Skip to content

Commit

Permalink
Merge pull request #11403 from juanvallejo/jvallejo/prevent-validatin…
Browse files Browse the repository at this point in the history 
…g-forbidden-secrets

Merged by openshift-bot
  • Loading branch information
OpenShift Bot authored Nov 18, 2016
2 parents f056a5b + 2b79482 commit 271fff8
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 5 deletions.
12 changes: 10 additions & 2 deletions pkg/api/kubegraph/nodes/nodes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,11 @@ func EnsureSecretNode(g osgraph.MutableUniqueGraph, o *kapi.Secret) *SecretNode
return osgraph.EnsureUnique(g,
SecretNodeName(o),
func(node osgraph.Node) graph.Node {
return &SecretNode{node, o, true}
return &SecretNode{
Node: node,
Secret: o,
IsFound: true,
}
},
).(*SecretNode)
}
Expand All @@ -85,7 +89,11 @@ func FindOrCreateSyntheticSecretNode(g osgraph.MutableUniqueGraph, o *kapi.Secre
return osgraph.EnsureUnique(g,
SecretNodeName(o),
func(node osgraph.Node) graph.Node {
return &SecretNode{node, o, false}
return &SecretNode{
Node: node,
Secret: o,
IsFound: false,
}
},
).(*SecretNode)
}
Expand Down
12 changes: 9 additions & 3 deletions pkg/cmd/cli/describe/projectstatus.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -266,7 +266,7 @@ func (d *ProjectStatusDescriber) Describe(namespace, name string) (string, error

allMarkers := osgraph.Markers{}
allMarkers = append(allMarkers, createForbiddenMarkers(forbiddenResources)...)
for _, scanner := range getMarkerScanners(d.LogsCommandName, d.SecurityPolicyCommandFormat, d.SetProbeCommandName) {
for _, scanner := range getMarkerScanners(d.LogsCommandName, d.SecurityPolicyCommandFormat, d.SetProbeCommandName, forbiddenResources) {
allMarkers = append(allMarkers, scanner(g, f)...)
}

Expand Down Expand Up @@ -374,13 +374,19 @@ func createForbiddenMarkers(forbiddenResources sets.String) []osgraph.Marker {
return markers
}

func getMarkerScanners(logsCommandName, securityPolicyCommandFormat, setProbeCommandName string) []osgraph.MarkerScanner {
func getMarkerScanners(logsCommandName, securityPolicyCommandFormat, setProbeCommandName string, forbiddenResources sets.String) []osgraph.MarkerScanner {
return []osgraph.MarkerScanner{
func(g osgraph.Graph, f osgraph.Namer) []osgraph.Marker {
return kubeanalysis.FindRestartingPods(g, f, logsCommandName, securityPolicyCommandFormat)
},
kubeanalysis.FindDuelingReplicationControllers,
kubeanalysis.FindMissingSecrets,
func(g osgraph.Graph, f osgraph.Namer) []osgraph.Marker {
// do not attempt to add markers for missing secrets if dealing with forbidden errors
if forbiddenResources.Has("secrets") {
return []osgraph.Marker{}
}
return kubeanalysis.FindMissingSecrets(g, f)
},
kubeanalysis.FindHPASpecsMissingCPUTargets,
kubeanalysis.FindHPASpecsMissingScaleRefs,
kubeanalysis.FindOverlappingHPAs,
Expand Down

0 comments on commit 271fff8

Please sign in to comment.