Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

Update go #581

Merged
merged 5 commits into from
Mar 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: "1.17.x"
go-version-file: "go.mod"
- name: Clone repo
uses: actions/checkout@v2
- name: Install kubectl
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.19
go-version: 1.22.1
check-latest: true
cache: true

Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.17 AS builder
FROM golang:1.22.1 AS builder

# no need to include cgo bindings
ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
Expand Down
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ LDFLAGS=$(shell build/ldflags.sh)

# kubernetes client won't build with go<1.10
GOVERSION:=$(shell go version | awk '{print $$3}')
GOVERSION_MIN:=go1.17
GOVERSION_MIN:=go1.22.1
GOVERSION_CHECK=$(shell printf "%s\n%s\n" "$(GOVERSION)" "$(GOVERSION_MIN)" | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n | head -n 1)

# Test parameters
Expand Down Expand Up @@ -47,7 +47,7 @@ show-coverage: test

setup:
$(GOMOD) download
$(GOMOD) tidy -compat=1.17
$(GOMOD) tidy

clean:
$(GOCLEAN)
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Kubeaudit has official releases that are blessed and stable:
### DIY build

Main may have newer features than the stable releases. If you need a newer
feature not yet included in a release, make sure you're using Go 1.17+ and run
feature not yet included in a release, make sure you're using the latest Go and run
the following:

```sh
Expand Down
4 changes: 3 additions & 1 deletion cmd/commands/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,9 @@ func runAudit(auditable ...kubeaudit.Auditable) func(cmd *cobra.Command, args []
if err != nil {
log.WithError(err).Fatal("Error generating the SARIF output")
}
sarifReport.PrettyWrite(os.Stdout)
if err := sarifReport.PrettyWrite(os.Stdout); err != nil {
log.WithError(err).Fatal("Error executing SARIF PrettyWrite")
}

if report.HasErrors() {
os.Exit(rootConfig.exitCode)
Expand Down
3 changes: 1 addition & 2 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package config

import (
"io"
"io/ioutil"

"github.com/Shopify/kubeaudit/auditors/deprecatedapis"
"github.com/Shopify/kubeaudit/auditors/mounts"
Expand All @@ -14,7 +13,7 @@ import (
)

func New(configData io.Reader) (KubeauditConfig, error) {
configBytes, err := ioutil.ReadAll(configData)
configBytes, err := io.ReadAll(configData)
if err != nil {
return KubeauditConfig{}, err
}
Expand Down
5 changes: 2 additions & 3 deletions fix_test.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package kubeaudit_test

import (
"io/ioutil"
"os"
"path/filepath"
"testing"
Expand All @@ -16,7 +15,7 @@ import (

// Test that fixing all fixtures in auditors/* results in manifests that pass all audits
func TestFix(t *testing.T) {
auditorDirs, err := ioutil.ReadDir("auditors")
auditorDirs, err := os.ReadDir("auditors")
if !assert.Nil(t, err) {
return
}
Expand All @@ -30,7 +29,7 @@ func TestFix(t *testing.T) {
}

fixturesDirPath := filepath.Join("..", auditorDir.Name(), "fixtures")
fixtureFiles, err := ioutil.ReadDir(fixturesDirPath)
fixtureFiles, err := os.ReadDir(fixturesDirPath)
if os.IsNotExist(err) {
continue
}
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -68,4 +68,4 @@ require (
sigs.k8s.io/yaml v1.2.0 // indirect
)

go 1.17
go 1.22.1
844 changes: 0 additions & 844 deletions go.sum

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion goreleaser.Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.17 AS builder
FROM golang:1.22.1 AS builder

# no need to include cgo bindings
ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
Expand Down
51 changes: 25 additions & 26 deletions internal/k8sinternal/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,40 +133,39 @@ func (kc kubeClient) GetAllResources(options ClientOptions) ([]k8s.Resource, err
if err != nil {
return nil, err
}
if lists != nil {
for _, list := range lists {
if len(list.APIResources) == 0 {
continue
}
gv, err := schema.ParseGroupVersion(list.GroupVersion)
if err != nil {

for _, list := range lists {
if list == nil || len(list.APIResources) == 0 {
continue
}
gv, err := schema.ParseGroupVersion(list.GroupVersion)
if err != nil {
continue
}
for _, apiresource := range list.APIResources {
if len(apiresource.Verbs) == 0 {
continue
}
for _, apiresource := range list.APIResources {
if len(apiresource.Verbs) == 0 {
continue
}
gvr := schema.GroupVersionResource{Group: gv.Group, Version: gv.Version, Resource: apiresource.Name}
gvr := schema.GroupVersionResource{Group: gv.Group, Version: gv.Version, Resource: apiresource.Name}

// Namespace has to be included as a resource to audit if it is specified.
if apiresource.Name == "namespaces" && options.Namespace != "" {
unstructured, err := kc.dynamicClient.Resource(gvr).Get(context.Background(), options.Namespace, metav1.GetOptions{})
// Namespace has to be included as a resource to audit if it is specified.
if apiresource.Name == "namespaces" && options.Namespace != "" {
unstructured, err := kc.dynamicClient.Resource(gvr).Get(context.Background(), options.Namespace, metav1.GetOptions{})
if err == nil {
r, err := unstructuredToObject(unstructured)
if err == nil {
r, err := unstructuredToObject(unstructured)
resources = append(resources, r)
}
}
} else {
unstructuredList, err := kc.dynamicClient.Resource(gvr).Namespace(options.Namespace).List(context.Background(), metav1.ListOptions{})
if err == nil {
for _, unstructured := range unstructuredList.Items {
r, err := unstructuredToObject(&unstructured)
if err == nil {
resources = append(resources, r)
}
}
} else {
unstructuredList, err := kc.dynamicClient.Resource(gvr).Namespace(options.Namespace).List(context.Background(), metav1.ListOptions{})
if err == nil {
for _, unstructured := range unstructuredList.Items {
r, err := unstructuredToObject(&unstructured)
if err == nil {
resources = append(resources, r)
}
}
}
}
}
}
Expand Down
8 changes: 3 additions & 5 deletions internal/k8sinternal/runtime_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ package k8sinternal_test

import (
"bytes"
"io/ioutil"
"os"
"path"
"testing"

Expand All @@ -13,8 +13,6 @@ import (
"github.com/stretchr/testify/require"
)

const fixtureDir = "../test/fixtures"

func TestNewTrue(t *testing.T) {
assert.True(t, *k8s.NewTrue())
}
Expand All @@ -31,7 +29,7 @@ func TestEncodeDecode(t *testing.T) {
deployment.ObjectMeta = k8s.ObjectMetaV1{Namespace: "foo"}
deployment.Spec.Template.Spec.Containers = []k8s.ContainerV1{{Name: "bar"}}

expectedManifest, err := ioutil.ReadFile("fixtures/test-encode-decode.yml")
expectedManifest, err := os.ReadFile("fixtures/test-encode-decode.yml")
require.NoError(err)

encoded, err := k8sinternal.EncodeResource(deployment)
Expand Down Expand Up @@ -121,7 +119,7 @@ func getAllResources(t *testing.T) (resources []k8s.Resource) {
func getResourcesFromManifest(t *testing.T, manifest string) (resources []k8s.Resource) {
assert := assert.New(t)

data, err := ioutil.ReadFile(manifest)
data, err := os.ReadFile(manifest)
require.NoError(t, err)

bufSlice := bytes.Split(data, []byte("---"))
Expand Down
3 changes: 1 addition & 2 deletions internal/test/test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package test
import (
"bytes"
"fmt"
"io/ioutil"
"os"
"os/exec"
"path/filepath"
Expand Down Expand Up @@ -125,7 +124,7 @@ func GetReport(t *testing.T, fixtureDir, fixture string, auditables []kubeaudit.
// It can be used to retrieve all of the resource manifests from the test/fixtures/all_resources directory
// This directory is not hardcoded because the working directory for tests is relative to the test
func GetAllFileNames(t *testing.T, directory string) []string {
files, err := ioutil.ReadDir(directory)
files, err := os.ReadDir(directory)
require.Nil(t, err)

fileNames := make([]string, 0, len(files))
Expand Down
72 changes: 35 additions & 37 deletions kubeaudit.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
// Package kubeaudit provides methods to find and fix security issues in Kubernetes resources.
//
// Modes
// # Modes
//
// Kubeaudit supports three different modes. The mode used depends on the audit method used.
//
Expand All @@ -14,100 +14,98 @@
//
// Follow the instructions below to use kubeaudit:
//
// First initialize the security auditors
// # First initialize the security auditors
//
// The auditors determine which security issues kubeaudit will look for. Each auditor is responsible for a different
// security issue. For an explanation of what each auditor checks for, see https://github.com/Shopify/kubeaudit#auditors.
//
// To initialize all available auditors:
//
// import "github.com/Shopify/kubeaudit/auditors/all"
// import "github.com/Shopify/kubeaudit/auditors/all"
//
// auditors, err := all.Auditors(config.KubeauditConfig{})
// auditors, err := all.Auditors(config.KubeauditConfig{})
//
// Or, to initialize specific auditors, import each one:
//
// import (
// "github.com/Shopify/kubeaudit/auditors/apparmor"
// "github.com/Shopify/kubeaudit/auditors/image"
// )
// import (
// "github.com/Shopify/kubeaudit/auditors/apparmor"
// "github.com/Shopify/kubeaudit/auditors/image"
// )
//
// auditors := []kubeaudit.Auditable{
// apparmor.New(),
// image.New(image.Config{Image: "myimage:mytag"}),
// }
// auditors := []kubeaudit.Auditable{
// apparmor.New(),
// image.New(image.Config{Image: "myimage:mytag"}),
// }
//
// Initialize Kubeaudit
// # Initialize Kubeaudit
//
// Create a new instance of kubeaudit:
//
// kubeAuditor, err := kubeaudit.New(auditors)
// kubeAuditor, err := kubeaudit.New(auditors)
//
// Run the audit
// # Run the audit
//
// To run the audit in manifest mode:
//
// import "os"
// import "os"
//
// manifest, err := os.Open("/path/to/manifest.yaml")
// if err != nil {
// ...
// }
// manifest, err := os.Open("/path/to/manifest.yaml")
// if err != nil {
// ...
// }
//
// report, err := kubeAuditor.AuditManifest(manifest)
// report, err := kubeAuditor.AuditManifest(manifest)
//
// Or, to run the audit in local mode:
//
// report, err := kubeAuditor.AuditLocal("/path/to/kubeconfig.yml", kubeaudit.AuditOptions{})
// report, err := kubeAuditor.AuditLocal("/path/to/kubeconfig.yml", kubeaudit.AuditOptions{})
//
// Or, to run the audit in cluster mode (pass it a namespace name as a string to only audit resources in that namespace, or an empty string to audit resources in all namespaces):
//
// report, err := auditor.AuditCluster(kubeaudit.AuditOptions{})
// report, err := auditor.AuditCluster(kubeaudit.AuditOptions{})
//
// Get the results
// # Get the results
//
// To print the results in a human readable way:
//
// report.PrintResults()
// report.PrintResults()
//
// Results are printed to standard out by default. To print to a string instead:
//
// var buf bytes.Buffer
// report.PrintResults(kubeaudit.WithWriter(&buf), kubeaudit.WithColor(false))
// resultsString := buf.String()
// var buf bytes.Buffer
// report.PrintResults(kubeaudit.WithWriter(&buf), kubeaudit.WithColor(false))
// resultsString := buf.String()
//
// Or, to get the result objects:
//
// results := report.Results()
// results := report.Results()
//
// Autofix
// # Autofix
//
// Note that autofixing is only supported in manifest mode.
//
// To print the plan (what will be fixed):
//
// report.PrintPlan(os.Stdout)
// report.PrintPlan(os.Stdout)
//
// To automatically fix the security issues and print the fixed manifest:
//
// err = report.Fix(os.Stdout)
// err = report.Fix(os.Stdout)
//
// Override Errors
// # Override Errors
//
// Overrides can be used to ignore specific auditors for specific containers or pods.
// See the documentation for the specific auditor you wish to override at https://github.com/Shopify/kubeaudit#auditors.
//
// Custom Auditors
// # Custom Auditors
//
// Kubeaudit supports custom auditors. See the Custom Auditor example.
//
package kubeaudit

import (
"errors"
"fmt"
"io"
"io/ioutil"
"path/filepath"
"strings"

Expand Down Expand Up @@ -141,7 +139,7 @@ func New(auditors []Auditable, opts ...Option) (*Kubeaudit, error) {

// AuditManifest audits the Kubernetes resources in the provided manifest
func (a *Kubeaudit) AuditManifest(manifestPath string, manifest io.Reader) (*Report, error) {
manifestBytes, err := ioutil.ReadAll(manifest)
manifestBytes, err := io.ReadAll(manifest)
if err != nil {
return nil, err
}
Expand Down
Loading