From e506f9df0563958971ae14e09d167ecc7d3093a6 Mon Sep 17 00:00:00 2001 From: Yann Rouillard Date: Mon, 16 Sep 2024 23:01:28 +0200 Subject: [PATCH] feat: add support for forbidding environment variables in gitops files This new check can be enabled by adding: ``` additionalChecks: ["forbiddenEnvironmentVariables"] ``` in the schema definition. --- .../gitops-values-validation.py | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/kp_pre_commit_hooks/gitops-values-validation.py b/kp_pre_commit_hooks/gitops-values-validation.py index 1332e13..078fd17 100755 --- a/kp_pre_commit_hooks/gitops-values-validation.py +++ b/kp_pre_commit_hooks/gitops-values-validation.py @@ -19,7 +19,7 @@ urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) ############################################################################### -# Main code +# Global Parameters ############################################################################### SCHEMA_BASE_URL = "https://kp-helmchart-stable-shared-main.s3.eu-west-1.amazonaws.com/schema/platform-managed-chart" @@ -32,6 +32,15 @@ TWINGATE_DOC_URL = "https://kpler.atlassian.net/wiki/spaces/KSD/pages/243562083/Install+and+configure+the+Twingate+VPN+client" +FORBIDDEN_ENVIRONMENT_VARIABLES = { + "KAFKA_APPLICATION_ID": """KAFKA_APPLICATION_ID is automatically set in your container and should not be overridden. +More info at https://kpler.atlassian.net/l/cp/jb4uJQs3#Use-connection-information-in-environment-variables""", + "KAFKA_BOOTSTRAP_SERVERS": """KAFKA_BOOSTRAP_SERVERS is automatically set in your container and should not be overridden. +More info at https://kpler.atlassian.net/l/cp/jb4uJQs3#Use-connection-information-in-environment-variables""", + "SCHEMA_REGISTRY_URL": """SCHEMA_REGISTRY_URL is automatically set in your container and should not be overridden. +More info at https://kpler.atlassian.net/l/cp/jb4uJQs3#Use-connection-information-in-environment-variables""", +} + ############################################################################### # Generic Helper functions and classes ############################################################################### @@ -360,6 +369,16 @@ def validate_topic_name_compliance(self, value, schema): if match and match["serviceName"] != service_name: yield ValidationError(f"topicName '{value}' it not compliant, it should contain the service name '{service_name}'") + def validate_forbidden_environment_variables(self, value, schema): + if not isinstance(value, dict): + return + for env_variable, forbidden_reason in FORBIDDEN_ENVIRONMENT_VARIABLES.items(): + if env_variable in value: + yield ValidationError( + f"Environment variable `{env_variable}` is not allowed to be manually set", + schema={"description": f"Remove `{env_variable}` from your environment variables.\n{forbidden_reason}"}, + ) + def format_error(error: Union[ValidationError, SchemaValidationError]): if isinstance(error, SchemaValidationError):