Skip to content

Commit

Permalink
sort results in enforce-gatekeeper (#309)
Browse files Browse the repository at this point in the history
  • Loading branch information
Mengqi Yu committed Jun 11, 2021
1 parent 1a61092 commit 8a5ee7e
Show file tree
Hide file tree
Showing 2 changed files with 334 additions and 5 deletions.
60 changes: 55 additions & 5 deletions functions/go/gatekeeper/validate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ package main
import (
"context"
"fmt"
"sort"
"strconv"

opaapis "github.com/open-policy-agent/frameworks/constraint/pkg/apis"
Expand Down Expand Up @@ -124,9 +125,7 @@ func Validate(objects []runtime.Object) (*framework.Result, error) {
}

func parseResults(results []*opatypes.Result) (*framework.Result, error) {
out := &framework.Result{
Items: []framework.ResultItem{},
}
var items []framework.ResultItem

for _, r := range results {
u, ok := r.Resource.(*unstructured.Unstructured)
Expand Down Expand Up @@ -176,7 +175,58 @@ func parseResults(results []*opatypes.Result) (*framework.Result, error) {
}
}

out.Items = append(out.Items, item)
items = append(items, item)
}
sortResultItems(items)

return &framework.Result{
Items: items,
}, nil
}

// TODO(mengqiy): upstream this to the SDK
func sortResultItems(items []framework.ResultItem) {
sort.SliceStable(items, func(i, j int) bool {
if fileLess(items, i, j) != 0 {
return fileLess(items, i, j) < 0
}
if severityLess(items, i, j) != 0 {
return severityLess(items, i, j) < 0
}
return resultItemToString(items[i]) < resultItemToString(items[j])
})
}

func severityLess(items []framework.ResultItem, i, j int) int {
severityToNumber := map[framework.Severity]int{
framework.Error: 0,
framework.Warning: 1,
framework.Info: 2,
}
return out, nil

severityLevelI, found := severityToNumber[items[i].Severity]
if !found {
severityLevelI = 3
}
severityLevelJ, found := severityToNumber[items[j].Severity]
if !found {
severityLevelJ = 3
}
return severityLevelI - severityLevelJ
}

func fileLess(items []framework.ResultItem, i, j int) int {
if items[i].File.Path != items[j].File.Path {
if items[i].File.Path < items[j].File.Path {
return -1
} else {
return 1
}
}
return items[i].File.Index - items[j].File.Index
}

func resultItemToString(item framework.ResultItem) string {
return fmt.Sprintf("resource-ref:%s,field:%s,message:%s",
item.ResourceRef.GetIdentifier(), item.Field, item.Message)
}
279 changes: 279 additions & 0 deletions functions/go/gatekeeper/validate_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,279 @@
package main

import (
"reflect"
"testing"

"sigs.k8s.io/kustomize/kyaml/fn/framework"
"sigs.k8s.io/kustomize/kyaml/yaml"
)

func TestSortResultItems(t *testing.T) {
testcases := []struct {
name string
input []framework.ResultItem
output []framework.ResultItem
}{
{
name: "sort based on severity",
input: []framework.ResultItem{
{
Message: "Error message 1",
Severity: framework.Info,
},
{
Message: "Error message 2",
Severity: framework.Error,
},
},
output: []framework.ResultItem{
{
Message: "Error message 2",
Severity: framework.Error,
},
{
Message: "Error message 1",
Severity: framework.Info,
},
},
},
{
name: "sort based on file",
input: []framework.ResultItem{
{
Message: "Error message",
Severity: framework.Error,
File: framework.File{
Path: "resource.yaml",
Index: 1,
},
},
{
Message: "Error message",
Severity: framework.Info,
File: framework.File{
Path: "resource.yaml",
Index: 0,
},
},
{
Message: "Error message",
Severity: framework.Info,
File: framework.File{
Path: "other-resource.yaml",
Index: 0,
},
},
{
Message: "Error message",
Severity: framework.Warning,
File: framework.File{
Path: "resource.yaml",
Index: 2,
},
},
},
output: []framework.ResultItem{
{
Message: "Error message",
Severity: framework.Info,
File: framework.File{
Path: "other-resource.yaml",
Index: 0,
},
},
{
Message: "Error message",
Severity: framework.Info,
File: framework.File{
Path: "resource.yaml",
Index: 0,
},
},
{
Message: "Error message",
Severity: framework.Error,
File: framework.File{
Path: "resource.yaml",
Index: 1,
},
},
{
Message: "Error message",
Severity: framework.Warning,
File: framework.File{
Path: "resource.yaml",
Index: 2,
},
},
},
},

{
name: "sort based on other fields",
input: []framework.ResultItem{
{
Message: "Error message",
Severity: framework.Error,
ResourceRef: yaml.ResourceMeta{
TypeMeta: yaml.TypeMeta{
APIVersion: "v1",
Kind: "Pod",
},
ObjectMeta: yaml.ObjectMeta{
NameMeta: yaml.NameMeta{
Namespace: "foo-ns",
Name: "bar",
},
},
},
Field: framework.Field{
Path: "spec",
},
},
{
Message: "Error message",
Severity: framework.Error,
ResourceRef: yaml.ResourceMeta{
TypeMeta: yaml.TypeMeta{
APIVersion: "v1",
Kind: "Pod",
},
ObjectMeta: yaml.ObjectMeta{
NameMeta: yaml.NameMeta{
Namespace: "foo-ns",
Name: "bar",
},
},
},
Field: framework.Field{
Path: "metadata.name",
},
},
{
Message: "Another error message",
Severity: framework.Error,
ResourceRef: yaml.ResourceMeta{
TypeMeta: yaml.TypeMeta{
APIVersion: "v1",
Kind: "Pod",
},
ObjectMeta: yaml.ObjectMeta{
NameMeta: yaml.NameMeta{
Namespace: "foo-ns",
Name: "bar",
},
},
},
Field: framework.Field{
Path: "metadata.name",
},
},
{
Message: "Another error message",
Severity: framework.Error,
ResourceRef: yaml.ResourceMeta{
TypeMeta: yaml.TypeMeta{
APIVersion: "v1",
Kind: "ConfigMap",
},
ObjectMeta: yaml.ObjectMeta{
NameMeta: yaml.NameMeta{
Namespace: "foo-ns",
Name: "bar",
},
},
},
Field: framework.Field{
Path: "metadata.name",
},
},
},
output: []framework.ResultItem{
{
Message: "Another error message",
Severity: framework.Error,
ResourceRef: yaml.ResourceMeta{
TypeMeta: yaml.TypeMeta{
APIVersion: "v1",
Kind: "ConfigMap",
},
ObjectMeta: yaml.ObjectMeta{
NameMeta: yaml.NameMeta{
Namespace: "foo-ns",
Name: "bar",
},
},
},
Field: framework.Field{
Path: "metadata.name",
},
},
{
Message: "Another error message",
Severity: framework.Error,
ResourceRef: yaml.ResourceMeta{
TypeMeta: yaml.TypeMeta{
APIVersion: "v1",
Kind: "Pod",
},
ObjectMeta: yaml.ObjectMeta{
NameMeta: yaml.NameMeta{
Namespace: "foo-ns",
Name: "bar",
},
},
},
Field: framework.Field{
Path: "metadata.name",
},
},
{
Message: "Error message",
Severity: framework.Error,
ResourceRef: yaml.ResourceMeta{
TypeMeta: yaml.TypeMeta{
APIVersion: "v1",
Kind: "Pod",
},
ObjectMeta: yaml.ObjectMeta{
NameMeta: yaml.NameMeta{
Namespace: "foo-ns",
Name: "bar",
},
},
},
Field: framework.Field{
Path: "metadata.name",
},
},
{
Message: "Error message",
Severity: framework.Error,
ResourceRef: yaml.ResourceMeta{
TypeMeta: yaml.TypeMeta{
APIVersion: "v1",
Kind: "Pod",
},
ObjectMeta: yaml.ObjectMeta{
NameMeta: yaml.NameMeta{
Namespace: "foo-ns",
Name: "bar",
},
},
},
Field: framework.Field{
Path: "spec",
},
},
},
},
}

for _, tc := range testcases {
sortResultItems(tc.input)
if !reflect.DeepEqual(tc.input, tc.output) {
t.Errorf("in testcase %q, expect: %#v, but got: %#v", tc.name, tc.output, tc.input)
}
}
}

0 comments on commit 8a5ee7e

Please sign in to comment.