From 51cd3523fc6e94925beca8848ff68ccd4e961f73 Mon Sep 17 00:00:00 2001 From: Robert Brennan Date: Fri, 3 Jan 2020 18:46:54 +0000 Subject: [PATCH] messages -> results --- pkg/validator/container.go | 4 +- pkg/validator/container_test.go | 80 ++++++++++++++++---------------- pkg/validator/controller.go | 2 +- pkg/validator/controller_test.go | 18 +++---- pkg/validator/fullaudit_test.go | 12 ++--- pkg/validator/output.go | 14 +++--- pkg/validator/pod.go | 2 +- pkg/validator/pod_test.go | 20 ++++---- pkg/webhook/validator.go | 4 +- 9 files changed, 78 insertions(+), 78 deletions(-) diff --git a/pkg/validator/container.go b/pkg/validator/container.go index 8039079e..b8ae5273 100644 --- a/pkg/validator/container.go +++ b/pkg/validator/container.go @@ -27,8 +27,8 @@ func ValidateContainer(conf *config.Configuration, basePod *corev1.PodSpec, cont } cRes := ContainerResult{ - Name: container.Name, - Messages: results, + Name: container.Name, + Results: results, } return cRes diff --git a/pkg/validator/container_test.go b/pkg/validator/container_test.go index 80003100..f2c72cb8 100644 --- a/pkg/validator/container_test.go +++ b/pkg/validator/container_test.go @@ -318,22 +318,22 @@ func TestValidateNetworking(t *testing.T) { } var testCases = []struct { - name string - networkConf map[string]conf.Severity - container *corev1.Container - expectedMessages []ResultMessage + name string + networkConf map[string]conf.Severity + container *corev1.Container + expectedResults []ResultMessage }{ { - name: "empty ports + empty validation config", - networkConf: emptyConf, - container: emptyContainer, - expectedMessages: []ResultMessage{}, + name: "empty ports + empty validation config", + networkConf: emptyConf, + container: emptyContainer, + expectedResults: []ResultMessage{}, }, { name: "empty ports + standard validation config", networkConf: standardConf, container: emptyContainer, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "hostPortSet", Message: "Host port is not configured", Success: true, @@ -345,7 +345,7 @@ func TestValidateNetworking(t *testing.T) { name: "empty ports + strong validation config", networkConf: standardConf, container: emptyContainer, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "hostPortSet", Message: "Host port is not configured", Success: true, @@ -354,16 +354,16 @@ func TestValidateNetworking(t *testing.T) { }}, }, { - name: "host ports + empty validation config", - networkConf: emptyConf, - container: badContainer, - expectedMessages: []ResultMessage{}, + name: "host ports + empty validation config", + networkConf: emptyConf, + container: badContainer, + expectedResults: []ResultMessage{}, }, { name: "host ports + standard validation config", networkConf: standardConf, container: badContainer, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "hostPortSet", Message: "Host port should not be configured", Success: false, @@ -375,7 +375,7 @@ func TestValidateNetworking(t *testing.T) { name: "no host ports + standard validation config", networkConf: standardConf, container: goodContainer, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "hostPortSet", Message: "Host port is not configured", Success: true, @@ -387,7 +387,7 @@ func TestValidateNetworking(t *testing.T) { name: "host ports + strong validation config", networkConf: strongConf, container: badContainer, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "hostPortSet", Message: "Host port should not be configured", Success: false, @@ -407,8 +407,8 @@ func TestValidateNetworking(t *testing.T) { for _, msg := range results { messages = append(messages, msg) } - assert.Len(t, messages, len(tt.expectedMessages)) - assert.ElementsMatch(t, messages, tt.expectedMessages) + assert.Len(t, messages, len(tt.expectedResults)) + assert.ElementsMatch(t, messages, tt.expectedResults) }) } } @@ -498,25 +498,25 @@ func TestValidateSecurity(t *testing.T) { } var testCases = []struct { - name string - securityConf map[string]conf.Severity - container *corev1.Container - pod *corev1.PodSpec - expectedMessages []ResultMessage + name string + securityConf map[string]conf.Severity + container *corev1.Container + pod *corev1.PodSpec + expectedResults []ResultMessage }{ { - name: "empty security context + empty validation config", - securityConf: emptyConf, - container: emptyContainer, - pod: emptyPodSpec, - expectedMessages: []ResultMessage{}, + name: "empty security context + empty validation config", + securityConf: emptyConf, + container: emptyContainer, + pod: emptyPodSpec, + expectedResults: []ResultMessage{}, }, { name: "empty security context + standard validation config", securityConf: standardConf, container: emptyContainer, pod: emptyPodSpec, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "runAsRootAllowed", Message: "Should not be allowed to run as root", Success: false, @@ -559,7 +559,7 @@ func TestValidateSecurity(t *testing.T) { securityConf: standardConf, container: badContainer, pod: emptyPodSpec, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "dangerousCapabilities", Message: "Container should not have dangerous capabilities", Success: false, @@ -602,7 +602,7 @@ func TestValidateSecurity(t *testing.T) { securityConf: standardConf, container: badContainer, pod: goodPodSpec, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "dangerousCapabilities", Message: "Container should not have dangerous capabilities", Success: false, @@ -645,7 +645,7 @@ func TestValidateSecurity(t *testing.T) { securityConf: standardConf, container: badContainer, pod: badPodSpec, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "dangerousCapabilities", Message: "Container should not have dangerous capabilities", Success: false, @@ -688,7 +688,7 @@ func TestValidateSecurity(t *testing.T) { securityConf: standardConf, container: goodContainer, pod: emptyPodSpec, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "runAsRootAllowed", Message: "Is not allowed to run as root", Success: true, @@ -731,7 +731,7 @@ func TestValidateSecurity(t *testing.T) { securityConf: strongConf, container: goodContainer, pod: emptyPodSpec, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "dangerousCapabilities", Message: "Container does not have any dangerous capabilities", Success: true, @@ -774,7 +774,7 @@ func TestValidateSecurity(t *testing.T) { securityConf: strongConf, container: strongContainer, pod: emptyPodSpec, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "runAsRootAllowed", Message: "Is not allowed to run as root", Success: true, @@ -817,7 +817,7 @@ func TestValidateSecurity(t *testing.T) { securityConf: strongConf, container: inheritContainer, pod: goodPodSpec, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "runAsRootAllowed", Message: "Is not allowed to run as root", Success: true, @@ -860,7 +860,7 @@ func TestValidateSecurity(t *testing.T) { securityConf: strongConf, container: strongContainer, pod: badPodSpec, - expectedMessages: []ResultMessage{{ + expectedResults: []ResultMessage{{ ID: "runAsRootAllowed", Message: "Is not allowed to run as root", Success: true, @@ -910,8 +910,8 @@ func TestValidateSecurity(t *testing.T) { for _, msg := range results { messages = append(messages, msg) } - assert.Len(t, messages, len(tt.expectedMessages)) - assert.ElementsMatch(t, tt.expectedMessages, messages) + assert.Len(t, messages, len(tt.expectedResults)) + assert.ElementsMatch(t, tt.expectedResults, messages) }) } } diff --git a/pkg/validator/controller.go b/pkg/validator/controller.go index b81d48c2..72449728 100644 --- a/pkg/validator/controller.go +++ b/pkg/validator/controller.go @@ -34,7 +34,7 @@ func ValidateController(conf *conf.Configuration, controller controller.Interfac Kind: controllerKind.String(), Name: controller.GetName(), Namespace: controller.GetObjectMeta().Namespace, - Messages: ResultSet{}, + Results: ResultSet{}, PodResult: podResult, } return result diff --git a/pkg/validator/controller_test.go b/pkg/validator/controller_test.go index 5530e757..bafa3bce 100644 --- a/pkg/validator/controller_test.go +++ b/pkg/validator/controller_test.go @@ -41,7 +41,7 @@ func TestValidateController(t *testing.T) { Errors: uint(0), } - expectedMessages := ResultSet{ + expectedResults := ResultSet{ "hostIPCSet": {ID: "hostIPCSet", Message: "Host IPC is not configured", Success: true, Severity: "error", Category: "Security"}, "hostPIDSet": {ID: "hostPIDSet", Message: "Host PID is not configured", Success: true, Severity: "error", Category: "Security"}, } @@ -51,7 +51,7 @@ func TestValidateController(t *testing.T) { assert.Equal(t, "Deployment", actualResult.Kind) assert.Equal(t, 1, len(actualResult.PodResult.ContainerResults), "should be equal") assert.EqualValues(t, expectedSum, actualResult.GetSummary()) - assert.EqualValues(t, expectedMessages, actualResult.PodResult.Messages) + assert.EqualValues(t, expectedResults, actualResult.PodResult.Results) } func TestSkipHealthChecks(t *testing.T) { @@ -77,7 +77,7 @@ func TestSkipHealthChecks(t *testing.T) { Warnings: uint(1), Errors: uint(1), } - expectedMessages := ResultSet{ + expectedResults := ResultSet{ "readinessProbeMissing": {ID: "readinessProbeMissing", Message: "Readiness probe should be configured", Success: false, Severity: "error", Category: "Health Checks"}, "livenessProbeMissing": {ID: "livenessProbeMissing", Message: "Liveness probe should be configured", Success: false, Severity: "warning", Category: "Health Checks"}, } @@ -85,8 +85,8 @@ func TestSkipHealthChecks(t *testing.T) { assert.Equal(t, "Deployment", actualResult.Kind) assert.Equal(t, 2, len(actualResult.PodResult.ContainerResults), "should be equal") assert.EqualValues(t, expectedSum, actualResult.GetSummary()) - assert.EqualValues(t, ResultSet{}, actualResult.PodResult.ContainerResults[0].Messages) - assert.EqualValues(t, expectedMessages, actualResult.PodResult.ContainerResults[1].Messages) + assert.EqualValues(t, ResultSet{}, actualResult.PodResult.ContainerResults[0].Results) + assert.EqualValues(t, expectedResults, actualResult.PodResult.ContainerResults[1].Results) job := controller.NewJobController(test.MockJob()) expectedSum = CountSummary{ @@ -94,12 +94,12 @@ func TestSkipHealthChecks(t *testing.T) { Warnings: uint(0), Errors: uint(0), } - expectedMessages = ResultSet{} + expectedResults = ResultSet{} actualResult = ValidateController(&c, job) assert.Equal(t, "Job", actualResult.Kind) assert.Equal(t, 1, len(actualResult.PodResult.ContainerResults), "should be equal") assert.EqualValues(t, expectedSum, actualResult.GetSummary()) - assert.EqualValues(t, expectedMessages, actualResult.PodResult.ContainerResults[0].Messages) + assert.EqualValues(t, expectedResults, actualResult.PodResult.ContainerResults[0].Results) cronjob := controller.NewCronJobController(test.MockCronJob()) expectedSum = CountSummary{ @@ -107,12 +107,12 @@ func TestSkipHealthChecks(t *testing.T) { Warnings: uint(0), Errors: uint(0), } - expectedMessages = ResultSet{} + expectedResults = ResultSet{} actualResult = ValidateController(&c, cronjob) assert.Equal(t, "CronJob", actualResult.Kind) assert.Equal(t, 1, len(actualResult.PodResult.ContainerResults), "should be equal") assert.EqualValues(t, expectedSum, actualResult.GetSummary()) - assert.EqualValues(t, expectedMessages, actualResult.PodResult.ContainerResults[0].Messages) + assert.EqualValues(t, expectedResults, actualResult.PodResult.ContainerResults[0].Results) } func TestControllerExemptions(t *testing.T) { diff --git a/pkg/validator/fullaudit_test.go b/pkg/validator/fullaudit_test.go index 44e7c38a..b51bf595 100644 --- a/pkg/validator/fullaudit_test.go +++ b/pkg/validator/fullaudit_test.go @@ -47,25 +47,25 @@ func TestGetTemplateData(t *testing.T) { assert.Equal(t, "Deployment", actualAudit.Results[0].Kind) assert.Equal(t, 1, len(actualAudit.Results[0].PodResult.ContainerResults)) - assert.Equal(t, 2, len(actualAudit.Results[0].PodResult.ContainerResults[0].Messages)) + assert.Equal(t, 2, len(actualAudit.Results[0].PodResult.ContainerResults[0].Results)) assert.Equal(t, "StatefulSet", actualAudit.Results[1].Kind) assert.Equal(t, 1, len(actualAudit.Results[1].PodResult.ContainerResults)) - assert.Equal(t, 2, len(actualAudit.Results[1].PodResult.ContainerResults[0].Messages)) + assert.Equal(t, 2, len(actualAudit.Results[1].PodResult.ContainerResults[0].Results)) assert.Equal(t, "DaemonSet", actualAudit.Results[2].Kind) assert.Equal(t, 1, len(actualAudit.Results[2].PodResult.ContainerResults)) - assert.Equal(t, 2, len(actualAudit.Results[2].PodResult.ContainerResults[0].Messages)) + assert.Equal(t, 2, len(actualAudit.Results[2].PodResult.ContainerResults[0].Results)) assert.Equal(t, "Job", actualAudit.Results[3].Kind) assert.Equal(t, 1, len(actualAudit.Results[3].PodResult.ContainerResults)) - assert.Equal(t, 0, len(actualAudit.Results[3].PodResult.ContainerResults[0].Messages)) + assert.Equal(t, 0, len(actualAudit.Results[3].PodResult.ContainerResults[0].Results)) assert.Equal(t, "CronJob", actualAudit.Results[4].Kind) assert.Equal(t, 1, len(actualAudit.Results[4].PodResult.ContainerResults)) - assert.Equal(t, 0, len(actualAudit.Results[4].PodResult.ContainerResults[0].Messages)) + assert.Equal(t, 0, len(actualAudit.Results[4].PodResult.ContainerResults[0].Results)) assert.Equal(t, "ReplicationController", actualAudit.Results[5].Kind) assert.Equal(t, 1, len(actualAudit.Results[5].PodResult.ContainerResults)) - assert.Equal(t, 2, len(actualAudit.Results[5].PodResult.ContainerResults[0].Messages)) + assert.Equal(t, 2, len(actualAudit.Results[5].PodResult.ContainerResults[0].Results)) } diff --git a/pkg/validator/output.go b/pkg/validator/output.go index 497e8f40..b35f03d9 100644 --- a/pkg/validator/output.go +++ b/pkg/validator/output.go @@ -65,21 +65,21 @@ type ControllerResult struct { Name string Namespace string Kind string - Messages ResultSet + Results ResultSet PodResult PodResult } // PodResult provides a list of validation messages for each pod. type PodResult struct { Name string - Messages ResultSet + Results ResultSet ContainerResults []ContainerResult } // ContainerResult provides a list of validation messages for each container. type ContainerResult struct { - Name string - Messages ResultSet + Name string + Results ResultSet } // CountSummary provides a high level overview of success, warnings, and errors. @@ -121,15 +121,15 @@ func (rs ResultSet) GetSummary() CountSummary { } func (p PodResult) GetSummary() CountSummary { - summary := p.Messages.GetSummary() + summary := p.Results.GetSummary() for _, containerResult := range p.ContainerResults { - summary.AddSummary(containerResult.Messages.GetSummary()) + summary.AddSummary(containerResult.Results.GetSummary()) } return summary } func (c ControllerResult) GetSummary() CountSummary { - summary := c.Messages.GetSummary() + summary := c.Results.GetSummary() summary.AddSummary(c.PodResult.GetSummary()) return summary } diff --git a/pkg/validator/pod.go b/pkg/validator/pod.go index d26c0221..60143b60 100644 --- a/pkg/validator/pod.go +++ b/pkg/validator/pod.go @@ -28,7 +28,7 @@ func ValidatePod(conf *config.Configuration, pod *corev1.PodSpec, controllerName } pRes := PodResult{ - Messages: podResults, + Results: podResults, ContainerResults: []ContainerResult{}, } diff --git a/pkg/validator/pod_test.go b/pkg/validator/pod_test.go index c7a58466..5e0ba6e2 100644 --- a/pkg/validator/pod_test.go +++ b/pkg/validator/pod_test.go @@ -42,7 +42,7 @@ func TestValidatePod(t *testing.T) { Errors: uint(0), } - expectedMessages := ResultSet{ + expectedResults := ResultSet{ "hostIPCSet": {ID: "hostIPCSet", Message: "Host IPC is not configured", Success: true, Severity: "error", Category: "Security"}, "hostNetworkSet": {ID: "hostNetworkSet", Message: "Host network is not configured", Success: true, Severity: "warning", Category: "Networking"}, "hostPIDSet": {ID: "hostPIDSet", Message: "Host PID is not configured", Success: true, Severity: "error", Category: "Security"}, @@ -52,7 +52,7 @@ func TestValidatePod(t *testing.T) { assert.Equal(t, 1, len(actualPodResult.ContainerResults), "should be equal") assert.EqualValues(t, expectedSum, actualPodResult.GetSummary()) - assert.EqualValues(t, expectedMessages, actualPodResult.Messages) + assert.EqualValues(t, expectedResults, actualPodResult.Results) } func TestInvalidIPCPod(t *testing.T) { @@ -75,7 +75,7 @@ func TestInvalidIPCPod(t *testing.T) { Warnings: uint(0), Errors: uint(1), } - expectedMessages := ResultSet{ + expectedResults := ResultSet{ "hostIPCSet": {ID: "hostIPCSet", Message: "Host IPC should not be configured", Success: false, Severity: "error", Category: "Security"}, "hostNetworkSet": {ID: "hostNetworkSet", Message: "Host network is not configured", Success: true, Severity: "warning", Category: "Networking"}, "hostPIDSet": {ID: "hostPIDSet", Message: "Host PID is not configured", Success: true, Severity: "error", Category: "Security"}, @@ -85,7 +85,7 @@ func TestInvalidIPCPod(t *testing.T) { assert.Equal(t, 1, len(actualPodResult.ContainerResults), "should be equal") assert.EqualValues(t, expectedSum, actualPodResult.GetSummary()) - assert.EqualValues(t, expectedMessages, actualPodResult.Messages) + assert.EqualValues(t, expectedResults, actualPodResult.Results) } func TestInvalidNeworkPod(t *testing.T) { @@ -109,7 +109,7 @@ func TestInvalidNeworkPod(t *testing.T) { Errors: uint(0), } - expectedMessages := ResultSet{ + expectedResults := ResultSet{ "hostNetworkSet": {ID: "hostNetworkSet", Message: "Host network should not be configured", Success: false, Severity: "warning", Category: "Networking"}, "hostIPCSet": {ID: "hostIPCSet", Message: "Host IPC is not configured", Success: true, Severity: "error", Category: "Security"}, "hostPIDSet": {ID: "hostPIDSet", Message: "Host PID is not configured", Success: true, Severity: "error", Category: "Security"}, @@ -119,7 +119,7 @@ func TestInvalidNeworkPod(t *testing.T) { assert.Equal(t, 1, len(actualPodResult.ContainerResults), "should be equal") assert.EqualValues(t, expectedSum, actualPodResult.GetSummary()) - assert.EqualValues(t, expectedMessages, actualPodResult.Messages) + assert.EqualValues(t, expectedResults, actualPodResult.Results) } func TestInvalidPIDPod(t *testing.T) { @@ -143,7 +143,7 @@ func TestInvalidPIDPod(t *testing.T) { Errors: uint(1), } - expectedMessages := ResultSet{ + expectedResults := ResultSet{ "hostPIDSet": {ID: "hostPIDSet", Message: "Host PID should not be configured", Success: false, Severity: "error", Category: "Security"}, "hostIPCSet": {ID: "hostIPCSet", Message: "Host IPC is not configured", Success: true, Severity: "error", Category: "Security"}, "hostNetworkSet": {ID: "hostNetworkSet", Message: "Host network is not configured", Success: true, Severity: "warning", Category: "Networking"}, @@ -153,7 +153,7 @@ func TestInvalidPIDPod(t *testing.T) { assert.Equal(t, 1, len(actualPodResult.ContainerResults), "should be equal") assert.EqualValues(t, expectedSum, actualPodResult.GetSummary()) - assert.EqualValues(t, expectedMessages, actualPodResult.Messages) + assert.EqualValues(t, expectedResults, actualPodResult.Results) } func TestExemption(t *testing.T) { @@ -182,7 +182,7 @@ func TestExemption(t *testing.T) { Warnings: uint(0), Errors: uint(0), } - expectedMessages := ResultSet{ + expectedResults := ResultSet{ "hostNetworkSet": {ID: "hostNetworkSet", Message: "Host network is not configured", Success: true, Severity: "warning", Category: "Networking"}, "hostPIDSet": {ID: "hostPIDSet", Message: "Host PID is not configured", Success: true, Severity: "error", Category: "Security"}, } @@ -191,5 +191,5 @@ func TestExemption(t *testing.T) { assert.Equal(t, 1, len(actualPodResult.ContainerResults), "should be equal") assert.EqualValues(t, expectedSum, actualPodResult.GetSummary()) - assert.EqualValues(t, expectedMessages, actualPodResult.Messages) + assert.EqualValues(t, expectedResults, actualPodResult.Results) } diff --git a/pkg/webhook/validator.go b/pkg/webhook/validator.go index cd248351..909342e0 100644 --- a/pkg/webhook/validator.go +++ b/pkg/webhook/validator.go @@ -161,14 +161,14 @@ func (v *Validator) Handle(ctx context.Context, req types.Request) types.Respons func getFailureReason(podResult validator.PodResult) string { reason := "\nPolaris prevented this deployment due to configuration problems:\n" - for _, message := range podResult.Messages { + for _, message := range podResult.Results { if !message.Success && message.Severity == config.SeverityError { reason += fmt.Sprintf("- Pod: %s\n", message.Message) } } for _, containerResult := range podResult.ContainerResults { - for _, message := range containerResult.Messages { + for _, message := range containerResult.Results { if !message.Success && message.Severity == config.SeverityError { reason += fmt.Sprintf("- Container %s: %s\n", containerResult.Name, message.Message) }