mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-08 02:06:53 +00:00
7c9f01639b
* Start working on updating dependencies: * Fix webhook * Rollback jsonschema update * Checkin new config * Fix run as root * Update versions of kind * Fix typo in kind URL * Fix kind config * Add csr permissions * Fix weird image thing * Fixed certificates * Add to logging * Approve cert manually * Fix approval * Add cert script * Fix deployment * Add requests/limits * Wait if certificate doesn't exist yet * Add check for file size * Add variable * Try a different imagE * Fix command * Update certificate logic * Add healthz * Don't check cert size * Remove stat * Fix vet * Put in change that makes no sense * Fix cert names * Roll back * Try changing config * Add logging for each request * Cleanup code some * Remove bad deployments * Fix client injection * Update timeout * Add logging * Fixed e2e webhook tests * Add permissions for approval * Fix permissions for CSR * Remove logging code * Remove refresh certs file * Fix merge issues * Update deployments * Try beta of admission controller config * Target 1.15 for testing * Add beta versions of resourceS * Lower webhook timeout * Refactor out a method * Fix up PR issues * Fix more tabs * Remove unnecessary messageS * Fix go.sum * Fix go.sum
78 lines
2.4 KiB
Go
78 lines
2.4 KiB
Go
// Copyright 2019 FairwindsOps Inc
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package validator
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
conf "github.com/fairwindsops/polaris/pkg/config"
|
|
"github.com/fairwindsops/polaris/pkg/kube"
|
|
)
|
|
|
|
const exemptionAnnotationKey = "polaris.fairwinds.com/exempt"
|
|
|
|
// ValidateController validates a single controller, returns a ControllerResult.
|
|
func ValidateController(ctx context.Context, conf *conf.Configuration, controller kube.GenericWorkload) (ControllerResult, error) {
|
|
podResult, err := ValidatePod(ctx, conf, controller)
|
|
if err != nil {
|
|
return ControllerResult{}, err
|
|
}
|
|
|
|
controllerResult, err := applyControllerSchemaChecks(ctx, conf, controller)
|
|
if err != nil {
|
|
return ControllerResult{}, err
|
|
}
|
|
|
|
result := ControllerResult{
|
|
Kind: controller.Kind,
|
|
Name: controller.ObjectMeta.GetName(),
|
|
Namespace: controller.ObjectMeta.GetNamespace(),
|
|
Results: controllerResult,
|
|
PodResult: podResult,
|
|
}
|
|
|
|
return result, nil
|
|
}
|
|
|
|
// ValidateControllers validates that each deployment conforms to the Polaris config,
|
|
// builds a list of ResourceResults organized by namespace.
|
|
func ValidateControllers(ctx context.Context, config *conf.Configuration, kubeResources *kube.ResourceProvider) ([]ControllerResult, error) {
|
|
controllersToAudit := kubeResources.Controllers
|
|
|
|
results := []ControllerResult{}
|
|
for _, controller := range controllersToAudit {
|
|
if !config.DisallowExemptions && hasExemptionAnnotation(controller) {
|
|
continue
|
|
}
|
|
result, err := ValidateController(ctx, config, controller)
|
|
if err != nil {
|
|
logrus.Warn("An error occured validating controller:", err)
|
|
return nil, err
|
|
}
|
|
results = append(results, result)
|
|
}
|
|
|
|
return results, nil
|
|
}
|
|
|
|
func hasExemptionAnnotation(ctrl kube.GenericWorkload) bool {
|
|
annot := ctrl.ObjectMeta.GetAnnotations()
|
|
val := annot[exemptionAnnotationKey]
|
|
return strings.ToLower(val) == "true"
|
|
}
|