diff --git a/.github/workflows/go-build.yml b/.github/workflows/go-build.yml index c30a8f8..4f6bb24 100644 --- a/.github/workflows/go-build.yml +++ b/.github/workflows/go-build.yml @@ -39,4 +39,4 @@ jobs: - name: Check Docker image - help run: docker run ${{ steps.build_docker.outputs.digest }} -h - name: Check Docker image - scan - run: docker run ${{ steps.build_docker.outputs.digest }} -dirpath / + run: docker run --rm -v $PWD/tests/bookinfo:/bookinfo ${{ steps.build_docker.outputs.digest }} -dirpath /bookinfo diff --git a/cmd/nettop/main_test.go b/cmd/nettop/main_test.go index f15d37f..57f7373 100644 --- a/cmd/nettop/main_test.go +++ b/cmd/nettop/main_test.go @@ -200,6 +200,15 @@ var ( true, nil, }, + { + "badYamls", + [][]string{{"bad_yamls"}}, + JSONFormat, + true, + []string{"-v"}, + false, + nil, + }, } currentDir, _ = os.Getwd() @@ -211,7 +220,9 @@ func (td *TestDetails) runTest(t *testing.T) { outFileName, err := getTempOutputFile() require.Nil(t, err) - err = _main(getTestArgs(td, outFileName)) + testArgs := getTestArgs(td, outFileName) + t.Logf("Test args: %v", testArgs) + err = _main(testArgs) if td.expectError { require.NotNil(t, err) @@ -296,8 +307,8 @@ func compareFiles(expectedFile, actualFile string) (bool, error) { for i := 0; i < len(expectedLines); i++ { lineExpected := expectedLines[i] lineActual := actualLines[i] - if lineExpected != lineActual && !strings.Contains(lineExpected, "\"filepath\"") { - fmt.Printf("Gap in line %d: expected(%s): %s, actual(%s): %s", i, expectedFile, lineExpected, actualFile, lineActual) + if lineExpected != lineActual && !strings.Contains(lineExpected, "filepath") { + fmt.Printf("Gap in line %d:\n expected(%s): %s\n actual(%s): %s\n", i, expectedFile, lineExpected, actualFile, lineActual) return false, nil } } diff --git a/go.mod b/go.mod index bbb113f..1136813 100644 --- a/go.mod +++ b/go.mod @@ -3,29 +3,61 @@ module github.com/np-guard/cluster-topology-analyzer go 1.20 require ( + github.com/np-guard/netpol-analyzer v1.0.1 github.com/openshift/api v0.0.0-20230502160752-c71432710382 - github.com/stretchr/testify v1.8.3 + github.com/stretchr/testify v1.8.4 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.28.2 k8s.io/apimachinery v0.28.2 + k8s.io/cli-runtime v0.28.2 ) require ( github.com/davecgh/go-spew v1.1.1 // indirect + github.com/emicklei/go-restful/v3 v3.9.0 // indirect + github.com/evanphx/json-patch v4.12.0+incompatible // indirect + github.com/go-errors/errors v1.4.2 // indirect github.com/go-logr/logr v1.2.4 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect + github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/imdario/mergo v0.3.6 // indirect + github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/xlab/treeprint v1.2.0 // indirect + go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect golang.org/x/net v0.17.0 // indirect + golang.org/x/oauth2 v0.8.0 // indirect + golang.org/x/sync v0.2.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/term v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect + golang.org/x/time v0.3.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.30.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect + k8s.io/client-go v0.28.2 // indirect k8s.io/klog/v2 v2.100.1 // indirect + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 7c9a9f7..3d4ec35 100644 --- a/go.sum +++ b/go.sum @@ -1,87 +1,240 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= +github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= +github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= +github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/np-guard/netpol-analyzer v1.0.1 h1:LIRCNmEZXk2ZtM1mM7E2EHs4izlfdXIs0OvlTK0qEJo= +github.com/np-guard/netpol-analyzer v1.0.1/go.mod h1:t/LmFgOT8bTGaqxm4KR8/nOZe9es7WVVs1iDlzueLhc= +github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= +github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= github.com/openshift/api v0.0.0-20230502160752-c71432710382 h1:oIlUAGCdktBKMjCMtP7AedtAc00T/GFaSosoqBa2gkU= github.com/openshift/api v0.0.0-20230502160752-c71432710382/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= -github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= +github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= +go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.28.2 h1:9mpl5mOb6vXZvqbQmankOfPIGiudghwCoLl1EYfUZbw= k8s.io/api v0.28.2/go.mod h1:RVnJBsjU8tcMq7C3iaRSGMeaKt2TWEUXcpIt/90fjEg= k8s.io/apimachinery v0.28.2 h1:KCOJLrc6gu+wV1BYgwik4AF4vXOlVJPdiqn0yAWWwXQ= k8s.io/apimachinery v0.28.2/go.mod h1:RdzF87y/ngqk9H4z3EL2Rppv5jj95vGS/HaFXrLDApU= +k8s.io/cli-runtime v0.28.2 h1:64meB2fDj10/ThIMEJLO29a1oujSm0GQmKzh1RtA/uk= +k8s.io/cli-runtime v0.28.2/go.mod h1:bTpGOvpdsPtDKoyfG4EG041WIyFZLV9qq4rPlkyYfDA= +k8s.io/client-go v0.28.2 h1:DNoYI1vGq0slMBN/SWKMZMw0Rq+0EQW6/AK4v9+3VeY= +k8s.io/client-go v0.28.2/go.mod h1:sMkApowspLuc7omj1FOSUxSoqjr+d5Q0Yc0LOFnYFJY= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= +sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY= +sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U= +sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/pkg/analyzer/resources.go b/pkg/analyzer/resources.go index fee1e17..8ce2ab9 100644 --- a/pkg/analyzer/resources.go +++ b/pkg/analyzer/resources.go @@ -7,20 +7,19 @@ SPDX-License-Identifier: Apache-2.0 package analyzer import ( - "bytes" - - "k8s.io/apimachinery/pkg/util/yaml" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/cli-runtime/pkg/resource" ) -const yamlParseBufferSize = 200 - -func parseResource[T interface{}](objDataBuf []byte) *T { - reader := bytes.NewReader(objDataBuf) - if reader == nil { +func parseResourceFromInfo[T interface{}](info *resource.Info) *T { + obj, ok := info.Object.(*unstructured.Unstructured) + if !ok { return nil } + var rc T - err := yaml.NewYAMLOrJSONDecoder(reader, yamlParseBufferSize).Decode(&rc) + err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &rc) if err != nil { return nil } diff --git a/pkg/analyzer/scan.go b/pkg/analyzer/scan.go index a159ac3..e6bb809 100644 --- a/pkg/analyzer/scan.go +++ b/pkg/analyzer/scan.go @@ -19,43 +19,44 @@ import ( networkv1 "k8s.io/api/networking/v1" metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/validation" + "k8s.io/cli-runtime/pkg/resource" "github.com/np-guard/cluster-topology-analyzer/pkg/common" ) -// Create a common.Resource object from a k8s Workload object -func ScanK8sWorkloadObject(kind string, objDataBuf []byte) (*common.Resource, error) { +// ScanK8sWorkloadObjectFromInfo creates a common.Resource object from an Info object +func ScanK8sWorkloadObjectFromInfo(info *resource.Info) (*common.Resource, error) { var podSpecV1 *v1.PodTemplateSpec var resourceCtx common.Resource var metaObj metaV1.Object - resourceCtx.Resource.Kind = kind - switch kind { // TODO: handle Pod + resourceCtx.Resource.Kind = info.Object.GetObjectKind().GroupVersionKind().Kind + switch resourceCtx.Resource.Kind { // TODO: handle Pod case "ReplicaSet": - obj := parseResource[appsv1.ReplicaSet](objDataBuf) + obj := parseResourceFromInfo[appsv1.ReplicaSet](info) podSpecV1 = &obj.Spec.Template metaObj = obj case "ReplicationController": - obj := parseResource[v1.ReplicationController](objDataBuf) + obj := parseResourceFromInfo[v1.ReplicationController](info) podSpecV1 = obj.Spec.Template metaObj = obj case "Deployment": - obj := parseResource[appsv1.Deployment](objDataBuf) + obj := parseResourceFromInfo[appsv1.Deployment](info) podSpecV1 = &obj.Spec.Template metaObj = obj case "DaemonSet": - obj := parseResource[appsv1.DaemonSet](objDataBuf) + obj := parseResourceFromInfo[appsv1.DaemonSet](info) podSpecV1 = &obj.Spec.Template metaObj = obj case "StatefulSet": - obj := parseResource[appsv1.StatefulSet](objDataBuf) + obj := parseResourceFromInfo[appsv1.StatefulSet](info) podSpecV1 = &obj.Spec.Template metaObj = obj case "Job": - obj := parseResource[batchv1.Job](objDataBuf) + obj := parseResourceFromInfo[batchv1.Job](info) podSpecV1 = &obj.Spec.Template metaObj = obj default: - return nil, fmt.Errorf("unsupported object type: `%s`", kind) + return nil, fmt.Errorf("unsupported object type: `%s`", resourceCtx.Resource.Kind) } parseDeployResource(podSpecV1, metaObj, &resourceCtx) @@ -70,8 +71,9 @@ func matchLabelSelectorToStrLabels(labels map[string]string) []string { return res } -func ScanK8sConfigmapObject(objDataBuf []byte) (*common.CfgMap, error) { - obj := parseResource[v1.ConfigMap](objDataBuf) +// ScanK8sConfigmapInfo creates a common.CfgMap object from a k8s ConfigMap object +func ScanK8sConfigmapInfo(info *resource.Info) (*common.CfgMap, error) { + obj := parseResourceFromInfo[v1.ConfigMap](info) if obj == nil { return nil, fmt.Errorf("unable to parse configmap") } @@ -80,9 +82,9 @@ func ScanK8sConfigmapObject(objDataBuf []byte) (*common.CfgMap, error) { return &common.CfgMap{FullName: fullName, Data: obj.Data}, nil } -// Create a common.Service object from a k8s Service object -func ScanK8sServiceObject(objDataBuf []byte) (*common.Service, error) { - svcObj := parseResource[v1.Service](objDataBuf) +// ScanK8sServiceInfo creates a common.Service object from a k8s Service object +func ScanK8sServiceInfo(info *resource.Info) (*common.Service, error) { + svcObj := parseResourceFromInfo[v1.Service](info) if svcObj == nil { return nil, fmt.Errorf("failed to parse Service resource") } @@ -103,9 +105,9 @@ func ScanK8sServiceObject(objDataBuf []byte) (*common.Service, error) { return &serviceCtx, nil } -// Scan an OpenShift Route object and mark the services it uses to be exposed inside the cluster -func ScanOCRouteObject(objDataBuf []byte, servicesToExpose common.ServicesToExpose) error { - routeObj := parseResource[ocroutev1.Route](objDataBuf) +// ScanOCRouteObjectFromInfo updates servicesToExpose based on an OpenShift Route object +func ScanOCRouteObjectFromInfo(info *resource.Info, servicesToExpose common.ServicesToExpose) error { + routeObj := parseResourceFromInfo[ocroutev1.Route](info) if routeObj == nil { return fmt.Errorf("failed to parse Route resource") } @@ -123,9 +125,9 @@ func ScanOCRouteObject(objDataBuf []byte, servicesToExpose common.ServicesToExpo return nil } -// Scan an Ingress object and mark the services it uses to be exposed inside the cluster -func ScanIngressObject(objDataBuf []byte, servicesToExpose common.ServicesToExpose) error { - ingressObj := parseResource[networkv1.Ingress](objDataBuf) +// ScanIngressObjectFromInfo updates servicesToExpose based on an K8s Ingress object +func ScanIngressObjectFromInfo(info *resource.Info, servicesToExpose common.ServicesToExpose) error { + ingressObj := parseResourceFromInfo[networkv1.Ingress](info) if ingressObj == nil { return fmt.Errorf("failed to parse Ingress resource") } diff --git a/pkg/analyzer/scan_test.go b/pkg/analyzer/scan_test.go index 223e7c4..34a9eae 100644 --- a/pkg/analyzer/scan_test.go +++ b/pkg/analyzer/scan_test.go @@ -7,6 +7,9 @@ import ( "testing" "github.com/stretchr/testify/require" + "k8s.io/cli-runtime/pkg/resource" + + "github.com/np-guard/netpol-analyzer/pkg/netpol/manifests/fsscanner" "github.com/np-guard/cluster-topology-analyzer/pkg/common" ) @@ -35,9 +38,9 @@ func TestNetworkAddressValue(t *testing.T) { } func TestScanningSvc(t *testing.T) { - resourceBuf, err := loadResourceAsByteArray([]string{"k8s_guestbook", "frontend-service.yaml"}) + resourceInfo, err := loadResourceAsInfo([]string{"k8s_guestbook", "frontend-service.yaml"}) require.Nil(t, err) - res, err := ScanK8sServiceObject(resourceBuf) + res, err := ScanK8sServiceInfo(resourceInfo) require.Nil(t, err) require.Equal(t, "frontend", res.Resource.Name) require.Len(t, res.Resource.Selectors, 2) @@ -46,9 +49,9 @@ func TestScanningSvc(t *testing.T) { } func TestScanningDeploymentWithArgs(t *testing.T) { - resourceBuf, err := loadResourceAsByteArray([]string{"sockshop", "manifests", "01-carts-dep.yaml"}) + resourceInfo, err := loadResourceAsInfo([]string{"sockshop", "manifests", "01-carts-dep.yaml"}) require.Nil(t, err) - res, err := ScanK8sWorkloadObject("Deployment", resourceBuf) + res, err := ScanK8sWorkloadObjectFromInfo(resourceInfo) require.Nil(t, err) require.Equal(t, "carts", res.Resource.Name) require.Len(t, res.Resource.NetworkAddrs, 1) @@ -58,9 +61,9 @@ func TestScanningDeploymentWithArgs(t *testing.T) { } func TestScanningDeploymentWithEnvs(t *testing.T) { - resourceBuf, err := loadResourceAsByteArray([]string{"k8s_guestbook", "frontend-deployment.yaml"}) + resourceInfo, err := loadResourceAsInfo([]string{"k8s_guestbook", "frontend-deployment.yaml"}) require.Nil(t, err) - res, err := ScanK8sWorkloadObject("Deployment", resourceBuf) + res, err := ScanK8sWorkloadObjectFromInfo(resourceInfo) require.Nil(t, err) require.Equal(t, "frontend", res.Resource.Name) require.Len(t, res.Resource.NetworkAddrs, 4) @@ -68,9 +71,9 @@ func TestScanningDeploymentWithEnvs(t *testing.T) { } func TestScanningDeploymentWithConfigMapRef(t *testing.T) { - resourceBuf, err := loadResourceAsByteArray([]string{"acs-security-demos", "frontend", "webapp", "deployment.yaml"}) + resourceInfo, err := loadResourceAsInfo([]string{"acs-security-demos", "frontend", "webapp", "deployment.yaml"}) require.Nil(t, err) - res, err := ScanK8sWorkloadObject("Deployment", resourceBuf) + res, err := ScanK8sWorkloadObjectFromInfo(resourceInfo) require.Nil(t, err) require.Equal(t, "webapp", res.Resource.Name) require.Len(t, res.Resource.ConfigMapRefs, 1) @@ -79,9 +82,9 @@ func TestScanningDeploymentWithConfigMapRef(t *testing.T) { } func TestScanningReplicaSet(t *testing.T) { - resourceBuf, err := loadResourceAsByteArray([]string{"k8s_guestbook", "redis-leader-deployment.yaml"}) + resourceInfo, err := loadResourceAsInfo([]string{"k8s_guestbook", "redis-leader-deployment.yaml"}) require.Nil(t, err) - res, err := ScanK8sWorkloadObject("ReplicaSet", resourceBuf) + res, err := ScanK8sWorkloadObjectFromInfo(resourceInfo) require.Nil(t, err) require.Equal(t, "redis-leader", res.Resource.Name) require.Len(t, res.Resource.NetworkAddrs, 0) @@ -89,35 +92,41 @@ func TestScanningReplicaSet(t *testing.T) { } func TestScanningConfigMap(t *testing.T) { - resourceBuf, err := loadResourceAsByteArray([]string{"qotd", "qotd_usecase.yaml"}) + resourceInfo, err := loadResourceAsInfo([]string{"qotd", "qotd_usecase.yaml"}) require.Nil(t, err) - res, err := ScanK8sConfigmapObject(resourceBuf) + res, err := ScanK8sConfigmapInfo(resourceInfo) require.Nil(t, err) require.Equal(t, res.FullName, "qotd-load/qotd-usecase-library") require.Len(t, res.Data, 5) } func TestScanningIngress(t *testing.T) { - resourceBuf, err := loadResourceAsByteArray([]string{"bookinfo", "bookinfo-ingress.yaml"}) + resourceInfo, err := loadResourceAsInfo([]string{"bookinfo", "bookinfo-ingress.yaml"}) require.Nil(t, err) toExpose := common.ServicesToExpose{} - err = ScanIngressObject(resourceBuf, toExpose) + err = ScanIngressObjectFromInfo(resourceInfo, toExpose) require.Nil(t, err) require.Len(t, toExpose, 1) } func TestScanningRoute(t *testing.T) { - resourceBuf, err := loadResourceAsByteArray([]string{"acs-security-demos", "frontend", "webapp", "route.yaml"}) + resourceInfo, err := loadResourceAsInfo([]string{"acs-security-demos", "frontend", "webapp", "route.yaml"}) require.Nil(t, err) toExpose := common.ServicesToExpose{} - err = ScanOCRouteObject(resourceBuf, toExpose) + err = ScanOCRouteObjectFromInfo(resourceInfo, toExpose) require.Nil(t, err) require.Len(t, toExpose, 1) } -func loadResourceAsByteArray(resourceDirs []string) ([]byte, error) { +func loadResourceAsInfo(resourceDirs []string) (*resource.Info, error) { currentDir, _ := os.Getwd() resourceRelPath := filepath.Join(resourceDirs...) resourcePath := filepath.Join(currentDir, "..", "..", "tests", resourceRelPath) - return os.ReadFile(resourcePath) + + infos, errs := fsscanner.GetResourceInfosFromDirPath([]string{resourcePath}, true, true) + if len(errs) > 0 { + return nil, errs[0] + } + + return infos[0], nil } diff --git a/pkg/controller/error_types.go b/pkg/controller/error_types.go index 4cc6e3d..4b3941d 100644 --- a/pkg/controller/error_types.go +++ b/pkg/controller/error_types.go @@ -41,14 +41,6 @@ type FailedScanningResource struct { origErr error } -type NotK8sResourceError struct { - origErr error -} - -type MalformedYamlDocError struct { - origErr error -} - type FailedReadingFileError struct { origErr error } @@ -81,22 +73,6 @@ func (err *FailedScanningResource) Unwrap() error { return err.origErr } -func (err *NotK8sResourceError) Error() string { - return fmt.Sprintf("Yaml document is not a K8s resource: %v", err.origErr) -} - -func (err *NotK8sResourceError) Unwrap() error { - return err.origErr -} - -func (err *MalformedYamlDocError) Error() string { - return fmt.Sprintf("YAML document is malformed: %v", err.origErr) -} - -func (err *MalformedYamlDocError) Unwrap() error { - return err.origErr -} - func (err *FailedReadingFileError) Error() string { return fmt.Sprintf("error reading file: %v", err.origErr) } @@ -170,7 +146,7 @@ func noYamlsFound() *FileProcessingError { } func noK8sResourcesFound() *FileProcessingError { - return &FileProcessingError{&NoK8sResourcesFoundError{}, "", 0, -1, false, false} + return &FileProcessingError{&NoK8sResourcesFoundError{}, "", 0, -1, true, true} } func configMapNotFound(cfgMapName, resourceName string) *FileProcessingError { @@ -185,14 +161,6 @@ func failedScanningResource(resourceType, filePath string, err error) *FileProce return &FileProcessingError{&FailedScanningResource{resourceType, err}, filePath, 0, -1, false, false} } -func notK8sResource(filePath string, docID int, err error) *FileProcessingError { - return &FileProcessingError{&NotK8sResourceError{err}, filePath, 0, docID, false, false} -} - -func malformedYamlDoc(filePath string, lineNum, docID int, err error) *FileProcessingError { - return &FileProcessingError{&MalformedYamlDocError{err}, filePath, lineNum, docID, false, true} -} - func failedReadingFile(filePath string, err error) *FileProcessingError { return &FileProcessingError{&FailedReadingFileError{err}, filePath, 0, -1, false, true} } diff --git a/pkg/controller/policies_synthesizer.go b/pkg/controller/policies_synthesizer.go index db4e761..c7fe2ef 100644 --- a/pkg/controller/policies_synthesizer.go +++ b/pkg/controller/policies_synthesizer.go @@ -15,15 +15,16 @@ import ( "path/filepath" networking "k8s.io/api/networking/v1" + "k8s.io/cli-runtime/pkg/resource" "github.com/np-guard/cluster-topology-analyzer/pkg/common" ) const ( - DefaultDNSPort = 53 + DefaultDNSPort = 53 // DefaultDNSPort is the default DNS port to use in the generated policies ) -// Walk function is a function for recursively scanning a directory, in the spirit of Go's native filepath.WalkDir() +// WalkFunction is a function for recursively scanning a directory, in the spirit of Go's native filepath.WalkDir() // See https://pkg.go.dev/path/filepath#WalkDir for full description on how such a function should work type WalkFunction func(root string, fn fs.WalkDirFunc) error @@ -68,6 +69,7 @@ func WithStopOnError() PoliciesSynthesizerOption { } } +// WithDNSPort is a functional option to set the DNS port in the generated policies to a non-default value func WithDNSPort(dnsPort int) PoliciesSynthesizerOption { return func(p *PoliciesSynthesizer) { p.dnsPort = dnsPort @@ -95,16 +97,33 @@ func (ps *PoliciesSynthesizer) Errors() []FileProcessingError { return ps.errors } +// PoliciesFromInfos returns a slice of Kubernetes NetworkPolicies that allow only the connections discovered +// while processing K8s resources in the given slice of Info objects. +func (ps *PoliciesSynthesizer) PoliciesFromInfos(infos []*resource.Info) ([]*networking.NetworkPolicy, error) { + resources, connections, errs := ps.extractConnectionsFromInfos(infos) + policies := []*networking.NetworkPolicy{} + if !stopProcessing(ps.stopOnError, errs) { + policies = ps.synthNetpols(resources, connections) + } + + ps.errors = errs + if err := hasFatalError(errs); err != nil { + return nil, err + } + + return policies, nil +} + // PoliciesFromFolderPath returns a slice of Kubernetes NetworkPolicies that allow only the connections discovered // while processing K8s resources under the provided directory or one of its subdirectories (recursively). func (ps *PoliciesSynthesizer) PoliciesFromFolderPath(dirPath string) ([]*networking.NetworkPolicy, error) { return ps.PoliciesFromFolderPaths([]string{dirPath}) } -// PoliciesFromFolderPath returns a slice of Kubernetes NetworkPolicies that allow only the connections discovered +// PoliciesFromFolderPaths returns a slice of Kubernetes NetworkPolicies that allow only the connections discovered // while processing K8s resources under the provided directories or one of their subdirectories (recursively). func (ps *PoliciesSynthesizer) PoliciesFromFolderPaths(dirPaths []string) ([]*networking.NetworkPolicy, error) { - resources, connections, errs := ps.extractConnections(dirPaths) + resources, connections, errs := ps.extractConnectionsFromFolderPaths(dirPaths) policies := []*networking.NetworkPolicy{} if !stopProcessing(ps.stopOnError, errs) { policies = ps.synthNetpols(resources, connections) @@ -118,16 +137,28 @@ func (ps *PoliciesSynthesizer) PoliciesFromFolderPaths(dirPaths []string) ([]*ne return policies, nil } +// ConnectionsFromInfos returns a slice of Connections, listing the connections discovered +// while processing the K8s resources provided as a slice of Info objects. +func (ps *PoliciesSynthesizer) ConnectionsFromInfos(infos []*resource.Info) ([]*common.Connections, error) { + _, connections, errs := ps.extractConnectionsFromInfos(infos) + ps.errors = errs + if err := hasFatalError(errs); err != nil { + return nil, err + } + + return connections, nil +} + // ConnectionsFromFolderPath returns a slice of Connections, listing the connections discovered // while processing K8s resources under the provided directory or one of its subdirectories (recursively). func (ps *PoliciesSynthesizer) ConnectionsFromFolderPath(dirPath string) ([]*common.Connections, error) { return ps.ConnectionsFromFolderPaths([]string{dirPath}) } -// ConnectionsFromFolderPath returns a slice of Connections, listing the connections discovered +// ConnectionsFromFolderPaths returns a slice of Connections, listing the connections discovered // while processing K8s resources under the provided directories or one of their subdirectories (recursively). func (ps *PoliciesSynthesizer) ConnectionsFromFolderPaths(dirPaths []string) ([]*common.Connections, error) { - _, connections, errs := ps.extractConnections(dirPaths) + _, connections, errs := ps.extractConnectionsFromFolderPaths(dirPaths) ps.errors = errs if err := hasFatalError(errs); err != nil { return nil, err @@ -136,9 +167,29 @@ func (ps *PoliciesSynthesizer) ConnectionsFromFolderPaths(dirPaths []string) ([] return connections, nil } +func (ps *PoliciesSynthesizer) extractConnectionsFromInfos(infos []*resource.Info) ( + []*common.Resource, []*common.Connections, []FileProcessingError) { + resFinder := newResourceFinder(ps.logger, ps.stopOnError, ps.walkFn) + fileErrors := []FileProcessingError{} + for _, info := range infos { + err := resFinder.parseInfo(info) + if err != nil { + kind := "" + if info != nil && info.Object != nil { + kind = info.Object.GetObjectKind().GroupVersionKind().Kind + } + fileErrors = appendAndLogNewError(fileErrors, failedScanningResource(kind, info.Source, err), ps.logger) + } + } + + wls, conns, errs := ps.extractConnections(resFinder) + fileErrors = append(fileErrors, errs...) + return wls, conns, fileErrors +} + // Scans the given directory for YAMLs with k8s resources and extracts required connections between workloads -func (ps *PoliciesSynthesizer) extractConnections(dirPaths []string) ([]*common.Resource, []*common.Connections, []FileProcessingError) { - // 1. Get all relevant resources from the repo +func (ps *PoliciesSynthesizer) extractConnectionsFromFolderPaths(dirPaths []string) ( + []*common.Resource, []*common.Connections, []FileProcessingError) { resFinder := newResourceFinder(ps.logger, ps.stopOnError, ps.walkFn) fileErrors := []FileProcessingError{} for _, dirPath := range dirPaths { @@ -148,20 +199,26 @@ func (ps *PoliciesSynthesizer) extractConnections(dirPaths []string) ([]*common. return nil, nil, fileErrors } } + wls, conns, errs := ps.extractConnections(resFinder) + fileErrors = append(fileErrors, errs...) + return wls, conns, fileErrors +} + +func (ps *PoliciesSynthesizer) extractConnections(resFinder *resourceFinder) ( + []*common.Resource, []*common.Connections, []FileProcessingError) { if len(resFinder.workloads) == 0 { - fileErrors = appendAndLogNewError(fileErrors, noK8sResourcesFound(), ps.logger) - return nil, nil, fileErrors + return nil, nil, appendAndLogNewError(nil, noK8sResourcesFound(), ps.logger) } - // 2. Inline configmaps values as workload envs - errs := resFinder.inlineConfigMapRefsAsEnvs() - fileErrors = append(fileErrors, errs...) + // Inline configmaps values as workload envs + fileErrors := resFinder.inlineConfigMapRefsAsEnvs() if stopProcessing(ps.stopOnError, fileErrors) { return nil, nil, fileErrors } + resFinder.exposeServices() - // 3. Discover all connections between resources + // Discover all connections between resources connections := discoverConnections(resFinder.workloads, resFinder.services, ps.logger) return resFinder.workloads, connections, fileErrors } diff --git a/pkg/controller/policies_synthesizer_test.go b/pkg/controller/policies_synthesizer_test.go index 660102e..88ce492 100644 --- a/pkg/controller/policies_synthesizer_test.go +++ b/pkg/controller/policies_synthesizer_test.go @@ -18,6 +18,10 @@ import ( "github.com/stretchr/testify/require" core "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/cli-runtime/pkg/resource" + + "github.com/np-guard/netpol-analyzer/pkg/netpol/manifests/fsscanner" ) func TestPoliciesSynthesizerAPI(t *testing.T) { @@ -49,6 +53,49 @@ func TestPoliciesSynthesizerAPI(t *testing.T) { os.Remove(outFile) } +func TestPoliciesSynthesizerAPIWithInfos(t *testing.T) { + dirPath := filepath.Join(getTestsDir(), "k8s_wordpress_example") + infos, errs := fsscanner.GetResourceInfosFromDirPath([]string{dirPath}, true, false) + require.Empty(t, errs) + + synthesizer := NewPoliciesSynthesizer() + policies, err := synthesizer.PoliciesFromInfos(infos) + require.Nil(t, err) + require.Empty(t, synthesizer.Errors()) + require.Len(t, policies, 3) // wordpress, mysql and namespace default deny + + conns, err := synthesizer.ConnectionsFromInfos(infos) + require.Nil(t, err) + require.Empty(t, synthesizer.Errors()) + require.Len(t, conns, 2) // internet->wordpress and wordpress->mysql +} + +func TestPoliciesSynthesizerAPIWithInfosEmptySlice(t *testing.T) { + noInfos := []*resource.Info{} + + synthesizer := NewPoliciesSynthesizer() + _, err := synthesizer.PoliciesFromInfos(noInfos) + require.NotNil(t, err) + + _, err = synthesizer.ConnectionsFromInfos(noInfos) + require.NotNil(t, err) +} + +func TestPoliciesSynthesizerAPIWithInfosBadInfo(t *testing.T) { + badInfo1 := resource.Info{} + badInfo2 := resource.Info{Object: &unstructured.Unstructured{}} + badInfo3 := resource.Info{Object: &unstructured.Unstructured{Object: map[string]interface{}{"kind": "bad"}}} + badInfo4 := resource.Info{Object: &unstructured.Unstructured{Object: map[string]interface{}{"kind": "Service", "spec": []string{}}}} + badInfos := []*resource.Info{&badInfo1, &badInfo2, &badInfo3, &badInfo4} + + synthesizer := NewPoliciesSynthesizer() + _, err := synthesizer.PoliciesFromInfos(badInfos) + require.NotNil(t, err) + + _, err = synthesizer.ConnectionsFromInfos(badInfos) + require.NotNil(t, err) +} + func TestPoliciesSynthesizerAPIMultiplePaths(t *testing.T) { dirPath1 := filepath.Join(getTestsDir(), "k8s_wordpress_example", "mysql-deployment.yaml") dirPath2 := filepath.Join(getTestsDir(), "k8s_wordpress_example", "wordpress-deployment.yaml") @@ -57,6 +104,11 @@ func TestPoliciesSynthesizerAPIMultiplePaths(t *testing.T) { require.Nilf(t, err, "expected no fatal errors, but got %v", err) require.Empty(t, synthesizer.Errors()) require.Len(t, netpols, 3) + + conns, err := synthesizer.ConnectionsFromFolderPath(dirPath2) + require.Nilf(t, err, "expected no fatal errors, but got %v", err) + require.Empty(t, synthesizer.Errors()) + require.Len(t, conns, 1) } func TestPoliciesSynthesizerAPIDnsPort(t *testing.T) { @@ -99,7 +151,7 @@ func TestPoliciesSynthesizerAPIFailFast(t *testing.T) { netpols, err := synthesizer.PoliciesFromFolderPath(dirPath) require.Nil(t, err) require.Len(t, synthesizer.Errors(), 1) - badYaml := &MalformedYamlDocError{} + badYaml := &FailedReadingFileError{} require.True(t, errors.As(synthesizer.Errors()[0].Error(), &badYaml)) require.Empty(t, netpols) } @@ -107,7 +159,7 @@ func TestPoliciesSynthesizerAPIFailFast(t *testing.T) { func TestExtractConnectionsNoK8sResources(t *testing.T) { dirPath := filepath.Join(getTestsDir(), "bad_yamls", "irrelevant_k8s_resources.yaml") synthesizer := NewPoliciesSynthesizer() - resources, conns, errs := synthesizer.extractConnections([]string{dirPath}) + resources, conns, errs := synthesizer.extractConnectionsFromFolderPaths([]string{dirPath}) require.Len(t, errs, 1) noK8sRes := &NoK8sResourcesFoundError{} require.True(t, errors.As(errs[0].Error(), &noK8sRes)) @@ -118,7 +170,7 @@ func TestExtractConnectionsNoK8sResources(t *testing.T) { func TestExtractConnectionsNoK8sResourcesFailFast(t *testing.T) { dirPath := filepath.Join(getTestsDir(), "bad_yamls") synthesizer := NewPoliciesSynthesizer(WithStopOnError()) - resources, conns, errs := synthesizer.extractConnections([]string{dirPath}) + resources, conns, errs := synthesizer.extractConnectionsFromFolderPaths([]string{dirPath}) require.Len(t, errs, 1) require.Empty(t, conns) require.Empty(t, resources) @@ -127,7 +179,7 @@ func TestExtractConnectionsNoK8sResourcesFailFast(t *testing.T) { func TestExtractConnectionsBadConfigMapRefs(t *testing.T) { dirPath := filepath.Join(getTestsDir(), "bad_yamls", "bad_configmap_refs.yaml") synthesizer := NewPoliciesSynthesizer() - resources, conns, errs := synthesizer.extractConnections([]string{dirPath}) + resources, conns, errs := synthesizer.extractConnectionsFromFolderPaths([]string{dirPath}) require.Len(t, errs, 3) noConfigMap := &ConfigMapNotFoundError{} noConfigMapKey := &ConfigMapKeyNotFoundError{} @@ -141,7 +193,7 @@ func TestExtractConnectionsBadConfigMapRefs(t *testing.T) { func TestExtractConnectionsCustomWalk(t *testing.T) { dirPath := filepath.Join(getTestsDir(), "sockshop") synthesizer := NewPoliciesSynthesizer(WithWalkFn(nonRecursiveWalk)) - resources, conns, errs := synthesizer.extractConnections([]string{dirPath}) + resources, conns, errs := synthesizer.extractConnectionsFromFolderPaths([]string{dirPath}) require.Len(t, errs, 2) // no yaml should be found in a non-recursive scan noYamls := &NoYamlsFoundError{} noK8sRes := &NoK8sResourcesFoundError{} @@ -154,7 +206,7 @@ func TestExtractConnectionsCustomWalk(t *testing.T) { func TestExtractConnectionsCustomWalk2(t *testing.T) { dirPath := filepath.Join(getTestsDir(), "sockshop") synthesizer := NewPoliciesSynthesizer(WithWalkFn(filepath.WalkDir)) - resources, conns, errs := synthesizer.extractConnections([]string{dirPath}) + resources, conns, errs := synthesizer.extractConnectionsFromFolderPaths([]string{dirPath}) require.Len(t, errs, 0) require.Len(t, conns, 14) require.Len(t, resources, 14) diff --git a/pkg/controller/resource_finder.go b/pkg/controller/resource_finder.go index 4fa79fd..d542252 100644 --- a/pkg/controller/resource_finder.go +++ b/pkg/controller/resource_finder.go @@ -7,17 +7,14 @@ SPDX-License-Identifier: Apache-2.0 package controller import ( - "bytes" "fmt" - "io" "os" "path/filepath" "regexp" - ocapiv1 "github.com/openshift/api" - "gopkg.in/yaml.v3" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" + "k8s.io/cli-runtime/pkg/resource" + + "github.com/np-guard/netpol-analyzer/pkg/netpol/manifests/fsscanner" "github.com/np-guard/cluster-topology-analyzer/pkg/analyzer" "github.com/np-guard/cluster-topology-analyzer/pkg/common" @@ -53,8 +50,6 @@ type resourceFinder struct { stopOn1stErr bool walkFn WalkFunction // for customizing directory scan - resourceDecoder runtime.Decoder - workloads []*common.Resource // accumulates all workload resources found services []*common.Service // accumulates all service resources found configmaps []*common.CfgMap // accumulates all ConfigMap resources found @@ -64,11 +59,6 @@ type resourceFinder struct { func newResourceFinder(logger Logger, failFast bool, walkFn WalkFunction) *resourceFinder { res := resourceFinder{logger: logger, stopOn1stErr: failFast, walkFn: walkFn} - scheme := runtime.NewScheme() - Codecs := serializer.NewCodecFactory(scheme) - _ = ocapiv1.InstallKube(scheme) // returned error is ignored - seems to be always nil - _ = ocapiv1.Install(scheme) // returned error is ignored - seems to be always nil - res.resourceDecoder = Codecs.UniversalDeserializer() res.servicesToExpose = common.ServicesToExpose{} return &res @@ -123,97 +113,78 @@ func (rf *resourceFinder) searchForManifests(repoDir string) ([]string, []FilePr return yamls, errors } -// splitByYamlDocuments takes a YAML file and returns a slice containing its documents as raw text -func (rf *resourceFinder) splitByYamlDocuments(mfp string) ([][]byte, []FileProcessingError) { - fileBuf, err := os.ReadFile(mfp) - if err != nil { - return nil, appendAndLogNewError(nil, failedReadingFile(mfp, err), rf.logger) - } - - decoder := yaml.NewDecoder(bytes.NewBuffer(fileBuf)) - documents := [][]byte{} - documentID := 0 - for { - var doc yaml.Node - if err := decoder.Decode(&doc); err != nil { - if err != io.EOF { - return documents, appendAndLogNewError(nil, malformedYamlDoc(mfp, 0, documentID, err), rf.logger) - } - break - } - if len(doc.Content) > 0 && doc.Content[0].Kind == yaml.MappingNode { - out, err := yaml.Marshal(doc.Content[0]) - if err != nil { - return documents, appendAndLogNewError(nil, malformedYamlDoc(mfp, doc.Line, documentID, err), rf.logger) - } - documents = append(documents, out) - } - documentID += 1 - } - return documents, nil -} - // parseK8sYaml takes a YAML file and attempts to parse each of its documents into // one of the relevant k8s resources func (rf *resourceFinder) parseK8sYaml(mfp, relMfp string) []FileProcessingError { - yamlDocs, fileProcessingErrors := rf.splitByYamlDocuments(mfp) - if stopProcessing(rf.stopOn1stErr, fileProcessingErrors) { - return fileProcessingErrors + infos, errs := fsscanner.GetResourceInfosFromDirPath([]string{mfp}, false, rf.stopOn1stErr) + fileProcessingErrors := []FileProcessingError{} + for _, err := range errs { + fileProcessingErrors = appendAndLogNewError(fileProcessingErrors, failedReadingFile(mfp, err), rf.logger) + if stopProcessing(rf.stopOn1stErr, fileProcessingErrors) { + return fileProcessingErrors + } } - for docID, doc := range yamlDocs { - _, groupVersionKind, err := rf.resourceDecoder.Decode(doc, nil, nil) + for _, info := range infos { + err := rf.parseInfo(info) if err != nil { - fileProcessingErrors = appendAndLogNewError(fileProcessingErrors, notK8sResource(relMfp, docID, err), rf.logger) - continue - } - if !acceptedK8sTypes.MatchString(groupVersionKind.Kind) { - rf.logger.Infof("in file: %s, document: %d, skipping object with type: %s", relMfp, docID, groupVersionKind.Kind) - } else { - kind := groupVersionKind.Kind - err = rf.parseResource(kind, doc, relMfp) - if err != nil { - fileProcessingErrors = appendAndLogNewError(fileProcessingErrors, failedScanningResource(kind, relMfp, err), rf.logger) - } + kind := info.Object.GetObjectKind().GroupVersionKind().Kind + fileProcessingErrors = appendAndLogNewError(fileProcessingErrors, failedScanningResource(kind, relMfp, err), rf.logger) } } + return fileProcessingErrors } -// parseResource takes a yaml document, parses it into a K8s resource and puts it into one of the 3 struct slices: +// parseInfo takes an Info object, parses it into a K8s resource and puts it into one of the 3 struct slices: // the workload resource slice, the Service resource slice and the ConfigMaps resource slice // It also updates the set of services to be exposed when parsing Ingress or OpenShift Routes -func (rf *resourceFinder) parseResource(kind string, yamlDoc []byte, manifestFilePath string) error { +func (rf *resourceFinder) parseInfo(info *resource.Info) error { + if info == nil || info.Object == nil { + return fmt.Errorf("a bad Info object - Object field is Nil") + } + + kind := info.Object.GetObjectKind().GroupVersionKind().Kind + if !acceptedK8sTypes.MatchString(kind) { + msg := fmt.Sprintf("skipping object with type: %s", kind) + resourcePath := info.Source + if resourcePath != "" { + msg = fmt.Sprintf("in file: %s, %s", resourcePath, msg) + } + rf.logger.Infof(msg) + return nil + } + switch kind { case service: - res, err := analyzer.ScanK8sServiceObject(yamlDoc) + res, err := analyzer.ScanK8sServiceInfo(info) if err != nil { return err } - res.Resource.FilePath = manifestFilePath + res.Resource.FilePath = info.Source rf.services = append(rf.services, res) case route: - err := analyzer.ScanOCRouteObject(yamlDoc, rf.servicesToExpose) + err := analyzer.ScanOCRouteObjectFromInfo(info, rf.servicesToExpose) if err != nil { return err } case ingress: - err := analyzer.ScanIngressObject(yamlDoc, rf.servicesToExpose) + err := analyzer.ScanIngressObjectFromInfo(info, rf.servicesToExpose) if err != nil { return err } case configmap: - res, err := analyzer.ScanK8sConfigmapObject(yamlDoc) + res, err := analyzer.ScanK8sConfigmapInfo(info) if err != nil { return err } rf.configmaps = append(rf.configmaps, res) default: - res, err := analyzer.ScanK8sWorkloadObject(kind, yamlDoc) + res, err := analyzer.ScanK8sWorkloadObjectFromInfo(info) if err != nil { return err } - res.Resource.FilePath = manifestFilePath + res.Resource.FilePath = info.Source rf.workloads = append(rf.workloads, res) } diff --git a/pkg/controller/resource_finder_test.go b/pkg/controller/resource_finder_test.go index defeda2..12121c2 100644 --- a/pkg/controller/resource_finder_test.go +++ b/pkg/controller/resource_finder_test.go @@ -21,12 +21,8 @@ func TestGetRelevantK8sResourcesBadYamlDocument(t *testing.T) { resFinder := newResourceFinder(NewDefaultLogger(), false, filepath.WalkDir) errs := resFinder.getRelevantK8sResources(dirPath) require.Len(t, errs, 1) - badDoc := &MalformedYamlDocError{} - require.True(t, errors.As(errs[0].Error(), &badDoc)) - - docID, err := errs[0].DocumentID() - require.Equal(t, 6, docID) - require.Nil(t, err) + badFile := &FailedReadingFileError{} + require.True(t, errors.As(errs[0].Error(), &badFile)) require.Len(t, resFinder.workloads, 3) require.Len(t, resFinder.services, 3) @@ -38,12 +34,8 @@ func TestGetRelevantK8sResourcesBadYamlDocumentFailFast(t *testing.T) { resFinder := newResourceFinder(NewDefaultLogger(), true, filepath.WalkDir) errs := resFinder.getRelevantK8sResources(dirPath) require.Len(t, errs, 1) - badDoc := &MalformedYamlDocError{} - require.True(t, errors.As(errs[0].Error(), &badDoc)) - - docID, err := errs[0].DocumentID() - require.Equal(t, 6, docID) - require.Nil(t, err) + badFile := &FailedReadingFileError{} + require.True(t, errors.As(errs[0].Error(), &badFile)) require.Empty(t, resFinder.workloads) require.Empty(t, resFinder.services) @@ -55,8 +47,8 @@ func TestGetRelevantK8sResourcesNoK8sResource(t *testing.T) { resFinder := newResourceFinder(NewDefaultLogger(), false, filepath.WalkDir) errs := resFinder.getRelevantK8sResources(dirPath) require.Len(t, errs, 1) - notK8sRes := &NotK8sResourceError{} - require.True(t, errors.As(errs[0].Error(), ¬K8sRes)) + fileErr := &FailedReadingFileError{} + require.True(t, errors.As(errs[0].Error(), &fileErr)) require.Empty(t, resFinder.workloads) require.Len(t, resFinder.services, 1) require.Empty(t, resFinder.configmaps) @@ -102,9 +94,7 @@ func TestGetRelevantK8sResourcesNonK8sResources(t *testing.T) { dirPath := filepath.Join(getTestsDir(), "bookinfo") resFinder := newResourceFinder(NewDefaultLogger(), false, filepath.WalkDir) errs := resFinder.getRelevantK8sResources(dirPath) - require.Len(t, errs, 2) // Has Istio resources ClusterIssuer and Certificate - badResource := &NotK8sResourceError{} - require.True(t, errors.As(errs[0].Error(), &badResource)) + require.Empty(t, errs) // Irrelevant resources such as Certificate are only reported to log - not returned as errors } func TestSearchForManifests(t *testing.T) {