lint

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2020 License: GPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SUCCESS = 0
	ERROR   = 1
	WARN    = 2
)
View Source 
const (
	// container tests
	CONTAINER_EXISTS_SECURITY_CONTEXT = iota
	CONTAINER_ALLOW_PRIVILEGE_ESCALATION_FALSE
	CONTAINER_VALID_IMAGE
	CONTAINER_PRIVILEGED_FALSE
	CONTAINER_EXISTS_RESOURCE_LIMITS_AND_REQUESTS
	CONTAINER_REQUESTS_CPU_REASONABLE
	// deployment specific tests
	DEPLOYMENT_EXISTS_PROJECT_LABEL
	DEPLOYMENT_EXISTS_APP_K8S_LABEL
	DEPLOYMENT_WITHIN_NAMESPACE
	DEPLOYMENT_CONTAINER_EXISTS_LIVENESS
	DEPLOYMENT_CONTAINER_EXISTS_READINESS
	DEPLOYMENT_API_VERSION
	DEPLOYMENT_LIVENESS_READINESS_NONMATCHING
	// cronjob tests
	CRONJOB_WITHIN_NAMESPACE
	CRONJOB_FORBID_CONCURRENT
	// network policy rules
	NETWORK_POLICY_API_VERSION
	// interdependent rules
	INTERDEPENDENT_AT_MOST_1_SERVICE
	INTERDEPENDENT_NAMESPACE_REQUIRED
	INTERDEPENDENT_NETWORK_POLICY_FOR_NAMESPACE
	INTERDEPENDENT_EXACTLY_1_NAMESPACE
	INTERDEPENDENT_MATCHING_NAMESPACE
	// job rules
	JOB_WITHIN_NAMESPACE
	JOB_RESTART_NEVER
	JOB_EXISTS_TTL
	// namespace rules
	NAMESPACE_VALID_DNS
	// pod spec rules
	POD_NON_NIL_SECURITY_CONTEXT
	POD_RUN_AS_NON_ROOT
	POD_CORRECT_USER_GROUP_ID
	POD_NON_ZERO_CONTAINERS
	POD_EXACTLY_1_CONTAINER
	// service rules
	SERVICE_WITHIN_NAMESPACE
	SERVICE_NAME_VALID_DNS
)
View Source 
const ACCEPTABLE_DNS = `^[a-zA-Z][a-zA-Z0-9\-\.]+[a-zA-Z0-9]$`

Variables

View Source 
var ALLOWED_DOCKER_REGISTRIES []string = []string{"277433404353.dkr.ecr.eu-central-1.amazonaws.com"}

Functions

func ConvertToMetaV1Objects 

func ConvertToMetaV1Objects(data *bytes.Buffer) []metav1.Object

* * This will take a buffer of bytes that encode a YAML object definition (potentially multi-doc) * and will return one or many (in the case of multiple objects) metav1Objects * This is an interface defined in meta/v1 and it's probably the most convenient to use. I love it. * You can access common properties of resources like Name, Namespace, Kind. *

func DetectLineBreak 

func DetectLineBreak(haystack []byte) string

copied from https://github.com/instrumenta/kubeval/blob/9c9c0a5b3cc619dbd94129af77c8512bfd0f1763/kubeval/utils.go#L24

func FindLineNumbers 

func FindLineNumbers(data *bytes.Buffer) []int

* * For each object (in the order that they occur in the yaml file), tell me what line number the object starts on. * This is brittle, will break as soon as kubernetes objects aren't given the apiVersion as the first key sorry about this.

func GetErrorFixes 

func GetErrorFixes() []string

func IsImageAllowed 

func IsImageAllowed(image string) bool

func KubevalLint 

func KubevalLint(data *bytes.Buffer, filename string)

func Lint 

func Lint(k8sObjects []*YamlDerivedKubernetesResource, standaloneLintMode bool, fix bool) int

main function that performs the linting

func LinterMessage 

func LinterMessage(message string, resources []*YamlDerivedKubernetesResource) string

func Report 

func Report(rule *Rule)

Types

type Level 

type Level int

type Metadata 

type Metadata struct {
	LineNumber int
	FilePath   string
}

Captures metadata when parsing yaml objects from text files

type Rule 

type Rule struct {
	ID             RuleID
	Prereqs        []RuleID
	Condition      func() bool
	Message        string
	Level          Level
	Resources      []*YamlDerivedKubernetesResource
	Fix            func() bool
	FixDescription string
}

Represents a Linter Rule

func ContainerRules 

func ContainerRules(container *v1.Container, resource *YamlDerivedKubernetesResource) []*Rule

func CronJobRules 

func CronJobRules(resource *YamlDerivedKubernetesResource) []*Rule

func DeploymentRules 

func DeploymentRules(resource *YamlDerivedKubernetesResource) []*Rule

func DeprecatedDeploymentAPIVersion 

func DeprecatedDeploymentAPIVersion(resource *YamlDerivedKubernetesResource) []*Rule

func DeprecatedNetworkPolicyAPIVersion 

func DeprecatedNetworkPolicyAPIVersion(resource *YamlDerivedKubernetesResource) []*Rule

func IngressRules 

func IngressRules(resource *YamlDerivedKubernetesResource) []*Rule

func InterdependentRules 

func InterdependentRules(context []*YamlDerivedKubernetesResource) []*Rule

func JobRules 

func JobRules(resource *YamlDerivedKubernetesResource) []*Rule

func MatchingNamespace 

func MatchingNamespace(resource *YamlDerivedKubernetesResource, namespace *YamlDerivedKubernetesResource) *Rule

func NamespaceRules 

func NamespaceRules(resource *YamlDerivedKubernetesResource) []*Rule

func NetworkPolicyRules 

func NetworkPolicyRules(resource *YamlDerivedKubernetesResource) []*Rule

func PersistentVolumeClaimRules 

func PersistentVolumeClaimRules(resource *YamlDerivedKubernetesResource) []*Rule

func PodRules 

func PodRules(podSpec *v1.PodSpec, resource *YamlDerivedKubernetesResource) []*Rule

func RoleBindingRules 

func RoleBindingRules(resource *YamlDerivedKubernetesResource) []*Rule

func RoleRules 

func RoleRules(resource *YamlDerivedKubernetesResource) []*Rule

func ServiceAccountRules 

func ServiceAccountRules(resource *YamlDerivedKubernetesResource) []*Rule

func ServiceRules 

func ServiceRules(resource *YamlDerivedKubernetesResource) []*Rule

type RuleID 

type RuleID int

I'm defining an enum for all the test IDs so we know at compile time whether we're trying to access a non-existent test. The old way caused a panic at runtime and was a bit silly.

type RuleSorter 

type RuleSorter struct {
	// contains filtered or unexported fields
}
This object is used to store all the rules belonging to a resource group and looks like:

&rulesorter.RuleSorter{
	rules:24:(*lint.Rule)(0xc00039caf0),
	edges:24:map[lint.RuleID]lint.RuleID{}
}

func NewRuleSorter 

func NewRuleSorter(rules []*Rule) *RuleSorter

* * Create a new RuleSorter given a list of rules * Usual use case is to use the RuleSorter to access the rules in the correct order! *

func (*RuleSorter) Get 

func (r *RuleSorter) Get(id RuleID) *Rule

* * Retrieve the rule given its ID * May as well implement this since I have to make a map for other operations anyway *

func (*RuleSorter) GetDependentRules 

func (r *RuleSorter) GetDependentRules(masterId RuleID) []*Rule

func (*RuleSorter) IsEmpty 

func (r *RuleSorter) IsEmpty() bool

func (*RuleSorter) PopDependentRules 

func (r *RuleSorter) PopDependentRules(masterId RuleID) []*Rule

* * Use this when you want to retrieve AND get rid of all rules that are dependent on a particular rule. * Usually you want to use this when a rule fails, and you would like to avoid executing * the rules that depend on this rule's success. *

func (*RuleSorter) PopNextAvailable 

func (r *RuleSorter) PopNextAvailable() *Rule

* * When you need to know which rule you should execute next, call this method. It will remove * the rule from the data structure and return it. * The algorithm is as follows:

1. Find a rule with no dependencies, in case of multiple such rules the first one is chosen 2. Find all the rules which depend on this rule, and remove it from it's dependency list 3. Remove the rule itself from the edge map 4. Return the rule *

type YamlDerivedKubernetesResource 

type YamlDerivedKubernetesResource struct {
	Resource runtime.Object
	Metadata
}

func AttachMetaData 

func AttachMetaData(data *bytes.Buffer, yamlFilePath string) []*YamlDerivedKubernetesResource

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.