Documentation
¶
Index ¶
- Variables
- func NodeFromMapping(parentNode *yaml.Node, key string) (*yaml.Node, error)
- func ReadConfig(filename string) (*types.ImageConfiguration, error)
- type ConditionFunc
- type Config
- type ConfigCheck
- type EvalResult
- type EvalRuleError
- type EvalRuleErrors
- type Function
- type Linter
- type Option
- type Options
- type Result
- type Rule
- type Rules
- type Severity
Constants ¶
This section is empty.
Variables ¶
View Source
var AllRules = func(l *Linter) Rules { return Rules{ { Name: "paths-permissions", Description: "Checks if the permissions of the paths in the image are correct.", Severity: SeverityError, LintFunc: func(c types.ImageConfiguration) error { var errs []error for _, p := range c.Paths { if p.Permissions > 0o777 { errs = append(errs, errors.New("path '/var/lib/postgresql/data' has invalid permissions '1411'")) } } return errors.Join(errs...) }, }, { Name: "tf-minimal", Description: "Checks if TF image config omits unnecessary fields.", Severity: SeverityError, LintFunc: func(c types.ImageConfiguration) error { var errs []error if len(c.Contents.Keyring) != 0 { errs = append(errs, errors.New("keyring is not empty")) } if len(c.Contents.Repositories) != 0 { errs = append(errs, errors.New("repositories is not empty")) } if len(c.Archs) != 0 { errs = append(errs, errors.New("archs is not empty")) } if slices.Contains(c.Contents.Packages, "wolfi-baselayout") { errs = append(errs, errors.New("wolfi-baselayout is in packages")) } if slices.Contains(c.Contents.Packages, "ca-certificates-bundle") { errs = append(errs, errors.New("ca-certificates-bundle is in packages, but is already present from wolfi-baselayout")) } if slices.Contains(c.Contents.Packages, "chainguard-baselayout") { errs = append(errs, errors.New("chainguard-baselayout is in packages")) } return errors.Join(errs...) }, ConditionFuncs: []ConditionFunc{ func(path string) bool { _, err := os.Stat(filepath.Join(filepath.Dir(path), "..", "main.tf")) return err == nil }, }, }, { Name: "accounts-runas", Description: "Checks if the runas field is set properly for all accounts.", Severity: SeverityError, LintFunc: func(c types.ImageConfiguration) error { var errs []error if c.Accounts.RunAs != "" { uid, err := strconv.ParseUint(c.Accounts.RunAs, 10, 16) if err != nil { errs = append(errs, errors.New("runas is not a valid numeric uid")) } if uid > 65536 { errs = append(errs, errors.New("runas is not a valid uid (out of range)")) } } return errors.Join(errs...) }, }, { Name: "tagged-repository-in-environment-repos", Description: "remove tagged repositories like @local from the repositories block", Severity: SeverityError, LintFunc: func(c types.ImageConfiguration) error { for _, repo := range c.Contents.Repositories { if repo[0] == '@' { return fmt.Errorf("repository %q is tagged", repo) } } return nil }, }, } }
AllRules is a list of all available rules to evaluate.
Functions ¶
func NodeFromMapping ¶
NodeFromMapping takes a yaml.Node (a mapping) and uses yit to find a child node in the mapping with the given key.
func ReadConfig ¶
func ReadConfig(filename string) (*types.ImageConfiguration, error)
ReadConfig reads a single apko config from the provided filename.
Types ¶
type ConditionFunc ¶
ConditionFunc is a function that checks if a rule should be executed. dir is the path to the detected apko YAML file.
type Config ¶
type Config struct {
Config types.ImageConfiguration
Filename string
Dir string
NoLint []string
Hash string
}
func ReadAllConfigs ¶
type ConfigCheck ¶
type ConfigCheck struct {
Contents types.ImageContents `yaml:"contents"`
}
type EvalResult ¶
type EvalResult struct {
// File is the name of the file that was evaluated against.
File string
// Errors is a list of validation errors for each rule.
Errors EvalRuleErrors
}
EvalResult represents the result of an evaluation for a single configuration.
type EvalRuleError ¶
type EvalRuleError struct {
// Rule is the rule that caused the error.
Rule Rule
// Error is the error that occurred.
Error error
}
EvalRuleError represents an error that occurred during single rule evaluation.
type EvalRuleErrors ¶
type EvalRuleErrors []EvalRuleError
EvalRuleErrors returns a list of EvalError.
func (EvalRuleErrors) WrapErrors ¶
func (e EvalRuleErrors) WrapErrors() error
WrapErrors wraps multiple errors into a single error.
type Function ¶
type Function func(types.ImageConfiguration) error
Function is a function that lints a single configuration.
type Linter ¶
type Linter struct {
// contains filtered or unexported fields
}
Linter represents a linter instance.
type Option ¶
type Option func(*Options)
Option represents a linter option.
func WithSkipRules ¶
WithSkipRules sets the skip rules option.
type Options ¶
type Options struct {
// Path is the path to the file or directory to lint
Path string
// Verbose prints the details of the linting errors.
Verbose bool
// Skip rules removes the given slice of rules to be checked
SkipRules []string
}
Options represents the options to configure the linter.
type Rule ¶
type Rule struct {
// Name is the name of the rule.
Name string
// Description is the description of the rule.
Description string
// Severity is the severity of the rule.
Severity Severity
// LintFunc is the function that lints a single configuration.
LintFunc Function
// ConditionFuncs is a list of and-conditioned functions that check if the rule should be executed.
ConditionFuncs []ConditionFunc
}
Rule represents a linter rule.
Source Files
Click to show internal directories.
Click to hide internal directories.