From 3e49be5d62ecfaa86f0064ba25e0c1351730695d Mon Sep 17 00:00:00 2001
From: Varsha Varadarajan <vvaradarajan@digitalocean.com>
Date: Fri, 21 Jun 2019 12:08:30 -0400
Subject: [PATCH] Refactor latest-tag check to use docker distribution package.

---
 checks/basic/latest_tag.go      |  6 ++++--
 checks/basic/latest_tag_test.go | 36 ++++++++++++++++-----------------
 2 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/checks/basic/latest_tag.go b/checks/basic/latest_tag.go
index f886be9..22ab2e0 100644
--- a/checks/basic/latest_tag.go
+++ b/checks/basic/latest_tag.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/digitalocean/clusterlint/checks"
 	"github.com/digitalocean/clusterlint/kube"
+	"github.com/docker/distribution/reference"
 	corev1 "k8s.io/api/core/v1"
 )
 
@@ -51,8 +52,9 @@ func (l *latestTagCheck) Run(objects *kube.Objects) (warnings []error, errors []
 func checkTags(containers []corev1.Container, podName string, namespace string) []error {
 	var w []error
 	for _, container := range containers {
-		image := container.Image[strings.LastIndex(container.Image, "/")+1:]
-		if strings.Contains(image, ":latest") || !strings.Contains(image, ":") {
+		namedRef, _ := reference.ParseNormalizedNamed(container.Image)
+		tagNameOnly := reference.TagNameOnly(namedRef)
+		if strings.HasSuffix(tagNameOnly.String(), ":latest") {
 			w = append(w, fmt.Errorf("[Best Practice] Use specific tags instead of latest for container '%s' in pod '%s' in namespace '%s'", container.Name, podName, namespace))
 		}
 	}
diff --git a/checks/basic/latest_tag_test.go b/checks/basic/latest_tag_test.go
index 4ffc2b9..1698277 100644
--- a/checks/basic/latest_tag_test.go
+++ b/checks/basic/latest_tag_test.go
@@ -56,27 +56,27 @@ func TestLatestTagWarning(t *testing.T) {
 		},
 		{
 			name:     "pod with container image - private:5000/repo/busybox",
-			arg:      container("http://private:5000/repo/busybox"),
+			arg:      container("private:5000/repo/busybox"),
 			expected: issues(warning),
 		},
 		{
 			name:     "pod with container image - private:5000/repo/busybox:latest",
-			arg:      container("http://private:5000/repo/busybox:latest"),
+			arg:      container("private:5000/repo/busybox:latest"),
 			expected: issues(warning),
 		},
 		{
-			name:     "pod with container image - test:5000/repo@sha256:digest",
-			arg:      container("test:5000/repo@sha256:digest"),
+			name:     "pod with container image - test:5000/repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+			arg:      container("test:5000/repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
 			expected: nil,
 		},
 		{
-			name:     "pod with container image - repo@sha256:digest",
-			arg:      container("repo@sha256:digest"),
+			name:     "pod with container image - repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+			arg:      container("repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
 			expected: nil,
 		},
 		{
-			name:     "pod with container image - test:5000/repo:ignore-tag@sha256:digest",
-			arg:      container("test:5000/repo:ignore-tag@sha256:digest"),
+			name:     "pod with container image - test:5000/repo/image:ignore-tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+			arg:      container("test:5000/repo/image:ignore-tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
 			expected: nil,
 		},
 		{
@@ -106,28 +106,28 @@ func TestLatestTagWarning(t *testing.T) {
 			expected: issues(warning),
 		},
 		{
-			name:     "pod with container image - http://private:5000/repo/busybox",
-			arg:      container("http://private:5000/repo/busybox"),
+			name:     "pod with container image - private:5000/repo/busybox",
+			arg:      container("private:5000/repo/busybox"),
 			expected: issues(warning),
 		},
 		{
-			name:     "pod with container image - http://private:5000/repo/busybox:latest",
-			arg:      container("http://private:5000/repo/busybox:latest"),
+			name:     "pod with container image - private:5000/repo/busybox:latest",
+			arg:      container("private:5000/repo/busybox:latest"),
 			expected: issues(warning),
 		},
 		{
-			name:     "pod with container image - test:5000/repo@sha256:digest",
-			arg:      initContainer("test:5000/repo@sha256:digest"),
+			name:     "pod with container image - test:5000/repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+			arg:      initContainer("test:5000/repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
 			expected: nil,
 		},
 		{
-			name:     "pod with container image - test:5000/repo:ignore-tag@sha256:digest",
-			arg:      initContainer("test:5000/repo:ignore-tag@sha256:digest"),
+			name:     "pod with container image - test:5000/repo/image:ignore-tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+			arg:      initContainer("test:5000/repo/image:ignore-tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
 			expected: nil,
 		},
 		{
-			name:     "pod with container image - repo@sha256:digest",
-			arg:      initContainer("repo@sha256:digest"),
+			name:     "pod with container image - repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+			arg:      initContainer("repo/image@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
 			expected: nil,
 		},
 		{