Validate with Helm and Kustomize Support (#392)

Signed-off-by: Manasa Chinta <[email protected]>
Co-authored-by: Tommy Barnes <[email protected]>
Co-authored-by: Brandon Foley <[email protected]>
Co-authored-by: David Gamero <[email protected]>

Author: 4 people

cmd/validate.go

@@ -3,16 +3,20 @@ package cmd
 import (
 	"context"
 	"fmt"
-	"path"
 
 	"github.com/Azure/draft/pkg/safeguards"
+	"github.com/Azure/draft/pkg/safeguards/types"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+
+	"helm.sh/helm/v3/pkg/chartutil"
 )
 
 type validateCmd struct {
-	manifestPath    string
-	imagePullSecret bool
+	manifestPath     string
+	imagePullSecret  bool
+	releaseName      string
+	releaseNamespace string
 }
 
 func init() {
@@ -38,6 +42,8 @@ func newValidateCmd() *cobra.Command {
 
 	f.StringVarP(&vc.manifestPath, "manifest", "m", "", "'manifest' asks for the path to the manifest")
 	f.BoolVarP(&vc.imagePullSecret, "imagePullSecret", "s", false, "'imagePullSecret' enables the Safeguard that checks for usage of an image pull secret within the manifest(s)")
+	f.StringVarP(&vc.releaseName, "releaseName", "n", "", "'releaseName' asks for a user-defined release name for the Helm package to use when rendering Helm projects in Draft")
+	f.StringVarP(&vc.releaseNamespace, "releaseNamespace", "e", "", "'releaseNamespace' asks for a user-defined release namespace for the Helm package to use when rendering Helm projects in Draft")
 
 	return cmd
 }
@@ -54,25 +60,19 @@ func (vc *validateCmd) run(c *cobra.Command) error {
 		safeguards.AddSafeguardCRIP()
 	}
 
-	ctx := context.Background()
-	isDir, err := safeguards.IsDirectory(vc.manifestPath)
-	if err != nil {
-		return fmt.Errorf("not a valid file or directory: %w", err)
+	var opt chartutil.ReleaseOptions
+	if vc.releaseName != "" {
+		opt.Name = vc.releaseName
+	}
+	if vc.releaseNamespace != "" {
+		opt.Namespace = vc.releaseNamespace
 	}
+	ctx := context.Background()
 
-	var manifestFiles []safeguards.ManifestFile
-	if isDir {
-		manifestFiles, err = safeguards.GetManifestFiles(vc.manifestPath)
-		if err != nil {
-			return err
-		}
-	} else if safeguards.IsYAML(vc.manifestPath) {
-		manifestFiles = append(manifestFiles, safeguards.ManifestFile{
-			Name: path.Base(vc.manifestPath),
-			Path: vc.manifestPath,
-		})
-	} else {
-		return fmt.Errorf("expected at least one .yaml or .yml file within given path")
+	var manifestFiles []types.ManifestFile
+	manifestFiles, err := safeguards.GetManifestFiles(vc.manifestPath, opt)
+	if err != nil {
+		return fmt.Errorf("error retrieving manifest files: %w", err)
 	}
 
 	log.Debugf("validating manifests")

cmd/validate_test.go

@@ -2,95 +2,84 @@ package cmd
 
 import (
 	"context"
-	"os"
-	"path"
-	"path/filepath"
-
 	"testing"
 
 	"github.com/Azure/draft/pkg/safeguards"
 	"github.com/Azure/draft/pkg/safeguards/preprocessing"
+	"github.com/Azure/draft/pkg/safeguards/types"
 	"github.com/stretchr/testify/assert"
-)
-
-// TestIsDirectory tests the isDirectory function for proper returns
-func TestIsDirectory(t *testing.T) {
-	testWd, _ := os.Getwd()
-	pathTrue := testWd
-	pathFalse := path.Join(testWd, "validate.go")
-	pathError := ""
-
-	isDir, err := safeguards.IsDirectory(pathTrue)
-	assert.True(t, isDir)
-	assert.Nil(t, err)
-
-	isDir, err = safeguards.IsDirectory(pathFalse)
-	assert.False(t, isDir)
-	assert.Nil(t, err)
-
-	isDir, err = safeguards.IsDirectory(pathError)
-	assert.False(t, isDir)
-	assert.NotNil(t, err)
-}
-
-// TestIsYAML tests the isYAML function for proper returns
-func TestIsYAML(t *testing.T) {
-	dirNotYaml, _ := filepath.Abs("../pkg/safeguards/tests/not-yaml")
-	dirYaml, _ := filepath.Abs("../pkg/safeguards/tests/all/success")
-	fileNotYaml, _ := filepath.Abs("../pkg/safeguards/tests/not-yaml/readme.md")
-	fileYaml, _ := filepath.Abs("../pkg/safeguards/tests/all/success/all-success-manifest-1.yaml")
-
-	assert.False(t, safeguards.IsYAML(fileNotYaml))
-	assert.True(t, safeguards.IsYAML(fileYaml))
 
-	manifestFiles, err := safeguards.GetManifestFiles(dirNotYaml)
-	assert.Nil(t, manifestFiles)
-	assert.NotNil(t, err)
+	"helm.sh/helm/v3/pkg/chartutil"
+)
 
-	manifestFiles, err = safeguards.GetManifestFiles(dirYaml)
-	assert.NotNil(t, manifestFiles)
-	assert.Nil(t, err)
-}
+const (
+	manifestPathDirectorySuccess = "../pkg/safeguards/tests/all/success"
+	manifestPathDirectoryError   = "../pkg/safeguards/tests/all/error"
+	manifestPathFileSuccess      = "../pkg/safeguards/tests/all/success/all-success-manifest-1.yaml"
+	manifestPathFileError        = "../pkg/safeguards/tests/all/error/all-error-manifest-1.yaml"
+	kustomizationPath            = "../pkg/safeguards/tests/kustomize/overlays/production"
+	chartPath                    = "../pkg/safeguards/tests/testmanifests/validchart"
+	kustomizationFilePath        = "../pkg/safeguards/tests/kustomize/overlays/production/kustomization.yaml"
+)
 
 // TestRunValidate tests the run command for `draft validate` for proper returns
 func TestRunValidate(t *testing.T) {
 	ctx := context.TODO()
-	manifestFilesEmpty := []safeguards.ManifestFile{}
-	manifestPathDirectorySuccess, _ := filepath.Abs("../pkg/safeguards/tests/all/success")
-	manifestPathDirectoryError, _ := filepath.Abs("../pkg/safeguards/tests/all/error")
-	manifestPathFileSuccess, _ := filepath.Abs("../pkg/safeguards/tests/all/success/all-success-manifest-1.yaml")
-	manifestPathFileError, _ := filepath.Abs("../pkg/safeguards/tests/all/error/all-error-manifest-1.yaml")
-	var manifestFiles []safeguards.ManifestFile
+	manifestFilesEmpty := []types.ManifestFile{}
+
+	var manifestFiles []types.ManifestFile
+	var opt chartutil.ReleaseOptions
 
 	// Scenario 1: empty manifest path should error
 	_, err := safeguards.GetManifestResults(ctx, manifestFilesEmpty)
 	assert.NotNil(t, err)
 
 	// Scenario 2a: manifest path leads to a directory of manifestFiles - expect success
-	manifestFiles, err = safeguards.GetManifestFiles(manifestPathDirectorySuccess)
+	manifestFiles, err = safeguards.GetManifestFiles(manifestPathDirectorySuccess, opt)
 	assert.Nil(t, err)
 	v, err := safeguards.GetManifestResults(ctx, manifestFiles)
 	assert.Nil(t, err)
 	numViolations := countTestViolations(v)
 	assert.Equal(t, numViolations, 0)
 
 	// Scenario 2b: manifest path leads to a directory of manifestFiles - expect failure
-	manifestFiles, err = safeguards.GetManifestFiles(manifestPathDirectoryError)
+	manifestFiles, err = safeguards.GetManifestFiles(manifestPathDirectoryError, opt)
 	assert.Nil(t, err)
 	v, err = safeguards.GetManifestResults(ctx, manifestFiles)
 	assert.Nil(t, err)
 	numViolations = countTestViolations(v)
 	assert.Greater(t, numViolations, 0)
 
 	// Scenario 3a: manifest path leads to one manifest file - expect success
-	manifestFiles, err = safeguards.GetManifestFiles(manifestPathFileSuccess)
+	manifestFiles, err = safeguards.GetManifestFiles(manifestPathFileSuccess, opt)
+	assert.Nil(t, err)
 	v, err = safeguards.GetManifestResults(ctx, manifestFiles)
 	assert.Nil(t, err)
 	numViolations = countTestViolations(v)
 	assert.Equal(t, numViolations, 0)
 
 	// Scenario 3b: manifest path leads to one manifest file - expect failure
-	manifestFiles, err = safeguards.GetManifestFiles(manifestPathFileError)
+	manifestFiles, err = safeguards.GetManifestFiles(manifestPathFileError, opt)
+	assert.Nil(t, err)
+	v, err = safeguards.GetManifestResults(ctx, manifestFiles)
+	assert.Nil(t, err)
+	numViolations = countTestViolations(v)
+	assert.Greater(t, numViolations, 0)
+
+	//Scenario 4: Test Kustomize
+	manifestFiles, err = safeguards.GetManifestFiles(kustomizationPath, opt)
+	assert.Nil(t, err)
+	v, err = safeguards.GetManifestResults(ctx, manifestFiles)
+	assert.Nil(t, err)
+	numViolations = countTestViolations(v)
+	assert.Greater(t, numViolations, 0)
+
+	// Scenario 5: Test Helm
+	opt.Name = "test-release-name"
+	opt.Namespace = "test-release-namespace"
+
+	manifestFiles, err = safeguards.GetManifestFiles(chartPath, opt)
+	assert.Nil(t, err)
 	v, err = safeguards.GetManifestResults(ctx, manifestFiles)
 	assert.Nil(t, err)
 	numViolations = countTestViolations(v)
@@ -100,25 +89,19 @@ func TestRunValidate(t *testing.T) {
 // TestRunValidate_Kustomize tests the run command for `draft validate` for proper returns when given a kustomize project
 func TestRunValidate_Kustomize(t *testing.T) {
 	ctx := context.TODO()
-	kustomizationPath, _ := filepath.Abs("../pkg/safeguards/tests/kustomize/overlays/production")
-	kustomizationFilePath, _ := filepath.Abs("../pkg/safeguards/tests/kustomize/overlays/production/kustomization.yaml")
-
-	makeTempDir(t)
-	t.Cleanup(func() { cleanupDir(t, tempDir) })
-
-	var manifestFiles []safeguards.ManifestFile
+	var manifestFiles []types.ManifestFile
 	var err error
 
 	// Scenario 1a: kustomizationPath leads to a directory containing kustomization.yaml - expect success
-	manifestFiles, err = preprocessing.RenderKustomizeManifest(kustomizationPath, tempDir)
+	manifestFiles, err = preprocessing.RenderKustomizeManifest(kustomizationPath)
 	assert.Nil(t, err)
 	v, err := safeguards.GetManifestResults(ctx, manifestFiles)
 	assert.Nil(t, err)
 	numViolations := countTestViolations(v)
 	assert.Equal(t, numViolations, 1)
 
 	// Scenario 1b: kustomizationFilePath path leads to a specific kustomization.yaml - expect success
-	manifestFiles, err = preprocessing.RenderKustomizeManifest(kustomizationFilePath, tempDir)
+	manifestFiles, err = preprocessing.RenderKustomizeManifest(kustomizationFilePath)
 	assert.Nil(t, err)
 	v, err = safeguards.GetManifestResults(ctx, manifestFiles)
 	assert.Nil(t, err)

cmd/validate_test_helpers.go

@@ -1,33 +1,14 @@
 package cmd
 
 import (
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/Azure/draft/pkg/safeguards"
+	types "github.com/Azure/draft/pkg/safeguards/types"
 )
 
-var tempDir, _ = filepath.Abs("./testdata")
-
-func countTestViolations(results []safeguards.ManifestResult) int {
+func countTestViolations(results []types.ManifestResult) int {
 	numViolations := 0
 	for _, r := range results {
 		numViolations += len(r.ObjectViolations)
 	}
 
 	return numViolations
 }
-
-func makeTempDir(t *testing.T) {
-	if err := os.MkdirAll(tempDir, 0755); err != nil {
-		t.Fatalf("failed to create temporary output directory: %s", err)
-	}
-}
-
-func cleanupDir(t *testing.T, dir string) {
-	err := os.RemoveAll(dir)
-	if err != nil {
-		t.Fatalf("Failed to clean directory: %s", err)
-	}
-}