feat: resources mgmt check

cmd/checkLocal.go

@@ -42,6 +42,7 @@ var releaseGuidelines = []tractusx.QualityGuideline{
 	container.NewAllowedBaseImage("./"),
 	repo.NewRepoStructureExists("./"),
 	helm.NewHelmStructureExists("./"),
+	helm.NewResourceMgmt("./"),
 }
 
 // checkLocalCmd represents the checkLocal command

go.mod

@@ -8,25 +8,70 @@ require (
 	github.com/google/go-github/v50 v50.2.0
 	github.com/spf13/cobra v1.7.0
 	gopkg.in/yaml.v3 v3.0.1
+	helm.sh/helm/v3 v3.12.2
+	k8s.io/api v0.27.4
+	k8s.io/client-go v0.27.4
 )
 
 require (
+	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver/v3 v3.2.1 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230710112148-e01326fd72eb // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.1 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/huandu/xstrings v1.4.0 // indirect
+	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/kr/text v0.2.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/shopspring/decimal v1.3.1 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/testify v1.7.0 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	golang.org/x/crypto v0.11.0 // indirect
 	golang.org/x/net v0.12.0 // indirect
 	golang.org/x/oauth2 v0.10.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/term v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/apiextensions-apiserver v0.27.2 // indirect
+	k8s.io/apimachinery v0.27.4 // indirect
+	k8s.io/klog/v2 v2.90.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
+	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
 )

pkg/helm/helmchart_structure_exists.go

@@ -60,22 +60,22 @@ func (r *HelmStructureExists) Test() *tractusx.QualityResult {
 		"values.yaml",
 	}
 
-	mainDir := path.Join(r.baseDir, "charts")
-	if fi, err := os.Stat(mainDir); err != nil || !fi.IsDir() {
+	chartDir := path.Join(r.baseDir, "charts")
+	if fi, err := os.Stat(chartDir); err != nil || !fi.IsDir() {
 		return &tractusx.QualityResult{Passed: true}
 	}
 
-	helmCharts, err := os.ReadDir(mainDir)
+	helmCharts, err := os.ReadDir(chartDir)
 	if err != nil || len(helmCharts) == 0 {
-		return &tractusx.QualityResult{ErrorDescription: fmt.Sprintf("Can't read Helm Charts at %s.", mainDir)}
+		return &tractusx.QualityResult{ErrorDescription: fmt.Sprintf("Can't read Helm Charts at %s.", chartDir)}
 	}
 
 	var missingFiles []string
 	var chartYamlFiles []string
 	for _, hc := range helmCharts {
 		if hc.IsDir() {
 			for _, fname := range helmStructureFiles {
-				fpath := filepath.Join(mainDir, hc.Name(), fname)
+				fpath := filepath.Join(chartDir, hc.Name(), fname)
 				isMissing := filesystem.CheckMissingFiles([]string{fpath})
 				if fname == "Chart.yaml" && isMissing == nil {
 					chartYamlFiles = append(chartYamlFiles, fpath)

pkg/helm/resource_mgmt_check.go

@@ -0,0 +1,153 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ******************************************************************************/
+
+package helm
+
+import (
+	"fmt"
+	"os"
+	"path"
+
+	"github.com/eclipse-tractusx/tractusx-quality-checks/pkg/tractusx"
+	"helm.sh/helm/v3/pkg/chart/loader"
+	"helm.sh/helm/v3/pkg/engine"
+	"k8s.io/api/apps/v1"
+	core "k8s.io/api/core/v1"
+	"k8s.io/client-go/kubernetes/scheme"
+)
+
+type ResourceMgmt struct {
+	baseDir string
+}
+
+func NewResourceMgmt(baseDir string) tractusx.QualityGuideline {
+	return &ResourceMgmt{baseDir}
+}
+
+func (r *ResourceMgmt) Name() string {
+	return "TRG 5.04 - Resources Management"
+}
+
+func (r *ResourceMgmt) Description() string {
+	return "The helm chart must contain app specific sane default CPU and Memory settings."
+}
+
+func (r *ResourceMgmt) ExternalDescription() string {
+	return "https://eclipse-tractusx.github.io/docs/release/trg-5/trg-5-04"
+}
+
+func (r *ResourceMgmt) IsOptional() bool {
+	return false
+}
+
+func (r *ResourceMgmt) Test() *tractusx.QualityResult {
+	chartDir := path.Join(r.baseDir, "charts")
+	if fi, err := os.Stat(chartDir); err != nil || !fi.IsDir() {
+		return &tractusx.QualityResult{Passed: true}
+	}
+
+	helmCharts, err := os.ReadDir(chartDir)
+	if err != nil || len(helmCharts) == 0 {
+		return &tractusx.QualityResult{ErrorDescription: fmt.Sprintf("Can't read Helm Charts at %s.", chartDir)}
+	}
+
+	var errorDescription string
+	for _, helmchart := range helmCharts {
+		if !helmchart.IsDir() {
+			continue
+		}
+
+		renderedChartManifests, errDesc := renderChart(path.Join(chartDir, helmchart.Name()))
+		if renderedChartManifests == nil {
+			errorDescription += errDesc
+			continue
+		}
+
+		for manifestName, manifestContent := range renderedChartManifests {
+			isValid, errMsg := validateResourceSetting(manifestContent)
+			if !isValid {
+				errorDescription += fmt.Sprintf("\n\t[%s]: %s", manifestName, errMsg)
+				continue
+			}
+		}
+	}
+
+	if errorDescription != "" {
+		return &tractusx.QualityResult{ErrorDescription: errorDescription}
+	}
+	return &tractusx.QualityResult{Passed: true}
+}
+
+func validateResourceSetting(k8sManifest string) (bool, string) {
+	var containers []core.Container
+
+	decode := scheme.Codecs.UniversalDeserializer().Decode
+	obj, groupVersionKind, err := decode([]byte(k8sManifest), nil, nil)
+
+	if err != nil {
+		return true, ""
+	}
+
+	switch groupVersionKind.Kind {
+	case "Deployment":
+		containers = obj.(*v1.Deployment).Spec.Template.Spec.Containers
+	case "StatefulSet":
+		containers = obj.(*v1.StatefulSet).Spec.Template.Spec.Containers
+	}
+
+	for _, c := range containers {
+		if c.Resources.Requests == nil {
+			return false, "No resources requests found in the manifest."
+		}
+		if c.Resources.Requests.Cpu().IsZero() || c.Resources.Requests.Memory().IsZero() {
+			return false, "CPU or Memory not defined in resources Requests."
+		}
+		if c.Resources.Limits == nil {
+			return false, "No resources limits found in the manifest."
+		}
+		if c.Resources.Limits.Cpu().IsZero() || c.Resources.Limits.Memory().IsZero() {
+			return false, "CPU or Memory not defined in resources Limits."
+		}
+		if c.Resources.Requests.Cpu().MilliValue() == c.Resources.Limits.Cpu().MilliValue() {
+			return false, "Requested CPU can't be the same as Limit CPU. Limit should be 2-3 times higher."
+		}
+		if c.Resources.Requests.Memory().MilliValue() != c.Resources.Limits.Memory().MilliValue() {
+			return false, "Requested Memory size must be equal to Limit Memory size."
+		}
+	}
+	return true, ""
+}
+
+func renderChart(chartPath string) (map[string]string, string) {
+	loadedChart, err := loader.Load(chartPath)
+	if err != nil {
+		return nil, fmt.Sprintf("\n\tCan't read %s helm chart.", chartPath)
+	}
+
+	finalValues := map[string]interface{}{
+		"Values":  loadedChart.Values,
+		"Release": map[string]string{"Namespace": "tractusx-check"},
+	}
+
+	renderedChart, err := engine.Render(loadedChart, finalValues)
+	if err != nil {
+		return nil, fmt.Sprintf("\n\tUnable to render helm chart %s.", chartPath)
+	}
+	return renderedChart, ""
+}

pkg/helm/resource_mgmt_check_test.go

@@ -0,0 +1,89 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ******************************************************************************/
+
+package helm
+
+import (
+	"os"
+	"path"
+	"testing"
+)
+
+func TestShouldPassIfDeploymentResourcesRequestsFound(t *testing.T) {
+	dir := t.TempDir()
+	setupK8SObject(dir, "deployment.yaml", "values.yaml", t)
+
+	result := NewResourceMgmt(dir).Test()
+	if !result.Passed {
+		t.Errorf("Test should pass, the deployment manifest contains Resources Requests.")
+	}
+}
+
+func TestShouldFailIfStatefulSetResourcesLimitsNotFound(t *testing.T) {
+	dir := t.TempDir()
+	setupK8SObject(dir, "statefulset.yaml", "values.yaml", t)
+
+	result := NewResourceMgmt(dir).Test()
+	if result.Passed {
+		t.Errorf("Test should pass, the statefulset manifest doesn't contain Resources Limits.")
+	}
+}
+
+func TestShouldFailIfCPURequestIsEqualCPULimitsAtDepl(t *testing.T) {
+	dir := t.TempDir()
+	setupK8SObject(dir, "deployment.yaml", "values-depequalcpu.yaml", t)
+
+	result := NewResourceMgmt(dir).Test()
+	if result.Passed {
+		t.Errorf("Test should pass, CPU at Resources Requests is equal CPU at Resources Limits.")
+	}
+}
+
+func TestShouldFailIfMemRequestIsNotEqualMemLimitsAtSTS(t *testing.T) {
+	dir := t.TempDir()
+	setupK8SObject(dir, "statefulset.yaml", "values-stsdiffmem.yaml", t)
+
+	result := NewResourceMgmt(dir).Test()
+	if result.Passed {
+		t.Errorf("Test should pass, Mem at Resources Requests is not equal Mem at Resources Limits.")
+	}
+}
+
+func copyFile(dest string, source string, t *testing.T) {
+	templateFile, err := os.ReadFile(source)
+	if err != nil {
+		t.Errorf("Could not read source file: %s necessary for this test.", source)
+	}
+	err = os.WriteFile(dest, templateFile, 0770)
+	if err != nil {
+		t.Errorf("Could not copy template file to designated path.")
+	}
+}
+
+func setupChartBasics(dir string, values string, t *testing.T) {
+	testchartPath := path.Join("test", "charts", "testchart")
+	os.MkdirAll(path.Join(dir, "charts", "testchart", "templates"), 0770)
+	copyFile(path.Join(dir, "charts", "testchart", "values.yaml"), path.Join(testchartPath, values), t)
+	copyFile(path.Join(dir, "charts", "testchart", "Chart.yaml"), path.Join(testchartPath, "Chart.yaml"), t)
+}
+
+func setupK8SObject(dir string, manifest string, values string, t *testing.T) {
+	setupChartBasics(dir, values, t)
+	copyFile(path.Join(dir, "charts", "testchart", "templates", manifest), path.Join("test", "charts", "testchart", "templates", manifest), t)
+}

pkg/helm/test/charts/testchart/Chart.yaml

@@ -0,0 +1,32 @@
+# *******************************************************************************
+#   Copyright (c) 2023 Contributors to the Eclipse Foundation
+#  
+#   See the NOTICE file(s) distributed with this work for additional
+#   information regarding copyright ownership.
+#  
+#   This program and the accompanying materials are made available under the
+#   terms of the Apache License, Version 2.0 which is available at
+#   https://www.apache.org/licenses/LICENSE-2.0.
+#  
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#  
+#   SPDX-License-Identifier: Apache-2.0
+#  ******************************************************************************
+
+apiVersion: v2
+name: testchart
+description: Helm chart for test.
+
+type: application
+
+sources:
+  - https://fakeurl.com
+
+version: 1.2.3
+
+appVersion: "1.2.3"
+