From 6a2f1b9feec651032df23444172106ddb51ae385 Mon Sep 17 00:00:00 2001
From: Erik Brakkee <erik@brakkee.org>
Date: Sun, 12 Jan 2025 23:26:10 +0100
Subject: [PATCH] fine tuning the error messages

---
 cmd/policygen/configvalidator.go | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/cmd/policygen/configvalidator.go b/cmd/policygen/configvalidator.go
index 974c41b..e7eeb3e 100644
--- a/cmd/policygen/configvalidator.go
+++ b/cmd/policygen/configvalidator.go
@@ -88,7 +88,7 @@ func validate(files []string, options *Options) error {
 				}
 			}
 			if len(ownerReferences) > 1 {
-				LogValidationMsg(Error, "Application %s: multiple owners found:  %v", application.Name, MapKeys(ownerReferences))
+				LogValidationMsg(Error, "Application %s: multiple owners found:  %v. The application definition can possibly be made more fine-grain", application.Name, MapKeys(ownerReferences))
 			}
 			// check ports
 			for _, port := range application.Ports {
@@ -108,14 +108,15 @@ func validate(files []string, options *Options) error {
 				delete(applicationServiceAccounts, pod.Spec.ServiceAccountName)
 			}
 			if len(applicationServiceAccounts) > 0 {
-				LogValidationMsg(Error, "application %s: service accounts %v configured but not used by workloads",
+				LogValidationMsg(Error, "application %s: service accounts %v configured but not used by running workloads",
 					application.Name, MapKeys(applicationServiceAccounts))
 			}
 			for _, pod := range pods {
 				sa := pod.Namespace + "/" + pod.Spec.ServiceAccountName
-				serviceAccountMap[sa] = append(serviceAccountMap[sa],
-					application.Name)
-
+				if !slices.Contains(serviceAccountMap[sa], application.Name) {
+					serviceAccountMap[sa] = append(serviceAccountMap[sa],
+						application.Name)
+				}
 				if pod.Spec.ServiceAccountName == "default" {
 					LogValidationMsg(Warning, "Pod %s/%s: running with default service account",
 						pod.Namespace, pod.Name)
@@ -137,7 +138,7 @@ func validate(files []string, options *Options) error {
 			if len(applist) == 1 {
 				continue
 			}
-			LogValidationMsg(Error, "service account %s: shared by multiple applications %v", sa, applist)
+			LogValidationMsg(Error, "service account %s: shared by multiple applications %v, the application definition can be made more fine-grain.", sa, applist)
 		}
 	}
 
@@ -193,7 +194,7 @@ func validate(files []string, options *Options) error {
 	}
 
 	for appFrom, appTo := range openToClosedAccess {
-		LogValidationMsg(Error, "Access from 'open' application '%s' to 'closed' application '%s'",
+		LogValidationMsg(Error, "Access from 'open' application '%s' to 'closed' application '%s'. This will lead to generation of a netowrk authentication for this workload.",
 			appFrom, appTo)
 	}