diff --git a/go.sum b/go.sum index d8d99822cb..e7cbfd2769 100644 --- a/go.sum +++ b/go.sum @@ -108,6 +108,7 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= +github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= diff --git a/pkg/engine/mutate/strategicMergePatch.go b/pkg/engine/mutate/strategicMergePatch.go index 19576011c8..1c463d5ca0 100644 --- a/pkg/engine/mutate/strategicMergePatch.go +++ b/pkg/engine/mutate/strategicMergePatch.go @@ -94,7 +94,7 @@ func ProcessStrategicMergePatch(ruleName string, overlay interface{}, resource u resp.Success = true resp.Patches = jsonPatches - resp.Message = fmt.Sprintf("successfully processed stragetic merge patch") + resp.Message = fmt.Sprintf("successfully processed strategic merge patch") return resp, patchedResource } diff --git a/pkg/engine/utils.go b/pkg/engine/utils.go index f4524dc5ea..4a764adb6e 100644 --- a/pkg/engine/utils.go +++ b/pkg/engine/utils.go @@ -96,7 +96,7 @@ func checkSelector(labelSelector *metav1.LabelSelector, resourceLabels map[strin // To filter out the targeted resources with ResourceDescription, the check // should be: AND across attibutes but an OR inside attributes that of type list // To filter out the targeted resources with UserInfo, the check -// should be: OR (accross & inside) attributes +// should be: OR (across & inside) attributes func doesResourceMatchConditionBlock(conditionBlock kyverno.ResourceDescription, userInfo kyverno.UserInfo, admissionInfo kyverno.RequestInfo, resource unstructured.Unstructured, dynamicConfig []string) []error { var errs []error if len(conditionBlock.Kinds) > 0 { diff --git a/pkg/engine/utils_test.go b/pkg/engine/utils_test.go index 935f49f414..4552ee494f 100644 --- a/pkg/engine/utils_test.go +++ b/pkg/engine/utils_test.go @@ -77,7 +77,7 @@ func TestMatchesResourceDescription(t *testing.T) { } } else { if tc.areErrorsExpected { - t.Errorf("Testcase %d Expected Error but recieved no error", i+1) + t.Errorf("Testcase %d Expected Error but received no error", i+1) } } } @@ -477,6 +477,6 @@ func TestResourceDescriptionExclude_Label_Expression_Match(t *testing.T) { ExcludeResources: kyverno.ExcludeResources{ResourceDescription: resourceDescriptionExclude}} if err := MatchesResourceDescription(*resource, rule, kyverno.RequestInfo{}, []string{}); err == nil { - t.Errorf("Testcase has failed due to the following:\n Function has returned no error, even though it was suposed to fail") + t.Errorf("Testcase has failed due to the following:\n Function has returned no error, even though it was supposed to fail") } } diff --git a/pkg/engine/validate/pattern.go b/pkg/engine/validate/pattern.go index 47012b57c7..f1f988d55c 100644 --- a/pkg/engine/validate/pattern.go +++ b/pkg/engine/validate/pattern.go @@ -49,7 +49,7 @@ func ValidateValueWithPattern(log logr.Logger, value, pattern interface{}) bool log.Info("arrays as patterns is not supported") return false default: - log.Info("Unkown type", "type", fmt.Sprintf("%T", typedPattern), "value", typedPattern) + log.Info("Unknown type", "type", fmt.Sprintf("%T", typedPattern), "value", typedPattern) return false } } diff --git a/pkg/engine/validation.go b/pkg/engine/validation.go index f3c5087b82..73a7332636 100644 --- a/pkg/engine/validation.go +++ b/pkg/engine/validation.go @@ -53,7 +53,7 @@ func Validate(policyContext PolicyContext) (resp response.EngineResponse) { for i := range resp.PolicyResponse.Rules { messageInterface, err := variables.SubstituteVars(logger, ctx, resp.PolicyResponse.Rules[i].Message) if err != nil { - logger.V(4).Info("failed to substitue JMES value", "error", err.Error()) + logger.V(4).Info("failed to substitute JMES value", "error", err.Error()) continue } resp.PolicyResponse.Rules[i].Message, _ = messageInterface.(string) diff --git a/pkg/kyverno/apply/command.go b/pkg/kyverno/apply/command.go index 01eaa298e8..af412b0166 100644 --- a/pkg/kyverno/apply/command.go +++ b/pkg/kyverno/apply/command.go @@ -309,7 +309,7 @@ func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst if err != nil { return sanitizedError.NewWithError("failed to print mutated result", err) } - fmt.Printf("\n\nMutation:\nMutation has been applied succesfully. Check the files.") + fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") } } @@ -408,7 +408,7 @@ func createFileOrFolder(mutateLogPath string, mutateLogPathIsDir bool) error { if err != nil { if os.IsNotExist(err) { if !mutateLogPathIsDir { - // check the folder existance, then create the file + // check the folder existence, then create the file var folderPath string s := strings.Split(mutateLogPath, "/") diff --git a/pkg/policystatus/main.go b/pkg/policystatus/main.go index f0f224e83a..37e68e3b5f 100644 --- a/pkg/policystatus/main.go +++ b/pkg/policystatus/main.go @@ -45,7 +45,7 @@ func (l Listener) Send(s statusUpdater) { // Sync is the object which is used to initialize //the policyStatus sync, can be considered the parent object -//since it contains access to all the persistant data present +//since it contains access to all the persistent data present //in this package. type Sync struct { cache *cache diff --git a/pkg/webhooks/generate/generate.go b/pkg/webhooks/generate/generate.go index 0e2195c4da..0256759414 100644 --- a/pkg/webhooks/generate/generate.go +++ b/pkg/webhooks/generate/generate.go @@ -82,7 +82,7 @@ func (g *Generator) Run(workers int) { func (g *Generator) processApply() { logger := g.log for r := range g.ch { - logger.V(4).Info("recieved generate request", "request", r) + logger.V(4).Info("received generate request", "request", r) if err := g.generate(r.spec, r.action); err != nil { logger.Error(err, "failed to generate request CR") } diff --git a/pkg/webhooks/report.go b/pkg/webhooks/report.go index fa6e58cc1a..33522b4653 100644 --- a/pkg/webhooks/report.go +++ b/pkg/webhooks/report.go @@ -19,7 +19,7 @@ func generateEvents(engineResponses []response.EngineResponse, blocked, onUpdate for _, er := range engineResponses { if er.IsSuccessful() { - // do not create event on rules that were succesful + // do not create event on rules that were successful continue } // Rules that failed diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go index afc7ed2d0a..0ff8bd2636 100644 --- a/pkg/webhooks/server.go +++ b/pkg/webhooks/server.go @@ -377,7 +377,7 @@ func (ws *WebhookServer) ResourceMutation(request *v1beta1.AdmissionRequest) *v1 go ws.HandleGenerate(request.DeepCopy(), generatePolicies, ctx, userRequestInfo, ws.configHandler) } - // Succesful processing of mutation & validation rules in policy + // Successful processing of mutation & validation rules in policy patchType := v1beta1.PatchTypeJSONPatch return &v1beta1.AdmissionResponse{ Allowed: true, @@ -594,7 +594,7 @@ func (ws *WebhookServer) excludeKyvernoResources(request *v1beta1.AdmissionReque if labels["app.kubernetes.io/managed-by"] == "kyverno" && labels["policy.kyverno.io/synchronize"] == "enable" { isAuthorized, err := userinfo.IsRoleAuthorize(ws.rbLister, ws.crbLister, ws.rLister, ws.crLister, request, ws.configHandler) if err != nil { - return fmt.Errorf("failed to get RBAC infromation for request %v", err) + return fmt.Errorf("failed to get RBAC information for request %v", err) } if !isAuthorized { // convert RAW to unstructured diff --git a/pkg/webhooks/validation.go b/pkg/webhooks/validation.go index 41dc22b4fb..000395ddd8 100644 --- a/pkg/webhooks/validation.go +++ b/pkg/webhooks/validation.go @@ -100,7 +100,7 @@ func HandleValidation( continue } - logger.Info("validation rules from policy applied succesfully", "policy", policy.Name) + logger.Info("validation rules from policy applied successfully", "policy", policy.Name) } // If Validation fails then reject the request // no violations will be created on "enforce" @@ -114,7 +114,7 @@ func HandleValidation( // some/all policies failed to apply on the resource. a policy volation is generated. // create an event on the resource and the policy that failed // Scenario 3: - // all policies were applied succesfully. + // all policies were applied successfully. // create an event on the resource events := generateEvents(engineResponses, blocked, (request.Operation == v1beta1.Update), logger) eventGen.Add(events...) diff --git a/samples/DisallowHelmTiller.md b/samples/DisallowHelmTiller.md index 460f34ae76..459c376444 100644 --- a/samples/DisallowHelmTiller.md +++ b/samples/DisallowHelmTiller.md @@ -1,6 +1,6 @@ # Disallow Helm Tiller -Tiller, in the [now-deprecated Helm v2](https://helm.sh/blog/helm-v2-deprecation-timeline/), has known security challenges. It requires adminstrative privileges and acts as a shared resource accessible to any authenticated user. Tiller can lead to privilge escalation as restricted users can impact other users. +Tiller, in the [now-deprecated Helm v2](https://helm.sh/blog/helm-v2-deprecation-timeline/), has known security challenges. It requires administrative privileges and acts as a shared resource accessible to any authenticated user. Tiller can lead to privilge escalation as restricted users can impact other users. ## Policy YAML diff --git a/samples/DisallowSysctls.md b/samples/DisallowSysctls.md index afc24bae7c..bffdd2b5d2 100644 --- a/samples/DisallowSysctls.md +++ b/samples/DisallowSysctls.md @@ -24,7 +24,7 @@ spec: kinds: - Pod validate: - message: "Changes to kernel paramaters are not allowed" + message: "Changes to kernel parameters are not allowed" pattern: spec: securityContext: diff --git a/samples/best_practices/disallow_helm_tiller.yaml b/samples/best_practices/disallow_helm_tiller.yaml index 5809d5030c..b175b8cd08 100644 --- a/samples/best_practices/disallow_helm_tiller.yaml +++ b/samples/best_practices/disallow_helm_tiller.yaml @@ -4,7 +4,7 @@ metadata: name: disallow-helm-tiller annotations: policies.kyverno.io/category: Security - policies.kyverno.io/description: Tiller has known security challenges. It requires adminstrative privileges and acts as a shared + policies.kyverno.io/description: Tiller has known security challenges. It requires administrative privileges and acts as a shared resource accessible to any authenticated user. Tiller can lead to privilge escalation as restricted users can impact other users. spec: validationFailureAction: audit diff --git a/samples/best_practices/disallow_sysctls.yaml b/samples/best_practices/disallow_sysctls.yaml index cfc5f1518f..f1ede133df 100644 --- a/samples/best_practices/disallow_sysctls.yaml +++ b/samples/best_practices/disallow_sysctls.yaml @@ -16,7 +16,7 @@ spec: kinds: - Pod validate: - message: "Changes to kernel paramaters are not allowed" + message: "Changes to kernel parameters are not allowed" pattern: spec: =(securityContext): diff --git a/test/e2e/generate/generate_test.go b/test/e2e/generate/generate_test.go index c0bfbccc56..465491a52f 100644 --- a/test/e2e/generate/generate_test.go +++ b/test/e2e/generate/generate_test.go @@ -131,7 +131,7 @@ func Test_ClusterRole_ClusterRoleBinding_Sets(t *testing.T) { Expect(rbRes.GetName()).To(Equal(tests.ClusterRoleBindingName)) // ============================================ - // If Sync=true, Verify that an Error will occour on deletion of created resources + // If Sync=true, Verify that an Error will occur on deletion of created resources if tests.Sync { // Delete generated ClusterRoleBinding and It'll Fail err = e2eClient.DeleteClusteredResource(crbGVR, tests.ClusterRoleBindingName) @@ -251,7 +251,7 @@ func Test_Role_RoleBinding_Sets(t *testing.T) { Expect(rbRes.GetName()).To(Equal(tests.RoleBindingName)) // ============================================ - // If Sync=true, Verify that an Error will occour on deletion of created resources + // If Sync=true, Verify that an Error will occur on deletion of created resources if tests.Sync { // Delete generated RoleBinding and It'll Fail diff --git a/test/policy/mutate/policy_mutate_validate_qos.yaml b/test/policy/mutate/policy_mutate_validate_qos.yaml index 2f77ada3db..4a68500588 100644 --- a/test/policy/mutate/policy_mutate_validate_qos.yaml +++ b/test/policy/mutate/policy_mutate_validate_qos.yaml @@ -41,7 +41,7 @@ spec: template: spec: containers: - # match all contianers + # match all containers - (name): "*" resources: limits: diff --git a/test/scenarios/other/scenario_mutate_pod_spec.yaml b/test/scenarios/other/scenario_mutate_pod_spec.yaml index 8344069eda..33d157b394 100644 --- a/test/scenarios/other/scenario_mutate_pod_spec.yaml +++ b/test/scenarios/other/scenario_mutate_pod_spec.yaml @@ -16,4 +16,4 @@ expected: - name: disable-servicelink-and-token type: Mutation success: true - message: successfully processed stragetic merge patch \ No newline at end of file + message: successfully processed strategic merge patch \ No newline at end of file diff --git a/test/scenarios/other/scenario_mutate_validate_qos.yaml b/test/scenarios/other/scenario_mutate_validate_qos.yaml index 7add853476..7497106a8e 100644 --- a/test/scenarios/other/scenario_mutate_validate_qos.yaml +++ b/test/scenarios/other/scenario_mutate_validate_qos.yaml @@ -16,7 +16,7 @@ expected: - name: add-memory-limit type: Mutation success: true - message: successfully processed stragetic merge patch + message: successfully processed strategic merge patch validation: policyresponse: policy: policy-qos diff --git a/test/scenarios/samples/best_practices/add_safe_to_evict.yaml b/test/scenarios/samples/best_practices/add_safe_to_evict.yaml index 0536fff73d..d70b1cb15f 100644 --- a/test/scenarios/samples/best_practices/add_safe_to_evict.yaml +++ b/test/scenarios/samples/best_practices/add_safe_to_evict.yaml @@ -16,4 +16,4 @@ expected: - name: annotate-empty-dir type: Mutation success: true - message: "successfully processed stragetic merge patch" \ No newline at end of file + message: "successfully processed strategic merge patch" \ No newline at end of file diff --git a/test/scenarios/samples/best_practices/add_safe_to_evict2.yaml b/test/scenarios/samples/best_practices/add_safe_to_evict2.yaml index f2dfd0471e..9742a8e702 100644 --- a/test/scenarios/samples/best_practices/add_safe_to_evict2.yaml +++ b/test/scenarios/samples/best_practices/add_safe_to_evict2.yaml @@ -16,4 +16,4 @@ expected: - name: annotate-host-path type: Mutation success: true - message: "successfully processed stragetic merge patch" \ No newline at end of file + message: "successfully processed strategic merge patch" \ No newline at end of file