mirror of
https://github.com/kyverno/policy-reporter.git
synced 2024-12-14 11:57:32 +00:00
Update Resource / Result mapping (#35)
* Update Resource / Result mapping * Update Chart.lock
This commit is contained in:
Frank Jogeleit
GitHub
parent
5a2ba03974
commit
6e15981494
27 changed files with 230 additions and 235 deletions
|
|
@ -1,5 +1,10 @@
|
|||
# Changelog
|
||||
|
||||
# 1.5.0
|
||||
* Support multiple Resources for a single Result
|
||||
* Mapping Result with multiple Resources in multiple Results with a single Resource
|
||||
* Upate UI handling with Results without Resources
|
||||
|
||||
# 1.4.1
|
||||
* Update Kyverno Plugin
|
||||
* Fix Rule Type mapping
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@ dependencies:
|
|||
version: 1.1.0
|
||||
- name: ui
|
||||
repository: ""
|
||||
version: 1.4.1
|
||||
version: 1.5.0
|
||||
- name: kyvernoPlugin
|
||||
repository: ""
|
||||
version: 0.1.1
|
||||
digest: sha256:3226034a9bc29036b7c4646edbc51793fe868a76e71ab73271c93ab1de6bf04d
|
||||
generated: "2021-05-08T12:08:38.853438+02:00"
|
||||
digest: sha256:a80a1c39cbd48116dca9d4d70da23d00456c4e523914a176355c36f0d73ecd1b
|
||||
generated: "2021-05-12T10:32:58.510553+02:00"
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ description: |
|
|||
It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
|
||||
|
||||
type: application
|
||||
version: 1.4.1
|
||||
appVersion: 1.3.4
|
||||
version: 1.5.0
|
||||
appVersion: 1.5.0
|
||||
|
||||
dependencies:
|
||||
- name: monitoring
|
||||
|
|
@ -16,7 +16,7 @@ dependencies:
|
|||
- name: ui
|
||||
condition: ui.enabled
|
||||
repository: ""
|
||||
version: "1.4.1"
|
||||
version: "1.5.0"
|
||||
- name: kyvernoPlugin
|
||||
condition: kyvernoPlugin.enabled
|
||||
repository: ""
|
||||
|
|
|
|||
|
|
@ -3,5 +3,5 @@ name: ui
|
|||
description: Policy Reporter UI
|
||||
|
||||
type: application
|
||||
version: 1.4.1
|
||||
appVersion: 0.10.1
|
||||
version: 1.5.0
|
||||
appVersion: 0.10.2
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ plugins:
|
|||
image:
|
||||
repository: fjogeleit/policy-reporter-ui
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 0.10.1
|
||||
tag: 0.10.2
|
||||
|
||||
imagePullSecrets: []
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
image:
|
||||
repository: fjogeleit/policy-reporter
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.3.4
|
||||
tag: 1.5.0
|
||||
|
||||
imagePullSecrets: []
|
||||
|
||||
|
|
|
|||
|
|
@ -91,14 +91,12 @@ func Test_PolicyReportAPI(t *testing.T) {
|
|||
Status: report.Fail,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "test",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "test",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -164,13 +162,11 @@ func Test_ClusterPolicyReportAPI(t *testing.T) {
|
|||
Status: report.Fail,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Namespace",
|
||||
Name: "dev",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Namespace",
|
||||
Name: "dev",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,15 +18,15 @@ type Resource struct {
|
|||
|
||||
// Result API Model
|
||||
type Result struct {
|
||||
Message string `json:"message"`
|
||||
Policy string `json:"policy"`
|
||||
Rule string `json:"rule"`
|
||||
Priority string `json:"priority"`
|
||||
Status string `json:"status"`
|
||||
Severity string `json:"severity,omitempty"`
|
||||
Category string `json:"category,omitempty"`
|
||||
Scored bool `json:"scored"`
|
||||
Resource Resource `json:"resource"`
|
||||
Message string `json:"message"`
|
||||
Policy string `json:"policy"`
|
||||
Rule string `json:"rule"`
|
||||
Priority string `json:"priority"`
|
||||
Status string `json:"status"`
|
||||
Severity string `json:"severity,omitempty"`
|
||||
Category string `json:"category,omitempty"`
|
||||
Scored bool `json:"scored"`
|
||||
Resource *Resource `json:"resource,omitempty"`
|
||||
}
|
||||
|
||||
// Summary API Model
|
||||
|
|
@ -59,8 +59,7 @@ func mapPolicyReport(p report.PolicyReport) PolicyReport {
|
|||
results := make([]Result, 0, len(p.Results))
|
||||
|
||||
for _, r := range p.Results {
|
||||
|
||||
results = append(results, Result{
|
||||
result := Result{
|
||||
Message: r.Message,
|
||||
Policy: r.Policy,
|
||||
Rule: r.Rule,
|
||||
|
|
@ -69,14 +68,19 @@ func mapPolicyReport(p report.PolicyReport) PolicyReport {
|
|||
Severity: r.Severity,
|
||||
Category: r.Category,
|
||||
Scored: r.Scored,
|
||||
Resource: Resource{
|
||||
Namespace: r.Resources[0].Namespace,
|
||||
APIVersion: r.Resources[0].APIVersion,
|
||||
Kind: r.Resources[0].Kind,
|
||||
Name: r.Resources[0].Name,
|
||||
UID: r.Resources[0].UID,
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
if r.HasResource() {
|
||||
result.Resource = &Resource{
|
||||
Namespace: r.Resource.Namespace,
|
||||
APIVersion: r.Resource.APIVersion,
|
||||
Kind: r.Resource.Kind,
|
||||
Name: r.Resource.Name,
|
||||
UID: r.Resource.UID,
|
||||
}
|
||||
}
|
||||
|
||||
results = append(results, result)
|
||||
}
|
||||
|
||||
return PolicyReport{
|
||||
|
|
@ -98,7 +102,7 @@ func mapClusterPolicyReport(c report.ClusterPolicyReport) ClusterPolicyReport {
|
|||
results := make([]Result, 0, len(c.Results))
|
||||
|
||||
for _, r := range c.Results {
|
||||
results = append(results, Result{
|
||||
result := Result{
|
||||
Message: r.Message,
|
||||
Policy: r.Policy,
|
||||
Rule: r.Rule,
|
||||
|
|
@ -107,14 +111,19 @@ func mapClusterPolicyReport(c report.ClusterPolicyReport) ClusterPolicyReport {
|
|||
Severity: r.Severity,
|
||||
Category: r.Category,
|
||||
Scored: r.Scored,
|
||||
Resource: Resource{
|
||||
Namespace: r.Resources[0].Namespace,
|
||||
APIVersion: r.Resources[0].APIVersion,
|
||||
Kind: r.Resources[0].Kind,
|
||||
Name: r.Resources[0].Name,
|
||||
UID: r.Resources[0].UID,
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
if r.HasResource() {
|
||||
result.Resource = &Resource{
|
||||
Namespace: r.Resource.Namespace,
|
||||
APIVersion: r.Resource.APIVersion,
|
||||
Kind: r.Resource.Kind,
|
||||
Name: r.Resource.Name,
|
||||
UID: r.Resource.UID,
|
||||
}
|
||||
}
|
||||
|
||||
results = append(results, result)
|
||||
}
|
||||
|
||||
return ClusterPolicyReport{
|
||||
|
|
|
|||
|
|
@ -57,8 +57,10 @@ func (m *mapper) MapPolicyReport(reportMap map[string]interface{}) report.Policy
|
|||
|
||||
if rs, ok := reportMap["results"].([]interface{}); ok {
|
||||
for _, resultItem := range rs {
|
||||
res := m.mapResult(resultItem.(map[string]interface{}))
|
||||
r.Results[res.GetIdentifier()] = res
|
||||
resources := m.mapResult(resultItem.(map[string]interface{}))
|
||||
for _, resource := range resources {
|
||||
r.Results[resource.GetIdentifier()] = resource
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -91,8 +93,10 @@ func (m *mapper) MapClusterPolicyReport(reportMap map[string]interface{}) report
|
|||
|
||||
if rs, ok := reportMap["results"].([]interface{}); ok {
|
||||
for _, resultItem := range rs {
|
||||
res := m.mapResult(resultItem.(map[string]interface{}))
|
||||
r.Results[res.GetIdentifier()] = res
|
||||
resources := m.mapResult(resultItem.(map[string]interface{}))
|
||||
for _, resource := range resources {
|
||||
r.Results[resource.GetIdentifier()] = resource
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -115,7 +119,7 @@ func (m *mapper) mapCreationTime(result map[string]interface{}) (time.Time, erro
|
|||
return time.Time{}, errors.New("No metadata provided")
|
||||
}
|
||||
|
||||
func (m *mapper) mapResult(result map[string]interface{}) report.Result {
|
||||
func (m *mapper) mapResult(result map[string]interface{}) []report.Result {
|
||||
var resources []report.Resource
|
||||
|
||||
if ress, ok := result["resources"].([]interface{}); ok {
|
||||
|
|
@ -146,43 +150,57 @@ func (m *mapper) mapResult(result map[string]interface{}) report.Result {
|
|||
status = r.(report.Status)
|
||||
}
|
||||
|
||||
r := report.Result{
|
||||
Message: result["message"].(string),
|
||||
Policy: result["policy"].(string),
|
||||
Status: status,
|
||||
Scored: result["scored"].(bool),
|
||||
Priority: report.PriorityFromStatus(status),
|
||||
Resources: resources,
|
||||
Properties: make(map[string]string, 0),
|
||||
}
|
||||
var results = []report.Result{}
|
||||
|
||||
if severity, ok := result["severity"]; ok {
|
||||
r.Severity = severity.(report.Severity)
|
||||
}
|
||||
factory := func(res report.Resource) report.Result {
|
||||
r := report.Result{
|
||||
Message: result["message"].(string),
|
||||
Policy: result["policy"].(string),
|
||||
Status: status,
|
||||
Scored: result["scored"].(bool),
|
||||
Priority: report.PriorityFromStatus(status),
|
||||
Resource: res,
|
||||
Properties: make(map[string]string, 0),
|
||||
}
|
||||
|
||||
if r.Status == report.Error || r.Status == report.Fail {
|
||||
r.Priority = m.resolvePriority(r.Policy, r.Severity)
|
||||
}
|
||||
if severity, ok := result["severity"]; ok {
|
||||
r.Severity = severity.(report.Severity)
|
||||
}
|
||||
|
||||
if rule, ok := result["rule"]; ok {
|
||||
r.Rule = rule.(string)
|
||||
}
|
||||
if r.Status == report.Error || r.Status == report.Fail {
|
||||
r.Priority = m.resolvePriority(r.Policy, r.Severity)
|
||||
}
|
||||
|
||||
if category, ok := result["category"]; ok {
|
||||
r.Category = category.(string)
|
||||
}
|
||||
if rule, ok := result["rule"]; ok {
|
||||
r.Rule = rule.(string)
|
||||
}
|
||||
|
||||
r.Timestamp = convertTimestamp(result)
|
||||
if category, ok := result["category"]; ok {
|
||||
r.Category = category.(string)
|
||||
}
|
||||
|
||||
if props, ok := result["properties"]; ok {
|
||||
if properties, ok := props.(map[string]interface{}); ok {
|
||||
for property, value := range properties {
|
||||
r.Properties[property] = value.(string)
|
||||
r.Timestamp = convertTimestamp(result)
|
||||
|
||||
if props, ok := result["properties"]; ok {
|
||||
if properties, ok := props.(map[string]interface{}); ok {
|
||||
for property, value := range properties {
|
||||
r.Properties[property] = value.(string)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return r
|
||||
}
|
||||
|
||||
return r
|
||||
for _, resource := range resources {
|
||||
results = append(results, factory(resource))
|
||||
}
|
||||
|
||||
if len(results) == 0 {
|
||||
results = append(results, factory(report.Resource{}))
|
||||
}
|
||||
|
||||
return results
|
||||
}
|
||||
|
||||
func convertTimestamp(result map[string]interface{}) time.Time {
|
||||
|
|
|
|||
|
|
@ -180,7 +180,7 @@ func Test_MapPolicyReport(t *testing.T) {
|
|||
t.Errorf("Expected Property '1.2.0' (acutal %s)", result1.Properties["version"])
|
||||
}
|
||||
|
||||
resource := result1.Resources[0]
|
||||
resource := result1.Resource
|
||||
if resource.APIVersion != "v1" {
|
||||
t.Errorf("Expected Resource.APIVersion 'v1' (acutal %s)", resource.APIVersion)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,11 +66,9 @@ func generateClusterResultLabels(report report.ClusterPolicyReport, result repor
|
|||
"category": result.Category,
|
||||
}
|
||||
|
||||
if len(result.Resources) > 0 {
|
||||
res := result.Resources[0]
|
||||
|
||||
labels["kind"] = res.Kind
|
||||
labels["name"] = res.Name
|
||||
if result.HasResource() {
|
||||
labels["kind"] = result.Resource.Kind
|
||||
labels["name"] = result.Resource.Name
|
||||
}
|
||||
|
||||
return labels
|
||||
|
|
|
|||
|
|
@ -21,13 +21,11 @@ var cresult1 = report.Result{
|
|||
Severity: report.High,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Namespace",
|
||||
Name: "dev",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Namespace",
|
||||
Name: "dev",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -39,13 +37,11 @@ var cresult2 = report.Result{
|
|||
Status: report.Pass,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Namespace",
|
||||
Name: "stage",
|
||||
UID: "532ab69f-1b3c-4bd9-9ba4-274a56188419",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Namespace",
|
||||
Name: "stage",
|
||||
UID: "532ab69f-1b3c-4bd9-9ba4-274a56188419",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -224,14 +220,14 @@ func testClusterResultMetricLabels(metric *io_prometheus_client.Metric, result r
|
|||
if name := *metric.Label[1].Name; name != "kind" {
|
||||
return fmt.Errorf("Unexpected Name Label: %s", name)
|
||||
}
|
||||
if value := *metric.Label[1].Value; value != result.Resources[0].Kind {
|
||||
if value := *metric.Label[1].Value; value != result.Resource.Kind {
|
||||
return fmt.Errorf("Unexpected Kind Label Value: %s", value)
|
||||
}
|
||||
|
||||
if name := *metric.Label[2].Name; name != "name" {
|
||||
return fmt.Errorf("Unexpected Name Label: %s", name)
|
||||
}
|
||||
if value := *metric.Label[2].Value; value != result.Resources[0].Name {
|
||||
if value := *metric.Label[2].Value; value != result.Resource.Name {
|
||||
return fmt.Errorf("Unexpected Name Label Value: %s", value)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -67,11 +67,9 @@ func generateResultLabels(report report.PolicyReport, result report.Result) prom
|
|||
"category": result.Category,
|
||||
}
|
||||
|
||||
if len(result.Resources) > 0 {
|
||||
res := result.Resources[0]
|
||||
|
||||
labels["kind"] = res.Kind
|
||||
labels["name"] = res.Name
|
||||
if result.HasResource() {
|
||||
labels["kind"] = result.Resource.Kind
|
||||
labels["name"] = result.Resource.Name
|
||||
}
|
||||
|
||||
return labels
|
||||
|
|
|
|||
|
|
@ -21,14 +21,12 @@ var result1 = report.Result{
|
|||
Severity: report.High,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "test",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "test",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -40,14 +38,12 @@ var result2 = report.Result{
|
|||
Status: report.Pass,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "test",
|
||||
UID: "535ab69f-1b3c-4bd9-9ba4-274a56188419",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "test",
|
||||
UID: "535ab69f-1b3c-4bd9-9ba4-274a56188419",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -233,21 +229,21 @@ func testResultMetricLabels(metric *io_prometheus_client.Metric, result report.R
|
|||
if name := *metric.Label[1].Name; name != "kind" {
|
||||
return fmt.Errorf("Unexpected Name Label: %s", name)
|
||||
}
|
||||
if value := *metric.Label[1].Value; value != result.Resources[0].Kind {
|
||||
if value := *metric.Label[1].Value; value != result.Resource.Kind {
|
||||
return fmt.Errorf("Unexpected Kind Label Value: %s", value)
|
||||
}
|
||||
|
||||
if name := *metric.Label[2].Name; name != "name" {
|
||||
return fmt.Errorf("Unexpected Name Label: %s", name)
|
||||
}
|
||||
if value := *metric.Label[2].Value; value != result.Resources[0].Name {
|
||||
if value := *metric.Label[2].Value; value != result.Resource.Name {
|
||||
return fmt.Errorf("Unexpected Name Label Value: %s", value)
|
||||
}
|
||||
|
||||
if name := *metric.Label[3].Name; name != "namespace" {
|
||||
return fmt.Errorf("Unexpected Name Label: %s", name)
|
||||
}
|
||||
if value := *metric.Label[3].Value; value != result.Resources[0].Namespace {
|
||||
if value := *metric.Label[3].Value; value != result.Resource.Namespace {
|
||||
return fmt.Errorf("Unexpected Namespace Label Value: %s", value)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -142,20 +142,25 @@ type Result struct {
|
|||
Category string `json:",omitempty"`
|
||||
Scored bool
|
||||
Timestamp time.Time
|
||||
Resources []Resource
|
||||
Resource Resource
|
||||
Properties map[string]string
|
||||
}
|
||||
|
||||
// GetIdentifier returns a global unique Result identifier
|
||||
func (r Result) GetIdentifier() string {
|
||||
suffix := ""
|
||||
if len(r.Resources) > 0 {
|
||||
suffix = "__" + r.Resources[0].UID
|
||||
if r.Resource.UID != "" {
|
||||
suffix = "__" + r.Resource.UID
|
||||
}
|
||||
|
||||
return fmt.Sprintf("%s__%s__%s%s", r.Policy, r.Rule, r.Status, suffix)
|
||||
}
|
||||
|
||||
// HasResource checks if the result has an valid Resource
|
||||
func (r Result) HasResource() bool {
|
||||
return r.Resource.UID != ""
|
||||
}
|
||||
|
||||
// Summary from the PolicyReport spec wgpolicyk8s.io/v1alpha1.PolicyReportSummary
|
||||
type Summary struct {
|
||||
Pass int
|
||||
|
|
|
|||
|
|
@ -17,14 +17,12 @@ var result1 = report.Result{
|
|||
Category: "resources",
|
||||
Severity: report.High,
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "test",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "test",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -36,14 +34,12 @@ var result2 = report.Result{
|
|||
Status: report.Fail,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "test",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188419",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "test",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188419",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -152,7 +148,7 @@ func Test_ClusterPolicyReport(t *testing.T) {
|
|||
|
||||
func Test_Result(t *testing.T) {
|
||||
t.Run("Check Result.GetIdentifier", func(t *testing.T) {
|
||||
expected := fmt.Sprintf("%s__%s__%s__%s", result1.Policy, result1.Rule, result1.Status, result1.Resources[0].UID)
|
||||
expected := fmt.Sprintf("%s__%s__%s__%s", result1.Policy, result1.Rule, result1.Status, result1.Resource.UID)
|
||||
|
||||
if result1.GetIdentifier() != expected {
|
||||
t.Errorf("Expected ClusterPolicyReport.GetIdentifier() to be %s (actual: %s)", expected, creport.GetIdentifier())
|
||||
|
|
|
|||
|
|
@ -61,18 +61,14 @@ func newPayload(result report.Result) payload {
|
|||
if result.Severity != "" {
|
||||
embedFields = append(embedFields, embedField{"Severity", result.Severity, true})
|
||||
}
|
||||
res := report.Resource{}
|
||||
|
||||
if len(result.Resources) > 0 {
|
||||
res = result.Resources[0]
|
||||
}
|
||||
if res.Kind != "" {
|
||||
embedFields = append(embedFields, embedField{"Kind", res.Kind, true})
|
||||
embedFields = append(embedFields, embedField{"Name", res.Name, true})
|
||||
if res.Namespace != "" {
|
||||
embedFields = append(embedFields, embedField{"Namespace", res.Namespace, true})
|
||||
if result.HasResource() {
|
||||
embedFields = append(embedFields, embedField{"Kind", result.Resource.Kind, true})
|
||||
embedFields = append(embedFields, embedField{"Name", result.Resource.Name, true})
|
||||
if result.Resource.Namespace != "" {
|
||||
embedFields = append(embedFields, embedField{"Namespace", result.Resource.Namespace, true})
|
||||
}
|
||||
embedFields = append(embedFields, embedField{"API Version", res.APIVersion, true})
|
||||
embedFields = append(embedFields, embedField{"API Version", result.Resource.APIVersion, true})
|
||||
}
|
||||
|
||||
for property, value := range result.Properties {
|
||||
|
|
|
|||
|
|
@ -19,14 +19,12 @@ var completeResult = report.Result{
|
|||
Severity: report.High,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Properties: map[string]string{"version": "1.2.0"},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,14 +19,12 @@ var completeResult = report.Result{
|
|||
Severity: report.High,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Properties: map[string]string{"version": "1.2.0"},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,12 +40,6 @@ func newLokiPayload(result report.Result) payload {
|
|||
le := entry{Ts: timestamp.Format(time.RFC3339), Line: "[" + strings.ToUpper(result.Priority.String()) + "] " + result.Message}
|
||||
ls := stream{Entries: []entry{le}}
|
||||
|
||||
res := report.Resource{}
|
||||
|
||||
if len(result.Resources) > 0 {
|
||||
res = result.Resources[0]
|
||||
}
|
||||
|
||||
var labels = []string{
|
||||
"status=\"" + result.Status + "\"",
|
||||
"policy=\"" + result.Policy + "\"",
|
||||
|
|
@ -62,12 +56,12 @@ func newLokiPayload(result report.Result) payload {
|
|||
if result.Severity != "" {
|
||||
labels = append(labels, "severity=\""+result.Severity+"\"")
|
||||
}
|
||||
if res.Kind != "" {
|
||||
labels = append(labels, "kind=\""+res.Kind+"\"")
|
||||
labels = append(labels, "name=\""+res.Name+"\"")
|
||||
labels = append(labels, "apiVersion=\""+res.APIVersion+"\"")
|
||||
labels = append(labels, "uid=\""+res.UID+"\"")
|
||||
labels = append(labels, "namespace=\""+res.Namespace+"\"")
|
||||
if result.HasResource() {
|
||||
labels = append(labels, "kind=\""+result.Resource.Kind+"\"")
|
||||
labels = append(labels, "name=\""+result.Resource.Name+"\"")
|
||||
labels = append(labels, "apiVersion=\""+result.Resource.APIVersion+"\"")
|
||||
labels = append(labels, "uid=\""+result.Resource.UID+"\"")
|
||||
labels = append(labels, "namespace=\""+result.Resource.Namespace+"\"")
|
||||
}
|
||||
|
||||
for property, value := range result.Properties {
|
||||
|
|
|
|||
|
|
@ -22,14 +22,12 @@ var completeResult = report.Result{
|
|||
Severity: report.High,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Properties: map[string]string{"version": "1.2.0"},
|
||||
}
|
||||
|
|
@ -97,7 +95,7 @@ func Test_LokiTarget(t *testing.T) {
|
|||
t.Error("Missing Content for Label 'severity'")
|
||||
}
|
||||
|
||||
res := completeResult.Resources[0]
|
||||
res := completeResult.Resource
|
||||
if !strings.Contains(labels, "kind=\""+res.Kind+"\"") {
|
||||
t.Error("Missing Content for Label 'kind'")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -120,11 +120,11 @@ func (s *client) newPayload(result report.Result) payload {
|
|||
}
|
||||
|
||||
res := report.Resource{}
|
||||
|
||||
if len(result.Resources) > 0 {
|
||||
res = result.Resources[0]
|
||||
if result.Resource.UID != "" {
|
||||
res = result.Resource
|
||||
}
|
||||
if res.Kind != "" {
|
||||
|
||||
if res.UID != "" {
|
||||
att.Blocks = append(
|
||||
att.Blocks,
|
||||
block{Type: "section", Text: &text{Type: "mrkdwn", Text: "*Resource*"}},
|
||||
|
|
|
|||
|
|
@ -19,14 +19,12 @@ var completeResult = report.Result{
|
|||
Severity: report.High,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Properties: map[string]string{"version": "1.2.0"},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -72,11 +72,11 @@ func newPayload(result report.Result) payload {
|
|||
facts = append(facts, fact{"Severity", result.Severity})
|
||||
}
|
||||
res := report.Resource{}
|
||||
|
||||
if len(result.Resources) > 0 {
|
||||
res = result.Resources[0]
|
||||
if result.Resource.UID != "" {
|
||||
res = result.Resource
|
||||
}
|
||||
if res.Kind != "" {
|
||||
|
||||
if res.UID != "" {
|
||||
facts = append(facts, fact{"Kind", res.Kind})
|
||||
facts = append(facts, fact{"Name", res.Name})
|
||||
facts = append(facts, fact{"UID", res.UID})
|
||||
|
|
|
|||
|
|
@ -20,14 +20,12 @@ var completeResult = report.Result{
|
|||
Timestamp: time.Date(2021, time.February, 23, 15, 10, 0, 0, time.UTC),
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Properties: map[string]string{"version": "1.2.0"},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -55,11 +55,11 @@ func newPayload(r report.Result) result {
|
|||
Category: r.Category,
|
||||
Scored: r.Scored,
|
||||
Resource: resource{
|
||||
Namespace: r.Resources[0].Namespace,
|
||||
APIVersion: r.Resources[0].APIVersion,
|
||||
Kind: r.Resources[0].Kind,
|
||||
Name: r.Resources[0].Name,
|
||||
UID: r.Resources[0].UID,
|
||||
Namespace: r.Resource.Namespace,
|
||||
APIVersion: r.Resource.APIVersion,
|
||||
Kind: r.Resource.Kind,
|
||||
Name: r.Resource.Name,
|
||||
UID: r.Resource.UID,
|
||||
},
|
||||
CreationTimestamp: time.Now(),
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,14 +17,12 @@ var completeResult = report.Result{
|
|||
Severity: report.High,
|
||||
Category: "resources",
|
||||
Scored: true,
|
||||
Resources: []report.Resource{
|
||||
{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
Resource: report.Resource{
|
||||
APIVersion: "v1",
|
||||
Kind: "Deployment",
|
||||
Name: "nginx",
|
||||
Namespace: "default",
|
||||
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue