2019-12-30 17:08:50 -08:00
|
|
|
package response
|
2019-08-23 18:34:23 -07:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
|
|
|
|
)
|
|
|
|
|
|
2019-10-08 10:57:24 -07:00
|
|
|
//EngineResponse engine response to the action
|
|
|
|
|
type EngineResponse struct {
|
2019-08-23 18:34:23 -07:00
|
|
|
// Resource patched with the engine action changes
|
|
|
|
|
PatchedResource unstructured.Unstructured
|
|
|
|
|
// Policy Response
|
|
|
|
|
PolicyResponse PolicyResponse
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//PolicyResponse policy application response
|
|
|
|
|
type PolicyResponse struct {
|
2021-06-30 00:43:11 +03:00
|
|
|
// policy details
|
|
|
|
|
Policy PolicySpec `json:"policy"`
|
2019-08-23 18:34:23 -07:00
|
|
|
// resource details
|
2019-08-29 11:44:50 -07:00
|
|
|
Resource ResourceSpec `json:"resource"`
|
2019-08-23 18:34:23 -07:00
|
|
|
// policy statistics
|
2019-08-29 18:48:58 -07:00
|
|
|
PolicyStats `json:",inline"`
|
2019-08-23 18:34:23 -07:00
|
|
|
// rule response
|
2019-08-29 11:44:50 -07:00
|
|
|
Rules []RuleResponse `json:"rules"`
|
2021-07-09 18:01:46 -07:00
|
|
|
// ValidationFailureAction: audit (default) or enforce
|
2019-08-23 18:34:23 -07:00
|
|
|
ValidationFailureAction string
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-30 00:43:11 +03:00
|
|
|
//PolicySpec policy
|
|
|
|
|
type PolicySpec struct {
|
|
|
|
|
Name string `json:"name"`
|
|
|
|
|
Namespace string `json:"namespace"`
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-23 18:34:23 -07:00
|
|
|
//ResourceSpec resource action applied on
|
|
|
|
|
type ResourceSpec struct {
|
2019-08-29 11:44:50 -07:00
|
|
|
Kind string `json:"kind"`
|
|
|
|
|
APIVersion string `json:"apiVersion"`
|
|
|
|
|
Namespace string `json:"namespace"`
|
|
|
|
|
Name string `json:"name"`
|
2020-12-21 11:04:19 -08:00
|
|
|
|
|
|
|
|
// UID is not used to build the unique identifier
|
|
|
|
|
// optional
|
|
|
|
|
UID string `json:"uid"`
|
2019-08-23 18:34:23 -07:00
|
|
|
}
|
2019-12-26 11:50:41 -08:00
|
|
|
|
|
|
|
|
//GetKey returns the key
|
|
|
|
|
func (rs ResourceSpec) GetKey() string {
|
|
|
|
|
return rs.Kind + "/" + rs.Namespace + "/" + rs.Name
|
|
|
|
|
}
|
2019-08-23 18:34:23 -07:00
|
|
|
|
|
|
|
|
//PolicyStats stores statistics for the single policy application
|
|
|
|
|
type PolicyStats struct {
|
2021-09-26 02:12:31 -07:00
|
|
|
|
2019-08-23 18:34:23 -07:00
|
|
|
// time required to process the policy rules on a resource
|
2019-08-29 11:44:50 -07:00
|
|
|
ProcessingTime time.Duration `json:"processingTime"`
|
2021-09-26 02:12:31 -07:00
|
|
|
|
2020-01-24 12:05:53 -08:00
|
|
|
// Count of rules that were applied successfully
|
2019-08-29 11:44:50 -07:00
|
|
|
RulesAppliedCount int `json:"rulesAppliedCount"`
|
2021-09-26 02:12:31 -07:00
|
|
|
|
|
|
|
|
// Count of rules that with execution errors
|
|
|
|
|
RulesErrorCount int `json:"rulesErrorCount"`
|
|
|
|
|
|
2021-05-15 19:15:04 +05:30
|
|
|
// Timestamp of the instant the Policy was triggered
|
|
|
|
|
PolicyExecutionTimestamp int64 `json:"policyExecutionTimestamp"`
|
2019-08-23 18:34:23 -07:00
|
|
|
}
|
|
|
|
|
|
2020-12-21 11:04:19 -08:00
|
|
|
//RuleResponse details for each rule application
|
2019-08-23 18:34:23 -07:00
|
|
|
type RuleResponse struct {
|
2021-09-26 02:12:31 -07:00
|
|
|
|
2019-08-23 18:34:23 -07:00
|
|
|
// rule name specified in policy
|
2019-08-29 11:44:50 -07:00
|
|
|
Name string `json:"name"`
|
2021-09-26 02:12:31 -07:00
|
|
|
|
2019-08-23 18:34:23 -07:00
|
|
|
// rule type (Mutation,Generation,Validation) for Kyverno Policy
|
2019-08-29 11:44:50 -07:00
|
|
|
Type string `json:"type"`
|
2021-09-26 02:12:31 -07:00
|
|
|
|
2019-08-23 18:34:23 -07:00
|
|
|
// message response from the rule application
|
2019-08-29 11:44:50 -07:00
|
|
|
Message string `json:"message"`
|
2021-09-26 02:12:31 -07:00
|
|
|
|
2019-08-23 18:34:23 -07:00
|
|
|
// JSON patches, for mutation rules
|
2019-08-29 11:44:50 -07:00
|
|
|
Patches [][]byte `json:"patches,omitempty"`
|
2021-09-26 02:12:31 -07:00
|
|
|
|
|
|
|
|
// rule status
|
|
|
|
|
Status RuleStatus `json:"status"`
|
|
|
|
|
|
2019-08-23 18:34:23 -07:00
|
|
|
// statistics
|
2021-09-27 23:40:05 -07:00
|
|
|
RuleStats `json:",inline"`
|
2019-08-23 18:34:23 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//ToString ...
|
|
|
|
|
func (rr RuleResponse) ToString() string {
|
|
|
|
|
return fmt.Sprintf("rule %s (%s): %v", rr.Name, rr.Type, rr.Message)
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-30 11:53:27 -07:00
|
|
|
//RuleStats stores the statistics for the single rule application
|
2019-08-23 18:34:23 -07:00
|
|
|
type RuleStats struct {
|
2020-06-30 11:53:27 -07:00
|
|
|
// time required to apply the rule on the resource
|
2019-08-29 11:44:50 -07:00
|
|
|
ProcessingTime time.Duration `json:"processingTime"`
|
2021-05-15 19:15:04 +05:30
|
|
|
// Timestamp of the instant the rule got triggered
|
|
|
|
|
RuleExecutionTimestamp int64 `json:"ruleExecutionTimestamp"`
|
2019-08-23 18:34:23 -07:00
|
|
|
}
|
|
|
|
|
|
2020-06-30 11:53:27 -07:00
|
|
|
//IsSuccessful checks if any rule has failed or not
|
|
|
|
|
func (er EngineResponse) IsSuccessful() bool {
|
2019-08-23 18:34:23 -07:00
|
|
|
for _, r := range er.PolicyResponse.Rules {
|
2021-10-03 03:15:22 -07:00
|
|
|
if r.Status == RuleStatusFail || r.Status == RuleStatusError {
|
2019-08-23 18:34:23 -07:00
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-09-26 02:12:31 -07:00
|
|
|
|
2019-08-23 18:34:23 -07:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-30 00:43:11 +03:00
|
|
|
//IsFailed checks if any rule has succeeded or not
|
|
|
|
|
func (er EngineResponse) IsFailed() bool {
|
|
|
|
|
for _, r := range er.PolicyResponse.Rules {
|
2021-10-02 18:29:25 -07:00
|
|
|
if r.Status == RuleStatusFail {
|
|
|
|
|
return true
|
2021-06-30 00:43:11 +03:00
|
|
|
}
|
|
|
|
|
}
|
2021-09-26 02:12:31 -07:00
|
|
|
|
2021-10-02 18:29:25 -07:00
|
|
|
return false
|
2021-06-30 00:43:11 +03:00
|
|
|
}
|
|
|
|
|
|
2019-08-23 18:34:23 -07:00
|
|
|
//GetPatches returns all the patches joined
|
2019-10-08 10:57:24 -07:00
|
|
|
func (er EngineResponse) GetPatches() [][]byte {
|
2019-08-23 18:34:23 -07:00
|
|
|
var patches [][]byte
|
|
|
|
|
for _, r := range er.PolicyResponse.Rules {
|
|
|
|
|
if r.Patches != nil {
|
|
|
|
|
patches = append(patches, r.Patches...)
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-06-30 11:53:27 -07:00
|
|
|
|
2019-08-26 16:10:19 -07:00
|
|
|
return patches
|
2019-08-23 18:34:23 -07:00
|
|
|
}
|
2019-08-26 13:34:42 -07:00
|
|
|
|
|
|
|
|
//GetFailedRules returns failed rules
|
2019-10-08 10:57:24 -07:00
|
|
|
func (er EngineResponse) GetFailedRules() []string {
|
2021-09-26 02:12:31 -07:00
|
|
|
return er.getRules(RuleStatusFail)
|
2019-08-26 13:34:42 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//GetSuccessRules returns success rules
|
2019-10-08 10:57:24 -07:00
|
|
|
func (er EngineResponse) GetSuccessRules() []string {
|
2021-09-26 02:12:31 -07:00
|
|
|
return er.getRules(RuleStatusPass)
|
2019-08-26 13:34:42 -07:00
|
|
|
}
|
|
|
|
|
|
2020-12-21 11:04:19 -08:00
|
|
|
// GetResourceSpec returns resourceSpec of er
|
|
|
|
|
func (er EngineResponse) GetResourceSpec() ResourceSpec {
|
|
|
|
|
return ResourceSpec{
|
|
|
|
|
Kind: er.PatchedResource.GetKind(),
|
|
|
|
|
APIVersion: er.PatchedResource.GetAPIVersion(),
|
|
|
|
|
Namespace: er.PatchedResource.GetNamespace(),
|
|
|
|
|
Name: er.PatchedResource.GetName(),
|
|
|
|
|
UID: string(er.PatchedResource.GetUID()),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-26 02:12:31 -07:00
|
|
|
func (er EngineResponse) getRules(status RuleStatus) []string {
|
2019-08-26 13:34:42 -07:00
|
|
|
var rules []string
|
|
|
|
|
for _, r := range er.PolicyResponse.Rules {
|
2021-09-27 23:40:05 -07:00
|
|
|
if r.Status == status {
|
2019-08-26 13:34:42 -07:00
|
|
|
rules = append(rules, r.Name)
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-06-30 11:53:27 -07:00
|
|
|
|
2019-08-26 13:34:42 -07:00
|
|
|
return rules
|
|
|
|
|
}
|
