Azure · tbarnes94 · Apr 30, 2024 · Mar 12, 2024 · Mar 26, 2024 · Mar 27, 2024
diff --git a/cmd/validate.go b/cmd/validate.go
@@ -100,7 +100,7 @@ func getManifestFiles(p string) ([]safeguards.ManifestFile, error) {
 	return manifestFiles, nil
 }
 
-// run is our entry point to GetManifestViolations
+// run is our entry point to GetManifestResults
 func (vc *validateCmd) run(c *cobra.Command) error {
 	if vc.manifestPath == "" {
 		return fmt.Errorf("path to the manifests cannot be empty")
@@ -132,7 +132,7 @@ func (vc *validateCmd) run(c *cobra.Command) error {
 	}
 
 	log.Debugf("validating manifests")
-	manifestViolations, err := safeguards.GetManifestViolations(ctx, manifestFiles)
+	manifestViolations, err := safeguards.GetManifestResults(ctx, manifestFiles)
 	if err != nil {
 		log.Errorf("validating safeguards: %s", err.Error())
 		return err

diff --git a/cmd/validate_test.go b/cmd/validate_test.go
@@ -62,35 +62,35 @@ func TestRunValidate(t *testing.T) {
 	var manifestFiles []safeguards.ManifestFile
 
 	// Scenario 1: empty manifest path should error
-	_, err := safeguards.GetManifestViolations(ctx, manifestFilesEmpty)
+	_, err := safeguards.GetManifestResults(ctx, manifestFilesEmpty)
 	assert.NotNil(t, err)
 
 	// Scenario 2a: manifest path leads to a directory of manifestFiles - expect success
 	manifestFiles, err = getManifestFiles(manifestPathDirectorySuccess)
 	assert.Nil(t, err)
-	v, err := safeguards.GetManifestViolations(ctx, manifestFiles)
+	v, err := safeguards.GetManifestResults(ctx, manifestFiles)
 	assert.Nil(t, err)
 	numViolations := countTestViolations(v)
 	assert.Equal(t, numViolations, 0)
 
 	// Scenario 2b: manifest path leads to a directory of manifestFiles - expect failure
 	manifestFiles, err = getManifestFiles(manifestPathDirectoryError)
 	assert.Nil(t, err)
-	v, err = safeguards.GetManifestViolations(ctx, manifestFiles)
+	v, err = safeguards.GetManifestResults(ctx, manifestFiles)
 	assert.Nil(t, err)
 	numViolations = countTestViolations(v)
 	assert.Greater(t, numViolations, 0)
 
 	// Scenario 3a: manifest path leads to one manifest file - expect success
 	manifestFiles, err = getManifestFiles(manifestPathFileSuccess)
-	v, err = safeguards.GetManifestViolations(ctx, manifestFiles)
+	v, err = safeguards.GetManifestResults(ctx, manifestFiles)
 	assert.Nil(t, err)
 	numViolations = countTestViolations(v)
 	assert.Equal(t, numViolations, 0)
 
 	// Scenario 3b: manifest path leads to one manifest file - expect failure
 	manifestFiles, err = getManifestFiles(manifestPathFileError)
-	v, err = safeguards.GetManifestViolations(ctx, manifestFiles)
+	v, err = safeguards.GetManifestResults(ctx, manifestFiles)
 	assert.Nil(t, err)
 	numViolations = countTestViolations(v)
 	assert.Greater(t, numViolations, 0)

diff --git a/cmd/validate_test_helpers.go b/cmd/validate_test_helpers.go
@@ -2,10 +2,10 @@ package cmd
 
 import "github.com/Azure/draft/pkg/safeguards"
 
-func countTestViolations(violations []safeguards.ManifestViolation) int {
+func countTestViolations(results []safeguards.ManifestResult) int {
 	numViolations := 0
-	for _, v := range violations {
-		numViolations += len(v.ObjectViolations)
+	for _, r := range results {
+		numViolations += len(r.ObjectViolations)
 	}
 
 	return numViolations

diff --git a/...b/v1.0.0/container-limits/constraint.yaml → ...container-resource-limits/constraint.yaml b/...b/v1.0.0/container-limits/constraint.yaml → ...container-resource-limits/constraint.yaml
diff --git a/...lib/v1.0.0/container-limits/template.yaml → ...0/container-resource-limits/template.yaml b/...lib/v1.0.0/container-limits/template.yaml → ...0/container-resource-limits/template.yaml
diff --git a/pkg/safeguards/safeguards.go b/pkg/safeguards/safeguards.go
@@ -35,38 +35,38 @@ func init() {
 	}
 }
 
-// GetManifestViolations takes in a list of manifest files and returns a slice of ManifestViolation structs
-func GetManifestViolations(ctx context.Context, manifestFiles []ManifestFile) ([]ManifestViolation, error) {
+// GetManifestResults takes in a list of manifest files and returns a slice of ManifestViolation structs
+func GetManifestResults(ctx context.Context, manifestFiles []ManifestFile) ([]ManifestResult, error) {
 	if len(manifestFiles) == 0 {
 		return nil, fmt.Errorf("path cannot be empty")
 	}
 
-	manifestViolations := make([]ManifestViolation, 0)
+	manifestResults := make([]ManifestResult, 0)
 
 	// constraint client instantiation
 	c, err := getConstraintClient()
 	if err != nil {
-		return manifestViolations, err
+		return manifestResults, err
 	}
 
 	// retrieval of templates, constraints, and deployment
 	constraintTemplates, err := fc.ReadConstraintTemplates()
 	if err != nil {
-		return manifestViolations, err
+		return manifestResults, err
 	}
 	constraints, err := fc.ReadConstraints()
 	if err != nil {
-		return manifestViolations, err
+		return manifestResults, err
 	}
 
 	// loading of templates, constraints into constraint client
 	err = loadConstraintTemplates(ctx, c, constraintTemplates)
 	if err != nil {
-		return manifestViolations, err
+		return manifestResults, err
 	}
 	err = loadConstraints(ctx, c, constraints)
 	if err != nil {
-		return manifestViolations, err
+		return manifestResults, err
 	}
 
 	// organized map of manifest object by file name
@@ -77,7 +77,7 @@ func GetManifestViolations(ctx context.Context, manifestFiles []ManifestFile) ([
 		manifestObjects, err := fc.ReadManifests(m.Path) // read all the objects stored in a single file
 		if err != nil {
 			log.Errorf("reading objects %s", err.Error())
-			return manifestViolations, err
+			return manifestResults, err
 		}
 
 		allManifestObjects = append(allManifestObjects, manifestObjects...)
@@ -92,16 +92,16 @@ func GetManifestViolations(ctx context.Context, manifestFiles []ManifestFile) ([
 		var objectViolations map[string][]string
 
 		// validation of deployment manifest with constraints, templates loaded
-		objectViolations, err = getObjectViolations(ctx, c, manifestMap[m.Name])
+		objectViolations, err = getObjectResults(ctx, c, manifestMap[m.Name])
 		if err != nil {
 			log.Errorf("validating objects: %s", err.Error())
-			return manifestViolations, err
+			return manifestResults, err
 		}
-		manifestViolations = append(manifestViolations, ManifestViolation{
+		manifestResults = append(manifestResults, ManifestResult{
 			Name:             m.Name,
 			ObjectViolations: objectViolations,
 		})
 	}
 
-	return manifestViolations, nil
+	return manifestResults, nil
 }
diff --git a/pkg/safeguards/safeguards_constants.go b/pkg/safeguards/safeguards_constants.go
@@ -7,12 +7,13 @@ import (
 const (
 	Constraint_CAI   = "container-allowed-images"
 	Constraint_CEP   = "container-enforce-probes"
-	Constraint_CL    = "container-limits"
+	Constraint_CRL   = "container-resource-limits"
 	Constraint_CRIP  = "container-restricted-image-pulls"
 	Constraint_DBPDB = "disallowed-bad-pod-disruption-budgets"
 	Constraint_PEA   = "pod-enforce-antiaffinity"
 	Constraint_RT    = "restricted-taints"
 	Constraint_USS   = "unique-service-selectors"
+	Constraint_all   = "all"
 )
 
 var selectedVersion = "v1.0.0"
@@ -37,9 +38,9 @@ var safeguards = []Safeguard{
 		constraintPath: fmt.Sprintf("lib/%s/%s/%s", selectedVersion, Constraint_CEP, constraintFileName),
 	},
 	{
-		name:           Constraint_CL,
-		templatePath:   fmt.Sprintf("lib/%s/%s/%s", selectedVersion, Constraint_CL, templateFileName),
-		constraintPath: fmt.Sprintf("lib/%s/%s/%s", selectedVersion, Constraint_CL, constraintFileName),
+		name:           Constraint_CRL,
+		templatePath:   fmt.Sprintf("lib/%s/%s/%s", selectedVersion, Constraint_CRL, templateFileName),
+		constraintPath: fmt.Sprintf("lib/%s/%s/%s", selectedVersion, Constraint_CRL, constraintFileName),
 	},
 	{
 		name:           Constraint_CRIP,

diff --git a/pkg/safeguards/safeguards_helpers.go b/pkg/safeguards/safeguards_helpers.go
@@ -172,34 +172,34 @@ func loadManifestObjects(ctx context.Context, c *constraintclient.Client, object
 	return nil
 }
 
-// getObjectViolations executes validation on manifests based on loaded constraint templates and returns a map of manifest name to list of objectViolations
-func getObjectViolations(ctx context.Context, c *constraintclient.Client, objects []*unstructured.Unstructured) (map[string][]string, error) {
+// getObjectResults executes validation on manifests based on loaded constraint templates and returns a map of manifest name to list of objectResults
+func getObjectResults(ctx context.Context, c *constraintclient.Client, objects []*unstructured.Unstructured) (map[string][]string, error) {
 	// Review makes sure the provided object satisfies all stored constraints.
 	// On error, the responses return value will still be populated so that
 	// partial results can be analyzed.
 
-	var violations = make(map[string][]string) // map of object name to slice of objectViolations
+	var results = make(map[string][]string) // map of object name to slice of objectViolations
 
 	for _, o := range objects {
-		objectViolations := []string{}
+		objectResults := []string{}
 		log.Debugf("Reviewing %s...", o.GetName())
 		res, err := c.Review(ctx, o)
 		if err != nil {
-			return violations, fmt.Errorf("could not review objects: %w", err)
+			return results, fmt.Errorf("could not review objects: %w", err)
 		}
 
 		for _, v := range res.ByTarget {
 			for _, result := range v.Results {
 				if result.Msg != "" {
-					objectViolations = append(objectViolations, result.Msg)
+					objectResults = append(objectResults, result.Msg)
 				}
 			}
 		}
 
-		if len(objectViolations) > 0 {
-			violations[o.GetName()] = objectViolations
+		if len(objectResults) > 0 {
+			results[o.GetName()] = objectResults
 		}
 	}
 
-	return violations, nil
+	return results, nil
 }