From ffd3487ace1a7f4702215f995f0415f192b8c54f Mon Sep 17 00:00:00 2001 From: shravan Date: Fri, 6 Mar 2020 17:11:33 +0530 Subject: [PATCH] 725 changed returned error --- pkg/engine/validation.go | 3 ++- pkg/webhooks/common.go | 30 +++++++++++------------------- 2 files changed, 13 insertions(+), 20 deletions(-) diff --git a/pkg/engine/validation.go b/pkg/engine/validation.go index de05323f87..10e86e084f 100644 --- a/pkg/engine/validation.go +++ b/pkg/engine/validation.go @@ -234,7 +234,8 @@ func validatePatterns(ctx context.EvalInterface, resource unstructured.Unstructu errorStr = append(errorStr, err.Error()) } resp.Success = false - resp.Message = fmt.Sprintf("Validation rule '%s' failed. %s", rule.Name, errorStr) + glog.V(4).Infof("Validation rule '%s' failed. %s", rule.Name, errorStr) + resp.Message = fmt.Sprintf("Validation rule '%s' has failed", rule.Name) return resp } } diff --git a/pkg/webhooks/common.go b/pkg/webhooks/common.go index af3fbbd851..34b1f2c968 100644 --- a/pkg/webhooks/common.go +++ b/pkg/webhooks/common.go @@ -4,6 +4,8 @@ import ( "fmt" "strings" + yamlv2 "gopkg.in/yaml.v2" + "github.com/golang/glog" kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1" "github.com/nirmata/kyverno/pkg/engine/response" @@ -38,34 +40,24 @@ func toBlockResource(engineReponses []response.EngineResponse) bool { // getEnforceFailureErrorMsg gets the error messages for failed enforce policy func getEnforceFailureErrorMsg(engineReponses []response.EngineResponse) string { - var str []string - var resourceInfo string - var failedPolicies []string + policyToRule := make(map[string]interface{}) + var resourceName string for _, er := range engineReponses { if !er.IsSuccesful() && er.PolicyResponse.ValidationFailureAction == Enforce { - failedPolicies = append(failedPolicies, er.PolicyResponse.Policy) - resourceInfo = fmt.Sprintf("%s/%s/%s", er.PolicyResponse.Resource.Kind, er.PolicyResponse.Resource.Namespace, er.PolicyResponse.Resource.Name) - str = append(str, fmt.Sprintf("failed policy %s", er.PolicyResponse.Policy)) + ruleToReason := make(map[string]string) for _, rule := range er.PolicyResponse.Rules { if !rule.Success { - str = append(str, rule.ToString()) + ruleToReason[rule.Name] = rule.Message } } + resourceName = fmt.Sprintf("%s/%s/%s", er.PolicyResponse.Resource.Kind, er.PolicyResponse.Resource.Namespace, er.PolicyResponse.Resource.Name) + + policyToRule[er.PolicyResponse.Policy] = ruleToReason } } - var failureReason string - switch { - case len(failedPolicies) > 1: - failureReason = fmt.Sprintf("Resource %s blocked by policies %s, kindly refer to logs for further details", resourceInfo, strings.Join(failedPolicies, ", ")) - case len(failedPolicies) == 1: - failureReason = fmt.Sprintf("Resource %s blocked by policy %s, kindly refer to logs for further details", resourceInfo, failedPolicies[0]) - case len(failedPolicies) == 0: - failureReason = fmt.Sprintf("Resource %s has been blocked due to internal error, kindly refer to logs for further details", resourceInfo) - } - - glog.V(4).Infof("Resource %s %s", resourceInfo, strings.Join(str, ";")) - return failureReason + result, _ := yamlv2.Marshal(policyToRule) + return "\n\nresource " + resourceName + " was blocked due to the following policies\n\n" + string(result) } // getErrorMsg gets all failed engine response message