extract ValidateResources from FileLinter into ResourceLinter, update…

… SecurityGroupLinter to use it
stelligent · Mar 31, 2018 · e46323b · e46323b
1 parent f7d8f7e
commit e46323b
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 31 deletions.
diff --git a/README.md b/README.md
@@ -242,3 +242,4 @@ Rules:
 * Add variable interpolation for Terraform files
 * Update value_from to handle JSON return values
 * Need to include the search expression result that triggered a violation, include it in the Violation
+* Create a Provider interface for AWS calls, create a mock for testing SecurityGroupLinter
diff --git a/cli/file_linter.go b/cli/file_linter.go
@@ -5,50 +5,26 @@ import (
 	"github.com/stelligent/config-lint/assertion"
 )
 
-// FileLinter provides implmenation for some common functions that are used by multiple Linter implementations
+// FileLinter provides implementation for some common functions that are used by multiple Linter implementations
 type FileLinter struct {
 	Log assertion.LoggingFunction
 }
 
-// ValidateResources evaluates a list of Rule objects to a list of Resource objects
-func (l FileLinter) ValidateResources(resources []assertion.Resource, rules []assertion.Rule) ([]assertion.Violation, error) {
-
-	valueSource := assertion.StandardValueSource{Log: l.Log}
-	resolvedRules := assertion.ResolveRules(rules, valueSource, l.Log)
-	externalRules := assertion.StandardExternalRuleInvoker{Log: l.Log}
-
-	allViolations := make([]assertion.Violation, 0)
-	for _, rule := range resolvedRules {
-		l.Log(fmt.Sprintf("Rule %s: %s", rule.ID, rule.Message))
-		for _, resource := range assertion.FilterResourcesByType(resources, rule.Resource) {
-			if assertion.ExcludeResource(rule, resource) {
-				l.Log(fmt.Sprintf("Ignoring resource %s", resource.ID))
-			} else {
-				_, violations, err := assertion.CheckRule(rule, resource, externalRules, l.Log)
-				if err != nil {
-					return allViolations, err
-				}
-				allViolations = append(allViolations, violations...)
-			}
-		}
-	}
-	return allViolations, nil
-}
-
 // ValidateFiles validates a collection of filenames using a RuleSet
 func (l FileLinter) ValidateFiles(filenames []string, ruleSet assertion.RuleSet, tags []string, ruleIDs []string, loader ResourceLoader) ([]string, []assertion.Violation, error) {
 	rules := assertion.FilterRulesByTagAndID(ruleSet.Rules, tags, ruleIDs)
 	allViolations := make([]assertion.Violation, 0)
 	filesScanned := make([]string, 0)
+	r := ResourceLinter{Log: l.Log}
 	for _, filename := range filenames {
-		include, _ := assertion.ShouldIncludeFile(ruleSet.Files, filename) // FIXME what about error?
-		if include {
+		include, err := assertion.ShouldIncludeFile(ruleSet.Files, filename)
+		if err == nil && include {
 			l.Log(fmt.Sprintf("Processing %s", filename))
 			resources, err := loader.Load(filename)
 			if err != nil {
 				return filesScanned, allViolations, err
 			}
-			violations, err := l.ValidateResources(resources, rules)
+			violations, err := r.ValidateResources(resources, rules)
 			if err != nil {
 				return filesScanned, allViolations, err
 			}

diff --git a/cli/resource_linter.go b/cli/resource_linter.go
@@ -0,0 +1,36 @@
+package main
+
+import (
+	"fmt"
+	"github.com/stelligent/config-lint/assertion"
+)
+
+// ResourceLinter provides the basic validation logic used by all linters
+type ResourceLinter struct {
+	Log assertion.LoggingFunction
+}
+
+// ValidateResources evaluates a list of Rule objects to a list of Resource objects
+func (r ResourceLinter) ValidateResources(resources []assertion.Resource, rules []assertion.Rule) ([]assertion.Violation, error) {
+
+	valueSource := assertion.StandardValueSource{Log: r.Log}
+	resolvedRules := assertion.ResolveRules(rules, valueSource, r.Log)
+	externalRules := assertion.StandardExternalRuleInvoker{Log: r.Log}
+
+	allViolations := make([]assertion.Violation, 0)
+	for _, rule := range resolvedRules {
+		r.Log(fmt.Sprintf("Rule %s: %s", rule.ID, rule.Message))
+		for _, resource := range assertion.FilterResourcesByType(resources, rule.Resource) {
+			if assertion.ExcludeResource(rule, resource) {
+				r.Log(fmt.Sprintf("Ignoring resource %s", resource.ID))
+			} else {
+				_, violations, err := assertion.CheckRule(rule, resource, externalRules, r.Log)
+				if err != nil {
+					return allViolations, err
+				}
+				allViolations = append(allViolations, violations...)
+			}
+		}
+	}
+	return allViolations, nil
+}
diff --git a/cli/security_group.go b/cli/security_group.go
@@ -57,8 +57,8 @@ func (l SecurityGroupLinter) Validate(filenames []string, ruleSet assertion.Rule
 	if err != nil {
 		return noFilenames, []assertion.Violation{}, err
 	}
-	f := FileLinter{Log: l.Log}
-	violations, err := f.ValidateResources(resources, rules)
+	r := ResourceLinter{Log: l.Log}
+	violations, err := r.ValidateResources(resources, rules)
 	return noFilenames, violations, err
 }