Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

Commit

Permalink
Update go (#581)
Browse files Browse the repository at this point in the history
* Update Golang version

* run linter

* Update .github/workflows/ci.yml

Co-authored-by: Pete Wagner <1559510+thepwagner@users.noreply.github.com>

* Update Makefile

Co-authored-by: Pete Wagner <1559510+thepwagner@users.noreply.github.com>

* Update README.md

Co-authored-by: Pete Wagner <1559510+thepwagner@users.noreply.github.com>

---------

Co-authored-by: Pete Wagner <1559510+thepwagner@users.noreply.github.com>
  • Loading branch information
lynnsh and thepwagner authored Mar 13, 2024
1 parent 76fe452 commit 7e8696a
Show file tree
Hide file tree
Showing 15 changed files with 78 additions and 928 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: "1.17.x"
go-version-file: "go.mod"
- name: Clone repo
uses: actions/checkout@v2
- name: Install kubectl
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.19
go-version: 1.22.1
check-latest: true
cache: true

Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.17 AS builder
FROM golang:1.22.1 AS builder

# no need to include cgo bindings
ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
Expand Down
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ LDFLAGS=$(shell build/ldflags.sh)

# kubernetes client won't build with go<1.10
GOVERSION:=$(shell go version | awk '{print $$3}')
GOVERSION_MIN:=go1.17
GOVERSION_MIN:=go1.22.1
GOVERSION_CHECK=$(shell printf "%s\n%s\n" "$(GOVERSION)" "$(GOVERSION_MIN)" | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n | head -n 1)

# Test parameters
Expand Down Expand Up @@ -47,7 +47,7 @@ show-coverage: test

setup:
$(GOMOD) download
$(GOMOD) tidy -compat=1.17
$(GOMOD) tidy

clean:
$(GOCLEAN)
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Kubeaudit has official releases that are blessed and stable:
### DIY build

Main may have newer features than the stable releases. If you need a newer
feature not yet included in a release, make sure you're using Go 1.17+ and run
feature not yet included in a release, make sure you're using the latest Go and run
the following:

```sh
Expand Down
4 changes: 3 additions & 1 deletion cmd/commands/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,9 @@ func runAudit(auditable ...kubeaudit.Auditable) func(cmd *cobra.Command, args []
if err != nil {
log.WithError(err).Fatal("Error generating the SARIF output")
}
sarifReport.PrettyWrite(os.Stdout)
if err := sarifReport.PrettyWrite(os.Stdout); err != nil {
log.WithError(err).Fatal("Error executing SARIF PrettyWrite")
}

if report.HasErrors() {
os.Exit(rootConfig.exitCode)
Expand Down
3 changes: 1 addition & 2 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package config

import (
"io"
"io/ioutil"

"github.com/Shopify/kubeaudit/auditors/deprecatedapis"
"github.com/Shopify/kubeaudit/auditors/mounts"
Expand All @@ -14,7 +13,7 @@ import (
)

func New(configData io.Reader) (KubeauditConfig, error) {
configBytes, err := ioutil.ReadAll(configData)
configBytes, err := io.ReadAll(configData)
if err != nil {
return KubeauditConfig{}, err
}
Expand Down
5 changes: 2 additions & 3 deletions fix_test.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package kubeaudit_test

import (
"io/ioutil"
"os"
"path/filepath"
"testing"
Expand All @@ -16,7 +15,7 @@ import (

// Test that fixing all fixtures in auditors/* results in manifests that pass all audits
func TestFix(t *testing.T) {
auditorDirs, err := ioutil.ReadDir("auditors")
auditorDirs, err := os.ReadDir("auditors")
if !assert.Nil(t, err) {
return
}
Expand All @@ -30,7 +29,7 @@ func TestFix(t *testing.T) {
}

fixturesDirPath := filepath.Join("..", auditorDir.Name(), "fixtures")
fixtureFiles, err := ioutil.ReadDir(fixturesDirPath)
fixtureFiles, err := os.ReadDir(fixturesDirPath)
if os.IsNotExist(err) {
continue
}
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -68,4 +68,4 @@ require (
sigs.k8s.io/yaml v1.2.0 // indirect
)

go 1.17
go 1.22.1
844 changes: 0 additions & 844 deletions go.sum

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion goreleaser.Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.17 AS builder
FROM golang:1.22.1 AS builder

# no need to include cgo bindings
ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
Expand Down
51 changes: 25 additions & 26 deletions internal/k8sinternal/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,40 +133,39 @@ func (kc kubeClient) GetAllResources(options ClientOptions) ([]k8s.Resource, err
if err != nil {
return nil, err
}
if lists != nil {
for _, list := range lists {
if len(list.APIResources) == 0 {
continue
}
gv, err := schema.ParseGroupVersion(list.GroupVersion)
if err != nil {

for _, list := range lists {
if list == nil || len(list.APIResources) == 0 {
continue
}
gv, err := schema.ParseGroupVersion(list.GroupVersion)
if err != nil {
continue
}
for _, apiresource := range list.APIResources {
if len(apiresource.Verbs) == 0 {
continue
}
for _, apiresource := range list.APIResources {
if len(apiresource.Verbs) == 0 {
continue
}
gvr := schema.GroupVersionResource{Group: gv.Group, Version: gv.Version, Resource: apiresource.Name}
gvr := schema.GroupVersionResource{Group: gv.Group, Version: gv.Version, Resource: apiresource.Name}

// Namespace has to be included as a resource to audit if it is specified.
if apiresource.Name == "namespaces" && options.Namespace != "" {
unstructured, err := kc.dynamicClient.Resource(gvr).Get(context.Background(), options.Namespace, metav1.GetOptions{})
// Namespace has to be included as a resource to audit if it is specified.
if apiresource.Name == "namespaces" && options.Namespace != "" {
unstructured, err := kc.dynamicClient.Resource(gvr).Get(context.Background(), options.Namespace, metav1.GetOptions{})
if err == nil {
r, err := unstructuredToObject(unstructured)
if err == nil {
r, err := unstructuredToObject(unstructured)
resources = append(resources, r)
}
}
} else {
unstructuredList, err := kc.dynamicClient.Resource(gvr).Namespace(options.Namespace).List(context.Background(), metav1.ListOptions{})
if err == nil {
for _, unstructured := range unstructuredList.Items {
r, err := unstructuredToObject(&unstructured)
if err == nil {
resources = append(resources, r)
}
}
} else {
unstructuredList, err := kc.dynamicClient.Resource(gvr).Namespace(options.Namespace).List(context.Background(), metav1.ListOptions{})
if err == nil {
for _, unstructured := range unstructuredList.Items {
r, err := unstructuredToObject(&unstructured)
if err == nil {
resources = append(resources, r)
}
}
}
}
}
}
Expand Down
8 changes: 3 additions & 5 deletions internal/k8sinternal/runtime_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ package k8sinternal_test

import (
"bytes"
"io/ioutil"
"os"
"path"
"testing"

Expand All @@ -13,8 +13,6 @@ import (
"github.com/stretchr/testify/require"
)

const fixtureDir = "../test/fixtures"

func TestNewTrue(t *testing.T) {
assert.True(t, *k8s.NewTrue())
}
Expand All @@ -31,7 +29,7 @@ func TestEncodeDecode(t *testing.T) {
deployment.ObjectMeta = k8s.ObjectMetaV1{Namespace: "foo"}
deployment.Spec.Template.Spec.Containers = []k8s.ContainerV1{{Name: "bar"}}

expectedManifest, err := ioutil.ReadFile("fixtures/test-encode-decode.yml")
expectedManifest, err := os.ReadFile("fixtures/test-encode-decode.yml")
require.NoError(err)

encoded, err := k8sinternal.EncodeResource(deployment)
Expand Down Expand Up @@ -121,7 +119,7 @@ func getAllResources(t *testing.T) (resources []k8s.Resource) {
func getResourcesFromManifest(t *testing.T, manifest string) (resources []k8s.Resource) {
assert := assert.New(t)

data, err := ioutil.ReadFile(manifest)
data, err := os.ReadFile(manifest)
require.NoError(t, err)

bufSlice := bytes.Split(data, []byte("---"))
Expand Down
3 changes: 1 addition & 2 deletions internal/test/test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package test
import (
"bytes"
"fmt"
"io/ioutil"
"os"
"os/exec"
"path/filepath"
Expand Down Expand Up @@ -125,7 +124,7 @@ func GetReport(t *testing.T, fixtureDir, fixture string, auditables []kubeaudit.
// It can be used to retrieve all of the resource manifests from the test/fixtures/all_resources directory
// This directory is not hardcoded because the working directory for tests is relative to the test
func GetAllFileNames(t *testing.T, directory string) []string {
files, err := ioutil.ReadDir(directory)
files, err := os.ReadDir(directory)
require.Nil(t, err)

fileNames := make([]string, 0, len(files))
Expand Down
72 changes: 35 additions & 37 deletions kubeaudit.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
// Package kubeaudit provides methods to find and fix security issues in Kubernetes resources.
//
// Modes
// # Modes
//
// Kubeaudit supports three different modes. The mode used depends on the audit method used.
//
Expand All @@ -14,100 +14,98 @@
//
// Follow the instructions below to use kubeaudit:
//
// First initialize the security auditors
// # First initialize the security auditors
//
// The auditors determine which security issues kubeaudit will look for. Each auditor is responsible for a different
// security issue. For an explanation of what each auditor checks for, see https://github.com/Shopify/kubeaudit#auditors.
//
// To initialize all available auditors:
//
// import "github.com/Shopify/kubeaudit/auditors/all"
// import "github.com/Shopify/kubeaudit/auditors/all"
//
// auditors, err := all.Auditors(config.KubeauditConfig{})
// auditors, err := all.Auditors(config.KubeauditConfig{})
//
// Or, to initialize specific auditors, import each one:
//
// import (
// "github.com/Shopify/kubeaudit/auditors/apparmor"
// "github.com/Shopify/kubeaudit/auditors/image"
// )
// import (
// "github.com/Shopify/kubeaudit/auditors/apparmor"
// "github.com/Shopify/kubeaudit/auditors/image"
// )
//
// auditors := []kubeaudit.Auditable{
// apparmor.New(),
// image.New(image.Config{Image: "myimage:mytag"}),
// }
// auditors := []kubeaudit.Auditable{
// apparmor.New(),
// image.New(image.Config{Image: "myimage:mytag"}),
// }
//
// Initialize Kubeaudit
// # Initialize Kubeaudit
//
// Create a new instance of kubeaudit:
//
// kubeAuditor, err := kubeaudit.New(auditors)
// kubeAuditor, err := kubeaudit.New(auditors)
//
// Run the audit
// # Run the audit
//
// To run the audit in manifest mode:
//
// import "os"
// import "os"
//
// manifest, err := os.Open("/path/to/manifest.yaml")
// if err != nil {
// ...
// }
// manifest, err := os.Open("/path/to/manifest.yaml")
// if err != nil {
// ...
// }
//
// report, err := kubeAuditor.AuditManifest(manifest)
// report, err := kubeAuditor.AuditManifest(manifest)
//
// Or, to run the audit in local mode:
//
// report, err := kubeAuditor.AuditLocal("/path/to/kubeconfig.yml", kubeaudit.AuditOptions{})
// report, err := kubeAuditor.AuditLocal("/path/to/kubeconfig.yml", kubeaudit.AuditOptions{})
//
// Or, to run the audit in cluster mode (pass it a namespace name as a string to only audit resources in that namespace, or an empty string to audit resources in all namespaces):
//
// report, err := auditor.AuditCluster(kubeaudit.AuditOptions{})
// report, err := auditor.AuditCluster(kubeaudit.AuditOptions{})
//
// Get the results
// # Get the results
//
// To print the results in a human readable way:
//
// report.PrintResults()
// report.PrintResults()
//
// Results are printed to standard out by default. To print to a string instead:
//
// var buf bytes.Buffer
// report.PrintResults(kubeaudit.WithWriter(&buf), kubeaudit.WithColor(false))
// resultsString := buf.String()
// var buf bytes.Buffer
// report.PrintResults(kubeaudit.WithWriter(&buf), kubeaudit.WithColor(false))
// resultsString := buf.String()
//
// Or, to get the result objects:
//
// results := report.Results()
// results := report.Results()
//
// Autofix
// # Autofix
//
// Note that autofixing is only supported in manifest mode.
//
// To print the plan (what will be fixed):
//
// report.PrintPlan(os.Stdout)
// report.PrintPlan(os.Stdout)
//
// To automatically fix the security issues and print the fixed manifest:
//
// err = report.Fix(os.Stdout)
// err = report.Fix(os.Stdout)
//
// Override Errors
// # Override Errors
//
// Overrides can be used to ignore specific auditors for specific containers or pods.
// See the documentation for the specific auditor you wish to override at https://github.com/Shopify/kubeaudit#auditors.
//
// Custom Auditors
// # Custom Auditors
//
// Kubeaudit supports custom auditors. See the Custom Auditor example.
//
package kubeaudit

import (
"errors"
"fmt"
"io"
"io/ioutil"
"path/filepath"
"strings"

Expand Down Expand Up @@ -141,7 +139,7 @@ func New(auditors []Auditable, opts ...Option) (*Kubeaudit, error) {

// AuditManifest audits the Kubernetes resources in the provided manifest
func (a *Kubeaudit) AuditManifest(manifestPath string, manifest io.Reader) (*Report, error) {
manifestBytes, err := ioutil.ReadAll(manifest)
manifestBytes, err := io.ReadAll(manifest)
if err != nil {
return nil, err
}
Expand Down

0 comments on commit 7e8696a

Please sign in to comment.