kyverno/pkg/policyviolation/generator.go

package policyviolation

import (
	"errors"
	"reflect"
	"strconv"
	"strings"
	"sync"

	"github.com/go-logr/logr"
	kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
	kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
	kyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
	kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
	kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
	"github.com/kyverno/kyverno/pkg/constant"
	"github.com/kyverno/kyverno/pkg/policystatus"

	dclient "github.com/kyverno/kyverno/pkg/dclient"
	unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
	"k8s.io/apimachinery/pkg/util/wait"
	"k8s.io/client-go/tools/cache"
	"k8s.io/client-go/util/workqueue"
)

const workQueueName = "policy-violation-controller"
const workQueueRetryLimit = 3

//Generator creates PV
type Generator struct {
	dclient          *dclient.Client
	kyvernoInterface kyvernov1.KyvernoV1Interface
	// get/list cluster policy violation
	cpvLister kyvernolister.ClusterPolicyViolationLister
	// get/ist namespaced policy violation
	nspvLister kyvernolister.PolicyViolationLister
	// returns true if the cluster policy store has been synced at least once
	pvSynced cache.InformerSynced
	// returns true if the namespaced cluster policy store has been synced at at least once
	log                  logr.Logger
	nspvSynced           cache.InformerSynced
	queue                workqueue.RateLimitingInterface
	dataStore            *dataStore
	policyStatusListener policystatus.Listener
}

//NewDataStore returns an instance of data store
func newDataStore() *dataStore {
	ds := dataStore{
		data: make(map[string]Info),
	}
	return &ds
}

type dataStore struct {
	data map[string]Info
	mu   sync.RWMutex
}

func (ds *dataStore) add(keyHash string, info Info) {
	ds.mu.Lock()
	defer ds.mu.Unlock()
	// queue the key hash
	ds.data[keyHash] = info
}

func (ds *dataStore) lookup(keyHash string) Info {
	ds.mu.RLock()
	defer ds.mu.RUnlock()
	return ds.data[keyHash]
}

func (ds *dataStore) delete(keyHash string) {
	ds.mu.Lock()
	defer ds.mu.Unlock()
	delete(ds.data, keyHash)
}

//Info is a request to create PV
type Info struct {
	PolicyName string
	Resource   unstructured.Unstructured
	Rules      []kyverno.ViolatedRule
	FromSync   bool
}

func (i Info) toKey() string {
	keys := []string{
		i.PolicyName,
		i.Resource.GetKind(),
		i.Resource.GetNamespace(),
		i.Resource.GetName(),
		strconv.Itoa(len(i.Rules)),
	}
	return strings.Join(keys, "/")
}

// make the struct hashable

//GeneratorInterface provides API to create PVs
type GeneratorInterface interface {
	Add(infos ...Info)
}

// NewPVGenerator returns a new instance of policy violation generator
func NewPVGenerator(client *kyvernoclient.Clientset,
	dclient *dclient.Client,
	pvInformer kyvernoinformer.ClusterPolicyViolationInformer,
	nspvInformer kyvernoinformer.PolicyViolationInformer,
	policyStatus policystatus.Listener,
	log logr.Logger) *Generator {
	gen := Generator{
		kyvernoInterface:     client.KyvernoV1(),
		dclient:              dclient,
		cpvLister:            pvInformer.Lister(),
		pvSynced:             pvInformer.Informer().HasSynced,
		nspvLister:           nspvInformer.Lister(),
		nspvSynced:           nspvInformer.Informer().HasSynced,
		queue:                workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), workQueueName),
		dataStore:            newDataStore(),
		log:                  log,
		policyStatusListener: policyStatus,
	}
	return &gen
}

func (gen *Generator) enqueue(info Info) {
	// add to data map
	keyHash := info.toKey()
	// add to
	// queue the key hash
	gen.dataStore.add(keyHash, info)
	gen.queue.Add(keyHash)
}

//Add queues a policy violation create request
func (gen *Generator) Add(infos ...Info) {
	for _, info := range infos {
		gen.enqueue(info)
	}
}

// Run starts the workers
func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
	logger := gen.log
	defer utilruntime.HandleCrash()
	logger.Info("start")
	defer logger.Info("shutting down")

	if !cache.WaitForCacheSync(stopCh, gen.pvSynced, gen.nspvSynced) {
		logger.Info("failed to sync informer cache")
	}

	for i := 0; i < workers; i++ {
		go wait.Until(gen.runWorker, constant.PolicyViolationControllerResync, stopCh)
	}
	<-stopCh
}

func (gen *Generator) runWorker() {
	for gen.processNextWorkItem() {
	}
}

func (gen *Generator) handleErr(err error, key interface{}) {
	logger := gen.log
	if err == nil {
		gen.queue.Forget(key)
		return
	}

	// retires requests if there is error
	if gen.queue.NumRequeues(key) < workQueueRetryLimit {
		logger.Error(err, "failed to sync policy violation", "key", key)
		// Re-enqueue the key rate limited. Based on the rate limiter on the
		// queue and the re-enqueue history, the key will be processed later again.
		gen.queue.AddRateLimited(key)
		return
	}
	gen.queue.Forget(key)
	// remove from data store
	if keyHash, ok := key.(string); ok {
		gen.dataStore.delete(keyHash)
	}
	logger.Error(err, "dropping key out of the queue", "key", key)
}

func (gen *Generator) processNextWorkItem() bool {
	logger := gen.log
	obj, shutdown := gen.queue.Get()
	if shutdown {
		return false
	}

	err := func(obj interface{}) error {
		defer gen.queue.Done(obj)
		var keyHash string
		var ok bool

		if keyHash, ok = obj.(string); !ok {
			gen.queue.Forget(obj)
			logger.Info("incorrect type; expecting type 'string'", "obj", obj)
			return nil
		}

		// lookup data store
		info := gen.dataStore.lookup(keyHash)
		if reflect.DeepEqual(info, Info{}) {
			// empty key
			gen.queue.Forget(obj)
			logger.Info("empty key")
			return nil
		}

		err := gen.syncHandler(info)
		gen.handleErr(err, obj)
		return nil
	}(obj)

	if err != nil {
		logger.Error(err, "failed to process item")
		return true
	}

	return true
}

func (gen *Generator) syncHandler(info Info) error {
	logger := gen.log
	var handler pvGenerator
	builder := newPvBuilder()
	if info.Resource.GetNamespace() == "" {
		// cluster scope resource generate a clusterpolicy violation
		handler = newClusterPV(gen.log.WithName("ClusterPV"), gen.dclient, gen.cpvLister, gen.kyvernoInterface, gen.policyStatusListener)
	} else {
		// namespaced resources generated a namespaced policy violation in the namespace of the resource
		handler = newNamespacedPV(gen.log.WithName("NamespacedPV"), gen.dclient, gen.nspvLister, gen.kyvernoInterface, gen.policyStatusListener)
	}

	failure := false
	pv := builder.generate(info)

	if info.FromSync {
		pv.Annotations = map[string]string{
			"fromSync": "true",
		}
	}

	// Create Policy Violations
	logger.V(4).Info("creating policy violation", "key", info.toKey())
	if err := handler.create(pv); err != nil {
		failure = true
		logger.Error(err, "failed to create policy violation")
	}

	if failure {
		// even if there is a single failure we requeue the request
		return errors.New("Failed to process some policy violations, re-queuing")
	}
	return nil
}

// Provides an interface to generate policy violations
// implementations for namespaced and cluster PV
type pvGenerator interface {
	create(policyViolation kyverno.PolicyViolationTemplate) error
}
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`package policyviolation`

			`import (`
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`"errors"`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`"reflect"`
use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`"strconv"`
			`"strings"`
			`"sync"`
introduce policy violation generator 2019-11-12 14:41:29 -08:00
logs & access 2020-03-17 11:05:20 -07:00			`"github.com/go-logr/logr"`
update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00			`kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"`
			`kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"`
			`kyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"`
			`kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"`
			`kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"`
			`"github.com/kyverno/kyverno/pkg/constant"`
			`"github.com/kyverno/kyverno/pkg/policystatus"`
wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00
update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00			`dclient "github.com/kyverno/kyverno/pkg/dclient"`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"`
			`utilruntime "k8s.io/apimachinery/pkg/util/runtime"`
			`"k8s.io/apimachinery/pkg/util/wait"`
wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00			`"k8s.io/client-go/tools/cache"`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`"k8s.io/client-go/util/workqueue"`
			`)`

			`const workQueueName = "policy-violation-controller"`
			`const workQueueRetryLimit = 3`

			`//Generator creates PV`
			`type Generator struct {`
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`dclient *dclient.Client`
			`kyvernoInterface kyvernov1.KyvernoV1Interface`
wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00			`// get/list cluster policy violation`
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`cpvLister kyvernolister.ClusterPolicyViolationLister`
wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00			`// get/ist namespaced policy violation`
rename namespacedpolicyviolation: update code 2019-12-11 16:09:05 -08:00			`nspvLister kyvernolister.PolicyViolationLister`
wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00			`// returns true if the cluster policy store has been synced at least once`
			`pvSynced cache.InformerSynced`
			`// returns true if the namespaced cluster policy store has been synced at at least once`
Merge branch 'master' into access_check 2020-03-17 17:23:18 -07:00			`log logr.Logger`
527 renamed package and send listner instead of entire sync object 2020-03-07 12:53:37 +05:30			`nspvSynced cache.InformerSynced`
			`queue workqueue.RateLimitingInterface`
			`dataStore *dataStore`
			`policyStatusListener policystatus.Listener`
use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`}`

wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00			`//NewDataStore returns an instance of data store`
			`func newDataStore() *dataStore {`
use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`ds := dataStore{`
			`data: make(map[string]Info),`
			`}`
			`return &ds`
			`}`

			`type dataStore struct {`
			`data map[string]Info`
			`mu sync.RWMutex`
			`}`

			`func (ds *dataStore) add(keyHash string, info Info) {`
			`ds.mu.Lock()`
			`defer ds.mu.Unlock()`
			`// queue the key hash`
			`ds.data[keyHash] = info`
			`}`

			`func (ds *dataStore) lookup(keyHash string) Info {`
			`ds.mu.RLock()`
			`defer ds.mu.RUnlock()`
			`return ds.data[keyHash]`
			`}`

			`func (ds *dataStore) delete(keyHash string) {`
			`ds.mu.Lock()`
			`defer ds.mu.Unlock()`
			`delete(ds.data, keyHash)`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`}`

			`//Info is a request to create PV`
			`type Info struct {`
			`PolicyName string`
			`Resource unstructured.Unstructured`
			`Rules []kyverno.ViolatedRule`
527 skippings stats for sync pv 2020-02-26 00:26:09 +05:30			`FromSync bool`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`}`

use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`func (i Info) toKey() string {`
			`keys := []string{`
			`i.PolicyName,`
			`i.Resource.GetKind(),`
			`i.Resource.GetNamespace(),`
			`i.Resource.GetName(),`
			`strconv.Itoa(len(i.Rules)),`
			`}`
			`return strings.Join(keys, "/")`
			`}`

introduce policy violation generator 2019-11-12 14:41:29 -08:00			`// make the struct hashable`

			`//GeneratorInterface provides API to create PVs`
			`type GeneratorInterface interface {`
			`Add(infos ...Info)`
			`}`

			`// NewPVGenerator returns a new instance of policy violation generator`
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`func NewPVGenerator(client *kyvernoclient.Clientset,`
remove duplicate import pkg 2020-01-07 11:33:18 -08:00			`dclient *dclient.Client,`
wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00			`pvInformer kyvernoinformer.ClusterPolicyViolationInformer,`
logs & access 2020-03-17 11:05:20 -07:00			`nspvInformer kyvernoinformer.PolicyViolationInformer,`
Merge branch 'master' into access_check 2020-03-17 17:23:18 -07:00			`policyStatus policystatus.Listener,`
logs & access 2020-03-17 11:05:20 -07:00			`log logr.Logger) *Generator {`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`gen := Generator{`
527 renamed package and send listner instead of entire sync object 2020-03-07 12:53:37 +05:30			`kyvernoInterface: client.KyvernoV1(),`
			`dclient: dclient,`
			`cpvLister: pvInformer.Lister(),`
			`pvSynced: pvInformer.Informer().HasSynced,`
			`nspvLister: nspvInformer.Lister(),`
			`nspvSynced: nspvInformer.Informer().HasSynced,`
			`queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), workQueueName),`
			`dataStore: newDataStore(),`
Merge branch 'master' into access_check 2020-03-17 17:23:18 -07:00			`log: log,`
527 renamed package and send listner instead of entire sync object 2020-03-07 12:53:37 +05:30			`policyStatusListener: policyStatus,`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`}`
			`return &gen`
			`}`

			`func (gen *Generator) enqueue(info Info) {`
use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`// add to data map`
			`keyHash := info.toKey()`
			`// add to`
			`// queue the key hash`
			`gen.dataStore.add(keyHash, info)`
			`gen.queue.Add(keyHash)`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`}`

			`//Add queues a policy violation create request`
			`func (gen *Generator) Add(infos ...Info) {`
			`for _, info := range infos {`
			`gen.enqueue(info)`
			`}`
			`}`

			`// Run starts the workers`
			`func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {`
logs & access 2020-03-17 11:05:20 -07:00			`logger := gen.log`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`defer utilruntime.HandleCrash()`
logs & access 2020-03-17 11:05:20 -07:00			`logger.Info("start")`
			`defer logger.Info("shutting down")`
introduce policy violation generator 2019-11-12 14:41:29 -08:00
wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00			`if !cache.WaitForCacheSync(stopCh, gen.pvSynced, gen.nspvSynced) {`
logs & access 2020-03-17 11:05:20 -07:00			`logger.Info("failed to sync informer cache")`
wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00			`}`

introduce policy violation generator 2019-11-12 14:41:29 -08:00			`for i := 0; i < workers; i++ {`
extract controller resync period to a constant file 2020-05-16 22:15:09 -07:00			`go wait.Until(gen.runWorker, constant.PolicyViolationControllerResync, stopCh)`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`}`
			`<-stopCh`
			`}`

			`func (gen *Generator) runWorker() {`
965 add validate audit handler (#967) * store policy names cache to reduce lookup time * add validate audit handler * fix #958, remove auto-gen annotation on Pod * formatting code * update processTime to readable format * #586, add back unit test * update logging info * remove unused interface * handle generate policy in a single thread in weboook * resolve pr comments 2020-07-09 11:48:34 -07:00			`for gen.processNextWorkItem() {`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`}`
			`}`

			`func (gen *Generator) handleErr(err error, key interface{}) {`
logs & access 2020-03-17 11:05:20 -07:00			`logger := gen.log`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`if err == nil {`
			`gen.queue.Forget(key)`
use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`return`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`}`

			`// retires requests if there is error`
			`if gen.queue.NumRequeues(key) < workQueueRetryLimit {`
logs & access 2020-03-17 11:05:20 -07:00			`logger.Error(err, "failed to sync policy violation", "key", key)`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`// Re-enqueue the key rate limited. Based on the rate limiter on the`
			`// queue and the re-enqueue history, the key will be processed later again.`
			`gen.queue.AddRateLimited(key)`
			`return`
			`}`
			`gen.queue.Forget(key)`
use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`// remove from data store`
			`if keyHash, ok := key.(string); ok {`
			`gen.dataStore.delete(keyHash)`
			`}`
logs & access 2020-03-17 11:05:20 -07:00			`logger.Error(err, "dropping key out of the queue", "key", key)`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`}`

965 add validate audit handler (#967) * store policy names cache to reduce lookup time * add validate audit handler * fix #958, remove auto-gen annotation on Pod * formatting code * update processTime to readable format * #586, add back unit test * update logging info * remove unused interface * handle generate policy in a single thread in weboook * resolve pr comments 2020-07-09 11:48:34 -07:00			`func (gen *Generator) processNextWorkItem() bool {`
logs & access 2020-03-17 11:05:20 -07:00			`logger := gen.log`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`obj, shutdown := gen.queue.Get()`
			`if shutdown {`
			`return false`
			`}`

			`err := func(obj interface{}) error {`
			`defer gen.queue.Done(obj)`
use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`var keyHash string`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`var ok bool`
965 add validate audit handler (#967) * store policy names cache to reduce lookup time * add validate audit handler * fix #958, remove auto-gen annotation on Pod * formatting code * update processTime to readable format * #586, add back unit test * update logging info * remove unused interface * handle generate policy in a single thread in weboook * resolve pr comments 2020-07-09 11:48:34 -07:00
use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`if keyHash, ok = obj.(string); !ok {`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`gen.queue.Forget(obj)`
logs & access 2020-03-17 11:05:20 -07:00			`logger.Info("incorrect type; expecting type 'string'", "obj", obj)`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`return nil`
			`}`
965 add validate audit handler (#967) * store policy names cache to reduce lookup time * add validate audit handler * fix #958, remove auto-gen annotation on Pod * formatting code * update processTime to readable format * #586, add back unit test * update logging info * remove unused interface * handle generate policy in a single thread in weboook * resolve pr comments 2020-07-09 11:48:34 -07:00
use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`// lookup data store`
			`info := gen.dataStore.lookup(keyHash)`
			`if reflect.DeepEqual(info, Info{}) {`
			`// empty key`
			`gen.queue.Forget(obj)`
logs & access 2020-03-17 11:05:20 -07:00			`logger.Info("empty key")`
use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`return nil`
			`}`
965 add validate audit handler (#967) * store policy names cache to reduce lookup time * add validate audit handler * fix #958, remove auto-gen annotation on Pod * formatting code * update processTime to readable format * #586, add back unit test * update logging info * remove unused interface * handle generate policy in a single thread in weboook * resolve pr comments 2020-07-09 11:48:34 -07:00
use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00			`err := gen.syncHandler(info)`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`gen.handleErr(err, obj)`
			`return nil`
			`}(obj)`
965 add validate audit handler (#967) * store policy names cache to reduce lookup time * add validate audit handler * fix #958, remove auto-gen annotation on Pod * formatting code * update processTime to readable format * #586, add back unit test * update logging info * remove unused interface * handle generate policy in a single thread in weboook * resolve pr comments 2020-07-09 11:48:34 -07:00
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`if err != nil {`
logs & access 2020-03-17 11:05:20 -07:00			`logger.Error(err, "failed to process item")`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`return true`
			`}`
965 add validate audit handler (#967) * store policy names cache to reduce lookup time * add validate audit handler * fix #958, remove auto-gen annotation on Pod * formatting code * update processTime to readable format * #586, add back unit test * update logging info * remove unused interface * handle generate policy in a single thread in weboook * resolve pr comments 2020-07-09 11:48:34 -07:00
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`return true`
			`}`

			`func (gen *Generator) syncHandler(info Info) error {`
logs & access 2020-03-17 11:05:20 -07:00			`logger := gen.log`
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`var handler pvGenerator`
linter fixes (#656) * cleanup phase 1 * linter fixes phase 2 * linter fixes * linter fixes 2020-01-24 16:27:51 -08:00			`builder := newPvBuilder()`
remove namespace from resource spec 2019-11-15 12:03:58 -08:00			`if info.Resource.GetNamespace() == "" {`
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`// cluster scope resource generate a clusterpolicy violation`
Merge branch 'master' into access_check 2020-03-17 17:23:18 -07:00			`handler = newClusterPV(gen.log.WithName("ClusterPV"), gen.dclient, gen.cpvLister, gen.kyvernoInterface, gen.policyStatusListener)`
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`} else {`
			`// namespaced resources generated a namespaced policy violation in the namespace of the resource`
Merge branch 'master' into access_check 2020-03-17 17:23:18 -07:00			`handler = newNamespacedPV(gen.log.WithName("NamespacedPV"), gen.dclient, gen.nspvLister, gen.kyvernoInterface, gen.policyStatusListener)`
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`}`

			`failure := false`
- remove policy violation created on owner and related logic; - use generic call to create violation info 2020-01-06 17:07:11 -08:00			`pv := builder.generate(info)`

527 skippings stats for sync pv 2020-02-26 00:26:09 +05:30			`if info.FromSync {`
527 fixed violation count and generated count 2020-02-26 07:03:43 +05:30			`pv.Annotations = map[string]string{`
			`"fromSync": "true",`
			`}`
527 skippings stats for sync pv 2020-02-26 00:26:09 +05:30			`}`

- remove policy violation created on owner and related logic; - use generic call to create violation info 2020-01-06 17:07:11 -08:00			`// Create Policy Violations`
logs & access 2020-03-17 11:05:20 -07:00			`logger.V(4).Info("creating policy violation", "key", info.toKey())`
- remove policy violation created on owner and related logic; - use generic call to create violation info 2020-01-06 17:07:11 -08:00			`if err := handler.create(pv); err != nil {`
			`failure = true`
logs & access 2020-03-17 11:05:20 -07:00			`logger.Error(err, "failed to create policy violation")`
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`}`
- remove policy violation created on owner and related logic; - use generic call to create violation info 2020-01-06 17:07:11 -08:00
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`if failure {`
			`// even if there is a single failure we requeue the request`
			`return errors.New("Failed to process some policy violations, re-queuing")`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`}`
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`return nil`
			`}`
introduce policy violation generator 2019-11-12 14:41:29 -08:00
refactor policy violation resource 2019-11-26 18:07:15 -08:00			`// Provides an interface to generate policy violations`
			`// implementations for namespaced and cluster PV`
			`type pvGenerator interface {`
add missing files 2019-12-12 16:35:37 -08:00			`create(policyViolation kyverno.PolicyViolationTemplate) error`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`}`