branch: elpa/flymake-collection
commit 46b65939c8363ec7efd594390a3c5d0becc7b8ab
Author: Mohsin Kaleem <mohk...@kisara.moe>
Commit: Mohsin Kaleem <mohk...@kisara.moe>
checkers: Add kube-linter checker
---
src/checkers/flymake-collection-kube-linter.el | 70 ++++++++++++++++++++++++++
src/flymake-collection-hook.el | 3 +-
tests/checkers/installers/kube-linter.bash | 8 +++
tests/checkers/test-cases/kube-linter.yml | 49 ++++++++++++++++++
4 files changed, 129 insertions(+), 1 deletion(-)
diff --git a/src/checkers/flymake-collection-kube-linter.el
b/src/checkers/flymake-collection-kube-linter.el
new file mode 100644
index 0000000000..c9c6d888bc
--- /dev/null
+++ b/src/checkers/flymake-collection-kube-linter.el
@@ -0,0 +1,70 @@
+;;; flymake-collection-kube-linter.el --- Linter for k8s configs -*-
lexical-binding: t -*-
+
+;; Copyright (c) 2024 Mohsin Kaleem
+
+;; Permission is hereby granted, free of charge, to any person obtaining a copy
+;; of this software and associated documentation files (the "Software"), to
deal
+;; in the Software without restriction, including without limitation the rights
+;; to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+;; copies of the Software, and to permit persons to whom the Software is
+;; furnished to do so, subject to the following conditions:
+
+;; The above copyright notice and this permission notice shall be included in
all
+;; copies or substantial portions of the Software.
+
+;; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+;; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+;; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+;; AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+;; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM,
+;; OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE
+;; SOFTWARE.
+
+;;; Commentary:
+
+;; `flymake' syntax checker for kubernetes configuration files.
+
+;;; Code:
+
+(require 'flymake)
+(require 'flymake-collection)
+(eval-when-compile (require 'subr-x))
+
+(eval-when-compile
+ (require 'flymake-collection-define))
+
+;;;###autoload (autoload 'flymake-collection-kube-linter
"flymake-collection-kube-linter")
+(flymake-collection-define-enumerate flymake-collection-kube-linter
+ "KubeLinter is a static analysis tool that checks Kubernetes YAML files and
Helm
+charts to ensure the applications represented in them adhere to best practices.
+
+https://docs.kubelinter.io/#/";
+ :title "kube-linter"
+ :pre-let ((kube-linter-exec (executable-find "kube-linter")))
+ :pre-check (unless kube-linter-exec
+ (error "Cannot find kube-linter executable"))
+ :write-type 'pipe
+ :command `(,kube-linter-exec
+ "lint"
+ "--fail-if-no-objects-found"
+ "--fail-on-invalid-resource"
+ "--format=json"
+ "-")
+ :generator
+ (thread-last
+ (flymake-collection-parse-json
+ (buffer-substring-no-properties
+ (point-min) (point-max)))
+ (car)
+ (alist-get 'Reports))
+ :enumerate-parser
+ (let-alist it
+ `(,flymake-collection-source
+ ,@(with-current-buffer flymake-collection-source
+ (list (point-min) (point-max)))
+ :error
+ ,(concat (propertize (concat "[" .Check "]") 'face
'flymake-collection-diag-id) " "
+ .Diagnostic.Message))))
+
+(provide 'flymake-collection-kube-linter)
+;;; flymake-collection-kube-linter.el ends here
diff --git a/src/flymake-collection-hook.el b/src/flymake-collection-hook.el
index deffe8202d..7441b50e1b 100644
--- a/src/flymake-collection-hook.el
+++ b/src/flymake-collection-hook.el
@@ -82,7 +82,8 @@
(flymake-collection-shellcheck
(sh-shellcheck-flymake :disabled t)))
((yaml-mode yaml-ts-mode) .
- flymake-collection-yamllint)
+ (flymake-collection-yamllint
+ (flymake-collection-kube-linter :disabled t)))
((web-mode html-ts-mode) .
(flymake-collection-html-tidy))
(org-mode
diff --git a/tests/checkers/installers/kube-linter.bash
b/tests/checkers/installers/kube-linter.bash
new file mode 100755
index 0000000000..d4505a606f
--- /dev/null
+++ b/tests/checkers/installers/kube-linter.bash
@@ -0,0 +1,8 @@
+cd "$(mktemp -d)" || exit 1
+
+curl -L
https://github.com/stackrox/kube-linter/releases/download/v0.6.8/kube-linter-linux.tar.gz
|
+ tar -xzv
+mv kube-linter /usr/bin/
+
+rm -rf "$(pwd)"
+cd - || exit 1
diff --git a/tests/checkers/test-cases/kube-linter.yml
b/tests/checkers/test-cases/kube-linter.yml
new file mode 100644
index 0000000000..e96342b6cd
--- /dev/null
+++ b/tests/checkers/test-cases/kube-linter.yml
@@ -0,0 +1,49 @@
+checker: flymake-collection-kube-linter
+tests:
+ - name: no-lints
+ file: ""
+ lints: []
+ - name: example-file
+ file: |-
+ apiVersion: v1
+ kind: Pod
+ metadata:
+ name: security-context-demo
+ spec:
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 3000
+ fsGroup: 2000
+ volumes:
+ - name: sec-ctx-vol
+ emptyDir: {}
+ containers:
+ - name: sec-ctx-demo
+ image: busybox
+ resources:
+ requests:
+ memory: "64Mi"
+ cpu: "250m"
+ command: [ "sh", "-c", "sleep 1h" ]
+ volumeMounts:
+ - name: sec-ctx-vol
+ mountPath: /data/demo
+ securityContext:
+ allowPrivilegeEscalation: false
+ lints:
+ - point: [1, 0]
+ level: error
+ message: |-
+ [latest-tag] The container "sec-ctx-demo" is using an invalid
container image, "busybox". Please use images that are not blocked by the
`BlockList` criteria : [".*:(latest)$" "^[^:]*$" "(.*/[^:]+)$"] (kube-linter)
+ - point: [1, 0]
+ level: error
+ message: |-
+ [no-read-only-root-fs] container "sec-ctx-demo" does not have a
read-only root file system (kube-linter)
+ - point: [1, 0]
+ level: error
+ message: |-
+ [unset-cpu-requirements] container "sec-ctx-demo" has cpu limit 0
(kube-linter)
+ - point: [1, 0]
+ level: error
+ message: |-
+ [unset-memory-requirements] container "sec-ctx-demo" has memory
limit 0 (kube-linter)
