mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
integrated policy report
This commit is contained in:
NoSkillGirl
parent
c56840ef3b
commit
1279026a07
3 changed files with 5 additions and 92 deletions
|
|
@ -4,7 +4,6 @@ import (
|
|||
"bufio"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
|
||||
"github.com/kyverno/kyverno/pkg/engine/response"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
|
|
@ -28,6 +27,7 @@ import (
|
|||
"k8s.io/apimachinery/pkg/util/yaml"
|
||||
"k8s.io/cli-runtime/pkg/genericclioptions"
|
||||
log "sigs.k8s.io/controller-runtime/pkg/log"
|
||||
yaml1 "sigs.k8s.io/yaml"
|
||||
)
|
||||
|
||||
type resultCounts struct {
|
||||
|
|
@ -146,10 +146,6 @@ func Command() *cobra.Command {
|
|||
return err
|
||||
}
|
||||
|
||||
// POLICIES ...
|
||||
fmt.Println("------------------------------------------------------------------")
|
||||
fmt.Println("Got Policies:", len(policies))
|
||||
|
||||
if len(resourcePaths) == 0 && !cluster {
|
||||
return sanitizedError.NewWithError(fmt.Sprintf("resource file(s) or cluster required"), err)
|
||||
}
|
||||
|
|
@ -195,20 +191,8 @@ func Command() *cobra.Command {
|
|||
}
|
||||
}
|
||||
|
||||
fmt.Println("------------------------------------------------------------------")
|
||||
fmt.Println("Got Resources:", len(resources))
|
||||
for _, resource := range resources {
|
||||
fmt.Println(resource.GetName())
|
||||
}
|
||||
|
||||
fmt.Println("++++++++++++++++++++++++++++++++++++++++++")
|
||||
fmt.Println("Before Mutate Policy: ", len(policies))
|
||||
|
||||
mutatedPolicies, err := mutatePolices(policies)
|
||||
|
||||
fmt.Println("++++++++++++++++++++++++++++++++++++++++++")
|
||||
fmt.Println("Mutate Policy: ", len(mutatedPolicies))
|
||||
|
||||
msgPolicies := "1 policy"
|
||||
if len(mutatedPolicies) > 1 {
|
||||
msgPolicies = fmt.Sprintf("%d policies", len(policies))
|
||||
|
|
@ -219,10 +203,6 @@ func Command() *cobra.Command {
|
|||
msgResources = fmt.Sprintf("%d resources", len(resources))
|
||||
}
|
||||
|
||||
//if len(mutatedPolicies) == 0 || len(resources) == 0 {
|
||||
// return
|
||||
//}
|
||||
|
||||
if len(mutatedPolicies) > 0 && len(resources) > 0 {
|
||||
fmt.Printf("\napplying %s to %s \n", msgPolicies, msgResources)
|
||||
}
|
||||
|
|
@ -230,10 +210,6 @@ func Command() *cobra.Command {
|
|||
rc := &resultCounts{}
|
||||
engineResponses := make([]response.EngineResponse, 0)
|
||||
for _, policy := range mutatedPolicies {
|
||||
//
|
||||
//fmt.Println("______________________")
|
||||
//fmt.Println(policy)
|
||||
|
||||
err := policy2.Validate(utils.MarshalPolicy(*policy), nil, true, openAPIController)
|
||||
if err != nil {
|
||||
rc.skip += len(resources)
|
||||
|
|
@ -252,23 +228,6 @@ func Command() *cobra.Command {
|
|||
}
|
||||
|
||||
for _, resource := range resources {
|
||||
//fmt.Println("Inside loop ....")
|
||||
//fmt.Println(resource)
|
||||
|
||||
|
||||
fmt.Println("*******************")
|
||||
bytes, _ := resource.MarshalJSON()
|
||||
|
||||
prr :=
|
||||
|
||||
json.Unmarshal(bytes, &prr)
|
||||
//for _, r := range prr.Results {
|
||||
// fmt.Println(r.Policy)
|
||||
//
|
||||
//}
|
||||
|
||||
fmt.Println(prr.Summary)
|
||||
|
||||
// get values from file for this policy resource combination
|
||||
thisPolicyResourceValues := make(map[string]string)
|
||||
if len(valuesMap[policy.GetName()]) != 0 && !reflect.DeepEqual(valuesMap[policy.GetName()][resource.GetName()], Resource{}) {
|
||||
|
|
@ -283,8 +242,6 @@ func Command() *cobra.Command {
|
|||
return sanitizedError.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err)
|
||||
}
|
||||
|
||||
|
||||
|
||||
ers, err := applyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, rc)
|
||||
if err != nil {
|
||||
return sanitizedError.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err)
|
||||
|
|
@ -293,49 +250,20 @@ func Command() *cobra.Command {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
if policyReport {
|
||||
fmt.Println("-----------------------------------------------------")
|
||||
fmt.Println("PolicyReport is Called")
|
||||
resps := buildPolicyReports(engineResponses)
|
||||
fmt.Println("----------------------------------------------------------------------\nPOLICY REPORT:")
|
||||
for _, u := range resps {
|
||||
fmt.Println("*******************")
|
||||
bytes, _ := u.MarshalJSON()
|
||||
|
||||
prr := report.ClusterPolicyReport{}
|
||||
|
||||
json.Unmarshal(bytes, &prr)
|
||||
//for _, r := range prr.Results {
|
||||
// fmt.Println(r.Policy)
|
||||
//
|
||||
//}
|
||||
|
||||
fmt.Println(prr.Summary)
|
||||
|
||||
|
||||
|
||||
//fmt.Println("Name: ", u.GetName())
|
||||
//fmt.Println("Kind: ", u.GetKind())
|
||||
//fmt.Println("Results: ", u.UnstructuredContent()["results"])
|
||||
//
|
||||
//results := u.UnstructuredContent()["results"]
|
||||
//
|
||||
//resultsMap := results.(report.PolicyReportResult)
|
||||
//
|
||||
//for k, v := range resultsMap {
|
||||
// fmt.Println(k, v)
|
||||
//}
|
||||
//
|
||||
//fmt.Println("Summary: ", u.UnstructuredContent()["summary"])
|
||||
fmt.Println("----------------------------------------------------------------------")
|
||||
yamlResp, _ := yaml1.Marshal(u)
|
||||
fmt.Println(string(yamlResp))
|
||||
}
|
||||
} else {
|
||||
|
||||
rcCount := rc.pass + rc.fail + rc.warn + rc.error + rc.skip
|
||||
if rcCount < len(resourcePaths) {
|
||||
rc.skip += len(resourcePaths) - rcCount
|
||||
}
|
||||
|
||||
fmt.Println("PolicyViolation is Called")
|
||||
fmt.Printf("\npass: %d, fail: %d, warn: %d, error: %d, skip: %d \n",
|
||||
rc.pass, rc.fail, rc.warn, rc.error, rc.skip)
|
||||
|
||||
|
|
@ -354,15 +282,12 @@ func Command() *cobra.Command {
|
|||
cmd.Flags().StringVarP(&variablesString, "set", "s", "", "Variables that are required")
|
||||
cmd.Flags().StringVarP(&valuesFile, "values_file", "f", "", "File containing values for policy variables")
|
||||
cmd.Flags().BoolVarP(&policyReport, "policy_report", "", false, "Generates policy report when passed (default policyviolation r")
|
||||
//cmd.Flags().StringVarP(&policyScope, "policy_scope", "", "", "Optional Policy parameter passed with cluster flag")
|
||||
//cmd.Flags().StringVarP(&resourceScope, "resource_scope", "", "", "Optional Resource parameter passed with cluster flag")
|
||||
cmd.Flags().StringVarP(&namespace, "namespace", "n", "", "Optional Policy parameter passed with cluster flag")
|
||||
return cmd
|
||||
}
|
||||
|
||||
// applyPolicyOnResource - function to apply policy on resource
|
||||
func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, rc *resultCounts) ([]response.EngineResponse , error) {
|
||||
//fmt.Println("applyPolicyOnResource called")
|
||||
responseError := false
|
||||
engineResponses := make([]response.EngineResponse, 0)
|
||||
|
||||
|
|
@ -460,9 +385,6 @@ func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
|
|||
rc.pass++
|
||||
}
|
||||
|
||||
//fmt.Println("---------------------")
|
||||
//fmt.Println(rc)
|
||||
|
||||
return engineResponses, nil
|
||||
}
|
||||
|
||||
|
|
@ -525,7 +447,6 @@ func createFileOrFolder(mutateLogPath string, mutateLogPathIsDir bool) error {
|
|||
if len(s) > 1 {
|
||||
folderPath = mutateLogPath[:len(mutateLogPath)-len(s[len(s)-1])-1]
|
||||
_, err := os.Stat(folderPath)
|
||||
//fmt.Println(err)
|
||||
if os.IsNotExist(err) {
|
||||
errDir := os.MkdirAll(folderPath, 0755)
|
||||
if errDir != nil {
|
||||
|
|
|
|||
|
|
@ -37,7 +37,6 @@ func GetPolicies(paths []string, cluster bool, dClient *client.Client, namespace
|
|||
path = filepath.Clean(path)
|
||||
fileDesc, err := os.Stat(path)
|
||||
if err != nil {
|
||||
//fmt.Println(err)
|
||||
p, err := getPolicyFromCluster(path, cluster, dClient, namespace)
|
||||
|
||||
if err != nil {
|
||||
|
|
@ -97,7 +96,6 @@ func getPolicyFromCluster(policyName string, cluster bool, dClient *client.Clien
|
|||
|
||||
policyBytes, err := json.Marshal(policy.Object)
|
||||
if err != nil {
|
||||
//fmt.Println(err)
|
||||
return &v1.ClusterPolicy{}, err
|
||||
}
|
||||
|
||||
|
|
@ -105,7 +103,6 @@ func getPolicyFromCluster(policyName string, cluster bool, dClient *client.Clien
|
|||
err = json.Unmarshal(policyBytes, &p)
|
||||
|
||||
if err != nil {
|
||||
//fmt.Println(err)
|
||||
return &v1.ClusterPolicy{}, err
|
||||
}
|
||||
|
||||
|
|
@ -141,14 +138,12 @@ func getPoliciesFromCluster(cluster bool, dClient *client.Client, namespace stri
|
|||
|
||||
policyList, err := dClient.ListResource("", "ClusterPolicy", namespace, nil)
|
||||
if err != nil {
|
||||
//fmt.Println("----------error: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
for _, policy := range policyList.Items {
|
||||
policyBytes, err := json.Marshal(policy.Object)
|
||||
if err != nil {
|
||||
//fmt.Println(err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -156,7 +151,6 @@ func getPoliciesFromCluster(cluster bool, dClient *client.Client, namespace stri
|
|||
err = json.Unmarshal(policyBytes, &p)
|
||||
|
||||
if err != nil {
|
||||
//fmt.Println(err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ import (
|
|||
// - local paths to resources, if given
|
||||
// - the k8s cluster, if given
|
||||
func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient *client.Client, cluster bool, namespace string) ([]*unstructured.Unstructured, error) {
|
||||
//var resources []*unstructured.Unstructured
|
||||
resources := make([]*unstructured.Unstructured, 0)
|
||||
var err error
|
||||
|
||||
|
|
@ -139,7 +138,6 @@ func getResourcesOfTypeFromCluster(resourceTypes []string, dClient *client.Clien
|
|||
r[kind] = make(map[string]*unstructured.Unstructured)
|
||||
resourceList, err := dClient.ListResource("", kind, namespace, nil)
|
||||
if err != nil {
|
||||
//fmt.Println(err)
|
||||
return nil, err
|
||||
}
|
||||
version := resourceList.GetAPIVersion()
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue