def podhandler_pod_disruption_budget(yml: object):
"""require a podhandler for every deployment/statefulset."""
matches = json_path('spec.template.metadata.labels').find(yml)
must_validators = []
for match in matches:
must_validators.append(pdb_for(object_ident(yml), match.value))
return ([], must_validators)
def named_velero_for(yml: object):
"""
Validates that a backup or a backup-exclude is defined for each volume.
annotations:
backup.velero.io/backup-volumes: data,backup
backup.velero.io/backup-volumes-excludes: cache
note: all defined volumes must specify a backup
"""
ident = object_ident(yml)
backup_matches = json_path(
'spec.template.metadata.annotations.'
'"backup.velero.io/backup-volumes"').find(yml)
skip_matches = json_path(
'spec.template.metadata.annotations.'
'"backup.velero.io/backup-volumes-excludes"').find(yml)
if not backup_matches:
raise LintError(f"unable to find velero annotation on {ident}")
backupped_volumes = backup_matches[0].value.split(',')
skipped_volumes = []
if skip_matches:
skipped_volumes = skip_matches[0].value.split(',')
if name in skipped_volumes:
click.secho(f"* backup for volume {name} skipped in {ident}",
fg='yellow')
elif name in backupped_volumes:
click.secho(f"* backup for volume {name} found in {ident}",
fg='green')
else:
raise LintError(f"no backup or skip for {name} found in {ident}")
def named_pdb_for(yml: object):
"""
Validates that a matching PodDisruptionBudget for the deployments
labels exists.
# example:
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: myservice-pdb
labels:
app: myservice
{{- include "helm.labels" . | nindent 4 }}
spec:
maxUnavailable: 1
selector:
matchLabels:
app: myservice
Replace all myservice with service name / other labels.
"""
ident = object_ident(yml)
matches = json_path('spec.selector.matchLabels').find(yml)
if not matches:
raise LintError(f"* no label matching {name} for {ident}")
got_labels = matches[0].value
for key, value in got_labels.items():
if key not in labels.keys() or labels[key] != value:
message = (
f"pdb {ident} is missing label combination for {name}"
f"{key}={value}")
raise LintError(message)
click.secho(f"* found pdb {ident} for {name}", fg='green')
def named_route_for(yml: object):
"""
require the existance of a route with matching parameters
"""
ident = object_ident(yml)
for jp, value in json_path_to_value.items():
matches = json_path(jp).find(yml)
if not all(m.value == value for m in matches):
raise LintError(f"{jp}={value} not found")
click.secho(
f'* possible matching {ident} for "{name}" '
f'found({jp}={value})',
fg='green')
def podhandler_git_sha(yml: object):
"""
This resource requires a git-sha annotation to prevent issues on rolling
updates with old configmap and secret versions. This annotation must be
set on "spec.template.metadata.annotations".
annotations:
thobits.com/git-sha: 000000
"""
ident = object_ident(yml)
matches_bad = json_path(
'metadata.annotations."thobits.com/git-sha"'
).find(yml)
matches_good = json_path(
'spec.template.metadata.annotations."thobits.com/git-sha"'
).find(yml)
if matches_bad:
raise LintError(f'move git-sha annotation to '
f'spec.template.metadata.annotations for {ident}')
if not matches_good:
raise LintError(f'git-sha missing on {ident}')