mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

remove policyInfo

Browse source
This commit is contained in:
shivkumar dudhani 2019-08-26 13:36:11 -07:00
parent 5b80da32ba
commit e356cf37aa
2 changed files with 65 additions and 258 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

192
pkg/info/info.go
View file

@ -1,192 +0,0 @@
package info
import (
"fmt"
"strings"
)
//PolicyInfo defines policy information
type PolicyInfo struct {
// Name is policy name
Name string
// RKind represents the resource kind
RKind string
// RName is resource name
RName string
// Namespace is the ns of resource
// empty on non-namespaced resources
RNamespace string
//TODO: add check/enum for types
ValidationFailureAction string // BlockChanges, ReportViolation
Rules []RuleInfo
success bool
}
//NewPolicyInfo returns a new policy info
func NewPolicyInfo(policyName, rKind, rName, rNamespace, validationFailureAction string) PolicyInfo {
pi := PolicyInfo{
Name: policyName,
RKind: rKind,
RName: rName,
RNamespace: rNamespace,
success: true, // fail to be set explicity
ValidationFailureAction: validationFailureAction,
}
return pi
}
//IsSuccessful checks if policy is succesful
// the policy is set to fail, if any of the rules have failed
func (pi *PolicyInfo) IsSuccessful() bool {
for _, r := range pi.Rules {
if !r.success {
pi.success = false
return false
}
}
pi.success = true
return true
}
// SuccessfulRules returns list of successful rule names
func (pi *PolicyInfo) SuccessfulRules() []string {
var rules []string
for _, r := range pi.Rules {
if r.IsSuccessful() {
rules = append(rules, r.Name)
}
}
return rules
}
// FailedRules returns list of failed rule names
func (pi *PolicyInfo) FailedRules() []string {
var rules []string
for _, r := range pi.Rules {
if !r.IsSuccessful() {
rules = append(rules, r.Name)
}
}
return rules
}
//ErrorRules returns error msgs from all rule
func (pi *PolicyInfo) ErrorRules() string {
errorMsgs := []string{}
for _, r := range pi.Rules {
if !r.IsSuccessful() {
errorMsgs = append(errorMsgs, r.ToString())
}
}
return strings.Join(errorMsgs, ";")
}
type RuleType int
const (
Mutation RuleType = iota
Validation
Generation
All
)
func (ri RuleType) String() string {
return [...]string{
"Mutation",
"Validation",
"Generation",
"All",
}[ri]
}
//RuleInfo defines rule struct
type RuleInfo struct {
Name string
RuleType RuleType
Msgs []string
Patches [][]byte // this will store the mutation patch being applied by the rule
success bool
}
//ToString reule information
//TODO: check if this is needed
func (ri *RuleInfo) ToString() string {
str := "rulename: " + ri.Name
msgs := strings.Join(ri.Msgs, ";")
return strings.Join([]string{str, msgs}, ";")
}
//GetErrorString returns the error message for a rule
func (ri *RuleInfo) GetErrorString() string {
return strings.Join(ri.Msgs, ";")
}
//NewRuleInfo creates a new RuleInfo
func NewRuleInfo(ruleName string, ruleType RuleType) RuleInfo {
return RuleInfo{
Name: ruleName,
Msgs: []string{},
RuleType: ruleType,
success: true, // fail to be set explicity
}
}
//Fail set the rule as failed
func (ri *RuleInfo) Fail() {
ri.success = false
}
//IsSuccessful checks if rule is succesful
func (ri *RuleInfo) IsSuccessful() bool {
return ri.success
}
//Add add msg
func (ri *RuleInfo) Add(msg string) {
ri.Msgs = append(ri.Msgs, msg)
}
//Addf add msg with args
func (ri *RuleInfo) Addf(msg string, args ...interface{}) {
ri.Msgs = append(ri.Msgs, fmt.Sprintf(msg, args...))
}
//RulesSuccesfuly check if the any rule has failed or not
func rulesSuccesfuly(rules []RuleInfo) bool {
for _, r := range rules {
if !r.success {
return false
}
}
return true
}
//AddRuleInfos sets the rule information
func (pi *PolicyInfo) AddRuleInfos(rules []RuleInfo) {
if rules == nil {
return
}
if !rulesSuccesfuly(rules) {
pi.success = false
}
pi.Rules = append(pi.Rules, rules...)
}
//GetRuleNames gets the name of successful rules
func (pi *PolicyInfo) GetRuleNames(onSuccess bool) string {
var ruleNames []string
for _, rule := range pi.Rules {
if onSuccess {
if rule.IsSuccessful() {
ruleNames = append(ruleNames, rule.Name)
}
} else {
if !rule.IsSuccessful() {
ruleNames = append(ruleNames, rule.Name)
}
}
}
return strings.Join(ruleNames, ",")
}

131
pkg/policyviolation/helpers.go
View file

@ -9,7 +9,6 @@ import (
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
"github.com/nirmata/kyverno/pkg/engine"
"github.com/nirmata/kyverno/pkg/info"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/tools/cache"
)
@ -30,28 +29,28 @@ func BuildPolicyViolation(policy string, resource kyverno.ResourceSpec, fRules [
}
// buildPolicyViolationsForAPolicy returns a policy violation object if there are any rules that fail
func buildPolicyViolationsForAPolicy(pi info.PolicyInfo) kyverno.PolicyViolation {
var fRules []kyverno.ViolatedRule
var pv kyverno.PolicyViolation
for _, r := range pi.Rules {
if !r.IsSuccessful() {
fRules = append(fRules, kyverno.ViolatedRule{Name: r.Name, Message: r.GetErrorString(), Type: r.RuleType.String()})
}
}
if len(fRules) > 0 {
glog.V(4).Infof("building policy violation for policy %s on resource %s/%s/%s", pi.Name, pi.RKind, pi.RNamespace, pi.RName)
// there is an error
pv = BuildPolicyViolation(pi.Name, kyverno.ResourceSpec{
Kind: pi.RKind,
Namespace: pi.RNamespace,
Name: pi.RName,
},
fRules,
)
// func buildPolicyViolationsForAPolicy(pi info.PolicyInfo) kyverno.PolicyViolation {
// var fRules []kyverno.ViolatedRule
// var pv kyverno.PolicyViolation
// for _, r := range pi.Rules {
// if !r.IsSuccessful() {
// fRules = append(fRules, kyverno.ViolatedRule{Name: r.Name, Message: r.GetErrorString(), Type: r.RuleType.String()})
// }
// }
// if len(fRules) > 0 {
// glog.V(4).Infof("building policy violation for policy %s on resource %s/%s/%s", pi.Name, pi.RKind, pi.RNamespace, pi.RName)
// // there is an error
// pv = BuildPolicyViolation(pi.Name, kyverno.ResourceSpec{
// Kind: pi.RKind,
// Namespace: pi.RNamespace,
// Name: pi.RName,
// },
// fRules,
// )
}
return pv
}
// }
// return pv
// }
func buildPVForPolicy(er engine.EngineResponseNew) kyverno.PolicyViolation {
var violatedRules []kyverno.ViolatedRule
@ -126,52 +125,52 @@ func CreatePV(pvLister kyvernolister.PolicyViolationLister, client *kyvernoclien
}
}
//GeneratePolicyViolations generate policyViolation resources for the rules that failed
//TODO: check if pvListerSynced is needed
func GeneratePolicyViolations(pvListerSynced cache.InformerSynced, pvLister kyvernolister.PolicyViolationLister, client *kyvernoclient.Clientset, policyInfos []info.PolicyInfo) {
var pvs []kyverno.PolicyViolation
for _, policyInfo := range policyInfos {
if !policyInfo.IsSuccessful() {
if pv := buildPolicyViolationsForAPolicy(policyInfo); !reflect.DeepEqual(pv, kyverno.PolicyViolation{}) {
pvs = append(pvs, pv)
}
}
}
// //GeneratePolicyViolations generate policyViolation resources for the rules that failed
// //TODO: check if pvListerSynced is needed
// func GeneratePolicyViolations(pvListerSynced cache.InformerSynced, pvLister kyvernolister.PolicyViolationLister, client *kyvernoclient.Clientset, policyInfos []info.PolicyInfo) {
// var pvs []kyverno.PolicyViolation
// for _, policyInfo := range policyInfos {
// if !policyInfo.IsSuccessful() {
// if pv := buildPolicyViolationsForAPolicy(policyInfo); !reflect.DeepEqual(pv, kyverno.PolicyViolation{}) {
// pvs = append(pvs, pv)
// }
// }
// }
if len(pvs) > 0 {
for _, newPv := range pvs {
// generate PolicyViolation objects
glog.V(4).Infof("creating policyViolation resource for policy %s and resource %s/%s/%s", newPv.Spec.Policy, newPv.Spec.Kind, newPv.Spec.Namespace, newPv.Spec.Name)
// if len(pvs) > 0 {
// for _, newPv := range pvs {
// // generate PolicyViolation objects
// glog.V(4).Infof("creating policyViolation resource for policy %s and resource %s/%s/%s", newPv.Spec.Policy, newPv.Spec.Kind, newPv.Spec.Namespace, newPv.Spec.Name)
// check if there was a previous violation for policy & resource combination
curPv, err := getExistingPolicyViolationIfAny(pvListerSynced, pvLister, newPv)
if err != nil {
continue
}
if curPv == nil {
// no existing policy violation, create a new one
_, err := client.KyvernoV1alpha1().PolicyViolations().Create(&newPv)
if err != nil {
glog.Error(err)
}
continue
}
// compare the policyviolation spec for existing resource if present else
if reflect.DeepEqual(curPv.Spec, newPv.Spec) {
// if they are equal there has been no change so dont update the polivy violation
glog.Infof("policy violation spec %v did not change so not updating it", newPv.Spec)
continue
}
// spec changed so update the policyviolation
//TODO: wont work, as name is not defined yet
_, err = client.KyvernoV1alpha1().PolicyViolations().Update(&newPv)
if err != nil {
glog.Error(err)
continue
}
}
}
}
// // check if there was a previous violation for policy & resource combination
// curPv, err := getExistingPolicyViolationIfAny(pvListerSynced, pvLister, newPv)
// if err != nil {
// continue
// }
// if curPv == nil {
// // no existing policy violation, create a new one
// _, err := client.KyvernoV1alpha1().PolicyViolations().Create(&newPv)
// if err != nil {
// glog.Error(err)
// }
// continue
// }
// // compare the policyviolation spec for existing resource if present else
// if reflect.DeepEqual(curPv.Spec, newPv.Spec) {
// // if they are equal there has been no change so dont update the polivy violation
// glog.Infof("policy violation spec %v did not change so not updating it", newPv.Spec)
// continue
// }
// // spec changed so update the policyviolation
// //TODO: wont work, as name is not defined yet
// _, err = client.KyvernoV1alpha1().PolicyViolations().Update(&newPv)
// if err != nil {
// glog.Error(err)
// continue
// }
// }
// }
// }
//TODO: change the name
func getExistingPolicyViolationIfAny(pvListerSynced cache.InformerSynced, pvLister kyvernolister.PolicyViolationLister, newPv kyverno.PolicyViolation) (*kyverno.PolicyViolation, error) {