Skip to content

Commit

Permalink
output JSON report, add --query flag to control output
Browse files Browse the repository at this point in the history
  • Loading branch information
@lhitchon
lhitchon committed Mar 10, 2018
1 parent 5bf593f commit 4f9c98f
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 28 deletions.
29 changes: 18 additions & 11 deletions app.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package main

import (
"encoding/json"
"flag"
"fmt"
"strings"
Expand Down Expand Up @@ -48,15 +49,18 @@ type ValidationReport struct {
FilesScanned []string
}

func printResults(report ValidationReport) {
for _, result := range report.AllViolations {
fmt.Printf("%s %s '%s' in '%s': %s (%s)\n",
result.Status,
result.ResourceType,
result.ResourceId,
result.Filename,
result.Message,
result.RuleId)
func printReport(report ValidationReport, queryExpression string) {
if queryExpression != "" {
v := searchData(queryExpression, report)
if v != "null" {
fmt.Println(v)
}
} else {
jsonData, err := json.MarshalIndent(report, "", " ")
if err != nil {
panic(err)
}
fmt.Println(string(jsonData))
}
}

Expand All @@ -81,6 +85,7 @@ func main() {
rulesFilename := flag.String("rules", "./rules/terraform.yml", "Rules file")
tags := flag.String("tags", "", "Run only tests with tags in this comma separated list")
ids := flag.String("ids", "", "Run only the rules in this comma separated list")
queryExpression := flag.String("query", "", "JMESPath expression to query the results")
searchExpression := flag.String("search", "", "JMESPath expression to evaluation against the files")
flag.Parse()

Expand All @@ -90,14 +95,16 @@ func main() {
if *searchExpression != "" {
kubernetesSearch(flag.Args(), *searchExpression, logger)
} else {
kubernetes(flag.Args(), *rulesFilename, makeTagList(*tags), makeRulesList(*ids), logger)
report := kubernetes(flag.Args(), *rulesFilename, makeTagList(*tags), makeRulesList(*ids), logger)
printReport(report, *queryExpression)
}
}
if *terraformFiles {
if *searchExpression != "" {
terraformSearch(flag.Args(), *searchExpression, logger)
} else {
terraform(flag.Args(), *rulesFilename, makeTagList(*tags), makeRulesList(*ids), logger)
report := terraform(flag.Args(), *rulesFilename, makeTagList(*tags), makeRulesList(*ids), logger)
printReport(report, *queryExpression)
}
}
}
15 changes: 7 additions & 8 deletions kubernetes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,7 @@ func filterKubernetesResourcesByType(resources []KubernetesResource, resourceTyp
return filtered
}

func validateKubernetesResources(resources []KubernetesResource, rules []Rule, tags []string, log LoggingFunction) ValidationReport {
var report ValidationReport
func validateKubernetesResources(report *ValidationReport, resources []KubernetesResource, rules []Rule, tags []string, log LoggingFunction) {
for _, rule := range filterRulesByTag(rules, tags) {
log(fmt.Sprintf("Rule %s: %s", rule.Id, rule.Message))
for _, filter := range rule.Filters {
Expand All @@ -84,27 +83,27 @@ func validateKubernetesResources(resources []KubernetesResource, rules []Rule, t
report.Warnings = append(report.Warnings, v)
}
if status == "FAILURE" {
report.Warnings = append(report.Failures, v)
report.Failures = append(report.Failures, v)
}
}
}
}
}
return report
}

func kubernetes(filenames []string, rulesFilename string, tags []string, ruleIds []string, log LoggingFunction) {
func kubernetes(filenames []string, rulesFilename string, tags []string, ruleIds []string, log LoggingFunction) ValidationReport {
var report ValidationReport
ruleSet := MustParseRules(loadKubernetesRules(rulesFilename))
rules := filterRulesById(ruleSet.Rules, ruleIds)
for _, filename := range filenames {
if shouldIncludeFile(ruleSet.Files, filename) {
log(fmt.Sprintf("Processing %s", filename))
resources := loadKubernetesResources(filename, log)
report := validateKubernetesResources(resources, rules, tags, log)
report.FilesScanned = filenames
printResults(report)
validateKubernetesResources(&report, resources, rules, tags, log)
report.FilesScanned = append(report.FilesScanned, filename)
}
}
return report
}

func kubernetesSearch(filenames []string, searchExpression string, log LoggingFunction) {
Expand Down
19 changes: 10 additions & 9 deletions terraform.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ func loadHCL(filename string, log LoggingFunction) []interface{} {
panic(err)
}
jsonData, err := json.MarshalIndent(v, "", " ")
if err != nil {
panic(err)
}
log(string(jsonData))

var hclData interface{}
Expand Down Expand Up @@ -90,8 +93,7 @@ func filterTerraformResourcesByType(resources []TerraformResource, resourceType
return filtered
}

func validateTerraformResources(resources []TerraformResource, rules []Rule, tags []string, log LoggingFunction) ValidationReport {
var report ValidationReport
func validateTerraformResources(report *ValidationReport, resources []TerraformResource, rules []Rule, tags []string, log LoggingFunction) {
for _, rule := range filterRulesByTag(rules, tags) {
log(fmt.Sprintf("Rule %s: %s", rule.Id, rule.Message))
for _, filter := range rule.Filters {
Expand All @@ -108,31 +110,30 @@ func validateTerraformResources(resources []TerraformResource, rules []Rule, tag
Filename: resource.Filename,
}
report.AllViolations = append(report.AllViolations, v)
report.AllViolations = append(report.AllViolations, v)
if status == "WARNING" {
report.Warnings = append(report.Warnings, v)
}
if status == "FAILURE" {
report.Warnings = append(report.Failures, v)
report.Failures = append(report.Failures, v)
}
}
}
}
}
return report
}

func terraform(filenames []string, rulesFilename string, tags []string, ruleIds []string, log LoggingFunction) {
func terraform(filenames []string, rulesFilename string, tags []string, ruleIds []string, log LoggingFunction) ValidationReport {
var report ValidationReport
ruleSet := MustParseRules(loadTerraformRules(rulesFilename))
rules := filterRulesById(ruleSet.Rules, ruleIds)
for _, filename := range filenames {
if shouldIncludeFile(ruleSet.Files, filename) {
resources := loadTerraformResources(filename, log)
report := validateTerraformResources(resources, rules, tags, log)
report.FilesScanned = filenames
printResults(report)
validateTerraformResources(&report, resources, rules, tags, log)
report.FilesScanned = append(report.FilesScanned, filename)
}
}
return report
}

func terraformSearch(filenames []string, searchExpression string, log LoggingFunction) {
Expand Down

0 comments on commit 4f9c98f

Please sign in to comment.