Start supporting kubeconform instead of kubeval

Dockerfile

@@ -3,14 +3,18 @@ FROM alpine:3.14 as deps
 RUN apk --no-cache add curl
 RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.25.3
 
-RUN wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz
+RUN wget https://github.com/instrumenta/kubeval/releases/download/v0.16.1/kubeval-linux-amd64.tar.gz
 RUN tar xf kubeval-linux-amd64.tar.gz
 RUN cp kubeval /usr/local/bin
 
+RUN wget https://github.com//yannh/kubeconform/releases/download/v0.4.14/kubeconform-linux-amd64.tar.gz
+RUN tar xf kubeconform-linux-amd64.tar.gz
+RUN cp kubeconform /usr/local/bin
+
 RUN wget https://github.com/FairwindsOps/polaris/releases/download/5.0.0/polaris_linux_amd64.tar.gz
 RUN tar xf polaris_linux_amd64.tar.gz
 RUN cp polaris /usr/local/bin
- 
+
 RUN curl -L https://github.com/armosec/kubescape/releases/download/v2.0.158/kubescape-ubuntu-latest -o kubescape
 RUN cp kubescape /usr/local/bin/kubescape
 
@@ -19,7 +23,13 @@ FROM golang:1.17
 ARG FUNCTION_DIR="/var/task"
 RUN mkdir -p ${FUNCTION_DIR}
 
-COPY /bin/lambda ${FUNCTION_DIR}
+RUN mkdir -p /app
+WORKDIR /app
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+COPY ./backend ./backend
+RUN GOARCH=amd64 GOOS=linux go build -ldflags="-s -w" -o /var/task/lambda ./backend/endpoints/aws/lambda.go
 
 
 COPY --from=deps /usr/local/bin/trivy /usr/local/bin/trivy
@@ -30,6 +40,8 @@ COPY --from=deps /usr/local/bin/polaris /usr/local/bin/polaris
 RUN chmod +x /usr/local/bin/polaris
 COPY --from=deps /usr/local/bin/kubescape /usr/local/bin/kubescape
 RUN chmod +x /usr/local/bin/kubescape
+COPY --from=deps /usr/local/bin/kubeconform /usr/local/bin/kubeconform
+RUN chmod +x /usr/local/bin/kubeconform
 
 
 # Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile)

Makefile

@@ -8,7 +8,7 @@ test:
 
 build:
 	rm -f bin/*
-	env GOOS=linux go build -ldflags="-s -w" -o bin/lambda backend/endpoints/aws/lambda.go
+	env GOARCH=amd64 GOOS=linux go build -ldflags="-s -w" -o bin/lambda backend/endpoints/aws/lambda.go
 
 build-image-local: build
 	docker build . -t validkube
@@ -23,7 +23,7 @@ start-local-backend:
 start-local-frontend:
 	cd frontend && yarn start
 
-deploy-backend: clean build
+deploy-backend:
 	sls deploy --verbose
 
 deploy-frontend:

README.md

@@ -37,7 +37,7 @@ Validkube is an open-source project, so please feel free to add more tools or ca
 - Serverless CLI
 - Golang v1.17
 - Netlify-cli
-- CLI tools for kubeval, kubescape, trivy and polaris
+- CLI tools for kubeval, kubescape, trivy and polaris, kubeconform
 
 ## Deploy
 

backend/api/kubeconform/kubeconform.go

@@ -0,0 +1,64 @@
+package kubeconform
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os/exec"
+
+	"github.com/gin-gonic/gin"
+	"github.com/komodorio/validkube/backend/api/utils"
+	"github.com/komodorio/validkube/backend/internal/routing"
+	"sigs.k8s.io/yaml"
+)
+
+const Path = "/kubeconform"
+const Method = routing.POST
+
+func kubeconformWrapper(inputYaml []byte) ([]byte, error) {
+	if err := utils.CreateDirectory("/tmp/yaml"); err != nil {
+		return nil, err
+	}
+
+	if err := utils.WriteFile("/tmp/yaml/target_yaml.yaml", inputYaml); err != nil {
+		return nil, err
+	}
+	cmd := exec.Command("kubeconform", "-output", "json", "/tmp/yaml/target_yaml.yaml")
+	stderr, err := cmd.StderrPipe()
+	if err != nil {
+		fmt.Println(stderr)
+		return nil, fmt.Errorf("error in StderrPipe(), err: %s", err.Error())
+	}
+	outputFromKubeconformAsJson, err := cmd.Output()
+	if err != nil {
+		return nil, err
+	}
+
+	outputFromKubeconformAsYaml, err := yaml.JSONToYAML(outputFromKubeconformAsJson)
+	if err != nil {
+		return nil, err
+	}
+	return outputFromKubeconformAsYaml, nil
+}
+
+func ProcessRequest(c *gin.Context) {
+	body, err := ioutil.ReadAll(c.Request.Body)
+	if err != nil {
+		fmt.Printf("error has with reading request body: %v", err)
+		c.JSON(http.StatusOK, gin.H{"data": "", "err": err.Error()})
+		return
+	}
+	bodyAsMap, err := utils.JsonToMap(body)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{"data": "", "err": err.Error()})
+		return
+	}
+	yamlAsInterface := bodyAsMap["yaml"]
+	KubeconformOutput, err := kubeconformWrapper(utils.InterfaceToBytes(yamlAsInterface))
+	if err != nil {
+		fmt.Printf("got error while parsing result from kubeconform: %s \n", err.Error())
+		c.JSON(http.StatusOK, gin.H{"data": "", "err": err.Error()})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{"data": string(KubeconformOutput), "err": nil})
+}

backend/api/kubeval/kubeval.go

@@ -16,19 +16,24 @@ const Path = "/kubeval"
 const Method = routing.POST
 
 func kubevalWrapper(inputYaml []byte) ([]byte, error) {
-	err := utils.CreateDirectory("/tmp/yaml")
-	if err != nil {
+	if err := utils.CreateDirectory("/tmp/yaml"); err != nil {
+		fmt.Printf("got error 1: %s \n", err.Error())
 		return nil, err
 	}
 
-	err = utils.WriteFile("/tmp/yaml/target_yaml.yaml", inputYaml)
+	if err := utils.WriteFile("/tmp/yaml/target_yaml.yaml", inputYaml); err != nil {
+		fmt.Printf("got error 2: %s \n", err.Error())
+		return nil, err
+	}
+	outputFromKubevalAsJson, err := exec.Command("kubeval", "-o", "json", "/tmp/yaml/target_yaml.yaml").Output()
 	if err != nil {
+		fmt.Printf("got error 3: %s \n", err.Error())
 		return nil, err
 	}
-	outputFromKubevalAsJson, _ := exec.Command("kubeval", "-o", "json", "/tmp/yaml/target_yaml.yaml").Output()
 
 	outputFromKubevalAsYaml, err := yaml.JSONToYAML(outputFromKubevalAsJson)
 	if err != nil {
+		fmt.Printf("got error 4: %s \n", err.Error())
 		return nil, err
 	}
 	return outputFromKubevalAsYaml, nil
@@ -37,18 +42,21 @@ func kubevalWrapper(inputYaml []byte) ([]byte, error) {
 func ProcessRequest(c *gin.Context) {
 	body, err := ioutil.ReadAll(c.Request.Body)
 	if err != nil {
+		fmt.Printf("got error 5: %s \n", err.Error())
 		fmt.Printf("Erorr has with reading request body: %v", err)
 		c.JSON(http.StatusOK, gin.H{"data": "", "err": err.Error()})
 		return
 	}
 	bodyAsMap, err := utils.JsonToMap(body)
 	if err != nil {
+		fmt.Printf("got error 6: %s \n", err.Error())
 		c.JSON(http.StatusOK, gin.H{"data": "", "err": err.Error()})
 		return
 	}
 	yamlAsInterface := bodyAsMap["yaml"]
 	kubevalOutput, err := kubevalWrapper(utils.InterfaceToBytes(yamlAsInterface))
 	if err != nil {
+		fmt.Printf("got error 7: %s \n", err.Error())
 		c.JSON(http.StatusOK, gin.H{"data": "", "err": err.Error()})
 		return
 	}

backend/api/polaris/polaris.go

@@ -17,6 +17,7 @@ const Method = routing.POST
 
 func polarisWrapper(inputYaml []byte) ([]byte, error) {
 	err := utils.CreateDirectory("/tmp/yaml")
+
 	if err != nil {
 		return nil, err
 	}

backend/api/utils/files.go

@@ -16,9 +16,5 @@ func WriteFile(path string, data []byte) error {
 }
 
 func CreateDirectory(path string) error {
-	_, err := RunCommand("mkdir", "-p", path)
-	if err != nil {
-		return err
-	}
-	return nil
+	return os.MkdirAll(path, os.ModePerm)
 }

backend/endpoints/endpoints.go

@@ -3,6 +3,7 @@ package endpoints
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/komodorio/validkube/backend/api/hello"
+	"github.com/komodorio/validkube/backend/api/kubeconform"
 	"github.com/komodorio/validkube/backend/api/kubeneat"
 	"github.com/komodorio/validkube/backend/api/kubescape"
 	"github.com/komodorio/validkube/backend/api/kubeval"
@@ -57,4 +58,9 @@ var Endpoints = []Endpoint{
 		Method:   kubescape.Method,
 		Function: kubescape.ProcessRequest,
 	},
+	{
+		Path:     kubeconform.Path,
+		Method:   kubeconform.Method,
+		Function: kubeconform.ProcessRequest,
+	},
 }

frontend/src/components/MainView/YamlBox/NewYaml.tsx

@@ -20,7 +20,7 @@ import CodeMirror from "@uiw/react-codemirror";
 import { komodo } from "./CodemirrorKomodorTheme";
 import { EditorView } from "@codemirror/view";
 export const API_ENDPOINTS = [
-  "kubeval",
+  "kubeconform",
   "kubeneat",
   "trivy/config",
   "polaris",

frontend/src/components/MainView/index.tsx

@@ -9,7 +9,7 @@ import {
 import MyYaml from "./YamlBox/ExistingYaml";
 import NewYaml from "./YamlBox/NewYaml";
 
-const TextaresContainer = styled.div`
+const TextAreaContainer = styled.div`
   display: grid;
   grid-column-gap: 4rem;
   grid-row-gap: 3rem;
@@ -61,7 +61,7 @@ const MainView: React.FC = () => {
       <MainViewHeader />
       <MainViewBodyContainer>
         <BrOnlyOnPc />
-        <TextaresContainer>
+        <TextAreaContainer>
           <MyYaml
             callApiCallback={callApiCallback}
             setExistingYamlTextArea={setExistingYamlTextArea}
@@ -75,7 +75,7 @@ const MainView: React.FC = () => {
             curTab={curTab}
             setCurTab={setCurTab}
           />
-        </TextaresContainer>
+        </TextAreaContainer>
         <BrOnlyOnPc />
       </MainViewBodyContainer>
       <AboutThisProjectHeader />

serverless.yml

@@ -6,14 +6,15 @@ provider:
     images:
       validkube:
         path: ./
-  lambdaHashingVersion: "20201221"
+        platform: linux/amd64
   runtime: go1.x
   stage: production
   timeout: 30
   region: us-east-1
   memorySize: 256 # 1MB increments, minimum 128, affects pricing
+  architecture: x86_64
   environment:
-    ALLOWED_ORIGIN: ${ssm:/validkube/config/allowed_origin}
+    ALLOWED_ORIGIN: https://validkube.com
 
 package:
   exclude:
@@ -77,6 +78,14 @@ functions:
           path: /kubescape
           method: post
           cors: true          
+  Kubeconform:
+    image:
+      name: validkube
+    events:
+      - http:
+          path: /kubeconform
+          method: post
+          cors: true                
 
 resources:
   - ${file(s3-bucket.yml)}