mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

initial commit

Browse source
This commit is contained in:
shivkumar dudhani 2019-08-19 16:40:10 -07:00
parent 2192703df1
commit 8b1066be29
5 changed files with 64 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
pkg/engine/generation.go
View file

@ -3,6 +3,7 @@ package engine
import ( import (
"encoding/json" "encoding/json"
"errors" "errors"
"time"
"github.com/golang/glog" "github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1" kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
@ -15,6 +16,20 @@ import (
//Generate apply generation rules on a resource //Generate apply generation rules on a resource
func Generate(client *client.Client, policy kyverno.Policy, ns unstructured.Unstructured) []info.RuleInfo { func Generate(client *client.Client, policy kyverno.Policy, ns unstructured.Unstructured) []info.RuleInfo {
var executionTime time.Duration
var rulesAppliedCount int
startTime := time.Now()
glog.V(4).Infof("started applying generation rules of policy %q (%v)", policy.Name, startTime)
defer func() {
executionTime = time.Since(startTime)
glog.V(4).Infof("Finished applying generation rules policy %q (%v)", policy.Name, executionTime)
glog.V(4).Infof("Generation Rules appplied succesfully count %q for policy %q", rulesAppliedCount, policy.Name)
}()
succesfulRuleCount := func() {
// rules applied succesfully count
rulesAppliedCount++
}
ris := []info.RuleInfo{} ris := []info.RuleInfo{}
for _, rule := range policy.Spec.Rules { for _, rule := range policy.Spec.Rules {
if rule.Generation == (kyverno.Generation{}) { if rule.Generation == (kyverno.Generation{}) {
@ -30,6 +45,7 @@ func Generate(client *client.Client, policy kyverno.Policy, ns unstructured.Unst
} else { } else {
ri.Addf("Generation succesfully.", rule.Name) ri.Addf("Generation succesfully.", rule.Name)
glog.Infof("succesfully applied policy %s rule %s on resource %s/%s/%s", policy.Name, rule.Name, ns.GetKind(), ns.GetNamespace(), ns.GetName()) glog.Infof("succesfully applied policy %s rule %s on resource %s/%s/%s", policy.Name, rule.Name, ns.GetKind(), ns.GetNamespace(), ns.GetName())
succesfulRuleCount()
} }
ris = append(ris, ri) ris = append(ris, ri)
} }

18
pkg/engine/mutation.go
View file

@ -2,6 +2,7 @@ package engine
import ( import (
"reflect" "reflect"
"time"
"github.com/golang/glog" "github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1" kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
@ -12,6 +13,20 @@ import (
// Mutate performs mutation. Overlay first and then mutation patches // Mutate performs mutation. Overlay first and then mutation patches
//TODO: check if gvk needs to be passed or can be set in resource //TODO: check if gvk needs to be passed or can be set in resource
func Mutate(policy kyverno.Policy, resource unstructured.Unstructured) ([][]byte, []info.RuleInfo) { func Mutate(policy kyverno.Policy, resource unstructured.Unstructured) ([][]byte, []info.RuleInfo) {
var executionTime time.Duration
var rulesAppliedCount int
startTime := time.Now()
glog.V(4).Infof("started applying mutation rules of policy %q (%v)", policy.Name, startTime)
defer func() {
executionTime = time.Since(startTime)
glog.V(4).Infof("Finished applying mutation rules policy %q (%v)", policy.Name, executionTime)
glog.V(4).Infof("Mutation Rules appplied succesfully count %q for policy %q", rulesAppliedCount, policy.Name)
}()
succesfulRuleCount := func() {
// rules applied succesfully count
rulesAppliedCount++
}
//TODO: convert rawResource to unstructured to avoid unmarhalling all the time for get some resource information //TODO: convert rawResource to unstructured to avoid unmarhalling all the time for get some resource information
var patches [][]byte var patches [][]byte
var ruleInfos []info.RuleInfo var ruleInfos []info.RuleInfo
@ -46,12 +61,12 @@ func Mutate(policy kyverno.Policy, resource unstructured.Unstructured) ([][]byte
glog.V(4).Infof("overlay applied succesfully on resource %s/%s", resource.GetNamespace(), resource.GetName()) glog.V(4).Infof("overlay applied succesfully on resource %s/%s", resource.GetNamespace(), resource.GetName())
ruleInfo.Add("Overlay succesfully applied") ruleInfo.Add("Overlay succesfully applied")
// update rule information // update rule information
// strip slashes from string // strip slashes from string
patch := JoinPatches(oPatches) patch := JoinPatches(oPatches)
ruleInfo.Changes = string(patch) ruleInfo.Changes = string(patch)
patches = append(patches, oPatches...) patches = append(patches, oPatches...)
succesfulRuleCount()
} else { } else {
glog.V(4).Infof("failed to apply overlay: %v", err) glog.V(4).Infof("failed to apply overlay: %v", err)
ruleInfo.Fail() ruleInfo.Fail()
@ -72,6 +87,7 @@ func Mutate(policy kyverno.Policy, resource unstructured.Unstructured) ([][]byte
glog.V(4).Infof("patches applied succesfully on resource %s/%s", resource.GetNamespace(), resource.GetName()) glog.V(4).Infof("patches applied succesfully on resource %s/%s", resource.GetNamespace(), resource.GetName())
ruleInfo.Addf("Patches succesfully applied.") ruleInfo.Addf("Patches succesfully applied.")
patches = append(patches, jsonPatches...) patches = append(patches, jsonPatches...)
succesfulRuleCount()
} }
} }
ruleInfos = append(ruleInfos, ruleInfo) ruleInfos = append(ruleInfos, ruleInfo)

16
pkg/engine/validation.go
View file

@ -8,6 +8,7 @@ import (
"reflect" "reflect"
"strconv" "strconv"
"strings" "strings"
"time"
"github.com/golang/glog" "github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1" kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
@ -18,6 +19,20 @@ import (
// Validate handles validating admission request // Validate handles validating admission request
// Checks the target resources for rules defined in the policy // Checks the target resources for rules defined in the policy
func Validate(policy kyverno.Policy, resource unstructured.Unstructured) ([]info.RuleInfo, error) { func Validate(policy kyverno.Policy, resource unstructured.Unstructured) ([]info.RuleInfo, error) {
var executionTime time.Duration
var rulesAppliedCount int
startTime := time.Now()
glog.V(4).Infof("started applying validation rules of policy %q (%v)", policy.Name, startTime)
defer func() {
executionTime = time.Since(startTime)
glog.V(4).Infof("Finished applying validation rules policy %q (%v)", policy.Name, executionTime)
glog.V(4).Infof("Validation Rules appplied succesfully count %q for policy %q", rulesAppliedCount, policy.Name)
}()
succesfulRuleCount := func() {
// rules applied succesfully count
rulesAppliedCount++
}
//TODO: convert rawResource to unstructured to avoid unmarhalling all the time for get some resource information //TODO: convert rawResource to unstructured to avoid unmarhalling all the time for get some resource information
//TODO: pass unstructured instead of rawResource ? //TODO: pass unstructured instead of rawResource ?
@ -57,6 +72,7 @@ func Validate(policy kyverno.Policy, resource unstructured.Unstructured) ([]info
} else { } else {
ruleInfo.Add("Pattern succesfully validated") ruleInfo.Add("Pattern succesfully validated")
glog.V(4).Infof("pattern validated succesfully on resource %s/%s", resource.GetNamespace(), resource.GetName()) glog.V(4).Infof("pattern validated succesfully on resource %s/%s", resource.GetNamespace(), resource.GetName())
succesfulRuleCount()
} }
ruleInfos = append(ruleInfos, ruleInfo) ruleInfos = append(ruleInfos, ruleInfo)
} }

14
pkg/policy/status.go Normal file
View file

@ -0,0 +1,14 @@
package policy
import "time"
type PolicyStatus struct {
// average time required to process the policy rules on a resource
avgExecutionTime time.Duration
// Count of rules that were applied succesfully
rulesAppliedCount int
// Count of resources for whom update/create api requests were blocked as the resoruce did not satisfy the policy rules
resourcesBlockedCount int
// Count of the resource for whom the mutation rules were applied succesfully
resourcesMutatedCount int
}

2
pkg/policyviolation/controller.go
View file

@ -238,13 +238,13 @@ func (pvc *PolicyViolationController) syncActiveResource(curPv *kyverno.PolicyVi
return err return err
} }
glog.V(4).Infof("removing policy violation %s as the corresponding resource %s/%s/%s does not exist anymore", curPv.Name, rspec.Kind, rspec.Namespace, rspec.Name) glog.V(4).Infof("removing policy violation %s as the corresponding resource %s/%s/%s does not exist anymore", curPv.Name, rspec.Kind, rspec.Namespace, rspec.Name)
return nil
} }
if err != nil { if err != nil {
glog.V(4).Infof("error while retrieved resource %s/%s/%s: %v", rspec.Kind, rspec.Namespace, rspec.Name, err) glog.V(4).Infof("error while retrieved resource %s/%s/%s: %v", rspec.Kind, rspec.Namespace, rspec.Name, err)
return err return err
} }
//TODO- if the policy is not present, remove the policy violation //TODO- if the policy is not present, remove the policy violation
return nil return nil
} }