From e13de2016b8928c30c053ac71da0cc26eb1d182c Mon Sep 17 00:00:00 2001
From: Chandan-DK <chandandk468@gmail.com>
Date: Mon, 9 Sep 2024 19:14:38 +0530
Subject: [PATCH] bug: print failure message when rule fails in kyverno apply
 (#9166)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* bug: print failure message when rule fails in kyverno apply

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* print the policy and failing resource just once

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* remove unused argument resPath in addGenerateResponse method

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* remove print statement for error rule status

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* add missing print statements for mutation in kyverno cli

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* remove unused import

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* remove violation print statements for validations

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* print failed validations

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* TODO

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* move printing logic of mutate rules to command.go

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

---------

Signed-off-by: Chandan-DK <chandandk468@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 .../kubectl-kyverno/commands/apply/command.go | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/cmd/cli/kubectl-kyverno/commands/apply/command.go b/cmd/cli/kubectl-kyverno/commands/apply/command.go
index 6ae2a06d65..590a8a682b 100644
--- a/cmd/cli/kubectl-kyverno/commands/apply/command.go
+++ b/cmd/cli/kubectl-kyverno/commands/apply/command.go
@@ -94,6 +94,37 @@ func Command() *cobra.Command {
 			} else if table {
 				printTable(out, detailedResults, applyCommandConfig.AuditWarn, responses...)
 			} else {
+				for _, response := range responses {
+					var failedRules []engineapi.RuleResponse
+					resPath := fmt.Sprintf("%s/%s/%s", response.Resource.GetNamespace(), response.Resource.GetKind(), response.Resource.GetName())
+					for _, rule := range response.PolicyResponse.Rules {
+						if rule.Status() == engineapi.RuleStatusFail {
+							failedRules = append(failedRules, rule)
+						}
+						if rule.RuleType() == engineapi.Mutation {
+							if rule.Status() == engineapi.RuleStatusSkip {
+								fmt.Fprintln(out, "\nskipped mutate policy", response.Policy().GetName(), "->", "resource", resPath)
+							} else if rule.Status() == engineapi.RuleStatusError {
+								fmt.Fprintln(out, "\nerror while applying mutate policy", response.Policy().GetName(), "->", "resource", resPath, "\nerror: ", rule.Message())
+							}
+						}
+					}
+					if len(failedRules) > 0 {
+						auditWarn := false
+						if applyCommandConfig.AuditWarn && response.GetValidationFailureAction().Audit() {
+							auditWarn = true
+						}
+						if auditWarn {
+							fmt.Fprintln(out, "policy", response.Policy().GetName(), "->", "resource", resPath, "failed as audit warning:")
+						} else {
+							fmt.Fprintln(out, "policy", response.Policy().GetName(), "->", "resource", resPath, "failed:")
+						}
+						for i, rule := range failedRules {
+							fmt.Fprintln(out, i+1, "-", rule.Name(), rule.Message())
+						}
+						fmt.Fprintln(out, "")
+					}
+				}
 				printViolations(out, rc)
 			}
 			return exit(out, rc, applyCommandConfig.warnExitCode, applyCommandConfig.warnNoPassed)