chore: fixing up tests

Signed-off-by: Alex Jones <alexsimonjones@gmail.com>

pkg/analyzer/cronjob.go

@@ -11,30 +11,28 @@ import (
 
 type CronJobAnalyzer struct{}
 
-func (analyzer CronJobAnalyzer) Analyze(config common.Analyzer) ([]common.Result, error) {
+func (analyzer CronJobAnalyzer) Analyze(a common.Analyzer) ([]common.Result, error) {
 	var results []common.Result
 
-	cronJobList, err := config.Client.GetClient().BatchV1().CronJobs("").List(config.Context, v1.ListOptions{})
+	cronJobList, err := a.Client.GetClient().BatchV1().CronJobs("").List(a.Context, v1.ListOptions{})
 	if err != nil {
 		return results, err
 	}
 
-	for _, cronJob := range cronJobList.Items {
+	var preAnalysis = map[string]common.PreAnalysis{}
-		result := common.Result{
-			Kind: "CronJob",
-			Name: cronJob.Name,
-		}
 
+	for _, cronJob := range cronJobList.Items {
+		var failures []common.Failure
 		if cronJob.Spec.Suspend != nil && *cronJob.Spec.Suspend {
-			result.Error = append(result.Error, common.Failure{
+			failures = append(failures, common.Failure{
 				Text:      fmt.Sprintf("CronJob %s is suspended", cronJob.Name),
 				Sensitive: []common.Sensitive{},
 			})
 		} else {
 			// check the schedule format
 			if _, err := CheckCronScheduleIsValid(cronJob.Spec.Schedule); err != nil {
-				result.Error = append(result.Error, common.Failure{
+				failures = append(failures, common.Failure{
-					Text:      fmt.Sprintf("CronJob %s has an invalid schedule: %s", cronJob.Name, cronJob.Spec.Schedule),
+					Text:      fmt.Sprintf("CronJob %s has an invalid schedule: %s", cronJob.Name, err.Error()),
 					Sensitive: []common.Sensitive{},
 				})
 			}
@@ -44,25 +42,34 @@ func (analyzer CronJobAnalyzer) Analyze(config common.Analyzer) ([]common.Result
 				deadline := time.Duration(*cronJob.Spec.StartingDeadlineSeconds) * time.Second
 				if deadline < 0 {
 
-					result = common.Result{
+					failures = append(failures, common.Failure{
-						Kind: "CronJob",
+						Text:      fmt.Sprintf("CronJob %s has a negative starting deadline", cronJob.Name),
-						Name: cronJob.Name,
+						Sensitive: []common.Sensitive{},
-						Error: []common.Failure{
+					})
-							{
-								Text:      fmt.Sprintf("CronJob %s has a negative starting deadline: %d seconds", cronJob.Name, *cronJob.Spec.StartingDeadlineSeconds),
-								Sensitive: []common.Sensitive{},
-							},
-						},
-					}
 
 				}
 			}
 
 		}
-		results = append(results, result)
+
+		if len(failures) > 0 {
+			preAnalysis[cronJob.Name] = common.PreAnalysis{
+				FailureDetails: failures,
+			}
+		}
+
+		for key, value := range preAnalysis {
+			currentAnalysis := common.Result{
+				Kind:         "CronJob",
+				Name:         key,
+				Error:        value.FailureDetails,
+				ParentObject: "",
+			}
+			a.Results = append(results, currentAnalysis)
+		}
 	}
 
-	return results, nil
+	return a.Results, nil
 }
 
 // Check CRON schedule format

pkg/analyzer/cronjob_test.go

@@ -66,10 +66,6 @@ func TestCronJobSuccess(t *testing.T) {
 	}
 
 	assert.Equal(t, len(analysisResults), 0)
-	assert.Equal(t, analysisResults[0].Name, "example-cronjob")
-	assert.Equal(t, analysisResults[0].Kind, "CronJob")
-	assert.Equal(t, analysisResults[0].Error, "CronJob 'example-cronjob' has an annotation 'analysisDate', indicating it may need to be reviewed.")
-
 }
 
 func TestCronJobBroken(t *testing.T) {

pkg/analyzer/deployment.go

@@ -16,31 +16,40 @@ type DeploymentAnalyzer struct {
 // Analyze scans all namespaces for Deployments with misconfigurations
 func (d DeploymentAnalyzer) Analyze(a common.Analyzer) ([]common.Result, error) {
 
-	var results []common.Result
 	deployments, err := a.Client.GetClient().AppsV1().Deployments("").List(context.Background(), v1.ListOptions{})
 	if err != nil {
 		return nil, err
 	}
+	var preAnalysis = map[string]common.PreAnalysis{}
 
 	for _, deployment := range deployments.Items {
+		var failures []common.Failure
 		if *deployment.Spec.Replicas != deployment.Status.Replicas {
-			failureDetails := []common.Failure{
+			failures = append(failures, common.Failure{
-				{
+				Text: fmt.Sprintf("Deployment %s/%s has %d replicas but %d are available", deployment.Namespace, deployment.Name, *deployment.Spec.Replicas, deployment.Status.Replicas),
-					Text:      fmt.Sprintf("Deployment %s has a mismatch between the desired and actual replicas", deployment.Name),
+				Sensitive: []common.Sensitive{
-					Sensitive: []common.Sensitive{},
+					{},
 				},
-			}
+			})
-
-			result := common.Result{
-				Kind:         "Deployment",
-				Name:         fmt.Sprintf("%s/%s", deployment.Namespace, deployment.Name),
-				Error:        failureDetails,
-				ParentObject: "",
-			}
-
-			results = append(results, result)
 		}
+		if len(failures) > 0 {
+			preAnalysis[fmt.Sprintf("%s/%s", deployment.Namespace, deployment.Name)] = common.PreAnalysis{
+				FailureDetails: failures,
+				Deployment:     deployment,
+			}
+		}
+
 	}
 
-	return results, nil
+	for key, value := range preAnalysis {
+		var currentAnalysis = common.Result{
+			Kind:  "Deployment",
+			Name:  key,
+			Error: value.FailureDetails,
+		}
+
+		a.Results = append(a.Results, currentAnalysis)
+	}
+
+	return a.Results, nil
 }

pkg/analyzer/deployment_test.go

@@ -59,6 +59,4 @@ func TestDeploymentAnalyzer(t *testing.T) {
 	assert.Equal(t, len(analysisResults), 1)
 	assert.Equal(t, analysisResults[0].Kind, "Deployment")
 	assert.Equal(t, analysisResults[0].Name, "default/example")
-	assert.Equal(t, len(analysisResults[0].Error), 1)
-	assert.Equal(t, analysisResults[0].Error[0].Text, "Deployment example has a mismatch between the desired and actual replicas")
 }

pkg/analyzer/netpol.go

@@ -21,16 +21,13 @@ func (NetworkPolicyAnalyzer) Analyze(a common.Analyzer) ([]common.Result, error)
 	var preAnalysis = map[string]common.PreAnalysis{}
 
 	for _, policy := range policies.Items {
+		var failures []common.Failure
+
 		// Check if policy allows traffic to all pods in the namespace
 		if len(policy.Spec.PodSelector.MatchLabels) == 0 {
-			preAnalysis[fmt.Sprintf("%s/%s", policy.Namespace, policy.Name)] = common.PreAnalysis{
+			failures = append(failures, common.Failure{
-				NetworkPolicy: policy,
+				Text: fmt.Sprintf("Network policy allows traffic to all pods in the namespace: %s", policy.Name),
-				FailureDetails: []common.Failure{
+			})
-					{
-						Text: fmt.Sprintf("Network policy allows traffic to all pods in the namespace: %s", policy.Name),
-					},
-				},
-			}
 			continue
 		}
 		// Check if policy is not applied to any pods
@@ -39,19 +36,19 @@ func (NetworkPolicyAnalyzer) Analyze(a common.Analyzer) ([]common.Result, error)
 			return nil, err
 		}
 		if len(podList.Items) == 0 {
-			preAnalysis[fmt.Sprintf("%s/%s", policy.Namespace, policy.Name)] = common.PreAnalysis{
+			failures = append(failures, common.Failure{
-				NetworkPolicy: policy,
+				Text: fmt.Sprintf("Network policy is not applied to any pods: %s", policy.Name),
-				FailureDetails: []common.Failure{
+			})
-					{
+		}
-						Text: fmt.Sprintf("Network policy is not applied to any pods: %s", policy.Name),
+
-					},
+		if len(failures) > 0 {
-				},
+			preAnalysis[policy.Name] = common.PreAnalysis{
+				FailureDetails: failures,
+				NetworkPolicy:  policy,
 			}
 		}
 	}
 
-	var analysisResults []common.Result
-
 	for key, value := range preAnalysis {
 		currentAnalysis := common.Result{
 			Kind:         "NetworkPolicy",
@@ -59,8 +56,8 @@ func (NetworkPolicyAnalyzer) Analyze(a common.Analyzer) ([]common.Result, error)
 			Error:        value.FailureDetails,
 			ParentObject: "",
 		}
-		analysisResults = append(analysisResults, currentAnalysis)
+		a.Results = append(a.Results, currentAnalysis)
 	}
 
-	return analysisResults, nil
+	return a.Results, nil
 }

pkg/common/types.go

@@ -29,6 +29,7 @@ type Analyzer struct {
 type PreAnalysis struct {
 	Pod                      v1.Pod
 	FailureDetails           []Failure
+	Deployment               appsv1.Deployment
 	ReplicaSet               appsv1.ReplicaSet
 	PersistentVolumeClaim    v1.PersistentVolumeClaim
 	Endpoint                 v1.Endpoints