add feature flags

Signed-off-by: Sinelnikov Michail <mikhail.sinelnikov@flant.com>

Author: RottenRat

internal/module/module.go

@@ -194,7 +194,85 @@ func mapRuleSettings(linterSettings *pkg.LintersSettings, configSettings *config
 // mapContainerRules configures Container linter rules
 func mapContainerRules(linterSettings *pkg.LintersSettings, configSettings *config.LintersSettings, globalConfig *global.Linters) {
 	linterSettings.Container.Rules.RecommendedLabelsRule.SetLevel(
-		globalConfig.Container.RecommendedLabelsRule.Impact,
+		globalConfig.Container.Rules.RecommendedLabelsRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.NamespaceLabelsRule.SetLevel(
+		globalConfig.Container.Rules.NamespaceLabelsRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.ApiVersionRule.SetLevel(
+		globalConfig.Container.Rules.ApiVersionRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.PriorityClassRule.SetLevel(
+		globalConfig.Container.Rules.PriorityClassRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.DNSPolicyRule.SetLevel(
+		globalConfig.Container.Rules.DNSPolicyRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.ControllerSecurityContextRule.SetLevel(
+		globalConfig.Container.Rules.ControllerSecurityContextRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.NewRevisionHistoryLimitRule.SetLevel(
+		globalConfig.Container.Rules.NewRevisionHistoryLimitRule.Impact,
+		configSettings.Container.Impact,
+	)
+
+	// Container-specific rules
+	linterSettings.Container.Rules.NameDuplicatesRule.SetLevel(
+		globalConfig.Container.Rules.NameDuplicatesRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.ReadOnlyRootFilesystemRule.SetLevel(
+		globalConfig.Container.Rules.ReadOnlyRootFilesystemRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.NoNewPrivilegesRule.SetLevel(
+		globalConfig.Container.Rules.NoNewPrivilegesRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.SeccompProfileRule.SetLevel(
+		globalConfig.Container.Rules.SeccompProfileRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.HostNetworkPortsRule.SetLevel(
+		globalConfig.Container.Rules.HostNetworkPortsRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.EnvVariablesDuplicatesRule.SetLevel(
+		globalConfig.Container.Rules.EnvVariablesDuplicatesRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.ImageDigestRule.SetLevel(
+		globalConfig.Container.Rules.ImageDigestRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.ImagePullPolicyRule.SetLevel(
+		globalConfig.Container.Rules.ImagePullPolicyRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.ResourcesRule.SetLevel(
+		globalConfig.Container.Rules.ResourcesRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.ContainerSecurityContextRule.SetLevel(
+		globalConfig.Container.Rules.ContainerSecurityContextRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.PortsRule.SetLevel(
+		globalConfig.Container.Rules.PortsRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.LivenessRule.SetLevel(
+		globalConfig.Container.Rules.LivenessRule.Impact,
+		configSettings.Container.Impact,
+	)
+	linterSettings.Container.Rules.ReadinessRule.SetLevel(
+		globalConfig.Container.Rules.ReadinessRule.Impact,
 		configSettings.Container.Impact,
 	)
 }

pkg/config.go

@@ -290,7 +290,28 @@ func (l PrefixRuleExcludeList) Get() []PrefixRuleExclude {
 }
 
 type ContainerLinterRules struct {
-	RecommendedLabelsRule RuleConfig
+	RecommendedLabelsRule         RuleConfig
+	NamespaceLabelsRule           RuleConfig
+	ApiVersionRule                RuleConfig
+	PriorityClassRule             RuleConfig
+	DNSPolicyRule                 RuleConfig
+	ControllerSecurityContextRule RuleConfig
+	NewRevisionHistoryLimitRule   RuleConfig
+
+	// Container-specific rules
+	NameDuplicatesRule           RuleConfig
+	ReadOnlyRootFilesystemRule   RuleConfig
+	NoNewPrivilegesRule          RuleConfig
+	SeccompProfileRule           RuleConfig
+	HostNetworkPortsRule         RuleConfig
+	EnvVariablesDuplicatesRule   RuleConfig
+	ImageDigestRule              RuleConfig
+	ImagePullPolicyRule          RuleConfig
+	ResourcesRule                RuleConfig
+	ContainerSecurityContextRule RuleConfig
+	PortsRule                    RuleConfig
+	LivenessRule                 RuleConfig
+	ReadinessRule                RuleConfig
 }
 
 type ContainerExcludeRules struct {

pkg/config/global/global.go

@@ -40,8 +40,33 @@ type LinterConfig struct {
 }
 
 type ContainerLinterConfig struct {
-	LinterConfig          `mapstructure:",squash"`
-	RecommendedLabelsRule RuleConfig `mapstructure:"recommended-labels"`
+	LinterConfig `mapstructure:",squash"`
+	Rules        ContainerRules `mapstructure:"rules"`
+}
+
+type ContainerRules struct {
+	RecommendedLabelsRule         RuleConfig `mapstructure:"recommended-labels"`
+	NamespaceLabelsRule           RuleConfig `mapstructure:"namespace-labels"`
+	ApiVersionRule                RuleConfig `mapstructure:"api-version"`
+	PriorityClassRule             RuleConfig `mapstructure:"priority-class"`
+	DNSPolicyRule                 RuleConfig `mapstructure:"dns-policy"`
+	ControllerSecurityContextRule RuleConfig `mapstructure:"controller-security-context"`
+	NewRevisionHistoryLimitRule   RuleConfig `mapstructure:"revision-history-limit"`
+
+	// Container-specific rules
+	NameDuplicatesRule           RuleConfig `mapstructure:"name-duplicates"`
+	ReadOnlyRootFilesystemRule   RuleConfig `mapstructure:"read-only-root-filesystem"`
+	NoNewPrivilegesRule          RuleConfig `mapstructure:"no-new-privileges"`
+	SeccompProfileRule           RuleConfig `mapstructure:"seccomp-profile"`
+	HostNetworkPortsRule         RuleConfig `mapstructure:"host-network-ports"`
+	EnvVariablesDuplicatesRule   RuleConfig `mapstructure:"env-variables-duplicates"`
+	ImageDigestRule              RuleConfig `mapstructure:"image-digest"`
+	ImagePullPolicyRule          RuleConfig `mapstructure:"image-pull-policy"`
+	ResourcesRule                RuleConfig `mapstructure:"resources"`
+	ContainerSecurityContextRule RuleConfig `mapstructure:"container-security-context"`
+	PortsRule                    RuleConfig `mapstructure:"ports"`
+	LivenessRule                 RuleConfig `mapstructure:"liveness-probe"`
+	ReadinessRule                RuleConfig `mapstructure:"readiness-probe"`
 }
 
 type ImagesLinterConfig struct {

pkg/linters/container/rules.go

@@ -28,14 +28,14 @@ func (l *Container) applyContainerRules(object storage.StoreObject, errorList *e
 	errorList = errorList.WithFilePath(object.GetPath())
 
 	rules.NewRecommendedLabelsRule().ObjectRecommendedLabels(object, errorList.WithRule("recommended-labels").WithMaxLevel(l.cfg.Rules.RecommendedLabelsRule.GetLevel()))
-	rules.NewNamespaceLabelsRule().ObjectNamespaceLabels(object, errorList)
-	rules.NewAPIVersionRule().ObjectAPIVersion(object, errorList)
-	rules.NewPriorityClassRule().ObjectPriorityClass(object, errorList)
+	rules.NewNamespaceLabelsRule().ObjectNamespaceLabels(object, errorList.WithRule("namespace-labels").WithMaxLevel(l.cfg.Rules.NamespaceLabelsRule.GetLevel()))
+	rules.NewAPIVersionRule().ObjectAPIVersion(object, errorList.WithRule("api-version").WithMaxLevel(l.cfg.Rules.ApiVersionRule.GetLevel()))
+	rules.NewPriorityClassRule().ObjectPriorityClass(object, errorList.WithRule("priority-class").WithMaxLevel(l.cfg.Rules.PriorityClassRule.GetLevel()))
 	rules.NewDNSPolicyRule(l.cfg.ExcludeRules.DNSPolicy.Get()).
-		ObjectDNSPolicy(object, errorList)
+		ObjectDNSPolicy(object, errorList.WithRule("dns-policy").WithMaxLevel(l.cfg.Rules.DNSPolicyRule.GetLevel()))
 	rules.NewControllerSecurityContextRule(l.cfg.ExcludeRules.ControllerSecurityContext.Get()).
-		ControllerSecurityContext(object, errorList)
-	rules.NewRevisionHistoryLimitRule().ObjectRevisionHistoryLimit(object, errorList)
+		ControllerSecurityContext(object, errorList.WithRule("controller-security-context").WithMaxLevel(l.cfg.Rules.ControllerSecurityContextRule.GetLevel()))
+	rules.NewRevisionHistoryLimitRule().ObjectRevisionHistoryLimit(object, errorList.WithRule("revision-history-limit").WithMaxLevel(l.cfg.Rules.NewRevisionHistoryLimitRule.GetLevel()))
 
 	allContainers, err := object.GetAllContainers()
 	if err != nil {
@@ -50,24 +50,44 @@ func (l *Container) applyContainerRules(object storage.StoreObject, errorList *e
 	}
 
 	containerRules := []func(storage.StoreObject, []corev1.Container, *errors.LintRuleErrorsList){
-		rules.NewNameDuplicatesRule().ContainerNameDuplicates,
-		rules.NewCheckReadOnlyRootFilesystemRule(l.cfg.ExcludeRules.ReadOnlyRootFilesystem.Get()).
-			ObjectReadOnlyRootFilesystem,
-		rules.NewNoNewPrivilegesRule(l.cfg.ExcludeRules.NoNewPrivileges.Get()).
-			ContainerNoNewPrivileges,
-		rules.NewSeccompProfileRule(l.cfg.ExcludeRules.SeccompProfile.Get()).
-			ContainerSeccompProfile,
-		rules.NewHostNetworkPortsRule(l.cfg.ExcludeRules.HostNetworkPorts.Get()).ObjectHostNetworkPorts,
-
-		// old with module names skipping
-		rules.NewEnvVariablesDuplicatesRule().ContainerEnvVariablesDuplicates,
-		rules.NewImageDigestRule(l.cfg.ExcludeRules.ImageDigest.Get()).ContainerImageDigestCheck,
-		rules.NewImagePullPolicyRule().ContainersImagePullPolicy,
-		rules.NewResourcesRule(l.cfg.ExcludeRules.Resources.Get()).
-			ContainerStorageEphemeral,
-		rules.NewContainerSecurityContextRule(l.cfg.ExcludeRules.SecurityContext.Get()).
-			ContainerSecurityContext,
-		rules.NewPortsRule(l.cfg.ExcludeRules.Ports.Get()).ContainerPorts,
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewNameDuplicatesRule().ContainerNameDuplicates(object, containers, errorList.WithRule("name-duplicates").WithMaxLevel(l.cfg.Rules.NameDuplicatesRule.GetLevel()))
+		},
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewCheckReadOnlyRootFilesystemRule(l.cfg.ExcludeRules.ReadOnlyRootFilesystem.Get()).
+				ObjectReadOnlyRootFilesystem(object, containers, errorList.WithRule("read-only-root-filesystem").WithMaxLevel(l.cfg.Rules.ReadOnlyRootFilesystemRule.GetLevel()))
+		},
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewNoNewPrivilegesRule(l.cfg.ExcludeRules.NoNewPrivileges.Get()).
+				ContainerNoNewPrivileges(object, containers, errorList.WithRule("no-new-privileges").WithMaxLevel(l.cfg.Rules.NoNewPrivilegesRule.GetLevel()))
+		},
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewSeccompProfileRule(l.cfg.ExcludeRules.SeccompProfile.Get()).
+				ContainerSeccompProfile(object, containers, errorList.WithRule("seccomp-profile").WithMaxLevel(l.cfg.Rules.SeccompProfileRule.GetLevel()))
+		},
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewHostNetworkPortsRule(l.cfg.ExcludeRules.HostNetworkPorts.Get()).ObjectHostNetworkPorts(object, containers, errorList.WithRule("host-network-ports").WithMaxLevel(l.cfg.Rules.HostNetworkPortsRule.GetLevel()))
+		},
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewEnvVariablesDuplicatesRule().ContainerEnvVariablesDuplicates(object, containers, errorList.WithRule("env-variables-duplicates").WithMaxLevel(l.cfg.Rules.EnvVariablesDuplicatesRule.GetLevel()))
+		},
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewImageDigestRule(l.cfg.ExcludeRules.ImageDigest.Get()).ContainerImageDigestCheck(object, containers, errorList.WithRule("image-digest").WithMaxLevel(l.cfg.Rules.ImageDigestRule.GetLevel()))
+		},
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewImagePullPolicyRule().ContainersImagePullPolicy(object, containers, errorList.WithRule("image-pull-policy").WithMaxLevel(l.cfg.Rules.ImagePullPolicyRule.GetLevel()))
+		},
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewResourcesRule(l.cfg.ExcludeRules.Resources.Get()).
+				ContainerStorageEphemeral(object, containers, errorList.WithRule("resources").WithMaxLevel(l.cfg.Rules.ResourcesRule.GetLevel()))
+		},
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewContainerSecurityContextRule(l.cfg.ExcludeRules.SecurityContext.Get()).
+				ContainerSecurityContext(object, containers, errorList.WithRule("container-security-context").WithMaxLevel(l.cfg.Rules.ContainerSecurityContextRule.GetLevel()))
+		},
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewPortsRule(l.cfg.ExcludeRules.Ports.Get()).ContainerPorts(object, containers, errorList.WithRule("ports").WithMaxLevel(l.cfg.Rules.PortsRule.GetLevel()))
+		},
 	}
 
 	for _, rule := range containerRules {
@@ -87,10 +107,14 @@ func (l *Container) applyContainerRules(object storage.StoreObject, errorList *e
 	}
 
 	notInitContainerRules := []func(storage.StoreObject, []corev1.Container, *errors.LintRuleErrorsList){
-		rules.NewLivenessRule(l.cfg.ExcludeRules.Liveness.Get()).
-			CheckProbe,
-		rules.NewReadinessRule(l.cfg.ExcludeRules.Readiness.Get()).
-			CheckProbe,
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewLivenessRule(l.cfg.ExcludeRules.Liveness.Get()).
+				CheckProbe(object, containers, errorList.WithRule("liveness-probe").WithMaxLevel(l.cfg.Rules.LivenessRule.GetLevel()))
+		},
+		func(object storage.StoreObject, containers []corev1.Container, errorList *errors.LintRuleErrorsList) {
+			rules.NewReadinessRule(l.cfg.ExcludeRules.Readiness.Get()).
+				CheckProbe(object, containers, errorList.WithRule("readiness-probe").WithMaxLevel(l.cfg.Rules.ReadinessRule.GetLevel()))
+		},
 	}
 
 	for _, rule := range notInitContainerRules {