You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The namespace filtering is done twice - once in get_pods() and again in get_ready_pods(). The second filter in get_ready_pods() is redundant since get_pods() already filters by namespace.
The wait_for_report call in create_jira_issue_for_security_risks() should include error handling in case the timeout is reached without finding the resource.
returnTrueLogger.logger.info(
"Cluster '{}' wasn't confirmed as already deleted from backend. Error: {}".format(cluster_name, ex))
Logger.logger.info("Deleting cluster '{}' from backend".format(cluster_name))
self.backend.delete_cluster(cluster_name=cluster_name)
exceptrequests.ReadTimeoutase:
Add error handling for failed report retrieval to prevent potential null reference exceptions
Add error handling for the case when the wait_for_report call times out or fails. Currently, the code continues to use the 'resource' variable without checking if it was successfully retrieved.
resource, t = self.wait_for_report(
timeout=120,
sleep_interval=10,
report_type=self.backend.get_security_risks_list,
security_risk_id=security_risk_id,
)
+if not resource:+ raise Exception(f"Failed to retrieve security risk report for ID {security_risk_id}")-# resource = self.get_security_risks_resource(security_risk_id)
resourceHash = resource['k8sResourceHash']
Apply this suggestion
Suggestion importance[1-10]: 8
Why: The suggestion addresses a critical error handling gap that could lead to runtime exceptions if the report retrieval fails. Adding this check is important for system stability and debugging.
8
Add null check for pods list to prevent potential NoneType exceptions during list operations
The verify_running_pods method should check if total_pods is None before attempting list operations to prevent potential NoneType exceptions.
total_pods = self.get_pods(namespace=namespace, name=name, include_terminating=False)
+if total_pods is None:+ total_pods = []
non_running_pods = [i for i in total_pods if i not in running_pods]
Apply this suggestion
Suggestion importance[1-10]: 7
Why: This is a valuable defensive programming suggestion that prevents potential NoneType exceptions, especially important in Kubernetes operations where API calls might fail.
7
Fix potential undefined variable reference by directly returning the filtered pods list
The get_ready_pods method is missing a return value assignment for ready_pods, which could lead to undefined behavior.
def get_ready_pods(self, namespace, name: str = None):
"""
:return: list of running pods with all containers ready
"""
-
pods = self.get_pods(namespace=namespace, name=name)
# Safeguard: Ensure namespace consistency
pods = [pod for pod in pods if pod.metadata.namespace == namespace]
- ready_pods = [- pod for pod in pods- if all(container.ready for container in (pod.status.container_statuses or []))-]- return ready_pods+ return [+ pod for pod in pods+ if all(container.ready for container in (pod.status.container_statuses or []))+ ]
Apply this suggestion
Suggestion importance[1-10]: 2
Why: The suggestion is technically valid but unnecessary, as the code already correctly assigns and returns ready_pods. The proposed change is merely a style preference that doesn't fix any actual issues.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Type
Enhancement, Bug fix
Description
Added namespace filtering safeguards in pod operations
Replaced kubectl shell commands with API calls
Implemented wait mechanism for security risk reports
Enhanced pod state logging and visibility
Changes walkthrough 📝
jira_integration.py
Add wait mechanism for security risk report retrievaltests_scripts/helm/jira_integration.py
report retrieval
reliability
base_k8s.py
Improve pod retrieval safety and logging capabilitiestests_scripts/kubernetes/base_k8s.py