Merge pull request #487 from FairwindsOps/only-failed-test-audit

Audit- Only show the failed test if flag is specified.
FairwindsOps · Feb 26, 2021 · 16ffe1e · 16ffe1e
2 parents dea7143 + 7f1c143
commit 16ffe1e
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 46 deletions.
diff --git a/cmd/polaris/audit.go b/cmd/polaris/audit.go
@@ -32,6 +32,7 @@ import (
 )
 
 var setExitCode bool
+var onlyShowFailedTests bool
 var minScore int
 var auditOutputURL string
 var auditOutputFile string
@@ -42,6 +43,7 @@ func init() {
 	rootCmd.AddCommand(auditCmd)
 	auditCmd.PersistentFlags().StringVar(&auditPath, "audit-path", "", "If specified, audits one or more YAML files instead of a cluster.")
 	auditCmd.PersistentFlags().BoolVar(&setExitCode, "set-exit-code-on-danger", false, "Set an exit code of 3 when the audit contains danger-level issues.")
+	auditCmd.PersistentFlags().BoolVar(&onlyShowFailedTests, "only-show-failed-tests", false, "If specified, audit output will only show failed tests.")
 	auditCmd.PersistentFlags().IntVar(&minScore, "set-exit-code-below-score", 0, "Set an exit code of 4 when the score is below this threshold (1-100).")
 	auditCmd.PersistentFlags().StringVar(&auditOutputURL, "output-url", "", "Destination URL to send audit results.")
 	auditCmd.PersistentFlags().StringVar(&auditOutputFile, "output-file", "", "Destination file for audit results.")
@@ -81,7 +83,7 @@ func runAndReportAudit(ctx context.Context, c conf.Configuration, auditPath, wor
 		os.Exit(1)
 	}
 	var auditData validator.AuditData
-	auditData, err = validator.RunAudit(c, k)
+	auditData, err = validator.RunAudit(c, k, onlyShowFailedTests)
 
 	if err != nil {
 		logrus.Errorf("Error while running audit on resources: %v", err)

diff --git a/docs/infrastructure-as-code.md b/docs/infrastructure-as-code.md
@@ -21,15 +21,24 @@ polaris version
 ```
 
 ## Running in a CI pipeline
-You can tell the CLI to set an exit code if it detects certain issues with your
-YAML files.
+
+### Set minimum score for an exit code 
+You can tell the CLI to set an exit code if it detects certain issues with your YAML files.
 For example, to fail if polaris detects *any* danger-level issues, or if the score drops below 90%:
 ```bash
 polaris audit --audit-path ./deploy/ \
   --set-exit-code-on-danger \
   --set-exit-code-below-score 90
 ```
 
+### Output only showing failed tests
+The CLI to gives you ability to display results containing only failed tests. 
+For example:
+```bash
+polaris audit --audit-path ./deploy/ \
+  --only-show-failed-tests true
+```
+
 ### As Github Action
 #### Setup polaris action
 

diff --git a/go.mod b/go.mod
@@ -27,7 +27,6 @@ require (
 	golang.org/x/sys v0.0.0-20201231184435-2d18734c6014 // indirect
 	golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf // indirect
 	golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776
 	k8s.io/api v0.20.4
 	k8s.io/apimachinery v0.20.4

diff --git a/go.sum b/go.sum
diff --git a/pkg/dashboard/dashboard.go b/pkg/dashboard/dashboard.go
@@ -181,7 +181,7 @@ func GetRouter(c config.Configuration, auditPath string, port int, basePath stri
 			}
 
 			var auditDataObj validator.AuditData
-			auditDataObj, err = validator.RunAudit(adjustedConf, k)
+			auditDataObj, err = validator.RunAudit(adjustedConf, k, false)
 			if err != nil {
 				http.Error(w, "Error Fetching Deployments", http.StatusInternalServerError)
 				return
@@ -214,7 +214,7 @@ func GetRouter(c config.Configuration, auditPath string, port int, basePath stri
 			}
 
 			var auditData validator.AuditData
-			auditData, err = validator.RunAudit(adjustedConf, k)
+			auditData, err = validator.RunAudit(adjustedConf, k, false)
 			if err != nil {
 				logrus.Errorf("Error getting audit data: %v", err)
 				http.Error(w, "Error running audit", 500)

diff --git a/pkg/validator/fullaudit.go b/pkg/validator/fullaudit.go
@@ -16,7 +16,7 @@ import (
 )
 
 // RunAudit runs a full Polaris audit and returns an AuditData object
-func RunAudit(config conf.Configuration, kubeResources *kube.ResourceProvider) (AuditData, error) {
+func RunAudit(config conf.Configuration, kubeResources *kube.ResourceProvider, onlyShowFailedTests bool) (AuditData, error) {
 	displayName := config.DisplayName
 	if displayName == "" {
 		displayName = kubeResources.SourceName
@@ -49,6 +49,10 @@ func RunAudit(config conf.Configuration, kubeResources *kube.ResourceProvider) (
 		},
 		Results: results,
 	}
+	auditData.Score = auditData.GetSummary().GetScore()
+	if onlyShowFailedTests {
+		auditData.RemoveSuccessfulResults()
+	}
 	return auditData, nil
 }
 

diff --git a/pkg/validator/fullaudit_test.go b/pkg/validator/fullaudit_test.go
@@ -28,10 +28,12 @@ func TestGetTemplateData(t *testing.T) {
 		Warnings:  uint(3),
 		Dangers:   uint(3),
 	}
+	score := uint(0)
 
 	var actualAudit AuditData
-	actualAudit, err = RunAudit(c, resources)
+	actualAudit, err = RunAudit(c, resources, false)
 	assert.Equal(t, err, nil, "error should be nil")
+	assert.Equal(t, score, actualAudit.Score, "")
 	assert.EqualValues(t, sum, actualAudit.GetSummary())
 	assert.Equal(t, actualAudit.SourceType, "Cluster", "should be from a cluster")
 	assert.Equal(t, actualAudit.SourceName, "test", "should be from a cluster")

diff --git a/pkg/validator/output.go b/pkg/validator/output.go
@@ -34,6 +34,14 @@ type AuditData struct {
 	DisplayName          string
 	ClusterInfo          ClusterInfo
 	Results              []Result
+	Score                uint
+}
+
+// RemoveSuccessfulResults remove all test that have passed.
+func (res *AuditData) RemoveSuccessfulResults() {
+	for _, auditDataResult := range res.Results {
+		auditDataResult.removeSuccessfulResults()
+	}
 }
 
 // ClusterInfo contains Polaris results as well as some high-level stats
@@ -57,6 +65,14 @@ type ResultMessage struct {
 // ResultSet contiains the results for a set of checks
 type ResultSet map[string]ResultMessage
 
+func (res ResultSet) removeSuccessfulResults() {
+	for k, resultMessage := range res {
+		if resultMessage.Success {
+			delete(res, k)
+		}
+	}
+}
+
 // Result provides results for a Kubernetes object
 type Result struct {
 	Name        string
@@ -67,15 +83,31 @@ type Result struct {
 	CreatedTime time.Time
 }
 
+func (res *Result) removeSuccessfulResults() {
+	res.Results.removeSuccessfulResults()
+	res.PodResult.removeSuccessfulResults()
+}
+
 // PodResult provides a list of validation messages for each pod.
 type PodResult struct {
 	Name             string
 	Results          ResultSet
 	ContainerResults []ContainerResult
 }
 
+func (res *PodResult) removeSuccessfulResults() {
+	res.Results.removeSuccessfulResults()
+	for _, containerResult := range res.ContainerResults {
+		containerResult.removeSuccessfulResults()
+	}
+}
+
 // ContainerResult provides a list of validation messages for each container.
 type ContainerResult struct {
 	Name    string
 	Results ResultSet
 }
+
+func (res *ContainerResult) removeSuccessfulResults() {
+	res.Results.removeSuccessfulResults()
+}