diff --git a/controller/controller.go b/controller/controller.go index 496f745314..3145b07785 100644 --- a/controller/controller.go +++ b/controller/controller.go @@ -204,3 +204,8 @@ func (c *policyController) getPolicyInterface(namespace string) lister.PolicyNam func (c *policyController) PatchPolicy(policy string, pt mergetypes.PatchType, data []byte) (*types.Policy, error) { return c.policiesInterface.Patch(policy, pt, data) } + +func (c *policyController) UpdatePolicyViolations(updatedPolicy *types.Policy) error { + _, err := c.policiesInterface.UpdateStatus(updatedPolicy) + return err +} diff --git a/controller/internalinterfaces/controller_interfaces.go b/controller/internalinterfaces/controller_interfaces.go index 791dae6ea5..2352077394 100755 --- a/controller/internalinterfaces/controller_interfaces.go +++ b/controller/internalinterfaces/controller_interfaces.go @@ -12,6 +12,7 @@ type PolicyGetter interface { GetPolicy(name string) (*policytypes.Policy, error) GetCacheInformerSync() cache.InformerSynced PatchPolicy(policy string, pt types.PatchType, data []byte) (*policytypes.Policy, error) + UpdatePolicyViolations(updatedPolicy *policytypes.Policy) error Run(stopCh <-chan struct{}) LogPolicyError(name, text string) LogPolicyInfo(name, text string) diff --git a/pkg/apis/policy/v1alpha1/types.go b/pkg/apis/policy/v1alpha1/types.go index 97e2214d52..18dd87909c 100644 --- a/pkg/apis/policy/v1alpha1/types.go +++ b/pkg/apis/policy/v1alpha1/types.go @@ -12,20 +12,8 @@ import ( type Policy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec PolicySpec `json:"spec"` - Status PolicyStatus `json:"status"` - PolicyViolation PolicyViolations `json:"policyviolation,omitempty"` -} - -type PolicyViolations struct { - Violations []Violation `json:"violations,omitempty"` -} -type Violation struct { - Kind string `json:"kind,omitempty"` - Resource string `json:"resource,omitempty"` - Rule string `json:"rule,omitempty"` - Reason string `json:"reason,omitempty"` - Message string `json:"message,omitempty` + Spec PolicySpec `json:"spec"` + Status PolicyStatus `json:"status"` } // Specification of the Policy. @@ -86,7 +74,8 @@ type PolicyCopyFrom struct { // Contains logs about policy application type PolicyStatus struct { - Logs []string `json:"log"` + Logs []string `json:"log"` + Violations []Violation `json:"violations,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -97,3 +86,12 @@ type PolicyList struct { metav1.ListMeta `json:"metadata"` Items []Policy `json:"items"` } + +// Violation for the policy +type Violation struct { + Kind string `json:"kind,omitempty"` + Resource string `json:"resource,omitempty"` + Rule string `json:"rule,omitempty"` + Reason string `json:"reason,omitempty"` + Message string `json:"message,omitempty` +} diff --git a/pkg/violation/builder.go b/pkg/violation/builder.go index abeaf9a6b9..09ae07c4e0 100644 --- a/pkg/violation/builder.go +++ b/pkg/violation/builder.go @@ -75,7 +75,8 @@ func (b *builder) ProcessViolation(info utils.ViolationInfo) error { Reason: info.Reason, Message: info.Message, } - for _, violation := range modifiedPolicy.PolicyViolation.Violations { + + for _, violation := range modifiedPolicy.Status.Violations { ok, err := b.IsActive(info.Kind, violation.Resource) if err != nil { utilruntime.HandleError(err) @@ -98,9 +99,10 @@ func (b *builder) ProcessViolation(info utils.ViolationInfo) error { } modifiedViolations = append(modifiedViolations, newViolation) - modifiedPolicy.PolicyViolation.Violations = modifiedViolations - return b.Patch(policy, modifiedPolicy) - + modifiedPolicy.Status.Violations = modifiedViolations + // return b.Patch(policy, modifiedPolicy) + // Violations are part of the status sub resource, so we can use the Update Status api instead of updating the policy object + return b.controller.UpdatePolicyViolations(modifiedPolicy) } func (b *builder) IsActive(kind string, resource string) (bool, error) {