refactor: move plugin constants from generic starboard config (aquase…

…curity#962) Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
jiachu · Feb 16, 2022 · 42b2152 · 42b2152
1 parent f1a9360
commit 42b2152
Show file tree

Hide file tree

Showing 9 changed files with 57 additions and 79 deletions.
diff --git a/itest/matcher/matcher.go b/itest/matcher/matcher.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/aquasecurity/starboard/pkg/apis/aquasecurity/v1alpha1"
 	"github.com/aquasecurity/starboard/pkg/kube"
+	"github.com/aquasecurity/starboard/pkg/plugin"
 	"github.com/aquasecurity/starboard/pkg/starboard"
 	"github.com/onsi/gomega/types"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -161,7 +162,7 @@ func (m *configAuditReportMatcher) Match(actual interface{}) (bool, error) {
 	}
 
 	scanner := polarisScanner
-	if m.scanner == starboard.Conftest {
+	if m.scanner == plugin.Conftest {
 		scanner = conftestScanner
 	}
 

diff --git a/itest/matcher/matcher_test.go b/itest/matcher/matcher_test.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/aquasecurity/starboard/itest/matcher"
 	"github.com/aquasecurity/starboard/pkg/apis/aquasecurity/v1alpha1"
+	"github.com/aquasecurity/starboard/pkg/plugin"
 	"github.com/aquasecurity/starboard/pkg/starboard"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -71,7 +72,7 @@ func TestConfigAuditReportMatcher(t *testing.T) {
 
 	t.Run("Should return error when actual is not ConfigAuditReport", func(t *testing.T) {
 		g := NewGomegaWithT(t)
-		instance := matcher.IsConfigAuditReportOwnedBy(&appsv1.ReplicaSet{}, starboard.Polaris)
+		instance := matcher.IsConfigAuditReportOwnedBy(&appsv1.ReplicaSet{}, plugin.Polaris)
 		_, err := instance.Match("I AM INVALID ACTUAL")
 		g.Expect(err).To(MatchError("matcher.configAuditReportMatcher expects a v1alpha1.ConfigAuditReport"))
 	})
@@ -84,7 +85,7 @@ func TestConfigAuditReportMatcher(t *testing.T) {
 				Namespace: "default",
 				UID:       "494b2727-5d52-4057-9a9b-8b508c753fea",
 			},
-		}, starboard.Polaris)
+		}, plugin.Polaris)
 		success, err := instance.Match(v1alpha1.ConfigAuditReport{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      "replicaset-nginx-6d4cf56db6",

diff --git a/itest/starboard/starboard_cli_test.go b/itest/starboard/starboard_cli_test.go
@@ -15,6 +15,7 @@ import (
 	"github.com/aquasecurity/starboard/pkg/apis/aquasecurity/v1alpha1"
 	"github.com/aquasecurity/starboard/pkg/cmd"
 	"github.com/aquasecurity/starboard/pkg/kube"
+	"github.com/aquasecurity/starboard/pkg/plugin"
 	"github.com/aquasecurity/starboard/pkg/starboard"
 	"github.com/aquasecurity/starboard/pkg/vulnerabilityreport"
 	appsv1 "k8s.io/api/apps/v1"
@@ -1097,11 +1098,11 @@ var _ = Describe("Starboard CLI", func() {
 			})
 
 			Context("with Polaris as scanner", func() {
-				assertConfigAuditReportCreated(starboard.Polaris, kube.KindPod)
+				assertConfigAuditReportCreated(plugin.Polaris, kube.KindPod)
 			})
 
 			Context("with Conftest as scanner", func() {
-				assertConfigAuditReportCreated(starboard.Conftest, kube.KindPod)
+				assertConfigAuditReportCreated(plugin.Conftest, kube.KindPod)
 			})
 
 			AfterEach(func() {
@@ -1127,11 +1128,11 @@ var _ = Describe("Starboard CLI", func() {
 			})
 
 			Context("with Polaris as scanner", func() {
-				assertConfigAuditReportCreated(starboard.Polaris, kube.KindPod)
+				assertConfigAuditReportCreated(plugin.Polaris, kube.KindPod)
 			})
 
 			Context("with Conftest as scanner", func() {
-				assertConfigAuditReportCreated(starboard.Conftest, kube.KindPod)
+				assertConfigAuditReportCreated(plugin.Conftest, kube.KindPod)
 			})
 
 			AfterEach(func() {
@@ -1180,11 +1181,11 @@ var _ = Describe("Starboard CLI", func() {
 			})
 
 			Context("with Polaris as scanner", func() {
-				assertConfigAuditReportCreated(starboard.Polaris, kube.KindCronJob)
+				assertConfigAuditReportCreated(plugin.Polaris, kube.KindCronJob)
 			})
 
 			Context("with Conftest as scanner", func() {
-				assertConfigAuditReportCreated(starboard.Conftest, kube.KindCronJob)
+				assertConfigAuditReportCreated(plugin.Conftest, kube.KindCronJob)
 			})
 
 			AfterEach(func() {

diff --git a/pkg/plugin/conftest/plugin_test.go b/pkg/plugin/conftest/plugin_test.go
@@ -257,7 +257,7 @@ func TestPlugin_Init(t *testing.T) {
 		instance := conftest.NewPlugin(ext.NewSimpleIDGenerator(), fixedClock)
 
 		pluginContext := starboard.NewPluginContext().
-			WithName(string(starboard.Conftest)).
+			WithName(conftest.Plugin).
 			WithNamespace("starboard-ns").
 			WithServiceAccountName("starboard-sa").
 			WithClient(client).
@@ -347,7 +347,7 @@ func TestPlugin_GetScanJobSpec(t *testing.T) {
 	g := NewGomegaWithT(t)
 	sequence := ext.NewSimpleIDGenerator()
 	pluginContext := starboard.NewPluginContext().
-		WithName(string(starboard.Conftest)).
+		WithName(conftest.Plugin).
 		WithNamespace("starboard-ns").
 		WithServiceAccountName("starboard-sa").
 		WithClient(fake.NewClientBuilder().WithObjects(&corev1.ConfigMap{
@@ -598,7 +598,7 @@ func TestPlugin_ParseConfigAuditReportData(t *testing.T) {
 ]`))
 
 	pluginContext := starboard.NewPluginContext().
-		WithName(string(starboard.Conftest)).
+		WithName(conftest.Plugin).
 		WithNamespace("starboard-ns").
 		WithServiceAccountName("starboard-sa").
 		WithClient(fake.NewClientBuilder().WithObjects(&corev1.ConfigMap{

diff --git a/pkg/plugin/factory.go b/pkg/plugin/factory.go
@@ -14,6 +14,13 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
+const (
+	Trivy    starboard.Scanner = "Trivy"
+	Aqua     starboard.Scanner = "Aqua"
+	Polaris  starboard.Scanner = "Polaris"
+	Conftest starboard.Scanner = "Conftest"
+)
+
 type Resolver struct {
 	buildInfo          starboard.BuildInfo
 	config             starboard.ConfigData
@@ -71,9 +78,9 @@ func (r *Resolver) GetVulnerabilityPlugin() (vulnerabilityreport.Plugin, starboa
 		Get()
 
 	switch scanner {
-	case starboard.Trivy:
+	case Trivy:
 		return trivy.NewPlugin(ext.NewSystemClock(), ext.NewGoogleUUIDGenerator(), r.client), pluginContext, nil
-	case starboard.Aqua:
+	case Aqua:
 		return aqua.NewPlugin(ext.NewGoogleUUIDGenerator(), r.buildInfo), pluginContext, nil
 	}
 	return nil, nil, fmt.Errorf("unsupported vulnerability scanner plugin: %s", scanner)
@@ -98,9 +105,9 @@ func (r *Resolver) GetConfigAuditPlugin() (configauditreport.Plugin, starboard.P
 		Get()
 
 	switch scanner {
-	case starboard.Polaris:
+	case Polaris:
 		return polaris.NewPlugin(ext.NewSystemClock()), pluginContext, nil
-	case starboard.Conftest:
+	case Conftest:
 		return conftest.NewPlugin(ext.NewGoogleUUIDGenerator(), ext.NewSystemClock()), pluginContext, nil
 	}
 	return nil, nil, fmt.Errorf("unsupported configuration audit scanner plugin: %s", scanner)

diff --git a/pkg/plugin/polaris/plugin.go b/pkg/plugin/polaris/plugin.go
@@ -18,6 +18,11 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
+const (
+	// Plugin the name of this plugin.
+	Plugin = "Polaris"
+)
+
 const (
 	polarisContainerName = "polaris"
 	configVolume         = "config"

diff --git a/pkg/plugin/polaris/plugin_test.go b/pkg/plugin/polaris/plugin_test.go
@@ -110,7 +110,7 @@ func TestPlugin_IsApplicable(t *testing.T) {
 		client := fake.NewClientBuilder().Build()
 
 		pluginContext := starboard.NewPluginContext().
-			WithName(string(starboard.Polaris)).
+			WithName(polaris.Plugin).
 			WithNamespace("starboard-ns").
 			WithServiceAccountName("starboard-sa").
 			WithClient(client).
@@ -131,7 +131,7 @@ func TestPlugin_Init(t *testing.T) {
 		client := fake.NewClientBuilder().Build()
 
 		pluginContext := starboard.NewPluginContext().
-			WithName(string(starboard.Polaris)).
+			WithName(polaris.Plugin).
 			WithNamespace("starboard-ns").
 			WithServiceAccountName("starboard-sa").
 			WithClient(client).
@@ -188,7 +188,7 @@ func TestPlugin_Init(t *testing.T) {
 		}).Build()
 
 		pluginContext := starboard.NewPluginContext().
-			WithName(string(starboard.Polaris)).
+			WithName(polaris.Plugin).
 			WithNamespace("starboard-ns").
 			WithServiceAccountName("starboard-sa").
 			WithClient(client).
@@ -263,7 +263,7 @@ func TestPlugin_GetScanJobSpec(t *testing.T) {
 						VolumeSource: corev1.VolumeSource{
 							ConfigMap: &corev1.ConfigMapVolumeSource{
 								LocalObjectReference: corev1.LocalObjectReference{
-									Name: starboard.GetPluginConfigMapName(string(starboard.Polaris)),
+									Name: starboard.GetPluginConfigMapName(polaris.Plugin),
 								},
 							},
 						},
@@ -316,7 +316,7 @@ func TestPlugin_GetScanJobSpec(t *testing.T) {
 			g := NewGomegaWithT(t)
 
 			pluginContext := starboard.NewPluginContext().
-				WithName(string(starboard.Polaris)).
+				WithName(polaris.Plugin).
 				WithNamespace("starboard-ns").
 				WithServiceAccountName("starboard-sa").
 				WithClient(fake.NewClientBuilder().WithObjects(&corev1.ConfigMap{
@@ -353,7 +353,7 @@ func TestPlugin_ParseConfigAuditReportData(t *testing.T) {
 	}()
 
 	pluginContext := starboard.NewPluginContext().
-		WithName(string(starboard.Polaris)).
+		WithName(polaris.Plugin).
 		WithNamespace("starboard-ns").
 		WithServiceAccountName("starboard-sa").
 		WithClient(fake.NewClientBuilder().WithObjects(&corev1.ConfigMap{
@@ -422,7 +422,7 @@ func TestPlugin_ConfigHash(t *testing.T) {
 
 	newPluginContextWithConfigData := func(data map[string]string) starboard.PluginContext {
 		return starboard.NewPluginContext().
-			WithName(string(starboard.Polaris)).
+			WithName(polaris.Plugin).
 			WithNamespace("starboard-ns").
 			WithClient(fake.NewClientBuilder().
 				WithObjects(&corev1.ConfigMap{

diff --git a/pkg/starboard/config.go b/pkg/starboard/config.go
@@ -35,8 +35,8 @@ func NewScheme() *runtime.Scheme {
 	return scheme
 }
 
-// BuildInfo holds build info such as Git revision, Git SHA-1,
-// build datetime, and the name of the executable binary.
+// BuildInfo holds build info such as Git revision, Git SHA-1, build datetime,
+// and the name of the executable binary.
 type BuildInfo struct {
 	Version    string
 	Commit     string
@@ -47,13 +47,6 @@ type BuildInfo struct {
 // Scanner represents unique, human-readable identifier of a security scanner.
 type Scanner string
 
-const (
-	Trivy    Scanner = "Trivy"
-	Aqua     Scanner = "Aqua"
-	Polaris  Scanner = "Polaris"
-	Conftest Scanner = "Conftest"
-)
-
 const (
 	keyVulnerabilityReportsScanner = "vulnerabilityReports.scanner"
 	keyConfigAuditReportsScanner   = "configAuditReports.scanner"
@@ -65,8 +58,8 @@ const (
 	keyScanJobPodTemplateLabels    = "scanJob.podTemplateLabels"
 )
 
-// ConfigData holds Starboard configuration settings as a set
-// of key-value pairs.
+// ConfigData holds Starboard configuration settings as a set of key-value
+// pairs.
 type ConfigData map[string]string
 
 // ConfigManager defines methods for managing ConfigData.
@@ -79,8 +72,8 @@ type ConfigManager interface {
 // GetDefaultConfig returns the default configuration settings.
 func GetDefaultConfig() ConfigData {
 	return map[string]string{
-		keyVulnerabilityReportsScanner: string(Trivy),
-		keyConfigAuditReportsScanner:   string(Polaris),
+		keyVulnerabilityReportsScanner: "Trivy",
+		keyConfigAuditReportsScanner:   "Polaris",
 
 		"kube-bench.imageRef":  "docker.io/aquasec/kube-bench:v0.6.5",
 		"kube-hunter.imageRef": "docker.io/aquasec/kube-hunter:0.6.3",
@@ -94,16 +87,7 @@ func (c ConfigData) GetVulnerabilityReportsScanner() (Scanner, error) {
 	if value, ok = c[keyVulnerabilityReportsScanner]; !ok {
 		return "", fmt.Errorf("property %s not set", keyVulnerabilityReportsScanner)
 	}
-
-	switch Scanner(value) {
-	case Trivy:
-		return Trivy, nil
-	case Aqua:
-		return Aqua, nil
-	}
-
-	return "", fmt.Errorf("invalid value (%s) of %s; allowed values (%s, %s)",
-		value, keyVulnerabilityReportsScanner, Trivy, Aqua)
+	return Scanner(value), nil
 }
 
 func (c ConfigData) GetConfigAuditReportsScanner() (Scanner, error) {
@@ -112,15 +96,7 @@ func (c ConfigData) GetConfigAuditReportsScanner() (Scanner, error) {
 	if value, ok = c[keyConfigAuditReportsScanner]; !ok {
 		return "", fmt.Errorf("property %s not set", keyConfigAuditReportsScanner)
 	}
-
-	switch Scanner(value) {
-	case Polaris:
-		return Polaris, nil
-	case Conftest:
-		return Conftest, nil
-	}
-	return "", fmt.Errorf("invalid value (%s) of %s; allowed values (%s, %s)",
-		value, keyConfigAuditReportsScanner, Polaris, Conftest)
+	return Scanner(value), nil
 }
 
 func (c ConfigData) GetScanJobTolerations() ([]corev1.Toleration, error) {
@@ -199,7 +175,8 @@ func (c ConfigData) GetRequiredData(key string) (string, error) {
 	return value, nil
 }
 
-// GetVersionFromImageRef returns the image identifier for the specified image reference.
+// GetVersionFromImageRef returns the image identifier for the specified image
+// reference.
 func GetVersionFromImageRef(imageRef string) (string, error) {
 	ref, err := name.ParseReference(imageRef)
 	if err != nil {
@@ -298,7 +275,7 @@ func (c *configManager) Delete(ctx context.Context) error {
 	if err != nil && !apierrors.IsNotFound(err) {
 		return err
 	}
-	err = c.client.CoreV1().ConfigMaps(c.namespace).Delete(ctx, GetPluginConfigMapName(string(Polaris)), metav1.DeleteOptions{})
+	err = c.client.CoreV1().ConfigMaps(c.namespace).Delete(ctx, GetPluginConfigMapName("Polaris"), metav1.DeleteOptions{})
 	if err != nil && !apierrors.IsNotFound(err) {
 		return err
 	}