refactor: policy response (#6877)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2023-04-12 18:20:42 +02:00 · 2023-04-12 18:20:42 +02:00 · b82c1bc386
commit b82c1bc386
parent 6859cdd128
7 changed files with 36 additions and 16 deletions
--- a/pkg/engine/api/engineresponse.go
+++ b/pkg/engine/api/engineresponse.go
@ -22,7 +22,7 @@ type EngineResponse struct {
 	PatchedResource unstructured.Unstructured
 	// PolicyResponse contains the engine policy response
 	PolicyResponse PolicyResponse
-	// Stats contains engine statistics
+	// stats contains engine statistics
 	stats ExecutionStats
 }

--- a/pkg/engine/api/policyresponse.go
+++ b/pkg/engine/api/policyresponse.go
@ -2,8 +2,8 @@ package api

 // PolicyResponse policy application response
 type PolicyResponse struct {
-	// Stats contains policy statistics
-	Stats PolicyStats
+	// stats contains policy statistics
+	stats PolicyStats
 	// Rules contains policy rules responses
 	Rules []RuleResponse
 }
@ -13,9 +13,9 @@ func (pr *PolicyResponse) Add(stats ExecutionStats, responses ...RuleResponse) {
 		pr.Rules = append(pr.Rules, response.WithStats(stats))
 		status := response.Status()
 		if status == RuleStatusPass || status == RuleStatusFail {
-			pr.Stats.RulesAppliedCount++
+			pr.stats.rulesAppliedCount++
 		} else if status == RuleStatusError {
-			pr.Stats.RulesErrorCount++
+			pr.stats.rulesErrorCount++
 		}
 	}
 }
@ -23,3 +23,15 @@ func (pr *PolicyResponse) Add(stats ExecutionStats, responses ...RuleResponse) {
 func NewPolicyResponse() PolicyResponse {
 	return PolicyResponse{}
 }
+
+func (pr *PolicyResponse) Stats() PolicyStats {
+	return pr.stats
+}
+
+func (pr *PolicyResponse) RulesAppliedCount() int {
+	return pr.stats.RulesAppliedCount()
+}
+
+func (pr *PolicyResponse) RulesErrorCount() int {
+	return pr.stats.RulesErrorCount()
+}
--- a/pkg/engine/api/stats.go
+++ b/pkg/engine/api/stats.go
@ -33,8 +33,16 @@ func (s ExecutionStats) ProcessingTime() time.Duration {

 // PolicyStats stores statistics for the single policy application
 type PolicyStats struct {
-	// RulesAppliedCount is the count of rules that were applied successfully
-	RulesAppliedCount int
-	// RulesErrorCount is the count of rules that with execution errors
-	RulesErrorCount int
+	// rulesAppliedCount is the count of rules that were applied successfully
+	rulesAppliedCount int
+	// rulesErrorCount is the count of rules that with execution errors
+	rulesErrorCount int
+}
+
+func (ps *PolicyStats) RulesAppliedCount() int {
+	return ps.rulesAppliedCount
+}
+
+func (ps *PolicyStats) RulesErrorCount() int {
+	return ps.rulesErrorCount
 }
--- a/pkg/engine/image_verify.go
+++ b/pkg/engine/image_verify.go
@ -54,7 +54,7 @@ func (e *engine) verifyAndPatchImages(
 		)
 		matchedResource = resource
 		resp.Add(engineapi.NewExecutionStats(startTime, time.Now()), ruleResp...)
-		if applyRules == kyvernov1.ApplyOne && resp.Stats.RulesAppliedCount > 0 {
+		if applyRules == kyvernov1.ApplyOne && resp.RulesAppliedCount() > 0 {
 			break
 		}
 	}
--- a/pkg/engine/mutation.go
+++ b/pkg/engine/mutation.go
@ -51,7 +51,7 @@ func (e *engine) mutate(
 		)
 		matchedResource = resource
 		resp.Add(engineapi.NewExecutionStats(startTime, time.Now()), ruleResp...)
-		if applyRules == kyvernov1.ApplyOne && resp.Stats.RulesAppliedCount > 0 {
+		if applyRules == kyvernov1.ApplyOne && resp.RulesAppliedCount() > 0 {
 			break
 		}
 	}
--- a/pkg/engine/validation.go
+++ b/pkg/engine/validation.go
@ -69,7 +69,7 @@ func (e *engine) validate(
 		)
 		matchedResource = resource
 		resp.Add(engineapi.NewExecutionStats(startTime, time.Now()), ruleResp...)
-		if applyRules == kyvernov1.ApplyOne && resp.Stats.RulesAppliedCount > 0 {
+		if applyRules == kyvernov1.ApplyOne && resp.RulesAppliedCount() > 0 {
 			break
 		}
 	}
--- a/pkg/webhooks/resource/validation_test.go
+++ b/pkg/webhooks/resource/validation_test.go
@ -1141,8 +1141,8 @@ func Test_RuleSelector(t *testing.T) {
 		context.TODO(),
 		ctx,
 	)
-	assert.Assert(t, resp.PolicyResponse.Stats.RulesAppliedCount == 2)
-	assert.Assert(t, resp.PolicyResponse.Stats.RulesErrorCount == 0)
+	assert.Assert(t, resp.PolicyResponse.RulesAppliedCount() == 2)
+	assert.Assert(t, resp.PolicyResponse.RulesErrorCount() == 0)

 	log := log.WithName("Test_RuleSelector")
 	blocked := webhookutils.BlockRequest([]engineapi.EngineResponse{resp}, kyvernov1.Fail, log)
@ -1154,8 +1154,8 @@ func Test_RuleSelector(t *testing.T) {
 		context.TODO(),
 		ctx,
 	)
-	assert.Assert(t, resp.PolicyResponse.Stats.RulesAppliedCount == 1)
-	assert.Assert(t, resp.PolicyResponse.Stats.RulesErrorCount == 0)
+	assert.Assert(t, resp.PolicyResponse.RulesAppliedCount() == 1)
+	assert.Assert(t, resp.PolicyResponse.RulesErrorCount() == 0)

 	blocked = webhookutils.BlockRequest([]engineapi.EngineResponse{resp}, kyvernov1.Fail, log)
 	assert.Assert(t, blocked == false)