public/policy-generator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fine tuning the error messages

Browse Source
This commit is contained in:
Erik Brakkee 2025-01-12 23:26:10 +01:00
parent 95e7106dba
commit 6a2f1b9fee
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cmd/policygen/configvalidator.go
View File

@ -88,7 +88,7 @@ func validate(files []string, options *Options) error {
}
}
if len(ownerReferences) > 1 {
LogValidationMsg(Error, "Application %s: multiple owners found: %v", application.Name, MapKeys(ownerReferences))
LogValidationMsg(Error, "Application %s: multiple owners found: %v. The application definition can possibly be made more fine-grain", application.Name, MapKeys(ownerReferences))
}
// check ports
for _, port := range application.Ports {
@ -108,14 +108,15 @@ func validate(files []string, options *Options) error {
delete(applicationServiceAccounts, pod.Spec.ServiceAccountName)
}
if len(applicationServiceAccounts) > 0 {
LogValidationMsg(Error, "application %s: service accounts %v configured but not used by workloads",
LogValidationMsg(Error, "application %s: service accounts %v configured but not used by running workloads",
application.Name, MapKeys(applicationServiceAccounts))
}
for _, pod := range pods {
sa := pod.Namespace + "/" + pod.Spec.ServiceAccountName
serviceAccountMap[sa] = append(serviceAccountMap[sa],
application.Name)
if !slices.Contains(serviceAccountMap[sa], application.Name) {
serviceAccountMap[sa] = append(serviceAccountMap[sa],
application.Name)
}
if pod.Spec.ServiceAccountName == "default" {
LogValidationMsg(Warning, "Pod %s/%s: running with default service account",
pod.Namespace, pod.Name)
@ -137,7 +138,7 @@ func validate(files []string, options *Options) error {
if len(applist) == 1 {
continue
}
LogValidationMsg(Error, "service account %s: shared by multiple applications %v", sa, applist)
LogValidationMsg(Error, "service account %s: shared by multiple applications %v, the application definition can be made more fine-grain.", sa, applist)
}
}
@ -193,7 +194,7 @@ func validate(files []string, options *Options) error {
}
for appFrom, appTo := range openToClosedAccess {
LogValidationMsg(Error, "Access from 'open' application '%s' to 'closed' application '%s'",
LogValidationMsg(Error, "Access from 'open' application '%s' to 'closed' application '%s'. This will lead to generation of a netowrk authentication for this workload.",
appFrom, appTo)
}