Policyreport cli #1235

NoSkillGirl · 2020-11-10T04:36:15Z

Related issue

What type of PR is this?

/kind feature

Proposed changes

This PR supports policy report when the policies manifest is applied on resources passed as file/folder or available in cluster.

Checklist

I have read the contributing guidelines.
I have added tests that prove my fix is effective or that my feature
works.
I have added or changed the documentation.

…erno into feature/reports-cli

realshuting

Adding other comments:

Here

kyverno/pkg/kyverno/apply/command.go

Lines 163 to 171 in 7fbe422

    
           if common.PolicyHasVariables(*policy) && variablesString == "" && valuesFile == "" { 
        
           	rc.skip += len(resources) 
        
           	fmt.Printf("\nskipping policy %s as it has variables. pass the values for the variables using set/values_file flag", policy.Name) 
        
           	continue 
        
           } 
        
           if common.PolicyHasVariables(*policy) && variablesString == "" && valuesFile == "" { 
        
           	return sanitizedError.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) 
        
           }

it has 2 same checks but different results?

Do we still mutate policy before applying it? I'm applying disallow_latest_tag to a deployment, but I don't see the policy report

kyverno apply samples/best_practices/disallow_latest_tag.yaml  --policy-report --cluster -r nginx-2
I1110 18:17:32.585376   25815 client.go:258] dclient/Poll "msg"="starting registered resources sync"  "period"=300000000000
----------------------------------------------------------------------
POLICY REPORT: not generated as no validation failure

pkg/kyverno/common/fetch.go

pkg/utils/loadpolicy.go

pkg/kyverno/apply/command.go

realshuting · 2020-11-18T02:54:57Z

@NoSkillGirl Is this doc update to date?

The first three worked for me while case 4 and 5 gave me the following error:

$ kyverno apply samples/best_practices --cluster --policy-report -n default -r nginx
Error: valid resource(s) not provided
Cause: failed to load resources
Cause: the server could not find the requested resource

$ kyverno apply samples/best_practices --cluster --policy-report -n default
Error: valid resource(s) not provided
Cause: failed to load resources
Cause: the server could not find the requested resource

Yuvraj and others added 30 commits August 25, 2020 22:44

add report in cli

91c45b4

policy report crd added

875f971

policy report added

251521a

configmap added

2a9477b

added jobs

e9d2ba4

added jobs

b9123cd

bug fixed

b59a4ed

added logic for cli

9fb2b8d

common function added

fb6c4c3

sub command added for policy report

2dbacde

subcommand added for report

d3bba37

common package changed

3ebf9d4

configmap added

a01bfc7

added logic for kyverno cli

59dce68

added logic for jobs

d0d5556

added logic for jobs

ea3e424

added logic for jobs

2243728

added logic for cli

0bc1b3b

buf fix

eb518a2

cli changes

979884f

count bug fix

2309e23

docs added for command

05ca32e

merge conflict resolve

e43154e

go fmt

e59425d

refactor codebase

fdd908e

remove policy controller for policyreport

e15ed82

Merge branch 'master' into feature/reports-cli

e63be74

policy report removed

09faf48

Merge branch 'feature/reports-cli' of ssh://github.com/evalsocket/kyv…

4d7b4ab

…erno into feature/reports-cli

bug fixes

64d9879

NoSkillGirl and others added 9 commits November 4, 2020 15:22

fixed panic and updated test cases

ef8970d

update import library

3eacd8f

removing scheme dependencies

0a7be57

set report category

64d92f7

special handling - when applying policy with annotations on pod

009268f

Merge branch 'policyreport' into policyreport_cli

3760312

CLI handling - applying policy with annotations on pod

ba5d3a0

Merge commit

acc34fb

corrected merge code

7fbe422

NoSkillGirl added the wip work in progress label Nov 10, 2020

NoSkillGirl requested review from realshuting and JimBugwadia November 10, 2020 18:52

realshuting requested changes Nov 11, 2020

View reviewed changes

NoSkillGirl added 6 commits November 11, 2020 11:57

fixed comments

ca31568

seperated logic for resources from cluster

489f070

fixed - apply policy on deployment

a7a5c07

added pass resources in policy report

aaa2b96

passing only validate response to policy report

7eac551

log level added

d468368

NoSkillGirl removed the wip work in progress label Nov 13, 2020

NoSkillGirl added 5 commits November 18, 2020 11:08

fixed skipping resources

85d47e1

fixed no matching resources message

efe4f6a

Merge branch 'main' into policyreport_cli

5794889

SanitizedError fix

9a9cd55

removed histogram error log

90a2a4c

realshuting approved these changes Nov 18, 2020

View reviewed changes

NoSkillGirl merged commit c791c20 into kyverno:main Nov 18, 2020

NoSkillGirl added this to the Kyverno Release 1.3.0 milestone Dec 22, 2020

realshuting removed this from the Kyverno Release 1.3.0 milestone Jan 4, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Policyreport cli #1235

Policyreport cli #1235

NoSkillGirl commented Nov 10, 2020 •

edited

realshuting left a comment

realshuting commented Nov 18, 2020

	if common.PolicyHasVariables(*policy) && variablesString == "" && valuesFile == "" {
	rc.skip += len(resources)
	fmt.Printf("\nskipping policy %s as it has variables. pass the values for the variables using set/values_file flag", policy.Name)
	continue
	}

	if common.PolicyHasVariables(*policy) && variablesString == "" && valuesFile == "" {
	return sanitizedError.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err)
	}

Policyreport cli #1235

Policyreport cli #1235

Conversation

NoSkillGirl commented Nov 10, 2020 • edited

Related issue

Proposed changes

Checklist

realshuting left a comment

Choose a reason for hiding this comment

realshuting commented Nov 18, 2020

NoSkillGirl commented Nov 10, 2020 •

edited