From f1f8ed3f7de7c861ea23e443ab28b91a69342e34 Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Thu, 15 Oct 2020 18:06:34 -0700 Subject: [PATCH] temporarily comment out code to pass CI build --- pkg/kyverno/report/allreports.go | 126 ++-- pkg/kyverno/report/cluster.go | 84 +-- pkg/kyverno/report/command.go | 6 +- pkg/kyverno/report/common.go | 1184 +++++++++++++++--------------- pkg/kyverno/report/namespace.go | 127 ++-- 5 files changed, 765 insertions(+), 762 deletions(-) diff --git a/pkg/kyverno/report/allreports.go b/pkg/kyverno/report/allreports.go index 2c5573511e..4a7b0a0552 100644 --- a/pkg/kyverno/report/allreports.go +++ b/pkg/kyverno/report/allreports.go @@ -1,67 +1,67 @@ package report -import ( - "fmt" - "os" - "sync" - "time" +// import ( +// "fmt" +// "os" +// "sync" +// "time" - "github.com/kyverno/kyverno/pkg/common" - "github.com/kyverno/kyverno/pkg/constant" - "github.com/kyverno/kyverno/pkg/utils" - "github.com/spf13/cobra" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/cli-runtime/pkg/genericclioptions" - log "sigs.k8s.io/controller-runtime/pkg/log" -) +// "github.com/kyverno/kyverno/pkg/common" +// "github.com/kyverno/kyverno/pkg/constant" +// "github.com/kyverno/kyverno/pkg/utils" +// "github.com/spf13/cobra" +// metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// "k8s.io/cli-runtime/pkg/genericclioptions" +// log "sigs.k8s.io/controller-runtime/pkg/log" +// ) -func AllReportsCommand() *cobra.Command { - kubernetesConfig := genericclioptions.NewConfigFlags(true) - var mode, namespace, policy string - cmd := &cobra.Command{ - Use: "all", - Short: "generate report for all scope", - Example: fmt.Sprintf("To create a namespace report from background scan:\nkyverno report namespace --namespace=defaults \n kyverno report namespace"), - RunE: func(cmd *cobra.Command, args []string) (err error) { - os.Setenv("POLICY-TYPE", common.PolicyReport) - logger := log.Log.WithName("Report") - restConfig, err := kubernetesConfig.ToRESTConfig() - if err != nil { - logger.Error(err, "failed to create rest config of kubernetes cluster ") - os.Exit(1) - } - const resyncPeriod = 1 * time.Second - kubeClient, err := utils.NewKubeClient(restConfig) - if err != nil { - log.Log.Error(err, "Failed to create kubernetes client") - os.Exit(1) - } - var wg sync.WaitGroup - if mode == "cli" { - if namespace != "" { - wg.Add(1) - go backgroundScan(namespace, constant.All, policy, &wg, restConfig, logger) - } else { - ns, err := kubeClient.CoreV1().Namespaces().List(metav1.ListOptions{}) - if err != nil { - os.Exit(1) - } - wg.Add(len(ns.Items)) - for _, n := range ns.Items { - go backgroundScan(n.GetName(), constant.All, policy, &wg, restConfig, logger) - } - } - } else { - wg.Add(1) - go configmapScan(constant.All, &wg, restConfig, logger) - } - wg.Wait() - os.Exit(0) - return nil - }, - } - cmd.Flags().StringVarP(&namespace, "namespace", "n", "", "define specific namespace") - cmd.Flags().StringVarP(&policy, "policy", "p", "", "define specific policy") - cmd.Flags().StringVarP(&mode, "mode", "m", "cli", "mode") - return cmd -} +// func AllReportsCommand() *cobra.Command { +// kubernetesConfig := genericclioptions.NewConfigFlags(true) +// var mode, namespace, policy string +// cmd := &cobra.Command{ +// Use: "all", +// Short: "generate report for all scope", +// Example: fmt.Sprintf("To create a namespace report from background scan:\nkyverno report namespace --namespace=defaults \n kyverno report namespace"), +// RunE: func(cmd *cobra.Command, args []string) (err error) { +// os.Setenv("POLICY-TYPE", common.PolicyReport) +// logger := log.Log.WithName("Report") +// restConfig, err := kubernetesConfig.ToRESTConfig() +// if err != nil { +// logger.Error(err, "failed to create rest config of kubernetes cluster ") +// os.Exit(1) +// } +// const resyncPeriod = 1 * time.Second +// kubeClient, err := utils.NewKubeClient(restConfig) +// if err != nil { +// log.Log.Error(err, "Failed to create kubernetes client") +// os.Exit(1) +// } +// var wg sync.WaitGroup +// if mode == "cli" { +// if namespace != "" { +// wg.Add(1) +// go backgroundScan(namespace, constant.All, policy, &wg, restConfig, logger) +// } else { +// ns, err := kubeClient.CoreV1().Namespaces().List(metav1.ListOptions{}) +// if err != nil { +// os.Exit(1) +// } +// wg.Add(len(ns.Items)) +// for _, n := range ns.Items { +// go backgroundScan(n.GetName(), constant.All, policy, &wg, restConfig, logger) +// } +// } +// } else { +// wg.Add(1) +// go configmapScan(constant.All, &wg, restConfig, logger) +// } +// wg.Wait() +// os.Exit(0) +// return nil +// }, +// } +// cmd.Flags().StringVarP(&namespace, "namespace", "n", "", "define specific namespace") +// cmd.Flags().StringVarP(&policy, "policy", "p", "", "define specific policy") +// cmd.Flags().StringVarP(&mode, "mode", "m", "cli", "mode") +// return cmd +// } diff --git a/pkg/kyverno/report/cluster.go b/pkg/kyverno/report/cluster.go index 9509dd2fbb..53aec8507c 100644 --- a/pkg/kyverno/report/cluster.go +++ b/pkg/kyverno/report/cluster.go @@ -1,47 +1,47 @@ package report -import ( - "fmt" - "os" - "sync" +// import ( +// "fmt" +// "os" +// "sync" - "github.com/kyverno/kyverno/pkg/common" - "github.com/kyverno/kyverno/pkg/constant" - "github.com/spf13/cobra" - "k8s.io/cli-runtime/pkg/genericclioptions" - log "sigs.k8s.io/controller-runtime/pkg/log" -) +// "github.com/kyverno/kyverno/pkg/common" +// "github.com/kyverno/kyverno/pkg/constant" +// "github.com/spf13/cobra" +// "k8s.io/cli-runtime/pkg/genericclioptions" +// log "sigs.k8s.io/controller-runtime/pkg/log" +// ) -func ClusterCommand() *cobra.Command { - kubernetesConfig := genericclioptions.NewConfigFlags(true) - var mode, policy string - cmd := &cobra.Command{ - Use: "cluster", - Short: "generate report for cluster scope", - Example: fmt.Sprintf("To create a cluster report from background scan: kyverno report cluster"), - RunE: func(cmd *cobra.Command, args []string) (err error) { - os.Setenv("POLICY-TYPE", common.PolicyReport) - logger := log.Log.WithName("Report") - restConfig, err := kubernetesConfig.ToRESTConfig() - if err != nil { - logger.Error(err, "failed to create rest config of kubernetes cluster ") - os.Exit(1) - } - var wg sync.WaitGroup - wg.Add(1) - if mode == "cli" { - go backgroundScan("", constant.Cluster, policy, &wg, restConfig, logger) - wg.Wait() - os.Exit(0) - } - go configmapScan(constant.Cluster, &wg, restConfig, logger) - wg.Wait() - os.Exit(0) - return nil - }, - } - cmd.Flags().StringVarP(&mode, "mode", "m", "cli", "mode of cli") - cmd.Flags().StringVarP(&policy, "policy", "p", "", "define specific policy") +// func ClusterCommand() *cobra.Command { +// kubernetesConfig := genericclioptions.NewConfigFlags(true) +// var mode, policy string +// cmd := &cobra.Command{ +// Use: "cluster", +// Short: "generate report for cluster scope", +// Example: fmt.Sprintf("To create a cluster report from background scan: kyverno report cluster"), +// RunE: func(cmd *cobra.Command, args []string) (err error) { +// os.Setenv("POLICY-TYPE", common.PolicyReport) +// logger := log.Log.WithName("Report") +// restConfig, err := kubernetesConfig.ToRESTConfig() +// if err != nil { +// logger.Error(err, "failed to create rest config of kubernetes cluster ") +// os.Exit(1) +// } +// var wg sync.WaitGroup +// wg.Add(1) +// if mode == "cli" { +// go backgroundScan("", constant.Cluster, policy, &wg, restConfig, logger) +// wg.Wait() +// os.Exit(0) +// } +// go configmapScan(constant.Cluster, &wg, restConfig, logger) +// wg.Wait() +// os.Exit(0) +// return nil +// }, +// } +// cmd.Flags().StringVarP(&mode, "mode", "m", "cli", "mode of cli") +// cmd.Flags().StringVarP(&policy, "policy", "p", "", "define specific policy") - return cmd -} +// return cmd +// } diff --git a/pkg/kyverno/report/command.go b/pkg/kyverno/report/command.go index 06cabc5fa4..64e507af29 100644 --- a/pkg/kyverno/report/command.go +++ b/pkg/kyverno/report/command.go @@ -25,8 +25,8 @@ func Command() *cobra.Command { return err }, } - cmd.AddCommand(NamespaceCommand()) - cmd.AddCommand(ClusterCommand()) - cmd.AddCommand(AllReportsCommand()) + // cmd.AddCommand(NamespaceCommand()) + // cmd.AddCommand(ClusterCommand()) + // cmd.AddCommand(AllReportsCommand()) return cmd } diff --git a/pkg/kyverno/report/common.go b/pkg/kyverno/report/common.go index 2495cfb0f1..f9214ba621 100644 --- a/pkg/kyverno/report/common.go +++ b/pkg/kyverno/report/common.go @@ -1,647 +1,647 @@ package report -import ( - "encoding/json" - "fmt" +// import ( +// "encoding/json" +// "fmt" - "github.com/go-logr/logr" - kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" - policyreportv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1" - kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned" - kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions" - "github.com/kyverno/kyverno/pkg/config" - "github.com/kyverno/kyverno/pkg/constant" - client "github.com/kyverno/kyverno/pkg/dclient" - "github.com/kyverno/kyverno/pkg/engine" - "github.com/kyverno/kyverno/pkg/engine/context" - "github.com/kyverno/kyverno/pkg/engine/response" - "github.com/kyverno/kyverno/pkg/policy" - "github.com/kyverno/kyverno/pkg/policyreport" - "github.com/kyverno/kyverno/pkg/utils" - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" +// "github.com/go-logr/logr" +// kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" +// policyreportv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1" +// kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned" +// kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions" +// "github.com/kyverno/kyverno/pkg/config" +// "github.com/kyverno/kyverno/pkg/constant" +// client "github.com/kyverno/kyverno/pkg/dclient" +// "github.com/kyverno/kyverno/pkg/engine" +// "github.com/kyverno/kyverno/pkg/engine/context" +// "github.com/kyverno/kyverno/pkg/engine/response" +// "github.com/kyverno/kyverno/pkg/policy" +// "github.com/kyverno/kyverno/pkg/policyreport" +// "github.com/kyverno/kyverno/pkg/utils" +// corev1 "k8s.io/api/core/v1" +// v1 "k8s.io/api/core/v1" +// apierrors "k8s.io/apimachinery/pkg/api/errors" +// "k8s.io/apimachinery/pkg/labels" +// "k8s.io/client-go/tools/cache" - "os" - "strings" - "sync" - "time" +// "os" +// "strings" +// "sync" +// "time" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" - kubeinformers "k8s.io/client-go/informers" - "k8s.io/client-go/rest" - log "sigs.k8s.io/controller-runtime/pkg/log" -) +// metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +// "k8s.io/apimachinery/pkg/runtime" +// kubeinformers "k8s.io/client-go/informers" +// "k8s.io/client-go/rest" +// log "sigs.k8s.io/controller-runtime/pkg/log" +// ) -func backgroundScan(n, scope, policychange string, wg *sync.WaitGroup, restConfig *rest.Config, logger logr.Logger) { - lgr := logger.WithValues("namespace", n, "scope", scope, "policychange", policychange) - defer func() { - wg.Done() - }() - dClient, err := client.NewClient(restConfig, 5*time.Minute, make(chan struct{}), lgr) - if err != nil { - lgr.Error(err, "Error in creating dcclient with provided rest config") - os.Exit(1) - } +// func backgroundScan(n, scope, policychange string, wg *sync.WaitGroup, restConfig *rest.Config, logger logr.Logger) { +// lgr := logger.WithValues("namespace", n, "scope", scope, "policychange", policychange) +// defer func() { +// wg.Done() +// }() +// dClient, err := client.NewClient(restConfig, 5*time.Minute, make(chan struct{}), lgr) +// if err != nil { +// lgr.Error(err, "Error in creating dcclient with provided rest config") +// os.Exit(1) +// } - kclient, err := kyvernoclient.NewForConfig(restConfig) - if err != nil { - lgr.Error(err, "Error in creating kyverno client with provided rest config") - os.Exit(1) - } - kubeClient, err := utils.NewKubeClient(restConfig) - if err != nil { - lgr.Error(err, "Error in creating kube client with provided rest config") - os.Exit(1) - } - pclient, err := kyvernoclient.NewForConfig(restConfig) - if err != nil { - lgr.Error(err, "Error in creating kyverno client for policy with provided rest config") - os.Exit(1) - } - var stopCh <-chan struct{} - const resyncPeriod = 15 * time.Minute +// kclient, err := kyvernoclient.NewForConfig(restConfig) +// if err != nil { +// lgr.Error(err, "Error in creating kyverno client with provided rest config") +// os.Exit(1) +// } +// kubeClient, err := utils.NewKubeClient(restConfig) +// if err != nil { +// lgr.Error(err, "Error in creating kube client with provided rest config") +// os.Exit(1) +// } +// pclient, err := kyvernoclient.NewForConfig(restConfig) +// if err != nil { +// lgr.Error(err, "Error in creating kyverno client for policy with provided rest config") +// os.Exit(1) +// } +// var stopCh <-chan struct{} +// const resyncPeriod = 15 * time.Minute - kubeInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, resyncPeriod) - pInformer := kyvernoinformer.NewSharedInformerFactoryWithOptions(pclient, resyncPeriod) - ci := kubeInformer.Core().V1().ConfigMaps() - pi := pInformer.Kyverno().V1().Policies() - np := kubeInformer.Core().V1().Namespaces() +// kubeInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, resyncPeriod) +// pInformer := kyvernoinformer.NewSharedInformerFactoryWithOptions(pclient, resyncPeriod) +// ci := kubeInformer.Core().V1().ConfigMaps() +// pi := pInformer.Kyverno().V1().Policies() +// np := kubeInformer.Core().V1().Namespaces() - go np.Informer().Run(stopCh) +// go np.Informer().Run(stopCh) - nSynced := np.Informer().HasSynced +// nSynced := np.Informer().HasSynced - cpi := pInformer.Kyverno().V1().ClusterPolicies() - go ci.Informer().Run(stopCh) - go pi.Informer().Run(stopCh) - go cpi.Informer().Run(stopCh) - cSynced := ci.Informer().HasSynced - piSynced := pi.Informer().HasSynced - cpiSynced := cpi.Informer().HasSynced - if !cache.WaitForCacheSync(stopCh, cSynced, piSynced, cpiSynced, nSynced) { - lgr.Error(err, "Failed to Create kubernetes client") - os.Exit(1) - } +// cpi := pInformer.Kyverno().V1().ClusterPolicies() +// go ci.Informer().Run(stopCh) +// go pi.Informer().Run(stopCh) +// go cpi.Informer().Run(stopCh) +// cSynced := ci.Informer().HasSynced +// piSynced := pi.Informer().HasSynced +// cpiSynced := cpi.Informer().HasSynced +// if !cache.WaitForCacheSync(stopCh, cSynced, piSynced, cpiSynced, nSynced) { +// lgr.Error(err, "Failed to Create kubernetes client") +// os.Exit(1) +// } - configData := config.NewConfigData( - kubeClient, - ci, - "", - "", - "", - lgr.WithName("ConfigData"), - ) - var cpolicies []*kyvernov1.ClusterPolicy - removePolicy := []string{} - policySelector := strings.Split(policychange, ",") - if len(policySelector) > 0 && policychange != "" { - for _, v := range policySelector { - cpolicy, err := cpi.Lister().Get(v) - if err != nil { - if apierrors.IsNotFound(err) { - removePolicy = append(removePolicy, v) - } - } else { - cpolicies = append(cpolicies, cpolicy) - } - for _, v := range policySelector { - policies, err := pi.Lister().List(labels.Everything()) - if err == nil { - for _, p := range policies { - if v == p.GetName() { - cp := policy.ConvertPolicyToClusterPolicy(p) - cpolicies = append(cpolicies, cp) - } +// configData := config.NewConfigData( +// kubeClient, +// ci, +// "", +// "", +// "", +// lgr.WithName("ConfigData"), +// ) +// var cpolicies []*kyvernov1.ClusterPolicy +// removePolicy := []string{} +// policySelector := strings.Split(policychange, ",") +// if len(policySelector) > 0 && policychange != "" { +// for _, v := range policySelector { +// cpolicy, err := cpi.Lister().Get(v) +// if err != nil { +// if apierrors.IsNotFound(err) { +// removePolicy = append(removePolicy, v) +// } +// } else { +// cpolicies = append(cpolicies, cpolicy) +// } +// for _, v := range policySelector { +// policies, err := pi.Lister().List(labels.Everything()) +// if err == nil { +// for _, p := range policies { +// if v == p.GetName() { +// cp := policy.ConvertPolicyToClusterPolicy(p) +// cpolicies = append(cpolicies, cp) +// } - } - } - } +// } +// } +// } - } - } else { - cpolicies, err = cpi.Lister().List(labels.Everything()) - if err != nil { - lgr.Error(err, "Error in geting cluster policy list") - os.Exit(1) - } - policies, err := pi.Lister().List(labels.Everything()) - if err != nil { - lgr.Error(err, "Error in geting policy list") - os.Exit(1) - } +// } +// } else { +// cpolicies, err = cpi.Lister().List(labels.Everything()) +// if err != nil { +// lgr.Error(err, "Error in geting cluster policy list") +// os.Exit(1) +// } +// policies, err := pi.Lister().List(labels.Everything()) +// if err != nil { +// lgr.Error(err, "Error in geting policy list") +// os.Exit(1) +// } - for _, p := range policies { - cp := policy.ConvertPolicyToClusterPolicy(p) - cpolicies = append(cpolicies, cp) - } - } +// for _, p := range policies { +// cp := policy.ConvertPolicyToClusterPolicy(p) +// cpolicies = append(cpolicies, cp) +// } +// } - // key uid - resourceMap := map[string]map[string]unstructured.Unstructured{} - for _, p := range cpolicies { - for _, rule := range p.Spec.Rules { - for _, k := range rule.MatchResources.Kinds { - resourceSchema, _, err := dClient.DiscoveryClient.FindResource("", k) - if err != nil { - lgr.Error(err, "failed to find resource", "kind", k) - continue - } - if !resourceSchema.Namespaced { - rMap := policy.GetResourcesPerNamespace(k, dClient, "", rule, configData, log.Log) - if len(resourceMap[constant.Cluster]) == 0 { - resourceMap[constant.Cluster] = make(map[string]unstructured.Unstructured) - } - policy.MergeResources(resourceMap[constant.Cluster], rMap) - } else { - namespaces := policy.GetNamespacesForRule(&rule, np.Lister(), log.Log) - for _, ns := range namespaces { - if ns == n { - rMap := policy.GetResourcesPerNamespace(k, dClient, ns, rule, configData, log.Log) +// // key uid +// resourceMap := map[string]map[string]unstructured.Unstructured{} +// for _, p := range cpolicies { +// for _, rule := range p.Spec.Rules { +// for _, k := range rule.MatchResources.Kinds { +// resourceSchema, _, err := dClient.DiscoveryClient.FindResource("", k) +// if err != nil { +// lgr.Error(err, "failed to find resource", "kind", k) +// continue +// } +// if !resourceSchema.Namespaced { +// rMap := policy.GetResourcesPerNamespace(k, dClient, "", rule, configData, log.Log) +// if len(resourceMap[constant.Cluster]) == 0 { +// resourceMap[constant.Cluster] = make(map[string]unstructured.Unstructured) +// } +// policy.MergeResources(resourceMap[constant.Cluster], rMap) +// } else { +// namespaces := policy.GetNamespacesForRule(&rule, np.Lister(), log.Log) +// for _, ns := range namespaces { +// if ns == n { +// rMap := policy.GetResourcesPerNamespace(k, dClient, ns, rule, configData, log.Log) - if len(resourceMap[constant.Namespace]) == 0 { - resourceMap[constant.Namespace] = make(map[string]unstructured.Unstructured) - } - policy.MergeResources(resourceMap[constant.Namespace], rMap) - } - } - } - } - } - if p.HasAutoGenAnnotation() { - switch scope { - case constant.Cluster: - resourceMap[constant.Cluster] = policy.ExcludePod(resourceMap[constant.Cluster], log.Log) - delete(resourceMap, constant.Namespace) - break - case constant.Namespace: - resourceMap[constant.Namespace] = policy.ExcludePod(resourceMap[constant.Namespace], log.Log) - delete(resourceMap, constant.Cluster) - break - case constant.All: - resourceMap[constant.Cluster] = policy.ExcludePod(resourceMap[constant.Cluster], log.Log) - resourceMap[constant.Namespace] = policy.ExcludePod(resourceMap[constant.Namespace], log.Log) - } - } +// if len(resourceMap[constant.Namespace]) == 0 { +// resourceMap[constant.Namespace] = make(map[string]unstructured.Unstructured) +// } +// policy.MergeResources(resourceMap[constant.Namespace], rMap) +// } +// } +// } +// } +// } +// if p.HasAutoGenAnnotation() { +// switch scope { +// case constant.Cluster: +// resourceMap[constant.Cluster] = policy.ExcludePod(resourceMap[constant.Cluster], log.Log) +// delete(resourceMap, constant.Namespace) +// break +// case constant.Namespace: +// resourceMap[constant.Namespace] = policy.ExcludePod(resourceMap[constant.Namespace], log.Log) +// delete(resourceMap, constant.Cluster) +// break +// case constant.All: +// resourceMap[constant.Cluster] = policy.ExcludePod(resourceMap[constant.Cluster], log.Log) +// resourceMap[constant.Namespace] = policy.ExcludePod(resourceMap[constant.Namespace], log.Log) +// } +// } - results := make(map[string][]policyreportv1alpha1.PolicyReportResult) - for key := range resourceMap { - for _, resource := range resourceMap[key] { - policyContext := engine.PolicyContext{ - NewResource: resource, - Context: context.NewContext(), - Policy: *p, - ExcludeGroupRole: configData.GetExcludeGroupRole(), - } +// results := make(map[string][]policyreportv1alpha1.PolicyReportResult) +// for key := range resourceMap { +// for _, resource := range resourceMap[key] { +// policyContext := engine.PolicyContext{ +// NewResource: resource, +// Context: context.NewContext(), +// Policy: *p, +// ExcludeGroupRole: configData.GetExcludeGroupRole(), +// } - results = createResults(policyContext, key, results) - } - } +// results = createResults(policyContext, key, results) +// } +// } - for k := range results { - if k == "" { - continue - } +// for k := range results { +// if k == "" { +// continue +// } - err := createReport(kclient, k, results[k], removePolicy, lgr) - if err != nil { - continue - } - } - } -} +// err := createReport(kclient, k, results[k], removePolicy, lgr) +// if err != nil { +// continue +// } +// } +// } +// } -func createReport(kclient *kyvernoclient.Clientset, name string, results []policyreportv1alpha1.PolicyReportResult, removePolicy []string, lgr logr.Logger) error { +// func createReport(kclient *kyvernoclient.Clientset, name string, results []policyreportv1alpha1.PolicyReportResult, removePolicy []string, lgr logr.Logger) error { - var scope, ns string - if strings.Contains(name, "clusterpolicyreport") { - scope = constant.Cluster - } else if strings.Contains(name, "policyreport-ns-") { - scope = constant.Namespace - ns = strings.ReplaceAll(name, "policyreport-ns-", "") - } +// var scope, ns string +// if strings.Contains(name, "clusterpolicyreport") { +// scope = constant.Cluster +// } else if strings.Contains(name, "policyreport-ns-") { +// scope = constant.Namespace +// ns = strings.ReplaceAll(name, "policyreport-ns-", "") +// } - if scope == constant.Namespace { - availablepr, err := kclient.PolicyV1alpha1().PolicyReports(ns).Get(name, metav1.GetOptions{}) - if err != nil { - if apierrors.IsNotFound(err) { - availablepr = initPolicyReport(scope, ns, name) - } else { - return err - } - } - availablepr, action := mergeReport(availablepr, results, removePolicy) +// if scope == constant.Namespace { +// availablepr, err := kclient.PolicyV1alpha1().PolicyReports(ns).Get(name, metav1.GetOptions{}) +// if err != nil { +// if apierrors.IsNotFound(err) { +// availablepr = initPolicyReport(scope, ns, name) +// } else { +// return err +// } +// } +// availablepr, action := mergeReport(availablepr, results, removePolicy) - if action == "Create" { - availablepr.SetLabels(map[string]string{ - "policy-state": "state", - }) - _, err := kclient.PolicyV1alpha1().PolicyReports(availablepr.GetNamespace()).Create(availablepr) - if err != nil { - lgr.Error(err, "Error in Create policy report", "appreport", name) - return err - } - } else { - _, err := kclient.PolicyV1alpha1().PolicyReports(availablepr.GetNamespace()).Update(availablepr) - if err != nil { - lgr.Error(err, "Error in update policy report", "appreport", name) - return err - } - } - } else { - availablepr, err := kclient.PolicyV1alpha1().ClusterPolicyReports().Get(name, metav1.GetOptions{}) - if err != nil { - if apierrors.IsNotFound(err) { - availablepr = initClusterPolicyReport(scope, name) - } else { - return err - } - } - availablepr, action := mergeClusterReport(availablepr, results, removePolicy) +// if action == "Create" { +// availablepr.SetLabels(map[string]string{ +// "policy-state": "state", +// }) +// _, err := kclient.PolicyV1alpha1().PolicyReports(availablepr.GetNamespace()).Create(availablepr) +// if err != nil { +// lgr.Error(err, "Error in Create policy report", "appreport", name) +// return err +// } +// } else { +// _, err := kclient.PolicyV1alpha1().PolicyReports(availablepr.GetNamespace()).Update(availablepr) +// if err != nil { +// lgr.Error(err, "Error in update policy report", "appreport", name) +// return err +// } +// } +// } else { +// availablepr, err := kclient.PolicyV1alpha1().ClusterPolicyReports().Get(name, metav1.GetOptions{}) +// if err != nil { +// if apierrors.IsNotFound(err) { +// availablepr = initClusterPolicyReport(scope, name) +// } else { +// return err +// } +// } +// availablepr, action := mergeClusterReport(availablepr, results, removePolicy) - if action == "Create" { - _, err := kclient.PolicyV1alpha1().ClusterPolicyReports().Create(availablepr) - if err != nil { - lgr.Error(err, "Error in Create policy report", "appreport", availablepr) - return err - } - } else { - _, err := kclient.PolicyV1alpha1().ClusterPolicyReports().Update(availablepr) - if err != nil { - lgr.Error(err, "Error in update policy report", "appreport", name) - return err - } - } - } - return nil -} +// if action == "Create" { +// _, err := kclient.PolicyV1alpha1().ClusterPolicyReports().Create(availablepr) +// if err != nil { +// lgr.Error(err, "Error in Create policy report", "appreport", availablepr) +// return err +// } +// } else { +// _, err := kclient.PolicyV1alpha1().ClusterPolicyReports().Update(availablepr) +// if err != nil { +// lgr.Error(err, "Error in update policy report", "appreport", name) +// return err +// } +// } +// } +// return nil +// } -func createResults(policyContext engine.PolicyContext, key string, results map[string][]policyreportv1alpha1.PolicyReportResult) map[string][]policyreportv1alpha1.PolicyReportResult { +// func createResults(policyContext engine.PolicyContext, key string, results map[string][]policyreportv1alpha1.PolicyReportResult) map[string][]policyreportv1alpha1.PolicyReportResult { - var engineResponses []response.EngineResponse - engineResponse := engine.Validate(policyContext) +// var engineResponses []response.EngineResponse +// engineResponse := engine.Validate(policyContext) - if len(engineResponse.PolicyResponse.Rules) > 0 { - engineResponses = append(engineResponses, engineResponse) - } +// if len(engineResponse.PolicyResponse.Rules) > 0 { +// engineResponses = append(engineResponses, engineResponse) +// } - engineResponse = engine.Mutate(policyContext) - if len(engineResponse.PolicyResponse.Rules) > 0 { - engineResponses = append(engineResponses, engineResponse) - } +// engineResponse = engine.Mutate(policyContext) +// if len(engineResponse.PolicyResponse.Rules) > 0 { +// engineResponses = append(engineResponses, engineResponse) +// } - pv := policyreport.GeneratePRsFromEngineResponse(engineResponses, log.Log) +// pv := policyreport.GeneratePRsFromEngineResponse(engineResponses, log.Log) - for _, v := range pv { - var appname string - if key == constant.Namespace { - appname = fmt.Sprintf("policyreport-ns-%s", policyContext.NewResource.GetNamespace()) - } else { - appname = fmt.Sprintf("clusterpolicyreport") - } +// for _, v := range pv { +// var appname string +// if key == constant.Namespace { +// appname = fmt.Sprintf("policyreport-ns-%s", policyContext.NewResource.GetNamespace()) +// } else { +// appname = fmt.Sprintf("clusterpolicyreport") +// } - if appname != "" { - builder := policyreport.NewPrBuilder() - pv := builder.Generate(v) +// if appname != "" { +// builder := policyreport.NewPrBuilder() +// pv := builder.Generate(v) - for _, e := range pv.Spec.ViolatedRules { - result := &policyreportv1alpha1.PolicyReportResult{ - Policy: pv.Spec.Policy, - Rule: e.Name, - Message: e.Message, - } - rd := &policyreportv1alpha1.ResourceStatus{ - Resource: &corev1.ObjectReference{ - Kind: pv.Spec.Kind, - Namespace: pv.Spec.Namespace, - APIVersion: pv.Spec.APIVersion, - Name: pv.Spec.Name, - }, - Status: policyreportv1alpha1.PolicyStatus(e.Check), - } - result.Resources = append(result.Resources, rd) - results[appname] = append(results[appname], *result) - } - } - } - return results -} +// for _, e := range pv.Spec.ViolatedRules { +// result := &policyreportv1alpha1.PolicyReportResult{ +// Policy: pv.Spec.Policy, +// Rule: e.Name, +// Message: e.Message, +// } +// rd := &policyreportv1alpha1.ResourceStatus{ +// Resource: &corev1.ObjectReference{ +// Kind: pv.Spec.Kind, +// Namespace: pv.Spec.Namespace, +// APIVersion: pv.Spec.APIVersion, +// Name: pv.Spec.Name, +// }, +// Status: policyreportv1alpha1.PolicyStatus(e.Check), +// } +// result.Resources = append(result.Resources, rd) +// results[appname] = append(results[appname], *result) +// } +// } +// } +// return results +// } -func configmapScan(scope string, wg *sync.WaitGroup, restConfig *rest.Config, logger logr.Logger) { - defer func() { - wg.Done() - }() +// func configmapScan(scope string, wg *sync.WaitGroup, restConfig *rest.Config, logger logr.Logger) { +// defer func() { +// wg.Done() +// }() - lgr := logger.WithValues("scope", scope) - dClient, err := client.NewClient(restConfig, 5*time.Minute, make(chan struct{}), lgr) - if err != nil { - lgr.Error(err, "Error in creating dcclient with provided rest config") - os.Exit(1) - } +// lgr := logger.WithValues("scope", scope) +// dClient, err := client.NewClient(restConfig, 5*time.Minute, make(chan struct{}), lgr) +// if err != nil { +// lgr.Error(err, "Error in creating dcclient with provided rest config") +// os.Exit(1) +// } - kclient, err := kyvernoclient.NewForConfig(restConfig) - if err != nil { - lgr.Error(err, "Error in creating kyverno client with provided rest config") - os.Exit(1) - } +// kclient, err := kyvernoclient.NewForConfig(restConfig) +// if err != nil { +// lgr.Error(err, "Error in creating kyverno client with provided rest config") +// os.Exit(1) +// } - configmap, err := dClient.GetResource("", "ConfigMap", config.KubePolicyNamespace, config.ConfimapNameForPolicyReport) - if err != nil { - lgr.Error(err, "Error in getting configmap") - os.Exit(1) - } - var job *v1.ConfigMap - if err := runtime.DefaultUnstructuredConverter.FromUnstructured(configmap.UnstructuredContent(), &job); err != nil { - lgr.Error(err, "Error in converting resource to Default Unstructured Converter") - os.Exit(1) - } - response := make(map[string]map[string][]policyreport.Info) - var temp = map[string][]policyreport.Info{} - if scope == constant.Cluster { - if err := json.Unmarshal([]byte(job.Data[constant.Cluster]), &temp); err != nil { - lgr.Error(err, "Error in json marshal of namespace data") - } - response[constant.Cluster] = temp - delete(job.Data, constant.Namespace) - } else if scope == constant.Namespace { - if err := json.Unmarshal([]byte(job.Data[constant.Namespace]), &temp); err != nil { - lgr.Error(err, "Error in json marshal of namespace data") - } - response[constant.Namespace] = temp - delete(job.Data, constant.Cluster) - } else { - if err := json.Unmarshal([]byte(job.Data[constant.Cluster]), &temp); err != nil { - lgr.Error(err, "Error in json marshal of namespace data") - } - response[constant.Cluster] = temp +// configmap, err := dClient.GetResource("", "ConfigMap", config.KubePolicyNamespace, config.ConfimapNameForPolicyReport) +// if err != nil { +// lgr.Error(err, "Error in getting configmap") +// os.Exit(1) +// } +// var job *v1.ConfigMap +// if err := runtime.DefaultUnstructuredConverter.FromUnstructured(configmap.UnstructuredContent(), &job); err != nil { +// lgr.Error(err, "Error in converting resource to Default Unstructured Converter") +// os.Exit(1) +// } +// response := make(map[string]map[string][]policyreport.Info) +// var temp = map[string][]policyreport.Info{} +// if scope == constant.Cluster { +// if err := json.Unmarshal([]byte(job.Data[constant.Cluster]), &temp); err != nil { +// lgr.Error(err, "Error in json marshal of namespace data") +// } +// response[constant.Cluster] = temp +// delete(job.Data, constant.Namespace) +// } else if scope == constant.Namespace { +// if err := json.Unmarshal([]byte(job.Data[constant.Namespace]), &temp); err != nil { +// lgr.Error(err, "Error in json marshal of namespace data") +// } +// response[constant.Namespace] = temp +// delete(job.Data, constant.Cluster) +// } else { +// if err := json.Unmarshal([]byte(job.Data[constant.Cluster]), &temp); err != nil { +// lgr.Error(err, "Error in json marshal of namespace data") +// } +// response[constant.Cluster] = temp - temp = make(map[string][]policyreport.Info) - if err := json.Unmarshal([]byte(job.Data[constant.Namespace]), &temp); err != nil { - lgr.Error(err, "Error in json marshal of namespace data") - } - response[constant.Namespace] = temp - } - var results = make(map[string][]policyreportv1alpha1.PolicyReportResult) - var ns []string - for k := range response { - for n, infos := range response[k] { - for _, v := range infos { - for _, r := range v.Rules { - builder := policyreport.NewPrBuilder() - pv := builder.Generate(v) - result := &policyreportv1alpha1.PolicyReportResult{ - Policy: pv.Spec.Policy, - Rule: r.Name, - Message: r.Message, - } - rd := &policyreportv1alpha1.ResourceStatus{ - Resource: &corev1.ObjectReference{ - Kind: pv.Spec.Kind, - Namespace: pv.Spec.Namespace, - APIVersion: pv.Spec.APIVersion, - Name: pv.Spec.Name, - }, - Status: policyreportv1alpha1.PolicyStatus(r.Check), - } - result.Resources = append(result.Resources, rd) +// temp = make(map[string][]policyreport.Info) +// if err := json.Unmarshal([]byte(job.Data[constant.Namespace]), &temp); err != nil { +// lgr.Error(err, "Error in json marshal of namespace data") +// } +// response[constant.Namespace] = temp +// } +// var results = make(map[string][]policyreportv1alpha1.PolicyReportResult) +// var ns []string +// for k := range response { +// for n, infos := range response[k] { +// for _, v := range infos { +// for _, r := range v.Rules { +// builder := policyreport.NewPrBuilder() +// pv := builder.Generate(v) +// result := &policyreportv1alpha1.PolicyReportResult{ +// Policy: pv.Spec.Policy, +// Rule: r.Name, +// Message: r.Message, +// } +// rd := &policyreportv1alpha1.ResourceStatus{ +// Resource: &corev1.ObjectReference{ +// Kind: pv.Spec.Kind, +// Namespace: pv.Spec.Namespace, +// APIVersion: pv.Spec.APIVersion, +// Name: pv.Spec.Name, +// }, +// Status: policyreportv1alpha1.PolicyStatus(r.Check), +// } +// result.Resources = append(result.Resources, rd) - if !strings.Contains(strings.Join(ns, ","), v.Resource.GetNamespace()) { - ns = append(ns, n) - } +// if !strings.Contains(strings.Join(ns, ","), v.Resource.GetNamespace()) { +// ns = append(ns, n) +// } - var appname string - if k == constant.Cluster { - appname = fmt.Sprintf("clusterpolicyreport") - } +// var appname string +// if k == constant.Cluster { +// appname = fmt.Sprintf("clusterpolicyreport") +// } - if k == constant.Namespace { - appname = fmt.Sprintf("policyreport-ns-%s", v.Resource.GetNamespace()) - } +// if k == constant.Namespace { +// appname = fmt.Sprintf("policyreport-ns-%s", v.Resource.GetNamespace()) +// } - results[appname] = append(results[appname], *result) - } - } - } - } +// results[appname] = append(results[appname], *result) +// } +// } +// } +// } - for k := range results { - if k == "" { - continue - } - err := createReport(kclient, k, results[k], []string{}, lgr) - if err != nil { - continue - } - } -} +// for k := range results { +// if k == "" { +// continue +// } +// err := createReport(kclient, k, results[k], []string{}, lgr) +// if err != nil { +// continue +// } +// } +// } -func mergeReport(pr *policyreportv1alpha1.PolicyReport, results []policyreportv1alpha1.PolicyReportResult, removePolicy []string) (*policyreportv1alpha1.PolicyReport, string) { - labels := pr.GetLabels() - var action string - if labels["policy-state"] == "init" { - action = "Create" - pr.SetLabels(map[string]string{ - "policy-state": "Process", - }) - } else { - action = "Update" - } - rules := make(map[string]*policyreportv1alpha1.PolicyReportResult, 0) +// func mergeReport(pr *policyreportv1alpha1.PolicyReport, results []policyreportv1alpha1.PolicyReportResult, removePolicy []string) (*policyreportv1alpha1.PolicyReport, string) { +// labels := pr.GetLabels() +// var action string +// if labels["policy-state"] == "init" { +// action = "Create" +// pr.SetLabels(map[string]string{ +// "policy-state": "Process", +// }) +// } else { +// action = "Update" +// } +// rules := make(map[string]*policyreportv1alpha1.PolicyReportResult, 0) - for _, v := range pr.Results { - for _, r := range v.Resources { - key := fmt.Sprintf("%s-%s-%s", v.Policy, v.Rule, pr.GetName()) - if _, ok := rules[key]; ok { - isExist := false - for _, resourceStatus := range rules[key].Resources { - if resourceStatus.Resource.APIVersion == r.Resource.APIVersion && r.Resource.Kind == resourceStatus.Resource.Kind && r.Resource.Namespace == resourceStatus.Resource.Namespace && r.Resource.Name == resourceStatus.Resource.Name { - isExist = true - resourceStatus = r - } - } - if !isExist { - rules[key].Resources = append(rules[key].Resources, r) - } - } else { - rules[key] = &policyreportv1alpha1.PolicyReportResult{ - Policy: v.Policy, - Rule: v.Rule, - Message: v.Message, - // Status: v.Status, - Resources: make([]*policyreportv1alpha1.ResourceStatus, 0), - } +// for _, v := range pr.Results { +// for _, r := range v.Resources { +// key := fmt.Sprintf("%s-%s-%s", v.Policy, v.Rule, pr.GetName()) +// if _, ok := rules[key]; ok { +// isExist := false +// for _, resourceStatus := range rules[key].Resources { +// if resourceStatus.Resource.APIVersion == r.Resource.APIVersion && r.Resource.Kind == resourceStatus.Resource.Kind && r.Resource.Namespace == resourceStatus.Resource.Namespace && r.Resource.Name == resourceStatus.Resource.Name { +// isExist = true +// resourceStatus = r +// } +// } +// if !isExist { +// rules[key].Resources = append(rules[key].Resources, r) +// } +// } else { +// rules[key] = &policyreportv1alpha1.PolicyReportResult{ +// Policy: v.Policy, +// Rule: v.Rule, +// Message: v.Message, +// // Status: v.Status, +// Resources: make([]*policyreportv1alpha1.ResourceStatus, 0), +// } - rules[key].Resources = append(rules[key].Resources, r) - } - } - } - for _, v := range results { - for _, r := range v.Resources { - key := fmt.Sprintf("%s-%s-%s", v.Policy, v.Rule, pr.GetName()) - if _, ok := rules[key]; ok { - isExist := false - for _, resourceStatus := range rules[key].Resources { - if resourceStatus.Resource.APIVersion == r.Resource.APIVersion && r.Resource.Kind == resourceStatus.Resource.Kind && r.Resource.Namespace == resourceStatus.Resource.Namespace && r.Resource.Name == resourceStatus.Resource.Name { - isExist = true - resourceStatus = r - } - } - if !isExist { - rules[key].Resources = append(rules[key].Resources, r) - } - } else { - rules[key] = &policyreportv1alpha1.PolicyReportResult{ - Policy: v.Policy, - Rule: v.Rule, - Message: v.Message, - // Status: v.Status, - Resources: make([]*policyreportv1alpha1.ResourceStatus, 0), - } - rules[key].Resources = append(rules[key].Resources, r) - } - } - } +// rules[key].Resources = append(rules[key].Resources, r) +// } +// } +// } +// for _, v := range results { +// for _, r := range v.Resources { +// key := fmt.Sprintf("%s-%s-%s", v.Policy, v.Rule, pr.GetName()) +// if _, ok := rules[key]; ok { +// isExist := false +// for _, resourceStatus := range rules[key].Resources { +// if resourceStatus.Resource.APIVersion == r.Resource.APIVersion && r.Resource.Kind == resourceStatus.Resource.Kind && r.Resource.Namespace == resourceStatus.Resource.Namespace && r.Resource.Name == resourceStatus.Resource.Name { +// isExist = true +// resourceStatus = r +// } +// } +// if !isExist { +// rules[key].Resources = append(rules[key].Resources, r) +// } +// } else { +// rules[key] = &policyreportv1alpha1.PolicyReportResult{ +// Policy: v.Policy, +// Rule: v.Rule, +// Message: v.Message, +// // Status: v.Status, +// Resources: make([]*policyreportv1alpha1.ResourceStatus, 0), +// } +// rules[key].Resources = append(rules[key].Resources, r) +// } +// } +// } - if len(removePolicy) > 0 { - for _, v := range removePolicy { - for k, r := range rules { - if r.Policy == v { - delete(rules, k) - } - } - } - } - pr.Summary.Pass = 0 - pr.Summary.Fail = 0 - pr.Results = make([]*policyreportv1alpha1.PolicyReportResult, 0) - for k := range rules { - pr.Results = append(pr.Results, rules[k]) - for _, r := range rules[k].Resources { - if string(r.Status) == "Pass" { - pr.Summary.Pass++ - } else { - pr.Summary.Fail++ - } +// if len(removePolicy) > 0 { +// for _, v := range removePolicy { +// for k, r := range rules { +// if r.Policy == v { +// delete(rules, k) +// } +// } +// } +// } +// pr.Summary.Pass = 0 +// pr.Summary.Fail = 0 +// pr.Results = make([]*policyreportv1alpha1.PolicyReportResult, 0) +// for k := range rules { +// pr.Results = append(pr.Results, rules[k]) +// for _, r := range rules[k].Resources { +// if string(r.Status) == "Pass" { +// pr.Summary.Pass++ +// } else { +// pr.Summary.Fail++ +// } - } - } - return pr, action -} +// } +// } +// return pr, action +// } -func mergeClusterReport(pr *policyreportv1alpha1.ClusterPolicyReport, results []policyreportv1alpha1.PolicyReportResult, removePolicy []string) (*policyreportv1alpha1.ClusterPolicyReport, string) { - labels := pr.GetLabels() - var action string - if labels["policy-state"] == "init" { - action = "Create" - pr.SetLabels(map[string]string{ - "policy-state": "Process", - }) - } else { - action = "Update" - } +// func mergeClusterReport(pr *policyreportv1alpha1.ClusterPolicyReport, results []policyreportv1alpha1.PolicyReportResult, removePolicy []string) (*policyreportv1alpha1.ClusterPolicyReport, string) { +// labels := pr.GetLabels() +// var action string +// if labels["policy-state"] == "init" { +// action = "Create" +// pr.SetLabels(map[string]string{ +// "policy-state": "Process", +// }) +// } else { +// action = "Update" +// } - for _, r := range pr.Results { - for _, v := range results { - if r.Policy == v.Policy && r.Rule == v.Rule { - for i, result := range r.Resources { - for k, event := range v.Resources { - if event.Resource.APIVersion == result.Resource.APIVersion && result.Resource.Kind == event.Resource.Kind && result.Resource.Namespace == event.Resource.Namespace && result.Resource.Name == event.Resource.Name { - r.Resources[i] = v.Resources[k] - if string(event.Status) != string(result.Status) { - pr = changeClusterReportCount(string(event.Status), string(result.Status), pr) - } - v.Resources = append(v.Resources[:k], v.Resources[k+1:]...) - break - } - } - for _, resource := range v.Resources { - pr = changeClusterReportCount(string(resource.Status), string(""), pr) - r.Resources = append(r.Resources, resource) - } - } - } - } - } +// for _, r := range pr.Results { +// for _, v := range results { +// if r.Policy == v.Policy && r.Rule == v.Rule { +// for i, result := range r.Resources { +// for k, event := range v.Resources { +// if event.Resource.APIVersion == result.Resource.APIVersion && result.Resource.Kind == event.Resource.Kind && result.Resource.Namespace == event.Resource.Namespace && result.Resource.Name == event.Resource.Name { +// r.Resources[i] = v.Resources[k] +// if string(event.Status) != string(result.Status) { +// pr = changeClusterReportCount(string(event.Status), string(result.Status), pr) +// } +// v.Resources = append(v.Resources[:k], v.Resources[k+1:]...) +// break +// } +// } +// for _, resource := range v.Resources { +// pr = changeClusterReportCount(string(resource.Status), string(""), pr) +// r.Resources = append(r.Resources, resource) +// } +// } +// } +// } +// } - if len(removePolicy) > 0 { - for _, v := range removePolicy { - for i, r := range pr.Results { - if r.Policy == v { - for _, v := range r.Resources { - pr = changeClusterReportCount("", string(v.Status), pr) - } - pr.Results = append(pr.Results[:i], pr.Results[i+1:]...) - } - } - } - } - return pr, action -} +// if len(removePolicy) > 0 { +// for _, v := range removePolicy { +// for i, r := range pr.Results { +// if r.Policy == v { +// for _, v := range r.Resources { +// pr = changeClusterReportCount("", string(v.Status), pr) +// } +// pr.Results = append(pr.Results[:i], pr.Results[i+1:]...) +// } +// } +// } +// } +// return pr, action +// } -func changeClusterReportCount(status, oldStatus string, report *policyreportv1alpha1.ClusterPolicyReport) *policyreportv1alpha1.ClusterPolicyReport { - switch oldStatus { - case "Pass": - if report.Summary.Pass--; report.Summary.Pass < 0 { - report.Summary.Pass = 0 - } - break - case "Fail": - if report.Summary.Fail--; report.Summary.Fail < 0 { - report.Summary.Fail = 0 - } - break - default: - break - } - switch status { - case "Pass": - report.Summary.Pass++ - break - case "Fail": - report.Summary.Fail++ - break - default: - break - } - return report -} +// func changeClusterReportCount(status, oldStatus string, report *policyreportv1alpha1.ClusterPolicyReport) *policyreportv1alpha1.ClusterPolicyReport { +// switch oldStatus { +// case "Pass": +// if report.Summary.Pass--; report.Summary.Pass < 0 { +// report.Summary.Pass = 0 +// } +// break +// case "Fail": +// if report.Summary.Fail--; report.Summary.Fail < 0 { +// report.Summary.Fail = 0 +// } +// break +// default: +// break +// } +// switch status { +// case "Pass": +// report.Summary.Pass++ +// break +// case "Fail": +// report.Summary.Fail++ +// break +// default: +// break +// } +// return report +// } -func initPolicyReport(scope, namespace, name string) *policyreportv1alpha1.PolicyReport { - availablepr := &policyreportv1alpha1.PolicyReport{ - Scope: &corev1.ObjectReference{ - Kind: scope, - Namespace: namespace, - }, - Summary: policyreportv1alpha1.PolicyReportSummary{}, - Results: []*policyreportv1alpha1.PolicyReportResult{}, - } - labelMap := map[string]string{ - "policy-scope": scope, - "policy-state": "init", - } - availablepr.SetName(name) - availablepr.SetNamespace(namespace) - availablepr.SetLabels(labelMap) - return availablepr -} +// func initPolicyReport(scope, namespace, name string) *policyreportv1alpha1.PolicyReport { +// availablepr := &policyreportv1alpha1.PolicyReport{ +// Scope: &corev1.ObjectReference{ +// Kind: scope, +// Namespace: namespace, +// }, +// Summary: policyreportv1alpha1.PolicyReportSummary{}, +// Results: []*policyreportv1alpha1.PolicyReportResult{}, +// } +// labelMap := map[string]string{ +// "policy-scope": scope, +// "policy-state": "init", +// } +// availablepr.SetName(name) +// availablepr.SetNamespace(namespace) +// availablepr.SetLabels(labelMap) +// return availablepr +// } -func initClusterPolicyReport(scope, name string) *policyreportv1alpha1.ClusterPolicyReport { - availablepr := &policyreportv1alpha1.ClusterPolicyReport{ - Scope: &corev1.ObjectReference{ - Kind: scope, - }, - Summary: policyreportv1alpha1.PolicyReportSummary{}, - Results: []*policyreportv1alpha1.PolicyReportResult{}, - } - labelMap := map[string]string{ - "policy-scope": scope, - "policy-state": "init", - } - availablepr.SetName(name) - availablepr.SetLabels(labelMap) - return availablepr -} +// func initClusterPolicyReport(scope, name string) *policyreportv1alpha1.ClusterPolicyReport { +// availablepr := &policyreportv1alpha1.ClusterPolicyReport{ +// Scope: &corev1.ObjectReference{ +// Kind: scope, +// }, +// Summary: policyreportv1alpha1.PolicyReportSummary{}, +// Results: []*policyreportv1alpha1.PolicyReportResult{}, +// } +// labelMap := map[string]string{ +// "policy-scope": scope, +// "policy-state": "init", +// } +// availablepr.SetName(name) +// availablepr.SetLabels(labelMap) +// return availablepr +// } diff --git a/pkg/kyverno/report/namespace.go b/pkg/kyverno/report/namespace.go index 135a463319..c47e98c06a 100644 --- a/pkg/kyverno/report/namespace.go +++ b/pkg/kyverno/report/namespace.go @@ -1,68 +1,71 @@ package report -import ( - "fmt" - "os" - "sync" - "time" +// import ( +// "fmt" +// "os" +// "sync" +// "time" - "github.com/kyverno/kyverno/pkg/common" - "github.com/kyverno/kyverno/pkg/constant" - "github.com/kyverno/kyverno/pkg/utils" - "github.com/spf13/cobra" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/cli-runtime/pkg/genericclioptions" - log "sigs.k8s.io/controller-runtime/pkg/log" -) +// "github.com/kyverno/kyverno/pkg/common" +// "github.com/kyverno/kyverno/pkg/constant" +// client "github.com/kyverno/kyverno/pkg/dclient" +// cliutil "github.com/kyverno/kyverno/pkg/kyverno/common" +// "github.com/spf13/cobra" +// metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// "k8s.io/cli-runtime/pkg/genericclioptions" +// log "sigs.k8s.io/controller-runtime/pkg/log" +// ) -func NamespaceCommand() *cobra.Command { - kubernetesConfig := genericclioptions.NewConfigFlags(true) - var mode, namespace, policy string - cmd := &cobra.Command{ - Use: "namespace", - Short: "generate report for scope namespace", - Example: fmt.Sprintf("To create a namespace report from background scan:\nkyverno report namespace --namespace=defaults \n kyverno report namespace"), - RunE: func(cmd *cobra.Command, args []string) (err error) { - os.Setenv("POLICY-TYPE", common.PolicyReport) - logger := log.Log.WithName("Report") - restConfig, err := kubernetesConfig.ToRESTConfig() - if err != nil { - logger.Error(err, "failed to create rest config of kubernetes cluster ") - os.Exit(1) - } - const resyncPeriod = 1 * time.Second - kubeClient, err := utils.NewKubeClient(restConfig) - if err != nil { - log.Log.Error(err, "Failed to create kubernetes client") - os.Exit(1) - } +// func NamespaceCommand() *cobra.Command { +// var mode, namespace, policy string +// cmd := &cobra.Command{ +// Use: "namespace", +// Short: "generate report for scope namespace", +// Example: fmt.Sprintf("To create a namespace report from background scan:\nkyverno report namespace --namespace=defaults \n kyverno report namespace"), +// RunE: func(cmd *cobra.Command, args []string) (err error) { +// os.Setenv("POLICY-TYPE", common.PolicyReport) +// logger := log.Log.WithName("Report") - var wg sync.WaitGroup - if mode == "cli" { - if namespace != "" { - wg.Add(1) - go backgroundScan(namespace, constant.Namespace, policy, &wg, restConfig, logger) - } else { - ns, err := kubeClient.CoreV1().Namespaces().List(metav1.ListOptions{}) - if err != nil { - os.Exit(1) - } - wg.Add(len(ns.Items)) - for _, n := range ns.Items { - go backgroundScan(n.GetName(), constant.Namespace, policy, &wg, restConfig, logger) - } - } - } else { - wg.Add(1) - go configmapScan(constant.Namespace, &wg, restConfig, logger) - } +// // with cluster +// kubernetesConfig := genericclioptions.NewConfigFlags(true) +// restConfig, err := kubernetesConfig.ToRESTConfig() +// if err != nil { +// return err +// } - wg.Wait() - return nil - }, - } - cmd.Flags().StringVarP(&namespace, "namespace", "n", "", "define specific namespace") - cmd.Flags().StringVarP(&policy, "policy", "p", "", "define specific policy") - cmd.Flags().StringVarP(&mode, "mode", "m", "cli", "mode") - return cmd -} +// dClient, err := client.NewClient(restConfig, 5*time.Minute, make(chan struct{}), log.Log) +// if err != nil { +// return err +// } + +// resources, err := cliutil.GetResources(nil, []string{}, dClient) + +// var wg sync.WaitGroup +// if mode == "cli" { +// if namespace != "" { +// wg.Add(1) +// go backgroundScan(namespace, constant.Namespace, policy, &wg, restConfig, logger) +// } else { +// ns, err := kubeClient.CoreV1().Namespaces().List(metav1.ListOptions{}) +// if err != nil { +// os.Exit(1) +// } +// wg.Add(len(ns.Items)) +// for _, n := range ns.Items { +// go backgroundScan(n.GetName(), constant.Namespace, policy, &wg, restConfig, logger) +// } +// } +// } else { +// wg.Add(1) +// go configmapScan(constant.Namespace, &wg, restConfig, logger) +// } + +// wg.Wait() +// return nil +// }, +// } +// cmd.Flags().StringVarP(&namespace, "namespace", "n", "", "define specific namespace") +// cmd.Flags().StringVarP(&policy, "policy", "p", "", "define specific policy") +// cmd.Flags().StringVarP(&mode, "mode", "m", "cli", "mode") +// return cmd +// }