mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
update event message (#515)
This commit is contained in:
Shivkumar Dudhani
GitHub
parent
730eca9b10
commit
a81d5c9ae7
6 changed files with 22 additions and 14 deletions
|
|
@ -21,7 +21,7 @@ const (
|
|||
|
||||
func (k MsgKey) String() string {
|
||||
return [...]string{
|
||||
"Policy violation on resource '%s'. The rule(s) '%s' failed to apply",
|
||||
"Policy violation on resource '%s'. The rule(s) '%s' not satisfied",
|
||||
"Failed to process rule '%s' of policy '%s'.",
|
||||
"Policy applied successfully on the resource '%s'",
|
||||
"Rule(s) '%s' of Policy '%s' applied successfully",
|
||||
|
|
|
|||
|
|
@ -122,7 +122,7 @@ func applyPolicyOnRaw(policy *kyverno.ClusterPolicy, rawResource []byte, gvk *me
|
|||
for _, r := range engineResponse.PolicyResponse.Rules {
|
||||
glog.Warning(r.Message)
|
||||
}
|
||||
return patchedResource, fmt.Errorf("Failed to apply policy %s on resource %s/%s", policy.Name, rname, rns)
|
||||
return patchedResource, fmt.Errorf("policy %s on resource %s/%s not satisfied", policy.Name, rname, rns)
|
||||
} else if len(engineResponse.PolicyResponse.Rules) > 0 {
|
||||
glog.Infof("Validation from policy %s has applied succesfully to %s %s/%s", policy.Name, gvk.Kind, rname, rns)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ func generateEventsPerEr(er engine.EngineResponse) []event.Info {
|
|||
e.Namespace = "" // event generate on namespace resource
|
||||
e.Name = er.PolicyResponse.Resource.Name
|
||||
e.Reason = "Failure"
|
||||
e.Message = fmt.Sprintf("policy '%s' (%s) rule '%s' failed to apply. %v", er.PolicyResponse.Policy, rule.Type, rule.Name, rule.Message)
|
||||
e.Message = fmt.Sprintf("policy '%s' (%s) rule '%s' not satisfied. %v", er.PolicyResponse.Policy, rule.Type, rule.Name, rule.Message)
|
||||
eventInfos = append(eventInfos, e)
|
||||
}
|
||||
if er.IsSuccesful() {
|
||||
|
|
@ -102,6 +102,6 @@ func generateEventsPerEr(er engine.EngineResponse) []event.Info {
|
|||
e.Namespace = ""
|
||||
e.Name = er.PolicyResponse.Policy
|
||||
e.Reason = "Failure"
|
||||
e.Message = fmt.Sprintf("failed to apply policy '%s' rules '%v' on resource '%s/%s/%s'", er.PolicyResponse.Policy, er.GetFailedRules(), er.PolicyResponse.Resource.Kind, er.PolicyResponse.Resource.Namespace, er.PolicyResponse.Resource.Name)
|
||||
e.Message = fmt.Sprintf("policy '%s' rules '%v' on resource '%s/%s/%s' not stasified", er.PolicyResponse.Policy, er.GetFailedRules(), er.PolicyResponse.Resource.Kind, er.PolicyResponse.Resource.Namespace, er.PolicyResponse.Resource.Name)
|
||||
return eventInfos
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ import (
|
|||
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
|
||||
"github.com/nirmata/kyverno/pkg/engine"
|
||||
"github.com/nirmata/kyverno/pkg/event"
|
||||
"github.com/nirmata/kyverno/pkg/policyviolation"
|
||||
"github.com/nirmata/kyverno/pkg/policyviolation"
|
||||
)
|
||||
|
||||
// for each policy-resource response
|
||||
|
|
@ -108,8 +108,8 @@ func generateEventsPerEr(er engine.EngineResponse) []event.Info {
|
|||
e.Kind = er.PolicyResponse.Resource.Kind
|
||||
e.Namespace = er.PolicyResponse.Resource.Namespace
|
||||
e.Name = er.PolicyResponse.Resource.Name
|
||||
e.Reason = "Failure"
|
||||
e.Message = fmt.Sprintf("policy '%s' (%s) rule '%s' failed to apply. %v", er.PolicyResponse.Policy, rule.Type, rule.Name, rule.Message)
|
||||
e.Reason = event.PolicyViolation.String()
|
||||
e.Message = fmt.Sprintf("policy '%s' (%s) rule '%s' not satisfied. %v", er.PolicyResponse.Policy, rule.Type, rule.Name, rule.Message)
|
||||
eventInfos = append(eventInfos, e)
|
||||
}
|
||||
if er.IsSuccesful() {
|
||||
|
|
@ -122,8 +122,8 @@ func generateEventsPerEr(er engine.EngineResponse) []event.Info {
|
|||
e.Kind = "ClusterPolicy"
|
||||
e.Namespace = ""
|
||||
e.Name = er.PolicyResponse.Policy
|
||||
e.Reason = "Failure"
|
||||
e.Message = fmt.Sprintf("failed to apply policy '%s' rules '%v' on resource '%s/%s/%s'", er.PolicyResponse.Policy, er.GetFailedRules(), er.PolicyResponse.Resource.Kind, er.PolicyResponse.Resource.Namespace, er.PolicyResponse.Resource.Name)
|
||||
e.Reason = event.PolicyViolation.String()
|
||||
e.Message = fmt.Sprintf("policy '%s' rules '%v' not satisfied on resource '%s/%s/%s'", er.PolicyResponse.Policy, er.GetFailedRules(), er.PolicyResponse.Resource.Kind, er.PolicyResponse.Resource.Namespace, er.PolicyResponse.Resource.Name)
|
||||
eventInfos = append(eventInfos, e)
|
||||
return eventInfos
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,6 +21,11 @@ func generateEvents(engineResponses []engine.EngineResponse, onUpdate bool) []ev
|
|||
// dont create events on success
|
||||
continue
|
||||
}
|
||||
// default behavior is audit
|
||||
reason := event.PolicyViolation
|
||||
if er.PolicyResponse.ValidationFailureAction == Enforce {
|
||||
reason = event.RequestBlocked
|
||||
}
|
||||
failedRules := er.GetFailedRules()
|
||||
filedRulesStr := strings.Join(failedRules, ";")
|
||||
if onUpdate {
|
||||
|
|
@ -32,7 +37,7 @@ func generateEvents(engineResponses []engine.EngineResponse, onUpdate bool) []ev
|
|||
er.PolicyResponse.Resource.APIVersion,
|
||||
er.PolicyResponse.Resource.Namespace,
|
||||
er.PolicyResponse.Resource.Name,
|
||||
event.RequestBlocked.String(),
|
||||
reason.String(),
|
||||
event.FPolicyApplyBlockUpdate,
|
||||
filedRulesStr,
|
||||
er.PolicyResponse.Policy,
|
||||
|
|
@ -46,7 +51,7 @@ func generateEvents(engineResponses []engine.EngineResponse, onUpdate bool) []ev
|
|||
kyverno.SchemeGroupVersion.String(),
|
||||
"",
|
||||
er.PolicyResponse.Policy,
|
||||
event.RequestBlocked.String(),
|
||||
reason.String(),
|
||||
event.FPolicyBlockResourceUpdate,
|
||||
er.PolicyResponse.Resource.Namespace+"/"+er.PolicyResponse.Resource.Name,
|
||||
filedRulesStr,
|
||||
|
|
|
|||
|
|
@ -88,9 +88,6 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, pol
|
|||
glog.V(4).Infof("eval: %v %s/%s/%s ", time.Since(evalTime), request.Kind, request.Namespace, request.Name)
|
||||
// report time
|
||||
reportTime := time.Now()
|
||||
// ADD EVENTS
|
||||
events := generateEvents(engineResponses, (request.Operation == v1beta1.Update))
|
||||
ws.eventGen.Add(events...)
|
||||
|
||||
// If Validation fails then reject the request
|
||||
// violations are created with resource owner(if exist) on "enforce"
|
||||
|
|
@ -102,6 +99,9 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, pol
|
|||
glog.V(4).Infof("resource %s/%s/%s is blocked\n", newR.GetKind(), newR.GetNamespace(), newR.GetName())
|
||||
pvInfos := generatePV(engineResponses, true)
|
||||
ws.pvGenerator.Add(pvInfos...)
|
||||
// ADD EVENTS
|
||||
events := generateEvents(engineResponses, (request.Operation == v1beta1.Update))
|
||||
ws.eventGen.Add(events...)
|
||||
sendStat(true)
|
||||
return false, getErrorMsg(engineResponses)
|
||||
}
|
||||
|
|
@ -110,6 +110,9 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, pol
|
|||
|
||||
pvInfos := generatePV(engineResponses, blocked)
|
||||
ws.pvGenerator.Add(pvInfos...)
|
||||
// ADD EVENTS
|
||||
events := generateEvents(engineResponses, (request.Operation == v1beta1.Update))
|
||||
ws.eventGen.Add(events...)
|
||||
sendStat(false)
|
||||
// report time end
|
||||
glog.V(4).Infof("report: %v %s/%s/%s", time.Since(reportTime), request.Kind, request.Namespace, request.Name)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue