mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-28 18:38:40 +00:00
Code Activity

feat: make cli results count public (#10177)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2024-05-07 10:58:09 +02:00 committed by GitHub
parent f29f7ca454
commit ecce1632f2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 43 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
cmd/cli/kubectl-kyverno/commands/apply/command.go
View file

@ -471,7 +471,7 @@ func printReports(out io.Writer, engineResponses []engineapi.EngineResponse, aud
}
func printViolations(out io.Writer, rc *processor.ResultCounts) {
fmt.Fprintf(out, "\npass: %d, fail: %d, warn: %d, error: %d, skip: %d \n", rc.Pass(), rc.Fail(), rc.Warn(), rc.Error(), rc.Skip())
fmt.Fprintf(out, "\npass: %d, fail: %d, warn: %d, error: %d, skip: %d \n", rc.Pass, rc.Fail, rc.Warn, rc.Error, rc.Skip)
}
type WarnExitCodeError struct {
@ -483,16 +483,16 @@ func (w WarnExitCodeError) Error() string {
}
func exit(out io.Writer, rc *processor.ResultCounts, warnExitCode int, warnNoPassed bool) error {
if rc.Fail() > 0 {
if rc.Fail > 0 {
return fmt.Errorf("exit as there are policy violations")
} else if rc.Error() > 0 {
} else if rc.Error > 0 {
return fmt.Errorf("exit as there are policy errors")
} else if rc.Warn() > 0 && warnExitCode != 0 {
} else if rc.Warn > 0 && warnExitCode != 0 {
fmt.Printf("exit as warnExitCode is %d", warnExitCode)
return WarnExitCodeError{
ExitCode: warnExitCode,
}
} else if rc.Pass() == 0 && warnNoPassed {
} else if rc.Pass == 0 && warnNoPassed {
fmt.Println(out, "exit as no objects satisfied policy")
return WarnExitCodeError{
ExitCode: warnExitCode,

30
cmd/cli/kubectl-kyverno/processor/policy_processor_test.go
View file

@ -79,11 +79,11 @@ func Test_NamespaceSelector(t *testing.T) {
},
},
result: ResultCounts{
pass: 0,
fail: 1,
warn: 0,
err: 0,
skip: 0,
Pass: 0,
Fail: 1,
Warn: 0,
Error: 0,
Skip: 0,
},
},
{
@ -95,11 +95,11 @@ func Test_NamespaceSelector(t *testing.T) {
},
},
result: ResultCounts{
pass: 1,
fail: 1,
warn: 0,
err: 0,
skip: 0,
Pass: 1,
Fail: 1,
Warn: 0,
Error: 0,
Skip: 0,
},
},
}
@ -118,10 +118,10 @@ func Test_NamespaceSelector(t *testing.T) {
Out: os.Stdout,
}
processor.ApplyPoliciesOnResource()
assert.Equal(t, int64(rc.Pass()), int64(tc.result.pass))
assert.Equal(t, int64(rc.Fail()), int64(tc.result.fail))
assert.Equal(t, int64(rc.Skip()), int64(tc.result.skip))
assert.Equal(t, int64(rc.Warn()), int64(tc.result.warn))
assert.Equal(t, int64(rc.Error()), int64(tc.result.err))
assert.Equal(t, int64(rc.Pass), int64(tc.result.Pass))
assert.Equal(t, int64(rc.Fail), int64(tc.result.Fail))
assert.Equal(t, int64(rc.Skip), int64(tc.result.Skip))
assert.Equal(t, int64(rc.Warn), int64(tc.result.Warn))
assert.Equal(t, int64(rc.Error), int64(tc.result.Error))
}
}

52
cmd/cli/kubectl-kyverno/processor/result.go
View file

@ -8,21 +8,15 @@ import (
)
type ResultCounts struct {
pass int
fail int
warn int
err int
skip int
Pass int
Fail int
Warn int
Error int
Skip int
}
func (rc ResultCounts) Pass() int { return rc.pass }
func (rc ResultCounts) Fail() int { return rc.fail }
func (rc ResultCounts) Warn() int { return rc.warn }
func (rc ResultCounts) Error() int { return rc.err }
func (rc ResultCounts) Skip() int { return rc.skip }
func (rc *ResultCounts) IncrementError(inc int) {
rc.err += inc
rc.Error += inc
}
func (rc *ResultCounts) addEngineResponses(auditWarn bool, responses ...engineapi.EngineResponse) {
@ -45,22 +39,22 @@ func (rc *ResultCounts) addEngineResponse(auditWarn bool, response engineapi.Eng
if rule.Name == valResponseRule.Name() {
switch valResponseRule.Status() {
case engineapi.RuleStatusPass:
rc.pass++
rc.Pass++
case engineapi.RuleStatusFail:
if !scored {
rc.warn++
rc.Warn++
break
} else if auditWarn && response.GetValidationFailureAction().Audit() {
rc.warn++
rc.Warn++
} else {
rc.fail++
rc.Fail++
}
case engineapi.RuleStatusError:
rc.err++
rc.Error++
case engineapi.RuleStatusWarn:
rc.warn++
rc.Warn++
case engineapi.RuleStatusSkip:
rc.skip++
rc.Skip++
}
continue
}
@ -80,12 +74,12 @@ func (rc *ResultCounts) addGenerateResponse(auditWarn bool, resPath string, resp
for _, ruleResponse := range response.PolicyResponse.Rules {
if policyRule.Name == ruleResponse.Name() {
if ruleResponse.Status() == engineapi.RuleStatusPass {
rc.pass++
rc.Pass++
} else {
if auditWarn && response.GetValidationFailureAction().Audit() {
rc.warn++
rc.Warn++
} else {
rc.fail++
rc.Fail++
}
}
continue
@ -114,14 +108,14 @@ func (rc *ResultCounts) addMutateResponse(resourcePath string, response engineap
for _, mutateResponseRule := range response.PolicyResponse.Rules {
if policyRule.Name == mutateResponseRule.Name() {
if mutateResponseRule.Status() == engineapi.RuleStatusPass {
rc.pass++
rc.Pass++
printMutatedRes = true
} else if mutateResponseRule.Status() == engineapi.RuleStatusSkip {
rc.skip++
rc.Skip++
} else if mutateResponseRule.Status() == engineapi.RuleStatusError {
rc.err++
rc.Error++
} else {
rc.fail++
rc.Fail++
}
continue
}
@ -133,11 +127,11 @@ func (rc *ResultCounts) addMutateResponse(resourcePath string, response engineap
func (rc *ResultCounts) addValidatingAdmissionResponse(vap v1alpha1.ValidatingAdmissionPolicy, engineResponse engineapi.EngineResponse) {
for _, ruleResp := range engineResponse.PolicyResponse.Rules {
if ruleResp.Status() == engineapi.RuleStatusPass {
rc.pass++
rc.Pass++
} else if ruleResp.Status() == engineapi.RuleStatusFail {
rc.fail++
rc.Fail++
} else if ruleResp.Status() == engineapi.RuleStatusError {
rc.err++
rc.Error++
}
}
}