mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00
Code Activity

integrated policy report

Browse source
This commit is contained in:
NoSkillGirl 2020-10-28 13:43:40 +05:30
parent c56840ef3b
commit 1279026a07
3 changed files with 5 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
pkg/kyverno/apply/command.go
View file

@ -4,7 +4,6 @@ import (
"bufio" "bufio"
"encoding/json" "encoding/json"
"fmt" "fmt"
report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
"github.com/kyverno/kyverno/pkg/engine/response" "github.com/kyverno/kyverno/pkg/engine/response"
"io/ioutil" "io/ioutil"
"os" "os"
@ -28,6 +27,7 @@ import (
"k8s.io/apimachinery/pkg/util/yaml" "k8s.io/apimachinery/pkg/util/yaml"
"k8s.io/cli-runtime/pkg/genericclioptions" "k8s.io/cli-runtime/pkg/genericclioptions"
log "sigs.k8s.io/controller-runtime/pkg/log" log "sigs.k8s.io/controller-runtime/pkg/log"
yaml1 "sigs.k8s.io/yaml"
) )
type resultCounts struct { type resultCounts struct {
@ -146,10 +146,6 @@ func Command() *cobra.Command {
return err return err
} }
// POLICIES ...
fmt.Println("------------------------------------------------------------------")
fmt.Println("Got Policies:", len(policies))
if len(resourcePaths) == 0 && !cluster { if len(resourcePaths) == 0 && !cluster {
return sanitizedError.NewWithError(fmt.Sprintf("resource file(s) or cluster required"), err) return sanitizedError.NewWithError(fmt.Sprintf("resource file(s) or cluster required"), err)
} }
@ -195,20 +191,8 @@ func Command() *cobra.Command {
} }
} }
fmt.Println("------------------------------------------------------------------")
fmt.Println("Got Resources:", len(resources))
for _, resource := range resources {
fmt.Println(resource.GetName())
}
fmt.Println("++++++++++++++++++++++++++++++++++++++++++")
fmt.Println("Before Mutate Policy: ", len(policies))
mutatedPolicies, err := mutatePolices(policies) mutatedPolicies, err := mutatePolices(policies)
fmt.Println("++++++++++++++++++++++++++++++++++++++++++")
fmt.Println("Mutate Policy: ", len(mutatedPolicies))
msgPolicies := "1 policy" msgPolicies := "1 policy"
if len(mutatedPolicies) > 1 { if len(mutatedPolicies) > 1 {
msgPolicies = fmt.Sprintf("%d policies", len(policies)) msgPolicies = fmt.Sprintf("%d policies", len(policies))
@ -219,10 +203,6 @@ func Command() *cobra.Command {
msgResources = fmt.Sprintf("%d resources", len(resources)) msgResources = fmt.Sprintf("%d resources", len(resources))
} }
//if len(mutatedPolicies) == 0 || len(resources) == 0 {
// return
//}
if len(mutatedPolicies) > 0 && len(resources) > 0 { if len(mutatedPolicies) > 0 && len(resources) > 0 {
fmt.Printf("\napplying %s to %s \n", msgPolicies, msgResources) fmt.Printf("\napplying %s to %s \n", msgPolicies, msgResources)
} }
@ -230,10 +210,6 @@ func Command() *cobra.Command {
rc := &resultCounts{} rc := &resultCounts{}
engineResponses := make([]response.EngineResponse, 0) engineResponses := make([]response.EngineResponse, 0)
for _, policy := range mutatedPolicies { for _, policy := range mutatedPolicies {
//
//fmt.Println("______________________")
//fmt.Println(policy)
err := policy2.Validate(utils.MarshalPolicy(*policy), nil, true, openAPIController) err := policy2.Validate(utils.MarshalPolicy(*policy), nil, true, openAPIController)
if err != nil { if err != nil {
rc.skip += len(resources) rc.skip += len(resources)
@ -252,23 +228,6 @@ func Command() *cobra.Command {
} }
for _, resource := range resources { for _, resource := range resources {
//fmt.Println("Inside loop ....")
//fmt.Println(resource)
fmt.Println("*******************")
bytes, _ := resource.MarshalJSON()
prr :=
json.Unmarshal(bytes, &prr)
//for _, r := range prr.Results {
// fmt.Println(r.Policy)
//
//}
fmt.Println(prr.Summary)
// get values from file for this policy resource combination // get values from file for this policy resource combination
thisPolicyResourceValues := make(map[string]string) thisPolicyResourceValues := make(map[string]string)
if len(valuesMap[policy.GetName()]) != 0 && !reflect.DeepEqual(valuesMap[policy.GetName()][resource.GetName()], Resource{}) { if len(valuesMap[policy.GetName()]) != 0 && !reflect.DeepEqual(valuesMap[policy.GetName()][resource.GetName()], Resource{}) {
@ -283,8 +242,6 @@ func Command() *cobra.Command {
return sanitizedError.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) return sanitizedError.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err)
} }
ers, err := applyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, rc) ers, err := applyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, rc)
if err != nil { if err != nil {
return sanitizedError.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) return sanitizedError.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err)
@ -293,49 +250,20 @@ func Command() *cobra.Command {
} }
} }
if policyReport { if policyReport {
fmt.Println("-----------------------------------------------------")
fmt.Println("PolicyReport is Called")
resps := buildPolicyReports(engineResponses) resps := buildPolicyReports(engineResponses)
fmt.Println("----------------------------------------------------------------------\nPOLICY REPORT:")
for _, u := range resps { for _, u := range resps {
fmt.Println("*******************") fmt.Println("----------------------------------------------------------------------")
bytes, _ := u.MarshalJSON() yamlResp, _ := yaml1.Marshal(u)
fmt.Println(string(yamlResp))
prr := report.ClusterPolicyReport{}
json.Unmarshal(bytes, &prr)
//for _, r := range prr.Results {
// fmt.Println(r.Policy)
//
//}
fmt.Println(prr.Summary)
//fmt.Println("Name: ", u.GetName())
//fmt.Println("Kind: ", u.GetKind())
//fmt.Println("Results: ", u.UnstructuredContent()["results"])
//
//results := u.UnstructuredContent()["results"]
//
//resultsMap := results.(report.PolicyReportResult)
//
//for k, v := range resultsMap {
// fmt.Println(k, v)
//}
//
//fmt.Println("Summary: ", u.UnstructuredContent()["summary"])
} }
} else { } else {
rcCount := rc.pass + rc.fail + rc.warn + rc.error + rc.skip rcCount := rc.pass + rc.fail + rc.warn + rc.error + rc.skip
if rcCount < len(resourcePaths) { if rcCount < len(resourcePaths) {
rc.skip += len(resourcePaths) - rcCount rc.skip += len(resourcePaths) - rcCount
} }
fmt.Println("PolicyViolation is Called")
fmt.Printf("\npass: %d, fail: %d, warn: %d, error: %d, skip: %d \n", fmt.Printf("\npass: %d, fail: %d, warn: %d, error: %d, skip: %d \n",
rc.pass, rc.fail, rc.warn, rc.error, rc.skip) rc.pass, rc.fail, rc.warn, rc.error, rc.skip)
@ -354,15 +282,12 @@ func Command() *cobra.Command {
cmd.Flags().StringVarP(&variablesString, "set", "s", "", "Variables that are required") cmd.Flags().StringVarP(&variablesString, "set", "s", "", "Variables that are required")
cmd.Flags().StringVarP(&valuesFile, "values_file", "f", "", "File containing values for policy variables") cmd.Flags().StringVarP(&valuesFile, "values_file", "f", "", "File containing values for policy variables")
cmd.Flags().BoolVarP(&policyReport, "policy_report", "", false, "Generates policy report when passed (default policyviolation r") cmd.Flags().BoolVarP(&policyReport, "policy_report", "", false, "Generates policy report when passed (default policyviolation r")
//cmd.Flags().StringVarP(&policyScope, "policy_scope", "", "", "Optional Policy parameter passed with cluster flag")
//cmd.Flags().StringVarP(&resourceScope, "resource_scope", "", "", "Optional Resource parameter passed with cluster flag")
cmd.Flags().StringVarP(&namespace, "namespace", "n", "", "Optional Policy parameter passed with cluster flag") cmd.Flags().StringVarP(&namespace, "namespace", "n", "", "Optional Policy parameter passed with cluster flag")
return cmd return cmd
} }
// applyPolicyOnResource - function to apply policy on resource // applyPolicyOnResource - function to apply policy on resource
func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, rc *resultCounts) ([]response.EngineResponse , error) { func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, rc *resultCounts) ([]response.EngineResponse , error) {
//fmt.Println("applyPolicyOnResource called")
responseError := false responseError := false
engineResponses := make([]response.EngineResponse, 0) engineResponses := make([]response.EngineResponse, 0)
@ -460,9 +385,6 @@ func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
rc.pass++ rc.pass++
} }
//fmt.Println("---------------------")
//fmt.Println(rc)
return engineResponses, nil return engineResponses, nil
} }
@ -525,7 +447,6 @@ func createFileOrFolder(mutateLogPath string, mutateLogPathIsDir bool) error {
if len(s) > 1 { if len(s) > 1 {
folderPath = mutateLogPath[:len(mutateLogPath)-len(s[len(s)-1])-1] folderPath = mutateLogPath[:len(mutateLogPath)-len(s[len(s)-1])-1]
_, err := os.Stat(folderPath) _, err := os.Stat(folderPath)
//fmt.Println(err)
if os.IsNotExist(err) { if os.IsNotExist(err) {
errDir := os.MkdirAll(folderPath, 0755) errDir := os.MkdirAll(folderPath, 0755)
if errDir != nil { if errDir != nil {

6
pkg/kyverno/common/common.go
View file

@ -37,7 +37,6 @@ func GetPolicies(paths []string, cluster bool, dClient *client.Client, namespace
path = filepath.Clean(path) path = filepath.Clean(path)
fileDesc, err := os.Stat(path) fileDesc, err := os.Stat(path)
if err != nil { if err != nil {
//fmt.Println(err)
p, err := getPolicyFromCluster(path, cluster, dClient, namespace) p, err := getPolicyFromCluster(path, cluster, dClient, namespace)
if err != nil { if err != nil {
@ -97,7 +96,6 @@ func getPolicyFromCluster(policyName string, cluster bool, dClient *client.Clien
policyBytes, err := json.Marshal(policy.Object) policyBytes, err := json.Marshal(policy.Object)
if err != nil { if err != nil {
//fmt.Println(err)
return &v1.ClusterPolicy{}, err return &v1.ClusterPolicy{}, err
} }
@ -105,7 +103,6 @@ func getPolicyFromCluster(policyName string, cluster bool, dClient *client.Clien
err = json.Unmarshal(policyBytes, &p) err = json.Unmarshal(policyBytes, &p)
if err != nil { if err != nil {
//fmt.Println(err)
return &v1.ClusterPolicy{}, err return &v1.ClusterPolicy{}, err
} }
@ -141,14 +138,12 @@ func getPoliciesFromCluster(cluster bool, dClient *client.Client, namespace stri
policyList, err := dClient.ListResource("", "ClusterPolicy", namespace, nil) policyList, err := dClient.ListResource("", "ClusterPolicy", namespace, nil)
if err != nil { if err != nil {
//fmt.Println("----------error: ", err)
return res, err return res, err
} }
for _, policy := range policyList.Items { for _, policy := range policyList.Items {
policyBytes, err := json.Marshal(policy.Object) policyBytes, err := json.Marshal(policy.Object)
if err != nil { if err != nil {
//fmt.Println(err)
return res, err return res, err
} }
@ -156,7 +151,6 @@ func getPoliciesFromCluster(cluster bool, dClient *client.Client, namespace stri
err = json.Unmarshal(policyBytes, &p) err = json.Unmarshal(policyBytes, &p)
if err != nil { if err != nil {
//fmt.Println(err)
return res, err return res, err
} }

2
pkg/kyverno/common/fetch.go
View file

@ -20,7 +20,6 @@ import (
// - local paths to resources, if given // - local paths to resources, if given
// - the k8s cluster, if given // - the k8s cluster, if given
func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient *client.Client, cluster bool, namespace string) ([]*unstructured.Unstructured, error) { func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient *client.Client, cluster bool, namespace string) ([]*unstructured.Unstructured, error) {
//var resources []*unstructured.Unstructured
resources := make([]*unstructured.Unstructured, 0) resources := make([]*unstructured.Unstructured, 0)
var err error var err error
@ -139,7 +138,6 @@ func getResourcesOfTypeFromCluster(resourceTypes []string, dClient *client.Clien
r[kind] = make(map[string]*unstructured.Unstructured) r[kind] = make(map[string]*unstructured.Unstructured)
resourceList, err := dClient.ListResource("", kind, namespace, nil) resourceList, err := dClient.ListResource("", kind, namespace, nil)
if err != nil { if err != nil {
//fmt.Println(err)
return nil, err return nil, err
} }
version := resourceList.GetAPIVersion() version := resourceList.GetAPIVersion()