forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dc.go
53 lines (43 loc) · 2.1 KB
/
dc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
package analysis
import (
"github.com/gonum/graph"
osgraph "github.com/openshift/origin/pkg/api/graph"
"github.com/openshift/origin/pkg/api/graph/graphview"
kubeanalysis "github.com/openshift/origin/pkg/api/kubegraph/analysis"
kubegraph "github.com/openshift/origin/pkg/api/kubegraph/nodes"
deploygraph "github.com/openshift/origin/pkg/deploy/graph/nodes"
)
// DescendentNodesByNodeKind starts at the root navigates down the root. Every edge is checked against the edgeChecker
// to determine whether or not to follow it. The nodes at the tail end of every chased edge are then checked against the
// the targetNodeKind. Matches are added to the return and every checked node then has its edges checked: lather, rinse, repeat
func DescendentNodesByNodeKind(g osgraph.Graph, visitedNodes graphview.IntSet, node graph.Node, targetNodeKind string, edgeChecker osgraph.EdgeFunc) []graph.Node {
if visitedNodes.Has(node.ID()) {
return []graph.Node{}
}
visitedNodes.Insert(node.ID())
ret := []graph.Node{}
for _, successor := range g.Successors(node) {
edge := g.EdgeBetween(node, successor)
kind := g.EdgeKind(edge)
if edgeChecker(osgraph.New(), node, successor, kind) {
if g.Kind(successor) == targetNodeKind {
ret = append(ret, successor)
}
ret = append(ret, DescendentNodesByNodeKind(g, visitedNodes, successor, targetNodeKind, edgeChecker)...)
}
}
return ret
}
// CheckMountedSecrets checks to be sure that all the referenced secrets are mountable (by service account) and present (not synthetic)
func CheckMountedSecrets(g osgraph.Graph, dcNode *deploygraph.DeploymentConfigNode) ( /*unmountable secrets*/ []*kubegraph.SecretNode /*unresolved secrets*/, []*kubegraph.SecretNode) {
podSpecs := DescendentNodesByNodeKind(g, graphview.IntSet{}, dcNode, kubegraph.PodSpecNodeKind, func(g osgraph.Interface, head, tail graph.Node, edgeKind string) bool {
if edgeKind == osgraph.ContainsEdgeKind {
return true
}
return false
})
if len(podSpecs) > 0 {
return kubeanalysis.CheckMountedSecrets(g, podSpecs[0].(*kubegraph.PodSpecNode))
}
return []*kubegraph.SecretNode{}, []*kubegraph.SecretNode{}
}