mirror of
https://github.com/kyverno/kyverno.git
synced 2025-01-20 18:52:16 +00:00
Print generate output cli (#11634)
* refactor: Configure the policy processor to print generated resources Refactor printMutatedOutput to printOutput which prints mutate or generate resources to a file or standard output Introduce processGenerateResponse which extracts generated resources from the policy response and passes them to printOutput Signed-off-by: aerosouund <aerosound161@gmail.com> * chore: Update flag description to specify mutated and generated resources Signed-off-by: aerosouund <aerosound161@gmail.com> * chore: Run codegen Signed-off-by: aerosouund <aerosound161@gmail.com> --------- Signed-off-by: aerosouund <aerosound161@gmail.com>
This commit is contained in:
parent
88306bb8cf
commit
d100202d22
3 changed files with 52 additions and 31 deletions
|
@ -135,7 +135,7 @@ func Command() *cobra.Command {
|
|||
cmd.Flags().StringSliceVarP(&applyCommandConfig.ResourcePaths, "resource", "r", []string{}, "Path to resource files")
|
||||
cmd.Flags().StringSliceVarP(&applyCommandConfig.ResourcePaths, "resources", "", []string{}, "Path to resource files")
|
||||
cmd.Flags().BoolVarP(&applyCommandConfig.Cluster, "cluster", "c", false, "Checks if policies should be applied to cluster in the current context")
|
||||
cmd.Flags().StringVarP(&applyCommandConfig.MutateLogPath, "output", "o", "", "Prints the mutated resources in provided file/directory")
|
||||
cmd.Flags().StringVarP(&applyCommandConfig.MutateLogPath, "output", "o", "", "Prints the mutated/generated resources in provided file/directory")
|
||||
// currently `set` flag supports variable for single policy applied on single resource
|
||||
cmd.Flags().StringVarP(&applyCommandConfig.UserInfoPath, "userinfo", "u", "", "Admission Info including Roles, Cluster Roles and Subjects")
|
||||
cmd.Flags().StringSliceVarP(&applyCommandConfig.Variables, "set", "s", nil, "Variables that are required")
|
||||
|
|
|
@ -203,6 +203,9 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
|
|||
} else {
|
||||
generateResponse.PolicyResponse.Rules = newRuleResponse
|
||||
}
|
||||
if err := p.processGenerateResponse(generateResponse, resPath); err != nil {
|
||||
return responses, err
|
||||
}
|
||||
responses = append(responses, generateResponse)
|
||||
}
|
||||
p.Rc.addGenerateResponse(generateResponse)
|
||||
|
@ -342,37 +345,61 @@ func (p *PolicyProcessor) makePolicyContext(
|
|||
return policyContext, nil
|
||||
}
|
||||
|
||||
func (p *PolicyProcessor) processGenerateResponse(response engineapi.EngineResponse, resourcePath string) error {
|
||||
generatedResources := []*unstructured.Unstructured{}
|
||||
for _, rule := range response.PolicyResponse.Rules {
|
||||
gen := rule.GeneratedResources()
|
||||
generatedResources = append(generatedResources, gen...)
|
||||
}
|
||||
for _, r := range generatedResources {
|
||||
err := p.printOutput(r.Object, response, resourcePath, true)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to print generate result (%w)", err)
|
||||
}
|
||||
fmt.Fprintf(p.Out, "\n\nGenerate:\nGeneration completed successfully.")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *PolicyProcessor) processMutateEngineResponse(response engineapi.EngineResponse, resourcePath string) error {
|
||||
printMutatedRes := p.Rc.addMutateResponse(response)
|
||||
if printMutatedRes && p.PrintPatchResource {
|
||||
yamlEncodedResource, err := yamlv2.Marshal(response.PatchedResource.Object)
|
||||
p.Rc.addMutateResponse(response)
|
||||
err := p.printOutput(response.PatchedResource.Object, response, resourcePath, false)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to print mutated result (%w)", err)
|
||||
}
|
||||
fmt.Fprintf(p.Out, "\n\nMutation:\nMutation has been applied successfully.")
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *PolicyProcessor) printOutput(resource interface{}, response engineapi.EngineResponse, resourcePath string, isGenerate bool) error {
|
||||
yamlEncodedResource, err := yamlv2.Marshal(resource)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to marshal (%w)", err)
|
||||
}
|
||||
|
||||
if p.MutateLogPath == "" {
|
||||
mutatedResource := string(yamlEncodedResource) + string("\n---")
|
||||
if len(strings.TrimSpace(mutatedResource)) > 0 {
|
||||
resource := string(yamlEncodedResource) + string("\n---")
|
||||
if len(strings.TrimSpace(resource)) > 0 {
|
||||
if !p.Stdin {
|
||||
fmt.Fprintf(p.Out, "\nmutate policy %s applied to %s:", response.Policy().GetName(), resourcePath)
|
||||
}
|
||||
fmt.Fprintf(p.Out, "\n"+mutatedResource+"\n") //nolint:govet
|
||||
}
|
||||
} else {
|
||||
err := p.printMutatedOutput(string(yamlEncodedResource))
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to print mutated result (%w)", err)
|
||||
}
|
||||
fmt.Fprintf(p.Out, "\n\nMutation:\nMutation has been applied successfully. Check the files.")
|
||||
fmt.Fprintf(p.Out, "\npolicy %s applied to %s:", response.Policy().GetName(), resourcePath)
|
||||
}
|
||||
fmt.Fprintf(p.Out, "\n"+resource+"\n") //nolint:govet
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func (p *PolicyProcessor) printMutatedOutput(yaml string) error {
|
||||
var file *os.File
|
||||
mutateLogPath := filepath.Clean(p.MutateLogPath)
|
||||
filename := p.Resource.GetName() + "-mutated"
|
||||
if isGenerate {
|
||||
filename = response.Policy().GetName() + "-generated"
|
||||
}
|
||||
|
||||
file, err = os.OpenFile(filepath.Join(mutateLogPath, filename+".yaml"), os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o600) // #nosec G304
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if !p.MutateLogPathIsDir {
|
||||
// truncation for the case when mutateLogPath is a file (not a directory) is handled under pkg/kyverno/apply/test_command.go
|
||||
f, err := os.OpenFile(mutateLogPath, os.O_APPEND|os.O_WRONLY, 0o600) // #nosec G304
|
||||
|
@ -380,14 +407,8 @@ func (p *PolicyProcessor) printMutatedOutput(yaml string) error {
|
|||
return err
|
||||
}
|
||||
file = f
|
||||
} else {
|
||||
f, err := os.OpenFile(filepath.Join(mutateLogPath, filename+".yaml"), os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o600) // #nosec G304
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
file = f
|
||||
}
|
||||
if _, err := file.Write([]byte(yaml + "\n---\n\n")); err != nil {
|
||||
if _, err := file.Write([]byte(string(yamlEncodedResource) + "\n---\n\n")); err != nil {
|
||||
if err := file.Close(); err != nil {
|
||||
log.Log.Error(err, "failed to close file")
|
||||
}
|
||||
|
|
|
@ -51,7 +51,7 @@ kyverno apply [flags]
|
|||
-h, --help help for apply
|
||||
--kubeconfig string path to kubeconfig file with authorization and master location information
|
||||
-n, --namespace string Optional Policy parameter passed with cluster flag
|
||||
-o, --output string Prints the mutated resources in provided file/directory
|
||||
-o, --output string Prints the mutated/generated resources in provided file/directory
|
||||
-p, --policy-report Generates policy report when passed (default policyviolation)
|
||||
--registry If set to true, access the image registry using local docker credentials to populate external data
|
||||
--remove-color Remove any color from output
|
||||
|
|
Loading…
Add table
Reference in a new issue