Add new severities and update Chart

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
2024-12-14 11:57:32 +00:00 · 2022-08-25 13:23:03 +02:00 · 2022-08-25 13:23:03 +02:00 · cabeee1c4a
commit cabeee1c4a
parent 2a6ee78e80
22 changed files with 90 additions and 45 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,16 @@
 # Changelog

+# 2.11.2
+* Policy Reporter
+    * Add new Severity values `info` and `critical`
+    * Update PolicyReport ID generierung
+* Policy Reporter UI
+    * Fix Grouping by Policy and Categories
+    * Fix ReverseProxy RequestHost
+    * New configuration `ui.clusterName` which is used in the ClusterSelect, if you configure additional Clusters
+* Policy Reporter Kyverno Plugin
+    * Add `time` property to PolicyReportResults
+
 # 2.11.1
 * Policy Reporter
    * Fix `CronJob` Resources by [[#157](https://github.com/kyverno/policy-reporter/pull/178) by [MaxRink](https://github.com/MaxRink)]
--- a/2
+++ b/2
@ -1,7 +1,7 @@
 GO ?= go
 BUILD ?= build
 REPO ?= ghcr.io/kyverno/policy-reporter
-IMAGE_TAG ?= 2.8.0
+IMAGE_TAG ?= 2.8.1
 LD_FLAGS='-s -w -linkmode external -extldflags "-static"'
 PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x

--- a/charts/policy-reporter/Chart.lock
+++ b/charts/policy-reporter/Chart.lock
@ -4,9 +4,9 @@ dependencies:
  version: 2.4.0
 - name: ui
  repository: ""
-  version: 2.6.0
+  version: 2.6.1
 - name: kyvernoPlugin
  repository: ""
-  version: 1.4.0
-digest: sha256:028e4f27759ec84c5d465416c26930fc31478fe26dbdc283a713c283433b4a26
-generated: "2022-07-25T12:52:39.651749+02:00"
+  version: 1.4.1
+digest: sha256:92164e3f1a82a55d8bd105a0ef84538ea13ac7c3055f54f2242967b15889302b
+generated: "2022-08-25T12:53:24.020306+02:00"
--- a/charts/policy-reporter/Chart.yaml
+++ b/charts/policy-reporter/Chart.yaml
@ -5,8 +5,8 @@ description: |
  It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

 type: application
-version: 2.11.1
-appVersion: 2.8.0
+version: 2.11.2
+appVersion: 2.8.1

 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
 home: https://kyverno.github.io/policy-reporter
@ -21,7 +21,7 @@ dependencies:
    version: "2.4.0"
  - name: ui
    condition: ui.enabled
-    version: "2.6.0"
+    version: "2.6.1"
  - name: kyvernoPlugin
    condition: kyvernoPlugin.enabled
-    version: "1.4.0"
+    version: "1.4.1"
--- a/charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml
+++ b/charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml
@ -3,5 +3,5 @@ name: kyvernoPlugin
 description: Policy Reporter Kyverno Plugin

 type: application
-version: 1.4.0
-appVersion: 1.4.0
+version: 1.4.1
+appVersion: 1.4.1
--- a/charts/policy-reporter/charts/kyvernoPlugin/values.yaml
+++ b/charts/policy-reporter/charts/kyvernoPlugin/values.yaml
@ -2,7 +2,7 @@ image:
  registry: ghcr.io
  repository: kyverno/policy-reporter-kyverno-plugin
  pullPolicy: IfNotPresent
-  tag: 1.4.0
+  tag: 1.4.1

 imagePullSecrets: []

--- a/charts/policy-reporter/charts/ui/Chart.yaml
+++ b/charts/policy-reporter/charts/ui/Chart.yaml
@ -3,5 +3,5 @@ name: ui
 description: Policy Reporter UI

 type: application
-version: 2.6.0
-appVersion: 1.6.1
+version: 2.6.1
+appVersion: 1.6.5
--- a/charts/policy-reporter/charts/ui/templates/config.yaml
+++ b/charts/policy-reporter/charts/ui/templates/config.yaml
@ -12,6 +12,7 @@ data:
  config.yaml: |-
    logSize: {{ .Values.log.size }}
    displayMode: {{ .Values.displayMode | quote }}
+    clusterName: {{ .Values.clusterName | quote }}
    views:
      dashboard:
        policyReports: {{ .Values.views.dashboard.policyReports }}
--- a/charts/policy-reporter/charts/ui/values.yaml
+++ b/charts/policy-reporter/charts/ui/values.yaml
@ -4,7 +4,7 @@ image:
  registry: ghcr.io
  repository: kyverno/policy-reporter-ui
  pullPolicy: IfNotPresent
-  tag: 1.6.1
+  tag: 1.6.5

 # possible default displayModes: light/dark
 displayMode: ""
@ -31,6 +31,9 @@ views:
 plugins:
  kyverno: false

+# Custom Cluster Name which is used in the ClusterSelect, if you configured additional clusters below.
+clusterName: ""
+
 # Attention: be sure that your APIs are not accessable for the outside world
 # Use tools like VPN, private Networks or internal Network Load Balancer to expose your APIs in a secure way to the UI
 clusters: []
--- a/charts/policy-reporter/values.yaml
+++ b/charts/policy-reporter/values.yaml
@ -2,7 +2,7 @@ image:
  registry: ghcr.io
  repository: kyverno/policy-reporter
  pullPolicy: IfNotPresent
-  tag: 2.8.0
+  tag: 2.8.1

 imagePullSecrets: []

--- a/go.mod
+++ b/go.mod
@ -6,7 +6,7 @@ require (
 	github.com/aws/aws-sdk-go v1.44.47
 	github.com/go-redis/redis/v8 v8.11.5
 	github.com/kyverno/go-wildcard v1.0.4
-	github.com/kyverno/kyverno v1.7.1
+	github.com/kyverno/kyverno v1.7.3
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/prometheus/client_golang v1.12.2
@ -18,6 +18,7 @@ require (
 	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
 	k8s.io/apimachinery v0.24.2
 	k8s.io/client-go v0.24.2
+	k8s.io/klog v1.0.0
 )

 require (
@ -64,7 +65,6 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/klog v1.0.0 // indirect
 	k8s.io/klog/v2 v2.70.0 // indirect
 	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -192,6 +192,7 @@ github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4er
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@ -340,8 +341,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kyverno/go-wildcard v1.0.4 h1:uoIWLnywcLED/nXeNVDj4U7OvNW1O3N4+emC5gK90ug=
 github.com/kyverno/go-wildcard v1.0.4/go.mod h1:sZkBvzy+au8C1uiqOH+SdN4psOL+0nhfWgsZzzJKwbs=
-github.com/kyverno/kyverno v1.7.1 h1:YykyefFmlET8uYrQvOw+/Ki//9RmERcz8BwNPhQabZ8=
-github.com/kyverno/kyverno v1.7.1/go.mod h1:4twhW8CcubmLZ7lQF4+1pYXYTn0GJIiBUyHxsdl86mM=
+github.com/kyverno/kyverno v1.7.3 h1:ruUkiwZ61V1eJci3loZe/RRdpCjUtF+N/qbJFPQkMng=
+github.com/kyverno/kyverno v1.7.3/go.mod h1:ZVkAJsb0kciATTsaM8Li59Gdc/xcOdBz31CWUn5Wk+k=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
 github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
--- a/manifest/policy-reporter-kyverno-ui-ha/install.yaml
+++ b/manifest/policy-reporter-kyverno-ui-ha/install.yaml
@ -238,7 +238,7 @@ spec:
      automountServiceAccountToken: true
      containers:
        - name: "kyverno-plugin"
-          image: "ghcr.io/kyverno/policy-reporter-kyverno-plugin:1.4.0"
+          image: "ghcr.io/kyverno/policy-reporter-kyverno-plugin:1.4.1"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
@ -308,7 +308,7 @@ spec:
    spec:
      containers:
        - name: ui
-          image: "ghcr.io/kyverno/policy-reporter-ui:1.6.1"
+          image: "ghcr.io/kyverno/policy-reporter-ui:1.6.5"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
@ -371,7 +371,7 @@ spec:
        fsGroup: 1234
      containers:
        - name: policy-reporter
-          image: "ghcr.io/kyverno/policy-reporter:2.8.0"
+          image: "ghcr.io/kyverno/policy-reporter:2.8.1"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
--- a/manifest/policy-reporter-kyverno-ui/install.yaml
+++ b/manifest/policy-reporter-kyverno-ui/install.yaml
@ -158,7 +158,7 @@ spec:
      automountServiceAccountToken: true
      containers:
        - name: "kyverno-plugin"
-          image: "ghcr.io/kyverno/policy-reporter-kyverno-plugin:1.4.0"
+          image: "ghcr.io/kyverno/policy-reporter-kyverno-plugin:1.4.1"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
@ -206,7 +206,7 @@ spec:
    spec:
      containers:
        - name: ui
-          image: "ghcr.io/kyverno/policy-reporter-ui:1.6.1"
+          image: "ghcr.io/kyverno/policy-reporter-ui:1.6.5"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
@ -259,7 +259,7 @@ spec:
        fsGroup: 1234
      containers:
        - name: policy-reporter
-          image: "ghcr.io/kyverno/policy-reporter:2.8.0"
+          image: "ghcr.io/kyverno/policy-reporter:2.8.1"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
--- a/manifest/policy-reporter-ui/install.yaml
+++ b/manifest/policy-reporter-ui/install.yaml
@ -94,7 +94,7 @@ spec:
      automountServiceAccountToken: false
      containers:
        - name: ui
-          image: "ghcr.io/kyverno/policy-reporter-ui:1.6.1"
+          image: "ghcr.io/kyverno/policy-reporter-ui:1.6.5"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
@ -147,7 +147,7 @@ spec:
        fsGroup: 1234
      containers:
        - name: policy-reporter
-          image: "ghcr.io/kyverno/policy-reporter:2.8.0"
+          image: "ghcr.io/kyverno/policy-reporter:2.8.1"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
--- a/manifest/policy-reporter/install.yaml
+++ b/manifest/policy-reporter/install.yaml
@ -78,7 +78,7 @@ spec:
      automountServiceAccountToken: true
      containers:
        - name: policy-reporter
-          image: "ghcr.io/kyverno/policy-reporter:2.8.0"
+          image: "ghcr.io/kyverno/policy-reporter:2.8.1"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
--- a/manifest/violations-email-report/cronjob.yaml
+++ b/manifest/violations-email-report/cronjob.yaml
@ -26,7 +26,7 @@ spec:
          restartPolicy: Never
          containers:
            - name: policy-reporter
-              image: "ghcr.io/kyverno/policy-reporter:2.8.0"
+              image: "ghcr.io/kyverno/policy-reporter:2.8.1"
              imagePullPolicy: IfNotPresent
              securityContext: 
                allowPrivilegeEscalation: false
--- a/pkg/kubernetes/fixtures_test.go
+++ b/pkg/kubernetes/fixtures_test.go
@ -324,6 +324,7 @@ var result1ID string = report.GeneratePolicyReportResultID(
 	policyReportCRD.Results[0].Rule,
 	string(policyReportCRD.Results[0].Result),
 	policyReportCRD.Results[0].Message,
+	policyReportCRD.Results[0].Category,
 )

 var result2ID string = report.GeneratePolicyReportResultID(
@ -333,6 +334,7 @@ var result2ID string = report.GeneratePolicyReportResultID(
 	policyReportCRD.Results[1].Rule,
 	string(policyReportCRD.Results[1].Result),
 	policyReportCRD.Results[1].Message,
+	policyReportCRD.Results[1].Category,
 )

 var result3ID string = "123456"
@ -344,4 +346,5 @@ var cresult1ID string = report.GeneratePolicyReportResultID(
 	clusterPolicyReportCRD.Results[0].Rule,
 	string(clusterPolicyReportCRD.Results[0].Result),
 	clusterPolicyReportCRD.Results[0].Message,
+	clusterPolicyReportCRD.Results[0].Category,
 )
--- a/pkg/kubernetes/mapper.go
+++ b/pkg/kubernetes/mapper.go
@ -158,7 +158,15 @@ func (m *mapper) mapResult(result v1alpha2.PolicyReportResult, res report.Resour
 	}

 	if r.ID == "" {
-		r.ID = report.GeneratePolicyReportResultID(r.Resource.UID, r.Resource.Name, r.Policy, r.Rule, r.Status, r.Message)
+		r.ID = report.GeneratePolicyReportResultID(
+			r.Resource.UID,
+			r.Resource.Name,
+			r.Policy,
+			r.Rule,
+			r.Status,
+			r.Message,
+			r.Category,
+		)
 	}

 	return r
--- a/pkg/kubernetes/mapper_test.go
+++ b/pkg/kubernetes/mapper_test.go
@ -45,8 +45,8 @@ func Test_MapPolicyReport(t *testing.T) {
 	if result1.Status != report.Fail {
 		t.Errorf("Expected Message '%s' (acutal %s)", report.Fail, result1.Status)
 	}
-	if result1.Priority != report.CriticalPriority {
-		t.Errorf("Expected Priority '%d' (acutal %d)", report.CriticalPriority, result1.Priority)
+	if result1.Priority != report.ErrorPriority {
+		t.Errorf("Expected Priority '%d' (acutal %d)", report.ErrorPriority, result1.Priority)
 	}
 	if !result1.Scored {
 		t.Errorf("Expected Scored to be true")
@ -151,8 +151,8 @@ func Test_MapClusterPolicyReport(t *testing.T) {
 	if result1.Status != report.Fail {
 		t.Errorf("Expected Message '%s' (acutal %s)", report.Fail, result1.Status)
 	}
-	if result1.Priority != report.CriticalPriority {
-		t.Errorf("Expected Priority '%d' (acutal %d)", report.CriticalPriority, result1.Priority)
+	if result1.Priority != report.ErrorPriority {
+		t.Errorf("Expected Priority '%d' (acutal %d)", report.ErrorPriority, result1.Priority)
 	}
 	if !result1.Scored {
 		t.Errorf("Expected Scored to be true")
--- a/pkg/report/model.go
+++ b/pkg/report/model.go
@ -52,9 +52,11 @@ const (
 	Pass  Status = "pass"
 	Skip  Status = "skip"

-	Low    Severity = "low"
-	Medium Severity = "medium"
-	High   Severity = "high"
+	Info     Severity = "info"
+	Low      Severity = "low"
+	Medium   Severity = "medium"
+	High     Severity = "high"
+	Critical Severity = "critical"

 	defaultString  = ""
 	debugString    = "debug"
@ -132,12 +134,18 @@ func PriorityFromStatus(s Status) Priority {
 // PriorityFromSeverity creates a Priority based on a Severity
 func PriorityFromSeverity(s Severity) Priority {
 	switch s {
-	case High:
+	case Critical:
 		return CriticalPriority
+	case High:
+		return ErrorPriority
 	case Medium:
 		return WarningPriority
-	default:
+	case Info:
 		return InfoPriority
+	case Low:
+		return InfoPriority
+	default:
+		return DebugPriority
 	}
 }

@ -281,12 +289,13 @@ func GeneratePolicyReportID(name, namespace string) string {
 	return strconv.FormatUint(h1, 10)
 }

-func GeneratePolicyReportResultID(uid, name, policy, rule, status, suffix string) string {
+func GeneratePolicyReportResultID(uid, name, policy, rule, status, suffix, category string) string {
 	h1 := fnv1a.Init64
 	h1 = fnv1a.AddString64(h1, name)
 	h1 = fnv1a.AddString64(h1, policy)
 	h1 = fnv1a.AddString64(h1, rule)
 	h1 = fnv1a.AddString64(h1, status)
+	h1 = fnv1a.AddString64(h1, category)
 	h1 = fnv1a.AddString64(h1, suffix)
 	if uid != "" {
 		h1 = fnv1a.AddString64(h1, uid)
--- a/pkg/report/model_test.go
+++ b/pkg/report/model_test.go
@ -8,7 +8,7 @@ import (
 )

 var result1 = report.Result{
-	ID:       "8804968580595351199",
+	ID:       "16097155368874536783",
 	Message:  "validation error: requests and limits required. Rule autogen-check-for-requests-and-limits failed at path /spec/template/spec/containers/0/resources/requests/",
 	Policy:   "require-requests-and-limits-required",
 	Rule:     "autogen-check-for-requests-and-limits",
@ -119,7 +119,7 @@ func Test_PolicyReport(t *testing.T) {
 			Results:           []report.Result{result1},
 		}

-		if result := preport.GetResult("8804968580595351199"); result.ID != "8804968580595351199" {
+		if result := preport.GetResult("16097155368874536783"); result.ID != "16097155368874536783" {
 			t.Error("Expected PolicyReport.GetResult() returns a given Result by ID")
 		}
 		if result := preport.GetResult("123"); result.ID != "" {
@ -168,7 +168,7 @@ func Test_ClusterPolicyReport(t *testing.T) {

 func Test_Result(t *testing.T) {
 	t.Run("Check Result.GetIdentifier", func(t *testing.T) {
-		expected := report.GeneratePolicyReportResultID(result1.Resource.UID, result1.Resource.Name, result1.Policy, result1.Rule, result1.Status, "")
+		expected := report.GeneratePolicyReportResultID(result1.Resource.UID, result1.Resource.Name, result1.Policy, result1.Rule, result1.Status, result1.Message, result1.Category)

 		if result1.GetIdentifier() != expected {
 			t.Errorf("Expected ClusterPolicyReport.GetIdentifier() to be %s (actual: %s)", expected, result1.GetIdentifier())
@ -254,15 +254,24 @@ func Test_Priorities(t *testing.T) {
 		}
 	})
 	t.Run("PriorityFromSeverity", func(t *testing.T) {
-		if prio := report.PriorityFromSeverity(report.High); prio != report.CriticalPriority {
+		if prio := report.PriorityFromSeverity(report.Critical); prio != report.CriticalPriority {
 			t.Errorf("Expected Priority to be %d (actual %d)", report.CriticalPriority, prio)
 		}
+		if prio := report.PriorityFromSeverity(report.High); prio != report.ErrorPriority {
+			t.Errorf("Expected Priority to be %d (actual %d)", report.ErrorPriority, prio)
+		}
 		if prio := report.PriorityFromSeverity(report.Medium); prio != report.WarningPriority {
 			t.Errorf("Expected Priority to be %d (actual %d)", report.WarningPriority, prio)
 		}
 		if prio := report.PriorityFromSeverity(report.Low); prio != report.InfoPriority {
 			t.Errorf("Expected Priority to be %d (actual %d)", report.InfoPriority, prio)
 		}
+		if prio := report.PriorityFromSeverity(report.Info); prio != report.InfoPriority {
+			t.Errorf("Expected Priority to be %d (actual %d)", report.InfoPriority, prio)
+		}
+		if prio := report.PriorityFromSeverity(""); prio != report.DebugPriority {
+			t.Errorf("Expected Priority to be %d (actual %d)", report.DebugPriority, prio)
+		}
 	})
 }