5 @@
+terraform {
+  required_providers {
+    imagetest = { source = "chainguard-dev/imagetest" }
+  }
+}

tflib/imagetest/checks/variables.tf

@@ -0,0 +1,17 @@
+variable "check_openssl_fips" {
+  type        = bool
+  description = "Whether to test openssl to be FIPS hardenened"
+  default     = false
+}
+
+variable "check_openssl_md5" {
+  type        = bool
+  description = "Whether to test if md5 is supported with openssl CLI"
+  default     = false
+}
+
+variable "image_ref" {
+  type        = string
+  description = "The image reference to run checks over"
+}
+