search

aws-samples / hardeneks

Runs checks to see if an EKS cluster follows EKS Best Practices.
https://aws-samples.github.io/hardeneks/
MIT No Attribution
862 stars 91 forks source link

JSON Output Overwrites Results for Different Namespaces #51

Open andrewtengson opened 1 year ago

andrewtengson commented 1 year ago

Problem:

The JSON output for namespace-based results overwrites previous entries, leading to loss of data for different namespaces. This occurs because the namespace is not included in the JSON path.

Expected Behavior:

Each namespace-based result should be independently added to the JSON output without overwriting others.

Actual Behavior:

Only the last namespace-based result is retained in the JSON output.

Steps to Reproduce:

  1. Generate a report with multiple namespace-based results.
  2. Observe the JSON output.

Affected Version:

\<=v0.10.4

Text Output:

│ applications │ argo           │ Deploy horizontal pod autoscaler for deployments. │ argo-cd-argocd-applicationset-controller │ Deployment    │ Link       │ 
│ applications │ dynatrace      │ Deploy horizontal pod autoscaler for deployments. │ dynatrace-operator                       │ Deployment    │ Link       │ 
│ applications │ port           │ Deploy horizontal pod autoscaler for deployments. │                                          │ Deployment    │ Link       │

JSON Output:

{
  "namespace_based": {
    "reliability": {
      "applications": {
        {
          "Deploy horizontal pod autoscaler for deployments.": {
            "status": true,
            "resources": [
              ""
            ],
            "resource_type": "Deployment",
            "namespace": "port",
            "resolution": "https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#horizontal-pod-autoscaler-hpa"
          }
        }
      }
    }
  }
}

Proposed Solution:

Include the namespace in the JSON path to ensure unique addressing for each result. The modified code snippet is as follows: https://github.com/aws-samples/hardeneks/blob/b0451e906f095a4247171600bec1e271df587a9f/hardeneks/__init__.py#L100

-        json_blob[rule._type][rule.pillar][rule.section][rule.message] = result
+        if rule._type == "namespace_based":
+            json_blob[rule._type][rule.pillar][rule.section][rule.result.namespace][rule.message] = result
+        else:
+            json_blob[rule._type][rule.pillar][rule.section][rule.message] = result

https://github.com/aws-samples/hardeneks/commit/bc6a1d5f8b0c9c5942cfebb2313513d3b4a7ba92 This change ensures that results for different namespaces are stored under their respective namespace keys, preventing data overwrites.

dorukozturk commented 11 months ago

Apologies for the late response. Thank you very much for creating an issue. I will take a look right after reinvent !