2019-08-14 14:56:53 -07:00
package namespace
import (
"fmt"
"github.com/golang/glog"
2019-12-30 17:08:50 -08:00
"github.com/nirmata/kyverno/pkg/engine/response"
2019-08-14 14:56:53 -07:00
"github.com/nirmata/kyverno/pkg/event"
2019-11-12 13:32:30 -08:00
"github.com/nirmata/kyverno/pkg/policyviolation"
2019-08-14 14:56:53 -07:00
)
2019-12-30 17:08:50 -08:00
func ( nsc * NamespaceController ) report ( engineResponses [ ] response . EngineResponse ) {
2019-08-14 14:56:53 -07:00
// generate events
2019-11-12 14:41:29 -08:00
eventInfos := generateEvents ( engineResponses )
nsc . eventGen . Add ( eventInfos ... )
2019-08-14 14:56:53 -07:00
// generate policy violations
2020-01-06 17:07:11 -08:00
pvInfos := policyviolation . GeneratePVsFromEngineResponse ( engineResponses )
2019-11-12 14:41:29 -08:00
nsc . pvGenerator . Add ( pvInfos ... )
}
2019-12-30 17:08:50 -08:00
func generateEvents ( ers [ ] response . EngineResponse ) [ ] event . Info {
2019-11-12 14:41:29 -08:00
var eventInfos [ ] event . Info
for _ , er := range ers {
if er . IsSuccesful ( ) {
continue
}
eventInfos = append ( eventInfos , generateEventsPerEr ( er ) ... )
}
return eventInfos
}
2019-12-30 17:08:50 -08:00
func generateEventsPerEr ( er response . EngineResponse ) [ ] event . Info {
2019-11-12 14:41:29 -08:00
var eventInfos [ ] event . Info
glog . V ( 4 ) . Infof ( "reporting results for policy '%s' application on resource '%s/%s/%s'" , er . PolicyResponse . Policy , er . PolicyResponse . Resource . Kind , er . PolicyResponse . Resource . Namespace , er . PolicyResponse . Resource . Name )
for _ , rule := range er . PolicyResponse . Rules {
if rule . Success {
continue
2019-08-14 14:56:53 -07:00
}
// generate event on resource for each failed rule
2019-11-12 14:41:29 -08:00
glog . V ( 4 ) . Infof ( "generation event on resource '%s/%s' for policy '%s'" , er . PolicyResponse . Resource . Kind , er . PolicyResponse . Resource . Name , er . PolicyResponse . Policy )
2019-08-26 13:34:42 -07:00
e := event . Info { }
2019-11-12 14:41:29 -08:00
e . Kind = er . PolicyResponse . Resource . Kind
2019-09-12 15:04:35 -07:00
e . Namespace = "" // event generate on namespace resource
2019-11-12 14:41:29 -08:00
e . Name = er . PolicyResponse . Resource . Name
2019-08-14 14:56:53 -07:00
e . Reason = "Failure"
2019-12-26 11:50:41 -08:00
e . Source = event . GeneratePolicyController
2019-11-18 17:13:48 -08:00
e . Message = fmt . Sprintf ( "policy '%s' (%s) rule '%s' not satisfied. %v" , er . PolicyResponse . Policy , rule . Type , rule . Name , rule . Message )
2019-11-12 14:41:29 -08:00
eventInfos = append ( eventInfos , e )
}
if er . IsSuccesful ( ) {
return eventInfos
2019-08-14 14:56:53 -07:00
}
// generate a event on policy for all failed rules
2019-11-12 14:41:29 -08:00
glog . V ( 4 ) . Infof ( "generation event on policy '%s'" , er . PolicyResponse . Policy )
2019-08-26 13:34:42 -07:00
e := event . Info { }
2019-09-12 15:04:35 -07:00
e . Kind = "ClusterPolicy"
2019-08-14 14:56:53 -07:00
e . Namespace = ""
2019-11-12 14:41:29 -08:00
e . Name = er . PolicyResponse . Policy
2019-08-14 14:56:53 -07:00
e . Reason = "Failure"
2019-12-26 11:50:41 -08:00
e . Source = event . GeneratePolicyController
2019-11-18 17:13:48 -08:00
e . Message = fmt . Sprintf ( "policy '%s' rules '%v' on resource '%s/%s/%s' not stasified" , er . PolicyResponse . Policy , er . GetFailedRules ( ) , er . PolicyResponse . Resource . Kind , er . PolicyResponse . Resource . Namespace , er . PolicyResponse . Resource . Name )
2019-11-12 14:41:29 -08:00
return eventInfos
2019-08-14 14:56:53 -07:00
}
