diff --git a/README.md b/README.md index 4f1912c43..7aad74be7 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Codacy Badge](https://api.codacy.com/project/badge/Grade/5d3a1caf80454c55bfa4fa4f6b1b9a9f)](https://www.codacy.com/app/chandan.kumar/chaos-operator?utm_source=github.com&utm_medium=referral&utm_content=litmuschaos/chaos-operator&utm_campaign=Badge_Grade) [![Go Report Card](https://goreportcard.com/badge/github.com/litmuschaos/chaos-operator)](https://goreportcard.com/report/github.com/litmuschaos/chaos-operator) -[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2757/badge)](https://bestpractices.coreinfrastructure.org/projects/2757) +[![BCH compliance](https://bettercodehub.com/edge/badge/litmuschaos/chaos-operator?branch=master)](https://bettercodehub.com/) Litmus chaos operator is used by Kubernetes application developers and SREs to inject chaos into the applications and Kubernetes infrastructure in a managed fashion. Its objective is to make the process of validation and diff --git a/deploy/chaos_crds.yaml b/deploy/chaos_crds.yaml index 01f019238..8fa9a9470 100644 --- a/deploy/chaos_crds.yaml +++ b/deploy/chaos_crds.yaml @@ -29,6 +29,68 @@ spec: type: object spec: type: object + properties: + monitoring: + type: boolean + jobCleanUpPolicy: + type: string + pattern: ^(delete|retain)$ + # alternate ways to do this in case of complex pattern matches + #oneOf: + # - pattern: '^delete$' + # - pattern: '^retain$' + chaosType: + type: string + pattern: ^(app|infra)$ + appinfo: + type: object + properties: + appkind: + type: string + pattern: ^(deployment|statefulset|daemonset)$ + applabel: + type: string + appns: + type: string + auxiliaryAppInfo: + type: string + chaosServiceAccount: + type: string + components: + type: object + properties: + monitor: + type: object + properties: + image: + type: string + runner: + type: object + properties: + image: + type: string + type: + type: string + pattern: ^(go|ansible)$ + experiments: + type: array + items: + type: object + properties: + name: + type: string + spec: + type: object + properties: + components: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string status: type: object version: v1alpha1 @@ -68,6 +130,93 @@ spec: type: object spec: type: object + properties: + definition: + type: object + properties: + args: + type: array + items: + type: string + command: + type: array + items: + type: string + env: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + image: + type: string + labels: + type: object + properties: + name: + type: string + scope: + type: string + pattern: ^(Namespaced|Cluster)$ + permissions: + type: array + items: + type: object + minProperties: 3 + required: + - apiGroups + - resources + - verbs + properties: + apiGroups: + type: array + items: + type: string + resources: + type: array + items: + type: string + verbs: + type: array + items: + type: string + resourceNames: + type: array + items: + type: string + nonResourceURLs: + type: array + items: + type: string + configmaps: + type: array + items: + type: object + properties: + name: + type: string + allowEmptyValue: false + minLength: 1 + mountPath: + type: string + allowEmptyValue: false + minLength: 1 + secrets: + type: array + items: + type: object + properties: + name: + type: string + allowEmptyValue: false + minLength: 1 + mountPath: + type: string + allowEmptyValue: false + minLength: 1 status: type: object version: v1alpha1 diff --git a/deploy/crds/chaosengine_crd.yaml b/deploy/crds/chaosengine_crd.yaml index 0839e88cb..bf59cd6bf 100644 --- a/deploy/crds/chaosengine_crd.yaml +++ b/deploy/crds/chaosengine_crd.yaml @@ -38,6 +38,9 @@ spec: #oneOf: # - pattern: '^delete$' # - pattern: '^retain$' + chaosType: + type: string + pattern: ^(app|infra)$ appinfo: type: object properties: @@ -48,6 +51,8 @@ spec: type: string appns: type: string + auxiliaryAppInfo: + type: string chaosServiceAccount: type: string components: diff --git a/deploy/crds/chaosexperiment_crd.yaml b/deploy/crds/chaosexperiment_crd.yaml index bf348f2ca..c58a9face 100644 --- a/deploy/crds/chaosexperiment_crd.yaml +++ b/deploy/crds/chaosexperiment_crd.yaml @@ -57,6 +57,9 @@ spec: properties: name: type: string + scope: + type: string + pattern: ^(Namespaced|Cluster)$ permissions: type: array items: diff --git a/pkg/apis/litmuschaos/v1alpha1/chaosengine_types.go b/pkg/apis/litmuschaos/v1alpha1/chaosengine_types.go index 688b8314d..7688111e0 100644 --- a/pkg/apis/litmuschaos/v1alpha1/chaosengine_types.go +++ b/pkg/apis/litmuschaos/v1alpha1/chaosengine_types.go @@ -98,7 +98,7 @@ type ExperimentAttributes struct { //Execution priority of the chaos experiment Rank uint32 `json:"rank"` //Environment Varibles to override the default values in chaos-experiments - Components []ExperimentENV `json:"components"` + Components []ExperimentENV `json:"components,omitempty"` } // ExperimentENV varibles to override the default values in chaosexperiment diff --git a/pkg/apis/litmuschaos/v1alpha1/chaosexperiment_types.go b/pkg/apis/litmuschaos/v1alpha1/chaosexperiment_types.go index 0f9fa6e12..ccb161479 100644 --- a/pkg/apis/litmuschaos/v1alpha1/chaosexperiment_types.go +++ b/pkg/apis/litmuschaos/v1alpha1/chaosexperiment_types.go @@ -58,6 +58,8 @@ type ExperimentDef struct { Labels map[string]string `json:"labels"` // Image of the chaos executor Image string `json:"image"` + //Scope specifies the service account scope (& thereby blast radius) of the experiment + Scope string `json:"scope"` // List of Permission needed for a service account to execute experiment Permissions []rbacV1.PolicyRule `json:"permissions"` // List of ENV vars passed to executor pod diff --git a/tests/bdd/bdd_test.go b/tests/bdd/bdd_test.go index 37278fd1d..789fb2b74 100644 --- a/tests/bdd/bdd_test.go +++ b/tests/bdd/bdd_test.go @@ -28,6 +28,7 @@ import ( . "github.com/onsi/gomega" appv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + rbacV1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" scheme "k8s.io/client-go/kubernetes/scheme" @@ -182,6 +183,8 @@ var _ = Describe("BDD on chaos-operator", func() { Spec: v1alpha1.ChaosExperimentSpec{ Definition: v1alpha1.ExperimentDef{ + Permissions: []rbacV1.PolicyRule{}, + Args: []string{"-c", "ansible-playbook ./experiments/chaos/pod_delete/test.yml -i /etc/ansible/hosts -vv; exit 0"}, Command: []string{"/bin/bash"},