create events for processExisting

2025-03-31 03:45:17 +00:00 · 2019-06-26 12:19:11 -07:00 · 2019-06-26 12:19:11 -07:00 · 42d24f6cc7
commit 42d24f6cc7
parent 059993a78f
9 changed files with 90 additions and 39 deletions
--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@ -2,8 +2,12 @@ package controller

 import (
 	"fmt"
+	"strings"
 	"time"

+	"github.com/nirmata/kyverno/pkg/info"
+	"github.com/nirmata/kyverno/pkg/result"
+
 	"github.com/nirmata/kyverno/pkg/engine"

 	"github.com/golang/glog"
@ -27,7 +31,7 @@ type PolicyController struct {
 	policyLister     lister.PolicyLister
 	policySynced     cache.InformerSynced
 	violationBuilder violation.Generator
-	eventBuilder     event.Generator
+	eventController  event.Generator
 	queue            workqueue.RateLimitingInterface
 }

@ -42,7 +46,7 @@ func NewPolicyController(client *client.Client,
 		policyLister:     policyInformer.GetLister(),
 		policySynced:     policyInformer.GetInfomer().HasSynced,
 		violationBuilder: violationBuilder,
-		eventBuilder:     eventController,
+		eventController:  eventController,
 		queue:            workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), policyWorkQueueName),
 	}

@ -175,15 +179,53 @@ func (pc *PolicyController) syncHandler(obj interface{}) error {
 	// get the violations and pass to violation Builder
 	// get the events and pass to event Builder
 	//TODO: processPolicy
-	policyInfos := engine.ProcessExisting(pc.client, policy)
-	// Create events from the policyInfo
-	for _, policyInfo := range policyInfos {
-		if !policyInfo.IsSuccessful() {
-			// Create Policy Violation for Mutation rules
-			// Create Policy Violation for Generation rules
-			// Create Events for Violation rules
-		}
-	}
 	glog.Infof("process policy %s on existing resources", policy.GetName())
+	policyInfos := engine.ProcessExisting(pc.client, policy)
+	createEvents(pc.eventController, policyInfos)
 	return nil
 }
+
+func createEvents(eventController event.Generator, policyInfos []*info.PolicyInfo) {
+	events := []event.Info{}
+	// Create events from the policyInfo
+	for _, policyInfo := range policyInfos {
+		fruleNames := []string{}
+		sruleNames := []string{}
+		if !policyInfo.IsSuccessful() {
+			// Create Policy Violation on Policy for Mutation rules
+			// Create Event on Resource for Mutation rules
+			for _, rule := range policyInfo.Rules {
+				if rule.RuleType == info.Mutation {
+					fruleNames = append(fruleNames, rule.Name)
+					e := event.NewEvent(policyInfo.Kind, policyInfo.Resource, result.Violation, event.FProcessRule, rule.Name, policyInfo.Name)
+					events = append(events, e)
+				}
+				// Create Policy Violation for Generation rules
+				if rule.RuleType == info.Generation {
+					fruleNames = append(fruleNames, rule.Name)
+					e := event.NewEvent(policyInfo.Kind, policyInfo.Resource, result.Violation, event.FProcessRule, rule.Name, policyInfo.Name)
+					events = append(events, e)
+
+				}
+				// Create Policy Violation for Violation rules
+				if rule.RuleType == info.Generation {
+					fruleNames = append(fruleNames, rule.Name)
+					// create a mutaton event
+					e := event.NewEvent(policyInfo.Kind, policyInfo.Resource, result.Violation, event.FProcessRule, rule.Name, policyInfo.Name)
+					events = append(events, e)
+				}
+				sruleNames = append(sruleNames, rule.Name)
+			}
+			// Create Event
+			// list of failed rules : ruleNames
+			e := event.NewEvent("Policy", policyInfo.Name, result.Violation, event.FResourcePolcy, policyInfo.Name+"/"+policyInfo.Namespace, strings.Join(fruleNames, ";"))
+			events = append(events, e)
+		} else {
+			// Policy was processed succesfully
+			e := event.NewEvent("Policy", policyInfo.Name, result.Success, event.SPolicyApply, policyInfo.Name)
+			events = append(events, e)
+			// Policy applied succesfully on resource
+			e = event.NewEvent(policyInfo.Kind, policyInfo.Name, result.Success, event.SRuleApply, strings.Join(sruleNames, ";"), policyInfo.Name)
+		}
+	}
+}
--- a/pkg/dclient/client.go
+++ b/pkg/dclient/client.go
@ -180,7 +180,7 @@ func convertToUnstructured(obj interface{}) *unstructured.Unstructured {
 }

 // GenerateResource creates resource of the specified kind(supports 'clone' & 'data')
-func (c *Client) GenerateResource(generator types.Generation, namespace string) error {
+func (c *Client) GenerateResource(generator types.Generation, namespace string, processExistingResources bool) error {
 	var err error
 	rGVR := c.DiscoveryClient.GetGVRFromKind(generator.Kind)
 	resource := &unstructured.Unstructured{}
--- a/pkg/engine/engine.go
+++ b/pkg/engine/engine.go
@ -69,7 +69,7 @@ func ProcessExisting(client *client.Client, policy *types.Policy) []*info.Policy
 }

 func applyPolicy(client *client.Client, policy *types.Policy, res *resourceInfo) (*info.PolicyInfo, error) {
-	policyInfo := info.NewPolicyInfo(policy.Name, res.resource.GetName(), res.resource.GetNamespace())
+	policyInfo := info.NewPolicyInfo(policy.Name, res.gvk.Kind, res.resource.GetName(), res.resource.GetNamespace())
 	glog.Infof("Applying policy %s with %d rules\n", policy.ObjectMeta.Name, len(policy.Spec.Rules))
 	rawResource, err := res.resource.MarshalJSON()
 	if err != nil {
@ -88,7 +88,7 @@ func applyPolicy(client *client.Client, policy *types.Policy, res *resourceInfo)
 		return nil, err
 	}
 	// Generate
-	gruleInfos := Generate(client, *policy, rawResource, *res.gvk)
+	gruleInfos := Generate(client, *policy, rawResource, *res.gvk, false)
 	policyInfo.AddRuleInfos(gruleInfos)

 	return policyInfo, nil
--- a/pkg/engine/generation.go
+++ b/pkg/engine/generation.go
@ -11,7 +11,7 @@ import (
 )

 // Generate should be called to process generate rules on the resource
-func Generate(client *client.Client, policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) []*info.RuleInfo {
+func Generate(client *client.Client, policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind, processExisting bool) []*info.RuleInfo {
 	ris := []*info.RuleInfo{}

 	for _, rule := range policy.Spec.Rules {
@ -27,7 +27,7 @@ func Generate(client *client.Client, policy kubepolicy.Policy, rawResource []byt
 			continue
 		}

-		err := applyRuleGenerator(client, rawResource, rule.Generation, gvk)
+		err := applyRuleGenerator(client, rawResource, rule.Generation, gvk, processExisting)
 		if err != nil {
 			ri.Fail()
 			ri.Addf(" Failed to apply rule generator. err %v", err)
@ -39,12 +39,12 @@ func Generate(client *client.Client, policy kubepolicy.Policy, rawResource []byt
 	return ris
 }

-func applyRuleGenerator(client *client.Client, rawResource []byte, generator *kubepolicy.Generation, gvk metav1.GroupVersionKind) error {
+func applyRuleGenerator(client *client.Client, rawResource []byte, generator *kubepolicy.Generation, gvk metav1.GroupVersionKind, processExistingResources bool) error {

 	var err error

 	namespace := ParseNameFromObject(rawResource)
-	err = client.GenerateResource(*generator, namespace)
+	err = client.GenerateResource(*generator, namespace, processExistingResources)
 	if err != nil {
 		return fmt.Errorf("Unable to apply generator for %s '%s/%s' : %v", generator.Kind, namespace, generator.Name, err)
 	}
--- a/pkg/engine/utils.go
+++ b/pkg/engine/utils.go
@ -56,7 +56,8 @@ func parseMetadataFromObject(bytes []byte) map[string]interface{} {
 	return objectJSON["metadata"].(map[string]interface{})
 }

-func parseKindFromObject(bytes []byte) string {
+//ParseKindFromObject get kind from resource
+func ParseKindFromObject(bytes []byte) string {
 	var objectJSON map[string]interface{}
 	json.Unmarshal(bytes, &objectJSON)

--- a/pkg/event/msgbuilder.go
+++ b/pkg/event/msgbuilder.go
@ -5,12 +5,26 @@ import (
 	"regexp"
 )

+//MsgKey is an identified to determine the preset message formats
+type MsgKey int
+
+//Message id for pre-defined messages
+const (
+	FResourcePolcy MsgKey = iota
+	FProcessRule
+	SPolicyApply
+	SRuleApply
+	FPolicyApplyBlockCreate
+	FPolicyApplyBlockUpdate
+	FPolicyApplyBlockUpdateRule
+)
+
 func (k MsgKey) String() string {
 	return [...]string{
 		"Failed to satisfy policy on resource %s.The following rules %s failed to apply. Created Policy Violation",
-		"Failed to process rule %s of policy %s. Created Policy Violation %s",
+		"Failed to process rule %s of policy %s. Created Policy Violation",
 		"Policy applied successfully on the resource %s",
-		"Rule %s of Policy %s applied successful",
+		"Rules %s of Policy %s applied successful",
 		"Failed to apply policy, blocked creation of resource %s. The following rules %s failed to apply",
 		"Failed to apply rule %s of policy %s Blocked update of the resource",
 		"Failed to apply policy on resource %s.Blocked update of the resource. The following rules %s failed to apply",
--- a/pkg/event/util.go
+++ b/pkg/event/util.go
@ -13,17 +13,3 @@ type Info struct {
 	Reason   string
 	Message  string
 }
-
-//MsgKey is an identified to determine the preset message formats
-type MsgKey int
-
-//Message id for pre-defined messages
-const (
-	FResourcePolcy MsgKey = iota
-	FProcessRule
-	SPolicyApply
-	SRuleApply
-	FPolicyApplyBlockCreate
-	FPolicyApplyBlockUpdate
-	FPolicyApplyBlockUpdateRule
-)
--- a/pkg/info/info.go
+++ b/pkg/info/info.go
@ -9,16 +9,18 @@ import (
 type PolicyInfo struct {
 	Name      string
 	Resource  string
+	Kind      string
 	Namespace string
 	success   bool
 	Rules     []*RuleInfo
 }

 //NewPolicyInfo returns a new policy info
-func NewPolicyInfo(policyName string, resource string, ns string) *PolicyInfo {
+func NewPolicyInfo(policyName string, kind string, resource string, ns string) *PolicyInfo {
 	return &PolicyInfo{
 		Name:      policyName,
 		Resource:  resource,
+		Kind:      kind,
 		Namespace: ns,
 		success:   true, // fail to be set explicity
 	}
@ -53,7 +55,7 @@ const (
 type RuleInfo struct {
 	Name     string
 	Msgs     []string
-	ruleType RuleType
+	RuleType RuleType
 	success  bool
 }

@ -69,7 +71,7 @@ func NewRuleInfo(ruleName string, ruleType RuleType) *RuleInfo {
 	return &RuleInfo{
 		Name:     ruleName,
 		Msgs:     []string{},
-		ruleType: ruleType,
+		RuleType: ruleType,
 		success:  true, // fail to be set explicity
 	}
 }
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@ -152,7 +152,9 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) *v1be
 		}
 		rname := engine.ParseNameFromObject(request.Object.Raw)
 		rns := engine.ParseNamespaceFromObject(request.Object.Raw)
+		rkind := engine.ParseKindFromObject(request.Object.Raw)
 		policyInfo := info.NewPolicyInfo(policy.Name,
+			rkind,
 			rname,
 			rns)

@ -229,8 +231,10 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1
 		}
 		rname := engine.ParseNameFromObject(request.Object.Raw)
 		rns := engine.ParseNamespaceFromObject(request.Object.Raw)
+		rkind := engine.ParseKindFromObject(request.Object.Raw)

 		policyInfo := info.NewPolicyInfo(policy.Name,
+			rkind,
 			rname,
 			rns)

@ -298,15 +302,17 @@ func (ws *WebhookServer) HandleGeneration(request *v1beta1.AdmissionRequest) *v1
 		}
 		rname := engine.ParseNameFromObject(request.Object.Raw)
 		rns := engine.ParseNamespaceFromObject(request.Object.Raw)
+		rkind := engine.ParseKindFromObject(request.Object.Raw)

 		policyInfo := info.NewPolicyInfo(policy.Name,
+			rkind,
 			rname,
 			rns)
 		glog.V(3).Infof("Handling generation for Kind=%s, Namespace=%s Name=%s UID=%s patchOperation=%s",
 			request.Kind.Kind, rns, rname, request.UID, request.Operation)
 		glog.Infof("Applying  policy %s with generation %d rules", policy.ObjectMeta.Name, len(policy.Spec.Rules))

-		ruleInfos := engine.Generate(ws.client, *policy, request.Object.Raw, request.Kind)
+		ruleInfos := engine.Generate(ws.client, *policy, request.Object.Raw, request.Kind, false)
 		policyInfo.AddRuleInfos(ruleInfos)
 		if !policyInfo.IsSuccessful() {
 			glog.Infof("Failed to apply policy %s on resource %s/%s", policy.Name, rname, rns)