From b09c0d7e18410b7cfbeac7b1f8826c01b826322b Mon Sep 17 00:00:00 2001
From: hasheddan <georgedanielmangum@gmail.com>
Date: Sat, 1 Aug 2020 08:10:43 -0500
Subject: [PATCH] Add dependencycheck tool to check for dependency cyles in
 vendored pkgs

dependencycheck verifies that no violating depdendencies exist in pkgs
passed via a JSON file generated from go list.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
---
 cmd/BUILD                              |   1 +
 cmd/dependencycheck/BUILD              |  28 ++++++
 cmd/dependencycheck/OWNERS             |   8 ++
 cmd/dependencycheck/dependencycheck.go | 115 +++++++++++++++++++++++++
 4 files changed, 152 insertions(+)
 create mode 100644 cmd/dependencycheck/BUILD
 create mode 100644 cmd/dependencycheck/OWNERS
 create mode 100644 cmd/dependencycheck/dependencycheck.go

diff --git a/cmd/BUILD b/cmd/BUILD
index 5f243e13d75..0be81447fa0 100644
--- a/cmd/BUILD
+++ b/cmd/BUILD
@@ -14,6 +14,7 @@ filegroup(
         "//cmd/clicheck:all-srcs",
         "//cmd/cloud-controller-manager:all-srcs",
         "//cmd/controller-manager/app:all-srcs",
+        "//cmd/dependencycheck:all-srcs",
         "//cmd/gendocs:all-srcs",
         "//cmd/genkubedocs:all-srcs",
         "//cmd/genman:all-srcs",
diff --git a/cmd/dependencycheck/BUILD b/cmd/dependencycheck/BUILD
new file mode 100644
index 00000000000..c80b7cf0dba
--- /dev/null
+++ b/cmd/dependencycheck/BUILD
@@ -0,0 +1,28 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["dependencycheck.go"],
+    importpath = "k8s.io/kubernetes/cmd/dependencycheck",
+    visibility = ["//visibility:private"],
+)
+
+go_binary(
+    name = "vendorcycle",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
diff --git a/cmd/dependencycheck/OWNERS b/cmd/dependencycheck/OWNERS
new file mode 100644
index 00000000000..22de439b4ed
--- /dev/null
+++ b/cmd/dependencycheck/OWNERS
@@ -0,0 +1,8 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+  - hasheddan
+approvers:
+  - bentheelder
+  - hasheddan
+  - liggitt
diff --git a/cmd/dependencycheck/dependencycheck.go b/cmd/dependencycheck/dependencycheck.go
new file mode 100644
index 00000000000..693d87b55de
--- /dev/null
+++ b/cmd/dependencycheck/dependencycheck.go
@@ -0,0 +1,115 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Checks for restricted dependencies in go packages. Does not check transitive
+// dependencies implicitly, so they must be supplied in dependencies file if
+// they are to be evaluated.
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"regexp"
+)
+
+var (
+	exclude  = flag.String("exclude", "", "skip packages regex pattern (e.g. '^k8s.io/kubernetes/')")
+	restrict = flag.String("restrict", "", "restricted dependencies regex pattern (e.g. '^k8s.io/(apimachinery|client-go)/')")
+)
+
+type goPackage struct {
+	Name         string
+	ImportPath   string
+	Imports      []string
+	TestImports  []string
+	XTestImports []string
+}
+
+func main() {
+	flag.Parse()
+
+	args := flag.Args()
+
+	if len(args) != 1 {
+		log.Fatalf("usage: dependencycheck <json-dep-file> (e.g. 'go list -mod=vendor -test -deps -json ./vendor/...')")
+	}
+	if *restrict == "" {
+		log.Fatalf("Must specify restricted regex pattern")
+	}
+	depsPattern, err := regexp.Compile(*restrict)
+	if err != nil {
+		log.Fatalf("Error compiling restricted dependencies regex: %v", err)
+	}
+	var excludePattern *regexp.Regexp
+	if *exclude != "" {
+		excludePattern, err = regexp.Compile(*exclude)
+		if err != nil {
+			log.Fatalf("Error compiling excluded package regex: %v", err)
+		}
+	}
+	b, err := ioutil.ReadFile(args[0])
+	if err != nil {
+		log.Fatalf("Error reading dependencies file: %v", err)
+	}
+
+	packages := []goPackage{}
+	decoder := json.NewDecoder(bytes.NewBuffer(b))
+	for {
+		pkg := goPackage{}
+		if err := decoder.Decode(&pkg); err != nil {
+			if err == io.EOF {
+				break
+			}
+			log.Fatalf("Error unmarshaling dependencies file: %v", err)
+		}
+		packages = append(packages, pkg)
+	}
+
+	violations := map[string][]string{}
+	for _, p := range packages {
+		if excludePattern != nil && excludePattern.MatchString(p.ImportPath) {
+			continue
+		}
+		importViolations := []string{}
+		allImports := []string{}
+		allImports = append(allImports, p.Imports...)
+		allImports = append(allImports, p.TestImports...)
+		allImports = append(allImports, p.XTestImports...)
+		for _, i := range allImports {
+			if depsPattern.MatchString(i) {
+				importViolations = append(importViolations, i)
+			}
+		}
+		if len(importViolations) > 0 {
+			violations[p.ImportPath] = importViolations
+		}
+	}
+
+	if len(violations) > 0 {
+		for k, v := range violations {
+			fmt.Printf("Found dependency violations in package %s:\n", k)
+			for _, a := range v {
+				fmt.Println("--> " + a)
+			}
+		}
+		log.Fatal("Found restricted dependency violations in packages")
+	}
+}