added separate renderer

kubernetes-retired · Jun 18, 2020 · d52283b · d52283b
1 parent 2a77330
commit d52283b
Show file tree

Hide file tree

Showing 8 changed files with 139 additions and 44 deletions.
diff --git a/benchmarks/kubectl-mtb/Makefile b/benchmarks/kubectl-mtb/Makefile
@@ -19,4 +19,9 @@ clean:
 
 # Install kubectl plugin
 kubectl: build
-	cp bin/kubectl/kubectl-mtb ${GOPATH}/bin/kubectl-mtb
+	cp bin/kubectl/kubectl-mtb ${GOPATH}/bin/kubectl-mtb
+
+.PHONY: readme
+
+readme: 
+	go run docs/main.go
diff --git a/benchmarks/kubectl-mtb/docs/main.go b/benchmarks/kubectl-mtb/docs/main.go
@@ -0,0 +1,101 @@
+package main
+
+import (
+	"fmt"
+	"html/template"
+	"io/ioutil"
+	"log"
+	"os"
+	"path/filepath"
+
+	"gopkg.in/yaml.v2"
+	"sigs.k8s.io/multi-tenancy/benchmarks/kubectl-mtb/test/util"
+)
+
+const (
+	// Location of the config files
+	embedFolder string = "./test/benchmarks/"
+)
+
+// Structure of yaml (Used for README generation)
+type Doc struct {
+	ID            string `yaml:"id"`
+	Title         string `yaml:"title"`
+	BenchmarkType string `yaml:"benchmarkType"`
+	Category      string `yaml:"category"`
+	Description   string `yaml:"description"`
+	Remediation   string `yaml:"remediation"`
+	ProfileLevel  int    `yaml:"profileLevel"`
+}
+
+// README template
+const templ = `
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>README</title>
+  </head>
+  <body>
+  <h2> {{.Title}} [{{.ID}}] </h2>
+	<p>
+		<b> Profile Applicability: </b> {{.ProfileLevel}} <br>
+		<b> Type: </b> {{.BenchmarkType}} <br>
+		<b> Category: </b> {{.Category}} <br>
+		<b> Description: </b> {{.Description}} <br>
+		<b> Remediation: </b> {{.Remediation}} <br>
+	</p>
+    
+  </body>
+</html>
+`
+
+func main() {
+
+	err := filepath.Walk(embedFolder, func(path string, info os.FileInfo, err error) error {
+		if info.IsDir() {
+			// Skip directories
+			log.Println(path, "is a directory, skipping...")
+			return nil
+		} else {
+
+			extension := filepath.Ext(path)
+
+			if extension == ".yml" || extension == ".yaml" {
+				b, err := ioutil.ReadFile(path)
+				util.CheckError(err)
+				d := Doc{}
+				err = yaml.Unmarshal(b, &d)
+				util.CheckError(err)
+				t := template.New("README template")
+				t, err = t.Parse(templ)
+
+				// Get directory of the config file
+				dirPath := util.GetDirectory(path, "/")
+
+				//Check if Path exists
+				_, err = util.Exists(dirPath)
+				util.CheckError(err)
+
+				f, err := os.Create(dirPath + "/README.md")
+				util.CheckError(err)
+
+				// Write the output to the README file
+				err = t.Execute(f, d)
+				util.CheckError(err)
+				if err == nil {
+					fmt.Println("README.md generated successfully")
+				}
+
+				err = f.Close()
+				util.CheckError(err)
+
+			}
+		}
+
+		return nil
+	})
+	if err != nil {
+		log.Fatal("Error walking through embed directory:", err)
+	}
+
+}
diff --git a/benchmarks/kubectl-mtb/pkg/benchmark/benchmark.go b/benchmarks/kubectl-mtb/pkg/benchmark/benchmark.go
@@ -2,14 +2,9 @@ package benchmark
 
 import (
 	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
 
-	"github.com/russross/blackfriday/v2"
 	"gopkg.in/yaml.v2"
 	"k8s.io/client-go/kubernetes"
-	"sigs.k8s.io/multi-tenancy/benchmarks/kubectl-mtb/test/util"
 )
 
 // Benchmark consists the benchmark information like benchmark id, name, remediation etc.
@@ -25,7 +20,7 @@ type Benchmark struct {
 }
 
 // ReadConfig reads the yaml representation of struct from []file
-func (b *Benchmark) ReadConfig(file []byte, path string) error {
+func (b *Benchmark) ReadConfig(file []byte) error {
 	if err := yaml.Unmarshal(file, b); err != nil {
 		return err
 	}
@@ -34,25 +29,5 @@ func (b *Benchmark) ReadConfig(file []byte, path string) error {
 		return errors.New("Please fill in a valid/non-empty yaml file")
 	}
 
-	output := blackfriday.Run(file)
-	testDir := util.GetDirectory(path, "/")
-	filePath, _ := filepath.Abs("./test/benchmarks/" + testDir + "/README.md")
-	f, err := os.Create(filePath)
-	if err != nil {
-		fmt.Println(err)
-	}
-	_, err = f.Write(output)
-	if err != nil {
-		fmt.Println(err)
-		f.Close()
-	} else {
-		fmt.Println("README.md generated successfully")
-	}
-
-	err = f.Close()
-	if err != nil {
-		fmt.Println(err)
-	}
-
 	return nil
 }
diff --git a/benchmarks/kubectl-mtb/test/benchmarks/block_privileged_containers/README.md b/benchmarks/kubectl-mtb/test/benchmarks/block_privileged_containers/README.md
@@ -1,7 +1,18 @@
-<p>id: MTB-PL1-BC-CPI-5
-title: Block privileged containers
-benchmarkType: Behavioral Check
-category: Control Plane Isolation
-description: By default a container is not allowed to access any devices on the host, but a “privileged” container can access all devices on the host. A process within a privileged container can also get unrestricted host access. Hence, tenants should not be allowed to run privileged containers.
-remediation: Define a <code>PodSecurityPolicy</code> with <code>privileged</code> set to <code>false</code> and map the policy to each tenant&rsquo;s namespace, or use a policy engine such as <a href="https://github.com/open-policy-agent/gatekeeper">OPA/Gatekeeper</a> or <a href="https://kyverno.io">Kyverno</a> to prevent tenants from running privileged containers.
-profileLevel: 1</p>
+
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>README</title>
+  </head>
+  <body>
+  <h2> Block privileged containers [MTB-PL1-BC-CPI-5] </h2>
+	<p>
+		<b> Profile Applicability: </b> 1 <br>
+		<b> Type: </b> Behavioral Check <br>
+		<b> Category: </b> Control Plane Isolation <br>
+		<b> Description: </b> By default a container is not allowed to access any devices on the host, but a “privileged” container can access all devices on the host. A process within a privileged container can also get unrestricted host access. Hence, tenants should not be allowed to run privileged containers. <br>
+		<b> Remediation: </b> Define a `PodSecurityPolicy` with `privileged` set to `false` and map the policy to each tenant&#39;s namespace, or use a policy engine such as [OPA/Gatekeeper](https://github.com/open-policy-agent/gatekeeper) or [Kyverno](https://kyverno.io) to prevent tenants from running privileged containers. <br>
+	</p>
+
+  </body>
+</html>
diff --git a/...ks/kubectl-mtb/test/benchmarks/block_privileged_containers/block_privileged_containers.go b/...ks/kubectl-mtb/test/benchmarks/block_privileged_containers/block_privileged_containers.go
@@ -34,7 +34,7 @@ var bpcBenchmark = &benchmark.Benchmark{
 }
 
 // NewBenchmark returns the pointer of the benchmark
-func NewBenchmark(path string) *benchmark.Benchmark {
+func NewBenchmark() *benchmark.Benchmark {
 	box := packr.New("Config", ".")
 
 	// Get the []byte representation of a file, or an error if it doesn't exist:
@@ -43,7 +43,7 @@ func NewBenchmark(path string) *benchmark.Benchmark {
 		log.Fatal(err)
 	}
 
-	err = bpcBenchmark.ReadConfig(config, path)
+	err = bpcBenchmark.ReadConfig(config)
 	if err != nil {
 		fmt.Println(err)
 	}

diff --git a/benchmarks/kubectl-mtb/test/constants.go b/benchmarks/kubectl-mtb/test/constants.go
diff --git a/benchmarks/kubectl-mtb/test/test.go b/benchmarks/kubectl-mtb/test/test.go
@@ -14,7 +14,7 @@ var benchmarkSuite = &suite.BenchmarkSuite{
 func NewBenchmarkSuite() *suite.BenchmarkSuite {
 
 	// Add Benchmarks
-	benchmarkSuite.Add(blockprivilegedcontainers.NewBenchmark(blockprivileged))
+	benchmarkSuite.Add(blockprivilegedcontainers.NewBenchmark())
 
 	return benchmarkSuite
 }
diff --git a/benchmarks/kubectl-mtb/test/util/util.go b/benchmarks/kubectl-mtb/test/util/util.go
@@ -21,7 +21,15 @@ func Exists(path string) (bool, error) {
 func GetDirectory(path string, delimiter string) string {
 
 	dir := strings.Split(path, delimiter)
-	testDir := dir[len(dir)-1]
+	dir = dir[0 : len(dir)-1]
+	dirPath := strings.Join(dir[:], "/")
 
-	return testDir
+	return dirPath
+}
+
+func CheckError(err error) {
+	if err != nil {
+		fmt.Println("Fatal error ", err.Error())
+		os.Exit(1)
+	}
 }