Add dependencycheck tool to check for dependency cyles in vendored pkgs

dependencycheck verifies that no violating depdendencies exist in pkgs passed via a JSON file generated from go list. Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
kubernetes · Aug 1, 2020 · b09c0d7 · b09c0d7
1 parent 607c5da
commit b09c0d7
Show file tree

Hide file tree

Showing 4 changed files with 152 additions and 0 deletions.
diff --git a/cmd/BUILD b/cmd/BUILD
@@ -14,6 +14,7 @@ filegroup(
         "//cmd/clicheck:all-srcs",
         "//cmd/cloud-controller-manager:all-srcs",
         "//cmd/controller-manager/app:all-srcs",
+        "//cmd/dependencycheck:all-srcs",
         "//cmd/gendocs:all-srcs",
         "//cmd/genkubedocs:all-srcs",
         "//cmd/genman:all-srcs",

diff --git a/cmd/dependencycheck/BUILD b/cmd/dependencycheck/BUILD
@@ -0,0 +1,28 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["dependencycheck.go"],
+    importpath = "k8s.io/kubernetes/cmd/dependencycheck",
+    visibility = ["//visibility:private"],
+)
+
+go_binary(
+    name = "vendorcycle",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
diff --git a/cmd/dependencycheck/OWNERS b/cmd/dependencycheck/OWNERS
@@ -0,0 +1,8 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+  - hasheddan
+approvers:
+  - bentheelder
+  - hasheddan
+  - liggitt
diff --git a/cmd/dependencycheck/dependencycheck.go b/cmd/dependencycheck/dependencycheck.go
@@ -0,0 +1,115 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Checks for restricted dependencies in go packages. Does not check transitive
+// dependencies implicitly, so they must be supplied in dependencies file if
+// they are to be evaluated.
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"regexp"
+)
+
+var (
+	exclude  = flag.String("exclude", "", "skip packages regex pattern (e.g. '^k8s.io/kubernetes/')")
+	restrict = flag.String("restrict", "", "restricted dependencies regex pattern (e.g. '^k8s.io/(apimachinery|client-go)/')")
+)
+
+type goPackage struct {
+	Name         string
+	ImportPath   string
+	Imports      []string
+	TestImports  []string
+	XTestImports []string
+}
+
+func main() {
+	flag.Parse()
+
+	args := flag.Args()
+
+	if len(args) != 1 {
+		log.Fatalf("usage: dependencycheck <json-dep-file> (e.g. 'go list -mod=vendor -test -deps -json ./vendor/...')")
+	}
+	if *restrict == "" {
+		log.Fatalf("Must specify restricted regex pattern")
+	}
+	depsPattern, err := regexp.Compile(*restrict)
+	if err != nil {
+		log.Fatalf("Error compiling restricted dependencies regex: %v", err)
+	}
+	var excludePattern *regexp.Regexp
+	if *exclude != "" {
+		excludePattern, err = regexp.Compile(*exclude)
+		if err != nil {
+			log.Fatalf("Error compiling excluded package regex: %v", err)
+		}
+	}
+	b, err := ioutil.ReadFile(args[0])
+	if err != nil {
+		log.Fatalf("Error reading dependencies file: %v", err)
+	}
+
+	packages := []goPackage{}
+	decoder := json.NewDecoder(bytes.NewBuffer(b))
+	for {
+		pkg := goPackage{}
+		if err := decoder.Decode(&pkg); err != nil {
+			if err == io.EOF {
+				break
+			}
+			log.Fatalf("Error unmarshaling dependencies file: %v", err)
+		}
+		packages = append(packages, pkg)
+	}
+
+	violations := map[string][]string{}
+	for _, p := range packages {
+		if excludePattern != nil && excludePattern.MatchString(p.ImportPath) {
+			continue
+		}
+		importViolations := []string{}
+		allImports := []string{}
+		allImports = append(allImports, p.Imports...)
+		allImports = append(allImports, p.TestImports...)
+		allImports = append(allImports, p.XTestImports...)
+		for _, i := range allImports {
+			if depsPattern.MatchString(i) {
+				importViolations = append(importViolations, i)
+			}
+		}
+		if len(importViolations) > 0 {
+			violations[p.ImportPath] = importViolations
+		}
+	}
+
+	if len(violations) > 0 {
+		for k, v := range violations {
+			fmt.Printf("Found dependency violations in package %s:\n", k)
+			for _, a := range v {
+				fmt.Println("--> " + a)
+			}
+		}
+		log.Fatal("Found restricted dependency violations in packages")
+	}
+}