feat: add support for forbidding environment variables in gitops files

This new check can be enabled by adding: ``` additionalChecks: ["forbiddenEnvironmentVariables"] ``` in the schema definition.
Kpler · Sep 16, 2024 · e506f9d · e506f9d
1 parent 19dd667
commit e506f9d
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/kp_pre_commit_hooks/gitops-values-validation.py b/kp_pre_commit_hooks/gitops-values-validation.py
@@ -19,7 +19,7 @@
 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
 ###############################################################################
-# Main code
+# Global Parameters
 ###############################################################################
 
 SCHEMA_BASE_URL = "https://kp-helmchart-stable-shared-main.s3.eu-west-1.amazonaws.com/schema/platform-managed-chart"
@@ -32,6 +32,15 @@
 
 TWINGATE_DOC_URL = "https://kpler.atlassian.net/wiki/spaces/KSD/pages/243562083/Install+and+configure+the+Twingate+VPN+client"
 
+FORBIDDEN_ENVIRONMENT_VARIABLES = {
+    "KAFKA_APPLICATION_ID": """KAFKA_APPLICATION_ID is automatically set in your container and should not be overridden.
+More info at https://kpler.atlassian.net/l/cp/jb4uJQs3#Use-connection-information-in-environment-variables""",
+    "KAFKA_BOOTSTRAP_SERVERS": """KAFKA_BOOSTRAP_SERVERS is automatically set in your container and should not be overridden.
+More info at https://kpler.atlassian.net/l/cp/jb4uJQs3#Use-connection-information-in-environment-variables""",
+    "SCHEMA_REGISTRY_URL": """SCHEMA_REGISTRY_URL is automatically set in your container and should not be overridden.
+More info at https://kpler.atlassian.net/l/cp/jb4uJQs3#Use-connection-information-in-environment-variables""",
+}
+
 ###############################################################################
 # Generic Helper functions and classes
 ###############################################################################
@@ -360,6 +369,16 @@ def validate_topic_name_compliance(self, value, schema):
         if match and match["serviceName"] != service_name:
             yield ValidationError(f"topicName '{value}' it not compliant, it should contain the service name '{service_name}'")
 
+    def validate_forbidden_environment_variables(self, value, schema):
+        if not isinstance(value, dict):
+            return
+        for env_variable, forbidden_reason in FORBIDDEN_ENVIRONMENT_VARIABLES.items():
+            if env_variable in value:
+                yield ValidationError(
+                    f"Environment variable `{env_variable}` is not allowed to be manually set",
+                    schema={"description": f"Remove `{env_variable}` from your environment variables.\n{forbidden_reason}"},
+                )
+
 
 def format_error(error: Union[ValidationError, SchemaValidationError]):
     if isinstance(error, SchemaValidationError):