2022-09-08 18:10:27 +02:00
|
|
|
package utils
|
2019-07-15 16:07:56 -07:00
|
|
|
|
|
|
|
|
import (
|
2022-12-22 18:34:09 -05:00
|
|
|
"strings"
|
|
|
|
|
|
2020-10-07 11:12:31 -07:00
|
|
|
"github.com/kyverno/kyverno/pkg/engine/response"
|
|
|
|
|
"github.com/kyverno/kyverno/pkg/event"
|
2019-07-15 16:07:56 -07:00
|
|
|
)
|
|
|
|
|
|
2022-09-09 06:11:16 +02:00
|
|
|
// GenerateEvents generates event info for the engine responses
|
|
|
|
|
func GenerateEvents(engineResponses []*response.EngineResponse, blocked bool) []event.Info {
|
2019-08-26 13:34:42 -07:00
|
|
|
var events []event.Info
|
2022-05-01 22:14:32 -07:00
|
|
|
// - Some/All policies fail or error
|
|
|
|
|
// - report failure events on policy
|
|
|
|
|
// - report failure events on resource
|
2021-06-30 00:43:11 +03:00
|
|
|
// - Some/All policies succeeded
|
|
|
|
|
// - report success event on resource
|
2022-07-28 11:31:50 +05:30
|
|
|
// - Some/All policies skipped
|
|
|
|
|
// - report skipped event on resource
|
2020-02-19 19:24:34 -08:00
|
|
|
for _, er := range engineResponses {
|
2022-10-27 16:34:55 +08:00
|
|
|
if er.IsEmpty() {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2021-06-30 00:43:11 +03:00
|
|
|
if !er.IsSuccessful() {
|
2022-05-01 22:14:32 -07:00
|
|
|
for i, ruleResp := range er.PolicyResponse.Rules {
|
|
|
|
|
if ruleResp.Status == response.RuleStatusFail || ruleResp.Status == response.RuleStatusError {
|
|
|
|
|
e := event.NewPolicyFailEvent(event.AdmissionController, event.PolicyViolation, er, &er.PolicyResponse.Rules[i], blocked)
|
2022-06-22 09:37:46 -07:00
|
|
|
events = append(events, e)
|
2022-05-01 22:14:32 -07:00
|
|
|
}
|
|
|
|
|
if !blocked {
|
|
|
|
|
e := event.NewResourceViolationEvent(event.AdmissionController, event.PolicyViolation, er, &er.PolicyResponse.Rules[i])
|
2022-06-22 09:37:46 -07:00
|
|
|
events = append(events, e)
|
2022-05-01 22:14:32 -07:00
|
|
|
}
|
2022-04-28 17:51:06 +08:00
|
|
|
}
|
2022-12-22 18:34:09 -05:00
|
|
|
} else if er.IsSkipped() { // Handle PolicyException Event
|
|
|
|
|
for i, ruleResp := range er.PolicyResponse.Rules {
|
|
|
|
|
isException := strings.Contains(ruleResp.Message, "rule skipped due to policy exception")
|
|
|
|
|
if ruleResp.Status == response.RuleStatusSkip && !blocked && isException {
|
2023-01-13 10:18:14 +01:00
|
|
|
events = append(events, event.NewPolicyExceptionEvents(er, &er.PolicyResponse.Rules[i])...)
|
2022-12-22 18:34:09 -05:00
|
|
|
}
|
|
|
|
|
}
|
2022-10-13 14:02:20 +05:30
|
|
|
} else if !er.IsSkipped() {
|
|
|
|
|
e := event.NewPolicyAppliedEvent(event.AdmissionController, er)
|
|
|
|
|
events = append(events, e)
|
2021-06-30 00:43:11 +03:00
|
|
|
}
|
|
|
|
|
}
|
2019-08-26 13:34:42 -07:00
|
|
|
return events
|
2019-07-17 17:53:13 -07:00
|
|
|
}
|
