Skip to content

Add defaults for cascading inherit fields and disable omitEmpty#687

Merged
J12934 merged 1 commit intosecureCodeBox:mainfrom
EndPositive:cascading-inherit-fix
Oct 1, 2021
Merged

Add defaults for cascading inherit fields and disable omitEmpty#687
J12934 merged 1 commit intosecureCodeBox:mainfrom
EndPositive:cascading-inherit-fix

Conversation

@EndPositive
Copy link
Contributor

@EndPositive EndPositive commented Sep 30, 2021
edited
Loading

Closes #683

Description

This PR, if applied, adds default values to the cascading inherit fields. Using omitEmpty on booleans has an implicit default of omitting false values completely golang/go#13284. Since the cascading hook regards inheritLabels and inheritAnnotations undefined field as true, it was impossible to set those fields to false.

secureCodeBox/hooks/cascading-scans/hook/hook.ts

Lines 161 to 165 in 79a279a

let { inheritAnnotations, inheritLabels, inheritEnv, inheritVolumes } = scan.spec.cascades;
return {
annotations: mergeInheritedMap(scan.metadata.annotations, scanAnnotations, inheritAnnotations),
labels: mergeInheritedMap(scan.metadata.labels, scanLabels, inheritLabels),

secureCodeBox/hooks/cascading-scans/hook/scan-helpers.ts

Lines 73 to 81 in 79a279a

export function mergeInheritedMap(parentProps, ruleProps, inherit: boolean = true) {
if (!inherit) {
parentProps = {};
}
return {
...parentProps,
...ruleProps // ruleProps overwrites any duplicate keys from parentProps
}
}

Fixed by setting the default at CRD level with kubebuilders default annotation and deleting the omitEmpty tag.

Results in all cascading scans to have the following fields by default:

  cascades:
    inheritAnnotations: true
    inheritEnv: false
    inheritLabels: true
    inheritVolumes: false
    matchExpressions:
    - key: securecodebox.io/intensive
      operator: In
      values:
      - light
      - medium
      - high
    - key: securecodebox.io/invasive
      operator: In
      values:
      - non-invasive
      - invasive

inheritLabels and inheritAnnotations true by default #334
inheritEnv and inheritVolumes false by default #538 (comment)

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure npm test runs for the whole project.
  • Make codeclimate checks happy

@EndPositive EndPositive mentioned this pull request Sep 30, 2021
Closed
Add defaults for cascading inherit fields and disable omitEmpty
7b3b8f6 
Signed-off-by: Jop Zitman <jop.zitman@secura.com>
@J12934 J12934 added the bug Bugs label Oct 1, 2021
@J12934 J12934 self-requested a review October 1, 2021 07:59
@J12934 J12934 merged commit 44d51b1 into secureCodeBox:main Oct 1, 2021
@EndPositive EndPositive deleted the cascading-inherit-fix branch November 22, 2021 11:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@J12934 J12934 J12934 approved these changes

Assignees

@EndPositive EndPositive

Labels

bug Bugs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Make Inheritlabels apply to scans and not only pods

2 participants

@EndPositive @J12934