Skip to content

Commit 3db3f3d

Browse files
KaizheKaizhe
committed
fix test and minor changes
Signed-off-by: kaizhe <[email protected]>
1 parent bdff33e commit 3db3f3d

File tree

3 files changed

+12
-33
lines changed

3 files changed

+12
-33
lines changed

advisor/processor/generate.go

Lines changed: 8 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,11 @@ import (
1414
)
1515

1616
type Processor struct {
17-
k8sClient *kubernetes.Clientset
18-
resourceNamePrefix map[string]bool
19-
namespace string
20-
serviceAccountMap map[string]v1.ServiceAccount
21-
serverGitVersion string
22-
gen *generator.Generator
17+
k8sClient *kubernetes.Clientset
18+
namespace string
19+
serviceAccountMap map[string]v1.ServiceAccount
20+
serverGitVersion string
21+
gen *generator.Generator
2322
}
2423

2524
// NewProcessor returns a new processor
@@ -46,10 +45,9 @@ func NewProcessor(kubeconfig string) (*Processor, error) {
4645
}
4746

4847
return &Processor{
49-
k8sClient: clientset,
50-
resourceNamePrefix: map[string]bool{},
51-
serverGitVersion: info.GitVersion,
52-
gen: gen,
48+
k8sClient: clientset,
49+
serverGitVersion: info.GitVersion,
50+
gen: gen,
5351
}, nil
5452
}
5553

advisor/processor/get.go

Lines changed: 3 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
package processor
22

33
import (
4-
"strings"
5-
64
"github.com/sysdiglabs/kube-psp-advisor/advisor/types"
75

86
"k8s.io/api/core/v1"
@@ -32,7 +30,6 @@ func (p *Processor) getSecuritySpecFromDaemonSets() ([]types.ContainerSecuritySp
3230
}
3331

3432
for _, ds := range daemonSetList.Items {
35-
p.resourceNamePrefix[ds.Name] = true
3633
sa := p.serviceAccountMap[ds.Spec.Template.Spec.ServiceAccountName]
3734
cspList2, podSecurityPosture := p.gen.GetSecuritySpecFromPodSpec(types.Metadata{
3835
Name: ds.Name,
@@ -58,11 +55,10 @@ func (p *Processor) getSecuritySpecFromReplicaSets() ([]types.ContainerSecurityS
5855
}
5956

6057
for _, rs := range replicaSetList.Items {
61-
if p.hasSpecRecorded(rs.Name) {
58+
if len(rs.OwnerReferences) > 0 {
6259
continue
6360
}
6461

65-
p.resourceNamePrefix[rs.Name] = true
6662
sa := p.serviceAccountMap[rs.Spec.Template.Spec.ServiceAccountName]
6763
cspList2, psc := p.gen.GetSecuritySpecFromPodSpec(types.Metadata{
6864
Name: rs.Name,
@@ -88,7 +84,6 @@ func (p *Processor) getSecuritySpecFromStatefulSets() ([]types.ContainerSecurity
8884
}
8985

9086
for _, sts := range statefulSetList.Items {
91-
p.resourceNamePrefix[sts.Name] = true
9287
sa := p.serviceAccountMap[sts.Spec.Template.Spec.ServiceAccountName]
9388
cspList2, pss := p.gen.GetSecuritySpecFromPodSpec(types.Metadata{
9489
Name: sts.Name,
@@ -114,7 +109,6 @@ func (p *Processor) getSecuritySpecFromReplicationController() ([]types.Containe
114109
}
115110

116111
for _, rc := range replicationControllerList.Items {
117-
p.resourceNamePrefix[rc.Name] = true
118112
sa := p.serviceAccountMap[rc.Spec.Template.Spec.ServiceAccountName]
119113
cspList2, pss := p.gen.GetSecuritySpecFromPodSpec(types.Metadata{
120114
Name: rc.Name,
@@ -140,7 +134,6 @@ func (p *Processor) getSecuritySpecFromCronJobs() ([]types.ContainerSecuritySpec
140134
}
141135

142136
for _, cronJob := range jobList.Items {
143-
p.resourceNamePrefix[cronJob.Name] = true
144137
sa := p.serviceAccountMap[cronJob.Spec.JobTemplate.Spec.Template.Spec.ServiceAccountName]
145138
cspList2, pss := p.gen.GetSecuritySpecFromPodSpec(types.Metadata{
146139
Name: cronJob.Name,
@@ -166,11 +159,9 @@ func (p *Processor) getSecuritySpecFromJobs() ([]types.ContainerSecuritySpec, []
166159
}
167160

168161
for _, job := range jobList.Items {
169-
if p.hasSpecRecorded(job.Name) {
162+
if len(job.OwnerReferences) > 0 {
170163
continue
171164
}
172-
173-
p.resourceNamePrefix[job.Name] = true
174165
sa := p.serviceAccountMap[job.Spec.Template.Spec.ServiceAccountName]
175166
cspList2, pss := p.gen.GetSecuritySpecFromPodSpec(types.Metadata{
176167
Name: job.Name,
@@ -196,7 +187,6 @@ func (p *Processor) getSecuritySpecFromDeployments() ([]types.ContainerSecurityS
196187
}
197188

198189
for _, deploy := range deployments.Items {
199-
p.resourceNamePrefix[deploy.Name] = true
200190
sa := p.serviceAccountMap[deploy.Spec.Template.Spec.ServiceAccountName]
201191
cspList2, pss := p.gen.GetSecuritySpecFromPodSpec(types.Metadata{
202192
Name: deploy.Name,
@@ -210,15 +200,6 @@ func (p *Processor) getSecuritySpecFromDeployments() ([]types.ContainerSecurityS
210200
return cssList, pssList, nil
211201
}
212202

213-
func (p *Processor) hasSpecRecorded(resourceName string) bool {
214-
for prefix := range p.resourceNamePrefix {
215-
if strings.HasPrefix(resourceName, prefix) {
216-
return true
217-
}
218-
}
219-
return false
220-
}
221-
222203
func (p *Processor) getSecuritySpecFromPods() ([]types.ContainerSecuritySpec, []types.PodSecuritySpec, error) {
223204
clientset := p.k8sClient
224205
cssList := []types.ContainerSecuritySpec{}
@@ -231,7 +212,7 @@ func (p *Processor) getSecuritySpecFromPods() ([]types.ContainerSecuritySpec, []
231212
}
232213

233214
for _, pod := range pods.Items {
234-
if p.hasSpecRecorded(pod.Name) {
215+
if len(pod.OwnerReferences) > 0 {
235216
continue
236217
}
237218

scripts/test

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,4 +7,4 @@ kubectl apply -f test-yaml/base-busybox.yaml
77

88
sleep 5
99

10-
./kube-psp-advisor
10+
./kube-psp-advisor inpsect

0 commit comments

Comments
 (0)