-
Notifications
You must be signed in to change notification settings - Fork 66
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adding method to see if a given string violates Red Hat Trademark(s) …
…and incorporating into container checks Signed-off-by: Adam D. Cornett <[email protected]>
- Loading branch information
1 parent
2157229
commit ee9611b
Showing
9 changed files
with
219 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
57 changes: 57 additions & 0 deletions
57
internal/policy/container/has_prohibited_container_name.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
package container | ||
|
||
import ( | ||
"context" | ||
"strings" | ||
|
||
"github.com/go-logr/logr" | ||
|
||
"github.com/redhat-openshift-ecosystem/openshift-preflight/internal/check" | ||
"github.com/redhat-openshift-ecosystem/openshift-preflight/internal/image" | ||
"github.com/redhat-openshift-ecosystem/openshift-preflight/internal/log" | ||
) | ||
|
||
var _ check.Check = &HasProhibitedContainerName{} | ||
|
||
type HasProhibitedContainerName struct{} | ||
|
||
func (p HasProhibitedContainerName) Validate(ctx context.Context, imageReference image.ImageReference) (result bool, err error) { | ||
return p.validate(ctx, p.getDataForValidate(imageReference.ImageRepository)) | ||
} | ||
|
||
func (p HasProhibitedContainerName) getDataForValidate(imageRepository string) string { | ||
// splitting on '/' to get container name, at this point we know that | ||
// crane's ParseReference has set ImageReference.imageRepository in a valid format | ||
return strings.Split(imageRepository, "/")[1] | ||
} | ||
|
||
func (p HasProhibitedContainerName) validate(ctx context.Context, containerName string) (bool, error) { | ||
logger := logr.FromContextOrDiscard(ctx) | ||
|
||
if violatesRedHatTrademark(containerName) { | ||
logger.V(log.DBG).Info("container name violate Red Hat trademark", "container-name", containerName) | ||
return false, nil | ||
} | ||
|
||
return true, nil | ||
} | ||
|
||
func (p HasProhibitedContainerName) Name() string { | ||
return "HasProhibitedContainerName" | ||
} | ||
|
||
func (p HasProhibitedContainerName) Metadata() check.Metadata { | ||
return check.Metadata{ | ||
Description: "Checking if the container-name violates Red Hat trademark.", | ||
Level: "good", | ||
KnowledgeBaseURL: certDocumentationURL, | ||
CheckURL: certDocumentationURL, | ||
} | ||
} | ||
|
||
func (p HasProhibitedContainerName) Help() check.HelpText { | ||
return check.HelpText{ | ||
Message: "Check HasProhibitedContainerName encountered an error. Please review the preflight.log file for more information.", | ||
Suggestion: "Update container-name ie (quay.io/repo-name/container-name) to not violate Red Hat trademark.", | ||
} | ||
} |
42 changes: 42 additions & 0 deletions
42
internal/policy/container/has_prohibited_container_name_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
package container | ||
|
||
import ( | ||
"context" | ||
|
||
. "github.com/onsi/ginkgo/v2" | ||
. "github.com/onsi/gomega" | ||
|
||
"github.com/redhat-openshift-ecosystem/openshift-preflight/internal/image" | ||
) | ||
|
||
var _ = Describe("HasProhibitedContainerName", func() { | ||
var ( | ||
hasProhibitedContainerName HasProhibitedContainerName | ||
imageRef image.ImageReference | ||
) | ||
|
||
Describe("Checking for trademark violations", func() { | ||
Context("When a container name does not violate trademark", func() { | ||
BeforeEach(func() { | ||
imageRef.ImageRepository = "opdev/simple-demo-operator" | ||
}) | ||
It("should pass Validate", func() { | ||
ok, err := hasProhibitedContainerName.Validate(context.TODO(), imageRef) | ||
Expect(err).ToNot(HaveOccurred()) | ||
Expect(ok).To(BeTrue()) | ||
}) | ||
}) | ||
Context("When a container name violates trademark", func() { | ||
BeforeEach(func() { | ||
imageRef.ImageRepository = "opdev/red-hat-container" | ||
}) | ||
It("should not pass Validate", func() { | ||
ok, err := hasProhibitedContainerName.Validate(context.TODO(), imageRef) | ||
Expect(err).ToNot(HaveOccurred()) | ||
Expect(ok).To(BeFalse()) | ||
}) | ||
}) | ||
}) | ||
|
||
AssertMetaData(&hasProhibitedContainerName) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package container | ||
|
||
import ( | ||
"regexp" | ||
"strings" | ||
) | ||
|
||
// violatesRedHatTrademark validates if a string meets specific "Red Hat" naming criteria | ||
func violatesRedHatTrademark(s string) bool { | ||
// string starts with Red Hat variant | ||
startingWithRedHat := regexp.MustCompile("^[^a-z0-9]*red[^a-z0-9]*hat").MatchString(strings.ToLower(s)) | ||
|
||
// string contain Red Hat variant (not starting with) | ||
containsRedHat := len(regexp.MustCompile("red[^a-z0-9]*hat").FindAllString(strings.ToLower(s), -1)) | ||
|
||
// string contains "for Red Hat" variant | ||
containsForRedHat := regexp.MustCompile("for[^a-z0-9]*red[^a-z0-9]*hat").MatchString(strings.ToLower(s)) | ||
|
||
// We explicitly fail for this, so we don't need to count it here. | ||
if startingWithRedHat { | ||
containsRedHat -= 1 | ||
} | ||
|
||
// This is acceptable, so we don't count it against the string. | ||
if containsForRedHat { | ||
containsRedHat -= 1 | ||
} | ||
|
||
containsInvalidReference := containsRedHat > 0 | ||
|
||
return startingWithRedHat || containsInvalidReference | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
package container | ||
|
||
import ( | ||
. "github.com/onsi/ginkgo/v2" | ||
. "github.com/onsi/gomega" | ||
) | ||
|
||
var _ = Describe("TrademarkValidator", func() { | ||
DescribeTable("Test all presentations of `Red Hat`", | ||
func(trademarkText string, expected bool) { | ||
result := violatesRedHatTrademark(trademarkText) | ||
Expect(result).To(Equal(expected)) | ||
}, | ||
|
||
Entry("`Red Hat` should violate trademark policy", "Red Hat", true), | ||
Entry("`Something for Red Hat OpenShift` should not violate trademark policy", "Something for Red Hat OpenShift", false), | ||
Entry("`Red-Hat` should violate trademark policy", "Red-Hat", true), | ||
Entry("`Red_Hat` should violate trademark policy", "Red_Hat", true), | ||
Entry("`For-Red-Hat` should not violate trademark policy", "For-Red-Hat", false), | ||
Entry("`For_Red_Hat` should not violate trademark policy", "For_Red_Hat", false), | ||
Entry("`RED HAT ` should violate trademark policy", "RED HAT ", true), | ||
Entry("`redhat` should violate trademark policy", "redhat", true), | ||
Entry("`something by red hat for red hat` should violate trademark policy", "something by red hat for red hat", true), | ||
Entry("`red hat product for red hat` should violate trademark policy", "red hat product for red hat", true), | ||
) | ||
}) |