rule info uses type of rule

2025-04-08 10:04:25 +00:00 · 2019-06-25 23:58:28 -07:00 · 2019-06-25 23:58:28 -07:00 · 059993a78f
commit 059993a78f
parent e74ae16f5b
6 changed files with 35 additions and 15 deletions
--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@ -4,6 +4,8 @@ import (
 	"fmt"
 	"time"

+	"github.com/nirmata/kyverno/pkg/engine"
+
 	"github.com/golang/glog"
 	types "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
 	lister "github.com/nirmata/kyverno/pkg/client/listers/policy/v1alpha1"
@ -173,6 +175,15 @@ func (pc *PolicyController) syncHandler(obj interface{}) error {
 	// get the violations and pass to violation Builder
 	// get the events and pass to event Builder
 	//TODO: processPolicy
+	policyInfos := engine.ProcessExisting(pc.client, policy)
+	// Create events from the policyInfo
+	for _, policyInfo := range policyInfos {
+		if !policyInfo.IsSuccessful() {
+			// Create Policy Violation for Mutation rules
+			// Create Policy Violation for Generation rules
+			// Create Events for Violation rules
+		}
+	}
 	glog.Infof("process policy %s on existing resources", policy.GetName())
 	return nil
 }
--- a/pkg/engine/engine.go
+++ b/pkg/engine/engine.go
@ -62,7 +62,6 @@ func ProcessExisting(client *client.Client, policy *types.Policy) []*info.Policy
 			glog.Error(err)
 			continue
 		}
-		// Create events from the policyInfo
 		policyInfos = append(policyInfos, policyInfo)
 	}

@ -111,7 +110,7 @@ func mutation(p *types.Policy, rawResource []byte, gvk *metav1.GroupVersionKind)
 	}
 	// compare (original Resource + patch) vs (original resource)
 	// to verify if they are equal
-	ruleInfo := info.NewRuleInfo("mutation rules")
+	ruleInfo := info.NewRuleInfo("mutation rules", info.Mutation)
 	if !jsonpatch.Equal(patchedResource, rawResource) {
 		//resource does not match so there was a mutation rule violated
 		// TODO : check the rule name "mutation rules"
--- a/pkg/engine/generation.go
+++ b/pkg/engine/generation.go
@ -19,7 +19,7 @@ func Generate(client *client.Client, policy kubepolicy.Policy, rawResource []byt
 			continue
 		}

-		ri := info.NewRuleInfo(rule.Name)
+		ri := info.NewRuleInfo(rule.Name, info.Generation)

 		ok := ResourceMeetsDescription(rawResource, rule.ResourceDescription, gvk)
 		if !ok {
--- a/pkg/engine/mutation.go
+++ b/pkg/engine/mutation.go
@ -17,7 +17,7 @@ func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersio
 		if rule.Mutation == nil {
 			continue
 		}
-		ri := info.NewRuleInfo(rule.Name)
+		ri := info.NewRuleInfo(rule.Name, info.Mutation)

 		ok := ResourceMeetsDescription(rawResource, rule.ResourceDescription, gvk)
 		if !ok {
--- a/pkg/engine/validation.go
+++ b/pkg/engine/validation.go
@ -30,7 +30,7 @@ func Validate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVers
 		if rule.Validation == nil {
 			continue
 		}
-		ri := info.NewRuleInfo(rule.Name)
+		ri := info.NewRuleInfo(rule.Name, info.Validation)

 		ok := ResourceMeetsDescription(rawResource, rule.ResourceDescription, gvk)
 		if !ok {
--- a/pkg/info/info.go
+++ b/pkg/info/info.go
@ -11,7 +11,7 @@ type PolicyInfo struct {
 	Resource  string
 	Namespace string
 	success   bool
-	rules     []*RuleInfo
+	Rules     []*RuleInfo
 }

 //NewPolicyInfo returns a new policy info
@ -33,7 +33,7 @@ func (pi *PolicyInfo) IsSuccessful() bool {
 //ErrorRules returns error msgs from all rule
 func (pi *PolicyInfo) ErrorRules() string {
 	errorMsgs := []string{}
-	for _, r := range pi.rules {
+	for _, r := range pi.Rules {
 		if !r.IsSuccessful() {
 			errorMsgs = append(errorMsgs, r.ToString())
 		}
@ -41,11 +41,20 @@ func (pi *PolicyInfo) ErrorRules() string {
 	return strings.Join(errorMsgs, ";")
 }

+type RuleType int
+
+const (
+	Mutation RuleType = iota
+	Validation
+	Generation
+)
+
 //RuleInfo defines rule struct
 type RuleInfo struct {
-	Name    string
-	Msgs    []string
-	success bool
+	Name     string
+	Msgs     []string
+	ruleType RuleType
+	success  bool
 }

 //ToString reule information
@ -56,11 +65,12 @@ func (ri *RuleInfo) ToString() string {
 }

 //NewRuleInfo creates a new RuleInfo
-func NewRuleInfo(ruleName string) *RuleInfo {
+func NewRuleInfo(ruleName string, ruleType RuleType) *RuleInfo {
 	return &RuleInfo{
-		Name:    ruleName,
-		Msgs:    []string{},
-		success: true, // fail to be set explicity
+		Name:     ruleName,
+		Msgs:     []string{},
+		ruleType: ruleType,
+		success:  true, // fail to be set explicity
 	}
 }

@ -99,5 +109,5 @@ func (pi *PolicyInfo) AddRuleInfos(rules []*RuleInfo) {
 	if !RulesSuccesfuly(rules) {
 		pi.success = false
 	}
-	pi.rules = rules
+	pi.Rules = rules
 }