mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
refactor: reduce generic policy interface (#11974)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
9d11e8f98c
commit
61d69c9290
17 changed files with 54 additions and 136 deletions
|
|
@ -113,9 +113,9 @@ func Command() *cobra.Command {
|
|||
}
|
||||
if rule.RuleType() == engineapi.Mutation {
|
||||
if rule.Status() == engineapi.RuleStatusSkip {
|
||||
fmt.Fprintln(out, "\nskipped mutate policy", response.Policy().GetName(), "->", "resource", resPath)
|
||||
fmt.Fprintln(out, "\nskipped mutate policy", response.Policy().MetaObject().GetName(), "->", "resource", resPath)
|
||||
} else if rule.Status() == engineapi.RuleStatusError {
|
||||
fmt.Fprintln(out, "\nerror while applying mutate policy", response.Policy().GetName(), "->", "resource", resPath, "\nerror: ", rule.Message())
|
||||
fmt.Fprintln(out, "\nerror while applying mutate policy", response.Policy().MetaObject().GetName(), "->", "resource", resPath, "\nerror: ", rule.Message())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -125,9 +125,9 @@ func Command() *cobra.Command {
|
|||
auditWarn = true
|
||||
}
|
||||
if auditWarn {
|
||||
fmt.Fprintln(out, "policy", response.Policy().GetName(), "->", "resource", resPath, "failed as audit warning:")
|
||||
fmt.Fprintln(out, "policy", response.Policy().MetaObject().GetName(), "->", "resource", resPath, "failed as audit warning:")
|
||||
} else {
|
||||
fmt.Fprintln(out, "policy", response.Policy().GetName(), "->", "resource", resPath, "failed:")
|
||||
fmt.Fprintln(out, "policy", response.Policy().MetaObject().GetName(), "->", "resource", resPath, "failed:")
|
||||
}
|
||||
for i, rule := range failedRules {
|
||||
fmt.Fprintln(out, i+1, "-", rule.Name(), rule.Message())
|
||||
|
|
|
|||
|
|
@ -14,9 +14,10 @@ func printTable(out io.Writer, compact, auditWarn bool, engineResponses ...engin
|
|||
id := 1
|
||||
for _, engineResponse := range engineResponses {
|
||||
policy := engineResponse.Policy()
|
||||
policyName := policy.GetName()
|
||||
policyNamespace := policy.GetNamespace()
|
||||
scored := annotations.Scored(policy.GetAnnotations())
|
||||
policyMeta := policy.MetaObject()
|
||||
policyName := policyMeta.GetName()
|
||||
policyNamespace := policyMeta.GetNamespace()
|
||||
scored := annotations.Scored(policyMeta.GetAnnotations())
|
||||
resourceKind := engineResponse.Resource.GetKind()
|
||||
resourceNamespace := engineResponse.Resource.GetNamespace()
|
||||
resourceName := engineResponse.Resource.GetName()
|
||||
|
|
|
|||
|
|
@ -105,7 +105,7 @@ func printCheckResult(
|
|||
row := table.Row{
|
||||
RowCompact: table.RowCompact{
|
||||
ID: testCount,
|
||||
Policy: color.Policy("", response.Policy().GetName()),
|
||||
Policy: color.Policy("", response.Policy().MetaObject().GetName()),
|
||||
Rule: color.Rule(rule.Name()),
|
||||
Resource: color.Resource(response.Resource.GetKind(), response.Resource.GetNamespace(), response.Resource.GetName()),
|
||||
IsFailure: len(errs) != 0,
|
||||
|
|
@ -136,7 +136,7 @@ func printCheckResult(
|
|||
row := table.Row{
|
||||
RowCompact: table.RowCompact{
|
||||
ID: testCount,
|
||||
Policy: color.Policy("", response.Policy().GetName()),
|
||||
Policy: color.Policy("", response.Policy().MetaObject().GetName()),
|
||||
Rule: color.Rule(rule.Name()),
|
||||
Resource: color.Resource(response.Resource.GetKind(), response.Resource.GetNamespace(), response.Resource.GetName()),
|
||||
IsFailure: len(errs) != 0,
|
||||
|
|
@ -240,7 +240,7 @@ func printTestResult(
|
|||
if _, ok := responses.Trigger[resource]; ok {
|
||||
for _, response := range responses.Trigger[resource] {
|
||||
polNameNs := strings.Split(test.Policy, "/")
|
||||
if response.Policy().GetName() != polNameNs[len(polNameNs)-1] {
|
||||
if response.Policy().MetaObject().GetName() != polNameNs[len(polNameNs)-1] {
|
||||
continue
|
||||
}
|
||||
for _, rule := range lookupRuleResponses(test, response.PolicyResponse.Rules...) {
|
||||
|
|
|
|||
|
|
@ -399,7 +399,7 @@ func (p *PolicyProcessor) printOutput(resource interface{}, response engineapi.E
|
|||
resource := string(yamlEncodedResource) + string("\n---")
|
||||
if len(strings.TrimSpace(resource)) > 0 {
|
||||
if !p.Stdin {
|
||||
fmt.Fprintf(p.Out, "\npolicy %s applied to %s:", response.Policy().GetName(), resourcePath)
|
||||
fmt.Fprintf(p.Out, "\npolicy %s applied to %s:", response.Policy().MetaObject().GetName(), resourcePath)
|
||||
}
|
||||
fmt.Fprintf(p.Out, "\n"+resource+"\n") //nolint:govet
|
||||
if len(yamlEncodedTargetResources) > 0 {
|
||||
|
|
@ -416,7 +416,7 @@ func (p *PolicyProcessor) printOutput(resource interface{}, response engineapi.E
|
|||
mutateLogPath := filepath.Clean(p.MutateLogPath)
|
||||
filename := p.Resource.GetName() + "-mutated"
|
||||
if isGenerate {
|
||||
filename = response.Policy().GetName() + "-generated"
|
||||
filename = response.Policy().MetaObject().GetName() + "-generated"
|
||||
}
|
||||
|
||||
file, err = os.OpenFile(filepath.Join(mutateLogPath, filename+".yaml"), os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o600) // #nosec G304
|
||||
|
|
|
|||
|
|
@ -12,7 +12,8 @@ import (
|
|||
func ComputePolicyReportResult(auditWarn bool, engineResponse engineapi.EngineResponse, ruleResponse engineapi.RuleResponse) policyreportv1alpha2.PolicyReportResult {
|
||||
policy := engineResponse.Policy()
|
||||
policyType := policy.GetType()
|
||||
policyName := cache.MetaObjectToName(policy.MetaObject()).String()
|
||||
policyMeta := policy.MetaObject()
|
||||
policyName := cache.MetaObjectToName(policyMeta).String()
|
||||
resource := engineResponse.Resource
|
||||
resorceRef := &corev1.ObjectReference{
|
||||
Kind: resource.GetKind(),
|
||||
|
|
@ -23,7 +24,7 @@ func ComputePolicyReportResult(auditWarn bool, engineResponse engineapi.EngineRe
|
|||
ResourceVersion: resource.GetResourceVersion(),
|
||||
}
|
||||
|
||||
result := reportutils.ToPolicyReportResult(policyType, policyName, ruleResponse, policy.GetAnnotations(), resorceRef)
|
||||
result := reportutils.ToPolicyReportResult(policyType, policyName, ruleResponse, policyMeta.GetAnnotations(), resorceRef)
|
||||
if result.Result == policyreportv1alpha2.StatusFail {
|
||||
audit := engineResponse.GetValidationFailureAction().Audit()
|
||||
if audit && auditWarn {
|
||||
|
|
@ -60,7 +61,8 @@ func ComputePolicyReports(auditWarn bool, engineResponses ...engineapi.EngineRes
|
|||
var namespaced []policyreportv1alpha2.PolicyReport
|
||||
perPolicyResults := ComputePolicyReportResultsPerPolicy(auditWarn, engineResponses...)
|
||||
for policy, results := range perPolicyResults {
|
||||
if policy.GetNamespace() == "" {
|
||||
policyMeta := policy.MetaObject()
|
||||
if policyMeta.GetNamespace() == "" {
|
||||
report := policyreportv1alpha2.ClusterPolicyReport{
|
||||
TypeMeta: metav1.TypeMeta{
|
||||
APIVersion: policyreportv1alpha2.SchemeGroupVersion.String(),
|
||||
|
|
@ -69,7 +71,7 @@ func ComputePolicyReports(auditWarn bool, engineResponses ...engineapi.EngineRes
|
|||
Results: results,
|
||||
Summary: reportutils.CalculateSummary(results),
|
||||
}
|
||||
report.SetName(policy.GetName())
|
||||
report.SetName(policy.MetaObject().GetName())
|
||||
clustered = append(clustered, report)
|
||||
} else {
|
||||
report := policyreportv1alpha2.PolicyReport{
|
||||
|
|
@ -80,8 +82,8 @@ func ComputePolicyReports(auditWarn bool, engineResponses ...engineapi.EngineRes
|
|||
Results: results,
|
||||
Summary: reportutils.CalculateSummary(results),
|
||||
}
|
||||
report.SetName(policy.GetName())
|
||||
report.SetNamespace(policy.GetNamespace())
|
||||
report.SetName(policy.MetaObject().GetName())
|
||||
report.SetNamespace(policyMeta.GetNamespace())
|
||||
namespaced = append(namespaced, report)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -284,7 +284,7 @@ func (c *controller) needsReconcile(namespace, name, hash string, exceptions []k
|
|||
// if a policy or an exception changed, we need a partial reconcile
|
||||
expected := map[string]string{}
|
||||
for _, policy := range policies {
|
||||
expected[reportutils.PolicyLabel(policy)] = policy.GetResourceVersion()
|
||||
expected[reportutils.PolicyLabel(policy)] = policy.MetaObject().GetResourceVersion()
|
||||
}
|
||||
for _, exception := range exceptions {
|
||||
expected[reportutils.PolicyExceptionLabel(exception)] = exception.GetResourceVersion()
|
||||
|
|
@ -342,7 +342,7 @@ func (c *controller) reconcileReport(
|
|||
// build desired report
|
||||
expected := map[string]string{}
|
||||
for _, policy := range policies {
|
||||
expected[reportutils.PolicyLabel(policy)] = policy.GetResourceVersion()
|
||||
expected[reportutils.PolicyLabel(policy)] = policy.MetaObject().GetResourceVersion()
|
||||
}
|
||||
for _, exception := range exceptions {
|
||||
expected[reportutils.PolicyExceptionLabel(exception)] = exception.GetResourceVersion()
|
||||
|
|
@ -427,7 +427,7 @@ func (c *controller) reconcileReport(
|
|||
}
|
||||
}
|
||||
}
|
||||
if full || reevaluate || actual[reportutils.PolicyLabel(policy)] != policy.GetResourceVersion() {
|
||||
if full || reevaluate || actual[reportutils.PolicyLabel(policy)] != policy.MetaObject().GetResourceVersion() {
|
||||
scanner := utils.NewScanner(logger, c.engine, c.config, c.jp, c.client, c.reportsConfig)
|
||||
for _, result := range scanner.ScanResource(ctx, *target, nsLabels, bindings, policy) {
|
||||
if result.Error != nil {
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ func GenerateEvents(logger logr.Logger, eventGen event.Interface, config config.
|
|||
|
||||
func generateSuccessEvents(log logr.Logger, ers ...engineapi.EngineResponse) (eventInfos []event.Info) {
|
||||
for _, er := range ers {
|
||||
logger := log.WithValues("policy", er.Policy().GetName(), "kind", er.Resource.GetKind(), "namespace", er.Resource.GetNamespace(), "name", er.Resource.GetName())
|
||||
logger := log.WithValues("policy", er.Policy().MetaObject().GetName(), "kind", er.Resource.GetKind(), "namespace", er.Resource.GetNamespace(), "name", er.Resource.GetName())
|
||||
if !er.IsFailed() {
|
||||
logger.V(4).Info("generating event on policy for success rules")
|
||||
e := event.NewPolicyAppliedEvent(event.PolicyController, er)
|
||||
|
|
@ -52,7 +52,7 @@ func generateFailEvents(log logr.Logger, ers ...engineapi.EngineResponse) (event
|
|||
func generateFailEventsPerEr(log logr.Logger, er engineapi.EngineResponse) []event.Info {
|
||||
var eventInfos []event.Info
|
||||
logger := log.WithValues(
|
||||
"policy", er.Policy().GetName(),
|
||||
"policy", er.Policy().MetaObject().GetName(),
|
||||
"kind", er.Resource.GetKind(),
|
||||
"namespace", er.Resource.GetNamespace(),
|
||||
"name", er.Resource.GetName(),
|
||||
|
|
|
|||
|
|
@ -29,22 +29,12 @@ type GenericPolicy interface {
|
|||
AsKyvernoPolicy() kyvernov1.PolicyInterface
|
||||
// AsValidatingAdmissionPolicy returns the validating admission policy
|
||||
AsValidatingAdmissionPolicy() *admissionregistrationv1beta1.ValidatingAdmissionPolicy
|
||||
// AsValidatingPolicy returns the validating policy
|
||||
AsValidatingPolicy() *kyvernov2alpha1.ValidatingPolicy
|
||||
// GetType returns policy type
|
||||
GetType() PolicyType
|
||||
// GetAPIVersion returns policy API version
|
||||
GetAPIVersion() string
|
||||
// GetName returns policy name
|
||||
GetName() string
|
||||
// GetNamespace returns policy namespace
|
||||
GetNamespace() string
|
||||
// GetKind returns policy kind
|
||||
GetKind() string
|
||||
// GetResourceVersion returns policy resource version
|
||||
GetResourceVersion() string
|
||||
// GetAnnotations returns policy annotations
|
||||
GetAnnotations() map[string]string
|
||||
// IsNamespaced indicates if the policy is namespace scoped
|
||||
IsNamespaced() bool
|
||||
// MetaObject provides an object compatible with metav1.Object
|
||||
|
|
@ -63,10 +53,6 @@ func (p *KyvernoPolicy) AsValidatingAdmissionPolicy() *admissionregistrationv1be
|
|||
return nil
|
||||
}
|
||||
|
||||
func (p *KyvernoPolicy) AsValidatingPolicy() *kyvernov2alpha1.ValidatingPolicy {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *KyvernoPolicy) GetType() PolicyType {
|
||||
return KyvernoPolicyType
|
||||
}
|
||||
|
|
@ -75,26 +61,10 @@ func (p *KyvernoPolicy) GetAPIVersion() string {
|
|||
return "kyverno.io/v1"
|
||||
}
|
||||
|
||||
func (p *KyvernoPolicy) GetName() string {
|
||||
return p.policy.GetName()
|
||||
}
|
||||
|
||||
func (p *KyvernoPolicy) GetNamespace() string {
|
||||
return p.policy.GetNamespace()
|
||||
}
|
||||
|
||||
func (p *KyvernoPolicy) GetKind() string {
|
||||
return p.policy.GetKind()
|
||||
}
|
||||
|
||||
func (p *KyvernoPolicy) GetResourceVersion() string {
|
||||
return p.policy.GetResourceVersion()
|
||||
}
|
||||
|
||||
func (p *KyvernoPolicy) GetAnnotations() map[string]string {
|
||||
return p.policy.GetAnnotations()
|
||||
}
|
||||
|
||||
func (p *KyvernoPolicy) IsNamespaced() bool {
|
||||
return p.policy.IsNamespaced()
|
||||
}
|
||||
|
|
@ -121,10 +91,6 @@ func (p *ValidatingAdmissionPolicy) AsValidatingAdmissionPolicy() *admissionregi
|
|||
return &p.policy
|
||||
}
|
||||
|
||||
func (p *ValidatingAdmissionPolicy) AsValidatingPolicy() *kyvernov2alpha1.ValidatingPolicy {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *ValidatingAdmissionPolicy) GetType() PolicyType {
|
||||
return ValidatingAdmissionPolicyType
|
||||
}
|
||||
|
|
@ -133,26 +99,10 @@ func (p *ValidatingAdmissionPolicy) GetAPIVersion() string {
|
|||
return "admissionregistration.k8s.io/v1beta1"
|
||||
}
|
||||
|
||||
func (p *ValidatingAdmissionPolicy) GetName() string {
|
||||
return p.policy.GetName()
|
||||
}
|
||||
|
||||
func (p *ValidatingAdmissionPolicy) GetNamespace() string {
|
||||
return p.policy.GetNamespace()
|
||||
}
|
||||
|
||||
func (p *ValidatingAdmissionPolicy) GetKind() string {
|
||||
return "ValidatingAdmissionPolicy"
|
||||
}
|
||||
|
||||
func (p *ValidatingAdmissionPolicy) GetResourceVersion() string {
|
||||
return p.policy.GetResourceVersion()
|
||||
}
|
||||
|
||||
func (p *ValidatingAdmissionPolicy) GetAnnotations() map[string]string {
|
||||
return p.policy.GetAnnotations()
|
||||
}
|
||||
|
||||
func (p *ValidatingAdmissionPolicy) IsNamespaced() bool {
|
||||
return false
|
||||
}
|
||||
|
|
@ -179,10 +129,6 @@ func (p *MutatingAdmissionPolicy) AsValidatingAdmissionPolicy() *admissionregist
|
|||
return nil
|
||||
}
|
||||
|
||||
func (p *MutatingAdmissionPolicy) AsValidatingPolicy() *kyvernov2alpha1.ValidatingPolicy {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *MutatingAdmissionPolicy) GetType() PolicyType {
|
||||
return MutatingAdmissionPolicyType
|
||||
}
|
||||
|
|
@ -191,26 +137,10 @@ func (p *MutatingAdmissionPolicy) GetAPIVersion() string {
|
|||
return "admissionregistration.k8s.io/v1alpha1"
|
||||
}
|
||||
|
||||
func (p *MutatingAdmissionPolicy) GetName() string {
|
||||
return p.policy.GetName()
|
||||
}
|
||||
|
||||
func (p *MutatingAdmissionPolicy) GetNamespace() string {
|
||||
return p.policy.GetNamespace()
|
||||
}
|
||||
|
||||
func (p *MutatingAdmissionPolicy) GetKind() string {
|
||||
return "MutatingAdmissionPolicy"
|
||||
}
|
||||
|
||||
func (p *MutatingAdmissionPolicy) GetResourceVersion() string {
|
||||
return p.policy.GetResourceVersion()
|
||||
}
|
||||
|
||||
func (p *MutatingAdmissionPolicy) GetAnnotations() map[string]string {
|
||||
return p.policy.GetAnnotations()
|
||||
}
|
||||
|
||||
func (p *MutatingAdmissionPolicy) IsNamespaced() bool {
|
||||
return false
|
||||
}
|
||||
|
|
@ -237,10 +167,6 @@ func (p *ValidatingPolicy) AsValidatingAdmissionPolicy() *admissionregistrationv
|
|||
return nil
|
||||
}
|
||||
|
||||
func (p *ValidatingPolicy) AsValidatingPolicy() *kyvernov2alpha1.ValidatingPolicy {
|
||||
return &p.policy
|
||||
}
|
||||
|
||||
func (p *ValidatingPolicy) GetType() PolicyType {
|
||||
return ValidatingPolicyType
|
||||
}
|
||||
|
|
@ -249,26 +175,10 @@ func (p *ValidatingPolicy) GetAPIVersion() string {
|
|||
return kyvernov2alpha1.GroupVersion.String()
|
||||
}
|
||||
|
||||
func (p *ValidatingPolicy) GetName() string {
|
||||
return p.policy.GetName()
|
||||
}
|
||||
|
||||
func (p *ValidatingPolicy) GetNamespace() string {
|
||||
return ""
|
||||
}
|
||||
|
||||
func (p *ValidatingPolicy) GetKind() string {
|
||||
return "ValidatingPolicy"
|
||||
}
|
||||
|
||||
func (p *ValidatingPolicy) GetResourceVersion() string {
|
||||
return p.policy.GetResourceVersion()
|
||||
}
|
||||
|
||||
func (p *ValidatingPolicy) GetAnnotations() map[string]string {
|
||||
return p.policy.GetAnnotations()
|
||||
}
|
||||
|
||||
func (p *ValidatingPolicy) IsNamespaced() bool {
|
||||
return false
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,11 +18,12 @@ func NewPolicyFailEvent(source Source, reason Reason, engineResponse engineapi.E
|
|||
action = ResourceBlocked
|
||||
}
|
||||
pol := engineResponse.Policy()
|
||||
polMeta := pol.MetaObject()
|
||||
regarding := corev1.ObjectReference{
|
||||
APIVersion: pol.GetAPIVersion(),
|
||||
Kind: pol.GetKind(),
|
||||
Name: pol.GetName(),
|
||||
Namespace: pol.GetNamespace(),
|
||||
Name: polMeta.GetName(),
|
||||
Namespace: polMeta.GetNamespace(),
|
||||
UID: pol.MetaObject().GetUID(),
|
||||
}
|
||||
related := engineResponse.GetResourceSpec()
|
||||
|
|
@ -75,6 +76,7 @@ func NewPolicyAppliedEvent(source Source, engineResponse engineapi.EngineRespons
|
|||
|
||||
var action Action
|
||||
policy := engineResponse.Policy()
|
||||
policyMeta := policy.MetaObject()
|
||||
if policy.GetType() == engineapi.KyvernoPolicyType {
|
||||
pol := engineResponse.Policy().AsKyvernoPolicy()
|
||||
hasValidate := pol.GetSpec().HasValidate()
|
||||
|
|
@ -94,8 +96,8 @@ func NewPolicyAppliedEvent(source Source, engineResponse engineapi.EngineRespons
|
|||
regarding := corev1.ObjectReference{
|
||||
APIVersion: policy.GetAPIVersion(),
|
||||
Kind: policy.GetKind(),
|
||||
Name: policy.GetName(),
|
||||
Namespace: policy.GetNamespace(),
|
||||
Name: policyMeta.GetName(),
|
||||
Namespace: policyMeta.GetNamespace(),
|
||||
UID: policy.MetaObject().GetUID(),
|
||||
}
|
||||
related := engineResponse.GetResourceSpec()
|
||||
|
|
@ -120,7 +122,7 @@ func NewResourceViolationEvent(source Source, reason Reason, engineResponse engi
|
|||
defer bldr.Reset()
|
||||
|
||||
pol := engineResponse.Policy()
|
||||
fmt.Fprintf(&bldr, "policy %s/%s %s: %s", pol.GetName(),
|
||||
fmt.Fprintf(&bldr, "policy %s/%s %s: %s", pol.MetaObject().GetName(),
|
||||
ruleResp.Name(), ruleResp.Status(), ruleResp.Message())
|
||||
resource := engineResponse.GetResourceSpec()
|
||||
regarding := corev1.ObjectReference{
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ func PolicyLabelDomain(policy kyvernov1.PolicyInterface) string {
|
|||
}
|
||||
|
||||
func PolicyLabel(policy engineapi.GenericPolicy) string {
|
||||
return PolicyLabelPrefix(policy) + policy.GetName()
|
||||
return PolicyLabelPrefix(policy) + policy.MetaObject().GetName()
|
||||
}
|
||||
|
||||
func PolicyExceptionLabel(exception kyvernov2.PolicyException) string {
|
||||
|
|
@ -167,7 +167,7 @@ func SetResourceVersionLabels(report reportsv1.ReportInterface, resource *unstru
|
|||
}
|
||||
|
||||
func SetPolicyLabel(report reportsv1.ReportInterface, policy engineapi.GenericPolicy) {
|
||||
controllerutils.SetLabel(report, PolicyLabel(policy), policy.GetResourceVersion())
|
||||
controllerutils.SetLabel(report, PolicyLabel(policy), policy.MetaObject().GetResourceVersion())
|
||||
}
|
||||
|
||||
func SetPolicyExceptionLabel(report reportsv1.ReportInterface, exception kyvernov2.PolicyException) {
|
||||
|
|
|
|||
|
|
@ -179,9 +179,10 @@ func addPodSecurityProperties(pss *engineapi.PodSecurityChecks, result *policyre
|
|||
|
||||
func EngineResponseToReportResults(response engineapi.EngineResponse) []policyreportv1alpha2.PolicyReportResult {
|
||||
pol := response.Policy()
|
||||
policyName, _ := cache.MetaNamespaceKeyFunc(pol.AsKyvernoPolicy())
|
||||
polMeta := pol.MetaObject()
|
||||
policyName, _ := cache.MetaNamespaceKeyFunc(polMeta)
|
||||
policyType := pol.GetType()
|
||||
annotations := pol.GetAnnotations()
|
||||
annotations := polMeta.GetAnnotations()
|
||||
|
||||
results := make([]policyreportv1alpha2.PolicyReportResult, 0, len(response.PolicyResponse.Rules))
|
||||
for _, ruleResult := range response.PolicyResponse.Rules {
|
||||
|
|
@ -194,9 +195,10 @@ func EngineResponseToReportResults(response engineapi.EngineResponse) []policyre
|
|||
|
||||
func MutationEngineResponseToReportResults(response engineapi.EngineResponse) []policyreportv1alpha2.PolicyReportResult {
|
||||
pol := response.Policy()
|
||||
policyName, _ := cache.MetaNamespaceKeyFunc(pol.AsKyvernoPolicy())
|
||||
polMeta := pol.MetaObject()
|
||||
policyName, _ := cache.MetaNamespaceKeyFunc(polMeta)
|
||||
policyType := pol.GetType()
|
||||
annotations := pol.GetAnnotations()
|
||||
annotations := polMeta.GetAnnotations()
|
||||
|
||||
results := make([]policyreportv1alpha2.PolicyReportResult, 0, len(response.PolicyResponse.Rules))
|
||||
for _, ruleResult := range response.PolicyResponse.Rules {
|
||||
|
|
@ -212,9 +214,10 @@ func MutationEngineResponseToReportResults(response engineapi.EngineResponse) []
|
|||
|
||||
func GenerationEngineResponseToReportResults(response engineapi.EngineResponse) []policyreportv1alpha2.PolicyReportResult {
|
||||
pol := response.Policy()
|
||||
policyName, _ := cache.MetaNamespaceKeyFunc(pol.AsKyvernoPolicy())
|
||||
polMeta := pol.MetaObject()
|
||||
policyName, _ := cache.MetaNamespaceKeyFunc(polMeta)
|
||||
policyType := pol.GetType()
|
||||
annotations := pol.GetAnnotations()
|
||||
annotations := polMeta.GetAnnotations()
|
||||
|
||||
results := make([]policyreportv1alpha2.PolicyReportResult, 0, len(response.PolicyResponse.Rules))
|
||||
for _, ruleResult := range response.PolicyResponse.Rules {
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ func SelectorPolicyExists(policy engineapi.GenericPolicy) (labels.Selector, erro
|
|||
|
||||
func SelectorPolicyNotEquals(policy engineapi.GenericPolicy) (labels.Selector, error) {
|
||||
selector := labels.Everything()
|
||||
requirement, err := labels.NewRequirement(PolicyLabel(policy), selection.NotEquals, []string{policy.GetResourceVersion()})
|
||||
requirement, err := labels.NewRequirement(PolicyLabel(policy), selection.NotEquals, []string{policy.MetaObject().GetResourceVersion()})
|
||||
if err == nil {
|
||||
selector = selector.Add(*requirement)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -341,11 +341,11 @@ func mergeEngineResponses(auditResponses, enforceResponses []engineapi.EngineRes
|
|||
var responses []engineapi.EngineResponse
|
||||
|
||||
for _, enforceResponse := range enforceResponses {
|
||||
responseMap[enforceResponse.Policy().GetName()] = enforceResponse
|
||||
responseMap[enforceResponse.Policy().MetaObject().GetName()] = enforceResponse
|
||||
}
|
||||
|
||||
for _, auditResponse := range auditResponses {
|
||||
policyName := auditResponse.Policy().GetName()
|
||||
policyName := auditResponse.Policy().MetaObject().GetName()
|
||||
if enforceResponse, exists := responseMap[policyName]; exists {
|
||||
response := auditResponse
|
||||
for _, ruleResponse := range enforceResponse.PolicyResponse.Rules {
|
||||
|
|
|
|||
|
|
@ -72,10 +72,10 @@ func applyUpdateRequest(
|
|||
|
||||
func transform(admissionRequestInfo kyvernov2.AdmissionRequestInfoObject, userRequestInfo kyvernov2.RequestInfo, er *engineapi.EngineResponse, ruleType kyvernov2.RequestType) (urs []kyvernov2.UpdateRequestSpec) {
|
||||
var PolicyNameNamespaceKey string
|
||||
if er.Policy().GetNamespace() != "" {
|
||||
PolicyNameNamespaceKey = er.Policy().GetNamespace() + "/" + er.Policy().GetName()
|
||||
if er.Policy().MetaObject().GetNamespace() != "" {
|
||||
PolicyNameNamespaceKey = er.Policy().MetaObject().GetNamespace() + "/" + er.Policy().MetaObject().GetName()
|
||||
} else {
|
||||
PolicyNameNamespaceKey = er.Policy().GetName()
|
||||
PolicyNameNamespaceKey = er.Policy().MetaObject().GetName()
|
||||
}
|
||||
|
||||
for _, rule := range er.PolicyResponse.Rules {
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func getAction(hasViolations bool, i int) string {
|
|||
func BlockRequest(engineResponses []engineapi.EngineResponse, failurePolicy kyvernov1.FailurePolicyType, log logr.Logger) bool {
|
||||
for _, er := range engineResponses {
|
||||
if engineutils.BlockRequest(er, failurePolicy) {
|
||||
log.V(2).Info("blocking admission request", "policy", er.Policy().GetName())
|
||||
log.V(2).Info("blocking admission request", "policy", er.Policy().MetaObject().GetName())
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
@ -48,7 +48,7 @@ func GetBlockedMessages(engineResponses []engineapi.EngineResponse) string {
|
|||
}
|
||||
}
|
||||
if len(ruleToReason) != 0 {
|
||||
failures[er.Policy().GetName()] = ruleToReason
|
||||
failures[er.Policy().MetaObject().GetName()] = ruleToReason
|
||||
}
|
||||
}
|
||||
if len(failures) == 0 {
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ func GetErrorMsg(engineReponses []engineapi.EngineResponse) string {
|
|||
if !er.IsSuccessful() {
|
||||
// resource in engineReponses is identical as this was called per admission request
|
||||
resourceInfo = fmt.Sprintf("%s/%s/%s", er.Resource.GetKind(), er.Resource.GetNamespace(), er.Resource.GetName())
|
||||
str = append(str, fmt.Sprintf("failed policy %s:", er.Policy().GetName()))
|
||||
str = append(str, fmt.Sprintf("failed policy %s:", er.Policy().MetaObject().GetName()))
|
||||
for _, rule := range er.PolicyResponse.Rules {
|
||||
if rule.Status() != engineapi.RuleStatusPass {
|
||||
str = append(str, rule.String())
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ func GetWarningMessages(engineResponses []engineapi.EngineResponse) []string {
|
|||
for _, er := range engineResponses {
|
||||
for _, rule := range er.PolicyResponse.Rules {
|
||||
if rule.EmitWarning() || (er.EmitsWarning() && rule.Status() != engineapi.RuleStatusSkip) {
|
||||
msg := fmt.Sprintf("policy %s.%s: %s", er.Policy().GetName(), rule.Name(), rule.Message())
|
||||
msg := fmt.Sprintf("policy %s.%s: %s", er.Policy().MetaObject().GetName(), rule.Name(), rule.Message())
|
||||
warnings = append(warnings, msg)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue