mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 07:26:55 +00:00
Code Activity

bug: add severity and category in cluster policy report (#7828)

Browse source 
* test: add test for severity and category

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix: add severity and category to cpol report

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* refactor: reuse report util SeverityFromString

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
This commit is contained in:
Vishal Choudhary 2023-07-19 11:46:37 +05:30 committed by GitHub
parent b741187a73
commit 1fff5ba767
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cmd/cli/kubectl-kyverno/apply/report.go
View file

@ -98,7 +98,9 @@ func buildPolicyResults(auditWarn bool, engineResponses ...engineapi.EngineRespo
UID: engineResponse.Resource.GetUID(),
},
},
Scored: true,
Scored: true,
Category: ann[kyverno.AnnotationPolicyCategory],
Severity: reportutils.SeverityFromString(ann[kyverno.AnnotationPolicySeverity]),
}
if ruleResponse.Status() == engineapi.RuleStatusSkip {

6
cmd/cli/kubectl-kyverno/apply/report_test.go
View file

@ -17,7 +17,9 @@ var rawPolicy = []byte(`
"metadata": {
"name": "pod-requirements",
"annotations": {
"pod-policies.kyverno.io/autogen-controllers": "none"
"pod-policies.kyverno.io/autogen-controllers": "none",
"policies.kyverno.io/severity": "medium",
"policies.kyverno.io/category": "Pod Security Standards (Restricted)"
}
},
"spec": {
@ -109,6 +111,8 @@ func Test_buildPolicyReports(t *testing.T) {
assert.Assert(t, report.GetName() == clusterpolicyreport)
assert.Assert(t, report.Kind == "ClusterPolicyReport")
assert.Assert(t, len(report.Results) == 2)
assert.Equal(t, string(report.Results[0].Severity), "medium")
assert.Equal(t, report.Results[0].Category, "Pod Security Standards (Restricted)")
assert.Assert(t, report.Summary.Pass == 1, report.Summary.Pass)
}
}

4
pkg/utils/report/results.go
View file

@ -69,7 +69,7 @@ func toPolicyResult(status engineapi.RuleStatus) policyreportv1alpha2.PolicyResu
return ""
}
func severityFromString(severity string) policyreportv1alpha2.PolicySeverity {
func SeverityFromString(severity string) policyreportv1alpha2.PolicySeverity {
switch severity {
case policyreportv1alpha2.SeverityHigh:
return policyreportv1alpha2.SeverityHigh
@ -97,7 +97,7 @@ func EngineResponseToReportResults(response engineapi.EngineResponse) []policyre
Seconds: time.Now().Unix(),
},
Category: annotations[kyverno.AnnotationPolicyCategory],
Severity: severityFromString(annotations[kyverno.AnnotationPolicySeverity]),
Severity: SeverityFromString(annotations[kyverno.AnnotationPolicySeverity]),
}
pss := ruleResult.PodSecurityChecks()
if pss != nil {