diff --git a/Cargo.lock b/Cargo.lock index 4b55744..9fa2251 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -164,15 +164,6 @@ version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" -[[package]] -name = "block-buffer" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" -dependencies = [ - "generic-array", -] - [[package]] name = "block-buffer" version = "0.10.2" @@ -207,7 +198,7 @@ dependencies = [ "serde", "serde_derive", "serde_json", - "serde_yaml 0.9.10", + "serde_yaml 0.9.13", "simple_logger", "tokio", ] @@ -282,7 +273,7 @@ dependencies = [ "hmac", "percent-encoding", "rand 0.8.3", - "sha2 0.10.2", + "sha2", "subtle", "time", "version_check", @@ -425,20 +416,11 @@ dependencies = [ [[package]] name = "digest" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" -dependencies = [ - "generic-array", -] - -[[package]] -name = "digest" -version = "0.10.3" +version = "0.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506" +checksum = "adfbc57365a37acbd2ebf2b64d7e69bb766e2fea813521ed536f5d0520dcf86c" dependencies = [ - "block-buffer 0.10.2", + "block-buffer", "crypto-common", "subtle", ] @@ -541,9 +523,9 @@ dependencies = [ [[package]] name = "futures" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab30e97ab6aacfe635fad58f22c2bb06c8b685f7421eb1e064a729e2a5f481fa" +checksum = "7f21eda599937fba36daeb58a22e8f5cee2d14c4a17b5b7739c7c8e5e3b8230c" dependencies = [ "futures-channel", "futures-core", @@ -556,9 +538,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2bfc52cbddcfd745bf1740338492bb0bd83d76c67b445f91c5fb29fae29ecaa1" +checksum = "30bdd20c28fadd505d0fd6712cdfcb0d4b5648baf45faef7f852afb2399bb050" dependencies = [ "futures-core", "futures-sink", @@ -566,15 +548,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2acedae88d38235936c3922476b10fced7b2b68136f5e3c03c2d5be348a1115" +checksum = "4e5aa3de05362c3fb88de6531e6296e85cde7739cccad4b9dfeeb7f6ebce56bf" [[package]] name = "futures-executor" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d11aa21b5b587a64682c0094c2bdd4df0076c5324961a40cc3abd7f37930528" +checksum = "9ff63c23854bee61b6e9cd331d523909f238fc7636290b96826e9cfa5faa00ab" dependencies = [ "futures-core", "futures-task", @@ -583,15 +565,15 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93a66fc6d035a26a3ae255a6d2bca35eda63ae4c5512bef54449113f7a1228e5" +checksum = "bbf4d2a7a308fd4578637c0b17c7e1c7ba127b8f6ba00b29f717e9655d85eb68" [[package]] name = "futures-macro" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0db9cce532b0eae2ccf2766ab246f114b56b9cf6d445e00c2549fbc100ca045d" +checksum = "42cd15d1c7456c04dbdf7e88bcd69760d74f3a798d6444e16974b505b0e62f17" dependencies = [ "proc-macro2", "quote", @@ -600,21 +582,21 @@ dependencies = [ [[package]] name = "futures-sink" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca0bae1fe9752cf7fd9b0064c674ae63f97b37bc714d745cbde0afb7ec4e6765" +checksum = "21b20ba5a92e727ba30e72834706623d94ac93a725410b6a6b6fbc1b07f7ba56" [[package]] name = "futures-task" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "842fc63b931f4056a24d59de13fb1272134ce261816e063e634ad0c15cdc5306" +checksum = "a6508c467c73851293f390476d4491cf4d227dbabcd4170f3bb6044959b294f1" [[package]] name = "futures-util" -version = "0.3.23" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0828a5471e340229c11c77ca80017937ce3c58cb788a17e5f1c2d5c485a9577" +checksum = "44fb6cb1be61cc1d2e43b262516aafcf63b241cffdb1d3fa115f91d9c7b09c90" dependencies = [ "futures-channel", "futures-core", @@ -753,7 +735,7 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest 0.10.3", + "digest", ] [[package]] @@ -1169,9 +1151,9 @@ checksum = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d" [[package]] name = "mio" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "713d550d9b44d89174e066b7a6217ae06234c10cb47819a88290d2b353c31799" +checksum = "57ee1c23c7c63b0c9250c339ffdc69255f110b298b901b9f6c82547b7b87caaf" dependencies = [ "libc", "log", @@ -1466,9 +1448,9 @@ dependencies = [ [[package]] name = "prometheus" -version = "0.13.1" +version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cface98dfa6d645ea4c789839f176e4b072265d085bfcc48eaa8d137f58d3c39" +checksum = "45c8babc29389186697fe5a2a4859d697825496b83db5d0b65271cdc0488e88c" dependencies = [ "cfg-if", "fnv", @@ -1861,9 +1843,9 @@ dependencies = [ [[package]] name = "rust-embed" -version = "6.4.0" +version = "6.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a17e5ac65b318f397182ae94e532da0ba56b88dd1200b774715d36c4943b1c3" +checksum = "e26934cd67a1da1165efe61cba4047cc1b4a526019da609fcce13a1000afb5fa" dependencies = [ "rust-embed-impl", "rust-embed-utils", @@ -1872,9 +1854,9 @@ dependencies = [ [[package]] name = "rust-embed-impl" -version = "6.2.0" +version = "6.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94e763e24ba2bf0c72bc6be883f967f794a019fafd1b86ba1daff9c91a7edd30" +checksum = "e35d7b402e273544cc08e0824aa3404333fab8a90ac43589d3d5b72f4b346e12" dependencies = [ "proc-macro2", "quote", @@ -1885,11 +1867,11 @@ dependencies = [ [[package]] name = "rust-embed-utils" -version = "7.2.0" +version = "7.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "756feca3afcbb1487a1d01f4ecd94cf8ec98ea074c55a69e7136d29fb6166029" +checksum = "c1669d81dfabd1b5f8e2856b8bbe146c6192b0ba22162edc738ac0a5de18f054" dependencies = [ - "sha2 0.9.8", + "sha2", "walkdir", ] @@ -2103,9 +2085,9 @@ dependencies = [ [[package]] name = "serde_yaml" -version = "0.9.10" +version = "0.9.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a09f551ccc8210268ef848f0bab37b306e87b85b2e017b899e7fb815f5aed62" +checksum = "8613d593412a0deb7bbd8de9d908efff5a0cb9ccd8f62c641e7b2ed2f57291d1" dependencies = [ "indexmap", "itoa 1.0.2", @@ -2116,26 +2098,13 @@ dependencies = [ [[package]] name = "sha2" -version = "0.9.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b69f9a4c9740d74c5baa3fd2e547f9525fa8088a8a958e0ca2409a514e33f5fa" -dependencies = [ - "block-buffer 0.9.0", - "cfg-if", - "cpufeatures", - "digest 0.9.0", - "opaque-debug", -] - -[[package]] -name = "sha2" -version = "0.10.2" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55deaec60f81eefe3cce0dc50bda92d6d8e88f2a27df7c5033b42afeb1ed2676" +checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" dependencies = [ "cfg-if", "cpufeatures", - "digest 0.10.3", + "digest", ] [[package]] @@ -2308,9 +2277,9 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "tokio" -version = "1.20.1" +version = "1.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a8325f63a7d4774dd041e363b2409ed1c5cbbd0f867795e661df066b2b0a581" +checksum = "0020c875007ad96677dcc890298f4b942882c5d4eb7cc8f439fc3bf813dc9c95" dependencies = [ "autocfg", "bytes", diff --git a/Cargo.toml b/Cargo.toml index f2bc772..63962aa 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,9 +13,9 @@ schemars = "0.8.10" serde = "1.0.144" serde_derive = "1.0.144" serde_json = "1.0.85" -serde_yaml = "0.9.10" -tokio = { version = "1.20.1", features = ["rt-multi-thread", "macros", "sync"]} -futures = "0.3.23" +serde_yaml = "0.9.13" +tokio = { version = "1.21.1", features = ["rt-multi-thread", "macros", "sync"]} +futures = "0.3.24" rocket = {version = "0.5.0-rc.2", features = ["tls", "json"]} rustls = "0.20.5" pyo3 = "0.17.1" @@ -23,9 +23,9 @@ pythonize = "0.17.0" rcgen = "0.9.3" base64 = "0.13.0" argh = "0.1.8" -rust-embed = "6.4.0" +rust-embed = "6.4.1" lazy_static = "1.4.0" -prometheus = {version = "0.13.1", features = ["process"]} +prometheus = {version = "0.13.2", features = ["process"]} json-patch = "0.2.6" exponential-backoff = "1.1.0" reqwest = {version="0.11.11"} diff --git a/src/audit.rs b/src/audit.rs index 6ed0c8f..d0b509b 100644 --- a/src/audit.rs +++ b/src/audit.rs @@ -1,8 +1,8 @@ use crate::crd::{Policy, PolicyStatus, Violation}; use crate::events::init_event_watcher; use crate::manager::Manager; -use crate::policy::{PolicyInfo, PolicyStore, PolicyStoreRef, load_policies_from_file}; -use crate::util::error::{kube_err, BridgekeeperError, Result, load_err}; +use crate::policy::{load_policies_from_file, PolicyInfo, PolicyStore, PolicyStoreRef}; +use crate::util::error::{kube_err, load_err, BridgekeeperError, Result}; use crate::util::k8s_client::{list_with_retry, patch_status_with_retry}; use argh::FromArgs; use k8s_openapi::api::core::v1::Namespace; @@ -15,7 +15,9 @@ use kube::{ }; use lazy_static::lazy_static; use prometheus::proto::MetricFamily; -use prometheus::{register_counter, register_gauge, register_gauge_vec, Counter, Gauge, GaugeVec, Encoder}; +use prometheus::{ + register_counter, register_gauge, register_gauge_vec, Counter, Encoder, Gauge, GaugeVec, +}; use serde_json::json; use std::time::SystemTime; use tokio::task; @@ -54,7 +56,7 @@ lazy_static! { .expect("creating metric always works"); } -#[derive(FromArgs, PartialEq, Debug)] +#[derive(FromArgs, PartialEq, Eq, Debug)] #[argh(subcommand, name = "audit")] /// Audit existing policies pub struct Args { @@ -68,8 +70,8 @@ pub struct Args { #[argh(switch)] all: bool, /// load policies from file instead of from kubernetes - #[argh(option, short='f')] - file: Vec + #[argh(option, short = 'f')] + file: Vec, } pub struct Auditor { @@ -92,7 +94,12 @@ impl Auditor { } } - pub async fn audit_policies(&self, print_violations: bool, update_status: bool, all: bool) -> Result<()> { + pub async fn audit_policies( + &self, + print_violations: bool, + update_status: bool, + all: bool, + ) -> Result<()> { let mut policies = Vec::new(); // While holding the lock only collect the policies, directly auditing them would make the future of the method not implement Send which breaks the task spawn { @@ -106,8 +113,9 @@ impl Auditor { for policy in policies.iter() { if let Err(err) = self .audit_policy(policy, print_violations, update_status) - .await { - return Err(err) + .await + { + return Err(err); } } let now: DateTime = SystemTime::now().into(); @@ -126,7 +134,10 @@ impl Auditor { println!("Auditing policy {}", policy.name); let (valid, reason) = crate::evaluator::validate_policy(&policy.name, &policy.policy); if !valid { - println!("Failed to validate policy: {}", reason.unwrap_or_else(||"N/A".to_string())); + println!( + "Failed to validate policy: {}", + reason.unwrap_or_else(|| "N/A".to_string()) + ); return Err(load_err("Policy is invalid")); } // collect all matching k8s resources @@ -147,8 +158,14 @@ impl Auditor { for namespace in namespaces.iter() { if policy.is_namespace_match(namespace) { // Initialize metrics - let _ = NUM_VIOLATIONS.get_metric_with_label_values(&[policy.name.as_str(), namespace.as_str()]); - let _ = NUM_CHECKED_OBJECTS.get_metric_with_label_values(&[policy.name.as_str(), namespace.as_str()]); + let _ = NUM_VIOLATIONS.get_metric_with_label_values(&[ + policy.name.as_str(), + namespace.as_str(), + ]); + let _ = NUM_CHECKED_OBJECTS.get_metric_with_label_values(&[ + policy.name.as_str(), + namespace.as_str(), + ]); // Retrieve objects let api = Api::::namespaced_with( self.k8s_client.clone(), @@ -163,9 +180,13 @@ impl Auditor { gen_target_identifier(resource_description, &object); let (result, message, _patch) = crate::evaluator::evaluate_policy_audit(policy, object); - NUM_CHECKED_OBJECTS.with_label_values(&[policy.name.as_str(), namespace.as_str()]).inc(); + NUM_CHECKED_OBJECTS + .with_label_values(&[policy.name.as_str(), namespace.as_str()]) + .inc(); if !result { - NUM_VIOLATIONS.with_label_values(&[policy.name.as_str(), namespace.as_str()]).inc(); + NUM_VIOLATIONS + .with_label_values(&[policy.name.as_str(), namespace.as_str()]) + .inc(); results.push((target_identifier, message)); } } @@ -174,7 +195,8 @@ impl Auditor { } else { // Initialize metrics let _ = NUM_VIOLATIONS.get_metric_with_label_values(&[policy.name.as_str(), ""]); - let _ = NUM_CHECKED_OBJECTS.get_metric_with_label_values(&[policy.name.as_str(), ""]); + let _ = + NUM_CHECKED_OBJECTS.get_metric_with_label_values(&[policy.name.as_str(), ""]); // Retrieve objects let api = Api::::all_with(self.k8s_client.clone(), resource_description); @@ -186,9 +208,13 @@ impl Auditor { let target_identifier = gen_target_identifier(resource_description, &object); let (result, message, _patch) = crate::evaluator::evaluate_policy_audit(policy, object); - NUM_CHECKED_OBJECTS.with_label_values(&[policy.name.as_str(), ""]).inc(); + NUM_CHECKED_OBJECTS + .with_label_values(&[policy.name.as_str(), ""]) + .inc(); if !result { - NUM_VIOLATIONS.with_label_values(&[policy.name.as_str(), ""]).inc(); + NUM_VIOLATIONS + .with_label_values(&[policy.name.as_str(), ""]) + .inc(); results.push((target_identifier, message)); } } @@ -379,7 +405,6 @@ async fn namespaces(k8s_client: Client) -> Result> { Ok(namespaces) } - pub async fn run(args: Args) { // First reset metrics NUM_VIOLATIONS.reset(); @@ -393,7 +418,7 @@ pub async fn run(args: Args) { let policies = PolicyStore::new(); let event_sender = init_event_watcher(&client); // Load policies either from kubernetes or from file - if args.file.len() > 0 { + if !args.file.is_empty() { for filename in args.file.iter() { load_policies_from_file(policies.clone(), filename).expect("failed to load policy"); } @@ -406,18 +431,20 @@ pub async fn run(args: Args) { } // Run audit let auditor = Auditor::new(client, policies); - match auditor.audit_policies(!args.silent, args.status, args.all).await { + match auditor + .audit_policies(!args.silent, args.status, args.all) + .await + { Ok(_) => { log::info!("Finished audit"); LAST_AUDIT_RUN_SUCCESSFUL.set(1.0); - }, + } Err(err) => log::error!("Audit failed: {}", err), }; - + // Push metrics let metric_families = prometheus::gather(); push_metrics(metric_families).await; - } pub async fn launch_loop(client: kube::Client, policies: PolicyStoreRef, interval: u32) { @@ -434,7 +461,6 @@ pub async fn launch_loop(client: kube::Client, policies: PolicyStoreRef, interva }); } - async fn push_metrics(metric_families: Vec) { let url = match std::env::var("PUSHGATEWAY_URL") { Ok(url) => { @@ -442,13 +468,12 @@ async fn push_metrics(metric_families: Vec) { return; } url - }, - Err(_) => return + } + Err(_) => return, }; let encoder = prometheus::TextEncoder::new(); let mut buffer = vec![]; - encoder - .encode(&metric_families, &mut buffer).unwrap(); + encoder.encode(&metric_families, &mut buffer).unwrap(); let body = String::from_utf8(buffer).unwrap(); let client = reqwest::Client::new(); @@ -457,8 +482,7 @@ async fn push_metrics(metric_families: Vec) { .body(body) .send() .await; - if let Err(err) = result { - log::error!("Failed to send metrics to pushgateway at {}: {}", url, err); - } + if let Err(err) = result { + log::error!("Failed to send metrics to pushgateway at {}: {}", url, err); + } } - diff --git a/src/evaluator.rs b/src/evaluator.rs index 753f356..b742e78 100644 --- a/src/evaluator.rs +++ b/src/evaluator.rs @@ -84,7 +84,7 @@ pub type PolicyEvaluatorRef = Arc; impl PolicyEvaluator { pub fn new(policies: PolicyStoreRef, event_sender: EventSender) -> PolicyEvaluatorRef { let evaluator = PolicyEvaluator { - policies: policies, + policies, event_sender, }; pyo3::prepare_freethreaded_python(); @@ -203,7 +203,9 @@ impl PolicyEvaluator { } } -pub fn validate_policy_admission(request: &admission::AdmissionRequest) -> (bool, Option) { +pub fn validate_policy_admission( + request: &admission::AdmissionRequest, +) -> (bool, Option) { if let Some(policy) = request.object.as_ref() { let name = match policy.metadata.name.as_ref() { Some(name) => name.as_str(), @@ -248,10 +250,11 @@ fn evaluate_policy( } else { fail(name, "Validation function not found in code") } - }, - Err(err) => { - fail(name, format!("Validation function could not be compiled: {}", err).as_str()) } + Err(err) => fail( + name, + format!("Validation function could not be compiled: {}", err).as_str(), + ), } }) } diff --git a/src/helper/cleanup.rs b/src/helper/cleanup.rs index 8d0a275..abc0214 100644 --- a/src/helper/cleanup.rs +++ b/src/helper/cleanup.rs @@ -6,7 +6,7 @@ use k8s_openapi::api::{ }; use kube::{api::Api, Client}; -#[derive(FromArgs, PartialEq, Debug)] +#[derive(FromArgs, PartialEq, Eq, Debug)] #[argh(subcommand, name = "cleanup")] /// Delete cert secret and webhook pub struct Args { diff --git a/src/helper/gencrd.rs b/src/helper/gencrd.rs index 50e77a1..2a3b27b 100644 --- a/src/helper/gencrd.rs +++ b/src/helper/gencrd.rs @@ -3,7 +3,7 @@ use argh::FromArgs; use kube::CustomResourceExt; use std::fs; -#[derive(FromArgs, PartialEq, Debug)] +#[derive(FromArgs, PartialEq, Eq, Debug)] #[argh(subcommand, name = "gencrd")] /// Generate crd yaml pub struct Args { diff --git a/src/helper/init.rs b/src/helper/init.rs index 01438a9..3f3f1a3 100644 --- a/src/helper/init.rs +++ b/src/helper/init.rs @@ -15,7 +15,7 @@ use std::{ path::Path, }; -#[derive(FromArgs, PartialEq, Debug)] +#[derive(FromArgs, PartialEq, Eq, Debug)] #[argh(subcommand, name = "init")] /// create server cert secret and webhook pub struct Args { diff --git a/src/policy.rs b/src/policy.rs index ad69d6a..8c5251e 100644 --- a/src/policy.rs +++ b/src/policy.rs @@ -1,14 +1,13 @@ use crate::crd::{Policy, PolicySpec}; -use crate::util::error::{Result, load_err}; +use crate::util::error::{load_err, Result}; use k8s_openapi::api::core::v1::ObjectReference as KubeObjectReference; use kube::api::GroupVersionKind; use kube::core::Resource; use lazy_static::lazy_static; use prometheus::{register_gauge, Gauge}; +use serde::Deserialize; use std::collections::HashMap; use std::sync::{Arc, Mutex}; -use serde::Deserialize; - lazy_static! { static ref ACTIVE_POLICIES: Gauge = @@ -114,7 +113,6 @@ impl PolicyInfo { } } - impl PolicyStore { pub fn add_policy(&mut self, policy: Policy) -> Option { let ref_info = create_object_reference(&policy); diff --git a/src/server.rs b/src/server.rs index 14676d3..84a9d20 100644 --- a/src/server.rs +++ b/src/server.rs @@ -6,7 +6,7 @@ use crate::events::init_event_watcher; use crate::manager::Manager; use crate::policy::PolicyStore; -#[derive(FromArgs, PartialEq, Debug)] +#[derive(FromArgs, PartialEq, Eq, Debug)] #[argh(subcommand, name = "server")] /// run server with admission webhook endpoint pub struct Args { @@ -44,7 +44,7 @@ pub async fn run(args: Args) { &cert, &args.local, args.strict_admission, - args.admission_timeout_seconds + args.admission_timeout_seconds, ) .await; diff --git a/src/util/error.rs b/src/util/error.rs index e5fb11c..f48ce75 100644 --- a/src/util/error.rs +++ b/src/util/error.rs @@ -11,7 +11,7 @@ impl std::fmt::Display for BridgekeeperError { match self { BridgekeeperError::KubernetesError(reason) => { f.write_fmt(format_args!("KubernetesError: {}", reason)) - }, + } BridgekeeperError::LoadPolicyError(reason) => { f.write_fmt(format_args!("LoadPolicyError: {}", reason)) } @@ -20,9 +20,9 @@ impl std::fmt::Display for BridgekeeperError { } pub fn kube_err(err: T) -> BridgekeeperError { - return BridgekeeperError::KubernetesError(format!("{}", err)); + BridgekeeperError::KubernetesError(format!("{}", err)) } pub fn load_err(err: T) -> BridgekeeperError { - return BridgekeeperError::LoadPolicyError(format!("{}", err)); + BridgekeeperError::LoadPolicyError(format!("{}", err)) } diff --git a/src/util/webhook.rs b/src/util/webhook.rs index c97ccf1..d487183 100644 --- a/src/util/webhook.rs +++ b/src/util/webhook.rs @@ -15,7 +15,7 @@ pub async fn create_admission_webhook( cert: &CertKeyPair, local: &Option, strict_admission: bool, - timeout_seconds: Option + timeout_seconds: Option, ) -> Result<()> { let webhook_data = if local.is_some() { Assets::get("admission-controller-local.yaml") @@ -33,7 +33,7 @@ pub async fn create_admission_webhook( cert, local, strict_admission, - timeout_seconds.unwrap_or(5) + timeout_seconds.unwrap_or(5), ) .await { @@ -64,7 +64,7 @@ pub async fn create_policy_validation_webhook( cert, local, strict_admission, - 5 + 5, ) .await {