kyverno/pkg/policy/report.go

package policy

import (
	"fmt"

	"github.com/golang/glog"
	"github.com/nirmata/kyverno/pkg/engine"
	"github.com/nirmata/kyverno/pkg/event"
	"github.com/nirmata/kyverno/pkg/policyviolation"
)

// for each policy-resource response
// - has violation -> report
// - no violation -> cleanup policy violations(resource or resource owner)
func (pc *PolicyController) cleanupAndReport(engineResponses []engine.EngineResponse) {
	for _, eResponse := range engineResponses {
		if !eResponse.IsSuccesful() {
			// failure - policy/rule failed to apply on the resource
			reportEvents(eResponse, pc.eventGen)
			// generate policy violation
			// Only created on resource, not resource owners
			policyviolation.CreatePV(pc.pvLister, pc.kyvernoClient, engineResponses)
		} else {
			// cleanup existing violations if any
			// if there is any error in clean up, we dont re-queue the resource
			// it will be re-tried in the next controller cache resync
			pc.cleanUpPolicyViolation(eResponse.PolicyResponse)
		}
	}
}

//reportEvents generates events for the failed resources
func reportEvents(engineResponse engine.EngineResponse, eventGen event.Interface) {
	if engineResponse.IsSuccesful() {
		return
	}
	glog.V(4).Infof("reporting results for policy '%s' application on resource '%s/%s/%s'", engineResponse.PolicyResponse.Policy, engineResponse.PolicyResponse.Resource.Kind, engineResponse.PolicyResponse.Resource.Namespace, engineResponse.PolicyResponse.Resource.Name)
	for _, rule := range engineResponse.PolicyResponse.Rules {
		if rule.Success {
			return
		}

		// generate event on resource for each failed rule
		glog.V(4).Infof("generation event on resource '%s/%s/%s' for policy '%s'", engineResponse.PolicyResponse.Resource.Kind, engineResponse.PolicyResponse.Resource.Namespace, engineResponse.PolicyResponse.Resource.Name, engineResponse.PolicyResponse.Policy)
		e := event.Info{}
		e.Kind = engineResponse.PolicyResponse.Resource.Kind
		e.Namespace = engineResponse.PolicyResponse.Resource.Namespace
		e.Name = engineResponse.PolicyResponse.Resource.Name
		e.Reason = "Failure"
		e.Message = fmt.Sprintf("policy '%s' (%s) rule '%s' failed to apply. %v", engineResponse.PolicyResponse.Policy, rule.Type, rule.Name, rule.Message)
		eventGen.Add(e)

	}
	// generate a event on policy for all failed rules
	glog.V(4).Infof("generation event on policy '%s'", engineResponse.PolicyResponse.Policy)
	e := event.Info{}
	e.Kind = "ClusterPolicy"
	e.Namespace = ""
	e.Name = engineResponse.PolicyResponse.Policy
	e.Reason = "Failure"
	e.Message = fmt.Sprintf("failed to apply policy '%s' rules '%v' on resource '%s/%s/%s'", engineResponse.PolicyResponse.Policy, engineResponse.GetFailedRules(), engineResponse.PolicyResponse.Resource.Kind, engineResponse.PolicyResponse.Resource.Namespace, engineResponse.PolicyResponse.Resource.Name)
	eventGen.Add(e)

}
existing resource reporting 2019-08-13 13:15:04 -07:00			`package policy`

			`import (`
			`"fmt"`

clean up 2019-08-14 10:01:47 -07:00			`"github.com/golang/glog"`
replace policyInfo with engineResponse 2019-08-26 13:34:42 -07:00			`"github.com/nirmata/kyverno/pkg/engine"`
existing resource reporting 2019-08-13 13:15:04 -07:00			`"github.com/nirmata/kyverno/pkg/event"`
			`"github.com/nirmata/kyverno/pkg/policyviolation"`
			`)`

458 cleanup (#464) * cleanup of policy violation on policy spec changes + refactoring * remove unused code * remove duplicate types * cleanup references * fix info log and clean code * code clean * remove dead code 2019-11-08 20:45:26 -08:00			`// for each policy-resource response`
			`// - has violation -> report`
			`// - no violation -> cleanup policy violations(resource or resource owner)`
			`func (pc *PolicyController) cleanupAndReport(engineResponses []engine.EngineResponse) {`
			`for _, eResponse := range engineResponses {`
			`if !eResponse.IsSuccesful() {`
			`// failure - policy/rule failed to apply on the resource`
			`reportEvents(eResponse, pc.eventGen)`
			`// generate policy violation`
			`// Only created on resource, not resource owners`
			`policyviolation.CreatePV(pc.pvLister, pc.kyvernoClient, engineResponses)`
			`} else {`
			`// cleanup existing violations if any`
			`// if there is any error in clean up, we dont re-queue the resource`
			`// it will be re-tried in the next controller cache resync`
			`pc.cleanUpPolicyViolation(eResponse.PolicyResponse)`
			`}`
existing resource reporting 2019-08-13 13:15:04 -07:00			`}`
			`}`

clean up 2019-08-14 10:01:47 -07:00			`//reportEvents generates events for the failed resources`
update engineResponse Name 2019-10-08 10:57:24 -07:00			`func reportEvents(engineResponse engine.EngineResponse, eventGen event.Interface) {`
replace policyInfo with engineResponse 2019-08-26 13:34:42 -07:00			`if engineResponse.IsSuccesful() {`
existing resource reporting 2019-08-13 13:15:04 -07:00			`return`
			`}`
fix event resource name + add filtered kinds to policy controller & namespace + fix messages 2019-09-12 15:04:35 -07:00			`glog.V(4).Infof("reporting results for policy '%s' application on resource '%s/%s/%s'", engineResponse.PolicyResponse.Policy, engineResponse.PolicyResponse.Resource.Kind, engineResponse.PolicyResponse.Resource.Namespace, engineResponse.PolicyResponse.Resource.Name)`
replace policyInfo with engineResponse 2019-08-26 13:34:42 -07:00			`for _, rule := range engineResponse.PolicyResponse.Rules {`
			`if rule.Success {`
			`return`
existing resource reporting 2019-08-13 13:15:04 -07:00			`}`

			`// generate event on resource for each failed rule`
fix event resource name + add filtered kinds to policy controller & namespace + fix messages 2019-09-12 15:04:35 -07:00			`glog.V(4).Infof("generation event on resource '%s/%s/%s' for policy '%s'", engineResponse.PolicyResponse.Resource.Kind, engineResponse.PolicyResponse.Resource.Namespace, engineResponse.PolicyResponse.Resource.Name, engineResponse.PolicyResponse.Policy)`
replace policyInfo with engineResponse 2019-08-26 13:34:42 -07:00			`e := event.Info{}`
			`e.Kind = engineResponse.PolicyResponse.Resource.Kind`
			`e.Namespace = engineResponse.PolicyResponse.Resource.Namespace`
fix event resource name + add filtered kinds to policy controller & namespace + fix messages 2019-09-12 15:04:35 -07:00			`e.Name = engineResponse.PolicyResponse.Resource.Name`
existing resource reporting 2019-08-13 13:15:04 -07:00			`e.Reason = "Failure"`
fix event resource name + add filtered kinds to policy controller & namespace + fix messages 2019-09-12 15:04:35 -07:00			`e.Message = fmt.Sprintf("policy '%s' (%s) rule '%s' failed to apply. %v", engineResponse.PolicyResponse.Policy, rule.Type, rule.Name, rule.Message)`
existing resource reporting 2019-08-13 13:15:04 -07:00			`eventGen.Add(e)`

			`}`
			`// generate a event on policy for all failed rules`
fix event resource name + add filtered kinds to policy controller & namespace + fix messages 2019-09-12 15:04:35 -07:00			`glog.V(4).Infof("generation event on policy '%s'", engineResponse.PolicyResponse.Policy)`
replace policyInfo with engineResponse 2019-08-26 13:34:42 -07:00			`e := event.Info{}`
fix event resource name + add filtered kinds to policy controller & namespace + fix messages 2019-09-12 15:04:35 -07:00			`e.Kind = "ClusterPolicy"`
existing resource reporting 2019-08-13 13:15:04 -07:00			`e.Namespace = ""`
replace policyInfo with engineResponse 2019-08-26 13:34:42 -07:00			`e.Name = engineResponse.PolicyResponse.Policy`
existing resource reporting 2019-08-13 13:15:04 -07:00			`e.Reason = "Failure"`
fix event resource name + add filtered kinds to policy controller & namespace + fix messages 2019-09-12 15:04:35 -07:00			`e.Message = fmt.Sprintf("failed to apply policy '%s' rules '%v' on resource '%s/%s/%s'", engineResponse.PolicyResponse.Policy, engineResponse.GetFailedRules(), engineResponse.PolicyResponse.Resource.Kind, engineResponse.PolicyResponse.Resource.Namespace, engineResponse.PolicyResponse.Resource.Name)`
existing resource reporting 2019-08-13 13:15:04 -07:00			`eventGen.Add(e)`
replace policyInfo with engineResponse 2019-08-26 13:34:42 -07:00
existing resource reporting 2019-08-13 13:15:04 -07:00			`}`