Merge c979b32 into 1ae8787

jasonrichardsmith · Aug 29, 2018 · 36bc7f6 · 36bc7f6
2 parents 1ae8787 + c979b32
commit 36bc7f6
Show file tree

Hide file tree

Showing 13 changed files with 79 additions and 53 deletions.
diff --git a/README.md b/README.md
@@ -26,7 +26,6 @@ Limits will insure all pods have limits for cpu and memory set and are within th
 
 ```yaml
 limits:
-  type: Pod
   enabled: true
   ignoredNamespaces:
     - "test2"
@@ -45,7 +44,6 @@ Healthz just insures liveliness and readiness probes are set.
 
 ```yaml
 healthz:
-  type: Pod
   enabled: true
   ignoredNamespaces:
     - "test1"
@@ -59,7 +57,6 @@ Images insures no containers launch with 'latest' or with no tag set.
 
 ```yaml
 images:
-  type: Pod
   enabled: true
   ignoredNamespaces:
     - "test1"

diff --git a/healthz/healthz.go b/healthz/healthz.go
@@ -20,6 +20,10 @@ const (
 
 type HealthzSentry struct{}
 
+func (hs HealthzSentry) Type() string {
+	return "Pod"
+}
+
 func (hs HealthzSentry) Admit(receivedAdmissionReview v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
 	log.Info("Checking health checks are present")
 	raw := receivedAdmissionReview.Request.Object.Raw

diff --git a/healthz/healthz_test.go b/healthz/healthz_test.go
@@ -32,6 +32,12 @@ func init() {
 	}
 }
 
+func TestType(t *testing.T) {
+	is := HealthzSentry{}
+	if is.Type() != "Pod" {
+		t.Fatal("Failed type test")
+	}
+}
 func TestAdmit(t *testing.T) {
 	c := Config{}
 	hs, err := c.LoadSentry()

diff --git a/images/images.go b/images/images.go
@@ -22,6 +22,10 @@ const (
 
 type ImagesSentry struct{}
 
+func (is ImagesSentry) Type() string {
+	return "Pod"
+}
+
 func (is ImagesSentry) Admit(receivedAdmissionReview v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
 	log.Info("Checking image tags are present")
 	raw := receivedAdmissionReview.Request.Object.Raw

diff --git a/images/images_test.go b/images/images_test.go
@@ -32,6 +32,13 @@ func init() {
 	}
 }
 
+func TestType(t *testing.T) {
+	is := ImagesSentry{}
+	if is.Type() != "Pod" {
+		t.Fatal("Failed type test")
+	}
+}
+
 func TestAdmit(t *testing.T) {
 	c := Config{}
 	is, err := c.LoadSentry()

diff --git a/limits/limits.go b/limits/limits.go
@@ -28,6 +28,10 @@ type LimitSentry struct {
 	CPUMax    resource.Quantity
 }
 
+func (ls LimitSentry) Type() string {
+	return "Pod"
+}
+
 func (ls LimitSentry) BetweenCPU(q resource.Quantity) bool {
 	if ls.CPUMax.Cmp(q) >= 0 && ls.CPUMin.Cmp(q) <= 0 {
 		return true

diff --git a/limits/limits_test.go b/limits/limits_test.go
@@ -58,6 +58,13 @@ func init() {
 	}
 }
 
+func TestType(t *testing.T) {
+	is := LimitSentry{}
+	if is.Type() != "Pod" {
+		t.Fatal("Failed type test")
+	}
+}
+
 func TestBetweenCPU(t *testing.T) {
 	ls := LimitSentry{
 		CPUMax: highqty,

diff --git a/manifest.yaml b/manifest.yaml
@@ -80,7 +80,6 @@ data:
   config.yaml: |
     ---
     limits:
-      type: Pod
       enabled: true
       ignoredNamespaces:
         - "kube-system"
@@ -93,14 +92,12 @@ data:
         min: 1G
         max: 2G
     healthz:
-      type: Pod
       enabled: true
       ignoredNamespaces:
         - "kube-system"
         - "test1"
         - "test3"
     images:
-      type: Pod
       enabled: true
       ignoredNamespaces:
         - "kube-system"

diff --git a/mux/config_test.go b/mux/config_test.go
@@ -24,7 +24,6 @@ func TestLoadFromFile(t *testing.T) {
 				Max: "1G",
 			},
 			Config: sentry.Config{
-				Type:    "Pod",
 				Enabled: true,
 				IgnoredNamespaces: []string{
 					"test2",
@@ -34,7 +33,6 @@ func TestLoadFromFile(t *testing.T) {
 		},
 		Healthz: healthz.Config{
 			Config: sentry.Config{
-				Type:    "Pod",
 				Enabled: true,
 				IgnoredNamespaces: []string{
 					"test1",
@@ -44,7 +42,6 @@ func TestLoadFromFile(t *testing.T) {
 		},
 		Images: images.Config{
 			Config: sentry.Config{
-				Type:    "Pod",
 				Enabled: true,
 				IgnoredNamespaces: []string{
 					"test1",
@@ -75,7 +72,6 @@ func TestLoadSentry(t *testing.T) {
 				Max: "1G",
 			},
 			Config: sentry.Config{
-				Type:    "Pod",
 				Enabled: true,
 				IgnoredNamespaces: []string{
 					"test1",
@@ -89,19 +85,17 @@ func TestLoadSentry(t *testing.T) {
 		t.Fatal(err)
 	}
 	match := SentryMux{
-		Sentries: map[string]map[string]sentryModule{
-			"Pod": map[string]sentryModule{
-				"limits": sentryModule{
-					Sentry: limits.LimitSentry{
-						MemoryMin: qty,
-						MemoryMax: qty,
-						CPUMin:    qty,
-						CPUMax:    qty,
-					},
-					ignored: []string{
-						"test1",
-						"test2",
-					},
+		Sentries: []sentryModule{
+			sentryModule{
+				Sentry: limits.LimitSentry{
+					MemoryMin: qty,
+					MemoryMax: qty,
+					CPUMin:    qty,
+					CPUMax:    qty,
+				},
+				ignored: []string{
+					"test1",
+					"test2",
 				},
 			},
 		},

diff --git a/mux/mux.go b/mux/mux.go
@@ -12,12 +12,12 @@ type sentryModule struct {
 }
 
 type SentryMux struct {
-	Sentries map[string]map[string]sentryModule
+	Sentries []sentryModule
 }
 
 func NewFromConfig(c Config) (SentryMux, error) {
 	sm := SentryMux{
-		Sentries: make(map[string]map[string]sentryModule),
+		Sentries: make([]sentryModule, 0),
 	}
 	if c.Limits.Enabled {
 		log.Info("Limits enabled loading")
@@ -30,7 +30,7 @@ func NewFromConfig(c Config) (SentryMux, error) {
 			c.Limits.IgnoredNamespaces,
 		}
 		log.Info("Ignoring Namespaces ", mod.ignored)
-		sm.Sentries[c.Limits.Type] = map[string]sentryModule{"limits": mod}
+		sm.Sentries = append(sm.Sentries, mod)
 	}
 	if c.Healthz.Enabled {
 		log.Info("Healthz enabled loading")
@@ -43,11 +43,7 @@ func NewFromConfig(c Config) (SentryMux, error) {
 			c.Healthz.IgnoredNamespaces,
 		}
 		log.Info("Ignoring Namespaces ", mod.ignored)
-		if v, ok := sm.Sentries[c.Healthz.Type]; ok {
-			v["healthz"] = mod
-		} else {
-			sm.Sentries[c.Healthz.Type] = map[string]sentryModule{"healthz": mod}
-		}
+		sm.Sentries = append(sm.Sentries, mod)
 	}
 	if c.Images.Enabled {
 		log.Info("Images enabled loading")
@@ -60,11 +56,7 @@ func NewFromConfig(c Config) (SentryMux, error) {
 			c.Images.IgnoredNamespaces,
 		}
 		log.Info("Ignoring Namespaces ", mod.ignored)
-		if v, ok := sm.Sentries[c.Images.Type]; ok {
-			v["images"] = mod
-		} else {
-			sm.Sentries[c.Images.Type] = map[string]sentryModule{"images": mod}
-		}
+		sm.Sentries = append(sm.Sentries, mod)
 	}
 	return sm, nil
 }
@@ -81,12 +73,14 @@ func (sm sentryModule) Ignore(namespace string) bool {
 	log.Infof("Namespace %v not ignored", namespace)
 	return false
 }
-
+func (sm SentryMux) Type() string {
+	return "*"
+}
 func (sm SentryMux) Admit(receivedAdmissionReview v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
 	log.Infof("Received request of kind %v", receivedAdmissionReview.Request.Kind.Kind)
-	if sms, ok := sm.Sentries[receivedAdmissionReview.Request.Kind.Kind]; ok {
-		log.Infof("Found sentries for kind %v, itterating over %v sentries.", receivedAdmissionReview.Request.Kind.Kind, len(sms))
-		for k, sm := range sms {
+	log.Infof("Itterating over %v sentries.", receivedAdmissionReview.Request.Kind.Kind, len(sm.Sentries))
+	for k, sm := range sm.Sentries {
+		if receivedAdmissionReview.Request.Kind.Kind == sm.Type() {
 			if !sm.Ignore(receivedAdmissionReview.Request.Namespace) {
 				log.Infof("Running admit for %v", k)
 				ar := sm.Admit(receivedAdmissionReview)
@@ -96,7 +90,6 @@ func (sm SentryMux) Admit(receivedAdmissionReview v1beta1.AdmissionReview) *v1be
 				}
 				log.Infof("Allowed by %v", k)
 			}
-
 		}
 
 	}

diff --git a/mux/mux_test.go b/mux/mux_test.go
@@ -22,6 +22,12 @@ func TestIgnore(t *testing.T) {
 	}
 }
 
+func TestType(t *testing.T) {
+	is := SentryMux{}
+	if is.Type() != "*" {
+		t.Fatal("Failed type test")
+	}
+}
 func TestNewFromConfig(t *testing.T) {
 	c := New()
 	m, err := NewFromConfig(*c)
@@ -46,7 +52,7 @@ func TestNewFromConfig(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if len(m.Sentries[""]) != 3 {
+	if len(m.Sentries) != 3 {
 		t.Fatal("Extected 3 entries enabled")
 	}
 }
@@ -55,6 +61,10 @@ type FakeSentry struct {
 	admit bool
 }
 
+func (fs FakeSentry) Type() string {
+	return "Pod"
+
+}
 func (fs FakeSentry) Admit(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
 
 	reviewResponse := v1beta1.AdmissionResponse{}
@@ -64,14 +74,12 @@ func (fs FakeSentry) Admit(ar v1beta1.AdmissionReview) *v1beta1.AdmissionRespons
 
 func TestAdmit(t *testing.T) {
 	mux := SentryMux{
-		Sentries: map[string]map[string]sentryModule{
-			"Pod": {
-				"fake": sentryModule{
-					Sentry: FakeSentry{true},
-					ignored: []string{
-						"test1",
-						"test2",
-					},
+		Sentries: []sentryModule{
+			sentryModule{
+				Sentry: FakeSentry{true},
+				ignored: []string{
+					"test1",
+					"test2",
 				},
 			},
 		},
@@ -98,8 +106,10 @@ func TestAdmit(t *testing.T) {
 	if resp.Allowed != true {
 		t.Fatal("Return false expected true")
 	}
-	mux.Sentries["Pod"]["fake"] = sentryModule{
-		Sentry: FakeSentry{false},
+	mux.Sentries = []sentryModule{
+		sentryModule{
+			Sentry: FakeSentry{false},
+		},
 	}
 	resp = mux.Admit(ar)
 	if resp.Allowed != false {

diff --git a/sentry/sentry.go b/sentry/sentry.go
@@ -34,13 +34,13 @@ var (
 )
 
 type Config struct {
-	Type              string   `yaml:"type"`
 	Enabled           bool     `yaml:"enabled"`
 	IgnoredNamespaces []string `yaml:"ignoredNamespaces"`
 }
 
 type Sentry interface {
 	Admit(v1beta1.AdmissionReview) *v1beta1.AdmissionResponse
+	Type() string
 }
 
 type Loader interface {

diff --git a/sentry/sentry_test.go b/sentry/sentry_test.go
@@ -15,6 +15,9 @@ import (
 
 type FakeSentry struct{}
 
+func (fs FakeSentry) Type() string {
+	return "Pod"
+}
 func (fs FakeSentry) Admit(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
 
 	reviewResponse := v1beta1.AdmissionResponse{}