From 4f63ef5bc1ec9830c7e02831f0c938a6ddcfb60e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Tue, 4 Feb 2025 15:35:52 +0100 Subject: [PATCH] feat: consider Warn validation action (#12081) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- pkg/webhooks/resource/vpol/handler.go | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/pkg/webhooks/resource/vpol/handler.go b/pkg/webhooks/resource/vpol/handler.go index 4ac1d86640..b48f2740b3 100644 --- a/pkg/webhooks/resource/vpol/handler.go +++ b/pkg/webhooks/resource/vpol/handler.go @@ -35,7 +35,12 @@ func (h *handler) Validate(ctx context.Context, logger logr.Logger, request hand if err != nil { return admissionutils.Response(request.UID, err) } + return admissionResponse(response, request) +} + +func admissionResponse(response celengine.EngineResponse, request handlers.AdmissionRequest) handlers.AdmissionResponse { var errs []error + var warnings []string for _, policy := range response.Policies { if policy.Actions.Has(admissionregistrationv1.Deny) { for _, rule := range policy.Rules { @@ -47,7 +52,16 @@ func (h *handler) Validate(ctx context.Context, logger logr.Logger, request hand } } } + if policy.Actions.Has(admissionregistrationv1.Warn) { + for _, rule := range policy.Rules { + switch rule.Status() { + case engineapi.RuleStatusFail: + warnings = append(warnings, fmt.Sprintf("Policy %s rule %s failed: %s", policy.Policy.GetName(), rule.Name(), rule.Message())) + case engineapi.RuleStatusError: + warnings = append(warnings, fmt.Sprintf("Policy %s rule %s error: %s", policy.Policy.GetName(), rule.Name(), rule.Message())) + } + } + } } - // TODO: reporting - return admissionutils.Response(request.UID, multierr.Combine(errs...)) + return admissionutils.Response(request.UID, multierr.Combine(errs...), warnings...) }