diff --git a/pkg/validator/schema.go b/pkg/validator/schema.go index 296422589..1911b1842 100644 --- a/pkg/validator/schema.go +++ b/pkg/validator/schema.go @@ -10,6 +10,7 @@ import ( "github.com/gobuffalo/packr/v2" corev1 "k8s.io/api/core/v1" "k8s.io/api/extensions/v1beta1" + metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/yaml" "github.com/fairwindsops/polaris/pkg/config" @@ -80,7 +81,7 @@ func parseCheck(rawBytes []byte) (config.SchemaCheck, error) { } } -func resolveCheck(conf *config.Configuration, checkID string, controller *kube.GenericWorkload, container *corev1.Container, ingress *v1beta1.Ingress, target config.TargetKind, isInitContainer bool) (*config.SchemaCheck, error) { +func resolveCheck(conf *config.Configuration, checkID, kind string, target config.TargetKind, meta metaV1.Object, containerName string, isInitContainer bool) (*config.SchemaCheck, error) { check, ok := conf.CustomChecks[checkID] if !ok { check, ok = builtInChecks[checkID] @@ -89,22 +90,8 @@ func resolveCheck(conf *config.Configuration, checkID string, controller *kube.G return nil, fmt.Errorf("Check %s not found", checkID) } - containerName := "" - if container != nil { - containerName = container.Name - } - namespace := "" - name := "" - kind := "" - if controller != nil { - namespace = controller.ObjectMeta.GetNamespace() - name = controller.ObjectMeta.GetName() - kind = controller.Kind - } else { - namespace = ingress.ObjectMeta.GetNamespace() - name = ingress.ObjectMeta.GetName() - kind = ingress.Kind - } + namespace := meta.GetNamespace() + name := meta.GetName() if !conf.IsActionable(check.ID, namespace, name, containerName) { return nil, nil } @@ -142,7 +129,7 @@ func applyPodSchemaChecks(conf *config.Configuration, controller kube.GenericWor if strings.ToLower(exemptValue) == "true" { continue } - check, err := resolveCheck(conf, checkID, &controller, nil, nil, config.TargetPod, false) + check, err := resolveCheck(conf, checkID, controller.Kind, config.TargetPod, controller.ObjectMeta, "", false) if err != nil { return nil, err @@ -167,7 +154,7 @@ func applyControllerSchemaChecks(conf *config.Configuration, controller kube.Gen if strings.ToLower(exemptValue) == "true" { continue } - check, err := resolveCheck(conf, checkID, &controller, nil, nil, config.TargetController, false) + check, err := resolveCheck(conf, checkID, controller.Kind, config.TargetController, controller.ObjectMeta, "", false) if err != nil { return nil, err @@ -192,7 +179,7 @@ func applyContainerSchemaChecks(conf *config.Configuration, controller kube.Gene if strings.ToLower(exemptValue) == "true" { continue } - check, err := resolveCheck(conf, checkID, &controller, container, nil, config.TargetContainer, isInit) + check, err := resolveCheck(conf, checkID, controller.Kind, config.TargetContainer, controller.ObjectMeta, container.Name, isInit) if err != nil { return nil, err } else if check == nil { @@ -219,7 +206,7 @@ func applyIngressSchemaChecks(conf *config.Configuration, ingress v1beta1.Ingres results := ResultSet{} checkIDs := getSortedKeys(conf.Checks) for _, checkID := range checkIDs { - check, err := resolveCheck(conf, checkID, nil, nil, &ingress, config.TargetIngress, false) + check, err := resolveCheck(conf, checkID, ingress.Kind, config.TargetIngress, ingress.ObjectMeta.GetObjectMeta(), "", false) if err != nil { return nil, err