mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
100 lines
3.7 KiB
Go
100 lines
3.7 KiB
Go
package policyresults
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
|
|
"github.com/kyverno/kyverno/pkg/engine/response"
|
|
"github.com/kyverno/kyverno/pkg/metrics"
|
|
prom "github.com/prometheus/client_golang/prometheus"
|
|
)
|
|
|
|
func (pc PromConfig) registerPolicyResultsMetric(
|
|
policyValidationMode metrics.PolicyValidationMode,
|
|
policyType metrics.PolicyType,
|
|
policyBackgroundMode metrics.PolicyBackgroundMode,
|
|
policyNamespace, policyName string,
|
|
resourceKind, resourceNamespace string,
|
|
resourceRequestOperation metrics.ResourceRequestOperation,
|
|
ruleName string,
|
|
ruleResult metrics.RuleResult,
|
|
ruleType metrics.RuleType,
|
|
ruleExecutionCause metrics.RuleExecutionCause,
|
|
) error {
|
|
if policyType == metrics.Cluster {
|
|
policyNamespace = "-"
|
|
}
|
|
includeNamespaces, excludeNamespaces := pc.Config.GetIncludeNamespaces(), pc.Config.GetExcludeNamespaces()
|
|
if (resourceNamespace != "" && resourceNamespace != "-") && metrics.ElementInSlice(resourceNamespace, excludeNamespaces) {
|
|
pc.Log.Info(fmt.Sprintf("Skipping the registration of kyverno_policy_results_total metric as the operation belongs to the namespace '%s' which is one of 'namespaces.exclude' %+v in values.yaml", resourceNamespace, excludeNamespaces))
|
|
return nil
|
|
}
|
|
if (resourceNamespace != "" && resourceNamespace != "-") && len(includeNamespaces) > 0 && !metrics.ElementInSlice(resourceNamespace, includeNamespaces) {
|
|
pc.Log.Info(fmt.Sprintf("Skipping the registration of kyverno_policy_results_total metric as the operation belongs to the namespace '%s' which is not one of 'namespaces.include' %+v in values.yaml", resourceNamespace, includeNamespaces))
|
|
return nil
|
|
}
|
|
pc.Metrics.PolicyResults.With(prom.Labels{
|
|
"policy_validation_mode": string(policyValidationMode),
|
|
"policy_type": string(policyType),
|
|
"policy_background_mode": string(policyBackgroundMode),
|
|
"policy_namespace": policyNamespace,
|
|
"policy_name": policyName,
|
|
"resource_kind": resourceKind,
|
|
"resource_namespace": resourceNamespace,
|
|
"resource_request_operation": string(resourceRequestOperation),
|
|
"rule_name": ruleName,
|
|
"rule_result": string(ruleResult),
|
|
"rule_type": string(ruleType),
|
|
"rule_execution_cause": string(ruleExecutionCause),
|
|
}).Inc()
|
|
return nil
|
|
}
|
|
|
|
//policy - policy related data
|
|
//engineResponse - resource and rule related data
|
|
func (pc PromConfig) ProcessEngineResponse(policy kyverno.ClusterPolicy, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, resourceRequestOperation metrics.ResourceRequestOperation) error {
|
|
policyValidationMode, err := metrics.ParsePolicyValidationMode(policy.Spec.ValidationFailureAction)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
policyType := metrics.Namespaced
|
|
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(policy.Spec.Background)
|
|
policyNamespace := policy.ObjectMeta.Namespace
|
|
if policyNamespace == "" {
|
|
policyNamespace = "-"
|
|
policyType = metrics.Cluster
|
|
}
|
|
policyName := policy.ObjectMeta.Name
|
|
|
|
resourceSpec := engineResponse.PolicyResponse.Resource
|
|
|
|
resourceKind := resourceSpec.Kind
|
|
resourceNamespace := resourceSpec.Namespace
|
|
|
|
ruleResponses := engineResponse.PolicyResponse.Rules
|
|
|
|
for _, rule := range ruleResponses {
|
|
ruleName := rule.Name
|
|
ruleType := ParseRuleTypeFromEngineRuleResponse(rule)
|
|
ruleResult := metrics.Fail
|
|
if rule.Success {
|
|
ruleResult = metrics.Pass
|
|
}
|
|
|
|
if err := pc.registerPolicyResultsMetric(
|
|
policyValidationMode,
|
|
policyType,
|
|
policyBackgroundMode,
|
|
policyNamespace, policyName,
|
|
resourceKind, resourceNamespace,
|
|
resourceRequestOperation,
|
|
ruleName,
|
|
ruleResult,
|
|
ruleType,
|
|
executionCause,
|
|
); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|