kyverno/pkg/metrics/policyresults/policyResults.go

package policyresults

import (
	"fmt"

	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
	"github.com/kyverno/kyverno/pkg/engine/response"
	"github.com/kyverno/kyverno/pkg/metrics"
	"github.com/kyverno/kyverno/pkg/utils"
)

func registerPolicyResultsMetric(
	m *metrics.MetricsConfig,
	policyValidationMode metrics.PolicyValidationMode,
	policyType metrics.PolicyType,
	policyBackgroundMode metrics.PolicyBackgroundMode,
	policyNamespace, policyName string,
	resourceKind, resourceNamespace string,
	resourceRequestOperation metrics.ResourceRequestOperation,
	ruleName string,
	ruleResult metrics.RuleResult,
	ruleType metrics.RuleType,
	ruleExecutionCause metrics.RuleExecutionCause,
) error {
	if policyType == metrics.Cluster {
		policyNamespace = "-"
	}
	includeNamespaces, excludeNamespaces := m.Config.GetIncludeNamespaces(), m.Config.GetExcludeNamespaces()
	if (resourceNamespace != "" && resourceNamespace != "-") && utils.ContainsString(excludeNamespaces, resourceNamespace) {
		m.Log.V(2).Info(fmt.Sprintf("Skipping the registration of kyverno_policy_results_total metric as the operation belongs to the namespace '%s' which is one of 'namespaces.exclude' %+v in values.yaml", resourceNamespace, excludeNamespaces))
		return nil
	}
	if (resourceNamespace != "" && resourceNamespace != "-") && len(includeNamespaces) > 0 && !utils.ContainsString(includeNamespaces, resourceNamespace) {
		m.Log.V(2).Info(fmt.Sprintf("Skipping the registration of kyverno_policy_results_total metric as the operation belongs to the namespace '%s' which is not one of 'namespaces.include' %+v in values.yaml", resourceNamespace, includeNamespaces))
		return nil
	}

	m.RecordPolicyResults(policyValidationMode, policyType, policyBackgroundMode, policyNamespace, policyName, resourceKind, resourceNamespace, resourceRequestOperation, ruleName, ruleResult, ruleType, ruleExecutionCause)

	return nil
}

//policy - policy related data
//engineResponse - resource and rule related data
func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, resourceRequestOperation metrics.ResourceRequestOperation) error {
	name, namespace, policyType, backgroundMode, validationMode, err := metrics.GetPolicyInfos(policy)
	if err != nil {
		return err
	}
	resourceSpec := engineResponse.PolicyResponse.Resource
	resourceKind := resourceSpec.Kind
	resourceNamespace := resourceSpec.Namespace
	ruleResponses := engineResponse.PolicyResponse.Rules
	for _, rule := range ruleResponses {
		ruleName := rule.Name
		ruleType := metrics.ParseRuleTypeFromEngineRuleResponse(rule)
		var ruleResult metrics.RuleResult
		switch rule.Status {
		case response.RuleStatusPass:
			ruleResult = metrics.Pass
		case response.RuleStatusFail:
			ruleResult = metrics.Fail
		case response.RuleStatusWarn:
			ruleResult = metrics.Warn
		case response.RuleStatusError:
			ruleResult = metrics.Error
		case response.RuleStatusSkip:
			ruleResult = metrics.Skip
		default:
			ruleResult = metrics.Fail
		}
		if err := registerPolicyResultsMetric(
			m,
			validationMode,
			policyType,
			backgroundMode,
			namespace, name,
			resourceKind, resourceNamespace,
			resourceRequestOperation,
			ruleName,
			ruleResult,
			ruleType,
			executionCause,
		); err != nil {
			return err
		}
	}
	return nil
}
dealt with cardinality explosion (#2157) 2021-07-23 21:46:50 +05:30			`package policyresults`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30
			`import (`
added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-11 03:09:12 +05:30			`"fmt"`

chore: make kyverno api import aliases consistent (#3939) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-05-17 13:12:43 +02:00			`kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`"github.com/kyverno/kyverno/pkg/engine/response"`
			`"github.com/kyverno/kyverno/pkg/metrics"`
refactor: use existing ContainsString util (#3543) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-04-04 17:31:33 +02:00			`"github.com/kyverno/kyverno/pkg/utils"`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`)`

refactor: metrics package (#3549) * refactor: use BackgroundProcessingEnabled method Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: webhooks metrics reporting Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: metrics package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-04-06 20:14:13 +02:00			`func registerPolicyResultsMetric(`
feat: Opentelemetry support for metrics and traces (#3910) * integrating opentelemetry Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fix multiple imports Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fixed cli help statement Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added init file for metrics Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-07-11 23:19:47 +05:30			`m *metrics.MetricsConfig,`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`policyValidationMode metrics.PolicyValidationMode,`
			`policyType metrics.PolicyType,`
			`policyBackgroundMode metrics.PolicyBackgroundMode,`
			`policyNamespace, policyName string,`
removed: resource_name label which is exposed as a part of Kyverno's metrics (#2351) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-02 06:56:25 +05:30			`resourceKind, resourceNamespace string,`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`resourceRequestOperation metrics.ResourceRequestOperation,`
			`ruleName string,`
			`ruleResult metrics.RuleResult,`
			`ruleType metrics.RuleType,`
			`ruleExecutionCause metrics.RuleExecutionCause,`
			`) error {`
			`if policyType == metrics.Cluster {`
			`policyNamespace = "-"`
			`}`
feat: Opentelemetry support for metrics and traces (#3910) * integrating opentelemetry Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fix multiple imports Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fixed cli help statement Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added init file for metrics Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-07-11 23:19:47 +05:30			`includeNamespaces, excludeNamespaces := m.Config.GetIncludeNamespaces(), m.Config.GetExcludeNamespaces()`
refactor: use existing ContainsString util (#3543) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-04-04 17:31:33 +02:00			`if (resourceNamespace != "" && resourceNamespace != "-") && utils.ContainsString(excludeNamespaces, resourceNamespace) {`
Added appropriate logging levels to log.Info() calls wherever necessary (#4341) * Added appropriate logging levels to log.Info() calls wherever necessary Signed-off-by: anutosh491 <andersonbhat491@gmail.com> * Changed logging levels to 2 Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-08-18 18:54:59 +05:30			`m.Log.V(2).Info(fmt.Sprintf("Skipping the registration of kyverno_policy_results_total metric as the operation belongs to the namespace '%s' which is one of 'namespaces.exclude' %+v in values.yaml", resourceNamespace, excludeNamespaces))`
added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-11 03:09:12 +05:30			`return nil`
			`}`
refactor: use existing ContainsString util (#3543) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-04-04 17:31:33 +02:00			`if (resourceNamespace != "" && resourceNamespace != "-") && len(includeNamespaces) > 0 && !utils.ContainsString(includeNamespaces, resourceNamespace) {`
Added appropriate logging levels to log.Info() calls wherever necessary (#4341) * Added appropriate logging levels to log.Info() calls wherever necessary Signed-off-by: anutosh491 <andersonbhat491@gmail.com> * Changed logging levels to 2 Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-08-18 18:54:59 +05:30			`m.Log.V(2).Info(fmt.Sprintf("Skipping the registration of kyverno_policy_results_total metric as the operation belongs to the namespace '%s' which is not one of 'namespaces.include' %+v in values.yaml", resourceNamespace, includeNamespaces))`
added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-11 03:09:12 +05:30			`return nil`
			`}`
feat: Opentelemetry support for metrics and traces (#3910) * integrating opentelemetry Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fix multiple imports Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fixed cli help statement Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added init file for metrics Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-07-11 23:19:47 +05:30
			`m.RecordPolicyResults(policyValidationMode, policyType, policyBackgroundMode, policyNamespace, policyName, resourceKind, resourceNamespace, resourceRequestOperation, ruleName, ruleResult, ruleType, ruleExecutionCause)`

feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`return nil`
			`}`

feat: Opentelemetry support for metrics and traces (#3910) * integrating opentelemetry Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fix multiple imports Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fixed cli help statement Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added init file for metrics Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-07-11 23:19:47 +05:30			`//policy - policy related data`
			`//engineResponse - resource and rule related data`
			`func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, resourceRequestOperation metrics.ResourceRequestOperation) error {`
Revert "fix: metrics with invalid validationMode (#4198)" (#4241) This reverts commit 65c100566c92283669db03fd64d6b3be70601a67. 2022-07-20 23:22:03 +08:00			`name, namespace, policyType, backgroundMode, validationMode, err := metrics.GetPolicyInfos(policy)`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`if err != nil {`
			`return err`
			`}`
			`resourceSpec := engineResponse.PolicyResponse.Resource`
			`resourceKind := resourceSpec.Kind`
			`resourceNamespace := resourceSpec.Namespace`
			`ruleResponses := engineResponse.PolicyResponse.Rules`
			`for _, rule := range ruleResponses {`
			`ruleName := rule.Name`
refactor: metrics package (#3549) * refactor: use BackgroundProcessingEnabled method Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: webhooks metrics reporting Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: metrics package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-04-06 20:14:13 +02:00			`ruleType := metrics.ParseRuleTypeFromEngineRuleResponse(rule)`
Fix: RuleResult label to be correctly populated while registering respective metrics Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-10-30 02:56:04 +05:30			`var ruleResult metrics.RuleResult`
			`switch rule.Status {`
			`case response.RuleStatusPass:`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`ruleResult = metrics.Pass`
Fix: RuleResult label to be correctly populated while registering respective metrics Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-10-30 02:56:04 +05:30			`case response.RuleStatusFail:`
			`ruleResult = metrics.Fail`
			`case response.RuleStatusWarn:`
			`ruleResult = metrics.Warn`
			`case response.RuleStatusError:`
			`ruleResult = metrics.Error`
			`case response.RuleStatusSkip:`
			`ruleResult = metrics.Skip`
			`default:`
			`ruleResult = metrics.Fail`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`}`
refactor: metrics package (#3549) * refactor: use BackgroundProcessingEnabled method Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: webhooks metrics reporting Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: metrics package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-04-06 20:14:13 +02:00			`if err := registerPolicyResultsMetric(`
feat: Opentelemetry support for metrics and traces (#3910) * integrating opentelemetry Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fix multiple imports Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fixed cli help statement Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added init file for metrics Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-07-11 23:19:47 +05:30			`m,`
refactor: metrics package (#3549) * refactor: use BackgroundProcessingEnabled method Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: webhooks metrics reporting Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: metrics package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-04-06 20:14:13 +02:00			`validationMode,`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`policyType,`
refactor: metrics package (#3549) * refactor: use BackgroundProcessingEnabled method Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: webhooks metrics reporting Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: metrics package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-04-06 20:14:13 +02:00			`backgroundMode,`
			`namespace, name,`
removed: resource_name label which is exposed as a part of Kyverno's metrics (#2351) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-02 06:56:25 +05:30			`resourceKind, resourceNamespace,`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`resourceRequestOperation,`
			`ruleName,`
			`ruleResult,`
			`ruleType,`
			`executionCause,`
			`); err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`