Merge pull request #51 from anchore/found-it/backwards-compatible-config

Add backwards compatibility for kai configuration

README.md

@@ -243,7 +243,7 @@ Configure which namespaces kai should search.
   * Example:
 
 ```yaml
-namespaces:
+namespace-selectors:
   include:
   - default
   - kube-system
@@ -256,7 +256,7 @@ namespaces:
   * Example:
 
 ```yaml
-namespaces:
+namespace-selectors:
   exclude:
   - default
   - ^kube-*
@@ -265,7 +265,7 @@ namespaces:
 
 ```yaml
 # Which namespaces to search or exclude.
-namespaces:
+namespace-selectors:
   # Namespaces to include as explicit strings, not regex
   # NOTE: Will search ALL namespaces if left as an empty array
   include: []
@@ -379,6 +379,51 @@ anchore:
     timeout-seconds: 10
 ```
 
+## Configuration Changes (v0.2.2 -> v0.3.0)
+
+There are a few configurations that were changed from v0.2.2 to v0.3.0
+
+#### `kubernetes-request-timeout-seconds`
+
+The request timeout for the kubernetes API was changed from
+
+```yaml
+kubernetes-request-timeout-seconds: 60
+```
+
+to
+
+```yaml
+kubernetes:
+  request-timeout-seconds: 60
+```
+
+KAI will still honor the old configuration. It will prefer the old configuration
+parameter until it is removed from the config entirely. It is safe to remove the
+old configuration in favor of the new config.
+
+#### `namespaces`
+
+The namespace configuration was changed from
+
+```yaml
+namespaces:
+- all
+```
+
+to
+
+```yaml
+namespace-selectors:
+  include: []
+  exclude: []
+```
+
+`namespace-selectors` was added to eventually replace `namespaces` to allow for both
+include and exclude configs. The old `namespaces` array will be honored if
+`namespace-selectors.include` is empty. It is safe to remove `namespaces` entirely
+in favor of `namespace-selectors`
+
 ## Developing
 ### Build
 **Note:** This will drop the binary in the `./snapshot/` directory

internal/config/config.go

@@ -38,22 +38,24 @@ type CliOnlyOptions struct {
 
 // All Application configurations
 type Application struct {
-	ConfigPath             string
-	PresenterOpt           presenter.Option
-	Output                 string  `mapstructure:"output"`
-	Quiet                  bool    `mapstructure:"quiet"`
-	Log                    Logging `mapstructure:"log"`
-	CliOptions             CliOnlyOptions
-	Dev                    Development    `mapstructure:"dev"`
-	KubeConfig             KubeConf       `mapstructure:"kubeconfig"`
-	Kubernetes             KubernetesAPI  `mapstructure:"kubernetes"`
-	Namespaces             NamespacesConf `mapstructure:"namespaces"`
-	MissingTagPolicy       MissingTagConf `mapstructure:"missing-tag-policy"`
-	RunMode                mode.Mode
-	Mode                   string      `mapstructure:"mode"`
-	IgnoreNotRunning       bool        `mapstructure:"ignore-not-running"`
-	PollingIntervalSeconds int         `mapstructure:"polling-interval-seconds"`
-	AnchoreDetails         AnchoreInfo `mapstructure:"anchore"`
+	ConfigPath                      string
+	PresenterOpt                    presenter.Option
+	Output                          string  `mapstructure:"output"`
+	Quiet                           bool    `mapstructure:"quiet"`
+	Log                             Logging `mapstructure:"log"`
+	CliOptions                      CliOnlyOptions
+	Dev                             Development       `mapstructure:"dev"`
+	KubeConfig                      KubeConf          `mapstructure:"kubeconfig"`
+	Kubernetes                      KubernetesAPI     `mapstructure:"kubernetes"`
+	Namespaces                      []string          `mapstructure:"namespaces"`
+	KubernetesRequestTimeoutSeconds int64             `mapstructure:"kubernetes-request-timeout-seconds"`
+	NamespaceSelectors              NamespaceSelector `mapstructure:"namespace-selectors"`
+	MissingTagPolicy                MissingTagConf    `mapstructure:"missing-tag-policy"`
+	RunMode                         mode.Mode
+	Mode                            string      `mapstructure:"mode"`
+	IgnoreNotRunning                bool        `mapstructure:"ignore-not-running"`
+	PollingIntervalSeconds          int         `mapstructure:"polling-interval-seconds"`
+	AnchoreDetails                  AnchoreInfo `mapstructure:"anchore"`
 }
 
 // MissingTagConf details the policy for handling missing tags when reporting images
@@ -62,8 +64,8 @@ type MissingTagConf struct {
 	Tag    string `mapstructure:"tag,omitempty"`
 }
 
-// NamespacesConf details the inclusion/exclusion rules for namespaces
-type NamespacesConf struct {
+// NamespaceSelector details the inclusion/exclusion rules for namespaces
+type NamespaceSelector struct {
 	Include []string `mapstructure:"include"`
 	Exclude []string `mapstructure:"exclude"`
 }
@@ -119,12 +121,16 @@ func setNonCliDefaultValues(v *viper.Viper) {
 	v.SetDefault("kubeconfig.anchore.account", "admin")
 	v.SetDefault("anchore.http.insecure", false)
 	v.SetDefault("anchore.http.timeout-seconds", 10)
+	v.SetDefault("kubernetes-request-timeout-seconds", -1)
 	v.SetDefault("kubernetes.request-timeout-seconds", 60)
 	v.SetDefault("kubernetes.request-batch-size", 100)
 	v.SetDefault("kubernetes.worker-pool-size", 100)
 	v.SetDefault("ignore-not-running", true)
 	v.SetDefault("missing-tag-policy.policy", "digest")
 	v.SetDefault("missing-tag-policy.tag", "UNKNOWN")
+	v.SetDefault("namespaces", []string{})
+	v.SetDefault("namespace-selectors.include", []string{})
+	v.SetDefault("namespace-selectors.exclude", []string{})
 }
 
 // Load the Application Configuration from the Viper specifications
@@ -214,9 +220,32 @@ func (cfg *Application) Build() error {
 		return fmt.Errorf("missing-tag-policy.policy must be one of %v", policies)
 	}
 
+	cfg.handleBackwardsCompatibility()
+
 	return nil
 }
 
+func (cfg *Application) handleBackwardsCompatibility() {
+	// BACKWARDS COMPATIBILITY - Translate namespaces into the new selector config
+	// Only trigger if there is nothing in the include selector.
+	if len(cfg.NamespaceSelectors.Include) == 0 && len(cfg.Namespaces) > 0 {
+		for _, ns := range cfg.Namespaces {
+			if ns == "all" {
+				// set the include namespaces to an empty array if namespaces indicates collect "all"
+				cfg.NamespaceSelectors.Include = []string{}
+				break
+			}
+			// otherwise add the namespaces list to the include namespaces
+			cfg.NamespaceSelectors.Include = append(cfg.NamespaceSelectors.Include, ns)
+		}
+	}
+
+	// defer to the old config parameter if it is still present
+	if cfg.KubernetesRequestTimeoutSeconds > 0 {
+		cfg.Kubernetes.RequestTimeoutSeconds = cfg.KubernetesRequestTimeoutSeconds
+	}
+}
+
 func readConfig(v *viper.Viper, configPath string) error {
 	v.AutomaticEnv()
 	v.SetEnvPrefix(internal.ApplicationName)

internal/config/test-fixtures/snapshot/TestDefaultConfigString.golden

@@ -27,7 +27,9 @@ kubernetes:
   requesttimeoutseconds: 60
   requestbatchsize: 100
   workerpoolsize: 100
-namespaces:
+namespaces: []
+kubernetesrequesttimeoutseconds: -1
+namespaceselectors:
   include: []
   exclude: []
 missingtagpolicy:

internal/config/test-fixtures/snapshot/TestEmptyConfigString.golden

@@ -27,7 +27,9 @@ kubernetes:
   requesttimeoutseconds: 0
   requestbatchsize: 0
   workerpoolsize: 0
-namespaces:
+namespaces: []
+kubernetesrequesttimeoutseconds: 0
+namespaceselectors:
   include: []
   exclude: []
 missingtagpolicy:

internal/config/test-fixtures/snapshot/TestSensitiveConfigString.golden

@@ -27,7 +27,9 @@ kubernetes:
   requesttimeoutseconds: 60
   requestbatchsize: 100
   workerpoolsize: 100
-namespaces:
+namespaces: []
+kubernetesrequesttimeoutseconds: -1
+namespaceselectors:
   include: []
   exclude: []
 missingtagpolicy:

kai.yaml

@@ -29,7 +29,7 @@ kubeconfig:
     token:
 
 # Which namespaces to search or exclude.
-namespaces:
+namespace-selectors:
   # Namespaces to include as explicit strings, not regex
   # NOTE: Will search ALL namespaces if left as an empty array
   include: []

kai/lib.go

@@ -223,11 +223,11 @@ func excludeNamespace(checks []excludeCheck, namespace string) bool {
 func fetchNamespaces(kubeconfig *rest.Config, cfg *config.Application) ([]string, error) {
 	namespaces := make([]string, 0)
 
-	exclusionChecklist := buildExclusionChecklist(cfg.Namespaces.Exclude)
+	exclusionChecklist := buildExclusionChecklist(cfg.NamespaceSelectors.Exclude)
 
 	// Return list of namespaces if there are any present
-	if len(cfg.Namespaces.Include) > 0 {
-		for _, ns := range cfg.Namespaces.Include {
+	if len(cfg.NamespaceSelectors.Include) > 0 {
+		for _, ns := range cfg.NamespaceSelectors.Include {
 			if !excludeNamespace(exclusionChecklist, ns) {
 				namespaces = append(namespaces, ns)
 			}