Merge pull request #1295 from tejal29/rename_whitelist_ignorelist

rename whitelist to ignorelist

cmd/executor/cmd/root.go

@@ -83,8 +83,8 @@ var RootCmd = &cobra.Command{
  if len(opts.Destinations) == 0 && opts.ImageNameDigestFile != "" {
  return errors.New("You must provide --destination if setting ImageNameDigestFile")
  }
- // Update whitelisted paths
- util.UpdateWhitelist(opts.WhitelistVarRun)
+ // Update ignored paths
+ util.UpdateInitialIgnoreList(opts.IgnoreVarRun)
  }
  return nil
  },
@@ -160,7 +160,7 @@ func addKanikoOptionsFlags() {
  opts.RegistriesCertificates = make(map[string]string)
  RootCmd.PersistentFlags().VarP(&opts.RegistriesCertificates, "registry-certificate", "", "Use the provided certificate for TLS communication with the given registry. Expected format is 'my.registry.url=/path/to/the/server/certificate'.")
  RootCmd.PersistentFlags().StringVarP(&opts.RegistryMirror, "registry-mirror", "", "", "Registry mirror to use has pull-through cache instead of docker.io.")
- RootCmd.PersistentFlags().BoolVarP(&opts.WhitelistVarRun, "whitelist-var-run", "", true, "Ignore /var/run directory when taking image snapshot. Set it to false to preserve /var/run/ in destination image. (Default true).")
+ RootCmd.PersistentFlags().BoolVarP(&opts.IgnoreVarRun, "whitelist-var-run", "", true, "Ignore /var/run directory when taking image snapshot. Set it to false to preserve /var/run/ in destination image. (Default true).")
  RootCmd.PersistentFlags().VarP(&opts.Labels, "label", "", "Set metadata for an image. Set it repeatedly for multiple labels.")
  RootCmd.PersistentFlags().BoolVarP(&opts.SkipUnusedStages, "skip-unused-stages", "", false, "Build only used stages if defined to true. Otherwise it builds by default all stages, even the unnecessaries ones until it reaches the target stage / end of Dockerfile")
 }

deploy/Dockerfile_debug

@@ -46,7 +46,7 @@ COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
 COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/linux-amd64/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
 COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
 COPY --from=1 /distroless/bazel-bin/experimental/busybox/busybox/ /busybox/
-# Declare /busybox as a volume to get it automatically whitelisted
+# Declare /busybox as a volume to get it automatically in the path to ignore
 VOLUME /busybox
 COPY files/ca-certificates.crt /kaniko/ssl/certs/
 COPY --from=0 /kaniko/.docker /kaniko/.docker

docs/design_proposals/filesystem-resolution-proposal-01.md

@@ -19,7 +19,7 @@ To accomplish this, Kaniko walks the entire filesystem to discover every object.
 Some of these objects may actually be a symlink to another object in the
 filesystem; in these cases we must consider both the link and the target object.
 
-Kaniko also maintains a set of whitelisted (aka ignored) filepaths. Any object
+Kaniko also maintains a set of ignored (aka ignored) filepaths. Any object
 which matches one of these filepaths should be ignored by kaniko.
 
 This results in a 3 dimensional search space

integration/dockerfiles/Dockerfile_test_add

@@ -14,7 +14,7 @@ ADD $contextenv/* /tmp/${contextenv}/
 ADD context/tars/fil* /tars/
 ADD context/tars/file.tar /tars_again
 
-# This tar has some directories that should be whitelisted inside it.
+# This tar has some directories that should be ignored inside it.
 
 ADD context/tars/sys.tar.gz /
 

integration/dockerfiles/Dockerfile_test_multistage

@@ -13,7 +13,7 @@ FROM base as fourth
 RUN date > /date
 ENV foo bar
 
-# This base image contains symlinks with relative paths to whitelisted directories
+# This base image contains symlinks with relative paths to ignored directories
 # We need to test they're extracted correctly
 FROM fedora@sha256:c4cc32b09c6ae3f1353e7e33a8dda93dc41676b923d6d89afa996b421cc5aa48
 

integration/integration_test.go

@@ -556,7 +556,7 @@ func checkContainerDiffOutput(t *testing.T, diff []byte, expected string) {
  t.Error(err)
  }
 
- // Some differences (whitelisted paths, etc.) are known and expected.
+ // Some differences (ignored paths, etc.) are known and expected.
  fdr := diffInt[0].Diff.(*fileDiffResult)
  fdr.Adds = filterFileDiff(fdr.Adds)
  fdr.Dels = filterFileDiff(fdr.Dels)
@@ -588,14 +588,14 @@ func filterMetaDiff(metaDiff []string) []string {
 func filterFileDiff(f []fileDiff) []fileDiff {
  var newDiffs []fileDiff
  for _, diff := range f {
- isWhitelisted := false
+ isIgnored := false
  for _, p := range allowedDiffPaths {
  if util.HasFilepathPrefix(diff.Name, p, false) {
- isWhitelisted = true
+ isIgnored = true
  break
  }
  }
- if !isWhitelisted {
+ if !isIgnored {
  newDiffs = append(newDiffs, diff)
  }
  }

pkg/commands/volume.go

@@ -48,7 +48,7 @@ func (v *VolumeCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.
  for _, volume := range resolvedVolumes {
  var x struct{}
  existingVolumes[volume] = x
- util.AddVolumePathToWhitelist(volume)
+ util.AddVolumePathToIgnoreList(volume)
 
  // Only create and snapshot the dir if it didn't exist already
  if _, err := os.Stat(volume); os.IsNotExist(err) {

pkg/config/init.go

@@ -22,10 +22,10 @@ import (
 
 var RootDir string
 var KanikoDir string
-var WhitelistPath string
+var IgnoreListPath string
 
 func init() {
  RootDir = constants.RootDir
  KanikoDir = constants.KanikoDir
- WhitelistPath = constants.WhitelistPath
+ IgnoreListPath = constants.IgnoreListPath
 }

pkg/config/options.go

@@ -55,7 +55,7 @@ type KanikoOptions struct {
  NoPush bool
  Cache bool
  Cleanup bool
- WhitelistVarRun bool
+ IgnoreVarRun  bool
  SkipUnusedStages bool
 }
 

pkg/constants/constants.go

@@ -26,7 +26,7 @@ const (
  //KanikoDir is the path to the Kaniko directory
  KanikoDir = "/kaniko"
 
- WhitelistPath = "/proc/self/mountinfo"
+ IgnoreListPath = "/proc/self/mountinfo"
 
  Author = "kaniko"
 

pkg/dockerfile/dockerfile_test.go

@@ -565,7 +565,7 @@ func Test_SkipingUnusedStages(t *testing.T) {
  # Make sure that we snapshot intermediate images correctly
  RUN date > /date
  ENV foo bar
- # This base image contains symlinks with relative paths to whitelisted directories
+ # This base image contains symlinks with relative paths to ignored directories
  # We need to test they're extracted correctly
  FROM fedora@sha256:c4cc32b09c6ae3f1353e7e33a8dda93dc41676b923d6d89afa996b421cc5aa48
  FROM fourth

pkg/executor/build.go

@@ -314,8 +314,8 @@ func (s *stageBuilder) build() error {
  logrus.Info("Skipping unpacking as no commands require it.")
  }
 
- if err := util.DetectFilesystemWhitelist(config.WhitelistPath); err != nil {
- return errors.Wrap(err, "failed to check filesystem whitelist")
+ if err := util.DetectFilesystemIgnoreList(config.IgnoreListPath); err != nil {
+ return errors.Wrap(err, "failed to check filesystem mount paths")
  }
 
  initSnapshotTaken := false

pkg/executor/composite_cache.go

@@ -69,7 +69,7 @@ func (s *CompositeCache) AddPath(p, context string) error {
  }
 
  // Only add the hash of this directory to the key
- // if there is any whitelisted content.
+ // if there is any ignored content.
  if !empty || !util.ExcludeFile(p, context) {
  s.keys = append(s.keys, k)
  }

pkg/executor/copy_multistage_test.go

@@ -166,7 +166,7 @@ func setupMultistageTests(t *testing.T) (string, func()) {
  // set up config
  config.RootDir = testDir
  config.KanikoDir = fmt.Sprintf("%s/%s", testDir, "kaniko")
- // Write a whitelist path
+ // Write path to ignore list
  if err := os.MkdirAll(filepath.Join(testDir, "proc"), 0755); err != nil {
  t.Fatal(err)
  }
@@ -178,10 +178,10 @@ func setupMultistageTests(t *testing.T) (string, func()) {
  if err := ioutil.WriteFile(mFile, []byte(mountInfo), 0644); err != nil {
  t.Fatal(err)
  }
- config.WhitelistPath = mFile
+ config.IgnoreListPath = mFile
  return testDir, func() {
  config.KanikoDir = constants.KanikoDir
  config.RootDir = constants.RootDir
- config.WhitelistPath = constants.WhitelistPath
+ config.IgnoreListPath = constants.IgnoreListPath
  }
 }

pkg/filesystem/resolve.go

@@ -26,24 +26,24 @@ import (
  "github.com/sirupsen/logrus"
 )
 
-// ResolvePaths takes a slice of file paths and a slice of whitelist entries. It resolve each
+// ResolvePaths takes a slice of file paths and a list of skipped file paths. It resolve each
 // file path according to a set of rules and then returns a slice of resolved paths or error.
 // File paths are resolved according to the following rules:
-// * If path is whitelisted, skip it.
+// * If path is in ignorelist, skip it.
 // * If path is a symlink, resolve it's ancestor link and add it to the output set.
-// * If path is a symlink, resolve it's target. If the target is not whitelisted add it to the
+// * If path is a symlink, resolve it's target. If the target is not ignored add it to the
 // output set.
 // * Add all ancestors of each path to the output set.
-func ResolvePaths(paths []string, wl []util.WhitelistEntry) (pathsToAdd []string, err error) {
+func ResolvePaths(paths []string, wl []util.IgnoreListEntry) (pathsToAdd []string, err error) {
  logrus.Infof("Resolving %d paths", len(paths))
  logrus.Tracef("Resolving paths %s", paths)
 
  fileSet := make(map[string]bool)
 
  for _, f := range paths {
- // If the given path is part of the whitelist ignore it
- if util.IsInProvidedWhitelist(f, wl) {
- logrus.Debugf("path %s is whitelisted, ignoring it", f)
+ // If the given path is part of the ignorelist ignore it
+ if util.IsInProvidedIgnoreList(f, wl) {
+ logrus.Debugf("path %s is in list to ignore, ignoring it", f)
  continue
  }
 
@@ -76,10 +76,10 @@ func ResolvePaths(paths []string, wl []util.WhitelistEntry) (pathsToAdd []string
  continue
  }
 
- // If the given path is a symlink and the target is part of the whitelist
+ // If the given path is a symlink and the target is part of the ignorelist
  // ignore the target
- if util.IsInProvidedWhitelist(evaled, wl) {
- logrus.Debugf("path %s is whitelisted, ignoring it", evaled)
+ if util.IsInProvidedIgnoreList(evaled, wl) {
+ logrus.Debugf("path %s is ignored, ignoring it", evaled)
  continue
  }
 

pkg/filesystem/resolve_test.go

@@ -85,8 +85,8 @@ func Test_ResolvePaths(t *testing.T) {
  }
  }
 
- t.Run("none are whitelisted", func(t *testing.T) {
- wl := []util.WhitelistEntry{}
+ t.Run("none are ignored", func(t *testing.T) {
+ wl := []util.IgnoreListEntry{}
 
  inputFiles := []string{}
  expectedFiles := []string{}
@@ -107,8 +107,8 @@ func Test_ResolvePaths(t *testing.T) {
  validateResults(t, files, expectedFiles, err)
  })
 
- t.Run("some are whitelisted", func(t *testing.T) {
- wl := []util.WhitelistEntry{
+ t.Run("some are ignored", func(t *testing.T) {
+ wl := []util.IgnoreListEntry{
  {
  Path: filepath.Join(dir, "link", "baz"),
  },
@@ -124,7 +124,7 @@ func Test_ResolvePaths(t *testing.T) {
  link := filepath.Join(dir, "link", f)
  inputFiles = append(inputFiles, link)
 
- if util.IsInProvidedWhitelist(link, wl) {
+ if util.IsInProvidedIgnoreList(link, wl) {
  t.Logf("skipping %s", link)
  continue
  }
@@ -133,7 +133,7 @@ func Test_ResolvePaths(t *testing.T) {
 
  target := filepath.Join(dir, "target", f)
 
- if util.IsInProvidedWhitelist(target, wl) {
+ if util.IsInProvidedIgnoreList(target, wl) {
  t.Logf("skipping %s", target)
  continue
  }
@@ -177,7 +177,7 @@ func Test_ResolvePaths(t *testing.T) {
  inputFiles := []string{}
  expectedFiles := []string{}
 
- wl := []util.WhitelistEntry{}
+ wl := []util.IgnoreListEntry{}
 
  files, err := ResolvePaths(inputFiles, wl)
 

pkg/snapshot/snapshot.go

@@ -39,14 +39,14 @@ var snapshotPathPrefix = config.KanikoDir
 
 // Snapshotter holds the root directory from which to take snapshots, and a list of snapshots taken
 type Snapshotter struct {
- l *LayeredMap
- directory string
- whitelist []util.WhitelistEntry
+ l  *LayeredMap
+ directory  string
+ ignorelist []util.IgnoreListEntry
 }
 
 // NewSnapshotter creates a new snapshotter rooted at d
 func NewSnapshotter(l *LayeredMap, d string) *Snapshotter {
- return &Snapshotter{l: l, directory: d, whitelist: util.Whitelist()}
+ return &Snapshotter{l: l, directory: d, ignorelist: util.IgnoreList()}
 }
 
 // Init initializes a new snapshotter
@@ -60,7 +60,7 @@ func (s *Snapshotter) Key() (string, error) {
  return s.l.Key()
 }
 
-// TakeSnapshot takes a snapshot of the specified files, avoiding directories in the whitelist, and creates
+// TakeSnapshot takes a snapshot of the specified files, avoiding directories in the ignorelist, and creates
 // a tarball of the changed files. Return contents of the tarball, and whether or not any files were changed
 func (s *Snapshotter) TakeSnapshot(files []string) (string, error) {
  f, err := ioutil.TempFile(config.KanikoDir, "")
@@ -75,7 +75,7 @@ func (s *Snapshotter) TakeSnapshot(files []string) (string, error) {
  return "", nil
  }
 
- filesToAdd, err := filesystem.ResolvePaths(files, s.whitelist)
+ filesToAdd, err := filesystem.ResolvePaths(files, s.ignorelist)
  if err != nil {
  return "", nil
  }
@@ -100,7 +100,7 @@ func (s *Snapshotter) TakeSnapshot(files []string) (string, error) {
  return f.Name(), nil
 }
 
-// TakeSnapshotFS takes a snapshot of the filesystem, avoiding directories in the whitelist, and creates
+// TakeSnapshotFS takes a snapshot of the filesystem, avoiding directories in the ignorelist, and creates
 // a tarball of the changed files.
 func (s *Snapshotter) TakeSnapshotFS() (string, error) {
  f, err := ioutil.TempFile(snapshotPathPrefix, "")
@@ -139,9 +139,9 @@ func (s *Snapshotter) scanFullFilesystem() ([]string, []string, error) {
 
  godirwalk.Walk(s.directory, &godirwalk.Options{
  Callback: func(path string, ent *godirwalk.Dirent) error {
- if util.IsInWhitelist(path) {
+ if util.IsInIgnoreList(path) {
  if util.IsDestDir(path) {
- logrus.Tracef("Skipping paths under %s, as it is a whitelisted directory", path)
+ logrus.Tracef("Skipping paths under %s, as it is a ignored directory", path)
 
  return filepath.SkipDir
  }
@@ -159,7 +159,7 @@ func (s *Snapshotter) scanFullFilesystem() ([]string, []string, error) {
  timing.DefaultRun.Stop(timer)
 
  timer = timing.Start("Resolving Paths")
- resolvedFiles, err := filesystem.ResolvePaths(foundPaths, s.whitelist)
+ resolvedFiles, err := filesystem.ResolvePaths(foundPaths, s.ignorelist)
  if err != nil {
  return nil, nil, err
  }
@@ -193,8 +193,8 @@ func (s *Snapshotter) scanFullFilesystem() ([]string, []string, error) {
 
  filesToAdd := []string{}
  for path := range resolvedMemFs {
- if util.CheckWhitelist(path) {
- logrus.Tracef("Not adding %s to layer, as it's whitelisted", path)
+ if util.CheckIgnoreList(path) {
+ logrus.Tracef("Not adding %s to layer, as it's ignored", path)
  continue
  }
  // Only add changed files.