From 61d5cd825e6442d7c3dc90821932c3c98bd00e59 Mon Sep 17 00:00:00 2001
From: Navraj Singh Chhina <navuchhina@live.com>
Date: Mon, 18 Mar 2019 12:13:51 -0400
Subject: [PATCH] Certmanager (#190)

* add schema

* support cert manager certificate kind(skip on the resource)
---
 cmd/autofix.go                                |  2 +-
 cmd/autofix_util.go                           |  2 +-
 cmd/k8sruntime_util.go                        |  2 +-
 cmd/test_util.go                              |  2 +-
 cmd/types.go                                  |  2 +-
 cmd/util.go                                   |  2 +-
 cmd/util_test.go                              | 14 ++++++++++++
 fixtures/certificate_unsupported_v1alpha1.yml | 22 +++++++++++++++++++
 8 files changed, 42 insertions(+), 6 deletions(-)
 create mode 100644 fixtures/certificate_unsupported_v1alpha1.yml

diff --git a/cmd/autofix.go b/cmd/autofix.go
index efe88db6..47ae99c7 100644
--- a/cmd/autofix.go
+++ b/cmd/autofix.go
@@ -4,11 +4,11 @@ import (
 	"io/ioutil"
 	"os"
 
+	"github.com/Shopify/kubeaudit/scheme"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	k8sRuntime "k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/kubernetes/scheme"
 )
 
 // The fix function does not preserve comments (because kubernetes resources do not support comments) so we convert
diff --git a/cmd/autofix_util.go b/cmd/autofix_util.go
index bf0062a6..48926e47 100644
--- a/cmd/autofix_util.go
+++ b/cmd/autofix_util.go
@@ -7,9 +7,9 @@ import (
 	"os"
 	"strings"
 
+	"github.com/Shopify/kubeaudit/scheme"
 	"github.com/Shopify/yaml"
 	log "github.com/sirupsen/logrus"
-	"k8s.io/client-go/kubernetes/scheme"
 )
 
 func getAuditFunctions() []interface{} {
diff --git a/cmd/k8sruntime_util.go b/cmd/k8sruntime_util.go
index 9aafe2f4..20381ad8 100644
--- a/cmd/k8sruntime_util.go
+++ b/cmd/k8sruntime_util.go
@@ -3,10 +3,10 @@ package cmd
 import (
 	"io/ioutil"
 
+	"github.com/Shopify/kubeaudit/scheme"
 	networking "k8s.io/api/networking/v1"
 	k8sRuntime "k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/kubernetes/scheme"
 )
 
 func setContainers(resource Resource, containers []ContainerV1) Resource {
diff --git a/cmd/test_util.go b/cmd/test_util.go
index 9801c607..a396526f 100644
--- a/cmd/test_util.go
+++ b/cmd/test_util.go
@@ -11,12 +11,12 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/Shopify/kubeaudit/scheme"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	apiv1 "k8s.io/api/core/v1"
 	k8sRuntime "k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/kubernetes/scheme"
 )
 
 var path = "../fixtures/"
diff --git a/cmd/types.go b/cmd/types.go
index 7e9499c8..541bc51b 100644
--- a/cmd/types.go
+++ b/cmd/types.go
@@ -127,7 +127,7 @@ func IsSupportedGroupVersionKind(obj Resource) bool {
 	switch obj.GetObjectKind().GroupVersionKind().Kind {
 	case "ReplicaSet", "Endpoints", "Ingress", "Service",
 		"ConfigMap", "Secret", "PersistentVolumeClaim", "StorageClass",
-		"Volume", "VolumeAttachment",
+		"Volume", "VolumeAttachment", "Certificate",
 		"ControllerRevision", "CustomResourceDefinition", "Event",
 		"LimitRange", "HorizontalPodAutoscaler", "InitializerConfiguration",
 		"MutatingWebhookConfiguration", "ValidatingWebhookConfiguration", "PodTemplate",
diff --git a/cmd/util.go b/cmd/util.go
index 424339cd..fb3882d2 100644
--- a/cmd/util.go
+++ b/cmd/util.go
@@ -11,12 +11,12 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/Shopify/kubeaudit/scheme"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	apiv1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/kubernetes/scheme"
 )
 
 func newTrue() *bool {
diff --git a/cmd/util_test.go b/cmd/util_test.go
index 32a872d9..1d90ad15 100644
--- a/cmd/util_test.go
+++ b/cmd/util_test.go
@@ -37,3 +37,17 @@ func TestUnknownResourceV3(t *testing.T) {
 	assert.Nil(result)
 	assert.NotNil(warn)
 }
+
+func TestCertificateResourceV1(t *testing.T) {
+	file := "../fixtures/certificate_unsupported_v1alpha1.yml"
+	assert := assert.New(t)
+	resources, err := getKubeResourcesManifest(file)
+	assert.Nil(err)
+	assert.Len(resources, 1)
+	assert.False(IsSupportedResourceType(resources[0]))
+	assert.True(IsSupportedGroupVersionKind(resources[0]))
+	result, err, warn := newResultFromResource(resources[0])
+	assert.Nil(err)
+	assert.Nil(result)
+	assert.NotNil(warn)
+}
diff --git a/fixtures/certificate_unsupported_v1alpha1.yml b/fixtures/certificate_unsupported_v1alpha1.yml
new file mode 100644
index 00000000..4610aed7
--- /dev/null
+++ b/fixtures/certificate_unsupported_v1alpha1.yml
@@ -0,0 +1,22 @@
+---
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: fakeCertificateName
+  labels:
+    name: web
+    app: some-fake-app
+    env: production
+spec:
+  secretName: some-secret
+  issuerRef:
+    name: ejson-ref
+    kind: Issuer
+  dnsNames:
+  - testbuild.kubeaud.it
+  acme:
+    config:
+    - http01:
+        ingressClass: nginx
+      domains:
+      - testbuild.kubeaud.it