diff --git a/cmd/initContainer/main.go b/cmd/initContainer/main.go index ecb1ec5060..d01254a18f 100644 --- a/cmd/initContainer/main.go +++ b/cmd/initContainer/main.go @@ -340,6 +340,8 @@ func removePolicyReport(client dclient.Interface, kind string) error { return nil } +// Deprecated: New ClusterPolicyReports already has required labels, will be removed in +// 1.8.0 version func addClusterPolicyReportSelectorLabel(client dclient.Interface) { logger := log.Log.WithName("addClusterPolicyReportSelectorLabel") @@ -350,12 +352,14 @@ func addClusterPolicyReportSelectorLabel(client dclient.Interface) { } for _, cpolr := range cpolrs.Items { - if cpolr.GetName() == policyreport.GeneratePolicyReportName("") { + if cpolr.GetName() == policyreport.GeneratePolicyReportName("", "") { addSelectorLabel(client, cpolr.GetAPIVersion(), cpolr.GetKind(), "", cpolr.GetName()) } } } +// Deprecated: New PolicyReports already has required labels, will be removed in +// 1.8.0 version func addPolicyReportSelectorLabel(client dclient.Interface) { logger := log.Log.WithName("addPolicyReportSelectorLabel") @@ -366,7 +370,7 @@ func addPolicyReportSelectorLabel(client dclient.Interface) { } for _, polr := range polrs.Items { - if polr.GetName() == policyreport.GeneratePolicyReportName(polr.GetNamespace()) { + if polr.GetName() == policyreport.GeneratePolicyReportName(polr.GetNamespace(), "") { addSelectorLabel(client, polr.GetAPIVersion(), polr.GetKind(), polr.GetNamespace(), polr.GetName()) } } diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index 701bfc2668..8a4cf60dbe 100644 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -75,7 +75,6 @@ var ( clientRateLimitQPS float64 clientRateLimitBurst int changeRequestLimit int - splitPolicyReport bool webhookRegistrationTimeout time.Duration setupLog = log.Log.WithName("setup") ) @@ -105,7 +104,7 @@ func main() { flag.Func(toggle.AutogenInternalsFlagName, toggle.AutogenInternalsDescription, toggle.AutogenInternalsFlag) flag.DurationVar(&webhookRegistrationTimeout, "webhookRegistrationTimeout", 120*time.Second, "Timeout for webhook registration, e.g., 30s, 1m, 5m.") flag.IntVar(&changeRequestLimit, "maxReportChangeRequests", 1000, "Maximum pending report change requests per namespace or for the cluster-wide policy report.") - flag.BoolVar(&splitPolicyReport, "splitPolicyReport", false, "Set the flag to 'true', to enable the split-up PolicyReports per policy.") + flag.Func(toggle.SplitPolicyReportFlagName, "Set the flag to 'true', to enable the split-up PolicyReports per policy.", toggle.SplitPolicyReportFlag) if err := flag.Set("v", "2"); err != nil { setupLog.Error(err, "failed to set log level") os.Exit(1) @@ -216,7 +215,6 @@ func main() { kyvernoV1.ClusterPolicies(), kyvernoV1.Policies(), changeRequestLimit, - splitPolicyReport, log.Log.WithName("ReportChangeRequestGenerator"), ) @@ -229,7 +227,6 @@ func main() { kyvernoV1alpha2.ClusterReportChangeRequests(), kubeInformer.Core().V1().Namespaces(), reportReqGen.CleanupChangeRequest, - splitPolicyReport, log.Log.WithName("PolicyReportGenerator"), ) if err != nil { diff --git a/pkg/policy/report.go b/pkg/policy/report.go index 8fb7ab0670..b738dde13f 100644 --- a/pkg/policy/report.go +++ b/pkg/policy/report.go @@ -15,6 +15,7 @@ import ( "github.com/kyverno/kyverno/pkg/engine/response" "github.com/kyverno/kyverno/pkg/event" "github.com/kyverno/kyverno/pkg/policyreport" + "github.com/kyverno/kyverno/pkg/toggle" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" ) @@ -95,9 +96,9 @@ func (pc *PolicyController) forceReconciliation(reconcileCh <-chan bool, cleanup changeRequestMapperNamespace[ns] = false if err := pc.policyReportEraser.EraseResultEntries(eraseResultEntries, info.Namespace); err != nil { - logger.Error(err, "failed to erase result entries for the report", "report", policyreport.GeneratePolicyReportName(ns)) + logger.Error(err, "failed to erase result entries for the report", "report", policyreport.GeneratePolicyReportName(ns, "")) } else { - logger.V(3).Info("wiped out result entries for the report", "report", policyreport.GeneratePolicyReportName(ns)) + logger.V(3).Info("wiped out result entries for the report", "report", policyreport.GeneratePolicyReportName(ns, "")) } if info.MapperInactive { @@ -113,22 +114,19 @@ func (pc *PolicyController) forceReconciliation(reconcileCh <-chan bool, cleanup } } -func cleanupReportChangeRequests(pclient kyvernoclient.Interface, rcrLister kyvernov1alpha2listers.ReportChangeRequestLister, crcrLister kyvernov1alpha2listers.ClusterReportChangeRequestLister, labels map[string]string) error { +func cleanupReportChangeRequests(pclient kyvernoclient.Interface, rcrLister kyvernov1alpha2listers.ReportChangeRequestLister, crcrLister kyvernov1alpha2listers.ClusterReportChangeRequestLister, nslabels map[string]string) error { var errors []string - var gracePeriod int64 = 0 deleteOptions := metav1.DeleteOptions{GracePeriodSeconds: &gracePeriod} - selector := &metav1.LabelSelector{ - MatchLabels: labels, - } + selector := labels.SelectorFromSet(labels.Set(nslabels)) - err := pclient.KyvernoV1alpha2().ClusterReportChangeRequests().DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(selector)}) + err := pclient.KyvernoV1alpha2().ClusterReportChangeRequests().DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{LabelSelector: selector.String()}) if err != nil { errors = append(errors, err.Error()) } - err = pclient.KyvernoV1alpha2().ReportChangeRequests(config.KyvernoNamespace()).DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(selector)}) + err = pclient.KyvernoV1alpha2().ReportChangeRequests(config.KyvernoNamespace()).DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{LabelSelector: selector.String()}) if err != nil { errors = append(errors, err.Error()) } @@ -150,31 +148,37 @@ func eraseResultEntries(pclient kyvernoclient.Interface, reportLister policyrepo var polrName string if ns != nil { - polrName = policyreport.GeneratePolicyReportName(*ns) - if polrName != "" { - polr, err := reportLister.PolicyReports(*ns).Get(polrName) + if toggle.SplitPolicyReport() { + err = eraseSplitResultEntries(pclient, ns, selector) if err != nil { - return fmt.Errorf("failed to erase results entries for PolicyReport %s: %v", polrName, err) - } - - polr.Results = []v1alpha2.PolicyReportResult{} - polr.Summary = v1alpha2.PolicyReportSummary{} - if _, err = pclient.Wgpolicyk8sV1alpha2().PolicyReports(polr.GetNamespace()).Update(context.TODO(), polr, metav1.UpdateOptions{}); err != nil { - errors = append(errors, fmt.Sprintf("%s/%s/%s: %v", polr.Kind, polr.Namespace, polr.Name, err)) + errors = append(errors, fmt.Sprintf("%v", err)) } } else { - cpolr, err := clusterReportLister.Get(polrName) - if err != nil { - errors = append(errors, err.Error()) - } + polrName = policyreport.GeneratePolicyReportName(*ns, "") + if polrName != "" { + polr, err := reportLister.PolicyReports(*ns).Get(polrName) + if err != nil { + return fmt.Errorf("failed to erase results entries for PolicyReport %s: %v", polrName, err) + } - cpolr.Results = []v1alpha2.PolicyReportResult{} - cpolr.Summary = v1alpha2.PolicyReportSummary{} - if _, err = pclient.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(context.TODO(), cpolr, metav1.UpdateOptions{}); err != nil { - return fmt.Errorf("failed to erase results entries for ClusterPolicyReport %s: %v", polrName, err) + polr.Results = []v1alpha2.PolicyReportResult{} + polr.Summary = v1alpha2.PolicyReportSummary{} + if _, err = pclient.Wgpolicyk8sV1alpha2().PolicyReports(polr.GetNamespace()).Update(context.TODO(), polr, metav1.UpdateOptions{}); err != nil { + errors = append(errors, fmt.Sprintf("%s/%s/%s: %v", polr.Kind, polr.Namespace, polr.Name, err)) + } + } else { + cpolr, err := clusterReportLister.Get(policyreport.GeneratePolicyReportName(*ns, "")) + if err != nil { + errors = append(errors, err.Error()) + } + + cpolr.Results = []v1alpha2.PolicyReportResult{} + cpolr.Summary = v1alpha2.PolicyReportSummary{} + if _, err = pclient.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(context.TODO(), cpolr, metav1.UpdateOptions{}); err != nil { + return fmt.Errorf("failed to erase results entries for ClusterPolicyReport %s: %v", polrName, err) + } } } - if len(errors) == 0 { return nil } @@ -213,6 +217,44 @@ func eraseResultEntries(pclient kyvernoclient.Interface, reportLister policyrepo return fmt.Errorf("failed to erase results entries %v", strings.Join(errors, ";")) } +func eraseSplitResultEntries(pclient kyvernoclient.Interface, ns *string, selector labels.Selector) error { + var errors []string + + if ns != nil { + if *ns != "" { + polrs, err := pclient.Wgpolicyk8sV1alpha2().PolicyReports(*ns).List(context.TODO(), metav1.ListOptions{LabelSelector: selector.String()}) + if err != nil { + return fmt.Errorf("failed to list PolicyReports for given namespace %s : %v", *ns, err) + } + for _, polr := range polrs.Items { + polr := polr + polr.Results = []v1alpha2.PolicyReportResult{} + polr.Summary = v1alpha2.PolicyReportSummary{} + if _, err := pclient.Wgpolicyk8sV1alpha2().PolicyReports(polr.GetNamespace()).Update(context.TODO(), &polr, metav1.UpdateOptions{}); err != nil { + errors = append(errors, fmt.Sprintf("%s/%s/%s: %v", polr.Kind, polr.Namespace, polr.Name, err)) + } + } + } else { + cpolrs, err := pclient.Wgpolicyk8sV1alpha2().ClusterPolicyReports().List(context.TODO(), metav1.ListOptions{LabelSelector: selector.String()}) + if err != nil { + return fmt.Errorf("failed to list ClusterPolicyReports : %v", err) + } + for _, cpolr := range cpolrs.Items { + cpolr := cpolr + cpolr.Results = []v1alpha2.PolicyReportResult{} + cpolr.Summary = v1alpha2.PolicyReportSummary{} + if _, err := pclient.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(context.TODO(), &cpolr, metav1.UpdateOptions{}); err != nil { + errors = append(errors, fmt.Sprintf("%s/%s/%s: %v", cpolr.Kind, cpolr.Namespace, cpolr.Name, err)) + } + } + } + if len(errors) == 0 { + return nil + } + } + return fmt.Errorf("failed to erase results entries for split reports in namespace %s: %v", *ns, strings.Join(errors, ";")) +} + func (pc *PolicyController) requeuePolicies() { logger := pc.log.WithName("requeuePolicies") if cpols, err := pc.pLister.List(labels.Everything()); err == nil { diff --git a/pkg/policyreport/builder.go b/pkg/policyreport/builder.go index b1da866e6d..3534701232 100644 --- a/pkg/policyreport/builder.go +++ b/pkg/policyreport/builder.go @@ -14,6 +14,7 @@ import ( "github.com/kyverno/kyverno/pkg/config" "github.com/kyverno/kyverno/pkg/engine" "github.com/kyverno/kyverno/pkg/engine/response" + "github.com/kyverno/kyverno/pkg/toggle" "github.com/kyverno/kyverno/pkg/version" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -44,12 +45,20 @@ const ( SourceValue = "Kyverno" ) -func GeneratePolicyReportName(ns string) string { +func GeneratePolicyReportName(ns, policyName string) string { if ns == "" { + if toggle.SplitPolicyReport() { + return TrimmedName(clusterpolicyreport + "-" + policyName) + } return clusterpolicyreport } - name := fmt.Sprintf("polr-ns-%s", ns) + var name string + if toggle.SplitPolicyReport() { + name = fmt.Sprintf("polr-ns-%s-%s", ns, policyName) + } else { + name = fmt.Sprintf("polr-ns-%s", ns) + } if len(name) > 63 { return name[:63] } diff --git a/pkg/policyreport/changerequestcreator.go b/pkg/policyreport/changerequestcreator.go index 9caad97ad8..d4f8f9b9db 100644 --- a/pkg/policyreport/changerequestcreator.go +++ b/pkg/policyreport/changerequestcreator.go @@ -11,6 +11,7 @@ import ( "github.com/go-logr/logr" kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned" "github.com/kyverno/kyverno/pkg/config" + "github.com/kyverno/kyverno/pkg/toggle" "github.com/patrickmn/go-cache" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -44,15 +45,14 @@ type changeRequestCreator struct { log logr.Logger } -func newChangeRequestCreator(client kyvernoclient.Interface, tickerInterval time.Duration, splitPolicyReport bool, log logr.Logger) creator { +func newChangeRequestCreator(client kyvernoclient.Interface, tickerInterval time.Duration, log logr.Logger) creator { return &changeRequestCreator{ - client: client, - RCRCache: cache.New(0, 24*time.Hour), - CRCRCache: cache.New(0, 24*time.Hour), - queue: []string{}, - tickerInterval: tickerInterval, - splitPolicyReport: splitPolicyReport, - log: log, + client: client, + RCRCache: cache.New(0, 24*time.Hour), + CRCRCache: cache.New(0, 24*time.Hour), + queue: []string{}, + tickerInterval: tickerInterval, + log: log, } } @@ -114,7 +114,7 @@ func (c *changeRequestCreator) run(stopChan <-chan struct{}) { ticker := time.NewTicker(c.tickerInterval) defer ticker.Stop() - if c.splitPolicyReport { + if toggle.SplitPolicyReport() { err := CleanupPolicyReport(c.client) if err != nil { c.log.Error(err, "failed to delete old reports") diff --git a/pkg/policyreport/reportcontroller.go b/pkg/policyreport/reportcontroller.go index 3234eb32bd..08ef98a1ae 100644 --- a/pkg/policyreport/reportcontroller.go +++ b/pkg/policyreport/reportcontroller.go @@ -17,6 +17,7 @@ import ( policyreportv1alpha2listers "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha2" "github.com/kyverno/kyverno/pkg/config" "github.com/kyverno/kyverno/pkg/dclient" + "github.com/kyverno/kyverno/pkg/toggle" kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" "github.com/kyverno/kyverno/pkg/version" corev1 "k8s.io/api/core/v1" @@ -67,8 +68,6 @@ type ReportGenerator struct { reportChangeRequestLister kyvernov1alpha2listers.ReportChangeRequestLister clusterReportChangeRequestLister kyvernov1alpha2listers.ClusterReportChangeRequestLister nsLister corev1listers.NamespaceLister - // splitPolicyReport enable/disable the PolicyReport split-up per policy feature - splitPolicyReport bool informersSynced []cache.InformerSynced @@ -93,7 +92,6 @@ func NewReportGenerator( clusterReportReqInformer kyvernov1alpha2informers.ClusterReportChangeRequestInformer, namespace corev1informers.NamespaceInformer, cleanupChangeRequest chan<- ReconcileInfo, - splitPolicyReport bool, log logr.Logger, ) (*ReportGenerator, error) { gen := &ReportGenerator{ @@ -104,7 +102,6 @@ func NewReportGenerator( reportReqInformer: reportReqInformer, clusterReportReqInformer: clusterReportReqInformer, queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), prWorkQueueName), - splitPolicyReport: splitPolicyReport, ReconcileCh: make(chan bool, 10), cleanupChangeRequest: cleanupChangeRequest, log: log, @@ -137,7 +134,7 @@ func (g *ReportGenerator) generateCacheKey(changeRequest interface{}) string { if ns == "" { ns = "default" } - if g.splitPolicyReport { + if toggle.SplitPolicyReport() { policy = label[policyLabel] return strings.Join([]string{ns, policy}, "/") } else { @@ -150,7 +147,7 @@ func (g *ReportGenerator) generateCacheKey(changeRequest interface{}) string { if rule != "" || policy != "" { return strings.Join([]string{deletedPolicyKey, policy, rule}, "/") } - if g.splitPolicyReport { + if toggle.SplitPolicyReport() { policy = label[policyLabel] return strings.Join([]string{"", policy}, "/") } else { @@ -344,7 +341,7 @@ func (g *ReportGenerator) syncHandler(key string) (aggregatedRequests interface{ return g.removePolicyEntryFromReport(policy, rule) } var namespace, policyName string - if g.splitPolicyReport { + if toggle.SplitPolicyReport() { namespace = strings.Split(key, "/")[0] policyName = strings.Split(key, "/")[1] } else { @@ -355,7 +352,7 @@ func (g *ReportGenerator) syncHandler(key string) (aggregatedRequests interface{ return aggregatedRequests, fmt.Errorf("failed to aggregate reportChangeRequest results %v", err) } - if g.splitPolicyReport { + if toggle.SplitPolicyReport() { deleteResources := getDeletedResources(aggregatedRequests) if len(deleteResources) != 0 { for _, dr := range deleteResources { @@ -367,11 +364,7 @@ func (g *ReportGenerator) syncHandler(key string) (aggregatedRequests interface{ } var report *policyreportv1alpha2.PolicyReport - if g.splitPolicyReport { - report, err = g.reportLister.PolicyReports(namespace).Get(TrimmedName(GeneratePolicyReportName(namespace) + "-" + policyName)) - } else { - report, err = g.reportLister.PolicyReports(namespace).Get(GeneratePolicyReportName(namespace)) - } + report, err = g.reportLister.PolicyReports(namespace).Get(GeneratePolicyReportName(namespace, policyName)) if err == nil { if val, ok := report.GetLabels()[inactiveLabelKey]; ok && val == inactiveLabelVal { g.log.Info("got resourceExhausted error, please opt-in via \"splitPolicyReport\" to generate report per policy") @@ -423,11 +416,7 @@ func (g *ReportGenerator) createReportIfNotPresent(namespace, policyName string, return nil, nil } - if g.splitPolicyReport { - report, err = g.reportLister.PolicyReports(namespace).Get(TrimmedName(GeneratePolicyReportName(namespace) + "-" + policyName)) - } else { - report, err = g.reportLister.PolicyReports(namespace).Get(GeneratePolicyReportName(namespace)) - } + report, err = g.reportLister.PolicyReports(namespace).Get(GeneratePolicyReportName(namespace, policyName)) if err != nil { if apierrors.IsNotFound(err) && new != nil { polr, err := convertToPolr(new) @@ -447,12 +436,7 @@ func (g *ReportGenerator) createReportIfNotPresent(namespace, policyName string, return nil, fmt.Errorf("unable to get policyReport: %v", err) } } else { - - if g.splitPolicyReport { - report, err = g.clusterReportLister.Get(TrimmedName(GeneratePolicyReportName(namespace) + "-" + policyName)) - } else { - report, err = g.clusterReportLister.Get(GeneratePolicyReportName(namespace)) - } + report, err = g.clusterReportLister.Get(GeneratePolicyReportName(namespace, policyName)) if err != nil { if apierrors.IsNotFound(err) { if new != nil { @@ -514,7 +498,7 @@ func (g *ReportGenerator) removeFromClusterPolicyReport(policyName, ruleName str if ruleName != "" && result.Rule == ruleName && result.Policy == policyName { continue } else if ruleName == "" && result.Policy == policyName { - if g.splitPolicyReport { + if toggle.SplitPolicyReport() { if err := g.pclient.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Delete(context.TODO(), cpolr.GetName(), metav1.DeleteOptions{}); err != nil { if apierrors.IsNotFound(err) { return nil @@ -566,7 +550,7 @@ func (g *ReportGenerator) removeFromPolicyReport(policyName, ruleName string) er if ruleName != "" && result.Rule == ruleName && result.Policy == policyName { continue } else if ruleName == "" && result.Policy == policyName { - if g.splitPolicyReport { + if toggle.SplitPolicyReport() { if err := g.pclient.Wgpolicyk8sV1alpha2().PolicyReports(r.GetNamespace()).Delete(context.TODO(), r.GetName(), metav1.DeleteOptions{}); err != nil { if apierrors.IsNotFound(err) { return nil @@ -607,7 +591,7 @@ func (g *ReportGenerator) aggregateReports(namespace, policyName string) ( selector := labels.NewSelector() if namespace == "" { - if g.splitPolicyReport { + if toggle.SplitPolicyReport() { selector = labels.SelectorFromSet(labels.Set(map[string]string{appVersion: version.BuildVersion, policyLabel: TrimmedName(policyName)})) } else { selector = labels.SelectorFromSet(labels.Set(map[string]string{appVersion: version.BuildVersion})) @@ -633,7 +617,7 @@ func (g *ReportGenerator) aggregateReports(namespace, policyName string) ( ns.SetDeletionTimestamp(&now) } - if g.splitPolicyReport { + if toggle.SplitPolicyReport() { selector = labels.SelectorFromSet(labels.Set(map[string]string{appVersion: version.BuildVersion, ResourceLabelNamespace: namespace, policyLabel: TrimmedName(policyName)})) } else { selector = labels.SelectorFromSet(labels.Set(map[string]string{appVersion: version.BuildVersion, ResourceLabelNamespace: namespace})) @@ -733,20 +717,12 @@ func (g *ReportGenerator) setReport(reportUnstructured *unstructured.Unstructure } if ns == nil { - if g.splitPolicyReport { - reportUnstructured.SetName(TrimmedName(GeneratePolicyReportName("") + "-" + policyname)) - } else { - reportUnstructured.SetName(GeneratePolicyReportName("")) - } + reportUnstructured.SetName(GeneratePolicyReportName("", policyname)) reportUnstructured.SetKind("ClusterPolicyReport") return } - if g.splitPolicyReport { - reportUnstructured.SetName(TrimmedName(GeneratePolicyReportName(ns.GetName()) + "-" + policyname)) - } else { - reportUnstructured.SetName(GeneratePolicyReportName(ns.GetName())) - } + reportUnstructured.SetName(GeneratePolicyReportName(ns.GetName(), policyname)) reportUnstructured.SetNamespace(ns.GetName()) reportUnstructured.SetKind("PolicyReport") } diff --git a/pkg/policyreport/reportrequest.go b/pkg/policyreport/reportrequest.go index f9dbd79a3a..42ac552edd 100644 --- a/pkg/policyreport/reportrequest.go +++ b/pkg/policyreport/reportrequest.go @@ -70,7 +70,6 @@ func NewReportChangeRequestGenerator(client kyvernoclient.Interface, cpolInformer kyvernov1informers.ClusterPolicyInformer, polInformer kyvernov1informers.PolicyInformer, changeRequestLimit int, - splitPolicyReport bool, log logr.Logger, ) *Generator { gen := Generator{ @@ -84,7 +83,7 @@ func NewReportChangeRequestGenerator(client kyvernoclient.Interface, dataStore: newDataStore(), changeRequestLimit: changeRequestLimit, CleanupChangeRequest: make(chan ReconcileInfo, 10), - requestCreator: newChangeRequestCreator(client, 3*time.Second, splitPolicyReport, log.WithName("requestCreator")), + requestCreator: newChangeRequestCreator(client, 3*time.Second, log.WithName("requestCreator")), log: log, } diff --git a/pkg/toggle/toggle.go b/pkg/toggle/toggle.go index 7e76bccb37..0caa7fed5b 100644 --- a/pkg/toggle/toggle.go +++ b/pkg/toggle/toggle.go @@ -10,9 +10,17 @@ const ( AutogenInternalsDescription = "Enables autogen internal policies. When this is 'true' policy rules should not be mutated." AutogenInternalsEnvVar = "FLAG_AUTOGEN_INTERNALS" DefaultAutogenInternals = false + + // split policy report ... + SplitPolicyReportFlagName = "splitPolicyReport" + SplitPolicyReportEnvVar = "FLAG_SPLIT_POLICY_REPORT" + DefaultSplitPolicyReport = false ) -var autogenInternals *bool +var ( + autogenInternals *bool + splitPolicyReport *bool +) func getBool(in string) (*bool, error) { if in == "" { @@ -43,3 +51,22 @@ func AutogenInternals() bool { } return DefaultAutogenInternals } + +func SplitPolicyReportFlag(in string) error { + if value, err := getBool(in); err != nil { + return err + } else { + splitPolicyReport = value + return nil + } +} + +func SplitPolicyReport() bool { + if splitPolicyReport != nil { + return *splitPolicyReport + } + if value, err := getBool(os.Getenv(SplitPolicyReportEnvVar)); err == nil && value != nil { + return *value + } + return DefaultSplitPolicyReport +}