mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

truncate event messages to 1024 chars (#10255)

Browse source
This commit is contained in:
Jim Bugwadia 2024-05-20 01:16:30 -07:00 committed by GitHub
parent d580ae0dee
commit 46e5d818b1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 31 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
pkg/event/events.go
View file

@ -59,7 +59,12 @@ func buildPolicyEventMessage(resp engineapi.RuleResponse, resource engineapi.Res
fmt.Fprintf(&b, "; %s", resp.Message())
}
return b.String()
msg := b.String()
if len(msg) > 1024 {
msg = msg[0:1021] + "..."
}
return msg
}
func NewPolicyAppliedEvent(source Source, engineResponse engineapi.EngineResponse) Info {

25
pkg/event/events_test.go Normal file
View file

@ -0,0 +1,25 @@
package event
import (
"testing"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
"gotest.tools/assert"
)
func TestMessageLength(t *testing.T) {
msg := "policy psa/baseline fail: Validation rule 'baseline' failed. It violates PodSecurity \"restricted:latest\": (Forbidden reason: allowPrivilegeEscalation != false, field error list: [spec.containers[0].securityContext.allowPrivilegeEscalation is forbidden, forbidden values found: nil])(Forbidden reason: unrestricted capabilities, field error list: [spec.containers[0].securityContext.capabilities.drop: Required value])(Forbidden reason: host namespaces, field error list: [spec.hostNetwork is forbidden, forbidden values found: true])(Forbidden reason: hostPath volumes, field error list: [spec.volumes[1].hostPath is forbidden, forbidden values found: /run/xtables.lock, spec.volumes[2].hostPath is forbidden, forbidden values found: /lib/modules])(Forbidden reason: privileged, field error list: [spec.containers[0].securityContext.privileged is forbidden, forbidden values found: true])(Forbidden reason: restricted volume types, field error list: [spec.volumes[1].hostPath: Forbidden, spec.volumes[2].hostPath: Forbidden])(Forbidden reason: runAsNonRoot != true, field error list: [spec.containers[0].securityContext.runAsNonRoot: Required value])(Forbidden reason: seccompProfile, field error list: [spec.containers[0].securityContext.seccompProfile.type: Required value])"
assert.Assert(t, len(msg) > 1024)
resp := engineapi.NewRuleResponse("podSecurity", engineapi.Validation, msg, engineapi.RuleStatusFail)
resource := &engineapi.ResourceSpec{
Kind: "Pod",
APIVersion: "v1",
Namespace: "default",
UID: "9005aec3-f779-4d19-985b-3ff51a695cca",
}
eventMsg := buildPolicyEventMessage(*resp, *resource, true)
assert.Equal(t, 1024, len(eventMsg))
}