popeye icon indicating copy to clipboard operation
popeye copied to clipboard
verified publisher icon derailed

flag for excluding popeye codes on reports

Open peddyhh opened this issue 5 years ago • 8 comments




Is your feature request related to a problem? Please describe. When I using popey like "popeye -l warn", I got the warning messages "[POP-300] Using "default" ServiceAccount" This is not an issue, this is intended.

Describe the solution you'd like I want a flag, called "--exclude". It should be possible, to use a list t of "POP-XXX" Codes as parameter. For example "popeye -l warn --exclude POP-300,POP-403"

peddyhh avatar Nov 05 '20 19:11 peddyhh

I would also like this. Especially for POP-300 and POP-400. Popeye does not appear to consider envFrom to be a "use" of a ConfigMap entry.

howardjones avatar Dec 03 '20 11:12 howardjones

@peddyhh @howardjones Thank you both for reporting this. You can use a spinach.yml file to exclude the codes that you know are legit.

@howardjones EnvFrom is checked if that's no what you're seeing, please add more details here. Tx!!

derailed avatar Dec 05 '20 16:12 derailed

In CD- or CS-Pipelines I don't want to use an extra spinach.yaml file. Sometimes it is not even possible to have an extra spinach.yaml file.

I would appreciate it a lot.

peddyhh avatar Feb 01 '21 18:02 peddyhh

What about checking an annotation in certain resources? In my use case, I run a multi-tenant cluster with different teams split by namespaces. I run a central prometheus which gets metrics from the different namespaces (I run popeye once per namespace), so teams can see their scores in grafana.

At the end, I'm the owner of popeye and it can be really cumbersome to update the spinach files to allow certain rules under team requests, but it would be much effective if every team can annotate every resource they'd like to skip.

@derailed Would you accept an addition like that one?

danibaeyens avatar Jun 29 '21 13:06 danibaeyens

OMG, I already did the suggestion at #160 ! Sorry about duplicating! I'll try to propose something, then :)

danibaeyens avatar Jun 29 '21 13:06 danibaeyens

@danibaeyens lol - nw I thought this sounded familiar... Yes I think annotations make sense. Pb here you do loose control as some teams may elect for less restrictive measures about their spinach configurations and thus yield a seemingly higher scores while masking underlying issues??

derailed avatar Jun 29 '21 14:06 derailed

Should lots of 'ignore' annotations earn you a penalty? :-)

howardjones avatar Jun 29 '21 14:06 howardjones

@derailed absolutely. Great power comes with great responsibility

@howardjones Yes! I thought about assing that as well. Maybe every "skipping" annotation triggers a info rule (which severity can be overridden by the spinach file if needed).

danibaeyens avatar Jun 29 '21 15:06 danibaeyens