WIP: Automated addon security scanning #13614
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sharifelgamal The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
| err = json.Unmarshal(out, &outmap) | ||
| if err != nil { | ||
| klog.Errorf("error unmarshalling json for %s: %v", image, err) | ||
| } |
There was a problem hiding this comment.
Should we expect to return here, on error?
Or, is it safe to continue?
There was a problem hiding this comment.
if err is not nil, then outmap will be empty and the following if will get skipped, making it safe to continue. we could otherwise add a continue statement after logging the error which is effectively the same thing
| }, | ||
| } | ||
|
|
||
| var ( |
There was a problem hiding this comment.
Consider inlining single entries.
| Status util.AddonStatus | ||
| } | ||
|
|
||
| // TODO: make this easier for the string extractor to parse |
There was a problem hiding this comment.
For Go doc, the comment should begin like:
// Error ...
| @@ -117,6 +148,42 @@ func SetAndSave(profile string, name string, value string) error { | |||
| return config.Write(profile, cc) | |||
| } | |||
|
|
|||
| func securityCheck(addonName string, value string) error { | |||
There was a problem hiding this comment.
Repeated param types can be omitted.
...(addonName, value string)...
| } | ||
|
|
||
| // Allow users to pass in custom images | ||
| // This check is totally broken, uncomment when fixed. |
There was a problem hiding this comment.
Is there an issue we can attach to this?
| Status util.AddonStatus | ||
| } | ||
|
|
||
| // TODO: make this easier for the string extractor to parse |
There was a problem hiding this comment.
Is there an issue we can attach to this?
| if err != nil { | ||
| return statuses, err | ||
| } | ||
|
|
| if err != nil { | ||
| return addonMap, err | ||
| } | ||
|
|
| // download is a well-configured atomic download function | ||
| func download(src string, dst string) error { | ||
| func download(src string, dst string, progressBar bool) error { |
There was a problem hiding this comment.
Remove repeated param type.
k8s-ci-robot
added
the
needs-rebase
k8s-ci-robot
removed
the
needs-rebase
k8s-ci-robot
added
the
needs-rebase
|
@sharifelgamal: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
No description provided.