feat: log when changes happen in policies (#6601)

* feat: log when changes happen in policies Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-12-15 17:51:20 +00:00 · 2023-03-16 18:17:21 +01:00 · 2023-03-16 18:17:21 +01:00 · a60e4c038c
commit a60e4c038c
parent 818b92bf60
3 changed files with 95 additions and 0 deletions
--- a/cmd/cleanup-controller/main.go
+++ b/cmd/cleanup-controller/main.go
@ -18,6 +18,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/controllers/certmanager"
 	"github.com/kyverno/kyverno/pkg/controllers/cleanup"
+	genericloggingcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/logging"
 	genericwebhookcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/webhook"
 	"github.com/kyverno/kyverno/pkg/leaderelection"
 	"github.com/kyverno/kyverno/pkg/metrics"
@ -188,6 +189,19 @@ func main() {
 	cpolLister := kyvernoInformer.Kyverno().V2alpha1().ClusterCleanupPolicies().Lister()
 	polLister := kyvernoInformer.Kyverno().V2alpha1().CleanupPolicies().Lister()
 	nsLister := kubeInformer.Core().V1().Namespaces().Lister()
+	// log policy changes
+	genericloggingcontroller.NewController(
+		logger.WithName("cleanup-policy"),
+		"CleanupPolicy",
+		kyvernoInformer.Kyverno().V2alpha1().CleanupPolicies(),
+		genericloggingcontroller.CheckGeneration,
+	)
+	genericloggingcontroller.NewController(
+		logger.WithName("cluster-cleanup-policy"),
+		"ClusterCleanupPolicy",
+		kyvernoInformer.Kyverno().V2alpha1().ClusterCleanupPolicies(),
+		genericloggingcontroller.CheckGeneration,
+	)
 	// start informers and wait for cache sync
 	if !internal.StartInformersAndWaitForCacheSync(ctx, logger, kubeKyvernoInformer, kubeInformer, kyvernoInformer) {
 		os.Exit(1)
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@ -23,6 +23,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/controllers/certmanager"
 	configcontroller "github.com/kyverno/kyverno/pkg/controllers/config"
+	genericloggingcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/logging"
 	genericwebhookcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/webhook"
 	policymetricscontroller "github.com/kyverno/kyverno/pkg/controllers/metrics/policy"
 	openapicontroller "github.com/kyverno/kyverno/pkg/controllers/openapi"
@ -353,6 +354,19 @@ func main() {
 		kyvernoInformer.Kyverno().V1().ClusterPolicies(),
 		kyvernoInformer.Kyverno().V1().Policies(),
 	)
+	// log policy changes
+	genericloggingcontroller.NewController(
+		logger.WithName("policy"),
+		"Policy",
+		kyvernoInformer.Kyverno().V1().Policies(),
+		genericloggingcontroller.CheckGeneration,
+	)
+	genericloggingcontroller.NewController(
+		logger.WithName("cluster-policy"),
+		"ClusterPolicy",
+		kyvernoInformer.Kyverno().V1().ClusterPolicies(),
+		genericloggingcontroller.CheckGeneration,
+	)
 	runtime := runtimeutils.NewRuntime(
 		logger.WithName("runtime-checks"),
 		serverIP,
--- a/pkg/controllers/generic/logging/controller.go
+++ b/pkg/controllers/generic/logging/controller.go
@ -0,0 +1,67 @@
+package logging
+
+import (
+	"github.com/go-logr/logr"
+	controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/tools/cache"
+)
+
+type Predicate = func(metav1.Object, metav1.Object) bool
+
+func CheckVersion(old, obj metav1.Object) bool {
+	return old.GetResourceVersion() != obj.GetResourceVersion()
+}
+
+func CheckGeneration(old, obj metav1.Object) bool {
+	return old.GetGeneration() != obj.GetGeneration()
+}
+
+type controller struct {
+	logger     logr.Logger
+	predicates []Predicate
+}
+
+type informer interface {
+	Informer() cache.SharedIndexInformer
+}
+
+func NewController(logger logr.Logger, objectType string, informer informer, predicates ...Predicate) {
+	c := controller{
+		logger:     logger.WithValues("type", objectType),
+		predicates: predicates,
+	}
+	controllerutils.AddEventHandlersT(informer.Informer(), c.add, c.update, c.delete)
+}
+
+func (c *controller) add(obj metav1.Object) {
+	name, err := cache.MetaNamespaceKeyFunc(obj)
+	if err != nil {
+		c.logger.Error(err, "failed to extract name", "object", obj)
+		name = "unknown"
+	}
+	c.logger.Info("resource added", "name", name)
+}
+
+func (c *controller) update(old, obj metav1.Object) {
+	for _, predicate := range c.predicates {
+		if !predicate(old, obj) {
+			return
+		}
+	}
+	name, err := cache.MetaNamespaceKeyFunc(obj)
+	if err != nil {
+		c.logger.Error(err, "failed to extract name", "object", obj)
+		name = "unknown"
+	}
+	c.logger.Info("resource updated", "name", name)
+}
+
+func (c *controller) delete(obj metav1.Object) {
+	name, err := cache.MetaNamespaceKeyFunc(obj)
+	if err != nil {
+		c.logger.Error(err, "failed to extract name", "object", obj)
+		name = "unknown"
+	}
+	c.logger.Info("resource deleted", "name", name)
+}