refactor: make engine stats standard fields (#6301)

* refator: make engine stats standard fields

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

pkg/engine/api/policyresponse.go

@@ -13,8 +13,8 @@ type ValidationFailureActionOverride struct {
 
 // PolicyResponse policy application response
 type PolicyResponse struct {
-	// PolicyStats contains policy statistics
-	PolicyStats
+	// Stats contains policy statistics
+	Stats PolicyStats
 	// Rules contains policy rules responses
 	Rules []RuleResponse
 	// ValidationFailureAction audit (default) or enforce

pkg/engine/api/ruleresponse.go

@@ -33,8 +33,8 @@ type RuleResponse struct {
 	GeneratedResource unstructured.Unstructured
 	// Status rule status
 	Status RuleStatus
-	// ExecutionStats statistics
-	ExecutionStats
+	// Stats contains rule statistics
+	Stats ExecutionStats
 	// PatchedTarget is the patched resource for mutate.targets
 	PatchedTarget *unstructured.Unstructured
 	// PatchedTargetSubresourceName is the name of the subresource which is patched, empty if the resource patched is not a subresource.

pkg/engine/api/ruleresponse_test.go

@@ -15,7 +15,7 @@ func TestRuleResponse_String(t *testing.T) {
 		Patches                        [][]byte
 		GeneratedResource              unstructured.Unstructured
 		Status                         RuleStatus
-		ExecutionStats                 ExecutionStats
+		Stats                          ExecutionStats
 		PatchedTarget                  *unstructured.Unstructured
 		PatchedTargetSubresourceName   string
 		PatchedTargetParentResourceGVR metav1.GroupVersionResource
@@ -63,7 +63,7 @@ func TestRuleResponse_String(t *testing.T) {
 				Patches:                        tt.fields.Patches,
 				GeneratedResource:              tt.fields.GeneratedResource,
 				Status:                         tt.fields.Status,
-				ExecutionStats:                 tt.fields.ExecutionStats,
+				Stats:                          tt.fields.Stats,
 				PatchedTarget:                  tt.fields.PatchedTarget,
 				PatchedTargetSubresourceName:   tt.fields.PatchedTargetSubresourceName,
 				PatchedTargetParentResourceGVR: tt.fields.PatchedTargetParentResourceGVR,
@@ -84,7 +84,7 @@ func TestRuleResponse_HasStatus(t *testing.T) {
 		Patches                        [][]byte
 		GeneratedResource              unstructured.Unstructured
 		Status                         RuleStatus
-		ExecutionStats                 ExecutionStats
+		Stats                          ExecutionStats
 		PatchedTarget                  *unstructured.Unstructured
 		PatchedTargetSubresourceName   string
 		PatchedTargetParentResourceGVR metav1.GroupVersionResource
@@ -145,7 +145,7 @@ func TestRuleResponse_HasStatus(t *testing.T) {
 				Patches:                        tt.fields.Patches,
 				GeneratedResource:              tt.fields.GeneratedResource,
 				Status:                         tt.fields.Status,
-				ExecutionStats:                 tt.fields.ExecutionStats,
+				Stats:                          tt.fields.Stats,
 				PatchedTarget:                  tt.fields.PatchedTarget,
 				PatchedTargetSubresourceName:   tt.fields.PatchedTargetSubresourceName,
 				PatchedTargetParentResourceGVR: tt.fields.PatchedTargetParentResourceGVR,

pkg/engine/background.go

@@ -38,7 +38,7 @@ func (e *engine) filterRules(
 	namespace := newResource.GetNamespace()
 	resp := engineapi.NewEngineResponseFromPolicyContext(policyContext, nil)
 	resp.PolicyResponse = engineapi.PolicyResponse{
-		PolicyStats: engineapi.PolicyStats{
+		Stats: engineapi.PolicyStats{
 			ExecutionStats: engineapi.ExecutionStats{
 				Timestamp: startTime.Unix(),
 			},
@@ -104,7 +104,7 @@ func (e *engine) filterRule(
 					Name:   rule.Name,
 					Type:   ruleType,
 					Status: engineapi.RuleStatusFail,
-					ExecutionStats: engineapi.ExecutionStats{
+					Stats: engineapi.ExecutionStats{
 						ProcessingTime: time.Since(startTime),
 						Timestamp:      startTime.Unix(),
 					},
@@ -149,7 +149,7 @@ func (e *engine) filterRule(
 		Name:   ruleCopy.Name,
 		Type:   ruleType,
 		Status: engineapi.RuleStatusPass,
-		ExecutionStats: engineapi.ExecutionStats{
+		Stats: engineapi.ExecutionStats{
 			ProcessingTime: time.Since(startTime),
 			Timestamp:      startTime.Unix(),
 		},

pkg/engine/generation.go

@@ -33,7 +33,7 @@ func (e *engine) filterGenerateRules(
 	namespace := newResource.GetNamespace()
 	resp := engineapi.NewEngineResponseFromPolicyContext(policyContext, nil)
 	resp.PolicyResponse = engineapi.PolicyResponse{
-		PolicyStats: engineapi.PolicyStats{
+		Stats: engineapi.PolicyStats{
 			ExecutionStats: engineapi.ExecutionStats{
 				Timestamp: startTime.Unix(),
 			},

pkg/engine/imageVerify.go

@@ -30,8 +30,8 @@ func (e *engine) verifyAndPatchImages(
 	defer func() {
 		internal.BuildResponse(policyContext, resp, startTime)
 		logger.V(4).Info("processed image verification rules",
-			"time", resp.PolicyResponse.ProcessingTime.String(),
-			"applied", resp.PolicyResponse.RulesAppliedCount, "successful", resp.IsSuccessful())
+			"time", resp.PolicyResponse.Stats.ProcessingTime.String(),
+			"applied", resp.PolicyResponse.Stats.RulesAppliedCount, "successful", resp.IsSuccessful())
 	}()
 
 	policyContext.JSONContext().Checkpoint()
@@ -124,7 +124,7 @@ func (e *engine) verifyAndPatchImages(
 			},
 		)
 
-		if applyRules == kyvernov1.ApplyOne && resp.PolicyResponse.RulesAppliedCount > 0 {
+		if applyRules == kyvernov1.ApplyOne && resp.PolicyResponse.Stats.RulesAppliedCount > 0 {
 			break
 		}
 	}

pkg/engine/internal/response.go

@@ -33,13 +33,13 @@ func RuleResponse(rule kyvernov1.Rule, ruleType engineapi.RuleType, msg string,
 }
 
 func AddRuleResponse(resp *engineapi.PolicyResponse, ruleResp *engineapi.RuleResponse, startTime time.Time) {
-	ruleResp.ExecutionStats.ProcessingTime = time.Since(startTime)
-	ruleResp.ExecutionStats.Timestamp = startTime.Unix()
+	ruleResp.Stats.ProcessingTime = time.Since(startTime)
+	ruleResp.Stats.Timestamp = startTime.Unix()
 	resp.Rules = append(resp.Rules, *ruleResp)
 	if ruleResp.Status == engineapi.RuleStatusPass || ruleResp.Status == engineapi.RuleStatusFail {
-		resp.RulesAppliedCount++
+		resp.Stats.RulesAppliedCount++
 	} else if ruleResp.Status == engineapi.RuleStatusError {
-		resp.RulesErrorCount++
+		resp.Stats.RulesErrorCount++
 	}
 }
 
@@ -58,7 +58,7 @@ func BuildResponse(ctx engineapi.PolicyContext, resp *engineapi.EngineResponse,
 		newOverrides := engineapi.ValidationFailureActionOverride{Action: v.Action, Namespaces: v.Namespaces, NamespaceSelector: v.NamespaceSelector}
 		resp.PolicyResponse.ValidationFailureActionOverrides = append(resp.PolicyResponse.ValidationFailureActionOverrides, newOverrides)
 	}
-	resp.PolicyResponse.ProcessingTime = time.Since(startTime)
-	resp.PolicyResponse.Timestamp = startTime.Unix()
+	resp.PolicyResponse.Stats.ProcessingTime = time.Since(startTime)
+	resp.PolicyResponse.Stats.Timestamp = startTime.Unix()
 	return resp
 }

pkg/engine/mutate/patch/patchJSON6902.go

@@ -19,9 +19,9 @@ func ProcessPatchJSON6902(ruleName string, patchesJSON6902 []byte, resource unst
 	resp.Name = ruleName
 	resp.Type = engineapi.Mutation
 	defer func() {
-		resp.ExecutionStats.ProcessingTime = time.Since(startTime)
-		resp.ExecutionStats.Timestamp = startTime.Unix()
-		logger.V(4).Info("applied JSON6902 patch", "processingTime", resp.ExecutionStats.ProcessingTime.String())
+		resp.Stats.ProcessingTime = time.Since(startTime)
+		resp.Stats.Timestamp = startTime.Unix()
+		logger.V(4).Info("applied JSON6902 patch", "processingTime", resp.Stats.ProcessingTime.String())
 	}()
 
 	resourceRaw, err := resource.MarshalJSON()

pkg/engine/mutate/patch/strategicMergePatch.go

@@ -23,9 +23,9 @@ func ProcessStrategicMergePatch(ruleName string, overlay interface{}, resource u
 	resp.Type = engineapi.Mutation
 
 	defer func() {
-		resp.ExecutionStats.ProcessingTime = time.Since(startTime)
-		resp.ExecutionStats.Timestamp = startTime.Unix()
-		logger.V(4).Info("finished applying strategicMerge patch", "processingTime", resp.ExecutionStats.ProcessingTime.String())
+		resp.Stats.ProcessingTime = time.Since(startTime)
+		resp.Stats.Timestamp = startTime.Unix()
+		logger.V(4).Info("finished applying strategicMerge patch", "processingTime", resp.Stats.ProcessingTime.String())
 	}()
 
 	overlayBytes, err := json.Marshal(overlay)

pkg/engine/mutation.go

@@ -156,7 +156,7 @@ func (e *engine) mutate(
 				}
 			},
 		)
-		if applyRules == kyvernov1.ApplyOne && resp.PolicyResponse.RulesAppliedCount > 0 {
+		if applyRules == kyvernov1.ApplyOne && resp.PolicyResponse.Stats.RulesAppliedCount > 0 {
 			break
 		}
 	}
@@ -354,7 +354,7 @@ func endMutateResultResponse(logger logr.Logger, resp *engineapi.EngineResponse,
 	if resp == nil {
 		return
 	}
-	resp.PolicyResponse.ProcessingTime = time.Since(startTime)
-	resp.PolicyResponse.Timestamp = startTime.Unix()
-	logger.V(5).Info("finished processing policy", "processingTime", resp.PolicyResponse.ProcessingTime.String(), "mutationRulesApplied", resp.PolicyResponse.RulesAppliedCount)
+	resp.PolicyResponse.Stats.ProcessingTime = time.Since(startTime)
+	resp.PolicyResponse.Stats.Timestamp = startTime.Unix()
+	logger.V(5).Info("finished processing policy", "processingTime", resp.PolicyResponse.Stats.ProcessingTime.String(), "mutationRulesApplied", resp.PolicyResponse.Stats.RulesAppliedCount)
 }

pkg/engine/validation.go

@@ -38,7 +38,7 @@ func (e *engine) validate(
 	startTime := time.Now()
 	logger.V(4).Info("start validate policy processing", "startTime", startTime)
 	policyResponse := e.validateResource(ctx, logger, policyContext)
-	defer logger.V(4).Info("finished policy processing", "processingTime", policyResponse.ProcessingTime.String(), "validationRulesApplied", policyResponse.RulesAppliedCount)
+	defer logger.V(4).Info("finished policy processing", "processingTime", policyResponse.Stats.ProcessingTime.String(), "validationRulesApplied", policyResponse.Stats.RulesAppliedCount)
 	engineResponse := engineapi.NewEngineResponseFromPolicyContext(policyContext, nil)
 	engineResponse.PolicyResponse = *policyResponse
 	return internal.BuildResponse(policyContext, engineResponse, startTime)
@@ -111,9 +111,9 @@ func (e *engine) validateResource(
 		)
 		if ruleResp != nil {
 			internal.AddRuleResponse(resp, ruleResp, startTime)
-			logger.V(4).Info("finished processing rule", "processingTime", ruleResp.ExecutionStats.ProcessingTime.String())
+			logger.V(4).Info("finished processing rule", "processingTime", ruleResp.Stats.ProcessingTime.String())
 		}
-		if applyRules == kyvernov1.ApplyOne && resp.RulesAppliedCount > 0 {
+		if applyRules == kyvernov1.ApplyOne && resp.Stats.RulesAppliedCount > 0 {
 			break
 		}
 	}

pkg/metrics/policyexecutionduration/policyExecutionDuration.go

@@ -58,7 +58,7 @@ func ProcessEngineResponse(ctx context.Context, m metrics.MetricsConfigManager,
 		default:
 			ruleResult = metrics.Fail
 		}
-		ruleExecutionLatencyInSeconds := float64(rule.ExecutionStats.ProcessingTime) / float64(1000*1000*1000)
+		ruleExecutionLatencyInSeconds := float64(rule.Stats.ProcessingTime) / float64(1000*1000*1000)
 		registerPolicyExecutionDurationMetric(
 			ctx,
 			m,

pkg/webhooks/resource/validation_test.go

@@ -1139,8 +1139,8 @@ func Test_RuleSelector(t *testing.T) {
 		context.TODO(),
 		ctx,
 	)
-	assert.Assert(t, resp.PolicyResponse.RulesAppliedCount == 2)
-	assert.Assert(t, resp.PolicyResponse.RulesErrorCount == 0)
+	assert.Assert(t, resp.PolicyResponse.Stats.RulesAppliedCount == 2)
+	assert.Assert(t, resp.PolicyResponse.Stats.RulesErrorCount == 0)
 
 	log := log.WithName("Test_RuleSelector")
 	blocked := webhookutils.BlockRequest([]*engineapi.EngineResponse{resp}, kyvernov1.Fail, log)
@@ -1152,8 +1152,8 @@ func Test_RuleSelector(t *testing.T) {
 		context.TODO(),
 		ctx,
 	)
-	assert.Assert(t, resp.PolicyResponse.RulesAppliedCount == 1)
-	assert.Assert(t, resp.PolicyResponse.RulesErrorCount == 0)
+	assert.Assert(t, resp.PolicyResponse.Stats.RulesAppliedCount == 1)
+	assert.Assert(t, resp.PolicyResponse.Stats.RulesErrorCount == 0)
 
 	blocked = webhookutils.BlockRequest([]*engineapi.EngineResponse{resp}, kyvernov1.Fail, log)
 	assert.Assert(t, blocked == false)