From 1279026a0787b57b0ab383b45c2d0732c06940b3 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Wed, 28 Oct 2020 13:43:40 +0530 Subject: [PATCH] integrated policy report --- pkg/kyverno/apply/command.go | 89 ++---------------------------------- pkg/kyverno/common/common.go | 6 --- pkg/kyverno/common/fetch.go | 2 - 3 files changed, 5 insertions(+), 92 deletions(-) diff --git a/pkg/kyverno/apply/command.go b/pkg/kyverno/apply/command.go index 8d23401f8e..f424e635f5 100644 --- a/pkg/kyverno/apply/command.go +++ b/pkg/kyverno/apply/command.go @@ -4,7 +4,6 @@ import ( "bufio" "encoding/json" "fmt" - report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1" "github.com/kyverno/kyverno/pkg/engine/response" "io/ioutil" "os" @@ -28,6 +27,7 @@ import ( "k8s.io/apimachinery/pkg/util/yaml" "k8s.io/cli-runtime/pkg/genericclioptions" log "sigs.k8s.io/controller-runtime/pkg/log" + yaml1 "sigs.k8s.io/yaml" ) type resultCounts struct { @@ -146,10 +146,6 @@ func Command() *cobra.Command { return err } - // POLICIES ... - fmt.Println("------------------------------------------------------------------") - fmt.Println("Got Policies:", len(policies)) - if len(resourcePaths) == 0 && !cluster { return sanitizedError.NewWithError(fmt.Sprintf("resource file(s) or cluster required"), err) } @@ -195,20 +191,8 @@ func Command() *cobra.Command { } } - fmt.Println("------------------------------------------------------------------") - fmt.Println("Got Resources:", len(resources)) - for _, resource := range resources { - fmt.Println(resource.GetName()) - } - - fmt.Println("++++++++++++++++++++++++++++++++++++++++++") - fmt.Println("Before Mutate Policy: ", len(policies)) - mutatedPolicies, err := mutatePolices(policies) - fmt.Println("++++++++++++++++++++++++++++++++++++++++++") - fmt.Println("Mutate Policy: ", len(mutatedPolicies)) - msgPolicies := "1 policy" if len(mutatedPolicies) > 1 { msgPolicies = fmt.Sprintf("%d policies", len(policies)) @@ -219,10 +203,6 @@ func Command() *cobra.Command { msgResources = fmt.Sprintf("%d resources", len(resources)) } - //if len(mutatedPolicies) == 0 || len(resources) == 0 { - // return - //} - if len(mutatedPolicies) > 0 && len(resources) > 0 { fmt.Printf("\napplying %s to %s \n", msgPolicies, msgResources) } @@ -230,10 +210,6 @@ func Command() *cobra.Command { rc := &resultCounts{} engineResponses := make([]response.EngineResponse, 0) for _, policy := range mutatedPolicies { - // - //fmt.Println("______________________") - //fmt.Println(policy) - err := policy2.Validate(utils.MarshalPolicy(*policy), nil, true, openAPIController) if err != nil { rc.skip += len(resources) @@ -252,23 +228,6 @@ func Command() *cobra.Command { } for _, resource := range resources { - //fmt.Println("Inside loop ....") - //fmt.Println(resource) - - - fmt.Println("*******************") - bytes, _ := resource.MarshalJSON() - - prr := - - json.Unmarshal(bytes, &prr) - //for _, r := range prr.Results { - // fmt.Println(r.Policy) - // - //} - - fmt.Println(prr.Summary) - // get values from file for this policy resource combination thisPolicyResourceValues := make(map[string]string) if len(valuesMap[policy.GetName()]) != 0 && !reflect.DeepEqual(valuesMap[policy.GetName()][resource.GetName()], Resource{}) { @@ -283,8 +242,6 @@ func Command() *cobra.Command { return sanitizedError.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) } - - ers, err := applyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, rc) if err != nil { return sanitizedError.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) @@ -293,49 +250,20 @@ func Command() *cobra.Command { } } - if policyReport { - fmt.Println("-----------------------------------------------------") - fmt.Println("PolicyReport is Called") resps := buildPolicyReports(engineResponses) + fmt.Println("----------------------------------------------------------------------\nPOLICY REPORT:") for _, u := range resps { - fmt.Println("*******************") - bytes, _ := u.MarshalJSON() - - prr := report.ClusterPolicyReport{} - - json.Unmarshal(bytes, &prr) - //for _, r := range prr.Results { - // fmt.Println(r.Policy) - // - //} - - fmt.Println(prr.Summary) - - - - //fmt.Println("Name: ", u.GetName()) - //fmt.Println("Kind: ", u.GetKind()) - //fmt.Println("Results: ", u.UnstructuredContent()["results"]) - // - //results := u.UnstructuredContent()["results"] - // - //resultsMap := results.(report.PolicyReportResult) - // - //for k, v := range resultsMap { - // fmt.Println(k, v) - //} - // - //fmt.Println("Summary: ", u.UnstructuredContent()["summary"]) + fmt.Println("----------------------------------------------------------------------") + yamlResp, _ := yaml1.Marshal(u) + fmt.Println(string(yamlResp)) } } else { - rcCount := rc.pass + rc.fail + rc.warn + rc.error + rc.skip if rcCount < len(resourcePaths) { rc.skip += len(resourcePaths) - rcCount } - fmt.Println("PolicyViolation is Called") fmt.Printf("\npass: %d, fail: %d, warn: %d, error: %d, skip: %d \n", rc.pass, rc.fail, rc.warn, rc.error, rc.skip) @@ -354,15 +282,12 @@ func Command() *cobra.Command { cmd.Flags().StringVarP(&variablesString, "set", "s", "", "Variables that are required") cmd.Flags().StringVarP(&valuesFile, "values_file", "f", "", "File containing values for policy variables") cmd.Flags().BoolVarP(&policyReport, "policy_report", "", false, "Generates policy report when passed (default policyviolation r") - //cmd.Flags().StringVarP(&policyScope, "policy_scope", "", "", "Optional Policy parameter passed with cluster flag") - //cmd.Flags().StringVarP(&resourceScope, "resource_scope", "", "", "Optional Resource parameter passed with cluster flag") cmd.Flags().StringVarP(&namespace, "namespace", "n", "", "Optional Policy parameter passed with cluster flag") return cmd } // applyPolicyOnResource - function to apply policy on resource func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, rc *resultCounts) ([]response.EngineResponse , error) { - //fmt.Println("applyPolicyOnResource called") responseError := false engineResponses := make([]response.EngineResponse, 0) @@ -460,9 +385,6 @@ func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst rc.pass++ } - //fmt.Println("---------------------") - //fmt.Println(rc) - return engineResponses, nil } @@ -525,7 +447,6 @@ func createFileOrFolder(mutateLogPath string, mutateLogPathIsDir bool) error { if len(s) > 1 { folderPath = mutateLogPath[:len(mutateLogPath)-len(s[len(s)-1])-1] _, err := os.Stat(folderPath) - //fmt.Println(err) if os.IsNotExist(err) { errDir := os.MkdirAll(folderPath, 0755) if errDir != nil { diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index 1a20553349..6e3d68c06e 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -37,7 +37,6 @@ func GetPolicies(paths []string, cluster bool, dClient *client.Client, namespace path = filepath.Clean(path) fileDesc, err := os.Stat(path) if err != nil { - //fmt.Println(err) p, err := getPolicyFromCluster(path, cluster, dClient, namespace) if err != nil { @@ -97,7 +96,6 @@ func getPolicyFromCluster(policyName string, cluster bool, dClient *client.Clien policyBytes, err := json.Marshal(policy.Object) if err != nil { - //fmt.Println(err) return &v1.ClusterPolicy{}, err } @@ -105,7 +103,6 @@ func getPolicyFromCluster(policyName string, cluster bool, dClient *client.Clien err = json.Unmarshal(policyBytes, &p) if err != nil { - //fmt.Println(err) return &v1.ClusterPolicy{}, err } @@ -141,14 +138,12 @@ func getPoliciesFromCluster(cluster bool, dClient *client.Client, namespace stri policyList, err := dClient.ListResource("", "ClusterPolicy", namespace, nil) if err != nil { - //fmt.Println("----------error: ", err) return res, err } for _, policy := range policyList.Items { policyBytes, err := json.Marshal(policy.Object) if err != nil { - //fmt.Println(err) return res, err } @@ -156,7 +151,6 @@ func getPoliciesFromCluster(cluster bool, dClient *client.Client, namespace stri err = json.Unmarshal(policyBytes, &p) if err != nil { - //fmt.Println(err) return res, err } diff --git a/pkg/kyverno/common/fetch.go b/pkg/kyverno/common/fetch.go index 8db82369f3..6aa333eb9d 100644 --- a/pkg/kyverno/common/fetch.go +++ b/pkg/kyverno/common/fetch.go @@ -20,7 +20,6 @@ import ( // - local paths to resources, if given // - the k8s cluster, if given func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient *client.Client, cluster bool, namespace string) ([]*unstructured.Unstructured, error) { - //var resources []*unstructured.Unstructured resources := make([]*unstructured.Unstructured, 0) var err error @@ -139,7 +138,6 @@ func getResourcesOfTypeFromCluster(resourceTypes []string, dClient *client.Clien r[kind] = make(map[string]*unstructured.Unstructured) resourceList, err := dClient.ListResource("", kind, namespace, nil) if err != nil { - //fmt.Println(err) return nil, err } version := resourceList.GetAPIVersion()