mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-15 04:07:46 +00:00
Code Activity

Exit with WARN code if no objects satisfy a policy (#6678)

Browse source 
Signed-off-by: Yurii Rochniak <yrochnyak@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
Yurii Rochniak 2023-03-27 11:18:44 +02:00 committed by GitHub
parent 6a60a3da2b
commit 86e28d2848
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
cmd/cli/kubectl-kyverno/apply/apply_command.go
View file

@ -65,6 +65,7 @@ type ApplyCommandConfig struct {
PolicyPaths []string PolicyPaths []string
GitBranch string GitBranch string
warnExitCode int warnExitCode int
warnNoPassed bool
} }
var ( var (
@ -174,7 +175,7 @@ func Command() *cobra.Command {
return err return err
} }
PrintReportOrViolation(applyCommandConfig.PolicyReport, rc, applyCommandConfig.ResourcePaths, len(resources), skipInvalidPolicies, applyCommandConfig.Stdin, pvInfos, applyCommandConfig.warnExitCode) PrintReportOrViolation(applyCommandConfig.PolicyReport, rc, applyCommandConfig.ResourcePaths, len(resources), skipInvalidPolicies, applyCommandConfig.Stdin, pvInfos, applyCommandConfig.warnExitCode, applyCommandConfig.warnNoPassed)
return nil return nil
}, },
} }
@ -194,6 +195,7 @@ func Command() *cobra.Command {
cmd.Flags().StringVarP(&applyCommandConfig.GitBranch, "git-branch", "b", "", "test git repository branch") cmd.Flags().StringVarP(&applyCommandConfig.GitBranch, "git-branch", "b", "", "test git repository branch")
cmd.Flags().BoolVarP(&applyCommandConfig.AuditWarn, "audit-warn", "", false, "If set to true, will flag audit policies as warnings instead of failures") cmd.Flags().BoolVarP(&applyCommandConfig.AuditWarn, "audit-warn", "", false, "If set to true, will flag audit policies as warnings instead of failures")
cmd.Flags().IntVar(&applyCommandConfig.warnExitCode, "warn-exit-code", 0, "Set the exit code for warnings; if failures or errors are found, will exit 1") cmd.Flags().IntVar(&applyCommandConfig.warnExitCode, "warn-exit-code", 0, "Set the exit code for warnings; if failures or errors are found, will exit 1")
cmd.Flags().BoolVarP(&applyCommandConfig.warnNoPassed, "warn-no-pass", "", false, "Specify if warning exit code should be raised if no objects satisfied a policy; can be used together with --warn-exit-code flag")
return cmd return cmd
} }
@ -465,7 +467,7 @@ func checkMutateLogPath(mutateLogPath string) (mutateLogPathIsDir bool, err erro
} }
// PrintReportOrViolation - printing policy report/violations // PrintReportOrViolation - printing policy report/violations
func PrintReportOrViolation(policyReport bool, rc *common.ResultCounts, resourcePaths []string, resourcesLen int, skipInvalidPolicies SkippedInvalidPolicies, stdin bool, pvInfos []common.Info, warnExitCode int) { func PrintReportOrViolation(policyReport bool, rc *common.ResultCounts, resourcePaths []string, resourcesLen int, skipInvalidPolicies SkippedInvalidPolicies, stdin bool, pvInfos []common.Info, warnExitCode int, warnNoPassed bool) {
divider := "----------------------------------------------------------------------" divider := "----------------------------------------------------------------------"
if len(skipInvalidPolicies.skipped) > 0 { if len(skipInvalidPolicies.skipped) > 0 {
@ -509,6 +511,8 @@ func PrintReportOrViolation(policyReport bool, rc *common.ResultCounts, resource
osExit(1) osExit(1)
} else if rc.Warn > 0 && warnExitCode != 0 { } else if rc.Warn > 0 && warnExitCode != 0 {
osExit(warnExitCode) osExit(warnExitCode)
} else if rc.Pass == 0 && warnNoPassed {
osExit(warnExitCode)
} }
} }