move networking checks over to json schema

FairwindsOps · Dec 23, 2019 · 3fa627a · 3fa627a
1 parent 30b49c4
commit 3fa627a
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 24 deletions.
diff --git a/checks/hostPortSet.yaml b/checks/hostPortSet.yaml
@@ -0,0 +1,24 @@
+name: HostPortSet
+id: hostPortSet
+successMessage: Host port is not configured
+failureMessage: Host port should not be configured
+category: Networking
+controllers:
+  exclude:
+  - Job
+  - CronJob
+containers:
+  exclude:
+  - initContainer
+target: Container
+schema:
+  '$schema': http://json-schema.org/draft-07/schema
+  type: object
+  required:
+  properties:
+    ports:
+      type: array
+      items:
+        properties:
+          hostPort:
+            const: 0
diff --git a/pkg/validator/container.go b/pkg/validator/container.go
@@ -64,7 +64,6 @@ func ValidateContainer(container *corev1.Container, parentPodResult *PodResult,
 		panic(err)
 	}
 
-	cv.validateNetworking(conf, controllerName)
 	cv.validateSecurity(conf, controllerName)
 
 	cRes := ContainerResult{
@@ -155,28 +154,6 @@ func (cv *ContainerValidation) validateResourceRange(id, resourceName string, ra
 	}
 }
 
-func (cv *ContainerValidation) validateNetworking(conf *config.Configuration, controllerName string) {
-	category := messages.CategoryNetworking
-
-	name := "HostPortSet"
-	if conf.IsActionable(conf.Networking, name, controllerName) {
-		hostPortSet := false
-		for _, port := range cv.Container.Ports {
-			if port.HostPort != 0 {
-				hostPortSet = true
-				break
-			}
-		}
-
-		id := config.GetIDFromField(conf.Networking, name)
-		if hostPortSet {
-			cv.addFailure(messages.HostPortFailure, conf.Networking.HostPortSet, category, id)
-		} else {
-			cv.addSuccess(messages.HostPortSuccess, category, id)
-		}
-	}
-}
-
 func (cv *ContainerValidation) validateSecurity(conf *config.Configuration, controllerName string) {
 	category := messages.CategorySecurity
 	securityContext := cv.Container.SecurityContext

diff --git a/pkg/validator/container_test.go b/pkg/validator/container_test.go
@@ -650,7 +650,10 @@ func TestValidateNetworking(t *testing.T) {
 	for _, tt := range testCases {
 		t.Run(tt.name, func(t *testing.T) {
 			tt.cv = resetCV(tt.cv)
-			tt.cv.validateNetworking(&conf.Configuration{Networking: tt.networkConf}, "")
+			err := applyContainerSchemaChecks(&conf.Configuration{Networking: tt.networkConf}, tt.cv.Container, "", conf.Deployments, tt.cv.IsInitContainer, &tt.cv)
+			if err != nil {
+				panic(err)
+			}
 			assert.Len(t, tt.cv.messages(), len(tt.expectedMessages))
 			assert.ElementsMatch(t, tt.cv.messages(), tt.expectedMessages)
 		})

diff --git a/pkg/validator/schema.go b/pkg/validator/schema.go
@@ -57,6 +57,7 @@ var (
 		"livenessProbe",
 		"pullPolicyNotAlways",
 		"tagNotSpecified",
+		"hostPortSet",
 	}
 )