minor fixes

Signed-off-by: kaizhe <[email protected]>

Author: Kaizhe

advisor/processor/generate.go

@@ -3,9 +3,9 @@ package processor
 import (
 	"fmt"
 
-	"github.com/sysdiglabs/kube-psp-advisor/generator"
 	"github.com/sysdiglabs/kube-psp-advisor/advisor/report"
 	"github.com/sysdiglabs/kube-psp-advisor/advisor/types"
+	"github.com/sysdiglabs/kube-psp-advisor/generator"
 
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/api/policy/v1beta1"
@@ -25,7 +25,8 @@ type Processor struct {
 // NewProcessor returns a new processor
 func NewProcessor(kubeconfig string) (*Processor, error) {
 
-	gen, err := generator.NewGenerator(); if err != nil {
+	gen, err := generator.NewGenerator()
+	if err != nil {
 		return nil, fmt.Errorf("Could not create generator: %v", err)
 	}
 

advisor/processor/get.go

@@ -262,4 +262,3 @@ func (p *Processor) getServiceAccountMap() (map[string]v1.ServiceAccount, error)
 
 	return serviceAccountMap, nil
 }
-

container/Dockerfile

@@ -13,3 +13,4 @@ ENV PATH /go/src/kube-psp-advisor:$PATH
 RUN apk del curl
 
 ENTRYPOINT ["kube-psp-advisor"]
+CMD ["inspect"]

generator/generator.go

@@ -2,28 +2,28 @@ package generator
 
 import (
 	"bytes"
-	"fmt"
 	"encoding/json"
-	
+	"fmt"
+
 	"github.com/ghodss/yaml"
 
-	"github.com/sysdiglabs/kube-psp-advisor/advisor/types"	
-	"github.com/sysdiglabs/kube-psp-advisor/utils"	
+	"github.com/sysdiglabs/kube-psp-advisor/advisor/types"
+	"github.com/sysdiglabs/kube-psp-advisor/utils"
 
-	v1 "k8s.io/api/core/v1"
 	appsv1 "k8s.io/api/apps/v1"
-	v1beta1 "k8s.io/api/policy/v1beta1"
 	batch "k8s.io/api/batch/v1"
 	batchv1beta1 "k8s.io/api/batch/v1beta1"
-	
+	v1 "k8s.io/api/core/v1"
+	v1beta1 "k8s.io/api/policy/v1beta1"
+
 	"reflect"
 	"strings"
 	"time"
 )
 
 const (
 	volumeTypeSecret = "secret"
-)	
+)
 
 type Generator struct {
 }
@@ -313,7 +313,7 @@ func (pg *Generator) GeneratePSP(
 	pssList []types.PodSecuritySpec,
 	namespace string,
 	serverGitVersion string) *v1beta1.PodSecurityPolicy {
-	
+
 	var ns string
 	// no PSP will be generated if no security spec is provided
 	if len(cssList) == 0 && len(pssList) == 0 {
@@ -507,11 +507,13 @@ func (pg *Generator) fromPodObj(metadata types.Metadata, spec v1.PodSpec) (strin
 	// 1.11, which allows enforcing ReadOnly.
 	psp := pg.GeneratePSP(cssList, pssList, "default", types.Version1_11)
 
-	pspJson, err := json.Marshal(psp); if err != nil {
+	pspJson, err := json.Marshal(psp)
+	if err != nil {
 		return "", fmt.Errorf("Could not marshal resulting PSP: %v", err)
 	}
 
-	pspYaml, err := yaml.JSONToYAML(pspJson); if err != nil {
+	pspYaml, err := yaml.JSONToYAML(pspJson)
+	if err != nil {
 		return "", fmt.Errorf("Could not convert resulting PSP to Json: %v", err)
 	}
 
@@ -576,7 +578,8 @@ func (pg *Generator) fromPod(pod *v1.Pod) (string, error) {
 
 func (pg *Generator) FromPodObjString(podObjString string) (string, error) {
 
-	podObjJson, err := yaml.YAMLToJSON([]byte(podObjString)); if err != nil {
+	podObjJson, err := yaml.YAMLToJSON([]byte(podObjString))
+	if err != nil {
 		return "", fmt.Errorf("Could not parse pod Object: %v", err)
 	}
 
@@ -644,4 +647,3 @@ func (pg *Generator) FromPodObjString(podObjString string) (string, error) {
 
 	return "", fmt.Errorf("K8s Object not one of supported types")
 }
-

kube-psp-advisor.go

@@ -5,9 +5,10 @@ import (
 
 	"io/ioutil"
 
-	log "github.com/sirupsen/logrus"
 	"os"
 
+	log "github.com/sirupsen/logrus"
+
 	"path/filepath"
 
 	"github.com/spf13/cobra"
@@ -114,7 +115,8 @@ func main() {
 		Short: "Inspect a live K8s Environment to generate a PodSecurityPolicy",
 		Long:  "Fetch all objects in the provided namespace to generate a Pod Security Policy",
 		Run: func(cmd *cobra.Command, args []string) {
-			err := inspectPsp(kubeconfig, withReport, namespace); if err != nil {
+			err := inspectPsp(kubeconfig, withReport, namespace)
+			if err != nil {
 				log.Fatalf("Could not run inspect command: %v", err)
 			}
 		},
@@ -133,9 +135,10 @@ func main() {
 				log.Fatalf("--pspFile must be provided")
 			}
 		},
-		
+
 		Run: func(cmd *cobra.Command, args []string) {
-			err := convertPsp(podObjFilename, pspFilename); if err != nil {
+			err := convertPsp(podObjFilename, pspFilename)
+			if err != nil {
 				log.Fatalf("Could not run convert command: %v", err)
 			}
 		},

scripts/example

@@ -19,9 +19,9 @@ kubectl apply -f examples/roles.yaml || true
 kubectl apply -f examples/pods.yaml || true
 
 # generate psp and update the pod security policy name
-./kube-psp-advisor --namespace privileged | sed -e 's/pod-security.*/psp-privileged/g' | kubectl apply -f -
+./kube-psp-advisor inspect --namespace privileged | sed -e 's/pod-security.*/psp-privileged/g' | kubectl apply -f -
 
-./kube-psp-advisor --namespace restricted | sed -e 's/pod-security.*/psp-restricted/g' | kubectl apply -f -
+./kube-psp-advisor inspect --namespace restricted | sed -e 's/pod-security.*/psp-restricted/g' | kubectl apply -f -
 
 # test creating pods that pass the pod security policies
 kubectl apply -f examples/pods-allow.yaml || true