Skip to content

Commit

Permalink
fix: cannot create vulnerability report because name is too long (aqu…
Browse files Browse the repository at this point in the history
…asecurity#773)

Resolves: aquasecurity#288

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
  • Loading branch information
danielpacak authored Oct 26, 2021
1 parent 0f2c686 commit 418c863
Show file tree
Hide file tree
Showing 14 changed files with 249 additions and 157 deletions.
19 changes: 10 additions & 9 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ env:
jobs:
unit-tests:
name: Run unit tests
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
steps:
- name: Setup Go
uses: actions/setup-go@v2
Expand All @@ -55,7 +55,7 @@ jobs:
needs:
- unit-tests
- verify-code
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
steps:
- name: Setup Go
uses: actions/setup-go@v2
Expand All @@ -72,14 +72,15 @@ jobs:
- name: Release snapshot
uses: goreleaser/goreleaser-action@v2
with:
version: v0.175.0
version: v0.183.0
args: release --snapshot --skip-publish --rm-dist
itest-starboard:
name: Run integration tests / Starboard CLI
needs:
- unit-tests
- verify-code
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
timeout-minutes: 15
steps:
- name: Setup Go
uses: actions/setup-go@v2
Expand Down Expand Up @@ -118,7 +119,8 @@ jobs:
needs:
- unit-tests
- verify-code
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
timeout-minutes: 15
steps:
- name: Setup Go
uses: actions/setup-go@v2
Expand Down Expand Up @@ -156,7 +158,6 @@ jobs:
env:
KUBECONFIG: /home/runner/.kube/config
OPERATOR_NAMESPACE: starboard-operator
OPERATOR_SERVICE_ACCOUNT: starboard-operator
OPERATOR_TARGET_NAMESPACES: default
- name: Upload code coverage
uses: codecov/codecov-action@v2
Expand All @@ -167,7 +168,8 @@ jobs:
needs:
- unit-tests
- verify-code
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
timeout-minutes: 15
steps:
- name: Setup Go
uses: actions/setup-go@v2
Expand Down Expand Up @@ -205,15 +207,14 @@ jobs:
env:
KUBECONFIG: /home/runner/.kube/config
OPERATOR_NAMESPACE: starboard-operator
OPERATOR_SERVICE_ACCOUNT: starboard-operator
OPERATOR_TARGET_NAMESPACES: default
- name: Upload code coverage
uses: codecov/codecov-action@v2
with:
files: ./itest/starboard-operator/configauditreport/conftest/coverage.txt
verify-code:
name: Verify code
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
steps:
- name: Setup Go
uses: actions/setup-go@v2
Expand Down
15 changes: 9 additions & 6 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ env:
jobs:
unit-tests:
name: Run unit tests
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
steps:
- name: Setup Go
uses: actions/setup-go@v2
Expand All @@ -32,7 +32,8 @@ jobs:
name: Run integration tests / Starboard CLI
needs:
- unit-tests
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
timeout-minutes: 15
steps:
- name: Setup Go
uses: actions/setup-go@v2
Expand Down Expand Up @@ -66,7 +67,8 @@ jobs:
name: Run integration tests / Starboard Operator
needs:
- unit-tests
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
timeout-minutes: 15
steps:
- name: Setup Go
uses: actions/setup-go@v2
Expand Down Expand Up @@ -110,7 +112,8 @@ jobs:
name: Integration / Operator / Conftest
needs:
- unit-tests
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
timeout-minutes: 15
steps:
- name: Setup Go
uses: actions/setup-go@v2
Expand Down Expand Up @@ -156,7 +159,7 @@ jobs:
- itest-starboard
- itest-starboard-operator
- integration-operator-conftest
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
steps:
- name: Setup Go
uses: actions/setup-go@v2
Expand Down Expand Up @@ -186,7 +189,7 @@ jobs:
- name: Release
uses: goreleaser/goreleaser-action@v2
with:
version: v0.175.0
version: v0.183.0
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
15 changes: 13 additions & 2 deletions itest/helper/helper.go
Original file line number Diff line number Diff line change
Expand Up @@ -224,9 +224,9 @@ type Helper struct {
kubeBenchReportReader kubebench.Reader
}

func NewHelper(scheme *runtime.Scheme, client client.Client) *Helper {
func NewHelper(client client.Client) *Helper {
return &Helper{
scheme: scheme,
scheme: client.Scheme(),
kubeClient: client,
kubeBenchReportReader: kubebench.NewReadWriter(client),
}
Expand Down Expand Up @@ -361,3 +361,14 @@ func (h *Helper) UpdateDeploymentImage(namespace, name string) error {
return err == nil, err
})
}

func (h *Helper) DeploymentIsReady(deploy client.ObjectKey) func() (bool, error) {
return func() (bool, error) {
var d appsv1.Deployment
err := h.kubeClient.Get(context.TODO(), client.ObjectKey{Namespace: deploy.Namespace, Name: deploy.Name}, &d)
if err != nil {
return false, err
}
return d.Status.ReadyReplicas == *d.Spec.Replicas, nil
}
}
42 changes: 35 additions & 7 deletions itest/matcher/matcher.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,11 @@ import (
"fmt"

"github.com/aquasecurity/starboard/pkg/apis/aquasecurity/v1alpha1"
"github.com/aquasecurity/starboard/pkg/kube"
"github.com/aquasecurity/starboard/pkg/starboard"
"github.com/onsi/gomega/types"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/utils/pointer"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
Expand Down Expand Up @@ -40,12 +42,14 @@ var (
// of the actual v1alpha1.VulnerabilityReport.
func IsVulnerabilityReportForContainerOwnedBy(containerName string, owner client.Object) types.GomegaMatcher {
return &vulnerabilityReportMatcher{
scheme: starboard.NewScheme(),
containerName: containerName,
owner: owner,
}
}

type vulnerabilityReportMatcher struct {
scheme *runtime.Scheme
owner client.Object
containerName string
failureMessage string
Expand All @@ -57,19 +61,20 @@ func (m *vulnerabilityReportMatcher) Match(actual interface{}) (bool, error) {
if !ok {
return false, fmt.Errorf("%T expects a %T", vulnerabilityReportMatcher{}, v1alpha1.VulnerabilityReport{})
}
gvk, err := apiutil.GVKForObject(m.owner, starboard.NewScheme())
gvk, err := apiutil.GVKForObject(m.owner, m.scheme)
if err != nil {
return false, err
}

keys, err := m.objectToLabelsAsMatchKeys(m.owner)
if err != nil {
return false, err
}
keys[starboard.LabelContainerName] = Equal(m.containerName)

matcher := MatchFields(IgnoreExtras, Fields{
"ObjectMeta": MatchFields(IgnoreExtras, Fields{
"Labels": MatchKeys(IgnoreExtras, Keys{
starboard.LabelContainerName: Equal(m.containerName),
starboard.LabelResourceKind: Equal(gvk.Kind),
starboard.LabelResourceName: Equal(m.owner.GetName()),
starboard.LabelResourceNamespace: Equal(m.owner.GetNamespace()),
}),
"Labels": MatchKeys(IgnoreExtras, keys),
"OwnerReferences": ConsistOf(metav1.OwnerReference{
APIVersion: gvk.GroupVersion().Identifier(),
Kind: gvk.Kind,
Expand All @@ -94,6 +99,29 @@ func (m *vulnerabilityReportMatcher) Match(actual interface{}) (bool, error) {
return success, nil
}

func (m *vulnerabilityReportMatcher) objectToLabelsAsMatchKeys(obj client.Object) (map[interface{}]types.GomegaMatcher, error) {
kind := obj.GetObjectKind().GroupVersionKind().Kind
if kind == "" {
gvk, err := apiutil.GVKForObject(m.owner, m.scheme)
if err != nil {
return nil, err
}
kind = gvk.Kind
}

labels := kube.PartialObjectToLabels(kube.Object{
Kind: kube.Kind(kind),
Name: obj.GetName(),
Namespace: obj.GetNamespace(),
})

keys := make(map[interface{}]types.GomegaMatcher)
for k, v := range labels {
keys[k] = Equal(v)
}
return keys, nil
}

func (m *vulnerabilityReportMatcher) FailureMessage(_ interface{}) string {
// TODO Add more descriptive message rather than rely on composed matchers' defaults
return m.failureMessage
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ var _ = BeforeSuite(func() {
ConfigAuditReportsPlugin: conftest.Plugin,

Client: kubeClient,
Helper: helper.NewHelper(scheme, kubeClient),
Helper: helper.NewHelper(kubeClient),
}

// We can disable vulnerability scanner and CIS benchmarks
Expand Down
2 changes: 1 addition & 1 deletion itest/starboard-operator/suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ var _ = BeforeSuite(func() {
PrimaryWorkloadPrefix: "wordpress",

Client: kubeClient,
Helper: helper.NewHelper(scheme, kubeClient),
Helper: helper.NewHelper(kubeClient),
}

startCtx, stopFunc = context.WithCancel(context.Background())
Expand Down
Loading

0 comments on commit 418c863

Please sign in to comment.