in cmd/validate.go [52:111]
func (vc *validateCmd) run(c *cobra.Command) error {
if vc.manifestPath == "" {
return fmt.Errorf("path to the manifests cannot be empty")
}
// AddSafeguardCRIP just adds Container Restricted Image Pulls to the list of safeguards the client will review
// against the given manifest
if vc.imagePullSecret {
safeguards.AddSafeguardCRIP()
}
var opt chartutil.ReleaseOptions
if vc.releaseName != "" {
opt.Name = vc.releaseName
}
if vc.releaseNamespace != "" {
opt.Namespace = vc.releaseNamespace
}
ctx := context.Background()
var manifestFiles []types.ManifestFile
manifestFiles, err := safeguards.GetManifestFiles(vc.manifestPath, opt)
if err != nil {
return fmt.Errorf("error retrieving manifest files: %w", err)
}
log.Debugf("validating manifests")
manifestViolations, err := safeguards.GetManifestResults(ctx, manifestFiles)
if err != nil {
log.Errorf("validating safeguards: %s", err.Error())
return err
}
anyViolationsFound := false
for _, v := range manifestViolations {
log.Printf("Analyzing %s for violations", v.Name)
manifestHasViolations := false
// returning the full list of violations after each manifest is checked
for file, violations := range v.ObjectViolations {
log.Printf(" %s:", file)
for _, violation := range violations {
log.Printf(" ❌ %s", violation)
anyViolationsFound = true
manifestHasViolations = true
}
}
if !manifestHasViolations {
log.Printf(" ✅ no violations found.")
}
}
if anyViolationsFound {
c.SilenceUsage = true // suppress default Cobra behaviour of printing usage on all errors
return fmt.Errorf("violations found")
} else {
log.Printf("✅ No violations found in \"%s\".", vc.manifestPath)
}
return nil
}