Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spinach documentation #293

Closed
howardjones opened this issue Mar 8, 2024 · 4 comments
Closed

Spinach documentation #293

howardjones opened this issue Mar 8, 2024 · 4 comments
Labels
question Further information is requested

Comments

@howardjones
Copy link




Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

I thought it would be simple to exclude some specific alerts, but the combination of incomplete docs and (maybe) out-of-date examples makes creating a spinach.yaml harder than necessary.

Describe the solution you'd like
Actual documentation for the spinach.yaml file. For example:

  • in the spinach/ examples directory, the aks and aws examples use a gvrs key that is not accepted
  • in the README it says you can match fqns which seems to be namespaces (all the examples are matching namespaces, anyway). fqn is also accepted but not mentioned in the docs.

Some kind of debug logging to show if excludes are being hit would also help.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

My simple use-case is:

  • exclude POP-400 for all secrets in a namespace (we use helm-style secrets as a deployment log), as they will never be referenced
  • exclude POP-400 for all secrets named helm.release.* anywhere, as they will never be referenced
popeye:
  excludes:
    linters:
      v1/secrets:
        instances:
          # the deploys namespace contains a load of unreferenced secrets and that's OK
          # all the secrets named sh.helm.release.v1.* are OK too
          - fqns: ["rx:^deploys/"]
            codes: [400]
          - fqns: ["rx:sh.helm.release"]
            codes: [400]

is not the answer though.
@derailed
Copy link
Owner

derailed commented Mar 8, 2024

@howardjones Tx for this issue! Sorry for the confusion. I'll correct the example but I think the docs are correct.
I think you are close. As the docs indicate, you need to use the linter name vs gvr.

popeye:
  excludes:
    linters:
      secrets:
        instances:
          # the deploys namespace contains a load of unreferenced secrets and that's OK
          # all the secrets named sh.helm.release.v1.* are OK too
          - fqns: [rx:^deploys]
            codes: [400]
          - fqns: [rx:sh.helm.release]
            codes: [400]

@derailed derailed added the question Further information is requested label Mar 8, 2024
@howardjones
Copy link
Author

I have two questions then:

  1. is fqns matching just the namespace name? the examples in the README without regexps suggest it is
  2. why doesn't the spinach parser complain if you use a linter name that doesn't exist? It does for anything else...

@derailed
Copy link
Owner

derailed commented Mar 9, 2024

@howardjones Indeed!

I'll add a new example for this. I wanted to show deltas between namespaced and non namespaced resources.
Thus for the namespace linter fqn=n.

Good point regarding linter names, I'll add a check.

@derailed derailed mentioned this issue Mar 9, 2024
Merged
@derailed
Copy link
Owner

derailed commented Mar 9, 2024

Let's see if we're happier on v0.20.0

@derailed derailed closed this as completed Mar 9, 2024
@BrewTestBot BrewTestBot mentioned this issue Mar 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@derailed @howardjones