generate events for resource & policy

2025-03-28 10:28:36 +00:00 · 2019-08-09 17:28:49 -07:00 · 2019-08-09 17:28:49 -07:00 · e5b4e5a116
commit e5b4e5a116
parent 1e621146be
2 changed files with 13 additions and 1 deletions
--- a/pkg/webhooks/mutation.go
+++ b/pkg/webhooks/mutation.go
@ -53,7 +53,7 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) *v1be
 		policyPatches, ruleInfos := engine.Mutate(*policy, request.Object.Raw, request.Kind)
 		policyInfo.AddRuleInfos(ruleInfos)
 		policyInfos = append(policyInfos, policyInfo)
-			if !policyInfo.IsSuccessful() {
+		if !policyInfo.IsSuccessful() {
 			glog.V(4).Infof("Failed to apply policy %s on resource %s/%s", policy.Name, resource.GetNamespace(), resource.GetName())
 			glog.V(4).Info("Failed rule details")
 			for _, r := range ruleInfos {
@ -66,7 +66,12 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) *v1be
 	}

 	// ADD ANNOTATIONS
+	// TODO: merge the annotation patch with the patch response
 	// ADD EVENTS
+	if len(patches) > 0 {
+		eventsInfo, _ := newEventInfoFromPolicyInfo(policyInfos, (request.Operation == v1beta1.Update), info.Mutation)
+		ws.eventGen.Add(eventsInfo...)
+	}
 	// ADD POLICY VIOLATIONS

 	ok, msg := isAdmSuccesful(policyInfos)
--- a/pkg/webhooks/validation.go
+++ b/pkg/webhooks/validation.go
@ -77,8 +77,15 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1
 	}

 	// ADD EVENTS
+	if len(policyInfos) > 0 && len(policyInfos[0].Rules) != 0 {
+		eventsInfo, _ := newEventInfoFromPolicyInfo(policyInfos, (request.Operation == v1beta1.Update), info.Validation)
+		// If the validationFailureAction flag is set "audit",
+		// then we dont block the request and report the violations
+		ws.eventGen.Add(eventsInfo...)
+	}

 	// ADD POLICY VIOLATIONS
+
 	ok, msg := isAdmSuccesful(policyInfos)
 	if !ok && toBlock(policyInfos) {
 		return &v1beta1.AdmissionResponse{