mirrors/policy-reporter
1
0
Fork 0
mirror of https://github.com/kyverno/policy-reporter.git synced 2024-12-14 11:57:32 +00:00
Code Activity

Refactor filter logic (#165)

Browse source 
* Refactor filter logic

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
This commit is contained in:
Frank Jogeleit 2022-07-05 15:07:46 +02:00 committed by GitHub
parent a5b728a6a2
commit dd4629ae4f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
57 changed files with 576 additions and 470 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
charts/policy-reporter/values.yaml
View file

@ -179,14 +179,17 @@ emailReports:
# namespaces:
# include: []
# exclude: []
# sources: ['Kyverno']
# sources:
# include: []
# exclude: []
channels: [] # (optional) channels can be used to to send only a subset of namespaces / sources to dedicated email addresses channels: [] # (optional) channels can be used to to send only a subset of namespaces / sources to dedicated email addresses
#- to: ['team-a@company.org']
# filter:
# disableClusterReports: true
# namespaces:
# include: ['team-a-*']
# sources: ['Kyverno']
# sources:
# include: ['Kyverno']
# violation summary report
violations:
enabled: false
@ -202,14 +205,17 @@ emailReports:
# namespaces:
# include: []
# exclude: []
# sources: ['Kyverno']
# sources:
# include: []
# exclude: []
channels: [] # (optional) channels can be used to to send only a subset of namespaces / sources to dedicated email addresses channels: [] # (optional) channels can be used to to send only a subset of namespaces / sources to dedicated email addresses
#- to: ['team-a@company.org']
# filter:
# disableClusterReports: true
# namespaces:
# include: ['team-a-*']
# sources: ['Kyverno']
# sources:
# include: ['Kyverno']
# Reference a configuration which already exists instead of creating one
existingTargetConfig:

18
go.mod
View file

@ -3,17 +3,18 @@ module github.com/kyverno/policy-reporter
go 1.18
require (
github.com/aws/aws-sdk-go v1.44.39
github.com/aws/aws-sdk-go v1.44.47
github.com/go-redis/redis/v8 v8.11.5
github.com/kyverno/go-wildcard v1.0.4
github.com/kyverno/kyverno v1.7.1
github.com/mattn/go-sqlite3 v2.0.3+incompatible
github.com/minio/pkg v1.1.26
github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/prometheus/client_golang v1.12.2
github.com/prometheus/client_model v0.2.0
github.com/segmentio/fasthash v1.0.3
github.com/spf13/cobra v1.5.0
github.com/spf13/viper v1.12.0
github.com/xhit/go-simple-mail/v2 v2.11.0
golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
k8s.io/apimachinery v0.24.2
k8s.io/client-go v0.24.2
@ -29,6 +30,7 @@ require (
github.com/fsnotify/fsnotify v1.5.4 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/swag v0.21.1 // indirect
github.com/go-test/deep v1.0.8 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/go-cmp v0.5.8 // indirect
@ -38,7 +40,6 @@ require (
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kyverno/go-wildcard v1.0.4 // indirect
github.com/magiconair/properties v1.8.6 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
@ -55,8 +56,7 @@ require (
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208 // indirect
github.com/xhit/go-simple-mail/v2 v2.11.0 // indirect
golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c // indirect
golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e // indirect
golang.org/x/text v0.3.7 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.28.0 // indirect
@ -77,14 +77,14 @@ require (
github.com/imdario/mergo v0.3.13 // indirect
github.com/prometheus/common v0.35.0 // indirect
github.com/subosito/gotenv v1.4.0 // indirect
golang.org/x/net v0.0.0-20220621193019-9d032be2e588 // indirect
golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb // indirect
golang.org/x/net v0.0.0-20220630215102-69896b714898 // indirect
golang.org/x/oauth2 v0.0.0-20220630143837-2104d58473e0 // indirect
golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 // indirect
golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
gopkg.in/ini.v1 v1.66.6 // indirect
k8s.io/api v0.24.2
k8s.io/apiextensions-apiserver v0.24.2 // indirect
k8s.io/kube-openapi v0.0.0-20220621154418-c39d0f63fac8 // indirect
sigs.k8s.io/controller-runtime v0.12.1 // indirect
k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 // indirect
sigs.k8s.io/controller-runtime v0.12.2 // indirect
sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124 // indirect
)

31
go.sum
View file

@ -68,8 +68,8 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/aws/aws-sdk-go v1.44.39 h1:pMxYLqnuDidT0ZTDAhYC66fb3W3Yc+oShmfzEL4fTDI=
github.com/aws/aws-sdk-go v1.44.39/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
github.com/aws/aws-sdk-go v1.44.47 h1:uyiNvoR4wfZ8Bp4ghgbyzGFIg5knjZMUAd5S9ba9qNU=
github.com/aws/aws-sdk-go v1.44.47/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@ -178,6 +178,8 @@ github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/e
github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
@ -356,8 +358,6 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/minio/pkg v1.1.26 h1:a8x4sHNBxCiHEkxZ/0EBTLqvV3nMtM2G/A6lXNfXN3U=
github.com/minio/pkg v1.1.26/go.mod h1:z9PfmEI804KFkF6eY4LoGe8IDVvTCsYGVuaf58Dr0WI=
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@ -393,10 +393,11 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W
github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
@ -657,8 +658,8 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220621193019-9d032be2e588 h1:9ubFuySsnAJYGyJrZ3koiEv8FyqofCBdz3G9Mbf2YFc=
golang.org/x/net v0.0.0-20220621193019-9d032be2e588/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.0.0-20220630215102-69896b714898 h1:K7wO6V1IrczY9QOQ2WkVpw4JQSwCd52UsxVEirZUfiw=
golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@ -673,8 +674,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ
golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb h1:8tDJ3aechhddbdPAxpycgXHJRMLpk/Ab+aa4OgdN5/g=
golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
golang.org/x/oauth2 v0.0.0-20220630143837-2104d58473e0 h1:VnGaRqoLmqZH/3TMLJwYCEWkR4j1nuIU1U9TvbqsDUw=
golang.org/x/oauth2 v0.0.0-20220630143837-2104d58473e0/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -755,8 +756,8 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c h1:aFV+BgZ4svzjfabn8ERpuB4JI4N6/rdy1iusx77G3oU=
golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e h1:CsOuNlbOuf0mzxJIefr6Q4uAUetRUwZE4qt7VfzP+xo=
golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 h1:CBpWXWQpIRjzmkkA+M7q9Fqnwd2mZr3AFqexg8YTfoM=
@ -1019,8 +1020,8 @@ k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/klog/v2 v2.70.0 h1:GMmmjoFOrNepPN0ZeGCzvD2Gh5IKRwdFx8W5PBxVTQU=
k8s.io/klog/v2 v2.70.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
k8s.io/kube-openapi v0.0.0-20220621154418-c39d0f63fac8 h1:30P0UV8MQgg4f1khIUT09xHmpI5B5Wg0Vg6JNkUqsQ0=
k8s.io/kube-openapi v0.0.0-20220621154418-c39d0f63fac8/go.mod h1:PNbiP2hKArDh8cgJZTDL6Ss/z3wsbga8yjj/7VMB+I4=
k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 h1:yEQKdMCjzAOvGeiTwG4hO/hNVNtDOuUFvMUZ0OlaIzs=
k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8/go.mod h1:mbJ+NSUoAhuR14N0S63bPkh8MGVSo3VYSGZtH/mfMe0=
k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc=
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
@ -1028,8 +1029,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
sigs.k8s.io/controller-runtime v0.12.1 h1:4BJY01xe9zKQti8oRjj/NeHKRXthf1YkYJAgLONFFoI=
sigs.k8s.io/controller-runtime v0.12.1/go.mod h1:BKhxlA4l7FPK4AQcsuL4X6vZeWnKDXez/vp1Y8dxTU0=
sigs.k8s.io/controller-runtime v0.12.2 h1:nqV02cvhbAj7tbt21bpPpTByrXGn2INHRsi39lXy9sE=
sigs.k8s.io/controller-runtime v0.12.2/go.mod h1:qKsk4WE6zW2Hfj0G4v10EnNB2jMG1C+NTb8h+DwCoU0=
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124 h1:2sgAQQcY0dEW2SsQwTXhQV4vO6+rSslYx8K3XmM5hqQ=
sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=

4
manifest/README.md
View file

@ -169,6 +169,8 @@ emailReports:
namespaces:
include: []
exclude: []
sources: []
sources:
include: []
exclude: []
channels: []
```

2
manifest/violations-email-report/config-secret.yaml
View file

@ -7,4 +7,4 @@ metadata:
app.kubernetes.io/name: policy-reporter
type: Opaque
data:
config.yaml: ZW1haWxSZXBvcnRzOgogIGNsdXN0ZXJOYW1lOgogIHNtdHA6CiAgICBob3N0OgogICAgcG9ydDoKICAgIHVzZXJuYW1lOgogICAgcGFzc3dvcmQ6CiAgICBmcm9tOgogICAgZW5jcnlwdGlvbjoKICBzdW1tYXJ5OgogICAgdG86IFtdCiAgICBmaWx0ZXI6CiAgICAgIG5hbWVzcGFjZXM6CiAgICAgICAgaW5jbHVkZTogW10KICAgICAgICBleGNsdWRlOiBbXQogICAgICBzb3VyY2VzOiBbXQogIHZpb2xhdGlvbnM6CiAgICB0bzogW10KICAgIGZpbHRlcjoKICAgICAgbmFtZXNwYWNlczoKICAgICAgICBpbmNsdWRlOiBbXQogICAgICAgIGV4Y2x1ZGU6IFtdCiAgICAgIHNvdXJjZXM6IFtd
config.yaml: ZW1haWxSZXBvcnRzOgogIGNsdXN0ZXJOYW1lOgogIHNtdHA6CiAgICBob3N0OgogICAgcG9ydDoKICAgIHVzZXJuYW1lOgogICAgcGFzc3dvcmQ6CiAgICBmcm9tOgogICAgZW5jcnlwdGlvbjoKICBzdW1tYXJ5OgogICAgdG86IFtdCiAgICBmaWx0ZXI6CiAgICAgIG5hbWVzcGFjZXM6CiAgICAgICAgaW5jbHVkZTogW10KICAgICAgICBleGNsdWRlOiBbXQogICAgICBzb3VyY2VzOgogICAgICAgIGluY2x1ZGU6IFtdCiAgICAgICAgZXhjbHVkZTogW10KICB2aW9sYXRpb25zOgogICAgdG86IFtdCiAgICBmaWx0ZXI6CiAgICAgIG5hbWVzcGFjZXM6CiAgICAgICAgaW5jbHVkZTogW10KICAgICAgICBleGNsdWRlOiBbXQogICAgICBzb3VyY2VzOgogICAgICAgIGluY2x1ZGU6IFtdCiAgICAgICAgZXhjbHVkZTogW10=

2
pkg/api/v1/handler_test.go
View file

@ -507,7 +507,7 @@ func Test_TargetsAPI(t *testing.T) {
rr := httptest.NewRecorder()
handler := v1.TargetsHandler([]target.Client{
loki.NewClient("Loki", "", true, &target.Filter{}, make(map[string]string), &http.Client{}),
loki.NewClient("Loki", "", true, &report.ResultFilter{}, make(map[string]string), &http.Client{}),
})
handler.ServeHTTP(rr, req)

2
pkg/config/config.go
View file

@ -8,7 +8,7 @@ type ValueFilter struct {
type EmailReportFilter struct {
DisableClusterReports bool `mapstructure:"disableClusterReports"`
Namespaces ValueFilter `mapstructure:"namespaces"`
Sources []string `mapstructure:"sources"`
Sources ValueFilter `mapstructure:"sources"`
}
type TargetFilter struct {

76
pkg/config/resolver.go
View file

@ -12,7 +12,6 @@ import (
"github.com/kyverno/policy-reporter/pkg/email"
"github.com/kyverno/policy-reporter/pkg/email/summary"
"github.com/kyverno/policy-reporter/pkg/email/violations"
"github.com/kyverno/policy-reporter/pkg/filter"
"github.com/kyverno/policy-reporter/pkg/helper"
"github.com/kyverno/policy-reporter/pkg/kubernetes"
"github.com/kyverno/policy-reporter/pkg/listener"
@ -30,6 +29,7 @@ import (
"github.com/kyverno/policy-reporter/pkg/target/teams"
"github.com/kyverno/policy-reporter/pkg/target/ui"
"github.com/kyverno/policy-reporter/pkg/target/webhook"
"github.com/kyverno/policy-reporter/pkg/validate"
mail "github.com/xhit/go-simple-mail/v2"
goredis "github.com/go-redis/redis/v8"
@ -108,26 +108,11 @@ func (r *Resolver) RegisterStoreListener(store report.PolicyReportStore) {
// RegisterMetricsListener resolver method
func (r *Resolver) RegisterMetricsListener() {
r.EventPublisher().RegisterListener(listener.NewMetricsListener(metrics.NewFilter(
metrics.Rules{
Exclude: r.config.Metrics.Filter.Namespaces.Exclude,
Include: r.config.Metrics.Filter.Namespaces.Include,
},
metrics.Rules{
Exclude: r.config.Metrics.Filter.Status.Exclude,
Include: r.config.Metrics.Filter.Status.Include,
},
metrics.Rules{
Exclude: r.config.Metrics.Filter.Policies.Exclude,
Include: r.config.Metrics.Filter.Policies.Include,
},
metrics.Rules{
Exclude: r.config.Metrics.Filter.Sources.Exclude,
Include: r.config.Metrics.Filter.Sources.Include,
},
metrics.Rules{
Exclude: r.config.Metrics.Filter.Severities.Exclude,
Include: r.config.Metrics.Filter.Severities.Include,
},
ToRuleSet(r.config.Metrics.Filter.Namespaces),
ToRuleSet(r.config.Metrics.Filter.Status),
ToRuleSet(r.config.Metrics.Filter.Policies),
ToRuleSet(r.config.Metrics.Filter.Sources),
ToRuleSet(r.config.Metrics.Filter.Severities),
)))
}
@ -463,11 +448,10 @@ func (r *Resolver) PolicyReportClient() (report.PolicyReportClient, error) {
return r.policyReportClient, nil
}
func (r *Resolver) ReportFilter() report.Filter {
func (r *Resolver) ReportFilter() *report.Filter {
return report.NewFilter(
r.config.ReportFilter.ClusterReports.Disabled,
r.config.ReportFilter.Namespaces.Include,
r.config.ReportFilter.Namespaces.Exclude,
ToRuleSet(r.config.ReportFilter.Namespaces),
)
}
@ -808,31 +792,23 @@ func createKinesisClient(config Kinesis, parent Kinesis) target.Client {
)
}
func createTargetFilter(fil TargetFilter, minimumPriority string, sources []string) *target.Filter {
return &target.Filter{
MinimumPriority: minimumPriority,
Sources: sources,
Namespace: filter.Rules{
Include: fil.Namespaces.Include,
Exclude: fil.Namespaces.Exclude,
},
Priority: filter.Rules{
Include: fil.Priorities.Include,
Exclude: fil.Priorities.Exclude,
},
Policy: filter.Rules{
Include: fil.Policies.Include,
Exclude: fil.Policies.Exclude,
},
}
}
func EmailReportFilterFromConfig(config EmailReportFilter) filter.Filter {
return filter.New(
filter.Rules{
Include: config.Namespaces.Include,
Exclude: config.Namespaces.Exclude,
},
config.Sources,
func createTargetFilter(filter TargetFilter, minimumPriority string, sources []string) *report.ResultFilter {
return target.NewClientFilter(
ToRuleSet(filter.Namespaces),
ToRuleSet(filter.Priorities),
ToRuleSet(filter.Policies),
minimumPriority,
sources,
)
}
func EmailReportFilterFromConfig(config EmailReportFilter) email.Filter {
return email.NewFilter(ToRuleSet(config.Namespaces), ToRuleSet(config.Sources))
}
func ToRuleSet(filter ValueFilter) validate.RuleSets {
return validate.RuleSets{
Include: filter.Include,
Exclude: filter.Exclude,
}
}

22
pkg/email/filter.go Normal file
View file

@ -0,0 +1,22 @@
package email
import (
"github.com/kyverno/policy-reporter/pkg/validate"
)
type Filter struct {
namespace validate.RuleSets
sources validate.RuleSets
}
func (f Filter) ValidateSource(source string) bool {
return validate.ContainsRuleSet(source, f.sources)
}
func (f Filter) ValidateNamespace(namespace string) bool {
return validate.Namespace(namespace, f.namespace)
}
func NewFilter(namespaces, sources validate.RuleSets) Filter {
return Filter{namespaces, sources}
}

21
pkg/email/filter_test.go Normal file
View file

@ -0,0 +1,21 @@
package email_test
import (
"testing"
"github.com/kyverno/policy-reporter/pkg/email"
"github.com/kyverno/policy-reporter/pkg/validate"
)
func Test_Filters(t *testing.T) {
t.Run("Validate Default", func(t *testing.T) {
filter := email.NewFilter(validate.RuleSets{}, validate.RuleSets{})
if !filter.ValidateNamespace("test") {
t.Errorf("Unexpected Validation Result without configured rules")
}
if !filter.ValidateSource("Kyverno") {
t.Errorf("Unexpected Validation Result without configured rules")
}
})
}

5
pkg/email/summary/fixtures_test.go
View file

@ -4,12 +4,13 @@ import (
"github.com/kyverno/kyverno/api/policyreport/v1alpha2"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned/fake"
v1alpha2client "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
"github.com/kyverno/policy-reporter/pkg/filter"
"github.com/kyverno/policy-reporter/pkg/email"
"github.com/kyverno/policy-reporter/pkg/validate"
corev1 "k8s.io/api/core/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
var Filter = filter.New(filter.Rules{}, make([]string, 0, 0))
var filter = email.NewFilter(validate.RuleSets{}, validate.RuleSets{})
func NewFakeCilent() (v1alpha2client.Wgpolicyk8sV1alpha2Interface, v1alpha2client.PolicyReportInterface, v1alpha2client.ClusterPolicyReportInterface) {
client := fake.NewSimpleClientset().Wgpolicyk8sV1alpha2()

8
pkg/email/summary/generator.go
View file

@ -6,13 +6,13 @@ import (
"github.com/kyverno/kyverno/api/policyreport/v1alpha2"
api "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
"github.com/kyverno/policy-reporter/pkg/filter"
"github.com/kyverno/policy-reporter/pkg/email"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type Generator struct {
client api.Wgpolicyk8sV1alpha2Interface
filter filter.Filter
filter email.Filter
clusterReports bool
}
@ -98,11 +98,11 @@ func (o *Generator) GenerateData(ctx context.Context) ([]Source, error) {
return list, nil
}
func NewGenerator(client api.Wgpolicyk8sV1alpha2Interface, filter filter.Filter, clusterReports bool) *Generator {
func NewGenerator(client api.Wgpolicyk8sV1alpha2Interface, filter email.Filter, clusterReports bool) *Generator {
return &Generator{client, filter, clusterReports}
}
func FilterSources(sources []Source, filter filter.Filter, clusterReports bool) []Source {
func FilterSources(sources []Source, filter email.Filter, clusterReports bool) []Source {
newSources := make([]Source, 0)
mx := sync.Mutex{}

21
pkg/email/summary/generator_test.go
View file

@ -4,8 +4,9 @@ import (
"context"
"testing"
"github.com/kyverno/policy-reporter/pkg/email"
"github.com/kyverno/policy-reporter/pkg/email/summary"
"github.com/kyverno/policy-reporter/pkg/filter"
"github.com/kyverno/policy-reporter/pkg/validate"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
@ -17,7 +18,7 @@ func Test_GenerateDataWithSingleSource(t *testing.T) {
_, _ = pClient.Create(ctx, PolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, ClusterPolicyReportCRD, v1.CreateOptions{})
generator := summary.NewGenerator(client, Filter, true)
generator := summary.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
@ -53,7 +54,7 @@ func Test_GenerateDataWithMultipleSource(t *testing.T) {
_, _ = cClient.Create(ctx, EmptyClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := summary.NewGenerator(client, Filter, true)
generator := summary.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
@ -78,7 +79,7 @@ func Test_GenerateDataWithSourceFilter(t *testing.T) {
_, _ = cClient.Create(ctx, EmptyClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := summary.NewGenerator(client, filter.New(filter.Rules{}, []string{"test"}), true)
generator := summary.NewGenerator(client, email.NewFilter(validate.RuleSets{}, validate.RuleSets{Include: []string{"test"}}), true)
data, err := generator.GenerateData(ctx)
if err != nil {
@ -103,14 +104,14 @@ func Test_FilterSourcesBySource(t *testing.T) {
_, _ = cClient.Create(ctx, EmptyClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := summary.NewGenerator(client, Filter, true)
generator := summary.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
t.Fatalf("unexpected error: %s", err)
}
data = summary.FilterSources(data, filter.New(filter.Rules{}, []string{"Kyverno"}), true)
data = summary.FilterSources(data, email.NewFilter(validate.RuleSets{}, validate.RuleSets{Include: []string{"Kyverno"}}), true)
if len(data) != 1 {
t.Fatalf("expected one source left, got: %d", len(data))
}
@ -129,14 +130,14 @@ func Test_FilterSourcesByNamespace(t *testing.T) {
_, _ = cClient.Create(ctx, EmptyClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := summary.NewGenerator(client, Filter, true)
generator := summary.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
t.Fatalf("unexpected error: %s", err)
}
data = summary.FilterSources(data, filter.New(filter.Rules{Exclude: []string{"kyverno"}}, []string{}), true)
data = summary.FilterSources(data, email.NewFilter(validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), true)
source := data[0]
if source.Name != "Kyverno" {
source = data[1]
@ -160,14 +161,14 @@ func Test_RemoveEmptySource(t *testing.T) {
_, _ = cClient.Create(ctx, EmptyClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := summary.NewGenerator(client, Filter, true)
generator := summary.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
t.Fatalf("unexpected error: %s", err)
}
data = summary.FilterSources(data, filter.New(filter.Rules{Exclude: []string{"kyverno"}}, []string{}), false)
data = summary.FilterSources(data, email.NewFilter(validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), false)
if len(data) != 1 {
t.Fatalf("expected one source left, got: %d", len(data))
}

2
pkg/email/summary/reporter_test.go
View file

@ -23,7 +23,7 @@ func Test_CreateReport(t *testing.T) {
_, _ = cClient.Create(ctx, EmptyClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := summary.NewGenerator(client, Filter, true)
generator := summary.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
t.Fatalf("unexpected error: %s", err)

5
pkg/email/violations/fixtures_test.go
View file

@ -4,12 +4,13 @@ import (
"github.com/kyverno/kyverno/api/policyreport/v1alpha2"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned/fake"
v1alpha2client "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
"github.com/kyverno/policy-reporter/pkg/filter"
"github.com/kyverno/policy-reporter/pkg/email"
"github.com/kyverno/policy-reporter/pkg/validate"
corev1 "k8s.io/api/core/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
var Filter = filter.New(filter.Rules{}, make([]string, 0, 0))
var filter = email.NewFilter(validate.RuleSets{}, validate.RuleSets{})
func NewFakeCilent() (v1alpha2client.Wgpolicyk8sV1alpha2Interface, v1alpha2client.PolicyReportInterface, v1alpha2client.ClusterPolicyReportInterface) {
client := fake.NewSimpleClientset().Wgpolicyk8sV1alpha2()

8
pkg/email/violations/generator.go
View file

@ -6,13 +6,13 @@ import (
"github.com/kyverno/kyverno/api/policyreport/v1alpha2"
api "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
"github.com/kyverno/policy-reporter/pkg/filter"
"github.com/kyverno/policy-reporter/pkg/email"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type Generator struct {
client api.Wgpolicyk8sV1alpha2Interface
filter filter.Filter
filter email.Filter
clusterReports bool
}
@ -126,11 +126,11 @@ func (o *Generator) GenerateData(ctx context.Context) ([]Source, error) {
return list, nil
}
func NewGenerator(client api.Wgpolicyk8sV1alpha2Interface, filter filter.Filter, clusterReports bool) *Generator {
func NewGenerator(client api.Wgpolicyk8sV1alpha2Interface, filter email.Filter, clusterReports bool) *Generator {
return &Generator{client, filter, clusterReports}
}
func FilterSources(sources []Source, filter filter.Filter, clusterReports bool) []Source {
func FilterSources(sources []Source, filter email.Filter, clusterReports bool) []Source {
newSources := make([]Source, 0)
mx := sync.Mutex{}

21
pkg/email/violations/generator_test.go
View file

@ -4,8 +4,9 @@ import (
"context"
"testing"
"github.com/kyverno/policy-reporter/pkg/email"
"github.com/kyverno/policy-reporter/pkg/email/violations"
"github.com/kyverno/policy-reporter/pkg/filter"
"github.com/kyverno/policy-reporter/pkg/validate"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
@ -17,7 +18,7 @@ func Test_GenerateDataWithSingleSource(t *testing.T) {
_, _ = pClient.Create(ctx, PolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, ClusterPolicyReportCRD, v1.CreateOptions{})
generator := violations.NewGenerator(client, Filter, true)
generator := violations.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
@ -77,7 +78,7 @@ func Test_GenerateDataWithMultipleSource(t *testing.T) {
_, _ = cClient.Create(ctx, PassClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := violations.NewGenerator(client, Filter, true)
generator := violations.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
@ -102,7 +103,7 @@ func Test_GenerateDataWithSourceFilter(t *testing.T) {
_, _ = cClient.Create(ctx, EmptyClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := violations.NewGenerator(client, filter.New(filter.Rules{}, []string{"test"}), true)
generator := violations.NewGenerator(client, email.NewFilter(validate.RuleSets{}, validate.RuleSets{Include: []string{"test"}}), true)
data, err := generator.GenerateData(ctx)
if err != nil {
@ -127,14 +128,14 @@ func Test_FilterSourcesBySource(t *testing.T) {
_, _ = cClient.Create(ctx, EmptyClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := violations.NewGenerator(client, Filter, true)
generator := violations.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
t.Fatalf("unexpected error: %s", err)
}
data = violations.FilterSources(data, filter.New(filter.Rules{}, []string{"Kyverno"}), true)
data = violations.FilterSources(data, email.NewFilter(validate.RuleSets{}, validate.RuleSets{Include: []string{"Kyverno"}}), true)
if len(data) != 1 {
t.Fatalf("expected one source left, got: %d", len(data))
}
@ -153,14 +154,14 @@ func Test_FilterSourcesByNamespace(t *testing.T) {
_, _ = cClient.Create(ctx, EmptyClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := violations.NewGenerator(client, Filter, true)
generator := violations.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
t.Fatalf("unexpected error: %s", err)
}
data = violations.FilterSources(data, filter.New(filter.Rules{Exclude: []string{"kyverno"}}, []string{}), true)
data = violations.FilterSources(data, email.NewFilter(validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), true)
source := data[0]
if source.Name != "Kyverno" {
source = data[1]
@ -184,14 +185,14 @@ func Test_RemoveEmptySource(t *testing.T) {
_, _ = cClient.Create(ctx, EmptyClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := violations.NewGenerator(client, Filter, true)
generator := violations.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
t.Fatalf("unexpected error: %s", err)
}
data = violations.FilterSources(data, filter.New(filter.Rules{Exclude: []string{"kyverno"}}, []string{}), false)
data = violations.FilterSources(data, email.NewFilter(validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), false)
if len(data) != 1 {
t.Fatalf("expected one source left, got: %d", len(data))
}

2
pkg/email/violations/reporter_test.go
View file

@ -23,7 +23,7 @@ func Test_CreateReport(t *testing.T) {
_, _ = cClient.Create(ctx, EmptyClusterPolicyReportCRD, v1.CreateOptions{})
_, _ = cClient.Create(ctx, KyvernoClusterPolicyReportCRD, v1.CreateOptions{})
generator := violations.NewGenerator(client, Filter, true)
generator := violations.NewGenerator(client, filter, true)
data, err := generator.GenerateData(ctx)
if err != nil {
t.Fatalf("unexpected error: %s", err)

88
pkg/filter/filter_test.go
View file

@ -1,88 +0,0 @@
package filter_test
import (
"testing"
"github.com/kyverno/policy-reporter/pkg/filter"
)
func Test_BaseClient(t *testing.T) {
t.Run("Validate Default", func(t *testing.T) {
filter := filter.New(filter.Rules{}, []string{})
if !filter.ValidateNamespace("test") {
t.Errorf("Unexpected Validation Result without configured rules")
}
if !filter.ValidateSource("Kyverno") {
t.Errorf("Unexpected Validation Result without configured rules")
}
})
t.Run("Validate Source", func(t *testing.T) {
filter := filter.New(filter.Rules{}, []string{"jsPolicy"})
if filter.ValidateSource("test") {
t.Errorf("Unexpected Validation Result")
}
if !filter.ValidateSource("jsPolicy") {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Namespace match", func(t *testing.T) {
filter := filter.New(filter.Rules{Exclude: []string{"default"}}, []string{})
if filter.ValidateNamespace("default") {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Namespace mismatch", func(t *testing.T) {
filter := filter.New(filter.Rules{Exclude: []string{"team-a"}}, []string{})
if !filter.ValidateNamespace("default") {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Include Namespace match", func(t *testing.T) {
filter := filter.New(filter.Rules{Include: []string{"default"}}, []string{})
if !filter.ValidateNamespace("default") {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Namespace mismatch", func(t *testing.T) {
filter := filter.New(filter.Rules{Include: []string{"team-a"}}, []string{})
if filter.ValidateNamespace("default") {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Rule match", func(t *testing.T) {
result := filter.ValidateRule("test", filter.Rules{Exclude: []string{"team-a"}})
if !result {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Rule mismatch", func(t *testing.T) {
result := filter.ValidateRule("test", filter.Rules{Exclude: []string{"test"}})
if result {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Include Rule match", func(t *testing.T) {
result := filter.ValidateRule("test", filter.Rules{Include: []string{"test"}})
if !result {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Include Rule mismatch", func(t *testing.T) {
result := filter.ValidateRule("test", filter.Rules{Include: []string{"team-a"}})
if result {
t.Errorf("Unexpected Validation Result")
}
})
}

6
pkg/filter/model.go
View file

@ -1,6 +0,0 @@
package filter
type Rules struct {
Exclude []string
Include []string
}

4
pkg/kubernetes/policy_report_client.go
View file

@ -21,7 +21,7 @@ type k8sPolicyReportClient struct {
synced bool
mapper Mapper
mx *sync.Mutex
reportFilter report.Filter
reportFilter *report.Filter
}
func (k *k8sPolicyReportClient) HasSynced() bool {
@ -137,7 +137,7 @@ func (k *k8sPolicyReportClient) configureClusterPolicyReport() cache.SharedIndex
}
// NewPolicyReportAdapter new Adapter for Policy Report Kubernetes API
func NewPolicyReportClient(client versioned.Interface, mapper Mapper, reportFilter report.Filter, publisher report.EventPublisher) report.PolicyReportClient {
func NewPolicyReportClient(client versioned.Interface, mapper Mapper, reportFilter *report.Filter, publisher report.EventPublisher) report.PolicyReportClient {
fatcory := externalversions.NewSharedInformerFactory(client, time.Hour)
v1alpha2 := fatcory.Wgpolicyk8s().V1alpha2()

3
pkg/kubernetes/policy_report_client_test.go
View file

@ -8,11 +8,12 @@ import (
"github.com/kyverno/policy-reporter/pkg/kubernetes"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/validate"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
var filter = report.NewFilter(false, make([]string, 0), make([]string, 0))
var filter = report.NewFilter(false, validate.RuleSets{})
func Test_PolicyReportWatcher(t *testing.T) {
ctx := context.Background()

8
pkg/listener/fixture_test.go
View file

@ -63,6 +63,14 @@ var preport2 = report.PolicyReport{
CreationTimestamp: time.Now(),
}
var preport3 = report.PolicyReport{
ID: report.GeneratePolicyReportID("polr-test", "test"),
Name: "polr-test",
Namespace: "test",
Results: []report.Result{},
CreationTimestamp: time.Now(),
}
var creport = report.PolicyReport{
Name: "cpolr-test",
Summary: report.Summary{},

2
pkg/listener/metrics.go
View file

@ -6,7 +6,7 @@ import (
)
// NewMetricsListener for PolicyReport watch.Events
func NewMetricsListener(filter *metrics.Filter) report.PolicyReportListener {
func NewMetricsListener(filter *report.ResultFilter) report.PolicyReportListener {
pCallback := metrics.CreatePolicyReportMetricsListener(filter)
cCallback := metrics.CreateClusterPolicyReportMetricsListener(filter)

2
pkg/listener/metrics/cluster_policy_report.go
View file

@ -18,7 +18,7 @@ var clusterRuleGauge = promauto.NewGaugeVec(prometheus.GaugeOpts{
Help: "List of all ClusterPolicyReport Results",
}, []string{"rule", "policy", "report", "kind", "name", "status", "severity", "category", "source"})
func CreateClusterPolicyReportMetricsListener(filter *Filter) report.PolicyReportListener {
func CreateClusterPolicyReportMetricsListener(filter *report.ResultFilter) report.PolicyReportListener {
prometheus.Register(clusterPolicyGauge)
prometheus.Register(clusterRuleGauge)

4
pkg/listener/metrics/cluster_policy_report_test.go
View file

@ -7,6 +7,7 @@ import (
"github.com/kyverno/policy-reporter/pkg/listener/metrics"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/validate"
"github.com/prometheus/client_golang/prometheus"
ioprometheusclient "github.com/prometheus/client_model/go"
)
@ -33,7 +34,8 @@ func Test_ClusterPolicyReportMetricGeneration(t *testing.T) {
Results: []report.Result{result1, result3},
}
handler := metrics.CreateClusterPolicyReportMetricsListener(&metrics.Filter{Policy: metrics.Rules{Exclude: []string{"disallow-policy"}}})
filter := metrics.NewFilter(validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{Exclude: []string{"disallow-policy"}}, validate.RuleSets{}, validate.RuleSets{})
handler := metrics.CreateClusterPolicyReportMetricsListener(filter)
t.Run("Added Metric", func(t *testing.T) {
handler(report.LifecycleEvent{Type: report.Added, NewPolicyReport: report1, OldPolicyReport: report.PolicyReport{}})

92
pkg/listener/metrics/filter.go
View file

@ -2,64 +2,40 @@ package metrics
import (
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/minio/pkg/wildcard"
"github.com/kyverno/policy-reporter/pkg/validate"
)
type Rules struct {
Exclude []string
Include []string
}
type Filter struct {
Namespace Rules
Status Rules
Policy Rules
Source Rules
Severity Rules
}
func (f *Filter) Validate(result report.Result) bool {
if result.HasResource() &&
result.Resource.Namespace != "" &&
!validateRules(result.Resource.Namespace, f.Namespace) {
return false
}
if !validateRules(result.Status, f.Status) {
return false
}
if !validateRules(result.Policy, f.Policy) {
return false
}
if !validateRules(result.Source, f.Source) {
return false
}
if !validateRules(result.Severity, f.Severity) {
return false
}
return true
}
func validateRules(value string, rules Rules) bool {
if len(rules.Include) > 0 {
for _, rule := range rules.Include {
if wildcard.Match(rule, value) {
return true
}
}
return false
} else if len(rules.Exclude) > 0 {
for _, rule := range rules.Exclude {
if wildcard.Match(rule, value) {
return false
}
}
}
return true
}
func NewFilter(namespace, status, policy, source, severity Rules) *Filter {
return &Filter{namespace, status, policy, source, severity}
func NewFilter(namespace, status, policy, source, severity validate.RuleSets) *report.ResultFilter {
f := &report.ResultFilter{}
if namespace.Count() > 0 {
f.AddValidation(func(r report.Result) bool {
return validate.Namespace(r.Resource.Namespace, namespace)
})
}
if status.Count() > 0 {
f.AddValidation(func(r report.Result) bool {
return validate.MatchRuleSet(r.Status, status)
})
}
if policy.Count() > 0 {
f.AddValidation(func(r report.Result) bool {
return validate.MatchRuleSet(r.Policy, policy)
})
}
if source.Count() > 0 {
f.AddValidation(func(r report.Result) bool {
return validate.MatchRuleSet(r.Source, source)
})
}
if severity.Count() > 0 {
f.AddValidation(func(r report.Result) bool {
return validate.MatchRuleSet(r.Severity, severity)
})
}
return f
}

19
pkg/listener/metrics/filter_test.go
View file

@ -5,66 +5,67 @@ import (
"github.com/kyverno/policy-reporter/pkg/listener/metrics"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/validate"
)
func Test_Vaildate(t *testing.T) {
t.Run("Allow ClusterReport", func(t *testing.T) {
filter := metrics.NewFilter(metrics.Rules{Include: []string{"test"}}, metrics.Rules{}, metrics.Rules{}, metrics.Rules{}, metrics.Rules{})
filter := metrics.NewFilter(validate.RuleSets{Include: []string{"test"}}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{})
if !filter.Validate(result1) {
t.Error("Expected Validate returns true if Report is a ClusterPolicyReport without namespace")
}
})
t.Run("Disallow if Report include not match", func(t *testing.T) {
filter := metrics.NewFilter(metrics.Rules{Include: []string{"dev"}}, metrics.Rules{}, metrics.Rules{}, metrics.Rules{}, metrics.Rules{})
filter := metrics.NewFilter(validate.RuleSets{Include: []string{"dev"}}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{})
if filter.Validate(result1) {
t.Error("Expected Validate returns false if Report namespace not match include rule")
}
})
t.Run("Allow Report with matching include Namespace", func(t *testing.T) {
filter := &metrics.Filter{Namespace: metrics.Rules{Include: []string{"test"}}}
filter := metrics.NewFilter(validate.RuleSets{Include: []string{"test"}}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{})
if !filter.Validate(result1) {
t.Error("Expected Validate returns true if Report namespace matches include pattern")
}
})
t.Run("Disallow Report with matching exclude Namespace", func(t *testing.T) {
filter := &metrics.Filter{Namespace: metrics.Rules{Exclude: []string{"test"}}}
filter := metrics.NewFilter(validate.RuleSets{Exclude: []string{"test"}}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{})
if filter.Validate(result1) {
t.Error("Expected Validate returns false if Report namespace matches exclude pattern")
}
})
t.Run("Ignores exclude pattern if include namespaces provided", func(t *testing.T) {
filter := &metrics.Filter{Namespace: metrics.Rules{Exclude: []string{"test"}, Include: []string{"test"}}}
filter := metrics.NewFilter(validate.RuleSets{Exclude: []string{"test"}, Include: []string{"test"}}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{})
if !filter.Validate(result1) {
t.Error("Expected Validate returns true because exclude patterns ignored if include patterns provided")
}
})
t.Run("Disallow Report with matching exclude Policy", func(t *testing.T) {
filter := &metrics.Filter{Policy: metrics.Rules{Exclude: []string{"require-requests-*"}}}
filter := metrics.NewFilter(validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{Exclude: []string{"require-requests-*"}}, validate.RuleSets{}, validate.RuleSets{})
if filter.Validate(result1) {
t.Error("Expected Validate returns false if Report policy matches exclude pattern")
}
})
t.Run("Disallow Report with matching exclude Status", func(t *testing.T) {
filter := &metrics.Filter{Status: metrics.Rules{Exclude: []string{report.Fail}}}
filter := metrics.NewFilter(validate.RuleSets{}, validate.RuleSets{Exclude: []string{report.Fail}}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{})
if filter.Validate(result1) {
t.Error("Expected Validate returns false if Report status matches exclude pattern")
}
})
t.Run("Disallow Report with matching exclude Severity", func(t *testing.T) {
filter := &metrics.Filter{Severity: metrics.Rules{Exclude: []string{report.High}}}
filter := metrics.NewFilter(validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{Exclude: []string{report.High}})
if filter.Validate(result1) {
t.Error("Expected Validate returns false if Report severity matches exclude pattern")
}
})
t.Run("Disallow Report with matching exclude Source", func(t *testing.T) {
filter := &metrics.Filter{Source: metrics.Rules{Exclude: []string{"Kyverno"}}}
filter := metrics.NewFilter(validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{Exclude: []string{"Kyverno"}}, validate.RuleSets{})
if filter.Validate(result1) {
t.Error("Expected Validate returns false if Report source matches exclude pattern")
}

2
pkg/listener/metrics/policy_report.go
View file

@ -18,7 +18,7 @@ var ruleGauge = promauto.NewGaugeVec(prometheus.GaugeOpts{
Help: "List of all PolicyReport Results",
}, []string{"namespace", "rule", "policy", "report", "kind", "name", "status", "severity", "category", "source"})
func CreatePolicyReportMetricsListener(filter *Filter) report.PolicyReportListener {
func CreatePolicyReportMetricsListener(filter *report.ResultFilter) report.PolicyReportListener {
prometheus.Register(policyGauge)
prometheus.Register(ruleGauge)

4
pkg/listener/metrics/policy_report_test.go
View file

@ -7,6 +7,7 @@ import (
"github.com/kyverno/policy-reporter/pkg/listener/metrics"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/validate"
"github.com/prometheus/client_golang/prometheus"
ioprometheusclient "github.com/prometheus/client_model/go"
)
@ -97,7 +98,8 @@ func Test_PolicyReportMetricGeneration(t *testing.T) {
Results: []report.Result{result1, result3},
}
handler := metrics.CreatePolicyReportMetricsListener(&metrics.Filter{Policy: metrics.Rules{Exclude: []string{"disallow-policy"}}})
filter := metrics.NewFilter(validate.RuleSets{}, validate.RuleSets{}, validate.RuleSets{Exclude: []string{"disallow-policy"}}, validate.RuleSets{}, validate.RuleSets{})
handler := metrics.CreatePolicyReportMetricsListener(filter)
t.Run("Added Metric", func(t *testing.T) {
handler(report.LifecycleEvent{Type: report.Added, NewPolicyReport: report1, OldPolicyReport: report.PolicyReport{}})

3
pkg/listener/metrics_test.go
View file

@ -4,7 +4,6 @@ import (
"testing"
"github.com/kyverno/policy-reporter/pkg/listener"
"github.com/kyverno/policy-reporter/pkg/listener/metrics"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/prometheus/client_golang/prometheus"
@ -12,7 +11,7 @@ import (
)
func Test_MetricsListener(t *testing.T) {
slistener := listener.NewMetricsListener(&metrics.Filter{})
slistener := listener.NewMetricsListener(&report.ResultFilter{})
t.Run("Add ClusterPolicyReport Metric", func(t *testing.T) {
slistener(report.LifecycleEvent{Type: report.Added, NewPolicyReport: creport, OldPolicyReport: report.PolicyReport{}})

2
pkg/listener/new_result_test.go
View file

@ -84,7 +84,7 @@ func Test_ResultListener(t *testing.T) {
called = true
})
slistener.Listen(report.LifecycleEvent{Type: report.Updated, NewPolicyReport: preport2, OldPolicyReport: preport1})
slistener.Listen(report.LifecycleEvent{Type: report.Updated, NewPolicyReport: preport3, OldPolicyReport: preport1})
if called {
t.Error("Expected Listener not be called with empty results")

58
pkg/report/filter.go
View file

@ -1,44 +1,48 @@
package report
import "github.com/minio/pkg/wildcard"
import (
"github.com/kyverno/policy-reporter/pkg/validate"
)
type Filter interface {
DisableClusterReports() bool
AllowReport(report PolicyReport) bool
}
type filter struct {
type Filter struct {
disbaleClusterReports bool
includeNamespaces []string
excludeNamespaces []string
namespace validate.RuleSets
}
func (f *filter) DisableClusterReports() bool {
func (f *Filter) DisableClusterReports() bool {
return f.disbaleClusterReports
}
func (f *filter) AllowReport(report PolicyReport) bool {
if report.Namespace == "" {
return true
} else if len(f.includeNamespaces) > 0 {
for _, ns := range f.includeNamespaces {
if wildcard.Match(ns, report.Namespace) {
return true
}
}
func (f *Filter) AllowReport(report PolicyReport) bool {
return validate.Namespace(report.Namespace, f.namespace)
}
return false
} else if len(f.excludeNamespaces) > 0 {
for _, ns := range f.excludeNamespaces {
if wildcard.Match(ns, report.Namespace) {
return false
}
func NewFilter(disableClusterReports bool, namespace validate.RuleSets) *Filter {
return &Filter{disableClusterReports, namespace}
}
type ResultValidation = func(Result) bool
type ResultFilter struct {
validations []ResultValidation
Sources []string
MinimumPriority string
}
func (rf *ResultFilter) AddValidation(v ResultValidation) {
rf.validations = append(rf.validations, v)
}
func (rf *ResultFilter) Validate(result Result) bool {
for _, validation := range rf.validations {
if !validation(result) {
return false
}
}
return true
}
func NewFilter(disableClusterReports bool, includeNamespaces []string, excludeNamespaces []string) Filter {
return &filter{disableClusterReports, includeNamespaces, excludeNamespaces}
func NewResultFilter() *ResultFilter {
return &ResultFilter{}
}

31
pkg/report/filter_test.go
View file

@ -4,10 +4,11 @@ import (
"testing"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/validate"
)
func Test_DisableClusterReports(t *testing.T) {
filter := report.NewFilter(true, make([]string, 0), make([]string, 0))
filter := report.NewFilter(true, validate.RuleSets{})
if !filter.DisableClusterReports() {
t.Error("Expected EnableClusterReports to return true as configured")
@ -15,44 +16,60 @@ func Test_DisableClusterReports(t *testing.T) {
}
func Test_AllowReport(t *testing.T) {
t.Run("Allow ClusterReport", func(t *testing.T) {
filter := report.NewFilter(true, make([]string, 0), []string{"*"})
filter := report.NewFilter(true, validate.RuleSets{Exclude: []string{"*"}})
if !filter.AllowReport(creport) {
t.Error("Expected AllowReport returns true if Report is a ClusterPolicyReport without namespace")
}
})
t.Run("Allow Report with matching include Namespace", func(t *testing.T) {
filter := report.NewFilter(true, []string{"patch", "te*"}, []string{})
filter := report.NewFilter(true, validate.RuleSets{Include: []string{"patch", "te*"}})
if !filter.AllowReport(preport) {
t.Error("Expected AllowReport returns true if Report namespace matches include pattern")
}
})
t.Run("Disallow Report with matching exclude Namespace", func(t *testing.T) {
filter := report.NewFilter(true, []string{}, []string{"patch", "te*"})
filter := report.NewFilter(true, validate.RuleSets{Exclude: []string{"patch", "te*"}})
if filter.AllowReport(preport) {
t.Error("Expected AllowReport returns false if Report namespace matches exclude pattern")
}
})
t.Run("Ignores exclude pattern if include namespaces provided", func(t *testing.T) {
filter := report.NewFilter(true, []string{"*"}, []string{"te*"})
filter := report.NewFilter(true, validate.RuleSets{Include: []string{"*"}, Exclude: []string{"te*"}})
if !filter.AllowReport(preport) {
t.Error("Expected AllowReport returns true because exclude patterns ignored if include patterns provided")
}
})
t.Run("Allow Report when no configuration exists", func(t *testing.T) {
filter := report.NewFilter(true, []string{}, []string{})
filter := report.NewFilter(true, validate.RuleSets{})
if !filter.AllowReport(preport) {
t.Error("Expected AllowReport returns true if no namespace patterns configured")
}
})
t.Run("Disallow Report if no include namespace matches", func(t *testing.T) {
filter := report.NewFilter(true, []string{"patch", "dev"}, []string{})
filter := report.NewFilter(true, validate.RuleSets{Include: []string{"patch", "dev"}})
if filter.AllowReport(preport) {
t.Error("Expected AllowReport returns false if no namespace pattern matches")
}
})
}
func Test_ResultFilter(t *testing.T) {
t.Run("don't filter any result without validations", func(t *testing.T) {
filter := report.NewResultFilter()
if !filter.Validate(result1) {
t.Error("Expected result validates to true")
}
})
t.Run("filter result with a false validation", func(t *testing.T) {
filter := report.NewResultFilter()
filter.AddValidation(func(r report.Result) bool { return false })
if filter.Validate(result1) {
t.Error("Expected result validates to false")
}
})
}

77
pkg/target/client.go
View file

@ -1,9 +1,9 @@
package target
import (
"github.com/kyverno/policy-reporter/pkg/filter"
"github.com/kyverno/policy-reporter/pkg/helper"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/validate"
)
// Client for a provided Target
@ -22,69 +22,48 @@ type Client interface {
Sources() []string
}
type Rules struct {
Exclude []string
Include []string
}
func NewClientFilter(namespace, priority, policy validate.RuleSets, minimumPriority string, sources []string) *report.ResultFilter {
f := report.NewResultFilter()
f.Sources = sources
f.MinimumPriority = minimumPriority
type Filter struct {
Namespace filter.Rules
Priority filter.Rules
Policy filter.Rules
MinimumPriority string
Sources []string
}
func (f *Filter) Validate(result report.Result) bool {
if len(f.Sources) > 0 && !helper.Contains(result.Source, f.Sources) {
return false
if len(sources) > 0 {
f.AddValidation(func(r report.Result) bool {
return helper.Contains(r.Source, sources)
})
}
if result.Priority < report.NewPriority(f.MinimumPriority) {
return false
if namespace.Count() > 0 {
f.AddValidation(func(r report.Result) bool {
return validate.Namespace(r.Resource.Namespace, namespace)
})
}
if !f.validateNamespaceRules(result) {
return false
if minimumPriority != "" {
f.AddValidation(func(r report.Result) bool {
return r.Priority >= report.NewPriority(f.MinimumPriority)
})
}
if !f.validatePolicyRules(result) {
return false
if policy.Count() > 0 {
f.AddValidation(func(r report.Result) bool {
return validate.MatchRuleSet(r.Policy, policy)
})
}
if !f.validatePriorityRules(result) {
return false
if priority.Count() > 0 {
f.AddValidation(func(r report.Result) bool {
return validate.ContainsRuleSet(r.Priority.String(), priority)
})
}
return true
}
func (f *Filter) validateNamespaceRules(result report.Result) bool {
if !result.HasResource() {
return true
}
return filter.ValidateNamespace(result.Resource.Namespace, f.Namespace)
}
func (f *Filter) validatePolicyRules(result report.Result) bool {
return filter.ValidateRule(result.Policy, f.Policy)
}
func (f *Filter) validatePriorityRules(result report.Result) bool {
if len(f.Priority.Include) > 0 {
return helper.Contains(result.Priority.String(), f.Priority.Include)
} else if len(f.Priority.Exclude) > 0 && helper.Contains(result.Priority.String(), f.Priority.Exclude) {
return false
}
return true
return f
}
type BaseClient struct {
name string
skipExistingOnStartup bool
filter *Filter
filter *report.ResultFilter
}
func (c *BaseClient) Name() string {
@ -107,6 +86,6 @@ func (c *BaseClient) SkipExistingOnStartup() bool {
return c.skipExistingOnStartup
}
func NewBaseClient(name string, skipExistingOnStartup bool, filter *Filter) BaseClient {
func NewBaseClient(name string, skipExistingOnStartup bool, filter *report.ResultFilter) BaseClient {
return BaseClient{name, skipExistingOnStartup, filter}
}

147
pkg/target/client_test.go
View file

@ -3,9 +3,9 @@ package target_test
import (
"testing"
"github.com/kyverno/policy-reporter/pkg/filter"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/target"
"github.com/kyverno/policy-reporter/pkg/validate"
)
var result = report.Result{
@ -40,22 +40,27 @@ var result2 = report.Result{
}
func Test_BaseClient(t *testing.T) {
t.Run("Validate Default", func(t *testing.T) {
filter := &target.Filter{}
if !filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate MinimumPriority", func(t *testing.T) {
filter := &target.Filter{MinimumPriority: "error"}
filter := target.NewClientFilter(
validate.RuleSets{},
validate.RuleSets{},
validate.RuleSets{},
"error",
make([]string, 0),
)
if filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Source", func(t *testing.T) {
filter := &target.Filter{Sources: []string{"jsPolicy"}}
filter := target.NewClientFilter(
validate.RuleSets{},
validate.RuleSets{},
validate.RuleSets{},
"",
[]string{"jsPolicy"},
)
if filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
@ -63,7 +68,13 @@ func Test_BaseClient(t *testing.T) {
})
t.Run("Validate ClusterResult", func(t *testing.T) {
filter := &target.Filter{Namespace: filter.Rules{Include: []string{"default"}}}
filter := target.NewClientFilter(
validate.RuleSets{Include: []string{"default"}},
validate.RuleSets{},
validate.RuleSets{},
"",
make([]string, 0),
)
if !filter.Validate(result2) {
t.Errorf("Unexpected Validation Result")
@ -71,28 +82,52 @@ func Test_BaseClient(t *testing.T) {
})
t.Run("Validate Exclude Namespace match", func(t *testing.T) {
filter := &target.Filter{Namespace: filter.Rules{Exclude: []string{"default"}}}
filter := target.NewClientFilter(
validate.RuleSets{Exclude: []string{"default"}},
validate.RuleSets{},
validate.RuleSets{},
"",
make([]string, 0),
)
if filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Namespace mismatch", func(t *testing.T) {
filter := &target.Filter{Namespace: filter.Rules{Exclude: []string{"team-a"}}}
filter := target.NewClientFilter(
validate.RuleSets{Exclude: []string{"team-a"}},
validate.RuleSets{},
validate.RuleSets{},
"",
make([]string, 0),
)
if !filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Include Namespace match", func(t *testing.T) {
filter := &target.Filter{Namespace: filter.Rules{Include: []string{"default"}}}
filter := target.NewClientFilter(
validate.RuleSets{Include: []string{"default"}},
validate.RuleSets{},
validate.RuleSets{},
"",
make([]string, 0),
)
if !filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Namespace mismatch", func(t *testing.T) {
filter := &target.Filter{Namespace: filter.Rules{Include: []string{"team-a"}}}
filter := target.NewClientFilter(
validate.RuleSets{Include: []string{"team-a"}},
validate.RuleSets{},
validate.RuleSets{},
"",
make([]string, 0),
)
if filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
@ -100,28 +135,52 @@ func Test_BaseClient(t *testing.T) {
})
t.Run("Validate Exclude Priority match", func(t *testing.T) {
filter := &target.Filter{Priority: filter.Rules{Exclude: []string{report.WarningPriority.String()}}}
filter := target.NewClientFilter(
validate.RuleSets{},
validate.RuleSets{Exclude: []string{report.WarningPriority.String()}},
validate.RuleSets{},
"",
make([]string, 0),
)
if filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Priority mismatch", func(t *testing.T) {
filter := &target.Filter{Priority: filter.Rules{Exclude: []string{report.ErrorPriority.String()}}}
filter := target.NewClientFilter(
validate.RuleSets{},
validate.RuleSets{Exclude: []string{report.ErrorPriority.String()}},
validate.RuleSets{},
"",
make([]string, 0),
)
if !filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Include Priority match", func(t *testing.T) {
filter := &target.Filter{Priority: filter.Rules{Include: []string{report.WarningPriority.String()}}}
filter := target.NewClientFilter(
validate.RuleSets{},
validate.RuleSets{Include: []string{report.WarningPriority.String()}},
validate.RuleSets{},
"",
make([]string, 0),
)
if !filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Priority mismatch", func(t *testing.T) {
filter := &target.Filter{Priority: filter.Rules{Include: []string{report.ErrorPriority.String()}}}
filter := target.NewClientFilter(
validate.RuleSets{},
validate.RuleSets{Include: []string{report.ErrorPriority.String()}},
validate.RuleSets{},
"",
make([]string, 0),
)
if filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
@ -129,28 +188,52 @@ func Test_BaseClient(t *testing.T) {
})
t.Run("Validate Exclude Policy match", func(t *testing.T) {
filter := &target.Filter{Policy: filter.Rules{Exclude: []string{"require-requests-and-limits-required"}}}
filter := target.NewClientFilter(
validate.RuleSets{},
validate.RuleSets{},
validate.RuleSets{Exclude: []string{"require-requests-and-limits-required"}},
"",
make([]string, 0),
)
if filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Policy mismatch", func(t *testing.T) {
filter := &target.Filter{Policy: filter.Rules{Exclude: []string{"policy-test"}}}
filter := target.NewClientFilter(
validate.RuleSets{},
validate.RuleSets{},
validate.RuleSets{Exclude: []string{"policy-test"}},
"",
make([]string, 0),
)
if !filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Include Policy match", func(t *testing.T) {
filter := &target.Filter{Policy: filter.Rules{Include: []string{"require-requests-and-limits-required"}}}
filter := target.NewClientFilter(
validate.RuleSets{},
validate.RuleSets{},
validate.RuleSets{Include: []string{"require-requests-and-limits-required"}},
"",
make([]string, 0),
)
if !filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Policy mismatch", func(t *testing.T) {
filter := &target.Filter{Policy: filter.Rules{Include: []string{"policy-test"}}}
filter := target.NewClientFilter(
validate.RuleSets{},
validate.RuleSets{},
validate.RuleSets{Include: []string{"policy-test"}},
"",
make([]string, 0),
)
if filter.Validate(result) {
t.Errorf("Unexpected Validation Result")
@ -158,35 +241,43 @@ func Test_BaseClient(t *testing.T) {
})
t.Run("Client Validation", func(t *testing.T) {
client := target.NewBaseClient("Client", true, &target.Filter{Sources: []string{"jsPolicy"}})
filter := target.NewClientFilter(
validate.RuleSets{},
validate.RuleSets{},
validate.RuleSets{Include: []string{"policy-test"}},
"",
[]string{"jsPolicy"},
)
client := target.NewBaseClient("Client", true, filter)
if client.Validate(result) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("SkipExistingOnStartup", func(t *testing.T) {
client := target.NewBaseClient("Client", true, &target.Filter{})
client := target.NewBaseClient("Client", true, &report.ResultFilter{})
if !client.SkipExistingOnStartup() {
t.Error("Should return configured SkipExistingOnStartup")
}
})
t.Run("MinimumPriority", func(t *testing.T) {
client := target.NewBaseClient("Client", true, &target.Filter{MinimumPriority: "error"})
client := target.NewBaseClient("Client", true, &report.ResultFilter{MinimumPriority: "error"})
if client.MinimumPriority() != "error" {
t.Error("Should return configured MinimumPriority")
}
})
t.Run("Name", func(t *testing.T) {
client := target.NewBaseClient("Client", true, &target.Filter{MinimumPriority: "error"})
client := target.NewBaseClient("Client", true, &report.ResultFilter{MinimumPriority: "error"})
if client.Name() != "Client" {
t.Error("Should return configured Name")
}
})
t.Run("Sources", func(t *testing.T) {
client := target.NewBaseClient("Client", true, &target.Filter{Sources: []string{"Kyverno"}})
client := target.NewBaseClient("Client", true, &report.ResultFilter{Sources: []string{"Kyverno"}})
if len(client.Sources()) != 1 {
t.Fatal("Unexpected length of Sources")

2
pkg/target/discord/discord.go
View file

@ -100,7 +100,7 @@ func (d *client) Send(result report.Result) {
}
// NewClient creates a new loki.client to send Results to Discord
func NewClient(name, webhook string, skipExistingOnStartup bool, filter *target.Filter, httpClient http.Client) target.Client {
func NewClient(name, webhook string, skipExistingOnStartup bool, filter *report.ResultFilter, httpClient http.Client) target.Client {
return &client{
target.NewBaseClient(name, skipExistingOnStartup, filter),
webhook,

7
pkg/target/discord/discord_test.go
View file

@ -6,7 +6,6 @@ import (
"time"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/target"
"github.com/kyverno/policy-reporter/pkg/target/discord"
)
@ -68,7 +67,7 @@ func Test_LokiTarget(t *testing.T) {
}
}
client := discord.NewClient("Discord", "http://hook.discord:80", false, &target.Filter{}, testClient{callback, 200})
client := discord.NewClient("Discord", "http://hook.discord:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(completeResult)
})
@ -87,11 +86,11 @@ func Test_LokiTarget(t *testing.T) {
}
}
client := discord.NewClient("Discord", "http://hook.discord:80", false, &target.Filter{}, testClient{callback, 200})
client := discord.NewClient("Discord", "http://hook.discord:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(minimalResult)
})
t.Run("Name", func(t *testing.T) {
client := discord.NewClient("Discord", "http://localhost:9200", true, &target.Filter{}, testClient{})
client := discord.NewClient("Discord", "http://localhost:9200", true, &report.ResultFilter{}, testClient{})
if client.Name() != "Discord" {
t.Errorf("Unexpected Name %s", client.Name())

2
pkg/target/elasticsearch/elasticsearch.go
View file

@ -50,7 +50,7 @@ func (e *client) Send(result report.Result) {
}
// NewClient creates a new loki.client to send Results to Elasticsearch
func NewClient(name, host, index, rotation string, skipExistingOnStartup bool, filter *target.Filter, httpClient http.Client) target.Client {
func NewClient(name, host, index, rotation string, skipExistingOnStartup bool, filter *report.ResultFilter, httpClient http.Client) target.Client {
return &client{
target.NewBaseClient(name, skipExistingOnStartup, filter),
host,

11
pkg/target/elasticsearch/elasticsearch_test.go
View file

@ -6,7 +6,6 @@ import (
"time"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/target"
"github.com/kyverno/policy-reporter/pkg/target/elasticsearch"
)
@ -60,7 +59,7 @@ func Test_ElasticsearchTarget(t *testing.T) {
}
}
client := elasticsearch.NewClient("Elasticsearch", "http://localhost:9200", "policy-reporter", "annually", false, &target.Filter{}, testClient{callback, 200})
client := elasticsearch.NewClient("Elasticsearch", "http://localhost:9200", "policy-reporter", "annually", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(completeResult)
})
t.Run("Send with Monthly Result", func(t *testing.T) {
@ -70,7 +69,7 @@ func Test_ElasticsearchTarget(t *testing.T) {
}
}
client := elasticsearch.NewClient("Elasticsearch", "http://localhost:9200", "policy-reporter", "monthly", false, &target.Filter{}, testClient{callback, 200})
client := elasticsearch.NewClient("Elasticsearch", "http://localhost:9200", "policy-reporter", "monthly", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(completeResult)
})
t.Run("Send with Monthly Result", func(t *testing.T) {
@ -80,7 +79,7 @@ func Test_ElasticsearchTarget(t *testing.T) {
}
}
client := elasticsearch.NewClient("Elasticsearch", "http://localhost:9200", "policy-reporter", "daily", false, &target.Filter{}, testClient{callback, 200})
client := elasticsearch.NewClient("Elasticsearch", "http://localhost:9200", "policy-reporter", "daily", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(completeResult)
})
t.Run("Send with None Result", func(t *testing.T) {
@ -90,11 +89,11 @@ func Test_ElasticsearchTarget(t *testing.T) {
}
}
client := elasticsearch.NewClient("Elasticsearch", "http://localhost:9200", "policy-reporter", "none", false, &target.Filter{}, testClient{callback, 200})
client := elasticsearch.NewClient("Elasticsearch", "http://localhost:9200", "policy-reporter", "none", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(completeResult)
})
t.Run("Name", func(t *testing.T) {
client := elasticsearch.NewClient("Elasticsearch", "http://localhost:9200", "policy-reporter", "none", true, &target.Filter{}, testClient{})
client := elasticsearch.NewClient("Elasticsearch", "http://localhost:9200", "policy-reporter", "none", true, &report.ResultFilter{}, testClient{})
if client.Name() != "Elasticsearch" {
t.Errorf("Unexpected Name %s", client.Name())

2
pkg/target/kinesis/kinesis.go
View file

@ -36,7 +36,7 @@ func (c *client) Send(result report.Result) {
}
// NewClient creates a new Kinesis.client to send Results to AWS Kinesis compatible source
func NewClient(name string, kinesis helper.AWSClient, skipExistingOnStartup bool, filter *target.Filter) target.Client {
func NewClient(name string, kinesis helper.AWSClient, skipExistingOnStartup bool, filter *report.ResultFilter) target.Client {
return &client{
target.NewBaseClient(name, skipExistingOnStartup, filter),
kinesis,

5
pkg/target/kinesis/kinesis_test.go
View file

@ -6,7 +6,6 @@ import (
"testing"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/target"
"github.com/kyverno/policy-reporter/pkg/target/kinesis"
)
@ -57,11 +56,11 @@ func Test_KinesisTarget(t *testing.T) {
}
}
client := kinesis.NewClient("Kinesis", &testClient{nil, callback}, true, &target.Filter{})
client := kinesis.NewClient("Kinesis", &testClient{nil, callback}, true, &report.ResultFilter{})
client.Send(completeResult)
})
t.Run("Name", func(t *testing.T) {
client := kinesis.NewClient("Kinesis", &testClient{nil, testCallback}, false, &target.Filter{})
client := kinesis.NewClient("Kinesis", &testClient{nil, testCallback}, false, &report.ResultFilter{})
if client.Name() != "Kinesis" {
t.Errorf("Unexpected Name %s", client.Name())

2
pkg/target/loki/loki.go
View file

@ -98,7 +98,7 @@ func (l *client) Send(result report.Result) {
}
// NewClient creates a new loki.client to send Results to Loki
func NewClient(name, host string, skipExistingOnStartup bool, filter *target.Filter, customLabels map[string]string, httpClient http.Client) target.Client {
func NewClient(name, host string, skipExistingOnStartup bool, filter *report.ResultFilter, customLabels map[string]string, httpClient http.Client) target.Client {
return &client{
target.NewBaseClient(name, skipExistingOnStartup, filter),
host + "/api/prom/push",

7
pkg/target/loki/loki_test.go
View file

@ -9,7 +9,6 @@ import (
"time"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/target"
"github.com/kyverno/policy-reporter/pkg/target/loki"
)
@ -118,7 +117,7 @@ func Test_LokiTarget(t *testing.T) {
}
}
loki := loki.NewClient("Loki", "http://localhost:3100", false, &target.Filter{}, map[string]string{"custom": "label"}, testClient{callback, 200})
loki := loki.NewClient("Loki", "http://localhost:3100", false, &report.ResultFilter{}, map[string]string{"custom": "label"}, testClient{callback, 200})
loki.Send(completeResult)
})
@ -176,11 +175,11 @@ func Test_LokiTarget(t *testing.T) {
}
}
loki := loki.NewClient("Loki", "http://localhost:3100", false, &target.Filter{}, make(map[string]string), testClient{callback, 200})
loki := loki.NewClient("Loki", "http://localhost:3100", false, &report.ResultFilter{}, make(map[string]string), testClient{callback, 200})
loki.Send(minimalResult)
})
t.Run("Name", func(t *testing.T) {
client := loki.NewClient("Loki", "http://localhost:9200", true, &target.Filter{}, make(map[string]string), testClient{})
client := loki.NewClient("Loki", "http://localhost:9200", true, &report.ResultFilter{}, make(map[string]string), testClient{})
if client.Name() != "Loki" {
t.Errorf("Unexpected Name %s", client.Name())

2
pkg/target/s3/s3.go
View file

@ -37,7 +37,7 @@ func (c *client) Send(result report.Result) {
}
// NewClient creates a new S3.client to send Results to S3. It doesnt' work right now
func NewClient(name string, s3 helper.AWSClient, prefix string, skipExistingOnStartup bool, filter *target.Filter) target.Client {
func NewClient(name string, s3 helper.AWSClient, prefix string, skipExistingOnStartup bool, filter *report.ResultFilter) target.Client {
return &client{
target.NewBaseClient(name, skipExistingOnStartup, filter),
s3,

5
pkg/target/s3/s3_test.go
View file

@ -6,7 +6,6 @@ import (
"testing"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/target"
"github.com/kyverno/policy-reporter/pkg/target/s3"
)
@ -53,11 +52,11 @@ func Test_S3Target(t *testing.T) {
}
}
client := s3.NewClient("S3", &testClient{nil, callback}, "", true, &target.Filter{})
client := s3.NewClient("S3", &testClient{nil, callback}, "", true, &report.ResultFilter{})
client.Send(completeResult)
})
t.Run("Name", func(t *testing.T) {
client := s3.NewClient("S3", &testClient{nil, testCallback}, "", false, &target.Filter{})
client := s3.NewClient("S3", &testClient{nil, testCallback}, "", false, &report.ResultFilter{})
if client.Name() != "S3" {
t.Errorf("Unexpected Name %s", client.Name())

2
pkg/target/slack/slack.go
View file

@ -185,7 +185,7 @@ func (s *client) Send(result report.Result) {
}
// NewClient creates a new slack.client to send Results to Slack
func NewClient(name, host string, skipExistingOnStartup bool, filter *target.Filter, httpClient http.Client) target.Client {
func NewClient(name, host string, skipExistingOnStartup bool, filter *report.ResultFilter, httpClient http.Client) target.Client {
return &client{
target.NewBaseClient(name, skipExistingOnStartup, filter),
host,

13
pkg/target/slack/slack_test.go
View file

@ -6,7 +6,6 @@ import (
"time"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/target"
"github.com/kyverno/policy-reporter/pkg/target/slack"
)
@ -131,7 +130,7 @@ func Test_SlackTarget(t *testing.T) {
}
}
client := slack.NewClient("Teams", "http://hook.slack:80", false, &target.Filter{}, testClient{callback, 200})
client := slack.NewClient("Teams", "http://hook.slack:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(completeResult)
})
@ -150,7 +149,7 @@ func Test_SlackTarget(t *testing.T) {
}
}
client := slack.NewClient("Slack", "http://hook.slack:80", false, &target.Filter{}, testClient{callback, 200})
client := slack.NewClient("Slack", "http://hook.slack:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(minimalResult)
})
@ -169,7 +168,7 @@ func Test_SlackTarget(t *testing.T) {
}
}
client := slack.NewClient("Slack", "http://hook.slack:80", false, &target.Filter{}, testClient{callback, 200})
client := slack.NewClient("Slack", "http://hook.slack:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(enforceResult)
})
@ -188,7 +187,7 @@ func Test_SlackTarget(t *testing.T) {
}
}
client := slack.NewClient("Slack", "http://hook.slack:80", false, &target.Filter{}, testClient{callback, 200})
client := slack.NewClient("Slack", "http://hook.slack:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(incompleteResult)
})
@ -207,12 +206,12 @@ func Test_SlackTarget(t *testing.T) {
}
}
client := slack.NewClient("Slack", "http://hook.slack:80", false, &target.Filter{}, testClient{callback, 200})
client := slack.NewClient("Slack", "http://hook.slack:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(incompleteResult2)
})
t.Run("Name", func(t *testing.T) {
client := slack.NewClient("Slack", "http://localhost:9200", true, &target.Filter{}, testClient{})
client := slack.NewClient("Slack", "http://localhost:9200", true, &report.ResultFilter{}, testClient{})
if client.Name() != "Slack" {
t.Errorf("Unexpected Name %s", client.Name())

2
pkg/target/teams/teams.go
View file

@ -114,7 +114,7 @@ func (s *client) Send(result report.Result) {
}
// NewClient creates a new teams.client to send Results to MS Teams
func NewClient(name, host string, skipExistingOnStartup bool, filter *target.Filter, httpClient http.Client) target.Client {
func NewClient(name, host string, skipExistingOnStartup bool, filter *report.ResultFilter, httpClient http.Client) target.Client {
return &client{
target.NewBaseClient(name, skipExistingOnStartup, filter),
host,

13
pkg/target/teams/teams_test.go
View file

@ -7,7 +7,6 @@ import (
"time"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/target"
"github.com/kyverno/policy-reporter/pkg/target/teams"
)
@ -104,7 +103,7 @@ func Test_TeamsTarget(t *testing.T) {
}
}
client := teams.NewClient("Teams", "http://hook.teams:80", false, &target.Filter{}, testClient{callback, 200})
client := teams.NewClient("Teams", "http://hook.teams:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(completeResult)
})
@ -134,7 +133,7 @@ func Test_TeamsTarget(t *testing.T) {
}
}
client := teams.NewClient("Teams", "http://hook.teams:80", false, &target.Filter{}, testClient{callback, 200})
client := teams.NewClient("Teams", "http://hook.teams:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(minimalResult)
})
t.Run("Send Minimal InfoResult", func(t *testing.T) {
@ -151,7 +150,7 @@ func Test_TeamsTarget(t *testing.T) {
}
}
client := teams.NewClient("Teams", "http://hook.teams:80", false, &target.Filter{}, testClient{callback, 200})
client := teams.NewClient("Teams", "http://hook.teams:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(minimalInfoResult)
})
t.Run("Send Minimal ErrorResult", func(t *testing.T) {
@ -168,7 +167,7 @@ func Test_TeamsTarget(t *testing.T) {
}
}
client := teams.NewClient("Teams", "http://hook.teams:80", false, &target.Filter{}, testClient{callback, 200})
client := teams.NewClient("Teams", "http://hook.teams:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(minimalErrorResult)
})
t.Run("Send Minimal Debug Result", func(t *testing.T) {
@ -197,11 +196,11 @@ func Test_TeamsTarget(t *testing.T) {
}
}
client := teams.NewClient("Teams", "http://hook.teams:80", false, &target.Filter{}, testClient{callback, 200})
client := teams.NewClient("Teams", "http://hook.teams:80", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(minimalDebugResult)
})
t.Run("Name", func(t *testing.T) {
client := teams.NewClient("Teams", "http://localhost:9200", true, &target.Filter{}, testClient{})
client := teams.NewClient("Teams", "http://localhost:9200", true, &report.ResultFilter{}, testClient{})
if client.Name() != "Teams" {
t.Errorf("Unexpected Name %s", client.Name())

2
pkg/target/ui/ui.go
View file

@ -23,7 +23,7 @@ func (e *client) Send(result report.Result) {
}
// NewClient creates a new loki.client to send Results to Elasticsearch
func NewClient(name, host string, skipExistingOnStartup bool, filter *target.Filter, httpClient http.Client) target.Client {
func NewClient(name, host string, skipExistingOnStartup bool, filter *report.ResultFilter, httpClient http.Client) target.Client {
return &client{
target.NewBaseClient(name, skipExistingOnStartup, filter),
host + "/api/push",

5
pkg/target/ui/ui_test.go
View file

@ -5,7 +5,6 @@ import (
"testing"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/target"
"github.com/kyverno/policy-reporter/pkg/target/ui"
)
@ -56,11 +55,11 @@ func Test_UITarget(t *testing.T) {
}
}
client := ui.NewClient("UI", "http://localhost:8080", false, &target.Filter{}, testClient{callback, 200})
client := ui.NewClient("UI", "http://localhost:8080", false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(completeResult)
})
t.Run("Name", func(t *testing.T) {
client := ui.NewClient("UI", "http://localhost:8080", false, &target.Filter{}, testClient{})
client := ui.NewClient("UI", "http://localhost:8080", false, &report.ResultFilter{}, testClient{})
if client.Name() != "UI" {
t.Errorf("Unexpected Name %s", client.Name())

2
pkg/target/webhook/webhook.go
View file

@ -28,7 +28,7 @@ func (e *client) Send(result report.Result) {
}
// NewClient creates a new loki.client to send Results to Elasticsearch
func NewClient(name, host string, headers map[string]string, skipExistingOnStartup bool, filter *target.Filter, httpClient http.Client) target.Client {
func NewClient(name, host string, headers map[string]string, skipExistingOnStartup bool, filter *report.ResultFilter, httpClient http.Client) target.Client {
return &client{
target.NewBaseClient(name, skipExistingOnStartup, filter),
host,

5
pkg/target/webhook/webhook_test.go
View file

@ -7,7 +7,6 @@ import (
"testing"
"github.com/kyverno/policy-reporter/pkg/report"
"github.com/kyverno/policy-reporter/pkg/target"
"github.com/kyverno/policy-reporter/pkg/target/webhook"
)
@ -65,11 +64,11 @@ func Test_UITarget(t *testing.T) {
return nil
}
client := webhook.NewClient("HTTP", "http://localhost:8080/webhook", map[string]string{"X-Code": "1234"}, false, &target.Filter{}, testClient{callback, 200})
client := webhook.NewClient("HTTP", "http://localhost:8080/webhook", map[string]string{"X-Code": "1234"}, false, &report.ResultFilter{}, testClient{callback, 200})
client.Send(completeResult)
})
t.Run("Name", func(t *testing.T) {
client := webhook.NewClient("HTTP", "http://localhost:8080/webhook", map[string]string{"X-Code": "1234"}, false, &target.Filter{}, testClient{})
client := webhook.NewClient("HTTP", "http://localhost:8080/webhook", map[string]string{"X-Code": "1234"}, false, &report.ResultFilter{}, testClient{})
if client.Name() != "HTTP" {
t.Errorf("Unexpected Name %s", client.Name())

10
pkg/validate/model.go Normal file
View file

@ -0,0 +1,10 @@
package validate
type RuleSets struct {
Exclude []string
Include []string
}
func (r RuleSets) Count() int {
return len(r.Exclude) + len(r.Include)
}

33
pkg/filter/filter.go → pkg/validate/validate.go
View file

@ -1,28 +1,11 @@
package filter
package validate
import (
"github.com/kyverno/go-wildcard"
"github.com/kyverno/policy-reporter/pkg/helper"
)
type Filter struct {
namespace Rules
sources []string
}
func (f Filter) ValidateSource(source string) bool {
return ValidateSource(source, f.sources)
}
func (f Filter) ValidateNamespace(namespace string) bool {
return ValidateNamespace(namespace, f.namespace)
}
func New(namespaces Rules, sources []string) Filter {
return Filter{namespaces, sources}
}
func ValidateNamespace(namespace string, namespaces Rules) bool {
func Namespace(namespace string, namespaces RuleSets) bool {
if namespace != "" && len(namespaces.Include) > 0 {
for _, ns := range namespaces.Include {
if wildcard.Match(ns, namespace) {
@ -42,7 +25,7 @@ func ValidateNamespace(namespace string, namespaces Rules) bool {
return true
}
func ValidateRule(value string, rules Rules) bool {
func MatchRuleSet(value string, rules RuleSets) bool {
if len(rules.Include) > 0 {
for _, ns := range rules.Include {
if wildcard.Match(ns, value) {
@ -62,6 +45,12 @@ func ValidateRule(value string, rules Rules) bool {
return true
}
func ValidateSource(source string, sources []string) bool {
return len(sources) == 0 || helper.Contains(source, sources)
func ContainsRuleSet(value string, rules RuleSets) bool {
if len(rules.Include) > 0 {
return helper.Contains(value, rules.Include)
} else if len(rules.Exclude) > 0 && helper.Contains(value, rules.Exclude) {
return false
}
return true
}

98
pkg/validate/validate_test.go Normal file
View file

@ -0,0 +1,98 @@
package validate_test
import (
"testing"
"github.com/kyverno/policy-reporter/pkg/validate"
)
func Test_Validations(t *testing.T) {
t.Run("Validate Source", func(t *testing.T) {
if validate.ContainsRuleSet("test", validate.RuleSets{Include: []string{"jsPolicy"}}) {
t.Errorf("Unexpected Validation Result")
}
if !validate.ContainsRuleSet("jsPolicy", validate.RuleSets{Include: []string{"jsPolicy"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Namespace Exclude Namespace match", func(t *testing.T) {
if validate.Namespace("default", validate.RuleSets{Exclude: []string{"default"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Validate Exclude Namespace mismatch", func(t *testing.T) {
if !validate.Namespace("default", validate.RuleSets{Exclude: []string{"team-a"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Namespace Include Namespace match", func(t *testing.T) {
if !validate.Namespace("default", validate.RuleSets{Include: []string{"def*"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("Namespace Include Namespace mismatch", func(t *testing.T) {
if validate.Namespace("default", validate.RuleSets{Include: []string{"team-a"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("MatchRuleSet Exclude Rule match", func(t *testing.T) {
if !validate.MatchRuleSet("test", validate.RuleSets{Exclude: []string{"team-a"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("MatchRuleSet Exclude Rule mismatch", func(t *testing.T) {
if validate.MatchRuleSet("test", validate.RuleSets{Exclude: []string{"test"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("MatchRuleSet Include Rule match", func(t *testing.T) {
if !validate.MatchRuleSet("test", validate.RuleSets{Include: []string{"test"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("MatchRuleSet Include Rule mismatch", func(t *testing.T) {
if validate.MatchRuleSet("test", validate.RuleSets{Include: []string{"team-a"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("ContainsRuleSet Include Rule match", func(t *testing.T) {
if !validate.ContainsRuleSet("test", validate.RuleSets{Include: []string{"test"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("ContainsRuleSet Include Rule mismatch", func(t *testing.T) {
if validate.ContainsRuleSet("test", validate.RuleSets{Include: []string{"team-a"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("ContainsRuleSet Exclude Rule match", func(t *testing.T) {
if validate.ContainsRuleSet("test", validate.RuleSets{Exclude: []string{"test"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("ContainsRuleSet Include Rule mismatch", func(t *testing.T) {
if !validate.ContainsRuleSet("test", validate.RuleSets{Exclude: []string{"team-a"}}) {
t.Errorf("Unexpected Validation Result")
}
})
t.Run("ContainsRuleSet empty rules", func(t *testing.T) {
if !validate.ContainsRuleSet("test", validate.RuleSets{}) {
t.Errorf("Unexpected Validation Result")
}
})
}
func Test_RulesCount(t *testing.T) {
r1 := validate.RuleSets{}
if r1.Count() != 0 {
t.Errorf("Unexpected Rules.Count")
}
r2 := validate.RuleSets{Include: []string{"dev"}, Exclude: []string{"stage"}}
if r2.Count() != 2 {
t.Errorf("Unexpected Rules.Count")
}
}