fea(score) image tag scoring

zegl · Sep 17, 2018 · bc3e749 · bc3e749
1 parent 9ccee7d
commit bc3e749
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 0 deletions.
diff --git a/score/score.go b/score/score.go
@@ -5,6 +5,7 @@ import (
 	"io"
 	"io/ioutil"
 	"log"
+	"strings"
 
 	//"errors"
 	//"fmt"
@@ -94,6 +95,7 @@ func Score(file io.Reader) (*Scorecard, error) {
 
 	podTests := []func(corev1.PodSpec) TestScore{
 		scoreContainerLimits,
+		scoreContainerImageTag,
 	}
 
 	scoreCard := Scorecard{}
@@ -160,3 +162,30 @@ func scoreContainerLimits(pod corev1.PodSpec) (score TestScore) {
 
 	return
 }
+
+func scoreContainerImageTag(pod corev1.PodSpec) (score TestScore) {
+	score.Name = "Container Image Tag"
+
+	allContainers := pod.InitContainers
+	allContainers = append(allContainers, pod.Containers...)
+
+	hasTagLatest := false
+
+	for _, container := range allContainers{
+		imageParts := strings.Split(container.Image, ":")
+		imageVersion := imageParts[len(imageParts)-1]
+
+		if imageVersion == "latest" {
+			score.Comments = append(score.Comments, "Image with latest tag")
+			hasTagLatest = true
+		}
+	}
+
+	if hasTagLatest {
+		score.Grade = 0
+	} else {
+		score.Grade = 10
+	}
+
+	return
+}
diff --git a/score/score_test.go b/score/score_test.go
@@ -46,3 +46,11 @@ func TestDeploymentResources(t *testing.T) {
 func TestStatefulSetResources(t *testing.T) {
 	testExpectedScore(t, "statefulset-test-resources.yaml", "Container Resources", 5)
 }
+
+func TestPodContainerTagLatest(t *testing.T) {
+	testExpectedScore(t, "pod-image-tag-latest.yaml", "Container Image Tag", 0)
+}
+
+func TestPodContainerTagFixed(t *testing.T) {
+	testExpectedScore(t, "pod-image-tag-fixed.yaml", "Container Image Tag", 10)
+}
diff --git a/score/testdata/pod-image-tag-fixed.yaml b/score/testdata/pod-image-tag-fixed.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-test-1
+spec:
+  containers:
+  - name: foobar
+    resources:
+    image: foo/bar:123
diff --git a/score/testdata/pod-image-tag-latest.yaml b/score/testdata/pod-image-tag-latest.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-test-1
+spec:
+  containers:
+  - name: foobar
+    resources:
+    image: foo/bar:latest