Improve output for unknown kinds (#94)

* Adding bookinfo test
* Avoid matching ServiceAccount to Service
* provide file context to "skipping object" message
* "go test" to test all packages
* No automatic releases (needs too much permissions)
* Update workflow and job names

Signed-off-by: Ziv Nevo <[email protected]>

Author: zivnevo

.github/workflows/go-build.yml

@@ -27,7 +27,4 @@ jobs:
       run: go build --tags static_all -v -o ./bin/net-top ./cmd/nettop
 
     - name: Test
-      run: |
-        go test -v ./pkg/controller
-        go test -v ./cmd/nettop/
-
+      run: go test -v ./...

.github/workflows/make-release.yaml

@@ -1,4 +1,4 @@
-name: Create docker release and github release
+name: Create docker release and publish to pkg.go.dev
 
 on:
   push:
@@ -10,7 +10,7 @@ permissions:
 
 jobs:
   push_to_registry:
-    name: Publish a new Docker image and create a GitHub release
+    name: Publish a new Docker image and publish a new version in pkg.go.dev
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -32,18 +32,6 @@ jobs:
           push: true
           tags: ghcr.io/np-guard/net-top-analyzer:${{ github.ref_name }}
 
-      - name: Create a github release
-        uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ github.ref_name }}
-          release_name: Release ${{ github.ref_name }}
-          body: |
-            Changes in this Release:
-          draft: false
-          prerelease: false
-
       - name: Set up Go
         uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f
         with:

cmd/nettop/main_test.go

@@ -79,6 +79,9 @@ func TestNetpolsJsonOutput(t *testing.T) {
 	tests["guestbook"] = TestDetails{dirPath: filepath.Join(testsDir, "k8s_guestbook"),
 		outFile:        filepath.Join(testsDir, "k8s_guestbook", "output.json"),
 		expectedOutput: filepath.Join(testsDir, "k8s_guestbook", "expected_netpol_output.json")}
+	tests["bookinfo"] = TestDetails{dirPath: filepath.Join(testsDir, "bookinfo"),
+		outFile:        filepath.Join(testsDir, "bookinfo", "output.json"),
+		expectedOutput: filepath.Join(testsDir, "bookinfo", "expected_netpol_output.json")}
 
 	for testName, testDetails := range tests {
 		args := getTestArgs(testDetails.dirPath, testDetails.outFile, true, false, true)

pkg/controller/utils.go

@@ -27,7 +27,7 @@ const (
 )
 
 var (
-	acceptedK8sTypesRegex = fmt.Sprintf("(%s|%s|%s|%s|%s|%s|%s|%s|%s|%s)",
+	acceptedK8sTypesRegex = fmt.Sprintf("(^%s$|^%s$|^%s$|^%s$|^%s$|^%s$|^%s$|^%s$|^%s$|^%s$)",
 		pod, replicaSet, replicationController, deployment, daemonset, statefulset, job, cronJob, service, configmap)
 	acceptedK8sTypes = regexp.MustCompile(acceptedK8sTypesRegex)
 	yamlSuffix       = regexp.MustCompile(".ya?ml$")
@@ -138,7 +138,7 @@ func parseK8sYaml(mfp string, stopOn1stErr bool) ([]deployObject, []FileProcessi
 			continue
 		}
 		if !acceptedK8sTypes.MatchString(groupVersionKind.Kind) {
-			activeLogger.Infof("Skipping object with type: %s", groupVersionKind.Kind)
+			activeLogger.Infof("in file: %s, document: %d, skipping object with type: %s", mfp, docID, groupVersionKind.Kind)
 		} else {
 			d := deployObject{}
 			d.GroupKind = groupVersionKind.Kind

tests/bookinfo/bookinfo-certificate.yaml

@@ -0,0 +1,37 @@
+---
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+  namespace: istio-system
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: [email protected]
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    http01: {}
+---
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: istio-ingressgateway-certs
+  namespace: istio-system
+spec:
+  secretName: istio-ingressgateway-certs
+  issuerRef:
+    name: letsencrypt-staging
+    kind: ClusterIssuer
+  commonName: bookinfo.example.com
+  dnsNames:
+  - bookinfo.example.com
+  acme:
+    config:
+    - http01:
+        ingressClass: none
+      domains:
+      - bookinfo.example.com

tests/bookinfo/bookinfo-db.yaml

@@ -0,0 +1,60 @@
+# Copyright Istio Authors
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongodb
+  labels:
+    app: mongodb
+    service: mongodb
+spec:
+  ports:
+  - port: 27017
+    name: mongo
+  selector:
+    app: mongodb
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mongodb-v1
+  labels:
+    app: mongodb
+    version: v1
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mongodb
+      version: v1
+  template:
+    metadata:
+      labels:
+        app: mongodb
+        version: v1
+    spec:
+      containers:
+      - name: mongodb 
+        image: docker.io/istio/examples-bookinfo-mongodb:1.16.4
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 27017
+        volumeMounts:
+        - name: data-db
+          mountPath: /data/db
+      volumes:
+      - name: data-db
+        emptyDir: {}
+---

tests/bookinfo/bookinfo-details-v2.yaml

@@ -0,0 +1,48 @@
+# Copyright Istio Authors
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+##################################################################################################
+# Details service v2
+##################################################################################################
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: details-v2
+  labels:
+    app: details
+    version: v2
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: details
+      version: v2
+  template:
+    metadata:
+      labels:
+        app: details
+        version: v2
+    spec:
+      containers:
+      - name: details
+        image: docker.io/istio/examples-bookinfo-details-v2:1.16.4
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 9080
+        env:
+        - name: DO_NOT_ENCRYPT
+          value: "true"
+        securityContext:
+          runAsUser: 1000
+---

tests/bookinfo/bookinfo-details.yaml

@@ -0,0 +1,59 @@
+# Copyright Istio Authors
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+##################################################################################################
+# Details service
+##################################################################################################
+apiVersion: v1
+kind: Service
+metadata:
+  name: details
+  labels:
+    app: details
+    service: details
+spec:
+  ports:
+  - port: 9080
+    name: http
+  selector:
+    app: details
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: details-v1
+  labels:
+    app: details
+    version: v1
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: details
+      version: v1
+  template:
+    metadata:
+      labels:
+        app: details
+        version: v1
+    spec:
+      containers:
+      - name: details
+        image: docker.io/istio/examples-bookinfo-details-v1:1.16.4
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 9080
+        securityContext:
+          runAsUser: 1000
+---

tests/bookinfo/bookinfo-ingress.yaml

@@ -0,0 +1,63 @@
+# Copyright Istio Authors
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+###########################################################################
+# Ingress resource (gateway)
+##########################################################################
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gateway
+  annotations:
+    kubernetes.io/ingress.class: "istio"
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /productpage
+        pathType: Exact
+        backend:
+          service:
+            name: productpage
+            port:
+              number: 9080
+      - path: /static/
+        pathType: Prefix
+        backend:
+          service:
+            name: productpage
+            port:
+              number: 9080
+      - path: /login
+        pathType: Exact
+        backend:
+          service:
+            name: productpage
+            port:
+              number: 9080
+      - path: /logout
+        pathType: Exact
+        backend:
+          service:
+            name: productpage
+            port:
+              number: 9080
+      - path: /api/v1/products
+        pathType: Prefix
+        backend:
+          service:
+            name: productpage
+            port:
+              number: 9080
+---