Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package polaris for openSUSE:Factory checked
in at 2022-04-16 00:14:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/polaris (Old)
and /work/SRC/openSUSE:Factory/.polaris.new.1941 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polaris"
Sat Apr 16 00:14:45 2022 rev:4 rq:970312 version:5.2.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/polaris/polaris.changes 2022-03-17
17:02:39.293738462 +0100
+++ /work/SRC/openSUSE:Factory/.polaris.new.1941/polaris.changes
2022-04-16 00:15:10.177722836 +0200
@@ -1,0 +2,15 @@
+Thu Apr 14 19:55:05 UTC 2022 - ka...@b1-systems.de
+
+- Update to version 5.2.0:
+ * Add a --namespace flag to the in-cluster audit (#742)
+ * merge the list of resources from custom checks and the generated
controller list before deduplicating them (#727)
+ * audit check specific checks when passing checks args (#737)
+ * update x/text (#740)
+ * Bump alpine from 3.15.2 to 3.15.3 (#739)
+ * Fix license headers (#736)
+ * Bump alpine from 3.15.1 to 3.15.2 (#733)
+ * Add mutation field to `imagePolicyNotAlways` (#712)
+ * Bump alpine from 3.15.0 to 3.15.1 (#731)
+ * Bump golang from 1.17.7 to 1.17.8 (#716)
+
+-------------------------------------------------------------------
Old:
----
polaris-5.1.0.tar.gz
New:
----
polaris-5.2.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ polaris.spec ++++++
--- /var/tmp/diff_new_pack.DRBHjy/_old 2022-04-16 00:15:10.989723919 +0200
+++ /var/tmp/diff_new_pack.DRBHjy/_new 2022-04-16 00:15:10.993723926 +0200
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: polaris
-Version: 5.1.0
+Version: 5.2.0
Release: 0
Summary: Validation of best practices in your Kubernetes clusters
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.DRBHjy/_old 2022-04-16 00:15:11.025723968 +0200
+++ /var/tmp/diff_new_pack.DRBHjy/_new 2022-04-16 00:15:11.029723973 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/FairwindsOps/polaris</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">5.1.0</param>
+ <param name="revision">5.2.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
</service>
@@ -15,7 +15,7 @@
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="disabled">
- <param name="archive">polaris-5.1.0.tar.gz</param>
+ <param name="archive">polaris-5.2.0.tar.gz</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.DRBHjy/_old 2022-04-16 00:15:11.045723995 +0200
+++ /var/tmp/diff_new_pack.DRBHjy/_new 2022-04-16 00:15:11.049724000 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/FairwindsOps/polaris</param>
- <param
name="changesrevision">ef50fbbff69a7dbc099d325c294e93e32d6bb3c8</param></service></servicedata>
+ <param
name="changesrevision">78838a606dc1fe790d1308cc7d2cd80f2bdfd92e</param></service></servicedata>
(No newline at EOF)
++++++ polaris-5.1.0.tar.gz -> polaris-5.2.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/.licenserc.yaml
new/polaris-5.2.0/.licenserc.yaml
--- old/polaris-5.1.0/.licenserc.yaml 1970-01-01 01:00:00.000000000 +0100
+++ new/polaris-5.2.0/.licenserc.yaml 2022-04-08 15:54:03.000000000 +0200
@@ -0,0 +1,24 @@
+header:
+ license:
+ spdx-id: Apache-2.0
+ copyright-owner: 'FairwindsOps, Inc.'
+ content: |
+ // Copyright 2019 FairwindsOps Inc
+ //
+ // Licensed under the Apache License, Version 2.0 (the "License");
+ // you may not use this file except in compliance with the License.
+ // You may obtain a copy of the License at
+ //
+ // http://www.apache.org/licenses/LICENSE-2.0
+ //
+ // Unless required by applicable law or agreed to in writing, software
+ // distributed under the License is distributed on an "AS IS" BASIS,
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ // See the License for the specific language governing permissions and
+ // limitations under the License.
+ paths:
+ - '**/*.go'
+ comment: on-failure
+dependency:
+ files:
+ - go.mod
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/Dockerfile new/polaris-5.2.0/Dockerfile
--- old/polaris-5.1.0/Dockerfile 2022-03-15 15:02:20.000000000 +0100
+++ new/polaris-5.2.0/Dockerfile 2022-04-08 15:54:03.000000000 +0200
@@ -1,4 +1,4 @@
-FROM golang:1.17.7 AS build-env
+FROM golang:1.17 AS build-env
WORKDIR /go/src/github.com/fairwindsops/polaris/
ENV GO111MODULE=on
@@ -15,7 +15,7 @@
COPY . .
RUN packr2 build -a -o polaris *.go
-FROM alpine:3.15.0
+FROM alpine:3.15.3
WORKDIR /usr/local/bin
RUN apk --no-cache add ca-certificates
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/checks/pullPolicyNotAlways.yaml
new/polaris-5.2.0/checks/pullPolicyNotAlways.yaml
--- old/polaris-5.1.0/checks/pullPolicyNotAlways.yaml 2022-03-15
15:02:20.000000000 +0100
+++ new/polaris-5.2.0/checks/pullPolicyNotAlways.yaml 2022-04-08
15:54:03.000000000 +0200
@@ -9,3 +9,7 @@
properties:
imagePullPolicy:
const: Always
+mutations:
+ - op: add
+ path: /imagePullPolicy
+ value: Always
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/cmd/polaris/audit.go
new/polaris-5.2.0/cmd/polaris/audit.go
--- old/polaris-5.1.0/cmd/polaris/audit.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/cmd/polaris/audit.go 2022-04-08 15:54:03.000000000
+0200
@@ -24,6 +24,7 @@
"os"
"os/exec"
+ cfg "github.com/fairwindsops/polaris/pkg/config"
"github.com/fairwindsops/polaris/pkg/kube"
"github.com/fairwindsops/polaris/pkg/validator"
"github.com/sirupsen/logrus"
@@ -31,16 +32,20 @@
"sigs.k8s.io/yaml"
)
-var setExitCode bool
-var onlyShowFailedTests bool
-var minScore int
-var auditOutputURL string
-var auditOutputFile string
-var auditOutputFormat string
-var resourceToAudit string
-var useColor bool
-var helmChart string
-var helmValues string
+var (
+ setExitCode bool
+ onlyShowFailedTests bool
+ minScore int
+ auditOutputURL string
+ auditOutputFile string
+ auditOutputFormat string
+ resourceToAudit string
+ useColor bool
+ helmChart string
+ helmValues string
+ checks []string
+ auditNamespace string
+)
func init() {
rootCmd.AddCommand(auditCmd)
@@ -56,6 +61,8 @@
auditCmd.PersistentFlags().StringVar(&resourceToAudit, "resource", "",
"Audit a specific resource, in the format namespace/kind/version/name, e.g.
nginx-ingress/Deployment.apps/v1/default-backend.")
auditCmd.PersistentFlags().StringVar(&helmChart, "helm-chart", "",
"Will fill out Helm template")
auditCmd.PersistentFlags().StringVar(&helmValues, "helm-values", "",
"Optional flag to add helm values")
+ auditCmd.PersistentFlags().StringSliceVar(&checks, "checks",
[]string{}, "Optional flag to specify specific checks to check")
+ auditCmd.PersistentFlags().StringVar(&auditNamespace, "namespace", "",
"Namespace to audit. Only applies to in-cluster audits")
}
var auditCmd = &cobra.Command{
@@ -66,6 +73,26 @@
if displayName != "" {
config.DisplayName = displayName
}
+ if len(checks) > 0 {
+ targetChecks := make(map[string]bool)
+ for _, check := range checks {
+ targetChecks[check] = true
+ }
+ for key := range config.Checks {
+ if isTarget := targetChecks[key]; !isTarget {
+ config.Checks[key] = cfg.SeverityIgnore
+ }
+ }
+ }
+ if auditNamespace != "" {
+ if helmChart != "" {
+ logrus.Warn("--namespace and --helm-chart are
mutually exclusive. --namespace will be ignored.")
+ }
+ if auditPath != "" {
+ logrus.Warn("--namespace and --audit-path are
mutually exclusive. --namespace will be ignored.")
+ }
+ config.Namespace = auditNamespace
+ }
if helmChart != "" {
var err error
auditPath, err = ProcessHelmTemplates(helmChart,
helmValues)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/cmd/polaris/root.go
new/polaris-5.2.0/cmd/polaris/root.go
--- old/polaris-5.1.0/cmd/polaris/root.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/cmd/polaris/root.go 2022-04-08 15:54:03.000000000
+0200
@@ -25,7 +25,7 @@
)
var configPath string
-var disallowExemptions, disallowConfigExemptions, disallowAnnotationExemptions
bool
+var disallowExemptions, disallowConfigExemptions,
disallowAnnotationExemptions, fixChecks bool
var logLevel string
var auditPath string
var displayName string
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/docs/cli.md
new/polaris-5.2.0/docs/cli.md
--- old/polaris-5.1.0/docs/cli.md 2022-03-15 15:02:20.000000000 +0100
+++ new/polaris-5.2.0/docs/cli.md 2022-04-08 15:54:03.000000000 +0200
@@ -38,12 +38,14 @@
# audit flags
--audit-path string If specified, audits one or more YAML
files instead of a cluster.
+ --checks stringArray Optional flag to specify specific checks
to check
--color Whether to use color in pretty format.
(default true)
--display-name string An optional identifier for the audit.
-f, --format string Output format for results - json, yaml,
pretty, or score. (default "json")
--helm-chart string Will fill out Helm template
--helm-values string Optional flag to add helm values
-h, --help help for audit
+ --namespace string Namespace to audit. Only applies to
in-cluster audits
--only-show-failed-tests If specified, audit output will only
show failed tests.
--output-file string Destination file for audit results.
--output-url string Destination URL to send audit results.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/examples/config-full.yaml
new/polaris-5.2.0/examples/config-full.yaml
--- old/polaris-5.1.0/examples/config-full.yaml 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/examples/config-full.yaml 2022-04-08 15:54:03.000000000
+0200
@@ -26,6 +26,7 @@
resourceLimits: warning
imageRegistry: danger
+
exemptions:
- controllerNames:
- my-network-controller
@@ -87,3 +88,4 @@
not:
pattern: ^quay.io
+namespce: test-ns
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/examples/config.yaml
new/polaris-5.2.0/examples/config.yaml
--- old/polaris-5.1.0/examples/config.yaml 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/examples/config.yaml 2022-04-08 15:54:03.000000000
+0200
@@ -28,6 +28,7 @@
hostPortSet: warning
tlsSettingsMissing: warning
+
exemptions:
- namespace: kube-system
controllerNames:
@@ -201,3 +202,5 @@
- kube-hunter
rules:
- runAsRootAllowed
+
+namespace: test-ns
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/go.mod new/polaris-5.2.0/go.mod
--- old/polaris-5.1.0/go.mod 2022-03-15 15:02:20.000000000 +0100
+++ new/polaris-5.2.0/go.mod 2022-04-08 15:54:03.000000000 +0200
@@ -3,6 +3,8 @@
go 1.15
require (
+ github.com/evanphx/json-patch v5.6.0+incompatible // indirect
+ github.com/evanphx/json-patch/v5 v5.6.0
github.com/fatih/color v1.13.0
github.com/gobuffalo/packr/v2 v2.8.1
github.com/google/gofuzz v1.2.0 // indirect
@@ -16,6 +18,7 @@
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.7.0
github.com/thoas/go-funk v0.9.1
+ golang.org/x/text v0.3.7 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
k8s.io/api v0.22.2
k8s.io/apimachinery v0.22.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/go.sum new/polaris-5.2.0/go.sum
--- old/polaris-5.1.0/go.sum 2022-03-15 15:02:20.000000000 +0100
+++ new/polaris-5.2.0/go.sum 2022-04-08 15:54:03.000000000 +0200
@@ -158,8 +158,11 @@
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod
h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod
h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
github.com/evanphx/json-patch v0.5.2/go.mod
h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
-github.com/evanphx/json-patch v4.11.0+incompatible
h1:glyUF9yIYtMHzn8xaKw5rMhdWcwsYV8dZHIq5567/xs=
github.com/evanphx/json-patch v4.11.0+incompatible/go.mod
h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch v5.6.0+incompatible
h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
+github.com/evanphx/json-patch v5.6.0+incompatible/go.mod
h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch/v5 v5.6.0
h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
+github.com/evanphx/json-patch/v5 v5.6.0/go.mod
h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
github.com/fatih/color v1.7.0/go.mod
h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/color v1.9.0/go.mod
h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/config/checks.go
new/polaris-5.2.0/pkg/config/checks.go
--- old/polaris-5.1.0/pkg/config/checks.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/pkg/config/checks.go 2022-04-08 15:54:03.000000000
+0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package config
import (
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/config/config.go
new/polaris-5.2.0/pkg/config/config.go
--- old/polaris-5.1.0/pkg/config/config.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/pkg/config/config.go 2022-04-08 15:54:03.000000000
+0200
@@ -36,7 +36,9 @@
DisallowExemptions bool
`json:"disallowExemptions"`
DisallowConfigExemptions bool
`json:"disallowConfigExemptions"`
DisallowAnnotationExemptions bool
`json:"disallowAnnotationExemptions"`
+ Mutations []string `json:"mutations"`
KubeContext string `json:"kubeContext"`
+ Namespace string `json:"namespace"`
}
// Exemption represents an exemption to normal rules
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/config/exemptions.go
new/polaris-5.2.0/pkg/config/exemptions.go
--- old/polaris-5.1.0/pkg/config/exemptions.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/pkg/config/exemptions.go 2022-04-08 15:54:03.000000000
+0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package config
import (
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/config/schema.go
new/polaris-5.2.0/pkg/config/schema.go
--- old/polaris-5.1.0/pkg/config/schema.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/pkg/config/schema.go 2022-04-08 15:54:03.000000000
+0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package config
import (
@@ -51,6 +65,7 @@
AdditionalSchemas map[string]map[string]interface{}
`yaml:"additionalSchemas" json:"additionalSchemas"`
AdditionalSchemaStrings map[string]string
`yaml:"additionalSchemaStrings" json:"additionalSchemaStrings"`
AdditionalValidators map[string]jsonschema.RootSchema `yaml:"-"
json:"-"`
+ Mutations []map[string]interface{}
`yaml:"mutations" json:"mutations"`
}
type resourceMinimum string
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/dashboard/helpers_test.go
new/polaris-5.2.0/pkg/dashboard/helpers_test.go
--- old/polaris-5.1.0/pkg/dashboard/helpers_test.go 2022-03-15
15:02:20.000000000 +0100
+++ new/polaris-5.2.0/pkg/dashboard/helpers_test.go 2022-04-08
15:54:03.000000000 +0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package dashboard
import (
@@ -238,4 +252,3 @@
assert.Equal(t, expectedOutput, actual)
assert.NotEqual(t, true, actual)
}
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/kube/resource.go
new/polaris-5.2.0/pkg/kube/resource.go
--- old/polaris-5.1.0/pkg/kube/resource.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/pkg/kube/resource.go 2022-04-08 15:54:03.000000000
+0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package kube
import (
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/kube/resources.go
new/polaris-5.2.0/pkg/kube/resources.go
--- old/polaris-5.1.0/pkg/kube/resources.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/pkg/kube/resources.go 2022-04-08 15:54:03.000000000
+0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package kube
import (
@@ -239,19 +253,38 @@
logrus.Errorf("Error fetching Cluster API version: %v", err)
return nil, err
}
- provider :=
newResourceProvider(serverVersion.Major+"."+serverVersion.Minor, "Cluster",
clusterName)
+
+ sourceType := "Cluster"
+ if c.Namespace != "" {
+ logrus.Debug("namespace is specififed in config, setting source
type to ClusterNamespace")
+ sourceType = "ClusterNamespace"
+ }
+ provider :=
newResourceProvider(serverVersion.Major+"."+serverVersion.Minor, sourceType,
clusterName)
nodes, err := kube.CoreV1().Nodes().List(ctx, listOpts)
if err != nil {
logrus.Errorf("Error fetching Nodes: %v", err)
return nil, err
}
- namespaces, err := kube.CoreV1().Namespaces().List(ctx, listOpts)
- if err != nil {
- logrus.Errorf("Error fetching Namespaces: %v", err)
- return nil, err
+
+ var namespaces *corev1.NamespaceList
+ if c.Namespace != "" {
+ ns, err := kube.CoreV1().Namespaces().Get(ctx, c.Namespace,
metav1.GetOptions{})
+ if err != nil {
+ return nil, err
+ }
+ namespaces = &corev1.NamespaceList{
+ Items: []corev1.Namespace{*ns},
+ }
+ } else {
+ nsList, err := kube.CoreV1().Namespaces().List(ctx, listOpts)
+ if err != nil {
+ logrus.Errorf("Error fetching Namespaces: %v", err)
+ return nil, err
+ }
+ namespaces = nsList
}
- pods, err := kube.CoreV1().Pods("").List(ctx, listOpts)
+ pods, err := kube.CoreV1().Pods(c.Namespace).List(ctx, listOpts)
if err != nil {
logrus.Errorf("Error fetching Pods: %v", err)
return nil, err
@@ -287,6 +320,7 @@
}
}
+ var kubernetesResources []GenericResource
for _, kind := range additionalKinds {
groupKind :=
parseGroupKind(maybeTransformKindIntoGroupKind(string(kind)))
mapping, err := (restMapper).RESTMapping(groupKind)
@@ -295,7 +329,7 @@
return nil, err
}
- objects, err :=
(*dynamic).Resource(mapping.Resource).Namespace("").List(ctx,
metav1.ListOptions{})
+ objects, err :=
(*dynamic).Resource(mapping.Resource).Namespace(c.Namespace).List(ctx,
metav1.ListOptions{})
if err != nil {
logrus.Warnf("Error retrieving parent object API %s and
Kind %s because of error: %v", mapping.Resource.Version,
mapping.Resource.Resource, err)
return nil, err
@@ -305,7 +339,7 @@
if err != nil {
return nil, err
}
- provider.Resources.addResource(res)
+ kubernetesResources = append(kubernetesResources, res)
}
}
@@ -316,9 +350,12 @@
logrus.Errorf("Error loading controllers from pods: %v", err)
return nil, err
}
+ // resources loaded from custom checks can also contain controllers and
thus would be added twice to the provider
+ kubernetesResources =
deduplicateControllers(append(kubernetesResources, controllers...))
+
provider.Nodes = nodes.Items
provider.Namespaces = namespaces.Items
- provider.Resources.addResources(controllers)
+ provider.Resources.addResources(kubernetesResources)
return &provider, nil
}
@@ -341,14 +378,14 @@
}
interfaces = append(interfaces, workload)
}
- return deduplicateControllers(interfaces), nil
+ return interfaces, nil
}
// Because the controllers with an Owner take on the name of the Owner, this
eliminates any duplicates.
// In cases like CronJobs older children can hang around, so this takes the
most recent.
-func deduplicateControllers(inputControllers []GenericResource)
[]GenericResource {
+func deduplicateControllers(inputResources []GenericResource)
[]GenericResource {
controllerMap := make(map[string]GenericResource)
- for _, controller := range inputControllers {
+ for _, controller := range inputResources {
key := controller.ObjectMeta.GetNamespace() + "/" +
controller.Kind + "/" + controller.ObjectMeta.GetName()
oldController, ok := controllerMap[key]
if !ok ||
controller.ObjectMeta.GetCreationTimestamp().Time.After(oldController.ObjectMeta.GetCreationTimestamp().Time)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/kube/resources_test.go
new/polaris-5.2.0/pkg/kube/resources_test.go
--- old/polaris-5.1.0/pkg/kube/resources_test.go 2022-03-15
15:02:20.000000000 +0100
+++ new/polaris-5.2.0/pkg/kube/resources_test.go 2022-04-08
15:54:03.000000000 +0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package kube
import (
@@ -83,15 +97,6 @@
func TestGetResourceFromAPI(t *testing.T) {
k8s, dynamicInterface :=
test.SetupTestAPI(test.GetMockControllers("test")...)
- resources, err := CreateResourceProviderFromAPI(context.Background(),
k8s, "test", &dynamicInterface, conf.Configuration{})
- assert.Equal(t, nil, err, "Error should be nil")
-
- assert.Equal(t, "Cluster", resources.SourceType, "Should have type
Path")
- assert.Equal(t, "test", resources.SourceName, "Should have source name")
- assert.IsType(t, time.Now(), resources.CreationTime, "Creation time
should be set")
-
- assert.Equal(t, 0, len(resources.Nodes), "Should not have any nodes")
- assert.Equal(t, 5, len(resources.Resources), "Should have 5
controllers")
expectedNames := map[string]bool{
"deploy": false,
@@ -100,12 +105,68 @@
"statefulset": false,
"daemonset": false,
}
- for _, controllers := range resources.Resources {
- for _, ctrl := range controllers {
- expectedNames[ctrl.ObjectMeta.GetName()] = true
- }
+
+ tests := []struct {
+ name string
+ config conf.Configuration
+ want *ResourceProvider
+ wantErr bool
+ clusterName string
+ }{
+ {
+ name: "standard",
+ config: conf.Configuration{},
+ clusterName: "test1",
+ want: &ResourceProvider{
+ SourceType: "Cluster",
+ SourceName: "test1",
+ CreationTime: time.Now(),
+ },
+ },
+ {
+ name: "namespaced",
+ config: conf.Configuration{
+ Namespace: "test",
+ },
+ clusterName: "test2",
+ want: &ResourceProvider{
+ SourceType: "ClusterNamespace",
+ SourceName: "test2",
+ CreationTime: time.Now(),
+ },
+ },
+ {
+ name: "namespace does not exist",
+ config: conf.Configuration{
+ Namespace: "test3",
+ },
+ clusterName: "test3",
+ wantErr: true,
+ },
}
- for name, val := range expectedNames {
- assert.Equal(t, true, val, name)
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ resources, err :=
CreateResourceProviderFromAPI(context.Background(), k8s, tt.clusterName,
&dynamicInterface, tt.config)
+
+ if tt.wantErr {
+ assert.Error(t, err)
+ } else {
+ assert.NoError(t, err)
+ assert.Equal(t, tt.want.SourceType,
resources.SourceType)
+ assert.Equal(t, tt.want.SourceName,
resources.SourceName)
+ assert.IsType(t, tt.want.CreationTime,
resources.CreationTime)
+ assert.Equal(t, 0, len(resources.Nodes),
"Should not have any nodes")
+ assert.Equal(t, 5, len(resources.Resources),
"Should have 5 controllers")
+
+ for _, controllers := range resources.Resources
{
+ for _, ctrl := range controllers {
+
expectedNames[ctrl.ObjectMeta.GetName()] = true
+ }
+ }
+ for name, val := range expectedNames {
+ assert.Equal(t, true, val, name)
+ }
+ }
+ })
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/mutation/mutate.go
new/polaris-5.2.0/pkg/mutation/mutate.go
--- old/polaris-5.1.0/pkg/mutation/mutate.go 1970-01-01 01:00:00.000000000
+0100
+++ new/polaris-5.2.0/pkg/mutation/mutate.go 2022-04-08 15:54:03.000000000
+0200
@@ -0,0 +1,78 @@
+package mutation
+
+import (
+ "encoding/json"
+ "fmt"
+
+ jsonpatch "github.com/evanphx/json-patch/v5"
+ "github.com/fairwindsops/polaris/pkg/config"
+ "github.com/fairwindsops/polaris/pkg/kube"
+ "github.com/fairwindsops/polaris/pkg/validator"
+)
+
+// ApplyAllSchemaMutations applies available mutation to a single resource
+func ApplyAllSchemaMutations(conf *config.Configuration, resourceProvider
*kube.ResourceProvider, resource kube.GenericResource, mutations
[]map[string]interface{}) (kube.GenericResource, error) {
+ resByte := resource.OriginalObjectJSON
+ var jsonByte []byte
+ mutationByte, err := json.Marshal(mutations)
+ if err != nil {
+ return resource, err
+ }
+
+ patch, err := jsonpatch.DecodePatch(mutationByte)
+ if err != nil {
+ return resource, err
+ }
+ jsonByte, err = patch.Apply(resByte)
+ if err != nil {
+ return resource, err
+ }
+ mutated, err := kube.NewGenericResourceFromBytes(jsonByte)
+ if err != nil {
+ return resource, err
+ }
+
+ return mutated, nil
+}
+
+// GetMutationsFromResults returns all mutations from results
+func GetMutationsFromResults(conf *config.Configuration, results
[]validator.Result) map[string][]map[string]interface{} {
+ allMutationsFromResults := make(map[string][]map[string]interface{})
+ for _, result := range results {
+ key := fmt.Sprintf("%s/%s/%s", result.Kind, result.Name,
result.Namespace)
+
+ for _, resultMessage := range result.Results {
+ if len(resultMessage.Mutations) > 0 {
+ mutations, ok := allMutationsFromResults[key]
+ if !ok {
+ mutations =
make([]map[string]interface{}, 0)
+ }
+ allMutationsFromResults[key] =
append(mutations, resultMessage.Mutations...)
+ }
+ }
+
+ for _, resultMessage := range result.PodResult.Results {
+ if len(resultMessage.Mutations) > 0 {
+ mutations, ok := allMutationsFromResults[key]
+ if !ok {
+ mutations =
make([]map[string]interface{}, 0)
+ }
+ allMutationsFromResults[key] =
append(mutations, resultMessage.Mutations...)
+ }
+ }
+
+ for _, containerResult := range
result.PodResult.ContainerResults {
+ for _, resultMessage := range containerResult.Results {
+ if len(resultMessage.Mutations) > 0 {
+ mutations, ok :=
allMutationsFromResults[key]
+ if !ok {
+ mutations =
make([]map[string]interface{}, 0)
+ }
+ allMutationsFromResults[key] =
append(mutations, resultMessage.Mutations...)
+ }
+ }
+ }
+
+ }
+ return allMutationsFromResults
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/validator/fullaudit.go
new/polaris-5.2.0/pkg/validator/fullaudit.go
--- old/polaris-5.1.0/pkg/validator/fullaudit.go 2022-03-15
15:02:20.000000000 +0100
+++ new/polaris-5.2.0/pkg/validator/fullaudit.go 2022-04-08
15:54:03.000000000 +0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package validator
import (
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/validator/fullaudit_test.go
new/polaris-5.2.0/pkg/validator/fullaudit_test.go
--- old/polaris-5.1.0/pkg/validator/fullaudit_test.go 2022-03-15
15:02:20.000000000 +0100
+++ new/polaris-5.2.0/pkg/validator/fullaudit_test.go 2022-04-08
15:54:03.000000000 +0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package validator
import (
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/validator/output.go
new/polaris-5.2.0/pkg/validator/output.go
--- old/polaris-5.1.0/pkg/validator/output.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/pkg/validator/output.go 2022-04-08 15:54:03.000000000
+0200
@@ -72,12 +72,13 @@
// ResultMessage is the result of a given check
type ResultMessage struct {
- ID string
- Message string
- Details []string
- Success bool
- Severity config.Severity
- Category string
+ ID string
+ Message string
+ Details []string
+ Success bool
+ Severity config.Severity
+ Category string
+ Mutations []map[string]interface{}
}
// ResultSet contiains the results for a set of checks
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/validator/schema.go
new/polaris-5.2.0/pkg/validator/schema.go
--- old/polaris-5.1.0/pkg/validator/schema.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/pkg/validator/schema.go 2022-04-08 15:54:03.000000000
+0200
@@ -1,11 +1,27 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package validator
import (
"fmt"
"sort"
+ "strconv"
"strings"
"github.com/qri-io/jsonschema"
+ "github.com/sirupsen/logrus"
"github.com/thoas/go-funk"
corev1 "k8s.io/api/core/v1"
metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -239,6 +255,7 @@
}
var passes bool
var issues []jsonschema.ValError
+ var prefix string
if check.SchemaTarget != "" {
if check.SchemaTarget == config.TargetPod && check.Target ==
config.TargetContainer {
podCopy := *test.Resource.PodSpec
@@ -250,7 +267,15 @@
}
} else if check.Target == config.TargetPod {
passes, issues, err = check.CheckPod(test.Resource.PodSpec)
+ prefix = getJSONSchemaPrefix(test.Resource.Kind)
} else if check.Target == config.TargetContainer {
+ containerIndex :=
funk.IndexOf(test.Resource.PodSpec.Containers, func(value corev1.Container)
bool {
+ return value.Name == test.Container.Name
+ })
+ prefix = getJSONSchemaPrefix(test.Resource.Kind)
+ if prefix != "" {
+ prefix += "/containers/" + strconv.Itoa(containerIndex)
+ }
passes, issues, err = check.CheckContainer(test.Container)
} else {
passes, issues, err =
check.CheckObject(test.Resource.Resource.Object)
@@ -279,6 +304,16 @@
}
}
result := makeResult(conf, check, passes, issues)
+ if !passes {
+ if funk.Contains(conf.Mutations, checkID) {
+ mutations := funk.Map(check.Mutations, func(mutation
map[string]interface{}) map[string]interface{} {
+ mutationCopy := deepCopyMutation(mutation)
+ mutationCopy["path"] = prefix +
mutationCopy["path"].(string)
+ return mutationCopy
+ }).([]map[string]interface{})
+ result.Mutations = mutations
+ }
+ }
return &result, nil
}
@@ -290,3 +325,25 @@
sort.Strings(keys)
return keys
}
+
+func deepCopyMutation(source map[string]interface{}) map[string]interface{} {
+ destination := map[string]interface{}{}
+ for key, value := range source {
+ destination[key] = value
+ }
+ return destination
+}
+
+func getJSONSchemaPrefix(kind string) (prefix string) {
+ if kind == "CronJob" {
+ prefix = "/spec/jobTemplate/spec/template/spec"
+ } else if kind == "Pod" {
+ prefix = "/spec"
+ } else if (kind == "Deployment") || (kind == "Daemonset") ||
+ (kind == "Statefulset") || (kind == "Job") || (kind ==
"ReplicationController") {
+ prefix = "/spec/template/spec"
+ } else {
+ logrus.Warningf("Mutation for this this resource (%s) is not
supported", kind)
+ }
+ return prefix
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/validator/schema_test.go
new/polaris-5.2.0/pkg/validator/schema_test.go
--- old/polaris-5.1.0/pkg/validator/schema_test.go 2022-03-15
15:02:20.000000000 +0100
+++ new/polaris-5.2.0/pkg/validator/schema_test.go 2022-04-08
15:54:03.000000000 +0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package validator
import (
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/pkg/validator/summary.go
new/polaris-5.2.0/pkg/validator/summary.go
--- old/polaris-5.1.0/pkg/validator/summary.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/pkg/validator/summary.go 2022-04-08 15:54:03.000000000
+0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package validator
import (
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polaris-5.1.0/test/checks/pullPolicyNotAlways/failure.cron-job.yaml
new/polaris-5.2.0/test/checks/pullPolicyNotAlways/failure.cron-job.yaml
--- old/polaris-5.1.0/test/checks/pullPolicyNotAlways/failure.cron-job.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/polaris-5.2.0/test/checks/pullPolicyNotAlways/failure.cron-job.yaml
2022-04-08 15:54:03.000000000 +0200
@@ -0,0 +1,18 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: hello
+spec:
+ schedule: "* * * * *"
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ containers:
+ - name: hello
+ image: busybox
+ command:
+ - /bin/sh
+ - -c
+ - date; echo Hello from the Kubernetes cluster
+ restartPolicy: OnFailure
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polaris-5.1.0/test/checks/pullPolicyNotAlways/failure.deployment.yaml
new/polaris-5.2.0/test/checks/pullPolicyNotAlways/failure.deployment.yaml
--- old/polaris-5.1.0/test/checks/pullPolicyNotAlways/failure.deployment.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/polaris-5.2.0/test/checks/pullPolicyNotAlways/failure.deployment.yaml
2022-04-08 15:54:03.000000000 +0200
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nginx-deployment
+ labels:
+ app: nginx
+spec:
+ replicas: 3
+ selector:
+ matchLabels:
+ app: nginx
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ - name: nginx
+ image: nginx:1.14.2
+ ports:
+ - containerPort: 80
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polaris-5.1.0/test/checks/pullPolicyNotAlways/success.cron-job.yaml
new/polaris-5.2.0/test/checks/pullPolicyNotAlways/success.cron-job.yaml
--- old/polaris-5.1.0/test/checks/pullPolicyNotAlways/success.cron-job.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/polaris-5.2.0/test/checks/pullPolicyNotAlways/success.cron-job.yaml
2022-04-08 15:54:03.000000000 +0200
@@ -0,0 +1,19 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: hello
+spec:
+ schedule: "* * * * *"
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ containers:
+ - name: hello
+ image: busybox
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - -c
+ - date; echo Hello from the Kubernetes cluster
+ restartPolicy: OnFailure
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polaris-5.1.0/test/checks/pullPolicyNotAlways/success.deployment.yaml
new/polaris-5.2.0/test/checks/pullPolicyNotAlways/success.deployment.yaml
--- old/polaris-5.1.0/test/checks/pullPolicyNotAlways/success.deployment.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/polaris-5.2.0/test/checks/pullPolicyNotAlways/success.deployment.yaml
2022-04-08 15:54:03.000000000 +0200
@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nginx-deployment
+ labels:
+ app: nginx
+spec:
+ replicas: 3
+ selector:
+ matchLabels:
+ app: nginx
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ - name: nginx
+ image: nginx:1.14.2
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 80
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/test/fixtures.go
new/polaris-5.2.0/test/fixtures.go
--- old/polaris-5.1.0/test/fixtures.go 2022-03-15 15:02:20.000000000 +0100
+++ new/polaris-5.2.0/test/fixtures.go 2022-04-08 15:54:03.000000000 +0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package test
import (
@@ -88,7 +102,10 @@
if err != nil {
panic(err)
}
- json.Unmarshal(b, &dest)
+ err = json.Unmarshal(b, &dest)
+ if err != nil {
+ panic(err)
+ }
return pod
}
@@ -158,6 +175,15 @@
return rc, pod
}
+// MockNamespace returns a namespace object.
+func MockNamespace(name string) corev1.Namespace {
+ return corev1.Namespace{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: name,
+ },
+ }
+}
+
// SetupTestAPI creates a test kube API struct.
func SetupTestAPI(objects ...runtime.Object) (kubernetes.Interface,
dynamic.Interface) {
scheme := runtime.NewScheme()
@@ -221,12 +247,19 @@
{Name: "poddisruptionbudgets", Namespaced:
true, Kind: "PodDisruptionBudget", Version: "v1"},
},
},
+ {
+ GroupVersion: "core/v1",
+ APIResources: []metav1.APIResource{
+ {Name: "namespaces", Namespaced: false, Kind:
"Namespace"},
+ },
+ },
}
return k, dynamicClient
}
// GetMockControllers returns mocked controllers for 5 major controller types
func GetMockControllers(namespace string) []runtime.Object {
+ ns := MockNamespace(namespace)
deploy, deployPod := MockDeploy(namespace, "deploy")
statefulset, statefulsetPod := MockStatefulSet(namespace, "statefulset")
daemonset, daemonsetPod := MockDaemonSet(namespace, "daemonset")
@@ -238,5 +271,6 @@
&statefulset, &statefulsetPod,
&cronjob, &cronjobPod,
&job, &jobPod,
+ &ns,
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/test/mutation_test.go
new/polaris-5.2.0/test/mutation_test.go
--- old/polaris-5.1.0/test/mutation_test.go 1970-01-01 01:00:00.000000000
+0100
+++ new/polaris-5.2.0/test/mutation_test.go 2022-04-08 15:54:03.000000000
+0200
@@ -0,0 +1,50 @@
+package test
+
+import (
+ "fmt"
+ "strings"
+ "testing"
+
+ "github.com/fairwindsops/polaris/pkg/config"
+ "github.com/fairwindsops/polaris/pkg/mutation"
+ "github.com/fairwindsops/polaris/pkg/validator"
+ "github.com/stretchr/testify/assert"
+ "github.com/thoas/go-funk"
+)
+
+var configYaml = `
+checks:
+ pullPolicyNotAlways: warning
+mutations:
+ - pullPolicyNotAlways
+`
+
+func TestMutations(t *testing.T) {
+ c, err := config.Parse([]byte(configYaml))
+ assert.NoError(t, err)
+ assert.Len(t, c.Mutations, 1)
+
+ for _, tc := range testCases {
+ if tc.failure && funk.Contains(c.Mutations, tc.check) {
+ key := fmt.Sprintf("%s/%s", tc.check,
strings.ReplaceAll(tc.filename, "failure", "success"))
+ successResources, ok := successResourceMap[key]
+ assert.True(t, ok)
+ assert.Len(t, tc.resources.Resources, 1)
+ assert.Len(t, successResources.Resources, 1)
+ results, err :=
validator.ApplyAllSchemaChecksToResourceProvider(&c, tc.resources)
+ assert.NoError(t, err)
+ assert.Len(t, results, 1)
+ allMutations := mutation.GetMutationsFromResults(&c,
results)
+ assert.Len(t, allMutations, 1)
+ for kind, resources := range tc.resources.Resources {
+ key := fmt.Sprintf("%s/%s/%s",
resources[0].Kind, resources[0].Resource.GetName(),
resources[0].Resource.GetNamespace())
+ mutations := allMutations[key]
+ assert.Len(t, mutations, 1)
+ mutated, err :=
mutation.ApplyAllSchemaMutations(&c, tc.resources, resources[0], mutations)
+ assert.NoError(t, err)
+ expected := successResources.Resources[kind][0]
+ assert.Equal(t, expected.Resource.Object,
mutated.Resource.Object)
+ }
+ }
+ }
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polaris-5.1.0/test/schema_test.go
new/polaris-5.2.0/test/schema_test.go
--- old/polaris-5.1.0/test/schema_test.go 2022-03-15 15:02:20.000000000
+0100
+++ new/polaris-5.2.0/test/schema_test.go 2022-04-08 15:54:03.000000000
+0200
@@ -1,3 +1,17 @@
+// Copyright 2022 FairwindsOps, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package test
import (
@@ -24,6 +38,8 @@
failure bool
}
+var successResourceMap = map[string]*kube.ResourceProvider{}
+
func init() {
_, baseDir, _, _ := runtime.Caller(0)
baseDir = filepath.Dir(baseDir) + "/checks"
@@ -49,6 +65,10 @@
resources: resources,
failure: strings.Contains(tc.Name(),
"failure"),
})
+ if !strings.Contains(tc.Name(), "failure") {
+ key := fmt.Sprintf("%s/%s", check, tc.Name())
+ successResourceMap[key] = resources
+ }
}
}
}
++++++ vendor.tar.gz ++++++
++++ 1715 lines of diff (skipped)
