725 changed returned error

2025-03-29 10:55:05 +00:00 · 2020-03-06 17:11:33 +05:30 · 2020-03-06 17:11:33 +05:30 · ffd3487ace
commit ffd3487ace
parent afdbc1ac57
2 changed files with 13 additions and 20 deletions
--- a/pkg/engine/validation.go
+++ b/pkg/engine/validation.go
@ -234,7 +234,8 @@ func validatePatterns(ctx context.EvalInterface, resource unstructured.Unstructu
 				errorStr = append(errorStr, err.Error())
 			}
 			resp.Success = false
-			resp.Message = fmt.Sprintf("Validation rule '%s' failed. %s", rule.Name, errorStr)
+			glog.V(4).Infof("Validation rule '%s' failed. %s", rule.Name, errorStr)
+			resp.Message = fmt.Sprintf("Validation rule '%s' has failed", rule.Name)
 			return resp
 		}
 	}
--- a/pkg/webhooks/common.go
+++ b/pkg/webhooks/common.go
@ -4,6 +4,8 @@ import (
 	"fmt"
 	"strings"

+	yamlv2 "gopkg.in/yaml.v2"
+
 	"github.com/golang/glog"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	"github.com/nirmata/kyverno/pkg/engine/response"
@ -38,34 +40,24 @@ func toBlockResource(engineReponses []response.EngineResponse) bool {

 // getEnforceFailureErrorMsg gets the error messages for failed enforce policy
 func getEnforceFailureErrorMsg(engineReponses []response.EngineResponse) string {
-	var str []string
-	var resourceInfo string
-	var failedPolicies []string
+	policyToRule := make(map[string]interface{})
+	var resourceName string
 	for _, er := range engineReponses {
 		if !er.IsSuccesful() && er.PolicyResponse.ValidationFailureAction == Enforce {
-			failedPolicies = append(failedPolicies, er.PolicyResponse.Policy)
-			resourceInfo = fmt.Sprintf("%s/%s/%s", er.PolicyResponse.Resource.Kind, er.PolicyResponse.Resource.Namespace, er.PolicyResponse.Resource.Name)
-			str = append(str, fmt.Sprintf("failed policy %s", er.PolicyResponse.Policy))
+			ruleToReason := make(map[string]string)
 			for _, rule := range er.PolicyResponse.Rules {
 				if !rule.Success {
-					str = append(str, rule.ToString())
+					ruleToReason[rule.Name] = rule.Message
 				}
 			}
+			resourceName = fmt.Sprintf("%s/%s/%s", er.PolicyResponse.Resource.Kind, er.PolicyResponse.Resource.Namespace, er.PolicyResponse.Resource.Name)
+
+			policyToRule[er.PolicyResponse.Policy] = ruleToReason
 		}
 	}

-	var failureReason string
-	switch {
-	case len(failedPolicies) > 1:
-		failureReason = fmt.Sprintf("Resource %s blocked by policies %s, kindly refer to logs for further details", resourceInfo, strings.Join(failedPolicies, ", "))
-	case len(failedPolicies) == 1:
-		failureReason = fmt.Sprintf("Resource %s blocked by policy %s, kindly refer to logs for further details", resourceInfo, failedPolicies[0])
-	case len(failedPolicies) == 0:
-		failureReason = fmt.Sprintf("Resource %s has been blocked due to internal error, kindly refer to logs for further details", resourceInfo)
-	}
-
-	glog.V(4).Infof("Resource %s %s", resourceInfo, strings.Join(str, ";"))
-	return failureReason
+	result, _ := yamlv2.Marshal(policyToRule)
+	return "\n\nresource " + resourceName + " was blocked due to the following policies\n\n" + string(result)
 }

 // getErrorMsg gets all failed engine response message