bug: print failure message when rule fails in kyverno apply (#9166)

* bug: print failure message when rule fails in kyverno apply Signed-off-by: Chandan-DK <chandandk468@gmail.com> * print the policy and failing resource just once Signed-off-by: Chandan-DK <chandandk468@gmail.com> * remove unused argument resPath in addGenerateResponse method Signed-off-by: Chandan-DK <chandandk468@gmail.com> * remove print statement for error rule status Signed-off-by: Chandan-DK <chandandk468@gmail.com> * add missing print statements for mutation in kyverno cli Signed-off-by: Chandan-DK <chandandk468@gmail.com> * remove unused import Signed-off-by: Chandan-DK <chandandk468@gmail.com> * remove violation print statements for validations Signed-off-by: Chandan-DK <chandandk468@gmail.com> * print failed validations Signed-off-by: Chandan-DK <chandandk468@gmail.com> * TODO Signed-off-by: Chandan-DK <chandandk468@gmail.com> * move printing logic of mutate rules to command.go Signed-off-by: Chandan-DK <chandandk468@gmail.com> --------- Signed-off-by: Chandan-DK <chandandk468@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-12-14 11:57:48 +00:00 · 2024-09-09 19:14:38 +05:30 · 2024-09-09 19:14:38 +05:30 · e13de2016b
commit e13de2016b
parent d5dcd4611d
1 changed files with 31 additions and 0 deletions
--- a/cmd/cli/kubectl-kyverno/commands/apply/command.go
+++ b/cmd/cli/kubectl-kyverno/commands/apply/command.go
@ -94,6 +94,37 @@ func Command() *cobra.Command {
 			} else if table {
 				printTable(out, detailedResults, applyCommandConfig.AuditWarn, responses...)
 			} else {
+				for _, response := range responses {
+					var failedRules []engineapi.RuleResponse
+					resPath := fmt.Sprintf("%s/%s/%s", response.Resource.GetNamespace(), response.Resource.GetKind(), response.Resource.GetName())
+					for _, rule := range response.PolicyResponse.Rules {
+						if rule.Status() == engineapi.RuleStatusFail {
+							failedRules = append(failedRules, rule)
+						}
+						if rule.RuleType() == engineapi.Mutation {
+							if rule.Status() == engineapi.RuleStatusSkip {
+								fmt.Fprintln(out, "\nskipped mutate policy", response.Policy().GetName(), "->", "resource", resPath)
+							} else if rule.Status() == engineapi.RuleStatusError {
+								fmt.Fprintln(out, "\nerror while applying mutate policy", response.Policy().GetName(), "->", "resource", resPath, "\nerror: ", rule.Message())
+							}
+						}
+					}
+					if len(failedRules) > 0 {
+						auditWarn := false
+						if applyCommandConfig.AuditWarn && response.GetValidationFailureAction().Audit() {
+							auditWarn = true
+						}
+						if auditWarn {
+							fmt.Fprintln(out, "policy", response.Policy().GetName(), "->", "resource", resPath, "failed as audit warning:")
+						} else {
+							fmt.Fprintln(out, "policy", response.Policy().GetName(), "->", "resource", resPath, "failed:")
+						}
+						for i, rule := range failedRules {
+							fmt.Fprintln(out, i+1, "-", rule.Name(), rule.Message())
+						}
+						fmt.Fprintln(out, "")
+					}
+				}
 				printViolations(out, rc)
 			}
 			return exit(out, rc, applyCommandConfig.warnExitCode, applyCommandConfig.warnNoPassed)