Merge branch 'main' into fix-pr-comments

.github/workflows/main-build.yml

@@ -8,6 +8,11 @@ jobs:
   validate:
     name: Validate
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write # needed for signing the images with GitHub OIDC Token **not production ready**
+
     # build-tools is built from ../../tools/build-tools.Dockerfile
     container: ghcr.io/kedacore/build-tools:main
     steps:
@@ -58,6 +63,19 @@ jobs:
       - name: Publish on GitHub Container Registry
         run: make publish
 
+      # https://github.com/sigstore/cosign-installer
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.4.1'
+      - name: Check Cosign install!
+        run: cosign version
+
+      - name: Sign KEDA images published on GitHub Container Registry
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: make sign-images
+
       - name: Publish on Docker Hub
         run: make publish-dockerhub
 

.github/workflows/release-build.yml

@@ -7,6 +7,12 @@ jobs:
   build:
     name: Push Release
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      deployments: write
+      id-token: write # needed for signing the images with GitHub OIDC Token **not production ready**
+
     # build-tools is built from ../../tools/build-tools.Dockerfile
     container: ghcr.io/kedacore/build-tools:main
     steps:
@@ -65,6 +71,21 @@ jobs:
         env:
           VERSION: ${{ steps.get_version.outputs.VERSION }}
 
+      # https://github.com/sigstore/cosign-installer
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.4.1'
+      - name: Check Cosign install!
+        run: cosign version
+
+      - name: Sign KEDA images published on GitHub Container Registry
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: make sign-images
+        env:
+          VERSION: ${{ steps.get_version.outputs.VERSION }}
+
       - name: Publish KEDA images on Docker Hub
         run: make publish-dockerhub
         env:

.whitesource

@@ -0,0 +1,12 @@
+{
+  "scanSettings": {
+    "baseBranches": []
+  },
+  "checkRunSettings": {
+    "vulnerableCheckRunConclusionLevel": "failure",
+    "displayMode": "diff"
+  },
+  "issueSettings": {
+    "minSeverityLevel": "LOW"
+  }
+}

CHANGELOG.md

@@ -32,6 +32,7 @@
 
 - **General:** `keda-operator` Cluster Role: add `list` and `watch` access to service accounts ([#2406](https://github.com/kedacore/keda/pull/2406))|([#2410](https://github.com/kedacore/keda/pull/2410))
 - **General:** Delete the cache entry when a ScaledObject is deleted ([#2408](https://github.com/kedacore/keda/pull/2408))
+- **General:** Sign KEDA images published on GitHub Container Registry ([#2501](https://github.com/kedacore/keda/pull/2501))|([#2502](https://github.com/kedacore/keda/pull/2502))|([#2504](https://github.com/kedacore/keda/pull/2504))
 - **Azure Pipelines Scaler:** support `poolName` or `poolID` validation ([#2370](https://github.com/kedacore/keda/pull/2370))
 - **Graphite Scaler:** use the latest datapoint returned, not the earliest ([#2365](https://github.com/kedacore/keda/pull/2365))
 - **Kubernetes Workload Scaler:** ignore terminated pods ([#2384](https://github.com/kedacore/keda/pull/2384))
@@ -40,7 +41,9 @@
 - **Kafka Scaler:** concurrently query brokers for consumer and producer offsets ([#2405](https://github.com/kedacore/keda/pull/2405))
 - **External Scaler:** fix wrong calculation of retry backoff duration ([#2416](https://github.com/kedacore/keda/pull/2416))
 - **Kafka Scaler:** allow flag `topic` to be optional, where lag of all topics within the consumer group will be used for scaling ([#2409](https://github.com/kedacore/keda/pull/2409))
+- **General:**  fail fast on `buildScalers` when not able to resolve a secret that a deployment is relying on ([#2394](https://github.com/kedacore/keda/pull/2394))
 - **CPU Scaler:** Adding e2e test for the cpu scaler ([#2441](https://github.com/kedacore/keda/pull/2441))
+- **AWS SQS Scaler**: allow using simple queue name instead of URL ([#2457](https://github.com/kedacore/keda/pull/2457))
 
 ### Breaking Changes
 

Makefile

@@ -43,6 +43,8 @@ endif
 GO_BUILD_VARS= GO111MODULE=on CGO_ENABLED=$(CGO) GOOS=$(TARGET_OS) GOARCH=$(ARCH)
 GO_LDFLAGS="-X=github.com/kedacore/keda/v2/version.GitCommit=$(GIT_COMMIT) -X=github.com/kedacore/keda/v2/version.Version=$(VERSION)"
 
+COSIGN_FLAGS ?= -a GIT_HASH=${GIT_COMMIT} -a GIT_VERSION=${VERSION} -a BUILD_DATE=${DATE}
+
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.22
 
@@ -197,6 +199,10 @@ release: manifests kustomize set-version ## Produce new KEDA release in keda-$(V
 	rm -rf config/default/kustomize-config/metadataLabelTransformer.yaml.out
 	$(KUSTOMIZE) build config/default > keda-$(VERSION).yaml
 
+sign-images: ## Sign KEDA images published on GitHub Container Registry
+	COSIGN_EXPERIMENTAL=1 cosign sign ${COSIGN_FLAGS} $(IMAGE_CONTROLLER)
+	COSIGN_EXPERIMENTAL=1 cosign sign ${COSIGN_FLAGS} $(IMAGE_ADAPTER)
+
 .PHONY: set-version
 set-version:
 	@sed -i".out" -e 's@Version[ ]*=.*@Version = "$(VERSION)"@g' ./version/version.go;

RELEASE-PROCESS.MD

@@ -98,13 +98,6 @@ Before we can release our new Helm chart version, we need to prepare it:
 
 Guidance on how to release it can be found in our [contribution guide](https://github.com/kedacore/charts/blob/master/CONTRIBUTING.md#shipping-a-new-version).
 
-### Deploy KEDA through Azure Functions Core Tools (optional)
-
-Update the following files with the release artifact (YAML):
-
-- https://github.com/Azure/azure-functions-core-tools/blob/v3.x/src/Azure.Functions.Cli/StaticResources/keda-v2.yaml
-- https://github.com/Azure/azure-functions-core-tools/blob/v4.x/src/Azure.Functions.Cli/StaticResources/keda-v2.yaml
-
 ## 8. Prepare next release
 
 Prepare next release by creating a [new GitHub milestone](https://github.com/kedacore/keda/milestones/new) called `v{upcoming-semver-version}` with a target date in 3 months as per our [release governance](https://github.com/kedacore/governance/blob/main/RELEASES.md).

pkg/scalers/aws_sqs_queue_scaler.go

@@ -85,17 +85,18 @@ func parseAwsSqsQueueMetadata(config *ScalerConfig) (*awsSqsQueueMetadata, error
 
 	queueURL, err := url.ParseRequestURI(meta.queueURL)
 	if err != nil {
-		return nil, fmt.Errorf("queueURL is not a valid URL")
-	}
+		// queueURL is not a valid URL, using it as queueName
+		meta.queueName = meta.queueURL
+	} else {
+		queueURLPath := queueURL.Path
+		queueURLPathParts := strings.Split(queueURLPath, "/")
+		if len(queueURLPathParts) != 3 || len(queueURLPathParts[2]) == 0 {
+			return nil, fmt.Errorf("cannot get queueName from queueURL")
+		}
 
-	queueURLPath := queueURL.Path
-	queueURLPathParts := strings.Split(queueURLPath, "/")
-	if len(queueURLPathParts) != 3 || len(queueURLPathParts[2]) == 0 {
-		return nil, fmt.Errorf("cannot get queueName from queueURL")
+		meta.queueName = queueURLPathParts[2]
 	}
 
-	meta.queueName = queueURLPathParts[2]
-
 	if val, ok := config.TriggerMetadata["awsRegion"]; ok && val != "" {
 		meta.awsRegion = val
 	} else {

pkg/scalers/aws_sqs_queue_test.go

@@ -20,6 +20,7 @@ const (
 	testAWSSQSProperQueueURL    = "https://sqs.eu-west-1.amazonaws.com/account_id/DeleteArtifactQ"
 	testAWSSQSImproperQueueURL1 = "https://sqs.eu-west-1.amazonaws.com/account_id"
 	testAWSSQSImproperQueueURL2 = "https://sqs.eu-west-1.amazonaws.com"
+	testAWSSimpleQueueURL       = "my-queue"
 
 	testAWSSQSErrorQueueURL   = "https://sqs.eu-west-1.amazonaws.com/account_id/Error"
 	testAWSSQSBadDataQueueURL = "https://sqs.eu-west-1.amazonaws.com/account_id/BadData"
@@ -165,6 +166,13 @@ var testAWSSQSMetadata = []parseAWSSQSMetadataTestData{
 		},
 		false,
 		"with AWS Role assigned on KEDA operator itself"},
+	{map[string]string{
+		"queueURL":    testAWSSimpleQueueURL,
+		"queueLength": "1",
+		"awsRegion":   "eu-west-1"},
+		testAWSSQSAuthentication,
+		false,
+		"properly formed queue and region"},
 }
 
 var awsSQSMetricIdentifiers = []awsSQSMetricIdentifier{

pkg/scaling/scale_handler.go

@@ -186,7 +186,10 @@ func (h *scaleHandler) GetScalersCache(ctx context.Context, scalableObject inter
 		return nil, err
 	}
 
-	scalers := h.buildScalers(ctx, withTriggers, podTemplateSpec, containerName)
+	scalers, err := h.buildScalers(ctx, withTriggers, podTemplateSpec, containerName)
+	if err != nil {
+		return nil, err
+	}
 
 	h.scalerCaches[key] = &cache.ScalersCache{
 		Generation: withTriggers.Generation,
@@ -273,7 +276,7 @@ func (h *scaleHandler) checkScalers(ctx context.Context, scalableObject interfac
 }
 
 // buildScalers returns list of Scalers for the specified triggers
-func (h *scaleHandler) buildScalers(ctx context.Context, withTriggers *kedav1alpha1.WithTriggers, podTemplateSpec *corev1.PodTemplateSpec, containerName string) []cache.ScalerBuilder {
+func (h *scaleHandler) buildScalers(ctx context.Context, withTriggers *kedav1alpha1.WithTriggers, podTemplateSpec *corev1.PodTemplateSpec, containerName string) ([]cache.ScalerBuilder, error) {
 	logger := h.logger.WithValues("type", withTriggers.Kind, "namespace", withTriggers.Namespace, "name", withTriggers.Name)
 	var err error
 	resolvedEnv := make(map[string]string)
@@ -313,7 +316,10 @@ func (h *scaleHandler) buildScalers(ctx context.Context, withTriggers *kedav1alp
 			if scaler != nil {
 				scaler.Close(ctx)
 			}
-			continue
+			for _, builder := range result {
+				builder.Scaler.Close(ctx)
+			}
+			return nil, err
 		}
 
 		result = append(result, cache.ScalerBuilder{
@@ -322,7 +328,7 @@ func (h *scaleHandler) buildScalers(ctx context.Context, withTriggers *kedav1alp
 		})
 	}
 
-	return result
+	return result, nil
 }
 
 func buildScaler(ctx context.Context, client client.Client, triggerType string, config *scalers.ScalerConfig) (scalers.Scaler, error) {

tests/package.json

@@ -26,8 +26,8 @@
     "azure-storage": "^2.10.3",
     "chalk": "^2.4.2",
     "eol": "^0.9.1",
-    "node-forge": "^0.10.0",
-    "shelljs": "^0.8.3",
+    "node-forge": "^1.0.0",
+    "shelljs": "^0.8.5",
     "tmp": "^0.1.0",
     "ts-node": "^8.4.1",
     "typescript": "^3.6.4",