added filter_policies_by_version (#30)

redhat-cop · Jul 22, 2021 · 835e4d2 · 835e4d2
1 parent 91f57d9
commit 835e4d2
Show file tree

Hide file tree

Showing 9 changed files with 90 additions and 13 deletions.
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
@@ -10,7 +10,9 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Run ShellCheck
-        uses: ludeeus/action-shellcheck@master
+        uses: ludeeus/action-shellcheck@1.1.0
+        env:
+          SHELLCHECK_OPTS: -x
         with:
           ignore: test
 

diff --git a/load.bash b/load.bash
@@ -8,17 +8,17 @@ command -v conftest &> /dev/null || { echo >&2 'ERROR: conftest not installed -
 # Two versions of yq exist, check its the correct one
 [[ $(yq --help | grep -c "jq wrapper") -eq 1 ]] || { echo >&2 'ERROR: found yq installed but not the jq wrapper version (https://github.com/kislyuk/yq) - Aborting'; exit 1; }
 
-# shellcheck disable=SC1090
+# shellcheck source=./src/yaml-json-manipulation.bash
 source "$(dirname "${BASH_SOURCE[0]}")/src/yaml-json-manipulation.bash"
 
-# shellcheck disable=SC1090
+# shellcheck source=./src/error-handling.bash
 source "$(dirname "${BASH_SOURCE[0]}")/src/error-handling.bash"
 
-# shellcheck disable=SC1090
+# shellcheck source=./src/helm.bash
 source "$(dirname "${BASH_SOURCE[0]}")/src/helm.bash"
 
-# shellcheck disable=SC1090
+# shellcheck source=./src/conftest.bash
 source "$(dirname "${BASH_SOURCE[0]}")/src/conftest.bash"
 
-# shellcheck disable=SC1090
+# shellcheck source=./src/dollar.bash
 source "$(dirname "${BASH_SOURCE[0]}")/src/dollar.bash"
diff --git a/src/conftest.bash b/src/conftest.bash
@@ -57,4 +57,48 @@ get_rego_namespaces() {
   fi
 
   echo "${namespaces[*]}"
-}
+}
+
+# filter_policies_by_version
+# ====================
+#
+# Summary: Filters (via rm -f) deprek8ion and redhat-cop based on the version in the path
+#
+# Usage: filter_policies_by_version ${deprek8ion_k8s_version} ${redhatcop_ocp_version}
+#
+# Options:
+#   <deprek8ion_k8s_version>    Max version to use for deprek8ion policies
+#   <redhatcop_ocp_version>     Max version to use for redhat-cop deprecated policies
+#   <policy_dir>                Directory where policies are, defaults to: policy
+# Globals:
+#   none
+# Returns:
+#   none
+filter_policies_by_version() {
+  local deprek8ion_k8s_version="${1}"
+  local redhatcop_ocp_version="${2}"
+  local policy_dir="${3:-policy}"
+
+  if [[ -n "${deprek8ion_k8s_version}" ]]; then
+    # shellcheck disable=SC2038
+    for file in $(find "${policy_dir}" -name "kubernetes-*.rego" -type f | xargs); do
+      k8s_ver=$(echo "$file" | awk '{split($0,a,"-"); split(a[2],b,".rego"); print b[1]}')
+      if [[ $(echo "$k8s_ver > $deprek8ion_k8s_version" | bc -l) -eq 1 ]]; then
+        #echo "DEBUG: Matched deprek8ion: $file"
+        rm -f "${file}"
+      fi
+    done
+  fi
+
+  if [[ -n "${redhatcop_ocp_version}" ]]; then
+    # shellcheck disable=SC2038
+    for dir in $(find "${policy_dir}/ocp/deprecated" -name "[0-9]_*" -type d -maxdepth 1 | xargs); do
+      ocp_ver=$(basename "${dir}" | awk '{sub("_",".",$0); print $0}')
+      echo "$ocp_ver > $redhatcop_ocp_version"
+      if [[ $(echo "$ocp_ver > $redhatcop_ocp_version" | bc -l) -eq 1 ]]; then
+        #echo "DEBUG: Matched redhat-cop: $dir"
+        rm -rf "${dir}"
+      fi
+    done
+  fi
+}
diff --git a/src/dollar.bash b/src/dollar.bash
@@ -29,4 +29,4 @@ file_contains_dollar() {
       fi
     fi
   done
-}
+}
diff --git a/src/error-handling.bash b/src/error-handling.bash
@@ -37,4 +37,4 @@ print_info() {
 
   batslib_err "# Output"
   batslib_err "${output}"
-}
+}
diff --git a/src/helm.bash b/src/helm.bash
@@ -38,4 +38,4 @@ helm_template() {
   fi
 
   echo "${tmp_write_dir}"
-}
+}
diff --git a/src/yaml-json-manipulation.bash b/src/yaml-json-manipulation.bash
@@ -95,4 +95,4 @@ _create_tmp_write_dir() {
   mkdir -p "${tmp_write_dir}"
 
   echo "${tmp_write_dir}"
-}
+}
diff --git a/test/load.bash b/test/load.bash
@@ -1,5 +1,6 @@
 # Check all the dev-tools are installed
 command -v diff &> /dev/null || { echo >&2 'ERROR: diff not installed - Aborting'; exit 1; }
+command -v bc &> /dev/null || { echo >&2 'ERROR: bc not installed - Aborting'; exit 1; }
 
-# shellcheck disable=SC1090
+# shellcheck source=../load.bash
 source "$(dirname "${BASH_SOURCE[0]}")/../load.bash"
diff --git a/test/tests.sh b/test/tests.sh
@@ -62,6 +62,7 @@ setup_file() {
   [ "$status" -eq 0 ]
   [ "${lines[0]}" = "list-input.yml" ]
   [ "${lines[1]}" = "template-input.yml" ]
+  [[ "${#lines[@]}" -eq 2 ]]
 }
 
 @test "split_files - Directory with sub directories containing same filenames" {
@@ -73,6 +74,7 @@ setup_file() {
   [ "$status" -eq 0 ]
   [ "${lines[0]}" = "a_list-input.yml" ]
   [ "${lines[1]}" = "b_list-input.yml" ]
+  [[ "${#lines[@]}" -eq 2 ]]
 }
 
 @test "print_info" {
@@ -142,6 +144,7 @@ setup_file() {
   echo "${output}"
   [ "$status" -eq 0 ]
   [ "${lines[0]}" = "--namespace ocp.deprecated.ocp4_1.buildconfig_custom_strategy" ]
+  [[ "${#lines[@]}" -eq 1 ]]
 }
 
 @test "get_rego_namespaces - group regex" {
@@ -160,6 +163,7 @@ setup_file() {
   echo "${output}"
   [ "$status" -eq 0 ]
   [ "${lines[0]}" = "--namespace ocp.deprecated.ocp4_1.buildconfig_custom_strategy --namespace ocp.deprecated.ocp4_3.buildconfig_jenkinspipeline_strategy" ]
+  [[ "${#lines[@]}" -eq 1 ]]
 }
 
 @test "get_rego_namespaces - negative lookahead with group - ignore deprecated 4.1" {
@@ -178,6 +182,7 @@ setup_file() {
   echo "${output}"
   [ "$status" -eq 0 ]
   [ "${lines[0]}" = "--namespace ocp.deprecated.ocp4_2.authorization_openshift --namespace ocp.deprecated.ocp4_2.automationbroker_v1alpha1 --namespace ocp.deprecated.ocp4_2.catalogsourceconfigs_v1 --namespace ocp.deprecated.ocp4_2.catalogsourceconfigs_v2 --namespace ocp.deprecated.ocp4_2.operatorsources_v1 --namespace ocp.deprecated.ocp4_2.osb_v1 --namespace ocp.deprecated.ocp4_2.servicecatalog_v1beta1 --namespace ocp.deprecated.ocp4_3.buildconfig_jenkinspipeline_strategy" ]
+  [[ "${#lines[@]}" -eq 1 ]]
 }
 
 @test "get_rego_namespaces - multiple negative lookahead with single - ignore deprecated 4.1/4.2" {
@@ -188,4 +193,29 @@ setup_file() {
   echo "${output}"
   [ "$status" -eq 0 ]
   [ "${lines[0]}" = "--namespace ocp.deprecated.ocp4_3.buildconfig_jenkinspipeline_strategy" ]
-}
+  [[ "${#lines[@]}" -eq 1 ]]
+}
+
+@test "filter_policies - deprek8ion" {
+  conftest pull github.com/swade1987/deprek8ion.git//policies
+  filter_policies_by_version "1.16" ""
+
+  run ls policy/kubernetes-*
+
+  echo "${output}"
+  [ "$status" -eq 0 ]
+  [ "${lines[0]}" = "policy/kubernetes-1.16.rego" ]
+  [[ "${#lines[@]}" -eq 1 ]]
+}
+
+@test "filter_policies - redhat-cop" {
+  conftest pull github.com/redhat-cop/rego-policies.git//policy
+  filter_policies_by_version "" "3.11"
+
+  run ls -d policy/ocp/deprecated/[0-9]_*
+
+  echo "${output}"
+  [ "$status" -eq 0 ]
+  [ "${lines[0]}" = "policy/ocp/deprecated/3_11" ]
+  [[ "${#lines[@]}" -eq 1 ]]
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -29,4 +29,4 @@ file_contains_dollar() { @@
           fi
         fi
       done
-    }
+    }