syncable_cli/analyzer/kubelint/
pragma.rs

1//! Annotation-based rule ignoring.
2//!
3//! Supports `ignore-check.kube-linter.io/<check-name>` annotations
4//! to disable specific checks for individual objects.
5
6use crate::analyzer::kubelint::context::Object;
7use std::collections::HashSet;
8
9/// Prefix for kube-linter ignore annotations.
10const IGNORE_ANNOTATION_PREFIX: &str = "ignore-check.kube-linter.io/";
11
12/// Extract the set of ignored check names from an object's annotations.
13pub fn get_ignored_checks(obj: &Object) -> HashSet<String> {
14    let mut ignored = HashSet::new();
15
16    if let Some(annotations) = obj.annotations() {
17        for key in annotations.keys() {
18            if let Some(check_name) = key.strip_prefix(IGNORE_ANNOTATION_PREFIX) {
19                ignored.insert(check_name.to_string());
20            }
21        }
22    }
23
24    ignored
25}
26
27/// Check if a specific check should be ignored for an object.
28pub fn should_ignore_check(obj: &Object, check_name: &str) -> bool {
29    if let Some(annotations) = obj.annotations() {
30        let annotation_key = format!("{}{}", IGNORE_ANNOTATION_PREFIX, check_name);
31        annotations.contains_key(&annotation_key)
32    } else {
33        false
34    }
35}
36
37#[cfg(test)]
38mod tests {
39    use super::*;
40    use crate::analyzer::kubelint::context::object::*;
41    use crate::analyzer::kubelint::context::{K8sObject, ObjectMetadata};
42    use std::collections::BTreeMap;
43
44    fn make_object_with_annotations(annotations: BTreeMap<String, String>) -> Object {
45        Object::new(
46            ObjectMetadata::from_file("test.yaml"),
47            K8sObject::Deployment(Box::new(DeploymentData {
48                name: "test".to_string(),
49                annotations: Some(annotations),
50                ..Default::default()
51            })),
52        )
53    }
54
55    #[test]
56    fn test_get_ignored_checks() {
57        let mut annotations = BTreeMap::new();
58        annotations.insert(
59            "ignore-check.kube-linter.io/privileged-container".to_string(),
60            "".to_string(),
61        );
62        annotations.insert(
63            "ignore-check.kube-linter.io/latest-tag".to_string(),
64            "reason".to_string(),
65        );
66        annotations.insert("other-annotation".to_string(), "value".to_string());
67
68        let obj = make_object_with_annotations(annotations);
69        let ignored = get_ignored_checks(&obj);
70
71        assert!(ignored.contains("privileged-container"));
72        assert!(ignored.contains("latest-tag"));
73        assert_eq!(ignored.len(), 2);
74    }
75
76    #[test]
77    fn test_should_ignore_check() {
78        let mut annotations = BTreeMap::new();
79        annotations.insert(
80            "ignore-check.kube-linter.io/privileged-container".to_string(),
81            "".to_string(),
82        );
83
84        let obj = make_object_with_annotations(annotations);
85
86        assert!(should_ignore_check(&obj, "privileged-container"));
87        assert!(!should_ignore_check(&obj, "latest-tag"));
88    }
89}
syncable_cli/analyzer/kubelint/pragma.rs

syncable_cli/analyzer/kubelint/
pragma.rs
