public/policy-generator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fine tuning the error messages

Browse Source
This commit is contained in:
Erik Brakkee 2025-01-12 23:26:10 +01:00
parent 95e7106dba
commit 6a2f1b9fee
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/policygen/configvalidator.go
View File

@ -88,7 +88,7 @@ func validate(files []string, options *Options) error {
} }
} }
if len(ownerReferences) > 1 { if len(ownerReferences) > 1 {
LogValidationMsg(Error, "Application %s: multiple owners found: %v", application.Name, MapKeys(ownerReferences)) LogValidationMsg(Error, "Application %s: multiple owners found: %v. The application definition can possibly be made more fine-grain", application.Name, MapKeys(ownerReferences))
} }
// check ports // check ports
for _, port := range application.Ports { for _, port := range application.Ports {
@ -108,14 +108,15 @@ func validate(files []string, options *Options) error {
delete(applicationServiceAccounts, pod.Spec.ServiceAccountName) delete(applicationServiceAccounts, pod.Spec.ServiceAccountName)
} }
if len(applicationServiceAccounts) > 0 { if len(applicationServiceAccounts) > 0 {
LogValidationMsg(Error, "application %s: service accounts %v configured but not used by workloads", LogValidationMsg(Error, "application %s: service accounts %v configured but not used by running workloads",
application.Name, MapKeys(applicationServiceAccounts)) application.Name, MapKeys(applicationServiceAccounts))
} }
for _, pod := range pods { for _, pod := range pods {
sa := pod.Namespace + "/" + pod.Spec.ServiceAccountName sa := pod.Namespace + "/" + pod.Spec.ServiceAccountName
if !slices.Contains(serviceAccountMap[sa], application.Name) {
serviceAccountMap[sa] = append(serviceAccountMap[sa], serviceAccountMap[sa] = append(serviceAccountMap[sa],
application.Name) application.Name)
}
if pod.Spec.ServiceAccountName == "default" { if pod.Spec.ServiceAccountName == "default" {
LogValidationMsg(Warning, "Pod %s/%s: running with default service account", LogValidationMsg(Warning, "Pod %s/%s: running with default service account",
pod.Namespace, pod.Name) pod.Namespace, pod.Name)
@ -137,7 +138,7 @@ func validate(files []string, options *Options) error {
if len(applist) == 1 { if len(applist) == 1 {
continue continue
} }
LogValidationMsg(Error, "service account %s: shared by multiple applications %v", sa, applist) LogValidationMsg(Error, "service account %s: shared by multiple applications %v, the application definition can be made more fine-grain.", sa, applist)
} }
} }
@ -193,7 +194,7 @@ func validate(files []string, options *Options) error {
} }
for appFrom, appTo := range openToClosedAccess { for appFrom, appTo := range openToClosedAccess {
LogValidationMsg(Error, "Access from 'open' application '%s' to 'closed' application '%s'", LogValidationMsg(Error, "Access from 'open' application '%s' to 'closed' application '%s'. This will lead to generation of a netowrk authentication for this workload.",
appFrom, appTo) appFrom, appTo)
} }