mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
initial commit
This commit is contained in:
shivkumar dudhani
parent
2192703df1
commit
8b1066be29
5 changed files with 64 additions and 2 deletions
|
|
@ -3,6 +3,7 @@ package engine
|
|||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
|
||||
|
|
@ -15,6 +16,20 @@ import (
|
|||
|
||||
//Generate apply generation rules on a resource
|
||||
func Generate(client *client.Client, policy kyverno.Policy, ns unstructured.Unstructured) []info.RuleInfo {
|
||||
var executionTime time.Duration
|
||||
var rulesAppliedCount int
|
||||
startTime := time.Now()
|
||||
glog.V(4).Infof("started applying generation rules of policy %q (%v)", policy.Name, startTime)
|
||||
defer func() {
|
||||
executionTime = time.Since(startTime)
|
||||
glog.V(4).Infof("Finished applying generation rules policy %q (%v)", policy.Name, executionTime)
|
||||
glog.V(4).Infof("Generation Rules appplied succesfully count %q for policy %q", rulesAppliedCount, policy.Name)
|
||||
}()
|
||||
succesfulRuleCount := func() {
|
||||
// rules applied succesfully count
|
||||
rulesAppliedCount++
|
||||
}
|
||||
|
||||
ris := []info.RuleInfo{}
|
||||
for _, rule := range policy.Spec.Rules {
|
||||
if rule.Generation == (kyverno.Generation{}) {
|
||||
|
|
@ -30,6 +45,7 @@ func Generate(client *client.Client, policy kyverno.Policy, ns unstructured.Unst
|
|||
} else {
|
||||
ri.Addf("Generation succesfully.", rule.Name)
|
||||
glog.Infof("succesfully applied policy %s rule %s on resource %s/%s/%s", policy.Name, rule.Name, ns.GetKind(), ns.GetNamespace(), ns.GetName())
|
||||
succesfulRuleCount()
|
||||
}
|
||||
ris = append(ris, ri)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package engine
|
|||
|
||||
import (
|
||||
"reflect"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
|
||||
|
|
@ -12,6 +13,20 @@ import (
|
|||
// Mutate performs mutation. Overlay first and then mutation patches
|
||||
//TODO: check if gvk needs to be passed or can be set in resource
|
||||
func Mutate(policy kyverno.Policy, resource unstructured.Unstructured) ([][]byte, []info.RuleInfo) {
|
||||
var executionTime time.Duration
|
||||
var rulesAppliedCount int
|
||||
startTime := time.Now()
|
||||
glog.V(4).Infof("started applying mutation rules of policy %q (%v)", policy.Name, startTime)
|
||||
defer func() {
|
||||
executionTime = time.Since(startTime)
|
||||
glog.V(4).Infof("Finished applying mutation rules policy %q (%v)", policy.Name, executionTime)
|
||||
glog.V(4).Infof("Mutation Rules appplied succesfully count %q for policy %q", rulesAppliedCount, policy.Name)
|
||||
}()
|
||||
succesfulRuleCount := func() {
|
||||
// rules applied succesfully count
|
||||
rulesAppliedCount++
|
||||
}
|
||||
|
||||
//TODO: convert rawResource to unstructured to avoid unmarhalling all the time for get some resource information
|
||||
var patches [][]byte
|
||||
var ruleInfos []info.RuleInfo
|
||||
|
|
@ -46,12 +61,12 @@ func Mutate(policy kyverno.Policy, resource unstructured.Unstructured) ([][]byte
|
|||
|
||||
glog.V(4).Infof("overlay applied succesfully on resource %s/%s", resource.GetNamespace(), resource.GetName())
|
||||
ruleInfo.Add("Overlay succesfully applied")
|
||||
|
||||
// update rule information
|
||||
// strip slashes from string
|
||||
patch := JoinPatches(oPatches)
|
||||
ruleInfo.Changes = string(patch)
|
||||
patches = append(patches, oPatches...)
|
||||
succesfulRuleCount()
|
||||
} else {
|
||||
glog.V(4).Infof("failed to apply overlay: %v", err)
|
||||
ruleInfo.Fail()
|
||||
|
|
@ -72,6 +87,7 @@ func Mutate(policy kyverno.Policy, resource unstructured.Unstructured) ([][]byte
|
|||
glog.V(4).Infof("patches applied succesfully on resource %s/%s", resource.GetNamespace(), resource.GetName())
|
||||
ruleInfo.Addf("Patches succesfully applied.")
|
||||
patches = append(patches, jsonPatches...)
|
||||
succesfulRuleCount()
|
||||
}
|
||||
}
|
||||
ruleInfos = append(ruleInfos, ruleInfo)
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import (
|
|||
"reflect"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
|
||||
|
|
@ -18,6 +19,20 @@ import (
|
|||
// Validate handles validating admission request
|
||||
// Checks the target resources for rules defined in the policy
|
||||
func Validate(policy kyverno.Policy, resource unstructured.Unstructured) ([]info.RuleInfo, error) {
|
||||
var executionTime time.Duration
|
||||
var rulesAppliedCount int
|
||||
startTime := time.Now()
|
||||
glog.V(4).Infof("started applying validation rules of policy %q (%v)", policy.Name, startTime)
|
||||
defer func() {
|
||||
executionTime = time.Since(startTime)
|
||||
glog.V(4).Infof("Finished applying validation rules policy %q (%v)", policy.Name, executionTime)
|
||||
glog.V(4).Infof("Validation Rules appplied succesfully count %q for policy %q", rulesAppliedCount, policy.Name)
|
||||
}()
|
||||
succesfulRuleCount := func() {
|
||||
// rules applied succesfully count
|
||||
rulesAppliedCount++
|
||||
}
|
||||
|
||||
//TODO: convert rawResource to unstructured to avoid unmarhalling all the time for get some resource information
|
||||
//TODO: pass unstructured instead of rawResource ?
|
||||
|
||||
|
|
@ -57,6 +72,7 @@ func Validate(policy kyverno.Policy, resource unstructured.Unstructured) ([]info
|
|||
} else {
|
||||
ruleInfo.Add("Pattern succesfully validated")
|
||||
glog.V(4).Infof("pattern validated succesfully on resource %s/%s", resource.GetNamespace(), resource.GetName())
|
||||
succesfulRuleCount()
|
||||
}
|
||||
ruleInfos = append(ruleInfos, ruleInfo)
|
||||
}
|
||||
|
|
|
|||
14
pkg/policy/status.go
Normal file
14
pkg/policy/status.go
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
package policy
|
||||
|
||||
import "time"
|
||||
|
||||
type PolicyStatus struct {
|
||||
// average time required to process the policy rules on a resource
|
||||
avgExecutionTime time.Duration
|
||||
// Count of rules that were applied succesfully
|
||||
rulesAppliedCount int
|
||||
// Count of resources for whom update/create api requests were blocked as the resoruce did not satisfy the policy rules
|
||||
resourcesBlockedCount int
|
||||
// Count of the resource for whom the mutation rules were applied succesfully
|
||||
resourcesMutatedCount int
|
||||
}
|
||||
|
|
@ -238,13 +238,13 @@ func (pvc *PolicyViolationController) syncActiveResource(curPv *kyverno.PolicyVi
|
|||
return err
|
||||
}
|
||||
glog.V(4).Infof("removing policy violation %s as the corresponding resource %s/%s/%s does not exist anymore", curPv.Name, rspec.Kind, rspec.Namespace, rspec.Name)
|
||||
return nil
|
||||
}
|
||||
if err != nil {
|
||||
glog.V(4).Infof("error while retrieved resource %s/%s/%s: %v", rspec.Kind, rspec.Namespace, rspec.Name, err)
|
||||
return err
|
||||
}
|
||||
//TODO- if the policy is not present, remove the policy violation
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue