Skip to content

Commit

Permalink
Merge pull request #465 from accurics/k8s-generateName
Browse files Browse the repository at this point in the history
recognize metadata.generateName
  • Loading branch information
Willie authored Jan 13, 2021
2 parents 5c565e6 + 8b2528e commit 2272168
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 6 deletions.
21 changes: 15 additions & 6 deletions pkg/iac-providers/kubernetes/v1/normalize.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,18 @@ var (

// k8sMetadata is used to pull the name, namespace types and annotations for a given resource
type k8sMetadata struct {
Name string `yaml:"name" json:"name"`
Namespace string `yaml:"namespace" json:"namespace"`
Annotations map[string]interface{} `yaml:"annotations" json:"annotations"`
Name string `yaml:"name" json:"name"`
GenerateName string `yaml:"generateName,omitempty" json:"generateName,omitempty"`
Namespace string `yaml:"namespace" json:"namespace"`
Annotations map[string]interface{} `yaml:"annotations" json:"annotations"`
}

// NameOrGenerateName gets the metadata's Name member, or if Name is not set then GenerateName (for CRDs, for example)
func (m k8sMetadata) NameOrGenerateName() string {
if len(m.Name) > 0 {
return m.Name
}
return m.GenerateName
}

// k8sResource is a generic struct to handle all k8s resource types
Expand Down Expand Up @@ -109,15 +118,15 @@ func (k *K8sV1) Normalize(doc *utils.IacDocument) (*output.ResourceConfig, error
case "ClusterRole":
fallthrough
case "Namespace":
resourceConfig.ID = resourceConfig.Type + "." + resource.Metadata.Name
resourceConfig.ID = resourceConfig.Type + "." + resource.Metadata.NameOrGenerateName()
default:
// namespaced-resources
namespace := resource.Metadata.Namespace
if namespace == "" {
namespace = "default"
}

resourceConfig.ID = resourceConfig.Type + "." + resource.Metadata.Name + "." + namespace
resourceConfig.ID = resourceConfig.Type + "." + resource.Metadata.NameOrGenerateName() + "." + namespace
}

// read and update skip rules, if present
Expand All @@ -131,7 +140,7 @@ func (k *K8sV1) Normalize(doc *utils.IacDocument) (*output.ResourceConfig, error
return nil, err
}

resourceConfig.Name = resource.Metadata.Name
resourceConfig.Name = resource.Metadata.NameOrGenerateName()
resourceConfig.Config = configData

return &resourceConfig, nil
Expand Down
45 changes: 45 additions & 0 deletions pkg/iac-providers/kubernetes/v1/normalize_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,17 @@ metadata:
name: myapp-pod
annotations:
terrascanSkip: [accurics.kubernetes.IAM.109]
spec:
containers:
- name: myapp-container
image: busybox`)

testYAMLDataWithGenerateName = []byte(`apiVersion: v1
kind: CRD
metadata:
generateName: myapp-pod-prefix-
annotations:
terrascanSkip: [accurics.kubernetes.IAM.109]
spec:
containers:
- name: myapp-container
Expand Down Expand Up @@ -220,6 +231,40 @@ func TestK8sV1Normalize(t *testing.T) {
SkipRules: []string{testRule},
},
},
{
name: "valid iac document object with generateName",
args: args{
&utils.IacDocument{
Type: "yaml",
Data: testYAMLDataWithGenerateName,
},
},
want: &output.ResourceConfig{
ID: "kubernetes_crd.myapp-pod-prefix-.default",
Name: "myapp-pod-prefix-",
Line: 0,
Type: "kubernetes_crd",
Config: map[string]interface{}{
"apiVersion": "v1",
"kind": "CRD",
"metadata": map[string]interface{}{
"annotations": map[string]interface{}{
terrascanSkip: []interface{}{testRule},
},
"generateName": "myapp-pod-prefix-",
},
"spec": map[string]interface{}{
"containers": []interface{}{
map[string]interface{}{
"image": "busybox",
"name": "myapp-container",
},
},
},
},
SkipRules: []string{testRule},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down

0 comments on commit 2272168

Please sign in to comment.