From 8e641f35489c67b74b30f803f8c784f9ec99f025 Mon Sep 17 00:00:00 2001 From: Jonas Wielage Date: Fri, 28 Jun 2024 14:13:56 +0200 Subject: [PATCH 1/5] SONARIAC-1312 S6897: Should not raise with LimitRange in the same namespace setting Storage Requests --- .../kubernetes/checks/AbstractLimitCheck.java | 20 +++-- .../checks/AbstractRequestCheck.java | 14 +++ .../AbstractResourceManagementCheck.java | 9 +- .../iac/kubernetes/checks/CpuLimitCheck.java | 8 +- .../kubernetes/checks/MemoryLimitCheck.java | 19 +---- .../kubernetes/checks/MemoryRequestCheck.java | 22 +---- .../kubernetes/checks/StorageLimitCheck.java | 19 +---- .../checks/StorageRequestCheck.java | 4 +- .../checks/StorageRequestCheckTest.java | 16 +++- .../storage_request_deployment_helm.yaml | 34 -------- .../{StorageRequestChart => helm}/Chart.yaml | 0 .../helm/templates/limitRange.yaml | 43 ++++++++++ .../storage_request_deployment_helm.yaml | 85 +++++++++++++++++++ .../{StorageRequestChart => helm}/values.yaml | 0 .../StorageRequestCheck/limitRange.yaml | 43 ++++++++++ .../storage_request_deployment.yaml | 1 + .../storage_request_deployment_no_issue.yaml | 49 +++++++++++ 17 files changed, 283 insertions(+), 103 deletions(-) delete mode 100644 iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/StorageRequestChart/templates/storage_request_deployment_helm.yaml rename iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/{StorageRequestChart => helm}/Chart.yaml (100%) create mode 100644 iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/templates/limitRange.yaml create mode 100644 iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/templates/storage_request_deployment_helm.yaml rename iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/{StorageRequestChart => helm}/values.yaml (100%) create mode 100644 iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/limitRange.yaml create mode 100644 iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/storage_request_deployment_no_issue.yaml diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java index a47a3ea0da..3861c3f7b9 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java @@ -19,13 +19,13 @@ */ package org.sonar.iac.kubernetes.checks; -import java.util.Set; +import java.util.Collection; import org.sonar.iac.kubernetes.model.LimitRange; +import org.sonar.iac.kubernetes.model.LimitRangeItem; public abstract class AbstractLimitCheck extends AbstractResourceManagementCheck { private static final String RESOURCE_MANAGEMENT_TYPE = "limits"; - private static final Set LIMIT_TYPES = Set.of("Pod", "Container"); String getResourceManagementName() { return RESOURCE_MANAGEMENT_TYPE; @@ -36,11 +36,19 @@ Class getGlobalResourceType() { return LimitRange.class; } - protected Set getLimitTypes() { - return LIMIT_TYPES; - } - abstract String getResourceName(); abstract String getMessage(); + + @Override + protected boolean hasLimitDefinedGlobally(Collection globalResources) { + return globalResources.stream() + .flatMap(limitRange -> limitRange.limits().stream()) + .anyMatch(this::hasLimitWithResourceName); + } + + boolean hasLimitWithResourceName(LimitRangeItem limitRangeItem) { + var defaultLimit = limitRangeItem.defaultMap().get(getResourceName()); + return getLimitRangeLimitTypes().contains(limitRangeItem.type()) && startsWithDigit(defaultLimit); + } } diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java index 06ec49b22c..782b9fe6e7 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java @@ -19,7 +19,9 @@ */ package org.sonar.iac.kubernetes.checks; +import java.util.Collection; import org.sonar.iac.kubernetes.model.LimitRange; +import org.sonar.iac.kubernetes.model.LimitRangeItem; public abstract class AbstractRequestCheck extends AbstractResourceManagementCheck { @@ -33,4 +35,16 @@ Class getGlobalResourceType() { String getResourceManagementName() { return RESOURCE_MANAGEMENT_TYPE; } + + @Override + protected boolean hasLimitDefinedGlobally(Collection globalResources) { + return globalResources.stream() + .flatMap(limitRange -> limitRange.limits().stream()) + .anyMatch(this::hasRequestWithResourceName); + } + + boolean hasRequestWithResourceName(LimitRangeItem limitRangeItem) { + var defaultRequest = limitRangeItem.defaultRequestMap().get(getResourceName()); + return getLimitRangeLimitTypes().contains(limitRangeItem.type()) && startsWithDigit(defaultRequest); + } } diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java index caf170ed3c..241981a37c 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java @@ -22,6 +22,7 @@ import java.util.Collection; import java.util.List; import java.util.Optional; +import java.util.Set; import java.util.stream.Stream; import javax.annotation.Nullable; import org.sonar.iac.common.api.tree.HasTextRange; @@ -35,7 +36,9 @@ public abstract class AbstractResourceManagementCheck extends AbstractKubernetesObjectCheck { protected static final String KIND_POD = "Pod"; - protected static final List KIND_WITH_TEMPLATE = List.of("DaemonSet", "Deployment", "Job", "ReplicaSet", "ReplicationController", "StatefulSet", "CronJob"); + protected static final List KIND_WITH_TEMPLATE = List.of( + "DaemonSet", "Deployment", "Job", "ReplicaSet", "ReplicationController", "StatefulSet", "CronJob"); + protected static final Set LIMIT_RANGE_LIMIT_TYPES = Set.of("Pod", "Container"); @Override boolean shouldVisitWholeDocument() { @@ -90,6 +93,10 @@ protected boolean hasLimitDefinedGlobally(Collection globalResources) { return false; } + protected Set getLimitRangeLimitTypes() { + return LIMIT_RANGE_LIMIT_TYPES; + } + abstract String getResourceManagementName(); abstract String getResourceName(); diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuLimitCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuLimitCheck.java index ff4e350e41..f5f35f34fd 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuLimitCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuLimitCheck.java @@ -20,7 +20,6 @@ package org.sonar.iac.kubernetes.checks; import java.util.Collection; -import java.util.Set; import org.sonar.check.Rule; import org.sonar.iac.kubernetes.model.LimitRange; import org.sonar.iac.kubernetes.model.LimitRangeItem; @@ -29,13 +28,12 @@ public class CpuLimitCheck extends AbstractLimitCheck { private static final String MESSAGE = "Specify a CPU limit for this container."; private static final String KEY = "cpu"; - private static final Set LIMIT_TYPES = Set.of("Pod", "Container"); @Override protected boolean hasLimitDefinedGlobally(Collection globalResources) { return globalResources.stream() .flatMap(limitRange -> limitRange.limits().stream()) - .anyMatch(CpuLimitCheck::hasCpuLimit); + .anyMatch(this::hasCpuLimit); } @Override @@ -48,7 +46,7 @@ String getMessage() { return MESSAGE; } - private static boolean hasCpuLimit(LimitRangeItem limitRangeItem) { - return LIMIT_TYPES.contains(limitRangeItem.type()) && limitRangeItem.defaultMap().containsKey("cpu"); + private boolean hasCpuLimit(LimitRangeItem limitRangeItem) { + return getLimitRangeLimitTypes().contains(limitRangeItem.type()) && limitRangeItem.defaultMap().containsKey("cpu"); } } diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/MemoryLimitCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/MemoryLimitCheck.java index d4d7b96cd7..5d4494d7d2 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/MemoryLimitCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/MemoryLimitCheck.java @@ -19,35 +19,20 @@ */ package org.sonar.iac.kubernetes.checks; -import java.util.Collection; import org.sonar.check.Rule; -import org.sonar.iac.kubernetes.model.LimitRange; -import org.sonar.iac.kubernetes.model.LimitRangeItem; @Rule(key = "S6864") public class MemoryLimitCheck extends AbstractLimitCheck { private static final String MESSAGE = "Specify a memory limit for this container."; - private static final String KEY = "memory"; - - @Override - protected boolean hasLimitDefinedGlobally(Collection globalResources) { - return globalResources.stream() - .flatMap(limitRange -> limitRange.limits().stream()) - .anyMatch(this::hasMemoryLimit); - } + private static final String RESOURCE_NAME = "memory"; @Override String getResourceName() { - return KEY; + return RESOURCE_NAME; } @Override String getMessage() { return MESSAGE; } - - private boolean hasMemoryLimit(LimitRangeItem limitRangeItem) { - var defaultMemoryLimit = limitRangeItem.defaultMap().get(KEY); - return getLimitTypes().contains(limitRangeItem.type()) && startsWithDigit(defaultMemoryLimit); - } } diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/MemoryRequestCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/MemoryRequestCheck.java index 125ec6288f..397a71af85 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/MemoryRequestCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/MemoryRequestCheck.java @@ -19,34 +19,16 @@ */ package org.sonar.iac.kubernetes.checks; -import java.util.Collection; -import java.util.Set; import org.sonar.check.Rule; -import org.sonar.iac.kubernetes.model.LimitRange; -import org.sonar.iac.kubernetes.model.LimitRangeItem; @Rule(key = "S6873") public class MemoryRequestCheck extends AbstractRequestCheck { private static final String MESSAGE = "Specify a memory request for this container."; - private static final String KEY = "memory"; - - private static final Set LIMIT_TYPES = Set.of("Pod", "Container"); - - @Override - protected boolean hasLimitDefinedGlobally(Collection globalResources) { - return globalResources.stream() - .flatMap(limitRange -> limitRange.limits().stream()) - .anyMatch(MemoryRequestCheck::hasMemoryRequest); - } - - private static boolean hasMemoryRequest(LimitRangeItem limitRangeItem) { - var defaultMemoryRequest = limitRangeItem.defaultRequestMap().get(KEY); - return LIMIT_TYPES.contains(limitRangeItem.type()) && startsWithDigit(defaultMemoryRequest); - } + private static final String RESOURCE_NAME = "memory"; @Override String getResourceName() { - return KEY; + return RESOURCE_NAME; } @Override diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/StorageLimitCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/StorageLimitCheck.java index 72200be048..9d6e19cc38 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/StorageLimitCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/StorageLimitCheck.java @@ -19,35 +19,20 @@ */ package org.sonar.iac.kubernetes.checks; -import java.util.Collection; import org.sonar.check.Rule; -import org.sonar.iac.kubernetes.model.LimitRange; -import org.sonar.iac.kubernetes.model.LimitRangeItem; @Rule(key = "S6870") public class StorageLimitCheck extends AbstractLimitCheck { private static final String MESSAGE = "Specify a storage limit for this container."; - private static final String KEY = "ephemeral-storage"; + private static final String RESOURCE_NAME = "ephemeral-storage"; @Override String getResourceName() { - return KEY; + return RESOURCE_NAME; } @Override String getMessage() { return MESSAGE; } - - @Override - protected boolean hasLimitDefinedGlobally(Collection globalResources) { - return globalResources.stream() - .flatMap(limitRange -> limitRange.limits().stream()) - .anyMatch(this::hasStorageLimit); - } - - private boolean hasStorageLimit(LimitRangeItem limitRangeItem) { - var defaultStorageLimit = limitRangeItem.defaultMap().get(KEY); - return getLimitTypes().contains(limitRangeItem.type()) && startsWithDigit(defaultStorageLimit); - } } diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/StorageRequestCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/StorageRequestCheck.java index c76d813e4e..3431525742 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/StorageRequestCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/StorageRequestCheck.java @@ -24,11 +24,11 @@ @Rule(key = "S6897") public class StorageRequestCheck extends AbstractRequestCheck { private static final String MESSAGE = "Specify a storage request for this container."; - private static final String KEY = "ephemeral-storage"; + private static final String RESOURCE_NAME = "ephemeral-storage"; @Override String getResourceName() { - return KEY; + return RESOURCE_NAME; } @Override diff --git a/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/StorageRequestCheckTest.java b/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/StorageRequestCheckTest.java index cdb7bc0d72..145b7bd510 100644 --- a/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/StorageRequestCheckTest.java +++ b/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/StorageRequestCheckTest.java @@ -48,6 +48,20 @@ void testPodKind() { @Test void testPodKindForHelm() { - KubernetesVerifier.verify("StorageRequestCheck/StorageRequestChart/templates/storage_request_deployment_helm.yaml", check); + KubernetesVerifier.verify("StorageRequestCheck/helm/templates/storage_request_deployment_helm.yaml", check); + } + + @MethodSource("sensitiveKinds") + @ParameterizedTest(name = "[{index}] should raise no storage memory request issue for kind: \"{0}\" because of limit range") + void testKindWithTemplateAndNamespace(String kind) { + String content = readTemplateAndReplace("StorageRequestCheck/storage_request_deployment.yaml", kind); + KubernetesVerifier.verifyContent(content, "StorageRequestCheck", check, "StorageRequestCheck/limitRange.yaml"); + } + + @Test + void testGlobalLimitRangeNoIssues() { + KubernetesVerifier.verifyNoIssue("StorageRequestCheck/storage_request_deployment_no_issue.yaml", + check, + "StorageRequestCheck/limitRange.yaml"); } } diff --git a/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/StorageRequestChart/templates/storage_request_deployment_helm.yaml b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/StorageRequestChart/templates/storage_request_deployment_helm.yaml deleted file mode 100644 index a0aece7092..0000000000 --- a/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/StorageRequestChart/templates/storage_request_deployment_helm.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: example-storage-limit -spec: - containers: - - name: {{ .Values.container.name }} # Noncompliant - image: nginx - resources: - # The check expect "request" to be specified here, so the container is Non-compliant - limits: - ephemeral-storage: {{ .Values.container.storage.limit }} ---- -apiVersion: v1 -kind: Pod -metadata: - name: example-no-resources -spec: - containers: - - name: {{ .Values.container.name }} # Noncompliant - image: nginx - # Missing resources ---- -apiVersion: v1 -kind: Pod -metadata: - name: example-compliant -spec: - containers: - - name: {{ .Values.container.name }} # Compliant - image: nginx - resources: - requests: - ephemeral-storage: {{ .Values.container.storage.request }} diff --git a/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/StorageRequestChart/Chart.yaml b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/Chart.yaml similarity index 100% rename from iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/StorageRequestChart/Chart.yaml rename to iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/Chart.yaml diff --git a/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/templates/limitRange.yaml b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/templates/limitRange.yaml new file mode 100644 index 0000000000..15756ff4e7 --- /dev/null +++ b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/templates/limitRange.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-range-container + namespace: with-limit-range-container +spec: + limits: + - defaultRequest: + ephemeral-storage: "10Mi" + type: Container +--- +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-range-pod + namespace: with-limit-range-pod +spec: + limits: + - defaultRequest: + ephemeral-storage: "10Mi" + type: Pod +--- +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-range-pvc + namespace: with-limit-range-pvc +spec: + limits: + - defaultRequest: + ephemeral-storage: "10Mi" + type: PersistentVolumeClaim +--- +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-range-cpu + namespace: with-limit-range-cpu +spec: + limits: + - defaultRequest: + cpu: "0.5" + type: Pod diff --git a/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/templates/storage_request_deployment_helm.yaml b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/templates/storage_request_deployment_helm.yaml new file mode 100644 index 0000000000..c5f3052423 --- /dev/null +++ b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/templates/storage_request_deployment_helm.yaml @@ -0,0 +1,85 @@ +apiVersion: v1 +kind: Pod +metadata: + name: example-storage-limit +spec: + containers: + - name: {{ .Values.container.name }} # Noncompliant + image: nginx + resources: + # The check expect "request" to be specified here, so the container is Non-compliant + limits: + ephemeral-storage: {{ .Values.container.storage.limit }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: example-no-limit-range + namespace: namespace-no-limit-range +spec: + containers: + - name: {{ .Values.container.name }} # Noncompliant + image: nginx + # Missing resources +--- +apiVersion: v1 +kind: Pod +metadata: + name: example-limit-range-container + namespace: with-limit-range-container +spec: + containers: + # Compliant there is LimitRange for container + - name: {{ .Values.container.name }} + image: nginx + volumeMounts: + - name: ephemeral + mountPath: "/tmp" +--- +apiVersion: v1 +kind: Pod +metadata: + name: example-limit-range-for-pod + namespace: with-limit-range-pod +spec: + containers: + # Compliant there is LimitRange for pod + - name: {{ .Values.container.name }} + image: nginx +--- +apiVersion: v1 +kind: Pod +metadata: + name: example-limit-range-for-pvc + namespace: with-limit-range-pvc +spec: + containers: + # Noncompliant@+1 + - name: {{ .Values.container.name }} + # ^^^^^^^^^^^^^^^^^^^^^^ + image: nginx +--- +apiVersion: v1 +kind: Pod +metadata: + name: example-limit-range-for-cpu + namespace: with-limit-range-cpu +spec: + containers: + # Noncompliant@+1 + - name: {{ .Values.container.name }} + # ^^^^^^^^^^^^^^^^^^^^^^ + image: nginx + +--- +apiVersion: v1 +kind: Pod +metadata: + name: example-compliant +spec: + containers: + - name: {{ .Values.container.name }} # Compliant + image: nginx + resources: + requests: + ephemeral-storage: {{ .Values.container.storage.request }} diff --git a/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/StorageRequestChart/values.yaml b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/values.yaml similarity index 100% rename from iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/StorageRequestChart/values.yaml rename to iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/helm/values.yaml diff --git a/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/limitRange.yaml b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/limitRange.yaml new file mode 100644 index 0000000000..15756ff4e7 --- /dev/null +++ b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/limitRange.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-range-container + namespace: with-limit-range-container +spec: + limits: + - defaultRequest: + ephemeral-storage: "10Mi" + type: Container +--- +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-range-pod + namespace: with-limit-range-pod +spec: + limits: + - defaultRequest: + ephemeral-storage: "10Mi" + type: Pod +--- +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-range-pvc + namespace: with-limit-range-pvc +spec: + limits: + - defaultRequest: + ephemeral-storage: "10Mi" + type: PersistentVolumeClaim +--- +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-range-cpu + namespace: with-limit-range-cpu +spec: + limits: + - defaultRequest: + cpu: "0.5" + type: Pod diff --git a/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/storage_request_deployment.yaml b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/storage_request_deployment.yaml index 8dc67dd9d4..7868537522 100644 --- a/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/storage_request_deployment.yaml +++ b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/storage_request_deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: ${type} metadata: name: example + namespace: no-limit-request labels: app: web spec: diff --git a/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/storage_request_deployment_no_issue.yaml b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/storage_request_deployment_no_issue.yaml new file mode 100644 index 0000000000..8219e255cb --- /dev/null +++ b/iac-extensions/kubernetes/src/test/resources/checks/StorageRequestCheck/storage_request_deployment_no_issue.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: example + namespace: with-limit-range-container + labels: + app: web +spec: + replicas: 3 + selector: + matchLabels: + app: web + template: + metadata: + labels: + app: web + spec: + containers: + - name: compliant_without_storage_request + resources: + requests: + cpu: 200m + + - name: compliant_without_requests + resources: + limits: + ephemeral-storage: 64Mi + + - name: compliant_without_resources + + - name: compliant_storage_request_tilde + resources: + requests: + ephemeral-storage: "~" + + - name: compliant_storage_request_empty_brackets + resources: + requests: + ephemeral-storage: "[]" + + - resources: + requests: + ephemeral-storage: "null" + name: compliant_storage_request_null + + - name: compliant_storage_request + resources: + requests: + ephemeral-storage: 100Mi From 85d793ce88931463f4bb8937ae9d9abc519efb40 Mon Sep 17 00:00:00 2001 From: Jonas Wielage Date: Fri, 28 Jun 2024 14:49:24 +0200 Subject: [PATCH 2/5] Refactor into a more generalized approach to reduce code duplication --- .../kubernetes/checks/AbstractLimitCheck.java | 21 ++++------------ .../checks/AbstractRequestCheck.java | 21 ++++------------ .../AbstractResourceManagementCheck.java | 24 ++++++++++++------- 3 files changed, 24 insertions(+), 42 deletions(-) diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java index 3861c3f7b9..a5251bb59c 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java @@ -19,11 +19,10 @@ */ package org.sonar.iac.kubernetes.checks; -import java.util.Collection; -import org.sonar.iac.kubernetes.model.LimitRange; +import java.util.Map; import org.sonar.iac.kubernetes.model.LimitRangeItem; -public abstract class AbstractLimitCheck extends AbstractResourceManagementCheck { +public abstract class AbstractLimitCheck extends AbstractResourceManagementCheck { private static final String RESOURCE_MANAGEMENT_TYPE = "limits"; @@ -31,24 +30,12 @@ String getResourceManagementName() { return RESOURCE_MANAGEMENT_TYPE; } - @Override - Class getGlobalResourceType() { - return LimitRange.class; - } - abstract String getResourceName(); abstract String getMessage(); @Override - protected boolean hasLimitDefinedGlobally(Collection globalResources) { - return globalResources.stream() - .flatMap(limitRange -> limitRange.limits().stream()) - .anyMatch(this::hasLimitWithResourceName); - } - - boolean hasLimitWithResourceName(LimitRangeItem limitRangeItem) { - var defaultLimit = limitRangeItem.defaultMap().get(getResourceName()); - return getLimitRangeLimitTypes().contains(limitRangeItem.type()) && startsWithDigit(defaultLimit); + Map retrieveLimitRangeMap(LimitRangeItem limitRangeItem) { + return limitRangeItem.defaultMap(); } } diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java index 782b9fe6e7..91eb87dd68 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java @@ -19,32 +19,19 @@ */ package org.sonar.iac.kubernetes.checks; -import java.util.Collection; -import org.sonar.iac.kubernetes.model.LimitRange; +import java.util.Map; import org.sonar.iac.kubernetes.model.LimitRangeItem; -public abstract class AbstractRequestCheck extends AbstractResourceManagementCheck { +public abstract class AbstractRequestCheck extends AbstractResourceManagementCheck { private static final String RESOURCE_MANAGEMENT_TYPE = "requests"; - @Override - Class getGlobalResourceType() { - return LimitRange.class; - } - String getResourceManagementName() { return RESOURCE_MANAGEMENT_TYPE; } @Override - protected boolean hasLimitDefinedGlobally(Collection globalResources) { - return globalResources.stream() - .flatMap(limitRange -> limitRange.limits().stream()) - .anyMatch(this::hasRequestWithResourceName); - } - - boolean hasRequestWithResourceName(LimitRangeItem limitRangeItem) { - var defaultRequest = limitRangeItem.defaultRequestMap().get(getResourceName()); - return getLimitRangeLimitTypes().contains(limitRangeItem.type()) && startsWithDigit(defaultRequest); + Map retrieveLimitRangeMap(LimitRangeItem limitRangeItem) { + return limitRangeItem.defaultRequestMap(); } } diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java index 241981a37c..c0f65d4982 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java @@ -21,6 +21,7 @@ import java.util.Collection; import java.util.List; +import java.util.Map; import java.util.Optional; import java.util.Set; import java.util.stream.Stream; @@ -29,12 +30,13 @@ import org.sonar.iac.common.yaml.object.BlockObject; import org.sonar.iac.common.yaml.tree.ScalarTree; import org.sonar.iac.common.yaml.tree.TupleTree; -import org.sonar.iac.kubernetes.model.ProjectResource; +import org.sonar.iac.kubernetes.model.LimitRange; +import org.sonar.iac.kubernetes.model.LimitRangeItem; import org.sonar.iac.kubernetes.visitors.KubernetesCheckContext; import static org.sonar.iac.common.yaml.TreePredicates.isSet; -public abstract class AbstractResourceManagementCheck extends AbstractKubernetesObjectCheck { +public abstract class AbstractResourceManagementCheck extends AbstractKubernetesObjectCheck { protected static final String KIND_POD = "Pod"; protected static final List KIND_WITH_TEMPLATE = List.of( "DaemonSet", "Deployment", "Job", "ReplicaSet", "ReplicationController", "StatefulSet", "CronJob"); @@ -80,23 +82,29 @@ static HasTextRange getFirstChildElement(BlockObject blockObject) { return null; } - private Collection getGlobalResources(BlockObject document, String namespace) { + private static Collection getGlobalResources(BlockObject document, String namespace) { var projectContext = ((KubernetesCheckContext) document.ctx).projectContext(); var inputFileContext = ((KubernetesCheckContext) document.ctx).inputFileContext(); - return projectContext.getProjectResources(namespace, inputFileContext, getGlobalResourceType()); + return projectContext.getProjectResources(namespace, inputFileContext, LimitRange.class); } - abstract Class getGlobalResourceType(); + protected boolean hasLimitDefinedGlobally(Collection globalResources) { + return globalResources.stream() + .flatMap(limitRange -> limitRange.limits().stream()) + .anyMatch(this::hasDefinedLimitForResource); + } - // TODO: make abstract once its implemented for all subclasses - protected boolean hasLimitDefinedGlobally(Collection globalResources) { - return false; + protected boolean hasDefinedLimitForResource(LimitRangeItem limitRangeItem) { + var limit = retrieveLimitRangeMap(limitRangeItem).get(getResourceName()); + return getLimitRangeLimitTypes().contains(limitRangeItem.type()) && startsWithDigit(limit); } protected Set getLimitRangeLimitTypes() { return LIMIT_RANGE_LIMIT_TYPES; } + abstract Map retrieveLimitRangeMap(LimitRangeItem limitRangeItem); + abstract String getResourceManagementName(); abstract String getResourceName(); From b67a85abf7e30221612e21ca6226260b1455760d Mon Sep 17 00:00:00 2001 From: Jonas Wielage Date: Fri, 28 Jun 2024 15:26:15 +0200 Subject: [PATCH 3/5] Some refactoring --- .../sonar/iac/common/yaml/TreePredicates.java | 6 ++++- .../AbstractResourceManagementCheck.java | 11 +++++----- .../iac/kubernetes/checks/CpuLimitCheck.java | 18 ++------------- .../kubernetes/checks/CpuRequestCheck.java | 22 ++----------------- .../checks/AbstractLimitCheckTest.java | 2 +- .../AbstractResourceManagementCheckTest.java | 8 ++++--- 6 files changed, 21 insertions(+), 46 deletions(-) diff --git a/iac-common/src/main/java/org/sonar/iac/common/yaml/TreePredicates.java b/iac-common/src/main/java/org/sonar/iac/common/yaml/TreePredicates.java index 09dcf76051..9ea1362135 100644 --- a/iac-common/src/main/java/org/sonar/iac/common/yaml/TreePredicates.java +++ b/iac-common/src/main/java/org/sonar/iac/common/yaml/TreePredicates.java @@ -40,7 +40,11 @@ public static Predicate isEqualTo(String parameter) { } public static Predicate isSet() { - return t -> TextUtils.matchesValue(t, value -> !STRINGS_CONSIDERED_AS_EMPTY.contains(value)).isTrue(); + return t -> TextUtils.matchesValue(t, isSetString()).isTrue(); + } + + public static Predicate isSetString() { + return value -> !STRINGS_CONSIDERED_AS_EMPTY.contains(value); } public static Predicate startsWith(List strings) { diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java index c0f65d4982..c9ae92d2d2 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java @@ -27,6 +27,7 @@ import java.util.stream.Stream; import javax.annotation.Nullable; import org.sonar.iac.common.api.tree.HasTextRange; +import org.sonar.iac.common.yaml.TreePredicates; import org.sonar.iac.common.yaml.object.BlockObject; import org.sonar.iac.common.yaml.tree.ScalarTree; import org.sonar.iac.common.yaml.tree.TupleTree; @@ -34,7 +35,7 @@ import org.sonar.iac.kubernetes.model.LimitRangeItem; import org.sonar.iac.kubernetes.visitors.KubernetesCheckContext; -import static org.sonar.iac.common.yaml.TreePredicates.isSet; +import static org.sonar.iac.common.yaml.TreePredicates.isSetString; public abstract class AbstractResourceManagementCheck extends AbstractKubernetesObjectCheck { protected static final String KIND_POD = "Pod"; @@ -71,7 +72,7 @@ protected void reportMissingLimit(BlockObject container) { container.block("resources").block(getResourceManagementName()) .attribute(getResourceName()) .reportIfAbsent(getFirstChildElement(container), getMessage()) - .reportIfValue(isSet().negate(), getMessage()); + .reportIfValue(TreePredicates.isSet().negate(), getMessage()); } @Nullable @@ -96,7 +97,7 @@ protected boolean hasLimitDefinedGlobally(Collection globalResources protected boolean hasDefinedLimitForResource(LimitRangeItem limitRangeItem) { var limit = retrieveLimitRangeMap(limitRangeItem).get(getResourceName()); - return getLimitRangeLimitTypes().contains(limitRangeItem.type()) && startsWithDigit(limit); + return getLimitRangeLimitTypes().contains(limitRangeItem.type()) && isSet(limit); } protected Set getLimitRangeLimitTypes() { @@ -125,7 +126,7 @@ private static String getNamespace(BlockObject document) { .orElse(""); } - static boolean startsWithDigit(@Nullable String value) { - return value != null && !value.isEmpty() && Character.isDigit(value.charAt(0)); + static boolean isSet(@Nullable String value) { + return value != null && isSetString().test(value); } } diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuLimitCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuLimitCheck.java index f5f35f34fd..c6f5a3b1e8 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuLimitCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuLimitCheck.java @@ -19,34 +19,20 @@ */ package org.sonar.iac.kubernetes.checks; -import java.util.Collection; import org.sonar.check.Rule; -import org.sonar.iac.kubernetes.model.LimitRange; -import org.sonar.iac.kubernetes.model.LimitRangeItem; @Rule(key = "S6869") public class CpuLimitCheck extends AbstractLimitCheck { private static final String MESSAGE = "Specify a CPU limit for this container."; - private static final String KEY = "cpu"; - - @Override - protected boolean hasLimitDefinedGlobally(Collection globalResources) { - return globalResources.stream() - .flatMap(limitRange -> limitRange.limits().stream()) - .anyMatch(this::hasCpuLimit); - } + private static final String RESOURCE_NAME = "cpu"; @Override String getResourceName() { - return KEY; + return RESOURCE_NAME; } @Override String getMessage() { return MESSAGE; } - - private boolean hasCpuLimit(LimitRangeItem limitRangeItem) { - return getLimitRangeLimitTypes().contains(limitRangeItem.type()) && limitRangeItem.defaultMap().containsKey("cpu"); - } } diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuRequestCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuRequestCheck.java index 9cae817247..a3605aede4 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuRequestCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/CpuRequestCheck.java @@ -19,38 +19,20 @@ */ package org.sonar.iac.kubernetes.checks; -import java.util.Collection; -import java.util.Set; import org.sonar.check.Rule; -import org.sonar.iac.kubernetes.model.LimitRange; -import org.sonar.iac.kubernetes.model.LimitRangeItem; @Rule(key = "S6892") public class CpuRequestCheck extends AbstractRequestCheck { private static final String MESSAGE = "Specify a CPU request for this container."; - private static final String KEY = "cpu"; - - private static final Set LIMIT_TYPES = Set.of("Pod", "Container"); - - @Override - protected boolean hasLimitDefinedGlobally(Collection globalResources) { - return globalResources.stream() - .flatMap(limitRange -> limitRange.limits().stream()) - .anyMatch(CpuRequestCheck::hasCpuLimit); - } + private static final String RESOURCE_NAME = "cpu"; @Override String getResourceName() { - return KEY; + return RESOURCE_NAME; } @Override String getMessage() { return MESSAGE; } - - private static boolean hasCpuLimit(LimitRangeItem limitRangeItem) { - var defaultCpuRequest = limitRangeItem.defaultRequestMap().get(KEY); - return LIMIT_TYPES.contains(limitRangeItem.type()) && startsWithDigit(defaultCpuRequest); - } } diff --git a/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheckTest.java b/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheckTest.java index 79d55a7668..552ca04dc5 100644 --- a/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheckTest.java +++ b/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheckTest.java @@ -40,6 +40,6 @@ class AbstractLimitCheckTest { "null, false", }, emptyValue = "_", nullValues = "null") void shouldDetectValidMemorySpecifiers(@Nullable String value, boolean shouldBeValid) { - assertThat(MemoryLimitCheck.startsWithDigit(value)).isEqualTo(shouldBeValid); + assertThat(MemoryLimitCheck.isSet(value)).isEqualTo(shouldBeValid); } } diff --git a/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheckTest.java b/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheckTest.java index 520d388787..2491505964 100644 --- a/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheckTest.java +++ b/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheckTest.java @@ -57,13 +57,15 @@ void testGetFirstChildElement() { 1, true 1Gi, true 200M, true + +200M, true + -200M, true + .5, true 1.5Gi, true ~, false '', false 1.5, true - Gi, false null, false""") - void shouldDetectIfStartsWithDigit(@Nullable String value, boolean shouldBeValid) { - assertThat(AbstractResourceManagementCheck.startsWithDigit(value)).isEqualTo(shouldBeValid); + void shouldDetectIfValueIsSet(@Nullable String value, boolean shouldBeValid) { + assertThat(AbstractResourceManagementCheck.isSet(value)).isEqualTo(shouldBeValid); } } From 6d86fbca9599cf1a77e90b9de501ed4ea2e1e19b Mon Sep 17 00:00:00 2001 From: Jonas Wielage Date: Fri, 28 Jun 2024 15:33:06 +0200 Subject: [PATCH 4/5] Fix testing --- .../checks/AbstractLimitCheckTest.java | 45 ------------------- .../helm/templates/limit_ranges.yaml | 2 +- .../checks/CpuRequestCheck/limit_ranges.yaml | 2 +- 3 files changed, 2 insertions(+), 47 deletions(-) delete mode 100644 iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheckTest.java diff --git a/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheckTest.java b/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheckTest.java deleted file mode 100644 index 552ca04dc5..0000000000 --- a/iac-extensions/kubernetes/src/test/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheckTest.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * SonarQube IaC Plugin - * Copyright (C) 2021-2024 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.iac.kubernetes.checks; - -import javax.annotation.Nullable; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.CsvSource; - -import static org.assertj.core.api.Assertions.assertThat; - -class AbstractLimitCheckTest { - - @ParameterizedTest - @CsvSource(value = { - "1, true", - "1Gi, true", - "200M, true", - "1.5Gi, true", - "~, false", - "_, false", - "1.5, true", - "Gi, false", - "null, false", - }, emptyValue = "_", nullValues = "null") - void shouldDetectValidMemorySpecifiers(@Nullable String value, boolean shouldBeValid) { - assertThat(MemoryLimitCheck.isSet(value)).isEqualTo(shouldBeValid); - } -} diff --git a/iac-extensions/kubernetes/src/test/resources/checks/CpuRequestCheck/helm/templates/limit_ranges.yaml b/iac-extensions/kubernetes/src/test/resources/checks/CpuRequestCheck/helm/templates/limit_ranges.yaml index fffd643267..4b38dd82b7 100644 --- a/iac-extensions/kubernetes/src/test/resources/checks/CpuRequestCheck/helm/templates/limit_ranges.yaml +++ b/iac-extensions/kubernetes/src/test/resources/checks/CpuRequestCheck/helm/templates/limit_ranges.yaml @@ -18,7 +18,7 @@ spec: limits: - type: Container defaultRequest: - cpu: "half" + cpu: ~ --- apiVersion: v1 kind: LimitRange diff --git a/iac-extensions/kubernetes/src/test/resources/checks/CpuRequestCheck/limit_ranges.yaml b/iac-extensions/kubernetes/src/test/resources/checks/CpuRequestCheck/limit_ranges.yaml index fffd643267..4b38dd82b7 100644 --- a/iac-extensions/kubernetes/src/test/resources/checks/CpuRequestCheck/limit_ranges.yaml +++ b/iac-extensions/kubernetes/src/test/resources/checks/CpuRequestCheck/limit_ranges.yaml @@ -18,7 +18,7 @@ spec: limits: - type: Container defaultRequest: - cpu: "half" + cpu: ~ --- apiVersion: v1 kind: LimitRange From 97ccce09e1ddad30767bbcfbc509a6478c477cb3 Mon Sep 17 00:00:00 2001 From: Jonas Wielage Date: Fri, 28 Jun 2024 15:40:40 +0200 Subject: [PATCH 5/5] Review remarks --- .../org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java | 2 +- .../org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java | 2 +- .../kubernetes/checks/AbstractResourceManagementCheck.java | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java index a5251bb59c..a6234205ad 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractLimitCheck.java @@ -35,7 +35,7 @@ String getResourceManagementName() { abstract String getMessage(); @Override - Map retrieveLimitRangeMap(LimitRangeItem limitRangeItem) { + Map retrieveLimitRangeItemMap(LimitRangeItem limitRangeItem) { return limitRangeItem.defaultMap(); } } diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java index 91eb87dd68..9e88e105eb 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractRequestCheck.java @@ -31,7 +31,7 @@ String getResourceManagementName() { } @Override - Map retrieveLimitRangeMap(LimitRangeItem limitRangeItem) { + Map retrieveLimitRangeItemMap(LimitRangeItem limitRangeItem) { return limitRangeItem.defaultRequestMap(); } } diff --git a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java index c9ae92d2d2..0f1a07de8a 100644 --- a/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java +++ b/iac-extensions/kubernetes/src/main/java/org/sonar/iac/kubernetes/checks/AbstractResourceManagementCheck.java @@ -96,7 +96,7 @@ protected boolean hasLimitDefinedGlobally(Collection globalResources } protected boolean hasDefinedLimitForResource(LimitRangeItem limitRangeItem) { - var limit = retrieveLimitRangeMap(limitRangeItem).get(getResourceName()); + var limit = retrieveLimitRangeItemMap(limitRangeItem).get(getResourceName()); return getLimitRangeLimitTypes().contains(limitRangeItem.type()) && isSet(limit); } @@ -104,7 +104,7 @@ protected Set getLimitRangeLimitTypes() { return LIMIT_RANGE_LIMIT_TYPES; } - abstract Map retrieveLimitRangeMap(LimitRangeItem limitRangeItem); + abstract Map retrieveLimitRangeItemMap(LimitRangeItem limitRangeItem); abstract String getResourceManagementName();