Refactor latest-tag check to use docker distribution package.
parent
787fc63030
commit
3e49be5d62
|
@ -6,6 +6,7 @@ import (
|
|||
|
||||
"github.com/digitalocean/clusterlint/checks"
|
||||
"github.com/digitalocean/clusterlint/kube"
|
||||
"github.com/docker/distribution/reference"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
)
|
||||
|
||||
|
@ -51,8 +52,9 @@ func (l *latestTagCheck) Run(objects *kube.Objects) (warnings []error, errors []
|
|||
func checkTags(containers []corev1.Container, podName string, namespace string) []error {
|
||||
var w []error
|
||||
for _, container := range containers {
|
||||
image := container.Image[strings.LastIndex(container.Image, "/")+1:]
|
||||
if strings.Contains(image, ":latest") || !strings.Contains(image, ":") {
|
||||
namedRef, _ := reference.ParseNormalizedNamed(container.Image)
|
||||
tagNameOnly := reference.TagNameOnly(namedRef)
|
||||
if strings.HasSuffix(tagNameOnly.String(), ":latest") {
|
||||
w = append(w, fmt.Errorf("[Best Practice] Use specific tags instead of latest for container '%s' in pod '%s' in namespace '%s'", container.Name, podName, namespace))
|
||||
}
|
||||
}
|
||||
|
|
|
@ -56,27 +56,27 @@ func TestLatestTagWarning(t *testing.T) {
|
|||
},
|
||||
{
|
||||
name: "pod with container image - private:5000/repo/busybox",
|
||||
arg: container("http://private:5000/repo/busybox"),
|
||||
arg: container("private:5000/repo/busybox"),
|
||||
expected: issues(warning),
|
||||
},
|
||||
{
|
||||
name: "pod with container image - private:5000/repo/busybox:latest",
|
||||
arg: container("http://private:5000/repo/busybox:latest"),
|
||||
arg: container("private:5000/repo/busybox:latest"),
|
||||
expected: issues(warning),
|
||||
},
|
||||
{
|
||||
name: "pod with container image - test:5000/repo@sha256:digest",
|
||||
arg: container("test:5000/repo@sha256:digest"),
|
||||
name: "pod with container image - test:5000/repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
|
||||
arg: container("test:5000/repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
name: "pod with container image - repo@sha256:digest",
|
||||
arg: container("repo@sha256:digest"),
|
||||
name: "pod with container image - repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
|
||||
arg: container("repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
name: "pod with container image - test:5000/repo:ignore-tag@sha256:digest",
|
||||
arg: container("test:5000/repo:ignore-tag@sha256:digest"),
|
||||
name: "pod with container image - test:5000/repo/image:ignore-tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
|
||||
arg: container("test:5000/repo/image:ignore-tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
|
@ -106,28 +106,28 @@ func TestLatestTagWarning(t *testing.T) {
|
|||
expected: issues(warning),
|
||||
},
|
||||
{
|
||||
name: "pod with container image - http://private:5000/repo/busybox",
|
||||
arg: container("http://private:5000/repo/busybox"),
|
||||
name: "pod with container image - private:5000/repo/busybox",
|
||||
arg: container("private:5000/repo/busybox"),
|
||||
expected: issues(warning),
|
||||
},
|
||||
{
|
||||
name: "pod with container image - http://private:5000/repo/busybox:latest",
|
||||
arg: container("http://private:5000/repo/busybox:latest"),
|
||||
name: "pod with container image - private:5000/repo/busybox:latest",
|
||||
arg: container("private:5000/repo/busybox:latest"),
|
||||
expected: issues(warning),
|
||||
},
|
||||
{
|
||||
name: "pod with container image - test:5000/repo@sha256:digest",
|
||||
arg: initContainer("test:5000/repo@sha256:digest"),
|
||||
name: "pod with container image - test:5000/repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
|
||||
arg: initContainer("test:5000/repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
name: "pod with container image - test:5000/repo:ignore-tag@sha256:digest",
|
||||
arg: initContainer("test:5000/repo:ignore-tag@sha256:digest"),
|
||||
name: "pod with container image - test:5000/repo/image:ignore-tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
|
||||
arg: initContainer("test:5000/repo/image:ignore-tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
name: "pod with container image - repo@sha256:digest",
|
||||
arg: initContainer("repo@sha256:digest"),
|
||||
name: "pod with container image - repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
|
||||
arg: initContainer("repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue