create events on UPDATE request

2025-03-31 03:45:17 +00:00 · 2019-06-27 11:36:10 -07:00 · 2019-06-27 11:36:10 -07:00 · beb693479e
commit beb693479e
parent 1b00b35e36
3 changed files with 27 additions and 7 deletions
--- a/pkg/event/msgbuilder.go
+++ b/pkg/event/msgbuilder.go
@ -16,7 +16,7 @@ const (
 	SRulesApply
 	FPolicyApplyBlockCreate
 	FPolicyApplyBlockUpdate
-	FPolicyApplyBlockUpdateRule
+	FPolicyBlockResourceUpdate
 )

 func (k MsgKey) String() string {
@ -25,9 +25,9 @@ func (k MsgKey) String() string {
 		"Failed to process rule '%s' of policy '%s'. Created Policy Violation",
 		"Policy applied successfully on the resource '%s'",
 		"Rule(s) '%s' of Policy '%s' applied successful",
-		"Resource %s blocked by rule(s) %s",
-		"Failed to apply rule '%s' of policy '%s' Blocked update of the resource",
-		"Failed to apply policy on resource '%s'.Blocked update of the resource. The following rules '%s' failed to apply",
+		"Resource %s creation blocked by rule(s) %s",
+		"Rule(s) '%s' of policy '%s' blocked update of the resource",
+		"Resource %s update blocked by rule(s) %s",
 	}[k]
 }

--- a/pkg/webhooks/registration.go
+++ b/pkg/webhooks/registration.go
@ -202,6 +202,7 @@ func constructWebhook(name, servicePath string, caData []byte) admregapi.Webhook
 			admregapi.RuleWithOperations{
 				Operations: []admregapi.OperationType{
 					admregapi.Create,
+					admregapi.Update,
 				},
 				Rule: admregapi.Rule{
 					APIGroups: []string{
@ -230,6 +231,7 @@ func constructDebugWebhook(name, url string, caData []byte) admregapi.Webhook {
 			admregapi.RuleWithOperations{
 				Operations: []admregapi.OperationType{
 					admregapi.Create,
+					admregapi.Update,
 				},
 				Rule: admregapi.Rule{
 					APIGroups: []string{
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@ -183,7 +183,7 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) *v1be
 		policyInfos = append(policyInfos, policyInfo)
 	}

-	eventsInfo := newEventInfoFromPolicyInfo(policyInfos)
+	eventsInfo := newEventInfoFromPolicyInfo(policyInfos, (request.Operation == v1beta1.Update))
 	ws.eventController.Add(eventsInfo)

 	ok, msg := isAdmSuccesful(policyInfos)
@ -272,7 +272,7 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1
 		policyInfos = append(policyInfos, policyInfo)
 	}

-	eventsInfo := newEventInfoFromPolicyInfo(policyInfos)
+	eventsInfo := newEventInfoFromPolicyInfo(policyInfos, (request.Operation == v1beta1.Update))
 	ws.eventController.Add(eventsInfo)

 	// If Validation fails then reject the request
@ -385,10 +385,28 @@ func (ws *WebhookServer) bodyToAdmissionReview(request *http.Request, writer htt

 const policyKind = "Policy"

-func newEventInfoFromPolicyInfo(policyInfoList []*info.PolicyInfo) []*event.Info {
+func newEventInfoFromPolicyInfo(policyInfoList []*info.PolicyInfo, onUpdate bool) []*event.Info {
 	var eventsInfo []*event.Info

 	ok, msg := isAdmSuccesful(policyInfoList)
+	// create events on operation UPDATE
+	if onUpdate {
+		if !ok {
+			for _, pi := range policyInfoList {
+				ruleNames := getRuleNames(*pi, false)
+				eventsInfo = append(eventsInfo,
+					event.NewEvent(pi.RKind, pi.RNamespace, pi.RName, event.RequestBlocked, event.FPolicyApplyBlockUpdate, ruleNames, pi.Name))
+
+				eventsInfo = append(eventsInfo,
+					event.NewEvent(policyKind, "", pi.Name, event.RequestBlocked, event.FPolicyBlockResourceUpdate, pi.RName, ruleNames))
+
+				glog.V(3).Infof("Request blocked events info prepared for %s/%s and %s/%s\n", policyKind, pi.Name, pi.RKind, pi.RName)
+			}
+		}
+		return eventsInfo
+	}
+
+	// create events on operation CREATE
 	if ok {
 		for _, pi := range policyInfoList {
 			ruleNames := getRuleNames(*pi, true)