Certmanager (#190)

* add schema

* support cert manager certificate kind(skip on the resource)

cmd/autofix.go

@@ -4,11 +4,11 @@ import (
 	"io/ioutil"
 	"os"
 
+	"github.com/Shopify/kubeaudit/scheme"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	k8sRuntime "k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/kubernetes/scheme"
 )
 
 // The fix function does not preserve comments (because kubernetes resources do not support comments) so we convert

cmd/autofix_util.go

@@ -7,9 +7,9 @@ import (
 	"os"
 	"strings"
 
+	"github.com/Shopify/kubeaudit/scheme"
 	"github.com/Shopify/yaml"
 	log "github.com/sirupsen/logrus"
-	"k8s.io/client-go/kubernetes/scheme"
 )
 
 func getAuditFunctions() []interface{} {

cmd/k8sruntime_util.go

@@ -3,10 +3,10 @@ package cmd
 import (
 	"io/ioutil"
 
+	"github.com/Shopify/kubeaudit/scheme"
 	networking "k8s.io/api/networking/v1"
 	k8sRuntime "k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/kubernetes/scheme"
 )
 
 func setContainers(resource Resource, containers []ContainerV1) Resource {

cmd/test_util.go

@@ -11,12 +11,12 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/Shopify/kubeaudit/scheme"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	apiv1 "k8s.io/api/core/v1"
 	k8sRuntime "k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/kubernetes/scheme"
 )
 
 var path = "../fixtures/"

cmd/types.go

@@ -127,7 +127,7 @@ func IsSupportedGroupVersionKind(obj Resource) bool {
 	switch obj.GetObjectKind().GroupVersionKind().Kind {
 	case "ReplicaSet", "Endpoints", "Ingress", "Service",
 		"ConfigMap", "Secret", "PersistentVolumeClaim", "StorageClass",
-		"Volume", "VolumeAttachment",
+		"Volume", "VolumeAttachment", "Certificate",
 		"ControllerRevision", "CustomResourceDefinition", "Event",
 		"LimitRange", "HorizontalPodAutoscaler", "InitializerConfiguration",
 		"MutatingWebhookConfiguration", "ValidatingWebhookConfiguration", "PodTemplate",

cmd/util.go

@@ -11,12 +11,12 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/Shopify/kubeaudit/scheme"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	apiv1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/kubernetes/scheme"
 )
 
 func newTrue() *bool {

cmd/util_test.go

@@ -37,3 +37,17 @@ func TestUnknownResourceV3(t *testing.T) {
 	assert.Nil(result)
 	assert.NotNil(warn)
 }
+
+func TestCertificateResourceV1(t *testing.T) {
+	file := "../fixtures/certificate_unsupported_v1alpha1.yml"
+	assert := assert.New(t)
+	resources, err := getKubeResourcesManifest(file)
+	assert.Nil(err)
+	assert.Len(resources, 1)
+	assert.False(IsSupportedResourceType(resources[0]))
+	assert.True(IsSupportedGroupVersionKind(resources[0]))
+	result, err, warn := newResultFromResource(resources[0])
+	assert.Nil(err)
+	assert.Nil(result)
+	assert.NotNil(warn)
+}

fixtures/certificate_unsupported_v1alpha1.yml

@@ -0,0 +1,22 @@
+---
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: fakeCertificateName
+  labels:
+    name: web
+    app: some-fake-app
+    env: production
+spec:
+  secretName: some-secret
+  issuerRef:
+    name: ejson-ref
+    kind: Issuer
+  dnsNames:
+  - testbuild.kubeaud.it
+  acme:
+    config:
+    - http01:
+        ingressClass: nginx
+      domains:
+      - testbuild.kubeaud.it