mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-11 03:37:42 +00:00
type -> kind
This commit is contained in:
Robert Brennan
@@ -33,11 +33,11 @@ const (
|
||||
// ControllerStrings are strongly ordered to match the SupportedController enum
|
||||
var ControllerStrings = []string{
|
||||
"Unsupported",
|
||||
"Deployments",
|
||||
"StatefulSets",
|
||||
"DaemonSets",
|
||||
"Jobs",
|
||||
"CronJobs",
|
||||
"Deployment",
|
||||
"StatefulSet",
|
||||
"DaemonSet",
|
||||
"Job",
|
||||
"CronJob",
|
||||
"ReplicationController",
|
||||
}
|
||||
|
||||
|
||||
@@ -19,8 +19,8 @@ import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
)
|
||||
|
||||
func ValidateContainer(conf *config.Configuration, basePod *corev1.PodSpec, container *corev1.Container, controllerName string, controllerType config.SupportedController, isInit bool) ContainerResult {
|
||||
results, err := applyContainerSchemaChecks(conf, basePod, container, controllerName, controllerType, isInit)
|
||||
func ValidateContainer(conf *config.Configuration, basePod *corev1.PodSpec, container *corev1.Container, controllerName string, controllerKind config.SupportedController, isInit bool) ContainerResult {
|
||||
results, err := applyContainerSchemaChecks(conf, basePod, container, controllerName, controllerKind, isInit)
|
||||
// FIXME: don't panic
|
||||
if err != nil {
|
||||
panic(err)
|
||||
@@ -34,10 +34,10 @@ func ValidateContainer(conf *config.Configuration, basePod *corev1.PodSpec, cont
|
||||
return cRes
|
||||
}
|
||||
|
||||
func ValidateContainers(conf *config.Configuration, basePod *corev1.PodSpec, containers []corev1.Container, controllerName string, controllerType config.SupportedController, isInit bool) []ContainerResult {
|
||||
func ValidateContainers(conf *config.Configuration, basePod *corev1.PodSpec, containers []corev1.Container, controllerName string, controllerKind config.SupportedController, isInit bool) []ContainerResult {
|
||||
results := []ContainerResult{}
|
||||
for _, container := range containers {
|
||||
cRes := ValidateContainer(conf, basePod, &container, controllerName, controllerType, isInit)
|
||||
cRes := ValidateContainer(conf, basePod, &container, controllerName, controllerKind, isInit)
|
||||
results = append(results, cRes)
|
||||
}
|
||||
return results
|
||||
|
||||
@@ -27,12 +27,13 @@ const exemptionAnnotationKey = "polaris.fairwinds.com/exempt"
|
||||
|
||||
// ValidateController validates a single controller, returns a ControllerResult.
|
||||
func ValidateController(conf *conf.Configuration, controller controller.Interface) ControllerResult {
|
||||
controllerType := controller.GetType()
|
||||
controllerKind := controller.GetKind()
|
||||
pod := controller.GetPodSpec()
|
||||
podResult := ValidatePod(conf, pod, controller.GetName(), controllerType)
|
||||
podResult := ValidatePod(conf, pod, controller.GetName(), controllerKind)
|
||||
result := ControllerResult{
|
||||
Type: controllerType.String(),
|
||||
Kind: controllerKind.String(),
|
||||
Name: controller.GetName(),
|
||||
Messages: ResultSet{},
|
||||
PodResult: podResult,
|
||||
}
|
||||
return result
|
||||
@@ -43,7 +44,7 @@ func ValidateController(conf *conf.Configuration, controller controller.Interfac
|
||||
func ValidateControllers(config *conf.Configuration, kubeResources *kube.ResourceProvider) []ControllerResult {
|
||||
var controllersToAudit []controller.Interface
|
||||
for _, supportedControllers := range config.ControllersToScan {
|
||||
loadedControllers, _ := controllers.LoadControllersByType(supportedControllers, kubeResources)
|
||||
loadedControllers, _ := controllers.LoadControllersByKind(supportedControllers, kubeResources)
|
||||
controllersToAudit = append(controllersToAudit, loadedControllers...)
|
||||
}
|
||||
|
||||
|
||||
@@ -48,7 +48,7 @@ func TestValidateController(t *testing.T) {
|
||||
|
||||
actualResult := ValidateController(&c, deployment)
|
||||
|
||||
assert.Equal(t, "Deployments", actualResult.Type)
|
||||
assert.Equal(t, "Deployment", actualResult.Kind)
|
||||
assert.Equal(t, 1, len(actualResult.PodResult.ContainerResults), "should be equal")
|
||||
assert.EqualValues(t, expectedSum, actualResult.GetSummary())
|
||||
assert.EqualValues(t, expectedMessages, actualResult.PodResult.Messages)
|
||||
@@ -82,7 +82,7 @@ func TestSkipHealthChecks(t *testing.T) {
|
||||
"livenessProbeMissing": {ID: "livenessProbeMissing", Message: "Liveness probe should be configured", Success: false, Severity: "warning", Category: "Health Checks"},
|
||||
}
|
||||
actualResult := ValidateController(&c, deployment)
|
||||
assert.Equal(t, "Deployments", actualResult.Type)
|
||||
assert.Equal(t, "Deployment", actualResult.Kind)
|
||||
assert.Equal(t, 2, len(actualResult.PodResult.ContainerResults), "should be equal")
|
||||
assert.EqualValues(t, expectedSum, actualResult.GetSummary())
|
||||
assert.EqualValues(t, ResultSet{}, actualResult.PodResult.ContainerResults[0].Messages)
|
||||
@@ -96,7 +96,7 @@ func TestSkipHealthChecks(t *testing.T) {
|
||||
}
|
||||
expectedMessages = ResultSet{}
|
||||
actualResult = ValidateController(&c, job)
|
||||
assert.Equal(t, "Jobs", actualResult.Type)
|
||||
assert.Equal(t, "Job", actualResult.Kind)
|
||||
assert.Equal(t, 1, len(actualResult.PodResult.ContainerResults), "should be equal")
|
||||
assert.EqualValues(t, expectedSum, actualResult.GetSummary())
|
||||
assert.EqualValues(t, expectedMessages, actualResult.PodResult.ContainerResults[0].Messages)
|
||||
@@ -109,7 +109,7 @@ func TestSkipHealthChecks(t *testing.T) {
|
||||
}
|
||||
expectedMessages = ResultSet{}
|
||||
actualResult = ValidateController(&c, cronjob)
|
||||
assert.Equal(t, "CronJobs", actualResult.Type)
|
||||
assert.Equal(t, "CronJob", actualResult.Kind)
|
||||
assert.Equal(t, 1, len(actualResult.PodResult.ContainerResults), "should be equal")
|
||||
assert.EqualValues(t, expectedSum, actualResult.GetSummary())
|
||||
assert.EqualValues(t, expectedMessages, actualResult.PodResult.ContainerResults[0].Messages)
|
||||
@@ -136,7 +136,7 @@ func TestControllerExemptions(t *testing.T) {
|
||||
}
|
||||
actualResults := ValidateControllers(&c, resources)
|
||||
assert.Equal(t, 1, len(actualResults))
|
||||
assert.Equal(t, "Deployments", actualResults[0].Type)
|
||||
assert.Equal(t, "Deployment", actualResults[0].Kind)
|
||||
assert.EqualValues(t, expectedSum, actualResults[0].GetSummary())
|
||||
|
||||
resources.Deployments[0].ObjectMeta.Annotations = map[string]string{
|
||||
|
||||
@@ -22,8 +22,8 @@ func (c CronJobController) GetPodSpec() *kubeAPICoreV1.PodSpec {
|
||||
return &c.K8SResource.Spec.JobTemplate.Spec.Template.Spec
|
||||
}
|
||||
|
||||
// GetType returns the supportedcontroller enum type
|
||||
func (c CronJobController) GetType() config.SupportedController {
|
||||
// GetKind returns the supportedcontroller enum type
|
||||
func (c CronJobController) GetKind() config.SupportedController {
|
||||
return config.CronJobs
|
||||
}
|
||||
|
||||
|
||||
@@ -27,8 +27,8 @@ func (d DaemonSetController) GetAnnotations() map[string]string {
|
||||
return d.K8SResource.ObjectMeta.Annotations
|
||||
}
|
||||
|
||||
// GetType returns the supportedcontroller enum type
|
||||
func (d DaemonSetController) GetType() config.SupportedController {
|
||||
// GetKind returns the supportedcontroller enum type
|
||||
func (d DaemonSetController) GetKind() config.SupportedController {
|
||||
return config.DaemonSets
|
||||
}
|
||||
|
||||
|
||||
@@ -27,8 +27,8 @@ func (d DeploymentController) GetAnnotations() map[string]string {
|
||||
return d.K8SResource.ObjectMeta.Annotations
|
||||
}
|
||||
|
||||
// GetType returns the supportedcontroller enum type
|
||||
func (d DeploymentController) GetType() config.SupportedController {
|
||||
// GetKind returns the supportedcontroller enum type
|
||||
func (d DeploymentController) GetKind() config.SupportedController {
|
||||
return config.Deployments
|
||||
}
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ type Interface interface {
|
||||
GetNamespace() string
|
||||
GetPodTemplate() *kubeAPICoreV1.PodTemplateSpec
|
||||
GetPodSpec() *kubeAPICoreV1.PodSpec
|
||||
GetType() config.SupportedController
|
||||
GetKind() config.SupportedController
|
||||
GetAnnotations() map[string]string
|
||||
}
|
||||
|
||||
@@ -34,10 +34,10 @@ func (g GenericController) GetNamespace() string {
|
||||
return g.Namespace
|
||||
}
|
||||
|
||||
// LoadControllersByType loads a list of controllers from the kubeResources by detecting their type
|
||||
func LoadControllersByType(controllerType config.SupportedController, kubeResources *kube.ResourceProvider) ([]Interface, error) {
|
||||
// LoadControllersByKind loads a list of controllers from the kubeResources by detecting their type
|
||||
func LoadControllersByKind(controllerKind config.SupportedController, kubeResources *kube.ResourceProvider) ([]Interface, error) {
|
||||
interfaces := []Interface{}
|
||||
switch controllerType {
|
||||
switch controllerKind {
|
||||
case config.Deployments:
|
||||
for _, deploy := range kubeResources.Deployments {
|
||||
interfaces = append(interfaces, NewDeploymentController(deploy))
|
||||
@@ -66,5 +66,5 @@ func LoadControllersByType(controllerType config.SupportedController, kubeResour
|
||||
if len(interfaces) > 0 {
|
||||
return interfaces, nil
|
||||
}
|
||||
return nil, fmt.Errorf("Controller type (%s) does not have a generator", controllerType)
|
||||
return nil, fmt.Errorf("Controller type (%s) does not have a generator", controllerKind)
|
||||
}
|
||||
|
||||
@@ -27,8 +27,8 @@ func (j JobController) GetAnnotations() map[string]string {
|
||||
return j.K8SResource.ObjectMeta.Annotations
|
||||
}
|
||||
|
||||
// GetType returns the supportedcontroller enum type
|
||||
func (j JobController) GetType() config.SupportedController {
|
||||
// GetKind returns the supportedcontroller enum type
|
||||
func (j JobController) GetKind() config.SupportedController {
|
||||
return config.Jobs
|
||||
}
|
||||
|
||||
|
||||
@@ -29,8 +29,8 @@ func (r ReplicationControllerController) GetAnnotations() map[string]string {
|
||||
return r.K8SResource.ObjectMeta.Annotations
|
||||
}
|
||||
|
||||
// GetType returns the supportedcontroller enum type
|
||||
func (r ReplicationControllerController) GetType() config.SupportedController {
|
||||
// GetKind returns the supportedcontroller enum type
|
||||
func (r ReplicationControllerController) GetKind() config.SupportedController {
|
||||
return config.ReplicationControllers
|
||||
}
|
||||
|
||||
|
||||
@@ -27,8 +27,8 @@ func (s StatefulSetController) GetAnnotations() map[string]string {
|
||||
return s.K8SResource.ObjectMeta.Annotations
|
||||
}
|
||||
|
||||
// GetType returns the supportedcontroller enum type
|
||||
func (s StatefulSetController) GetType() config.SupportedController {
|
||||
// GetKind returns the supportedcontroller enum type
|
||||
func (s StatefulSetController) GetKind() config.SupportedController {
|
||||
return config.StatefulSets
|
||||
}
|
||||
|
||||
|
||||
@@ -45,27 +45,27 @@ func TestGetTemplateData(t *testing.T) {
|
||||
|
||||
assert.Equal(t, 6, len(actualAudit.Results))
|
||||
|
||||
assert.Equal(t, "Deployments", actualAudit.Results[0].Type)
|
||||
assert.Equal(t, "Deployment", actualAudit.Results[0].Kind)
|
||||
assert.Equal(t, 1, len(actualAudit.Results[0].PodResult.ContainerResults))
|
||||
assert.Equal(t, 2, len(actualAudit.Results[0].PodResult.ContainerResults[0].Messages))
|
||||
|
||||
assert.Equal(t, "StatefulSets", actualAudit.Results[1].Type)
|
||||
assert.Equal(t, "StatefulSet", actualAudit.Results[1].Kind)
|
||||
assert.Equal(t, 1, len(actualAudit.Results[1].PodResult.ContainerResults))
|
||||
assert.Equal(t, 2, len(actualAudit.Results[1].PodResult.ContainerResults[0].Messages))
|
||||
|
||||
assert.Equal(t, "DaemonSets", actualAudit.Results[2].Type)
|
||||
assert.Equal(t, "DaemonSet", actualAudit.Results[2].Kind)
|
||||
assert.Equal(t, 1, len(actualAudit.Results[2].PodResult.ContainerResults))
|
||||
assert.Equal(t, 2, len(actualAudit.Results[2].PodResult.ContainerResults[0].Messages))
|
||||
|
||||
assert.Equal(t, "Jobs", actualAudit.Results[3].Type)
|
||||
assert.Equal(t, "Job", actualAudit.Results[3].Kind)
|
||||
assert.Equal(t, 1, len(actualAudit.Results[3].PodResult.ContainerResults))
|
||||
assert.Equal(t, 0, len(actualAudit.Results[3].PodResult.ContainerResults[0].Messages))
|
||||
|
||||
assert.Equal(t, "CronJobs", actualAudit.Results[4].Type)
|
||||
assert.Equal(t, "CronJob", actualAudit.Results[4].Kind)
|
||||
assert.Equal(t, 1, len(actualAudit.Results[4].PodResult.ContainerResults))
|
||||
assert.Equal(t, 0, len(actualAudit.Results[4].PodResult.ContainerResults[0].Messages))
|
||||
|
||||
assert.Equal(t, "ReplicationController", actualAudit.Results[5].Type)
|
||||
assert.Equal(t, "ReplicationController", actualAudit.Results[5].Kind)
|
||||
assert.Equal(t, 1, len(actualAudit.Results[5].PodResult.ContainerResults))
|
||||
assert.Equal(t, 2, len(actualAudit.Results[5].PodResult.ContainerResults[0].Messages))
|
||||
}
|
||||
|
||||
@@ -63,7 +63,7 @@ type ResultSet map[string]ResultMessage
|
||||
// ControllerResult provides results for a controller
|
||||
type ControllerResult struct {
|
||||
Name string
|
||||
Type string
|
||||
Kind string
|
||||
Messages ResultSet
|
||||
PodResult PodResult
|
||||
}
|
||||
|
||||
@@ -20,8 +20,8 @@ import (
|
||||
)
|
||||
|
||||
// ValidatePod validates that each pod conforms to the Polaris config, returns a ResourceResult.
|
||||
func ValidatePod(conf *config.Configuration, pod *corev1.PodSpec, controllerName string, controllerType config.SupportedController) PodResult {
|
||||
podResults, err := applyPodSchemaChecks(conf, pod, controllerName, controllerType)
|
||||
func ValidatePod(conf *config.Configuration, pod *corev1.PodSpec, controllerName string, controllerKind config.SupportedController) PodResult {
|
||||
podResults, err := applyPodSchemaChecks(conf, pod, controllerName, controllerKind)
|
||||
// FIXME: don't panic
|
||||
if err != nil {
|
||||
panic(err)
|
||||
@@ -36,9 +36,9 @@ func ValidatePod(conf *config.Configuration, pod *corev1.PodSpec, controllerName
|
||||
podCopy.InitContainers = []corev1.Container{}
|
||||
podCopy.Containers = []corev1.Container{}
|
||||
|
||||
containerResults := ValidateContainers(conf, &podCopy, pod.InitContainers, controllerName, controllerType, true)
|
||||
containerResults := ValidateContainers(conf, &podCopy, pod.InitContainers, controllerName, controllerKind, true)
|
||||
pRes.ContainerResults = append(pRes.ContainerResults, containerResults...)
|
||||
containerResults = ValidateContainers(conf, &podCopy, pod.Containers, controllerName, controllerType, false)
|
||||
containerResults = ValidateContainers(conf, &podCopy, pod.Containers, controllerName, controllerKind, false)
|
||||
pRes.ContainerResults = append(pRes.ContainerResults, containerResults...)
|
||||
|
||||
return pRes
|
||||
|
||||
@@ -72,7 +72,7 @@ func parseCheck(rawBytes []byte) (config.SchemaCheck, error) {
|
||||
}
|
||||
}
|
||||
|
||||
func resolveCheck(conf *config.Configuration, checkID string, controllerName string, controllerType config.SupportedController, target config.TargetKind, isInitContainer bool) (*config.SchemaCheck, error) {
|
||||
func resolveCheck(conf *config.Configuration, checkID string, controllerName string, controllerKind config.SupportedController, target config.TargetKind, isInitContainer bool) (*config.SchemaCheck, error) {
|
||||
check, ok := conf.CustomChecks[checkID]
|
||||
if !ok {
|
||||
check, ok = builtInChecks[checkID]
|
||||
@@ -83,7 +83,7 @@ func resolveCheck(conf *config.Configuration, checkID string, controllerName str
|
||||
if !conf.IsActionable(check.ID, controllerName) {
|
||||
return nil, nil
|
||||
}
|
||||
if !check.IsActionable(target, controllerType, isInitContainer) {
|
||||
if !check.IsActionable(target, controllerKind, isInitContainer) {
|
||||
return nil, nil
|
||||
}
|
||||
return &check, nil
|
||||
@@ -104,11 +104,11 @@ func makeResult(conf *config.Configuration, check *config.SchemaCheck, passes bo
|
||||
return result
|
||||
}
|
||||
|
||||
func applyPodSchemaChecks(conf *config.Configuration, pod *corev1.PodSpec, controllerName string, controllerType config.SupportedController) (ResultSet, error) {
|
||||
func applyPodSchemaChecks(conf *config.Configuration, pod *corev1.PodSpec, controllerName string, controllerKind config.SupportedController) (ResultSet, error) {
|
||||
results := ResultSet{}
|
||||
checkIDs := getSortedKeys(conf.Checks)
|
||||
for _, checkID := range checkIDs {
|
||||
check, err := resolveCheck(conf, checkID, controllerName, controllerType, config.TargetPod, false)
|
||||
check, err := resolveCheck(conf, checkID, controllerName, controllerKind, config.TargetPod, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -126,11 +126,11 @@ func applyPodSchemaChecks(conf *config.Configuration, pod *corev1.PodSpec, contr
|
||||
return results, nil
|
||||
}
|
||||
|
||||
func applyContainerSchemaChecks(conf *config.Configuration, basePod *corev1.PodSpec, container *corev1.Container, controllerName string, controllerType config.SupportedController, isInit bool) (ResultSet, error) {
|
||||
func applyContainerSchemaChecks(conf *config.Configuration, basePod *corev1.PodSpec, container *corev1.Container, controllerName string, controllerKind config.SupportedController, isInit bool) (ResultSet, error) {
|
||||
results := ResultSet{}
|
||||
checkIDs := getSortedKeys(conf.Checks)
|
||||
for _, checkID := range checkIDs {
|
||||
check, err := resolveCheck(conf, checkID, controllerName, controllerType, config.TargetContainer, isInit)
|
||||
check, err := resolveCheck(conf, checkID, controllerName, controllerKind, config.TargetContainer, isInit)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
} else if check == nil {
|
||||
|
||||
Reference in New Issue
Block a user