From cb468e5f68ba7af7b9d002036a1d12bab5d2e159 Mon Sep 17 00:00:00 2001 From: Jeff Huang Date: Sun, 13 Oct 2024 16:12:00 -0700 Subject: [PATCH] resolve golint issue --- controller/access/access_test.go | 18 +- controller/api/log_apis.go | 26 +- controller/atmo/atmo.go | 2 +- controller/atmo/atmo_test.go | 170 ++++++------- controller/common/output.go | 2 +- controller/controller.go | 4 +- controller/grpc.go | 6 +- .../nvvalidatewebhookcfg.go | 2 +- controller/resource/kubernetes_auth.go | 2 +- controller/resource/kubernetes_resource.go | 38 +-- controller/resource/kubernetes_test.go | 10 +- controller/resource/noop.go | 22 +- controller/rest/admission.go | 8 +- controller/rest/admwebhook.go | 42 ++-- controller/rest/auth.go | 10 +- controller/rest/crdsecurityrule.go | 6 +- controller/rest/csp_billing_adapter.go | 8 +- controller/rest/device.go | 2 +- controller/rest/federation.go | 9 +- controller/rest/group.go | 22 +- controller/rest/ibmsa.go | 8 +- controller/rest/license.go | 53 ++-- controller/rest/mock_test.go | 36 +-- controller/rest/policy.go | 16 +- controller/rest/pwd_profile.go | 234 +++++++++--------- controller/rest/registry.go | 26 +- controller/rest/registry_kits.go | 12 +- controller/rest/rest.go | 12 +- controller/rest/server.go | 6 +- controller/rest/vulasset_perf.go | 27 +- controller/rest/workload.go | 2 +- controller/ruleid/rule_uuid.go | 5 +- controller/ruleid/rule_uuid_test.go | 45 ++-- controller/scan/jfrog.go | 10 +- controller/scan/registry.go | 10 +- controller/scan/registry_test.go | 26 +- controller/scheduler/sch_test.go | 202 ++++++++------- 37 files changed, 561 insertions(+), 578 deletions(-) diff --git a/controller/access/access_test.go b/controller/access/access_test.go index 706c7c749..b65ba7b1c 100644 --- a/controller/access/access_test.go +++ b/controller/access/access_test.go @@ -620,17 +620,17 @@ func TestDualAccess(t *testing.T) { // -- -type readObject struct { - members []string -} +// type readObject struct { +// members []string +// } -func newReadObject(members []string) *readObject { - return &readObject{members: members} -} +// func newReadObject(members []string) *readObject { +// return &readObject{members: members} +// } -func (o *readObject) GetDomain(f share.GetAccessObjectFunc) ([]string, []string) { - return o.members, nil -} +// func (o *readObject) GetDomain(f share.GetAccessObjectFunc) ([]string, []string) { +// return o.members, nil +// } // -- diff --git a/controller/api/log_apis.go b/controller/api/log_apis.go index 0f3bfb579..2477f33e4 100644 --- a/controller/api/log_apis.go +++ b/controller/api/log_apis.go @@ -199,19 +199,19 @@ const ( EventNameAwsLambdaScan = "AwsLambda.Scan" ) -var incidentNameList []string = []string{ - EventNameHostPrivilEscalate, - EventNameContainerPrivilEscalate, - EventNameHostSuspiciousProcess, - EventNameContainerSuspiciousProcess, - EventNameHostFileAccessViolation, - EventNameContainerFileAccessViolation, - EventNameHostPackageUpdated, - EventNameContainerPackageUpdated, - EventNameHostTunnelDetected, - EventNameProcessProfileViolation, - EventNameHostProcessProfileViolation, -} +// var incidentNameList []string = []string{ +// EventNameHostPrivilEscalate, +// EventNameContainerPrivilEscalate, +// EventNameHostSuspiciousProcess, +// EventNameContainerSuspiciousProcess, +// EventNameHostFileAccessViolation, +// EventNameContainerFileAccessViolation, +// EventNameHostPackageUpdated, +// EventNameContainerPackageUpdated, +// EventNameHostTunnelDetected, +// EventNameProcessProfileViolation, +// EventNameHostProcessProfileViolation, +// } const ( EventCatREST = "RESTFUL" diff --git a/controller/atmo/atmo.go b/controller/atmo/atmo.go index 5ed8bbbb4..045740a31 100644 --- a/controller/atmo/atmo.go +++ b/controller/atmo/atmo.go @@ -61,7 +61,7 @@ type automode_ctx struct { m2p_life int // callbacks - probefn probeFunc + // probefn probeFunc // test functions testfn testFunc diff --git a/controller/atmo/atmo_test.go b/controller/atmo/atmo_test.go index 4a80c46f3..f303164a5 100644 --- a/controller/atmo/atmo_test.go +++ b/controller/atmo/atmo_test.go @@ -1,101 +1,91 @@ package atmo -import ( - "fmt" - "os" - "testing" - "time" +// Temporarily commented out since this test function is not currently in use. - log "github.com/sirupsen/logrus" +// func my_test_func(mover int, group string, probeDuration time.Duration) (bool, error) { +// // log.WithFields(log.Fields{"group": group, "mover": mover}).Debug("ATMO:") +// switch mover { +// case Discover2Monitor: +// return true, nil +// case Monitor2Protect: +// return true, nil +// } +// return false, common.ErrUnsupported +// } - "github.com/neuvector/neuvector/controller/common" - "github.com/neuvector/neuvector/share/utils" -) +// func my_decision_func(mover int, group string, err error) error { +// log.WithFields(log.Fields{"group": group, "mover": mover, "error": err}).Debug("ATMO:") +// if err != nil { +// log.WithFields(log.Fields{"mover": mover, "error": err}).Debug("ATMO: member left") +// return nil +// } -func my_test_func(mover int, group string, probeDuration time.Duration) (bool, error) { - // log.WithFields(log.Fields{"group": group, "mover": mover}).Debug("ATMO:") - switch mover { - case Discover2Monitor: - return true, nil - case Monitor2Protect: - return true, nil - } - return false, common.ErrUnsupported -} +// switch mover { +// case Discover2Monitor: +// return nil +// case Monitor2Protect: +// return nil +// } +// return common.ErrUnsupported +// } -func my_decision_func(mover int, group string, err error) error { - log.WithFields(log.Fields{"group": group, "mover": mover, "error": err}).Debug("ATMO:") - if err != nil { - log.WithFields(log.Fields{"mover": mover, "error": err}).Debug("ATMO: member left") - return nil - } +// func my_completed(mover int, group string, err error) bool { +// log.WithFields(log.Fields{"group": group, "mover": mover, "error": err}).Debug("ATMO:") +// switch mover { +// case Discover2Monitor: +// return true // promote Discover to Monitor +// case Monitor2Protect: +// return true // promote Monitor to Protect +// } +// return false +// } - switch mover { - case Discover2Monitor: - return nil - case Monitor2Protect: - return nil - } - return common.ErrUnsupported -} +// func initEnv() *automode_ctx { +// log.SetOutput(os.Stdout) +// log.SetLevel(log.DebugLevel) // change it later: log.InfoLevel +// log.SetFormatter(&utils.LogFormatter{Module: "ATMO"}) +// timerWheel := utils.NewTimerWheel() +// timerWheel.Start() +// ctx := Init(timerWheel, my_test_func, my_decision_func) +// // testing purpose +// ctx.ConfigProbeTime(Discover2Monitor, time.Second*5) +// ctx.ConfigProbeTime(Monitor2Protect, time.Second*5) +// return ctx +// } -func my_completed(mover int, group string, err error) bool { - log.WithFields(log.Fields{"group": group, "mover": mover, "error": err}).Debug("ATMO:") - switch mover { - case Discover2Monitor: - return true // promote Discover to Monitor - case Monitor2Protect: - return true // promote Monitor to Protect - } - return false -} +// func testAddGroups(t *testing.T) { +// ctx := initEnv() +// ctx.ConfigureCompleteDuration(Discover2Monitor, time.Second*30) +// ctx.ConfigureCompleteDuration(Monitor2Protect, time.Second*60) -func initEnv() *automode_ctx { - log.SetOutput(os.Stdout) - log.SetLevel(log.DebugLevel) // change it later: log.InfoLevel - log.SetFormatter(&utils.LogFormatter{Module: "ATMO"}) - timerWheel := utils.NewTimerWheel() - timerWheel.Start() - ctx := Init(timerWheel, my_test_func, my_decision_func) - // testing purpose - ctx.ConfigProbeTime(Discover2Monitor, time.Second*5) - ctx.ConfigProbeTime(Monitor2Protect, time.Second*5) - return ctx -} +// for i := 0; i < 2; i++ { +// name := fmt.Sprintf("m2d%d", i) +// if ok := ctx.AddGroup(Monitor2Protect, name, ProfileMode); !ok { +// t.Errorf("Error: failed to add %s\n", name) +// break +// } +// time.Sleep(time.Second * 10) +// } -func testAddGroups(t *testing.T) { - ctx := initEnv() - ctx.ConfigureCompleteDuration(Discover2Monitor, time.Second*30) - ctx.ConfigureCompleteDuration(Monitor2Protect, time.Second*60) +// for i := 0; i < 5; i++ { +// name := fmt.Sprintf("d2m%d", i) +// if ok := ctx.AddGroup(Discover2Monitor, name, ProfileMode); !ok { +// t.Errorf("Error: failed to add %s\n", name) +// break +// } +// time.Sleep(time.Second * 10) +// } - for i := 0; i < 2; i++ { - name := fmt.Sprintf("m2d%d", i) - if ok := ctx.AddGroup(Monitor2Protect, name, ProfileMode); !ok { - t.Errorf("Error: failed to add %s\n", name) - break - } - time.Sleep(time.Second * 10) - } - - for i := 0; i < 5; i++ { - name := fmt.Sprintf("d2m%d", i) - if ok := ctx.AddGroup(Discover2Monitor, name, ProfileMode); !ok { - t.Errorf("Error: failed to add %s\n", name) - break - } - time.Sleep(time.Second * 10) - } - - cnt := 12 - for { - time.Sleep(time.Second * 10) - if ctx.Counts(Discover2Monitor) == 0 && ctx.Counts(Monitor2Protect) == 0 { - break - } - cnt-- - if cnt == 0 { - t.Errorf("Error: failed to stop\n") - break - } - } -} +// cnt := 12 +// for { +// time.Sleep(time.Second * 10) +// if ctx.Counts(Discover2Monitor) == 0 && ctx.Counts(Monitor2Protect) == 0 { +// break +// } +// cnt-- +// if cnt == 0 { +// t.Errorf("Error: failed to stop\n") +// break +// } +// } +// } diff --git a/controller/common/output.go b/controller/common/output.go index cb63bb2a9..1b6a53754 100644 --- a/controller/common/output.go +++ b/controller/common/output.go @@ -225,7 +225,7 @@ func (s *Syslogger) makeDial(prio syslog.Priority, timeout time.Duration) (*sysl // -- -const webhookInfo = "Neuvector webhook is configured." +// const webhookInfo = "Neuvector webhook is configured." const requestTimeout = time.Duration(5 * time.Second) const ctypeText = "text/plain; charset=us-ascii" const ctypeJSON = "application/json" diff --git a/controller/controller.go b/controller/controller.go index d4d37570a..a4aa0236c 100644 --- a/controller/controller.go +++ b/controller/controller.go @@ -48,8 +48,8 @@ var Host share.CLUSHost = share.CLUSHost{ var Ctrler, parentCtrler share.CLUSController type ctrlEnvInfo struct { - startsAt time.Time - procDir string + startsAt time.Time + // procDir string cgroupMemory string cgroupCPUAcct string runInContainer bool diff --git a/controller/grpc.go b/controller/grpc.go index be91f4063..e11c6a645 100644 --- a/controller/grpc.go +++ b/controller/grpc.go @@ -33,7 +33,7 @@ import ( "github.com/neuvector/neuvector/share/utils" ) -const scanImageDataTimeout = time.Second * 45 +// const scanImageDataTimeout = time.Second * 45 const repoScanTimeout = time.Minute * 20 type ScanService struct { @@ -398,8 +398,8 @@ func (s *CapService) IsGRPCCompressed(ctx context.Context, v *share.RPCVoid) (*s type UpgradeService struct { } -const tmpDir string = "/tmp/" -const dstDir string = "/etc/neuvector/db/" +// const tmpDir string = "/tmp/" +// const dstDir string = "/etc/neuvector/db/" func (s *UpgradeService) SupportUpgradeDB(context.Context, *share.RPCVoid) (*share.CLUSBoolean, error) { return &share.CLUSBoolean{Value: false}, nil diff --git a/controller/nvk8sapi/nvvalidatewebhookcfg/nvvalidatewebhookcfg.go b/controller/nvk8sapi/nvvalidatewebhookcfg/nvvalidatewebhookcfg.go index a0350b0f4..b5df46c3e 100644 --- a/controller/nvk8sapi/nvvalidatewebhookcfg/nvvalidatewebhookcfg.go +++ b/controller/nvk8sapi/nvvalidatewebhookcfg/nvvalidatewebhookcfg.go @@ -99,7 +99,7 @@ var allowedNamespaces utils.Set // all effectively allowed namespaces that d var allowedNamespacesWild utils.Set // all effectively allowed namespaces that contain wildcard character var nsSelectorValue string -var allSetOps = []string{share.CriteriaOpContainsAll, share.CriteriaOpContainsAny, share.CriteriaOpNotContainsAny, share.CriteriaOpContainsOtherThan} +// var allSetOps = []string{share.CriteriaOpContainsAll, share.CriteriaOpContainsAny, share.CriteriaOpNotContainsAny, share.CriteriaOpContainsOtherThan} func InitK8sNsSelectorInfo(allowedNS, allowedNsWild, defAllowedNS utils.Set, selectorValue string, admCtrlEnabled bool) { nsSelectorValue = selectorValue diff --git a/controller/resource/kubernetes_auth.go b/controller/resource/kubernetes_auth.go index 5c452052c..d32e7559d 100644 --- a/controller/resource/kubernetes_auth.go +++ b/controller/resource/kubernetes_auth.go @@ -16,7 +16,7 @@ import ( ) const ( - openshiftServer = "openshift" + // openshiftServer = "openshift" openshiftOAuthDiscoverURL = "%s/.well-known/oauth-authorization-server" openshiftOAuthDefaultURL = "%s/oauth/authorize" diff --git a/controller/resource/kubernetes_resource.go b/controller/resource/kubernetes_resource.go index 0c1f9d90d..cbafdaf01 100644 --- a/controller/resource/kubernetes_resource.go +++ b/controller/resource/kubernetes_resource.go @@ -1154,25 +1154,25 @@ func xlateConfigMap(obj metav1.Object) (string, interface{}) { return "", nil } -func xlateMutatingWebhookConfiguration(obj metav1.Object) (string, interface{}) { - var name string - var guid string - if o, ok := obj.(*admregv1.MutatingWebhookConfiguration); ok { - name = o.GetName() - guid = string(o.GetUID()) - } else if o, ok := obj.(*admregv1b1.MutatingWebhookConfiguration); ok { - name = o.GetName() - guid = string(o.GetUID()) - } - if name != "" { - r := &AdmissionWebhookConfiguration{ - AdmType: nvAdmMutateType, - Name: name, - } - return guid, r - } - return "", nil -} +// func xlateMutatingWebhookConfiguration(obj metav1.Object) (string, interface{}) { +// var name string +// var guid string +// if o, ok := obj.(*admregv1.MutatingWebhookConfiguration); ok { +// name = o.GetName() +// guid = string(o.GetUID()) +// } else if o, ok := obj.(*admregv1b1.MutatingWebhookConfiguration); ok { +// name = o.GetName() +// guid = string(o.GetUID()) +// } +// if name != "" { +// r := &AdmissionWebhookConfiguration{ +// AdmType: nvAdmMutateType, +// Name: name, +// } +// return guid, r +// } +// return "", nil +// } func xlateValidatingWebhookConfiguration(obj metav1.Object) (string, interface{}) { var name string diff --git a/controller/resource/kubernetes_test.go b/controller/resource/kubernetes_test.go index f8f5644ed..cfd3302c9 100644 --- a/controller/resource/kubernetes_test.go +++ b/controller/resource/kubernetes_test.go @@ -18,11 +18,11 @@ import ( "github.com/neuvector/neuvector/share/utils" ) -func preTestDebug() { - log.SetOutput(os.Stdout) - log.SetFormatter(&utils.LogFormatter{Module: "TEST"}) - log.SetLevel(log.DebugLevel) -} +// func preTestDebug() { +// log.SetOutput(os.Stdout) +// log.SetFormatter(&utils.LogFormatter{Module: "TEST"}) +// log.SetLevel(log.DebugLevel) +// } func preTest() { log.SetOutput(os.Stdout) diff --git a/controller/resource/noop.go b/controller/resource/noop.go index fa07f7631..76a642d4b 100644 --- a/controller/resource/noop.go +++ b/controller/resource/noop.go @@ -17,17 +17,17 @@ type noop struct { lock sync.RWMutex } -func (d *noop) locateResourceCache(rt string, id string) interface{} { - d.lock.RLock() - defer d.lock.RUnlock() - if cache, ok := d.resCaches[rt]; !ok { - return nil - } else if old, ok := cache[id]; !ok { - return nil - } else { - return old - } -} +// func (d *noop) locateResourceCache(rt string, id string) interface{} { +// d.lock.RLock() +// defer d.lock.RUnlock() +// if cache, ok := d.resCaches[rt]; !ok { +// return nil +// } else if old, ok := cache[id]; !ok { +// return nil +// } else { +// return old +// } +// } // Return if object is created or modified, and the old object if exists. func (d *noop) updateResourceCache(rt string, id string, obj interface{}) (string, interface{}) { diff --git a/controller/rest/admission.go b/controller/rest/admission.go index 0e05607bc..a10a87fb4 100644 --- a/controller/rest/admission.go +++ b/controller/rest/admission.go @@ -30,10 +30,10 @@ import ( "github.com/neuvector/neuvector/share/utils" ) -const ( - _writeHeader = true - _noWriteHeader = false -) +// const ( +// _writeHeader = true +// _noWriteHeader = false +// ) type admissionRequestObject struct { ApiVersion string `json:"apiVersion,omitempty"` diff --git a/controller/rest/admwebhook.go b/controller/rest/admwebhook.go index 0e843f1b6..50abd0132 100644 --- a/controller/rest/admwebhook.go +++ b/controller/rest/admwebhook.go @@ -33,13 +33,11 @@ import ( "k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/apimachinery/pkg/types" - "github.com/neuvector/neuvector/controller/access" "github.com/neuvector/neuvector/controller/api" admission "github.com/neuvector/neuvector/controller/nvk8sapi/nvvalidatewebhookcfg" nvsysadmission "github.com/neuvector/neuvector/controller/nvk8sapi/nvvalidatewebhookcfg/admission" "github.com/neuvector/neuvector/controller/opa" "github.com/neuvector/neuvector/controller/resource" - "github.com/neuvector/neuvector/controller/rpc" "github.com/neuvector/neuvector/share" "github.com/neuvector/neuvector/share/global" "github.com/neuvector/neuvector/share/scan/secrets" @@ -51,10 +49,10 @@ const ( tlsClientCA = "/var/neuvector/clientCA.cert.pem" ) -const ( - admissionWebhookAnnotationStatusKey = "neuvector-mutating-admission-webhook/status" - admissionWebhookLabelKey = "neuvector-mutating-admission-webhook/label" -) +// const ( +// admissionWebhookAnnotationStatusKey = "neuvector-mutating-admission-webhook/status" +// admissionWebhookLabelKey = "neuvector-mutating-admission-webhook/label" +// ) const errFmtUnmarshall = "could not unmarshal raw %s object" @@ -1720,22 +1718,22 @@ func scanEnvVarSecrets(vars map[string]string) []share.ScanSecretLog { return slogs } -func updateToOtherControllers(docKey string, jsonData string) { - // call grpc - info := share.CLUSKubernetesResInfo{ - DocKey: docKey, - Data: jsonData, - } - - eps := cacher.GetAllControllerRPCEndpoints(access.NewReaderAccessControl()) - for _, ep := range eps { - log.WithFields(log.Fields{"ep.ClusterIP": ep.ClusterIP, "ClusterIP": localDev.Ctrler.ClusterIP}).Debug("updateToOtherControllers(grpc-client)") - - if ep.ClusterIP != localDev.Ctrler.ClusterIP { - go rpc.ReportK8SResToOPA(ep.ClusterIP, ep.RPCServerPort, info) - } - } -} +// func updateToOtherControllers(docKey string, jsonData string) { +// // call grpc +// info := share.CLUSKubernetesResInfo{ +// DocKey: docKey, +// Data: jsonData, +// } + +// eps := cacher.GetAllControllerRPCEndpoints(access.NewReaderAccessControl()) +// for _, ep := range eps { +// log.WithFields(log.Fields{"ep.ClusterIP": ep.ClusterIP, "ClusterIP": localDev.Ctrler.ClusterIP}).Debug("updateToOtherControllers(grpc-client)") + +// if ep.ClusterIP != localDev.Ctrler.ClusterIP { +// go rpc.ReportK8SResToOPA(ep.ClusterIP, ep.RPCServerPort, info) +// } +// } +// } func ReportK8SResToOPA(info *share.CLUSKubernetesResInfo) { docKey := info.DocKey diff --git a/controller/rest/auth.go b/controller/rest/auth.go index 2eeaa6f1c..7c8c62165 100644 --- a/controller/rest/auth.go +++ b/controller/rest/auth.go @@ -155,17 +155,17 @@ const ( userNoPlatformAuth ) -const ( - jwtRegularTokenType = iota - jwtFedMasterTokenType -) +// const ( +// jwtRegularTokenType = iota +// jwtFedMasterTokenType +// ) const loginTypeApikey int = 1 var rancherCookieCache = make(map[string]int64) // key is rancher cookie, value is seconds since the epoch(ValidUntil) var rancherCookieMutex sync.RWMutex -var installID *string +// var installID *string func GetJWTSigningKey() JWTCertificateState { jwtKeyMutex.RLock() diff --git a/controller/rest/crdsecurityrule.go b/controller/rest/crdsecurityrule.go index a01acd73e..0bb46a42d 100644 --- a/controller/rest/crdsecurityrule.go +++ b/controller/rest/crdsecurityrule.go @@ -43,9 +43,9 @@ type nvCrdHandler struct { lockKey string crUid string // metadata.uid in the CR object mdName string // metadata.name in the CR object - rscType string - lock cluster.LockInterface - acc *access.AccessControl + // rscType string + lock cluster.LockInterface + acc *access.AccessControl } func (h *nvCrdHandler) Init(lockKey string) { diff --git a/controller/rest/csp_billing_adapter.go b/controller/rest/csp_billing_adapter.go index 345d98b95..a76f0a436 100644 --- a/controller/rest/csp_billing_adapter.go +++ b/controller/rest/csp_billing_adapter.go @@ -167,8 +167,8 @@ func handlerCspSupportExport(w http.ResponseWriter, r *http.Request, ps httprout } } -func handlerHealthCheck(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - defer r.Body.Close() +// func handlerHealthCheck(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { +// defer r.Body.Close() - restRespSuccess(w, r, nil, nil, nil, nil, "") -} +// restRespSuccess(w, r, nil, nil, nil, nil, "") +// } diff --git a/controller/rest/device.go b/controller/rest/device.go index 6958c8921..df331cd93 100644 --- a/controller/rest/device.go +++ b/controller/rest/device.go @@ -17,7 +17,7 @@ import ( "github.com/neuvector/neuvector/share/cluster" ) -const clusterWaitPeriod int = 5 +// const clusterWaitPeriod int = 5 func handlerControllerList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { log.WithFields(log.Fields{"URL": r.URL.String()}).Debug("") diff --git a/controller/rest/federation.go b/controller/rest/federation.go index 00275b3df..538f8a96c 100644 --- a/controller/rest/federation.go +++ b/controller/rest/federation.go @@ -177,7 +177,7 @@ var _clusterStatusMap = map[int]string{ _fedClusterJoinPending: api.FedStatusClusterPending, } -var ibmSACfg share.CLUSIBMSAConfig +// var ibmSACfg share.CLUSIBMSAConfig func LeadChangeNotify(leader bool) { log.WithFields(log.Fields{"isLeader": leader, "_isLeader": _isLeader}).Info() @@ -3342,9 +3342,10 @@ func handlerFedHealthCheck(w http.ResponseWriter, r *http.Request, ps httprouter var forbiddenFwUrl = map[string][]string{ "/v1/fed_auth": {http.MethodPost, http.MethodDelete}, } -var forbiddenFwUrlPrefix = map[string][]string{ - "/v1/auth/": {http.MethodPost, http.MethodDelete}, -} + +// var forbiddenFwUrlPrefix = map[string][]string{ +// "/v1/auth/": {http.MethodPost, http.MethodDelete}, +// } type tForbiddenFwUrlInfo struct { url string diff --git a/controller/rest/group.go b/controller/rest/group.go index 2591430bd..f5d061386 100644 --- a/controller/rest/group.go +++ b/controller/rest/group.go @@ -808,17 +808,17 @@ func handlerGroupConfig(w http.ResponseWriter, r *http.Request, ps httprouter.Pa } // Must read from cluster instead of cache. -func isGroupInUse(name string) bool { - crhs := clusHelper.GetPolicyRuleList() - for _, crh := range crhs { - if r, _ := clusHelper.GetPolicyRule(crh.ID); r != nil { - if r.From == name || r.To == name { - return true - } - } - } - return false -} +// func isGroupInUse(name string) bool { +// crhs := clusHelper.GetPolicyRuleList() +// for _, crh := range crhs { +// if r, _ := clusHelper.GetPolicyRule(crh.ID); r != nil { +// if r.From == name || r.To == name { +// return true +// } +// } +// } +// return false +// } func handlerGroupDelete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { log.WithFields(log.Fields{"URL": r.URL.String()}).Debug() diff --git a/controller/rest/ibmsa.go b/controller/rest/ibmsa.go index 04d05c195..0d4cdd2d6 100644 --- a/controller/rest/ibmsa.go +++ b/controller/rest/ibmsa.go @@ -180,10 +180,10 @@ type ibmsaNote struct { Section *ibmsaSection `json:"section,omitempty"` } -type ibmsaNotes struct { - Notes []ibmsaNote `json:"notes"` - NextPageToken string `json:"next_page_token"` -} +// type ibmsaNotes struct { +// Notes []ibmsaNote `json:"notes"` +// NextPageToken string `json:"next_page_token"` +// } type ibmsaMetadata struct { Notes []ibmsaNote `json:"notes"` diff --git a/controller/rest/license.go b/controller/rest/license.go index c891fffa8..5193adca3 100644 --- a/controller/rest/license.go +++ b/controller/rest/license.go @@ -13,36 +13,35 @@ import ( "github.com/neuvector/neuvector/controller/common" "github.com/neuvector/neuvector/share" "github.com/neuvector/neuvector/share/cluster" - "github.com/neuvector/neuvector/share/licenseinfo" "github.com/neuvector/neuvector/share/utils" ) -func validateLicenseReq(req *api.RESTLicenseRequest) error { - /* Todo: more input validation */ - if req.Email == "" { - return fmt.Errorf("Missing required field") - } - return nil -} - -func reqLicense(req *api.RESTLicenseRequest) string { - log.WithFields(log.Fields{"req": req}).Debug() - - info := &api.RESTLicenseInfo{ - Name: req.Name, - Email: req.Email, - Phone: req.Phone, - ID: localDev.Host.ID, - } - - val, _ := json.Marshal(info) - if ret, err := licenseinfo.EncryptToBase64(utils.GetLicenseSymKey(), val); err != nil { - log.WithFields(log.Fields{"err": err}).Error("encrypt error") - return "" - } else { - return ret - } -} +// func validateLicenseReq(req *api.RESTLicenseRequest) error { +// /* Todo: more input validation */ +// if req.Email == "" { +// return fmt.Errorf("Missing required field") +// } +// return nil +// } + +// func reqLicense(req *api.RESTLicenseRequest) string { +// log.WithFields(log.Fields{"req": req}).Debug() + +// info := &api.RESTLicenseInfo{ +// Name: req.Name, +// Email: req.Email, +// Phone: req.Phone, +// ID: localDev.Host.ID, +// } + +// val, _ := json.Marshal(info) +// if ret, err := licenseinfo.EncryptToBase64(utils.GetLicenseSymKey(), val); err != nil { +// log.WithFields(log.Fields{"err": err}).Error("encrypt error") +// return "" +// } else { +// return ret +// } +// } func handlerLicenseShow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { log.WithFields(log.Fields{"URL": r.URL.String()}).Debug("") diff --git a/controller/rest/mock_test.go b/controller/rest/mock_test.go index e09b724f7..eea61553b 100644 --- a/controller/rest/mock_test.go +++ b/controller/rest/mock_test.go @@ -493,13 +493,13 @@ func mockLoginUser(name, role, fedRole string, roleDomains map[string][]string) var router *httprouter.Router -func preTestDebug() { - log.SetOutput(os.Stdout) - log.SetFormatter(&utils.LogFormatter{Module: "TEST"}) - log.SetLevel(log.DebugLevel) - initTest() - access.CompileUriPermitsMapping() -} +// func preTestDebug() { +// log.SetOutput(os.Stdout) +// log.SetFormatter(&utils.LogFormatter{Module: "TEST"}) +// log.SetLevel(log.DebugLevel) +// initTest() +// access.CompileUriPermitsMapping() +// } func preTest() { log.SetOutput(os.Stdout) @@ -744,17 +744,17 @@ func loginServerToken(token, server string) *mockResponseWriter { return w } -func loginServerGetSLORedirectURL(token, server string) *mockResponseWriter { - w := new(mockResponseWriter) - data := api.RESTTokenRedirect{ - Redirect: "https://localhost/samlslo", - } - body, _ := json.Marshal(data) - r, _ := http.NewRequest("GET", "/v1/token_auth_server/"+server+"/slo", bytes.NewBuffer(body)) - r.Header.Add("X-Auth-Token", token) - router.ServeHTTP(w, r) - return w -} +// func loginServerGetSLORedirectURL(token, server string) *mockResponseWriter { +// w := new(mockResponseWriter) +// data := api.RESTTokenRedirect{ +// Redirect: "https://localhost/samlslo", +// } +// body, _ := json.Marshal(data) +// r, _ := http.NewRequest("GET", "/v1/token_auth_server/"+server+"/slo", bytes.NewBuffer(body)) +// r.Header.Add("X-Auth-Token", token) +// router.ServeHTTP(w, r) +// return w +// } func logout(token string) *mockResponseWriter { w := new(mockResponseWriter) diff --git a/controller/rest/policy.go b/controller/rest/policy.go index 549bad078..5eabeaee9 100644 --- a/controller/rest/policy.go +++ b/controller/rest/policy.go @@ -508,14 +508,14 @@ func policyRule2Cluster(r *api.RESTPolicyRule) *share.CLUSPolicyRule { return rule } -func policyRuleConf2Cluster(r *api.RESTPolicyRuleConfig) *share.CLUSPolicyRule { - return &share.CLUSPolicyRule{ - ID: r.ID, - Comment: *r.Comment, - From: *r.From, - To: *r.To, - } -} +// func policyRuleConf2Cluster(r *api.RESTPolicyRuleConfig) *share.CLUSPolicyRule { +// return &share.CLUSPolicyRule{ +// ID: r.ID, +// Comment: *r.Comment, +// From: *r.From, +// To: *r.To, +// } +// } func deletePolicyRules(txn *cluster.ClusterTransact, dels utils.Set) { for id := range dels.Iter() { diff --git a/controller/rest/pwd_profile.go b/controller/rest/pwd_profile.go index 771f1c1c9..d5b0cdb95 100644 --- a/controller/rest/pwd_profile.go +++ b/controller/rest/pwd_profile.go @@ -20,83 +20,83 @@ const _pwdValidPerDayUnit = 1440 var _pwdValidUnit time.Duration = _pwdValidPerDayUnit // default: per day -func handlerPwdProfileCreate(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - log.WithFields(log.Fields{"URL": r.URL.String()}).Debug() - defer r.Body.Close() - - acc, login := getAccessControl(w, r, "") - if acc == nil { - return - } else if !acc.Authorize(&share.CLUSPwdProfile{}, nil) { - restRespAccessDenied(w, login) - return - } - - // Read body - body, _ := io.ReadAll(r.Body) - - var rconf api.RESTPwdProfileData - err := json.Unmarshal(body, &rconf) - if err != nil || rconf.PwdProfile == nil || rconf.PwdProfile.Name == share.CLUSSysPwdProfileName { - log.WithFields(log.Fields{"error": err}).Error("Request error") - restRespError(w, http.StatusBadRequest, api.RESTErrInvalidRequest) - return - } - - rprofile := rconf.PwdProfile - if rprofile.SessionTimeout == 0 { - rprofile.SessionTimeout = common.DefIdleTimeoutInternal - } - if rprofile.MinLen <= 0 || rprofile.MinUpperCount < 0 || rprofile.MinLowerCount < 0 || rprofile.MinDigitCount < 0 || rprofile.MinSpecialCount < 0 || - (rprofile.EnablePwdExpiration && rprofile.PwdExpireAfterDays <= 0) || - (rprofile.EnablePwdHistory && rprofile.PwdHistoryCount <= 0) || - (rprofile.EnableBlockAfterFailedLogin && (rprofile.BlockAfterFailedCount <= 0 || rprofile.BlockMinutes <= 0)) || - (rprofile.MinLen < (rprofile.MinUpperCount + rprofile.MinLowerCount + rprofile.MinDigitCount + rprofile.MinSpecialCount)) || - (rprofile.SessionTimeout > api.UserIdleTimeoutMax || rprofile.SessionTimeout < api.UserIdleTimeoutMin) { - restRespErrorMessage(w, http.StatusBadRequest, api.RESTErrInvalidRequest, "invalid value") - return - } - - profile := share.CLUSPwdProfile{ - Name: rprofile.Name, - Comment: rprofile.Comment, - MinLen: rprofile.MinLen, - MinUpperCount: rprofile.MinUpperCount, - MinLowerCount: rprofile.MinLowerCount, - MinDigitCount: rprofile.MinDigitCount, - MinSpecialCount: rprofile.MinSpecialCount, - EnablePwdExpiration: rprofile.EnablePwdExpiration, - PwdExpireAfterDays: rprofile.PwdExpireAfterDays, - EnablePwdHistory: rprofile.EnablePwdHistory, - PwdHistoryCount: rprofile.PwdHistoryCount, - EnableBlockAfterFailedLogin: rprofile.EnableBlockAfterFailedLogin, - BlockAfterFailedCount: rprofile.BlockAfterFailedCount, - BlockMinutes: rprofile.BlockMinutes, - SessionTimeout: rprofile.SessionTimeout, - } - if profile.PwdHistoryCount > _maxPwdHistoryCount { - profile.PwdHistoryCount = _maxPwdHistoryCount - } - - var lock cluster.LockInterface - if lock, err = lockClusKey(w, share.CLUSLockUserKey); err != nil { - return - } - defer clusHelper.ReleaseLock(lock) - - // Check if profile already exists - if profileExisting, _, _ := clusHelper.GetPwdProfileRev(rprofile.Name, acc); profileExisting != nil { - e := "password profile already exists" - log.WithFields(log.Fields{"create": rprofile.Name}).Error(e) - restRespErrorMessage(w, http.StatusBadRequest, api.RESTErrDuplicateName, e) - return - } else if err := clusHelper.PutPwdProfileRev(&profile, 0); err != nil { - restRespError(w, http.StatusInternalServerError, api.RESTErrFailWriteCluster) - return - } - - restRespSuccess(w, r, nil, acc, login, &rprofile, "Create password profile") -} +// func handlerPwdProfileCreate(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { +// log.WithFields(log.Fields{"URL": r.URL.String()}).Debug() +// defer r.Body.Close() + +// acc, login := getAccessControl(w, r, "") +// if acc == nil { +// return +// } else if !acc.Authorize(&share.CLUSPwdProfile{}, nil) { +// restRespAccessDenied(w, login) +// return +// } + +// // Read body +// body, _ := io.ReadAll(r.Body) + +// var rconf api.RESTPwdProfileData +// err := json.Unmarshal(body, &rconf) +// if err != nil || rconf.PwdProfile == nil || rconf.PwdProfile.Name == share.CLUSSysPwdProfileName { +// log.WithFields(log.Fields{"error": err}).Error("Request error") +// restRespError(w, http.StatusBadRequest, api.RESTErrInvalidRequest) +// return +// } + +// rprofile := rconf.PwdProfile +// if rprofile.SessionTimeout == 0 { +// rprofile.SessionTimeout = common.DefIdleTimeoutInternal +// } +// if rprofile.MinLen <= 0 || rprofile.MinUpperCount < 0 || rprofile.MinLowerCount < 0 || rprofile.MinDigitCount < 0 || rprofile.MinSpecialCount < 0 || +// (rprofile.EnablePwdExpiration && rprofile.PwdExpireAfterDays <= 0) || +// (rprofile.EnablePwdHistory && rprofile.PwdHistoryCount <= 0) || +// (rprofile.EnableBlockAfterFailedLogin && (rprofile.BlockAfterFailedCount <= 0 || rprofile.BlockMinutes <= 0)) || +// (rprofile.MinLen < (rprofile.MinUpperCount + rprofile.MinLowerCount + rprofile.MinDigitCount + rprofile.MinSpecialCount)) || +// (rprofile.SessionTimeout > api.UserIdleTimeoutMax || rprofile.SessionTimeout < api.UserIdleTimeoutMin) { +// restRespErrorMessage(w, http.StatusBadRequest, api.RESTErrInvalidRequest, "invalid value") +// return +// } + +// profile := share.CLUSPwdProfile{ +// Name: rprofile.Name, +// Comment: rprofile.Comment, +// MinLen: rprofile.MinLen, +// MinUpperCount: rprofile.MinUpperCount, +// MinLowerCount: rprofile.MinLowerCount, +// MinDigitCount: rprofile.MinDigitCount, +// MinSpecialCount: rprofile.MinSpecialCount, +// EnablePwdExpiration: rprofile.EnablePwdExpiration, +// PwdExpireAfterDays: rprofile.PwdExpireAfterDays, +// EnablePwdHistory: rprofile.EnablePwdHistory, +// PwdHistoryCount: rprofile.PwdHistoryCount, +// EnableBlockAfterFailedLogin: rprofile.EnableBlockAfterFailedLogin, +// BlockAfterFailedCount: rprofile.BlockAfterFailedCount, +// BlockMinutes: rprofile.BlockMinutes, +// SessionTimeout: rprofile.SessionTimeout, +// } +// if profile.PwdHistoryCount > _maxPwdHistoryCount { +// profile.PwdHistoryCount = _maxPwdHistoryCount +// } + +// var lock cluster.LockInterface +// if lock, err = lockClusKey(w, share.CLUSLockUserKey); err != nil { +// return +// } +// defer clusHelper.ReleaseLock(lock) + +// // Check if profile already exists +// if profileExisting, _, _ := clusHelper.GetPwdProfileRev(rprofile.Name, acc); profileExisting != nil { +// e := "password profile already exists" +// log.WithFields(log.Fields{"create": rprofile.Name}).Error(e) +// restRespErrorMessage(w, http.StatusBadRequest, api.RESTErrDuplicateName, e) +// return +// } else if err := clusHelper.PutPwdProfileRev(&profile, 0); err != nil { +// restRespError(w, http.StatusInternalServerError, api.RESTErrFailWriteCluster) +// return +// } + +// restRespSuccess(w, r, nil, acc, login, &rprofile, "Create password profile") +// } func handlerPwdProfileShow(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { log.WithFields(log.Fields{"URL": r.URL.String()}).Debug() @@ -357,43 +357,43 @@ func handlerPwdProfileConfig(w http.ResponseWriter, r *http.Request, ps httprout restRespSuccess(w, r, nil, acc, login, &rconf, "Configure passport profile") } -func handlerPwdProfileDelete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - log.WithFields(log.Fields{"URL": r.URL.String()}).Debug() - defer r.Body.Close() - - acc, login := getAccessControl(w, r, "") - if acc == nil { - return - } else if !acc.Authorize(&share.CLUSPwdProfile{}, nil) { - restRespAccessDenied(w, login) - return - } - - errMsg := "" - name := ps.ByName("name") - if name == share.CLUSDefPwdProfileName || name == share.CLUSSysPwdProfileName { - errMsg = "Cannot delete reserved password profile" - } else if activeProfileName := clusHelper.GetActivePwdProfileName(); name == activeProfileName { - errMsg = "Cannot delete the active password profile" - } - if errMsg != "" { - log.WithFields(log.Fields{"profile": name}).Error(errMsg) - restRespErrorMessage(w, http.StatusForbidden, api.RESTErrOpNotAllowed, errMsg) - return - } - - var err error - var lock cluster.LockInterface - if lock, err = lockClusKey(w, share.CLUSLockUserKey); err != nil { - return - } - defer clusHelper.ReleaseLock(lock) - - if err := clusHelper.DeletePwdProfile(name); err != nil { - log.WithFields(log.Fields{"profile": name}).Error("get passport profile") - restRespErrorMessage(w, http.StatusInternalServerError, api.RESTErrFailWriteCluster, err.Error()) - return - } - - restRespSuccess(w, r, nil, acc, login, nil, "Delete password profile") -} +// func handlerPwdProfileDelete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { +// log.WithFields(log.Fields{"URL": r.URL.String()}).Debug() +// defer r.Body.Close() + +// acc, login := getAccessControl(w, r, "") +// if acc == nil { +// return +// } else if !acc.Authorize(&share.CLUSPwdProfile{}, nil) { +// restRespAccessDenied(w, login) +// return +// } + +// errMsg := "" +// name := ps.ByName("name") +// if name == share.CLUSDefPwdProfileName || name == share.CLUSSysPwdProfileName { +// errMsg = "Cannot delete reserved password profile" +// } else if activeProfileName := clusHelper.GetActivePwdProfileName(); name == activeProfileName { +// errMsg = "Cannot delete the active password profile" +// } +// if errMsg != "" { +// log.WithFields(log.Fields{"profile": name}).Error(errMsg) +// restRespErrorMessage(w, http.StatusForbidden, api.RESTErrOpNotAllowed, errMsg) +// return +// } + +// var err error +// var lock cluster.LockInterface +// if lock, err = lockClusKey(w, share.CLUSLockUserKey); err != nil { +// return +// } +// defer clusHelper.ReleaseLock(lock) + +// if err := clusHelper.DeletePwdProfile(name); err != nil { +// log.WithFields(log.Fields{"profile": name}).Error("get passport profile") +// restRespErrorMessage(w, http.StatusInternalServerError, api.RESTErrFailWriteCluster, err.Error()) +// return +// } + +// restRespSuccess(w, r, nil, acc, login, nil, "Delete password profile") +// } diff --git a/controller/rest/registry.go b/controller/rest/registry.go index 41b64596a..cd66419d1 100644 --- a/controller/rest/registry.go +++ b/controller/rest/registry.go @@ -1184,19 +1184,19 @@ func handlerRegistryDelete(w http.ResponseWriter, r *http.Request, ps httprouter restRespSuccess(w, r, nil, acc, login, nil, "Registry delete") } -func diffStringSlices(a, b []string) []string { - mb := make(map[string]struct{}, len(b)) - for _, x := range b { - mb[x] = struct{}{} - } - var diff []string - for _, x := range a { - if _, found := mb[x]; !found { - diff = append(diff, x) - } - } - return diff -} +// func diffStringSlices(a, b []string) []string { +// mb := make(map[string]struct{}, len(b)) +// for _, x := range b { +// mb[x] = struct{}{} +// } +// var diff []string +// for _, x := range a { +// if _, found := mb[x]; !found { +// diff = append(diff, x) +// } +// } +// return diff +// } // called by managed clusters func replaceFedRegistryConfig(newRegs []*share.CLUSRegistryConfig) bool { diff --git a/controller/rest/registry_kits.go b/controller/rest/registry_kits.go index 5acacfe77..97decbd93 100644 --- a/controller/rest/registry_kits.go +++ b/controller/rest/registry_kits.go @@ -103,9 +103,9 @@ const ( regTestLongPollTimeout = time.Second * 30 ) -type imageSchema struct { - Version int `json:"schemaVersion"` -} +// type imageSchema struct { +// Version int `json:"schemaVersion"` +// } var regTestMgr *longpollManyMgr var regTestMap map[string]*regTestTask @@ -122,9 +122,9 @@ type regTracer struct { isManifest bool } -func (t regTracer) format(m string) string { - return fmt.Sprintf("%.[2]*[1]s", m, maxMessageSize) -} +// func (t regTracer) format(m string) string { +// return fmt.Sprintf("%.[2]*[1]s", m, maxMessageSize) +// } func (t *regTracer) SetPhase(message string) { t.steps = append(t.steps, &api.RESTRegistryTestStep{ diff --git a/controller/rest/rest.go b/controller/rest/rest.go index f4220173f..86e69a602 100644 --- a/controller/rest/rest.go +++ b/controller/rest/rest.go @@ -68,6 +68,7 @@ const gzipThreshold = 1200 // On most Ethernet NICs MTU is 1500 bytes. Let's giv var evqueue cluster.ObjectQueueInterface var auditQueue cluster.ObjectQueueInterface + var messenger cluster.MessengerInterface var clusHelper kv.ClusterHelper var cfgHelper kv.ConfigHelper @@ -79,6 +80,7 @@ var k8sPlatform bool var fedRestServerMutex sync.Mutex var fedRestServerState uint64 + var crdEventProcTicker *time.Ticker var dockerRegistries utils.Set @@ -96,7 +98,7 @@ var _restPort uint var _fedPort uint var _fedServerChan chan bool -var _licSigKeyEnv int +// var _licSigKeyEnv int var _teleNeuvectorURL string var _teleFreq uint @@ -1026,10 +1028,10 @@ func getNewestVersion(vers utils.Set) string { return newest } -func isIDStringValid(name string) bool { - valid, _ := regexp.MatchString("^[.a-zA-Z0-9_-]*$", name) - return valid -} +// func isIDStringValid(name string) bool { +// valid, _ := regexp.MatchString("^[.a-zA-Z0-9_-]*$", name) +// return valid +// } func isObjectNameValid(name string) bool { // Object name must starts with letters or digits diff --git a/controller/rest/server.go b/controller/rest/server.go index 6d367a2a9..a7daaa77f 100644 --- a/controller/rest/server.go +++ b/controller/rest/server.go @@ -59,9 +59,9 @@ func isPasswordAuthServer(s *share.CLUSServer) bool { return s.LDAP != nil } -func isTokenAuthServer(s *share.CLUSServer) bool { - return s.SAML != nil || s.OIDC != nil -} +// func isTokenAuthServer(s *share.CLUSServer) bool { +// return s.SAML != nil || s.OIDC != nil +// } func isAuthServer(s *share.CLUSServer) bool { return s.LDAP != nil || s.SAML != nil || s.OIDC != nil diff --git a/controller/rest/vulasset_perf.go b/controller/rest/vulasset_perf.go index e69bc81cc..9f26edea6 100644 --- a/controller/rest/vulasset_perf.go +++ b/controller/rest/vulasset_perf.go @@ -3,11 +3,8 @@ package rest import ( "encoding/json" "fmt" - "math/rand" "strings" - "time" - "github.com/neuvector/neuvector/controller/api" "github.com/neuvector/neuvector/db" scanUtils "github.com/neuvector/neuvector/share/scan" "github.com/neuvector/neuvector/share/utils" @@ -28,20 +25,20 @@ func perf_createDummyVulAssets(q *db.VulQueryFilter) error { return nil } -func perf_randomSelectVuls(vuls []*api.RESTVulnerability, count int) []*api.RESTVulnerability { - // Seed the random number generator with the current time - rand.Seed(time.Now().UnixNano()) +// func perf_randomSelectVuls(vuls []*api.RESTVulnerability, count int) []*api.RESTVulnerability { +// // Seed the random number generator with the current time +// rand.Seed(time.Now().UnixNano()) - // Define the maximum value (exclusive) - maxValue := len(vuls) +// // Define the maximum value (exclusive) +// maxValue := len(vuls) - results := make([]*api.RESTVulnerability, 0) - for i := 0; i < count; i++ { - randomNumber := rand.Intn(maxValue) - results = append(results, vuls[randomNumber]) - } - return results -} +// results := make([]*api.RESTVulnerability, 0) +// for i := 0; i < count; i++ { +// randomNumber := rand.Intn(maxValue) +// results = append(results, vuls[randomNumber]) +// } +// return results +// } // "upstream:CVE-2015-8324" func _get_cvename(cvename string) string { diff --git a/controller/rest/workload.go b/controller/rest/workload.go index 29eb4647c..c4a88a768 100644 --- a/controller/rest/workload.go +++ b/controller/rest/workload.go @@ -19,7 +19,7 @@ import ( "github.com/neuvector/neuvector/share/utils" ) -const logsSizeLimit = 500 * 1000 +// const logsSizeLimit = 500 * 1000 func stats2REST(stats *share.CLUSStats) *api.RESTStats { r := &api.RESTStats{ diff --git a/controller/ruleid/rule_uuid.go b/controller/ruleid/rule_uuid.go index 376294ec6..99ace3413 100644 --- a/controller/ruleid/rule_uuid.go +++ b/controller/ruleid/rule_uuid.go @@ -39,7 +39,7 @@ const calculateInterval uint32 = 10 // /////// type uuidPRuleCache struct { - bInit bool + // bInit bool rwMutex sync.RWMutex // workitems @@ -54,7 +54,8 @@ type uuidPRuleCache struct { // //////// global cache stores in this file ////////// var uuidProcCache *uuidPRuleCache -var procHelper *ProcessRuleIDHelper + +// var procHelper *ProcessRuleIDHelper var funcGetGroupWithoutLock FuncGetGroupWithoutLock diff --git a/controller/ruleid/rule_uuid_test.go b/controller/ruleid/rule_uuid_test.go index 2677f0c4f..9e8b0ac44 100644 --- a/controller/ruleid/rule_uuid_test.go +++ b/controller/ruleid/rule_uuid_test.go @@ -228,25 +228,26 @@ func TestDeleteProcGroup(t *testing.T) { } } -func testAddProcRulesMemoryLoop(t *testing.T) { - pworker, pp := testSetup(100000) - - accAdmin := access.NewAdminAccessControl() - - for { - pworker.handleProcessProfile(pp, false, accAdmin) - time.Sleep(time.Millisecond * 10) - } - - // verify by lookup uuid - for i, ppe := range pp.Process { - if pRule, ok := pworker.findProcessRule(ppe.Uuid, accAdmin); ok { - // t.Logf("ppe[%d]: %v, %v, %v", i, ppe.Uuid, pRule.rule.Name, pRule.rule.Path) - if pRule.Rule.Name != ppe.Name || pRule.Rule.Path != ppe.Path { - t.Errorf("Mismatched[%d]: %v[%v], %v[%v]\n", i, pRule.Rule.Name, ppe.Name, pRule.Rule.Path, ppe.Path) - } - } else { - t.Errorf("Not found[%d]: %v\n", i, ppe.Uuid) - } - } -} +// Temporarily commented out since this test function is not currently in use. +// func testAddProcRulesMemoryLoop(t *testing.T) { +// pworker, pp := testSetup(100000) + +// accAdmin := access.NewAdminAccessControl() + +// for { +// pworker.handleProcessProfile(pp, false, accAdmin) +// time.Sleep(time.Millisecond * 10) +// } + +// // verify by lookup uuid +// for i, ppe := range pp.Process { +// if pRule, ok := pworker.findProcessRule(ppe.Uuid, accAdmin); ok { +// // t.Logf("ppe[%d]: %v, %v, %v", i, ppe.Uuid, pRule.rule.Name, pRule.rule.Path) +// if pRule.Rule.Name != ppe.Name || pRule.Rule.Path != ppe.Path { +// t.Errorf("Mismatched[%d]: %v[%v], %v[%v]\n", i, pRule.Rule.Name, ppe.Name, pRule.Rule.Path, ppe.Path) +// } +// } else { +// t.Errorf("Not found[%d]: %v\n", i, ppe.Uuid) +// } +// } +// } diff --git a/controller/scan/jfrog.go b/controller/scan/jfrog.go index 237865216..d93ab0197 100644 --- a/controller/scan/jfrog.go +++ b/controller/scan/jfrog.go @@ -50,11 +50,11 @@ type aqlFolder struct { Name string `json:"name"` } -type aqlRange struct { - Start int `json:"start_pos"` - End int `json:"end_post"` - Total int `json:"total"` -} +// type aqlRange struct { +// Start int `json:"start_pos"` +// End int `json:"end_post"` +// Total int `json:"total"` +// } type aqlFolderResult struct { Folders []aqlFolder `json:"results"` diff --git a/controller/scan/registry.go b/controller/scan/registry.go index 8044f2afa..f7999882c 100644 --- a/controller/scan/registry.go +++ b/controller/scan/registry.go @@ -1819,11 +1819,11 @@ func (rs *Registry) polling(ctx context.Context) { const maxRetry = 3 type regScanTask struct { - sctx *scanContext - reg *Registry - imageID string - retries int - cancel context.CancelFunc + sctx *scanContext + reg *Registry + imageID string + retries int + // cancel context.CancelFunc scanTypesRequired share.ScanTypeMap } diff --git a/controller/scan/registry_test.go b/controller/scan/registry_test.go index d570b3d48..2186b9275 100644 --- a/controller/scan/registry_test.go +++ b/controller/scan/registry_test.go @@ -14,16 +14,16 @@ import ( "github.com/neuvector/neuvector/share/utils" ) -type testDriver struct { - registryDriver -} +// type testDriver struct { +// registryDriver +// } -func (d *testDriver) Login(cfg *share.CLUSRegistryConfig) (bool, error) { - return false, nil -} +// func (d *testDriver) Login(cfg *share.CLUSRegistryConfig) (bool, error) { +// return false, nil +// } -func (d *testDriver) Logout() { -} +// func (d *testDriver) Logout() { +// } func preTest() { log.SetOutput(os.Stdout) @@ -38,11 +38,11 @@ func preTest() { smd = &scanMethod{isLeader: true, isScanner: true, scanLog: scanLog} } -func preTestDebug() { - preTest() - log.SetLevel(log.DebugLevel) - smd.scanLog.Level = log.DebugLevel -} +// func preTestDebug() { +// preTest() +// log.SetLevel(log.DebugLevel) +// smd.scanLog.Level = log.DebugLevel +// } func postTest() { log.SetLevel(log.DebugLevel) diff --git a/controller/scheduler/sch_test.go b/controller/scheduler/sch_test.go index 5658b5f40..83c9470ba 100644 --- a/controller/scheduler/sch_test.go +++ b/controller/scheduler/sch_test.go @@ -1,106 +1,100 @@ package scheduler -import ( - //"fmt" - "testing" - "time" - - "github.com/neuvector/neuvector/share/utils" -) - -var wheel *utils.TimerWheel -var scher Schd - -const testTick = time.Millisecond * 50 -const testMilliTick = time.Microsecond * 50 - -type workerFunc func(id string, life time.Duration) - -type task struct { - id string - timer string - expired bool - runs int - worker workerFunc - life int - timeout int -} - -func (t *task) Key() string { - return t.id -} - -func (t *task) Priority() Priority { - return PriorityLow -} - -func (t *task) Print(msg string) { -} - -func (t *task) StartTimer() { - t.timer, _ = wheel.AddTask(t, testTick*time.Duration(t.timeout)) -} - -func (t *task) CancelTimer() { - if t.timer != "" { - wheel.RemoveTask(t.timer) - } -} - -func (t *task) Handler(proc string) Action { - t.runs++ - go t.worker(t.id, testTick*time.Duration(t.life)) - return TaskActionWait -} - -func (t *task) Expire() { - t.expired = true -} - -func workerNone(id string, life time.Duration) { - time.Sleep(life) -} - -func workerRequeue(t *task, life time.Duration) { - time.Sleep(life) - scher.TaskDone(t, TaskActionRequeue) -} - -func workerDone(t *task, life time.Duration) { - time.Sleep(life) - scher.TaskDone(t, TaskActionDone) -} - -func TestTimeout(t *testing.T) { - /* This test is timing-bound - wheel = utils.NewTimerWheelWithTick(testTick) - wheel.Start() - - scher.Init() - scher.AddProcessor("self") - - tk := &task{id: "1", timeout: 1, worker: workerDone, life: 2} - scher.AddTask(tk, PriorityLow, false) - time.Sleep(testTick * 3) - if tk.runs != 1 || !tk.expired || len(scher.taskQueueLow) != 0 { - t.Errorf("Error: runs=%d expired=%v tasks=%v\n", tk.runs, tk.expired, len(scher.taskQueueLow)) - } - scher.ClearTaskQueue(PriorityLow) - - tk = &task{id: "2", timeout: 5, worker: workerRequeue, life: 1} - scher.AddTask(tk, PriorityLow, false) - time.Sleep(testMilliTick * 3500) - if tk.runs != 4 || tk.expired || len(scher.taskQueueLow) != 0 { - t.Errorf("Error: runs=%d expired=%v tasks=%v\n", tk.runs, tk.expired, len(scher.taskQueueLow)) - } - scher.ClearTaskQueue(PriorityLow) - - tk = &task{id: "3", timeout: 2, worker: workerNone, life: 1} - scher.AddTask(tk, PriorityLow, false) - time.Sleep(testTick * 3) - if tk.runs != 1 || !tk.expired || len(scher.taskQueueLow) != 1 { - t.Errorf("Error: runs=%d expired=%v tasks=%v\n", tk.runs, tk.expired, len(scher.taskQueueLow)) - } - scher.ClearTaskQueue(PriorityLow) - */ -} +// Temporarily commented out since this test function is not currently in use. + +// var wheel *utils.TimerWheel +// var scher Schd + +// const testTick = time.Millisecond * 50 +// const testMilliTick = time.Microsecond * 50 + +// type workerFunc func(id string, life time.Duration) + +// type task struct { +// id string +// timer string +// expired bool +// runs int +// worker workerFunc +// life int +// timeout int +// } + +// func (t *task) Key() string { +// return t.id +// } + +// func (t *task) Priority() Priority { +// return PriorityLow +// } + +// func (t *task) Print(msg string) { +// } + +// func (t *task) StartTimer() { +// t.timer, _ = wheel.AddTask(t, testTick*time.Duration(t.timeout)) +// } + +// func (t *task) CancelTimer() { +// if t.timer != "" { +// wheel.RemoveTask(t.timer) +// } +// } + +// func (t *task) Handler(proc string) Action { +// t.runs++ +// go t.worker(t.id, testTick*time.Duration(t.life)) +// return TaskActionWait +// } + +// func (t *task) Expire() { +// t.expired = true +// } + +// func workerNone(id string, life time.Duration) { +// time.Sleep(life) +// } + +// func workerRequeue(t *task, life time.Duration) { +// time.Sleep(life) +// scher.TaskDone(t, TaskActionRequeue) +// } + +// func workerDone(t *task, life time.Duration) { +// time.Sleep(life) +// scher.TaskDone(t, TaskActionDone) +// } + +// func TestTimeout(t *testing.T) { +// /* This test is timing-bound +// wheel = utils.NewTimerWheelWithTick(testTick) +// wheel.Start() + +// scher.Init() +// scher.AddProcessor("self") + +// tk := &task{id: "1", timeout: 1, worker: workerDone, life: 2} +// scher.AddTask(tk, PriorityLow, false) +// time.Sleep(testTick * 3) +// if tk.runs != 1 || !tk.expired || len(scher.taskQueueLow) != 0 { +// t.Errorf("Error: runs=%d expired=%v tasks=%v\n", tk.runs, tk.expired, len(scher.taskQueueLow)) +// } +// scher.ClearTaskQueue(PriorityLow) + +// tk = &task{id: "2", timeout: 5, worker: workerRequeue, life: 1} +// scher.AddTask(tk, PriorityLow, false) +// time.Sleep(testMilliTick * 3500) +// if tk.runs != 4 || tk.expired || len(scher.taskQueueLow) != 0 { +// t.Errorf("Error: runs=%d expired=%v tasks=%v\n", tk.runs, tk.expired, len(scher.taskQueueLow)) +// } +// scher.ClearTaskQueue(PriorityLow) + +// tk = &task{id: "3", timeout: 2, worker: workerNone, life: 1} +// scher.AddTask(tk, PriorityLow, false) +// time.Sleep(testTick * 3) +// if tk.runs != 1 || !tk.expired || len(scher.taskQueueLow) != 1 { +// t.Errorf("Error: runs=%d expired=%v tasks=%v\n", tk.runs, tk.expired, len(scher.taskQueueLow)) +// } +// scher.ClearTaskQueue(PriorityLow) +// */ +// }