diff --git a/semgr8s/k8s_api.py b/semgr8s/k8s_api.py index a21d071..e466f1e 100644 --- a/semgr8s/k8s_api.py +++ b/semgr8s/k8s_api.py @@ -28,7 +28,7 @@ def request_kube_api(path: str): try: response = requests.get(url, verify=ca_path, headers=headers, timeout=30) except JSONDecodeError as err: - APP.logger.error("ERROR: Malformed k8s API response or resource yaml: %s", err) + APP.logger.error("Malformed k8s API response or resource yaml: %s", err) return {} response.raise_for_status() diff --git a/semgr8s/updater.py b/semgr8s/updater.py index 4297219..09a5b58 100644 --- a/semgr8s/updater.py +++ b/semgr8s/updater.py @@ -2,21 +2,28 @@ Update cached rules from configmaps. """ -import logging import os from urllib.parse import urlencode from semgr8s.k8s_api import request_kube_api +from semgr8s.app import APP + +RULESPATH = "/app/rules" def update_rules(): """ Request all rule configmaps from kubernetes api and store locally in semgrep format. """ - logging.info("INFO: updateing rule set") + APP.logger.debug("Updating rule set") try: + old_rule_files = [ + file + for file in os.listdir(RULESPATH) + if os.path.isfile(os.path.join(RULESPATH, file)) + ] namespace = os.getenv("NAMESPACE", "default") query = {"labelSelector": "semgr8s/rule"} @@ -28,8 +35,16 @@ def update_rules(): data = list(item.get("data", {}).items()) for datum in data: file, content = datum - with open(f"/app/rules/{file}", "w", encoding="utf-8") as rule_file: + path = os.path.join(RULESPATH, file) + with open(path, "w", encoding="utf-8") as rule_file: rule_file.write(content) - logging.info("INFO: updated %s rule", file) + APP.logger.debug("Updated %s rule", file) + try: + old_rule_files.remove(file) + except ValueError: + pass + for deprecated_rule in old_rule_files: + os.remove(os.path.join(RULESPATH, deprecated_rule)) + APP.logger.info("Deleted %s rule", deprecated_rule) except Exception as err: # pylint: disable=W0718 - logging.error("Error updating rules: %s", err) + APP.logger.error("Updating rules failed unexpectedly: %s", err)