update prompt message and diags

README.md

@@ -3,7 +3,7 @@
 Kubeye aims to find various problems on Kubernetes, such as application misconfiguration, cluster components unhealthy and node problems(using [Node-Problem-Detector](https://github.com/kubernetes/node-problem-detector)). Besides predefined rules, it also supports custom defined rules.
 
 ## How to use
--  Install kubeye on your machine 
+-  Install Kubeye on your machine 
     - Download pre built executables from [Releases](https://github.com/kubesphere/kubeye/releases).
     
     - Or you can build from source code
@@ -17,11 +17,11 @@ Kubeye aims to find various problems on Kubernetes, such as application misconfi
 > Note: This line will install npd on your cluster, only required if you want detailed report.
 
 ```shell script
-ke install npd --kubeconfig ~/.kube/config
+ke install npd
 ```
 - Run kubeye
 ```shell
-root@node1:# ke fault --kubeconfig ~/.kube/config
+root@node1:# ke diags
 NODENAME   SEVERITY   HEARTBEATTIME               REASON              MESSAGE
 node18     Fatal     2020-11-19T10:32:03+08:00   NodeStatusUnknown   Kubelet stopped posting node status.
 node19     Fatal     2020-11-19T10:31:37+08:00   NodeStatusUnknown   Kubelet stopped posting node status.
@@ -119,7 +119,7 @@ kube-system     Warning      coredns                   Deployment   2020-11-27T1
 
 ### Add custom npd rule
 
-- Install NPD with `ke install npd --kubeconfig ~/.kube/config`
+- Install NPD with `ke install npd`
 - Edit configmap kube-system/node-problem-detector-config with kubectl, 
 ```
  kubectl edit cm -n kube-system node-problem-detector-config

checks/cpuLimitsMissing.yaml

@@ -1,5 +1,5 @@
-successMessage: CPU limits are set
-failureMessage: CPU limits should be set
+#successMessage: CPU limits are set
+promptMessage: CPU limits should be set
 category: Resources
 target: Container
 containers:

checks/cpuRequestsMissing.yaml

@@ -1,5 +1,5 @@
-successMessage: CPU requests are set
-failureMessage: CPU requests should be set
+#successMessage: CPU requests are set
+promptMessage: CPU requests should be set
 category: Resources
 target: Container
 containers:

checks/dangerousCapabilities.yaml

@@ -1,5 +1,5 @@
-successMessage: Container does not have any dangerous capabilities
-failureMessage: Container should not have dangerous capabilities
+#successMessage: Container does not have any dangerous capabilities
+promptMessage: Container should not have dangerous capabilities
 category: Security
 target: Container
 schema:

checks/hostIPCSet.yaml

@@ -1,5 +1,5 @@
-successMessage: Host IPC is not configured
-failureMessage: Host IPC should not be configured
+#successMessage: Host IPC is not configured
+promptMessage: Host IPC should not be configured
 category: Security
 target: Pod
 schema:

checks/hostNetworkSet.yaml

@@ -1,5 +1,5 @@
-successMessage: Host network is not configured
-failureMessage: Host network should not be configured
+#successMessage: Host network is not configured
+promptMessage: Host network should not be configured
 category: Networking
 target: Pod
 schema:

checks/hostPIDSet.yaml

@@ -1,5 +1,5 @@
-successMessage: Host PID is not configured
-failureMessage: Host PID should not be configured
+#successMessage: Host PID is not configured
+promptMessage: Host PID should not be configured
 category: Security
 target: Pod
 schema:

checks/hostPortSet.yaml

@@ -1,5 +1,5 @@
-successMessage: Host port is not configured
-failureMessage: Host port should not be configured
+#successMessage: Host port is not configured
+promptMessage: Host port should not be configured
 category: Networking
 target: Container
 schema:

checks/insecureCapabilities.yaml

@@ -1,5 +1,5 @@
-successMessage: Container does not have any insecure capabilities
-failureMessage: Container should not have insecure capabilities
+#successMessage: Container does not have any insecure capabilities
+promptMessage: Container should not have insecure capabilities
 category: Security
 target: Container
 schema:

checks/livenessProbeMissing.yaml

@@ -1,5 +1,5 @@
-successMessage: Liveness probe is configured
-failureMessage: Liveness probe should be configured
+#successMessage: Liveness probe is configured
+promptMessage: Liveness probe should be configured
 category: Health Checks
 controllers:
   exclude:

checks/memoryLimitsMissing.yaml

@@ -1,5 +1,5 @@
-successMessage: Memory limits are set
-failureMessage: Memory limits should be set
+#successMessage: Memory limits are set
+promptMessage: Memory limits should be set
 category: Resources
 target: Container
 containers:

checks/memoryRequestsMissing.yaml

@@ -1,5 +1,5 @@
-successMessage: Memory requests are set
-failureMessage: Memory requests should be set
+#successMessage: Memory requests are set
+promptMessage: Memory requests should be set
 category: Resources
 target: Container
 containers:

checks/notReadOnlyRootFilesystem.yaml

@@ -1,5 +1,5 @@
-successMessage: Filesystem is read only
-failureMessage: Filesystem should be read only
+#successMessage: Filesystem is read only
+promptMessage: Filesystem should be read only
 category: Security
 target: Container
 schema:

checks/priorityClassNotSet.yaml

@@ -1,5 +1,5 @@
-successMessage: Priority class has been set
-failureMessage: Priority class should be set
+#successMessage: Priority class has been set
+promptMessage: Priority class should be set
 category: Security
 target: Pod
 schema:

checks/privilegeEscalationAllowed.yaml

@@ -1,5 +1,5 @@
-successMessage: Privilege escalation not allowed
-failureMessage: Privilege escalation should not be allowed
+#successMessage: Privilege escalation not allowed
+promptMessage: Privilege escalation should not be allowed
 category: Security
 target: Container
 schema:

checks/pullPolicyNotAlways.yaml

@@ -1,5 +1,5 @@
-successMessage: Image pull policy is "Always"
-failureMessage: Image pull policy should be "Always"
+#successMessage: Image pull policy is "Always"
+promptMessage: Image pull policy should be "Always"
 category: Images
 target: Container
 schema:

checks/readinessProbeMissing.yaml

@@ -1,5 +1,5 @@
-successMessage: Readiness probe is configured
-failureMessage: Readiness probe should be configured
+#successMessage: Readiness probe is configured
+promptMessage: Readiness probe should be configured
 category: Health Checks
 controllers:
   exclude:

checks/runAsPrivileged.yaml

@@ -1,5 +1,5 @@
-successMessage: Not running as privileged
-failureMessage: Should not be running as privileged
+#successMessage: Not running as privileged
+promptMessage: Should not be running as privileged
 category: Security
 target: Container
 schema:

checks/runAsRootAllowed.yaml

@@ -1,5 +1,5 @@
-successMessage: Is not allowed to run as root
-failureMessage: Should not be allowed to run as root
+#successMessage: Is not allowed to run as root
+promptMessage: Should not be allowed to run as root
 category: Security
 target: Container
 schemaTarget: Pod

checks/tagNotSpecified.yaml

@@ -1,5 +1,5 @@
-successMessage: Image tag is specified
-failureMessage: Image tag should be specified
+#successMessage: Image tag is specified
+promptMessage: Image tag should be specified
 category: Images
 target: Container
 schema:

cmd/audit.go

@@ -25,8 +25,8 @@ import (
 var config string
 
 var auditCmd = &cobra.Command{
-	Use:   "fault",
-	Short: "fault the result",
+	Use:   "diags",
+	Short: "diagnostic information from the cluster",
 	Run: func(cmd *cobra.Command, args []string) {
 		err := validator.Cluster(config, cmd.Context())
 		if err != nil {

examples/tmp/rule.yaml

@@ -13,8 +13,7 @@ checks:
 
 customChecks:
   imageFromUnauthorizedRegistry:
-    successMessage: Image comes from allowed registries
-    failureMessage: Image should not be from disallowed registry
+    promptMessage: Image should not be from disallowed registry
     category: Images
     target: Container
     schema:

pkg/config/schema.go

@@ -32,8 +32,8 @@ const (
 type SchemaCheck struct {
 	ID       string `yaml:"id"`
 	Category string `yaml:"category"`
-	SuccessMessage string                `yaml:"successMessage"`
-	FailureMessage string                `yaml:"failureMessage"`
+	//SuccessMessage string                `yaml:"successMessage"`
+	PromptMessage string                `yaml:"promptMessage"`
 	Containers    includeExcludeList    `yaml:"containers"`
 	Target        TargetKind            `yaml:"target"`
 	SchemaTarget  TargetKind            `yaml:"schemaTarget"`

pkg/validator/container_test.go

@@ -54,7 +54,7 @@ func (rs ResultSet) GetWarnings() []ResultMessage {
 var resourceConfMinimal = `---
 checks:
   cpuLimitsMissing: warning
-  livenessProbeMissing: warning
+ 
 `
 
 func getEmptyWorkload(t *testing.T, name string) kube.GenericWorkload {
@@ -307,7 +307,7 @@ func TestValidateNetworking(t *testing.T) {
 			container:   emptyContainer,
 			expectedResults: []ResultMessage{{
 				ID:       "hostPortSet",
-				Message:  "Host port is not configured",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Networking",
@@ -319,7 +319,7 @@ func TestValidateNetworking(t *testing.T) {
 			container:   emptyContainer,
 			expectedResults: []ResultMessage{{
 				ID:       "hostPortSet",
-				Message:  "Host port is not configured",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Networking",
@@ -349,7 +349,7 @@ func TestValidateNetworking(t *testing.T) {
 			container:   goodContainer,
 			expectedResults: []ResultMessage{{
 				ID:       "hostPortSet",
-				Message:  "Host port is not configured",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Networking",
@@ -460,25 +460,25 @@ func TestValidateSecurity(t *testing.T) {
 				Category: "Security",
 			}, {
 				ID:       "runAsPrivileged",
-				Message:  "Not running as privileged",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
 			}, {
 				ID:       "privilegeEscalationAllowed",
-				Message:  "Privilege escalation not allowed",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
 			}, {
 				ID:       "insecureCapabilities",
-				Message:  "Container does not have any insecure capabilities",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
 			}, {
 				ID:       "dangerousCapabilities",
-				Message:  "Container does not have any dangerous capabilities",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
@@ -620,37 +620,37 @@ func TestValidateSecurity(t *testing.T) {
 			pod:          emptyPodSpec,
 			expectedResults: []ResultMessage{{
 				ID:       "runAsRootAllowed",
-				Message:  "Is not allowed to run as root",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
 			}, {
 				ID:       "notReadOnlyRootFilesystem",
-				Message:  "Filesystem is read only",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
 			}, {
 				ID:       "runAsPrivileged",
-				Message:  "Not running as privileged",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
 			}, {
 				ID:       "privilegeEscalationAllowed",
-				Message:  "Privilege escalation not allowed",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
 			}, {
 				ID:       "dangerousCapabilities",
-				Message:  "Container does not have any dangerous capabilities",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
 			}, {
 				ID:       "insecureCapabilities",
-				Message:  "Container does not have any insecure capabilities",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
@@ -748,7 +748,7 @@ func TestValidateRunAsRoot(t *testing.T) {
 			pod:       badPod,
 			message: ResultMessage{
 				ID:       "runAsRootAllowed",
-				Message:  "Is not allowed to run as root",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
@@ -760,7 +760,7 @@ func TestValidateRunAsRoot(t *testing.T) {
 			pod:       emptyPod,
 			message: ResultMessage{
 				ID:       "runAsRootAllowed",
-				Message:  "Is not allowed to run as root",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",
@@ -772,7 +772,7 @@ func TestValidateRunAsRoot(t *testing.T) {
 			pod:       runAsUserPod,
 			message: ResultMessage{
 				ID:       "runAsRootAllowed",
-				Message:  "Is not allowed to run as root",
+				Message:  "success",
 				Success:  true,
 				Severity: "warning",
 				Category: "Security",

pkg/validator/schema.go

@@ -58,7 +58,7 @@ var (
 )
 
 func init() {
-	schemaBox = packr.New("Schemas", "../../checks")
+	schemaBox = packr.New("Schema", "../../checks")
 	for _, checkID := range checkOrder {
 		contents, err := schemaBox.Find(checkID + ".yaml")
 		if err != nil {
@@ -132,9 +132,9 @@ func makeResult(conf *config.Configuration, check *config.SchemaCheck, passes bo
 		Success:  passes,
 	}
 	if passes {
-		result.Message = check.SuccessMessage
+		result.Message = "success"
 	} else {
-		result.Message = check.FailureMessage
+		result.Message = check.PromptMessage
 	}
 	return result
 }