kyverno/pkg/metrics/policyresults/policyResults.go

package policyresults

import (
	"fmt"

	kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
	"github.com/kyverno/kyverno/pkg/engine/response"
	"github.com/kyverno/kyverno/pkg/metrics"
	prom "github.com/prometheus/client_golang/prometheus"
)

func (pc PromConfig) registerPolicyResultsMetric(
	policyValidationMode metrics.PolicyValidationMode,
	policyType metrics.PolicyType,
	policyBackgroundMode metrics.PolicyBackgroundMode,
	policyNamespace, policyName string,
	resourceKind, resourceNamespace string,
	resourceRequestOperation metrics.ResourceRequestOperation,
	ruleName string,
	ruleResult metrics.RuleResult,
	ruleType metrics.RuleType,
	ruleExecutionCause metrics.RuleExecutionCause,
) error {
	if policyType == metrics.Cluster {
		policyNamespace = "-"
	}
	includeNamespaces, excludeNamespaces := pc.Config.GetIncludeNamespaces(), pc.Config.GetExcludeNamespaces()
	if (resourceNamespace != "" && resourceNamespace != "-") && metrics.ElementInSlice(resourceNamespace, excludeNamespaces) {
		pc.Log.Info(fmt.Sprintf("Skipping the registration of kyverno_policy_results_total metric as the operation belongs to the namespace '%s' which is one of 'namespaces.exclude' %+v in values.yaml", resourceNamespace, excludeNamespaces))
		return nil
	}
	if (resourceNamespace != "" && resourceNamespace != "-") && len(includeNamespaces) > 0 && !metrics.ElementInSlice(resourceNamespace, includeNamespaces) {
		pc.Log.Info(fmt.Sprintf("Skipping the registration of kyverno_policy_results_total metric as the operation belongs to the namespace '%s' which is not one of 'namespaces.include' %+v in values.yaml", resourceNamespace, includeNamespaces))
		return nil
	}
	pc.Metrics.PolicyResults.With(prom.Labels{
		"policy_validation_mode":     string(policyValidationMode),
		"policy_type":                string(policyType),
		"policy_background_mode":     string(policyBackgroundMode),
		"policy_namespace":           policyNamespace,
		"policy_name":                policyName,
		"resource_kind":              resourceKind,
		"resource_namespace":         resourceNamespace,
		"resource_request_operation": string(resourceRequestOperation),
		"rule_name":                  ruleName,
		"rule_result":                string(ruleResult),
		"rule_type":                  string(ruleType),
		"rule_execution_cause":       string(ruleExecutionCause),
	}).Inc()
	return nil
}

//policy - policy related data
//engineResponse - resource and rule related data
func (pc PromConfig) ProcessEngineResponse(policy kyverno.ClusterPolicy, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, resourceRequestOperation metrics.ResourceRequestOperation) error {
	policyValidationMode, err := metrics.ParsePolicyValidationMode(policy.Spec.ValidationFailureAction)
	if err != nil {
		return err
	}
	policyType := metrics.Namespaced
	policyBackgroundMode := metrics.ParsePolicyBackgroundMode(policy.Spec.Background)
	policyNamespace := policy.ObjectMeta.Namespace
	if policyNamespace == "" {
		policyNamespace = "-"
		policyType = metrics.Cluster
	}
	policyName := policy.ObjectMeta.Name

	resourceSpec := engineResponse.PolicyResponse.Resource

	resourceKind := resourceSpec.Kind
	resourceNamespace := resourceSpec.Namespace

	ruleResponses := engineResponse.PolicyResponse.Rules

	for _, rule := range ruleResponses {
		ruleName := rule.Name
		ruleType := ParseRuleTypeFromEngineRuleResponse(rule)
		ruleResult := metrics.Fail
		if rule.Success {
			ruleResult = metrics.Pass
		}

		if err := pc.registerPolicyResultsMetric(
			policyValidationMode,
			policyType,
			policyBackgroundMode,
			policyNamespace, policyName,
			resourceKind, resourceNamespace,
			resourceRequestOperation,
			ruleName,
			ruleResult,
			ruleType,
			executionCause,
		); err != nil {
			return err
		}
	}
	return nil
}
dealt with cardinality explosion (#2157) 2021-07-23 21:46:50 +05:30			`package policyresults`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30
			`import (`
added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-11 03:09:12 +05:30			`"fmt"`

feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"`
			`"github.com/kyverno/kyverno/pkg/engine/response"`
			`"github.com/kyverno/kyverno/pkg/metrics"`
			`prom "github.com/prometheus/client_golang/prometheus"`
			`)`

added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-11 03:09:12 +05:30			`func (pc PromConfig) registerPolicyResultsMetric(`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`policyValidationMode metrics.PolicyValidationMode,`
			`policyType metrics.PolicyType,`
			`policyBackgroundMode metrics.PolicyBackgroundMode,`
			`policyNamespace, policyName string,`
removed: resource_name label which is exposed as a part of Kyverno's metrics (#2351) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-02 06:56:25 +05:30			`resourceKind, resourceNamespace string,`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`resourceRequestOperation metrics.ResourceRequestOperation,`
			`ruleName string,`
			`ruleResult metrics.RuleResult,`
			`ruleType metrics.RuleType,`
			`ruleExecutionCause metrics.RuleExecutionCause,`
			`) error {`
			`if policyType == metrics.Cluster {`
			`policyNamespace = "-"`
			`}`
added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-11 03:09:12 +05:30			`includeNamespaces, excludeNamespaces := pc.Config.GetIncludeNamespaces(), pc.Config.GetExcludeNamespaces()`
			`if (resourceNamespace != "" && resourceNamespace != "-") && metrics.ElementInSlice(resourceNamespace, excludeNamespaces) {`
			`pc.Log.Info(fmt.Sprintf("Skipping the registration of kyverno_policy_results_total metric as the operation belongs to the namespace '%s' which is one of 'namespaces.exclude' %+v in values.yaml", resourceNamespace, excludeNamespaces))`
			`return nil`
			`}`
			`if (resourceNamespace != "" && resourceNamespace != "-") && len(includeNamespaces) > 0 && !metrics.ElementInSlice(resourceNamespace, includeNamespaces) {`
			`pc.Log.Info(fmt.Sprintf("Skipping the registration of kyverno_policy_results_total metric as the operation belongs to the namespace '%s' which is not one of 'namespaces.include' %+v in values.yaml", resourceNamespace, includeNamespaces))`
			`return nil`
			`}`
			`pc.Metrics.PolicyResults.With(prom.Labels{`
dealt with cardinality explosion (#2157) 2021-07-23 21:46:50 +05:30			`"policy_validation_mode": string(policyValidationMode),`
			`"policy_type": string(policyType),`
			`"policy_background_mode": string(policyBackgroundMode),`
			`"policy_namespace": policyNamespace,`
			`"policy_name": policyName,`
			`"resource_kind": resourceKind,`
			`"resource_namespace": resourceNamespace,`
			`"resource_request_operation": string(resourceRequestOperation),`
			`"rule_name": ruleName,`
			`"rule_result": string(ruleResult),`
			`"rule_type": string(ruleType),`
			`"rule_execution_cause": string(ruleExecutionCause),`
			`}).Inc()`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`return nil`
			`}`

			`//policy - policy related data`
			`//engineResponse - resource and rule related data`
added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-11 03:09:12 +05:30			`func (pc PromConfig) ProcessEngineResponse(policy kyverno.ClusterPolicy, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, resourceRequestOperation metrics.ResourceRequestOperation) error {`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`policyValidationMode, err := metrics.ParsePolicyValidationMode(policy.Spec.ValidationFailureAction)`
			`if err != nil {`
			`return err`
			`}`
			`policyType := metrics.Namespaced`
fix prometheus panics Signed-off-by: Shuting Zhao <shutting06@gmail.com> 2021-06-14 13:42:57 -07:00			`policyBackgroundMode := metrics.ParsePolicyBackgroundMode(policy.Spec.Background)`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`policyNamespace := policy.ObjectMeta.Namespace`
			`if policyNamespace == "" {`
			`policyNamespace = "-"`
			`policyType = metrics.Cluster`
			`}`
			`policyName := policy.ObjectMeta.Name`

			`resourceSpec := engineResponse.PolicyResponse.Resource`

			`resourceKind := resourceSpec.Kind`
			`resourceNamespace := resourceSpec.Namespace`

			`ruleResponses := engineResponse.PolicyResponse.Rules`

			`for _, rule := range ruleResponses {`
			`ruleName := rule.Name`
			`ruleType := ParseRuleTypeFromEngineRuleResponse(rule)`
			`ruleResult := metrics.Fail`
			`if rule.Success {`
			`ruleResult = metrics.Pass`
			`}`

added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-11 03:09:12 +05:30			`if err := pc.registerPolicyResultsMetric(`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`policyValidationMode,`
			`policyType,`
			`policyBackgroundMode,`
			`policyNamespace, policyName,`
removed: resource_name label which is exposed as a part of Kyverno's metrics (#2351) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-09-02 06:56:25 +05:30			`resourceKind, resourceNamespace,`
feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 2021-05-15 19:15:04 +05:30			`resourceRequestOperation,`
			`ruleName,`
			`ruleResult,`
			`ruleType,`
			`executionCause,`
			`); err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`