2022-05-01 22:14:32 -07:00
package event
import (
"fmt"
"strings"
2022-05-17 13:12:43 +02:00
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
2023-01-30 12:41:09 +01:00
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
2022-05-01 22:14:32 -07:00
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
2023-04-06 00:55:42 +02:00
func NewPolicyFailEvent ( source Source , reason Reason , engineResponse engineapi . EngineResponse , ruleResp engineapi . RuleResponse , blocked bool ) Info {
2022-06-22 09:37:46 -07:00
return Info {
2023-05-03 07:05:01 +02:00
Kind : getPolicyKind ( engineResponse . Policy ( ) ) ,
Name : engineResponse . Policy ( ) . GetName ( ) ,
Namespace : engineResponse . Policy ( ) . GetNamespace ( ) ,
2023-01-26 22:19:02 +01:00
Reason : reason ,
2022-05-01 22:14:32 -07:00
Source : source ,
2023-01-26 22:19:02 +01:00
Message : buildPolicyEventMessage ( ruleResp , engineResponse . GetResourceSpec ( ) , blocked ) ,
2022-05-01 22:14:32 -07:00
}
}
2023-04-06 00:55:42 +02:00
func buildPolicyEventMessage ( resp engineapi . RuleResponse , resource engineapi . ResourceSpec , blocked bool ) string {
2022-05-01 22:14:32 -07:00
var b strings . Builder
if resource . Namespace != "" {
fmt . Fprintf ( & b , "%s %s/%s" , resource . Kind , resource . Namespace , resource . Name )
} else {
fmt . Fprintf ( & b , "%s %s" , resource . Kind , resource . Name )
}
2023-04-05 12:35:38 +02:00
fmt . Fprintf ( & b , ": [%s] %s" , resp . Name ( ) , resp . Status ( ) )
2022-05-01 22:14:32 -07:00
if blocked {
fmt . Fprintf ( & b , " (blocked)" )
}
2023-04-05 12:35:38 +02:00
if resp . Message ( ) != "" {
fmt . Fprintf ( & b , "; %s" , resp . Message ( ) )
2022-05-01 22:14:32 -07:00
}
return b . String ( )
}
2022-05-17 13:12:43 +02:00
func getPolicyKind ( policy kyvernov1 . PolicyInterface ) string {
2022-05-01 22:14:32 -07:00
if policy . IsNamespaced ( ) {
return "Policy"
}
return "ClusterPolicy"
}
2023-03-23 13:58:52 +01:00
func NewPolicyAppliedEvent ( source Source , engineResponse engineapi . EngineResponse ) Info {
2023-02-10 15:04:41 +01:00
resource := engineResponse . Resource
2022-06-22 09:37:46 -07:00
var bldr strings . Builder
defer bldr . Reset ( )
2022-05-01 22:14:32 -07:00
2023-02-10 15:04:41 +01:00
if resource . GetNamespace ( ) != "" {
fmt . Fprintf ( & bldr , "%s %s/%s: pass" , resource . GetKind ( ) , resource . GetNamespace ( ) , resource . GetName ( ) )
2022-05-01 22:14:32 -07:00
} else {
2023-02-10 15:04:41 +01:00
fmt . Fprintf ( & bldr , "%s %s: pass" , resource . GetKind ( ) , resource . GetName ( ) )
2022-05-01 22:14:32 -07:00
}
2022-06-22 09:37:46 -07:00
return Info {
2023-05-03 07:05:01 +02:00
Kind : getPolicyKind ( engineResponse . Policy ( ) ) ,
Name : engineResponse . Policy ( ) . GetName ( ) ,
Namespace : engineResponse . Policy ( ) . GetNamespace ( ) ,
2023-01-26 22:19:02 +01:00
Reason : PolicyApplied ,
2022-05-01 22:14:32 -07:00
Source : source ,
2022-06-22 09:37:46 -07:00
Message : bldr . String ( ) ,
2022-05-01 22:14:32 -07:00
}
}
2023-04-06 00:55:42 +02:00
func NewResourceViolationEvent ( source Source , reason Reason , engineResponse engineapi . EngineResponse , ruleResp engineapi . RuleResponse ) Info {
2022-06-22 09:37:46 -07:00
var bldr strings . Builder
defer bldr . Reset ( )
2023-05-03 07:05:01 +02:00
fmt . Fprintf ( & bldr , "policy %s/%s %s: %s" , engineResponse . Policy ( ) . GetName ( ) ,
2023-04-05 12:35:38 +02:00
ruleResp . Name ( ) , ruleResp . Status ( ) , ruleResp . Message ( ) )
2022-05-01 22:14:32 -07:00
resource := engineResponse . GetResourceSpec ( )
2022-06-22 09:37:46 -07:00
return Info {
2022-05-01 22:14:32 -07:00
Kind : resource . Kind ,
Name : resource . Name ,
Namespace : resource . Namespace ,
2023-01-26 22:19:02 +01:00
Reason : reason ,
2022-05-01 22:14:32 -07:00
Source : source ,
2022-06-22 09:37:46 -07:00
Message : bldr . String ( ) ,
2022-05-01 22:14:32 -07:00
}
}
func NewBackgroundFailedEvent ( err error , policy , rule string , source Source , r * unstructured . Unstructured ) [ ] Info {
if r == nil {
return nil
}
var events [ ] Info
events = append ( events , Info {
Kind : r . GetKind ( ) ,
Namespace : r . GetNamespace ( ) ,
Name : r . GetName ( ) ,
Source : source ,
2023-01-26 22:19:02 +01:00
Reason : PolicyError ,
2022-05-01 22:14:32 -07:00
Message : fmt . Sprintf ( "policy %s/%s error: %v" , policy , rule , err ) ,
} )
return events
}
func NewBackgroundSuccessEvent ( policy , rule string , source Source , r * unstructured . Unstructured ) [ ] Info {
if r == nil {
return nil
}
var events [ ] Info
msg := fmt . Sprintf ( "policy %s/%s applied" , policy , rule )
events = append ( events , Info {
Kind : r . GetKind ( ) ,
Namespace : r . GetNamespace ( ) ,
Name : r . GetName ( ) ,
Source : source ,
2023-01-26 22:19:02 +01:00
Reason : PolicyApplied ,
2022-05-01 22:14:32 -07:00
Message : msg ,
} )
return events
}
2022-12-22 18:34:09 -05:00
2023-04-06 00:55:42 +02:00
func NewPolicyExceptionEvents ( engineResponse engineapi . EngineResponse , ruleResp engineapi . RuleResponse , source Source ) [ ] Info {
2023-04-05 12:35:38 +02:00
exception := ruleResp . Exception ( )
exceptionName , exceptionNamespace := exception . GetName ( ) , exception . GetNamespace ( )
policyMessage := fmt . Sprintf ( "resource %s was skipped from rule %s due to policy exception %s/%s" , resourceKey ( engineResponse . PatchedResource ) , ruleResp . Name ( ) , exceptionNamespace , exceptionName )
2023-01-13 10:18:14 +01:00
var exceptionMessage string
2023-05-03 07:05:01 +02:00
if engineResponse . Policy ( ) . GetNamespace ( ) == "" {
exceptionMessage = fmt . Sprintf ( "resource %s was skipped from policy rule %s/%s" , resourceKey ( engineResponse . PatchedResource ) , engineResponse . Policy ( ) . GetName ( ) , ruleResp . Name ( ) )
2023-01-13 10:18:14 +01:00
} else {
2023-05-03 07:05:01 +02:00
exceptionMessage = fmt . Sprintf ( "resource %s was skipped from policy rule %s/%s/%s" , resourceKey ( engineResponse . PatchedResource ) , engineResponse . Policy ( ) . GetNamespace ( ) , engineResponse . Policy ( ) . GetName ( ) , ruleResp . Name ( ) )
2023-01-13 10:18:14 +01:00
}
policyEvent := Info {
2023-05-03 07:05:01 +02:00
Kind : getPolicyKind ( engineResponse . Policy ( ) ) ,
Name : engineResponse . Policy ( ) . GetName ( ) ,
Namespace : engineResponse . Policy ( ) . GetNamespace ( ) ,
2023-01-26 22:19:02 +01:00
Reason : PolicySkipped ,
2023-01-13 10:18:14 +01:00
Message : policyMessage ,
2023-03-31 13:34:31 +08:00
Source : source ,
2023-01-13 10:18:14 +01:00
}
exceptionEvent := Info {
Kind : "PolicyException" ,
Name : exceptionName ,
Namespace : exceptionNamespace ,
2023-01-26 22:19:02 +01:00
Reason : PolicySkipped ,
2023-01-13 10:18:14 +01:00
Message : exceptionMessage ,
2023-03-31 13:34:31 +08:00
Source : source ,
2022-12-22 18:34:09 -05:00
}
2023-01-13 10:18:14 +01:00
return [ ] Info { policyEvent , exceptionEvent }
2022-12-22 18:34:09 -05:00
}
2023-03-03 01:19:32 +08:00
2023-03-11 01:17:10 +08:00
func NewFailedEvent ( err error , policy , rule string , source Source , resource kyvernov1 . ResourceSpec ) Info {
return Info {
Kind : resource . GetKind ( ) ,
Namespace : resource . GetNamespace ( ) ,
Name : resource . GetName ( ) ,
Source : source ,
Reason : PolicyError ,
Message : fmt . Sprintf ( "policy %s/%s error: %v" , policy , rule , err ) ,
}
}
2023-03-03 01:19:32 +08:00
func resourceKey ( resource unstructured . Unstructured ) string {
if resource . GetNamespace ( ) != "" {
return strings . Join ( [ ] string { resource . GetKind ( ) , resource . GetNamespace ( ) , resource . GetName ( ) } , "/" )
}
return strings . Join ( [ ] string { resource . GetKind ( ) , resource . GetName ( ) } , "/" )
}
