kyverno/pkg/webhookconfig/status.go

package webhookconfig

import (
	"fmt"
	"strconv"

	"github.com/go-logr/logr"
	"github.com/kyverno/kyverno/pkg/config"
	dclient "github.com/kyverno/kyverno/pkg/dclient"
	"github.com/kyverno/kyverno/pkg/event"
)

var deployName string = config.KyvernoDeploymentName
var deployNamespace string = config.KyvernoNamespace

const annCounter string = "kyverno.io/generationCounter"
const annWebhookStatus string = "kyverno.io/webhookActive"

//statusControl controls the webhook status
type statusControl struct {
	client   *dclient.Client
	eventGen event.Interface
	log      logr.Logger
}

//success ...
func (vc statusControl) success() error {
	return vc.setStatus("true")
}

//failure ...
func (vc statusControl) failure() error {
	return vc.setStatus("false")
}

// NewStatusControl creates a new webhook status control
func newStatusControl(client *dclient.Client, eventGen event.Interface, log logr.Logger) *statusControl {
	return &statusControl{
		client:   client,
		eventGen: eventGen,
		log:      log,
	}
}

func (vc statusControl) setStatus(status string) error {
	logger := vc.log.WithValues("name", deployName, "namespace", deployNamespace)
	var ann map[string]string
	var err error
	deploy, err := vc.client.GetResource("", "Deployment", deployNamespace, deployName)
	if err != nil {
		logger.Error(err, "failed to get deployment")
		return err
	}

	ann = deploy.GetAnnotations()
	if ann == nil {
		ann = map[string]string{}
		ann[annWebhookStatus] = status
	}

	deployStatus, ok := ann[annWebhookStatus]
	if ok {
		if deployStatus == status {
			logger.V(4).Info(fmt.Sprintf("annotation %s already set to '%s'", annWebhookStatus, status))
			return nil
		}
	}

	// set the status
	logger.Info("updating deployment annotation", "key", annWebhookStatus, "val", status)
	ann[annWebhookStatus] = status
	deploy.SetAnnotations(ann)

	// update counter
	_, err = vc.client.UpdateResource("", "Deployment", deployNamespace, deploy, false)
	if err != nil {
		logger.Error(err, "failed to update deployment annotation", "key", annWebhookStatus, "val", status)
		return err
	}

	// create event on kyverno deployment
	createStatusUpdateEvent(status, vc.eventGen)
	return nil
}

func createStatusUpdateEvent(status string, eventGen event.Interface) {
	e := event.Info{}
	e.Kind = "Deployment"
	e.Namespace = deployNamespace
	e.Name = deployName
	e.Reason = "Update"
	e.Message = fmt.Sprintf("admission control webhook active status changed to %s", status)
	eventGen.Add(e)
}

//IncrementAnnotation ...
func (vc statusControl) IncrementAnnotation() error {
	logger := vc.log
	var ann map[string]string
	var err error
	deploy, err := vc.client.GetResource("", "Deployment", deployNamespace, deployName)
	if err != nil {
		logger.Error(err, "failed to find Kyverno", "deployment", deployName, "namespace", deployNamespace)
		return err
	}

	ann = deploy.GetAnnotations()
	if ann == nil {
		ann = map[string]string{}
	}

	if ann[annCounter] == "" {
		ann[annCounter] = "0"
	}

	counter, err := strconv.Atoi(ann[annCounter])
	if err != nil {
		logger.Error(err, "Failed to parse string", "name", annCounter, "value", ann[annCounter])
		return err
	}

	// increment counter
	counter++
	ann[annCounter] = strconv.Itoa(counter)

	logger.V(3).Info("updating webhook test annotation", "key", annCounter, "value", counter, "deployment", deployName, "namespace", deployNamespace)
	deploy.SetAnnotations(ann)

	// update counter
	_, err = vc.client.UpdateResource("", "Deployment", deployNamespace, deploy, false)
	if err != nil {
		logger.Error(err, fmt.Sprintf("failed to update annotation %s for deployment %s in namespace %s", annCounter, deployName, deployNamespace))
		return err
	}

	return nil
}
update webhook registration and monitor (#1318) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks 2020-11-26 16:07:06 -08:00			`package webhookconfig`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00
			`import (`
create event on webhook status update (#465) 2019-11-13 11:55:16 -08:00			`"fmt"`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`"strconv"`

logs & access 2020-03-17 11:05:20 -07:00			`"github.com/go-logr/logr"`
update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00			`"github.com/kyverno/kyverno/pkg/config"`
			`dclient "github.com/kyverno/kyverno/pkg/dclient"`
			`"github.com/kyverno/kyverno/pkg/event"`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`)`

update webhook registration and monitor (#1318) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks 2020-11-26 16:07:06 -08:00			`var deployName string = config.KyvernoDeploymentName`
			`var deployNamespace string = config.KyvernoNamespace`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00
			`const annCounter string = "kyverno.io/generationCounter"`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00			`const annWebhookStatus string = "kyverno.io/webhookActive"`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00
update webhook registration and monitor (#1318) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks 2020-11-26 16:07:06 -08:00			`//statusControl controls the webhook status`
			`type statusControl struct {`
create event on webhook status update (#465) 2019-11-13 11:55:16 -08:00			`client *dclient.Client`
			`eventGen event.Interface`
logs & access 2020-03-17 11:05:20 -07:00			`log logr.Logger`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`}`

update webhook registration and monitor (#1318) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks 2020-11-26 16:07:06 -08:00			`//success ...`
			`func (vc statusControl) success() error {`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`return vc.setStatus("true")`
			`}`

update webhook registration and monitor (#1318) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks 2020-11-26 16:07:06 -08:00			`//failure ...`
			`func (vc statusControl) failure() error {`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`return vc.setStatus("false")`
			`}`

update webhook registration and monitor (#1318) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks 2020-11-26 16:07:06 -08:00			`// NewStatusControl creates a new webhook status control`
			`func newStatusControl(client dclient.Client, eventGen event.Interface, log logr.Logger) statusControl {`
			`return &statusControl{`
create event on webhook status update (#465) 2019-11-13 11:55:16 -08:00			`client: client,`
			`eventGen: eventGen,`
logs & access 2020-03-17 11:05:20 -07:00			`log: log,`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`}`
			`}`

update webhook registration and monitor (#1318) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks 2020-11-26 16:07:06 -08:00			`func (vc statusControl) setStatus(status string) error {`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00			`logger := vc.log.WithValues("name", deployName, "namespace", deployNamespace)`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`var ann map[string]string`
			`var err error`
Feature/api version 852 (#1028) * apiVersion support for generate * added apiVersion to crds 2020-08-07 09:47:33 +05:30			`deploy, err := vc.client.GetResource("", "Deployment", deployNamespace, deployName)`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`if err != nil {`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00			`logger.Error(err, "failed to get deployment")`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`return err`
			`}`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`ann = deploy.GetAnnotations()`
			`if ann == nil {`
			`ann = map[string]string{}`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00			`ann[annWebhookStatus] = status`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`}`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00
			`deployStatus, ok := ann[annWebhookStatus]`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`if ok {`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00			`if deployStatus == status {`
			`logger.V(4).Info(fmt.Sprintf("annotation %s already set to '%s'", annWebhookStatus, status))`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`return nil`
			`}`
			`}`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`// set the status`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00			`logger.Info("updating deployment annotation", "key", annWebhookStatus, "val", status)`
			`ann[annWebhookStatus] = status`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`deploy.SetAnnotations(ann)`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`// update counter`
Feature/api version 852 (#1028) * apiVersion support for generate * added apiVersion to crds 2020-08-07 09:47:33 +05:30			`_, err = vc.client.UpdateResource("", "Deployment", deployNamespace, deploy, false)`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`if err != nil {`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00			`logger.Error(err, "failed to update deployment annotation", "key", annWebhookStatus, "val", status)`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`return err`
			`}`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00
create event on webhook status update (#465) 2019-11-13 11:55:16 -08:00			`// create event on kyverno deployment`
			`createStatusUpdateEvent(status, vc.eventGen)`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`return nil`
			`}`

create event on webhook status update (#465) 2019-11-13 11:55:16 -08:00			`func createStatusUpdateEvent(status string, eventGen event.Interface) {`
			`e := event.Info{}`
			`e.Kind = "Deployment"`
removing hardcoded namespace from the code (#955) * removing hardcoded namespace from the code * Added to helm chart * removing hard-coded namespace and deployment name from config, generate, checker * added namespace to configMap, service, serviceAccount * updated installation documentation passing `KYVERNO_NAMESPACE` while running in debug mode. * Update installation.md removing `kyverno` only namespace note 2020-07-02 03:20:49 +05:30			`e.Namespace = deployNamespace`
			`e.Name = deployName`
create event on webhook status update (#465) 2019-11-13 11:55:16 -08:00			`e.Reason = "Update"`
			`e.Message = fmt.Sprintf("admission control webhook active status changed to %s", status)`
			`eventGen.Add(e)`
			`}`

add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`//IncrementAnnotation ...`
update webhook registration and monitor (#1318) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks 2020-11-26 16:07:06 -08:00			`func (vc statusControl) IncrementAnnotation() error {`
logs & access 2020-03-17 11:05:20 -07:00			`logger := vc.log`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`var ann map[string]string`
			`var err error`
Feature/api version 852 (#1028) * apiVersion support for generate * added apiVersion to crds 2020-08-07 09:47:33 +05:30			`deploy, err := vc.client.GetResource("", "Deployment", deployNamespace, deployName)`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`if err != nil {`
removing hardcoded namespace from the code (#955) * removing hardcoded namespace from the code * Added to helm chart * removing hard-coded namespace and deployment name from config, generate, checker * added namespace to configMap, service, serviceAccount * updated installation documentation passing `KYVERNO_NAMESPACE` while running in debug mode. * Update installation.md removing `kyverno` only namespace note 2020-07-02 03:20:49 +05:30			`logger.Error(err, "failed to find Kyverno", "deployment", deployName, "namespace", deployNamespace)`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`return err`
			`}`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`ann = deploy.GetAnnotations()`
			`if ann == nil {`
			`ann = map[string]string{}`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00			`}`

			`if ann[annCounter] == "" {`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`ann[annCounter] = "0"`
			`}`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`counter, err := strconv.Atoi(ann[annCounter])`
			`if err != nil {`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00			`logger.Error(err, "Failed to parse string", "name", annCounter, "value", ann[annCounter])`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`return err`
			`}`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`// increment counter`
			`counter++`
			`ann[annCounter] = strconv.Itoa(counter)`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00
			`logger.V(3).Info("updating webhook test annotation", "key", annCounter, "value", counter, "deployment", deployName, "namespace", deployNamespace)`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`deploy.SetAnnotations(ann)`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`// update counter`
Feature/api version 852 (#1028) * apiVersion support for generate * added apiVersion to crds 2020-08-07 09:47:33 +05:30			`_, err = vc.client.UpdateResource("", "Deployment", deployNamespace, deploy, false)`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`if err != nil {`
logs & access 2020-03-17 11:05:20 -07:00			`logger.Error(err, fmt.Sprintf("failed to update annotation %s for deployment %s in namespace %s", annCounter, deployName, deployNamespace))`
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`return err`
			`}`
- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs 2020-05-17 14:37:05 -07:00
add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00			`return nil`
			`}`