incorporate review comments

tenable · Jan 8, 2021 · 0ea7356 · 0ea7356
1 parent e5cec3e
commit 0ea7356
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 17 deletions.
diff --git a/pkg/cli/testdata/run-test/test_pod.yaml b/pkg/cli/testdata/run-test/test_pod.yaml
@@ -7,7 +7,7 @@ metadata:
     test: someupdate
     test2: someupdate3
   annotations:
-    terrascanSkipRules: [accurics.kubernetes.IAM.109]
+    terrascanSkip: [accurics.kubernetes.IAM.109]
 spec:
   containers:
   - name: myapp-container
@@ -25,7 +25,7 @@ metadata:
     test: someupdate
     test2: someupdate3
   annotations:
-    terrascanSkipRules: [accurics.kubernetes.IAM.3, accurics.kubernetes.OPS.461]
+    terrascanSkip: [accurics.kubernetes.IAM.3, accurics.kubernetes.OPS.461]
 spec:
   template:
     spec:

diff --git a/pkg/iac-providers/kubernetes/v1/normalize.go b/pkg/iac-providers/kubernetes/v1/normalize.go
@@ -28,7 +28,7 @@ import (
 	"gopkg.in/yaml.v3"
 )
 
-const terrascanSkipRules = "terrascanSkipRules"
+const terrascanSkip = "terrascanSkip"
 
 var (
 	errUnsupportedDoc = fmt.Errorf("unsupported document type")
@@ -139,23 +139,24 @@ func (k *K8sV1) Normalize(doc *utils.IacDocument) (*output.ResourceConfig, error
 
 func readSkipRulesFromAnnotations(annotations map[string]interface{}, resourceID string) []string {
 
-	if _, ok := annotations[terrascanSkipRules]; !ok {
-		zap.S().Debugf("%s not present for resource: %s", terrascanSkipRules, resourceID)
+	var skipRulesFromAnnotations interface{}
+	var ok bool
+	if skipRulesFromAnnotations, ok = annotations[terrascanSkip]; !ok {
+		zap.S().Debugf("%s not present for resource: %s", terrascanSkip, resourceID)
 		return nil
 	}
 
 	skipRules := make([]string, 0)
-	skipRulesFromAnnotations := annotations[terrascanSkipRules]
 	if rules, ok := skipRulesFromAnnotations.([]interface{}); ok {
 		for _, rule := range rules {
 			if value, ok := rule.(string); ok {
 				skipRules = append(skipRules, value)
 			} else {
-				zap.S().Debugf("each rule in %s must be of string type", terrascanSkipRules)
+				zap.S().Debugf("each rule in %s must be of string type", terrascanSkip)
 			}
 		}
 	} else {
-		zap.S().Debugf("%s must be an array of rules to skip", terrascanSkipRules)
+		zap.S().Debugf("%s must be an array of rules to skip", terrascanSkip)
 	}
 
 	return skipRules

diff --git a/pkg/iac-providers/kubernetes/v1/normalize_test.go b/pkg/iac-providers/kubernetes/v1/normalize_test.go
@@ -55,7 +55,7 @@ kind: Pod
 metadata:
   name: myapp-pod
   annotations:
-    terrascanSkipRules: [accurics.kubernetes.IAM.109]
+    terrascanSkip: [accurics.kubernetes.IAM.109]
 spec:
   containers:
     - name: myapp-container
@@ -110,7 +110,7 @@ func TestK8sV1ExtractResource(t *testing.T) {
 				Metadata: k8sMetadata{
 					Name: "myapp-pod",
 					Annotations: map[string]interface{}{
-						terrascanSkipRules: []interface{}{"accurics.kubernetes.IAM.109"},
+						terrascanSkip: []interface{}{"accurics.kubernetes.IAM.109"},
 					},
 				},
 			},
@@ -204,7 +204,7 @@ func TestK8sV1Normalize(t *testing.T) {
 					"kind":       "Pod",
 					"metadata": map[string]interface{}{
 						"annotations": map[string]interface{}{
-							terrascanSkipRules: []interface{}{testRule},
+							terrascanSkip: []interface{}{testRule},
 						},
 						"name": "myapp-pod",
 					},
@@ -269,7 +269,7 @@ func TestReadSkipRulesFromAnnotations(t *testing.T) {
 			name: "annotations with invalid terrascanSkipRules type",
 			args: args{
 				annotations: map[string]interface{}{
-					terrascanSkipRules: "test",
+					terrascanSkip: "test",
 				},
 			},
 			want: []string{},
@@ -278,7 +278,7 @@ func TestReadSkipRulesFromAnnotations(t *testing.T) {
 			name: "annotations with invalid terrascanSkipRules rule value",
 			args: args{
 				annotations: map[string]interface{}{
-					terrascanSkipRules: []interface{}{1},
+					terrascanSkip: []interface{}{1},
 				},
 			},
 			want: []string{},
@@ -287,7 +287,7 @@ func TestReadSkipRulesFromAnnotations(t *testing.T) {
 			name: "annotations with one terrascanSkipRules",
 			args: args{
 				annotations: map[string]interface{}{
-					terrascanSkipRules: []interface{}{testRuleA},
+					terrascanSkip: []interface{}{testRuleA},
 				},
 			},
 			want: []string{testRuleA},
@@ -296,7 +296,7 @@ func TestReadSkipRulesFromAnnotations(t *testing.T) {
 			name: "annotations with multiple terrascanSkipRules",
 			args: args{
 				annotations: map[string]interface{}{
-					terrascanSkipRules: []interface{}{testRuleA, testRuleB, testRuleC},
+					terrascanSkip: []interface{}{testRuleA, testRuleB, testRuleC},
 				},
 			},
 			want: []string{testRuleA, testRuleB, testRuleC},

diff --git a/pkg/iac-providers/kubernetes/v1/testdata/file-test-data/test_pod_skip_rules.yaml b/pkg/iac-providers/kubernetes/v1/testdata/file-test-data/test_pod_skip_rules.yaml
@@ -7,7 +7,7 @@ metadata:
     test: someupdate
     test2: someupdate3
   annotations:
-    terrascanSkipRules: [accurics.kubernetes.IAM.109]
+    terrascanSkip: [accurics.kubernetes.IAM.109]
 spec:
   containers:
   - name: myapp-container
@@ -25,7 +25,7 @@ metadata:
     test: someupdate
     test2: someupdate3
   annotations:
-    terrascanSkipRules: [accurics.kubernetes.IAM.3, accurics.kubernetes.OPS.461]
+    terrascanSkip: [accurics.kubernetes.IAM.3, accurics.kubernetes.OPS.461]
 spec:
   template:
     spec: