Skip to content
Permalink
Browse files

Add audit feature (#84)

* Add audit feature

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* use same top level manager; rm dup clients; separate getUpdateLists; pass gvk;

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* create new client to update restmapper; separate gateAllConstraintsKinds; separate updateConstraintsForKinds; combine clear and update voilation into single loop

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* StatusViolation omit Namespace; rm dup context; add auditTimestamp to status

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* Add constraintViolationsLimit

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* incorporate feedback

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* add retry framework; move crd global var; listkind

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* address comments

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* get and update deepcopy instead

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
  • Loading branch information...
ritazh authored and maxsmythe committed Apr 17, 2019
1 parent e841d24 commit 8eadf3e36f4700c52b4a7572277bcab52fcb473b
Showing with 411 additions and 0 deletions.
  1. +7 −0 cmd/manager/main.go
  2. +29 −0 pkg/audit/controller.go
  3. +375 −0 pkg/audit/manager.go
@@ -20,6 +20,7 @@ import (
opa "github.com/open-policy-agent/frameworks/constraint/pkg/client"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local"
"github.com/open-policy-agent/gatekeeper/pkg/apis"
"github.com/open-policy-agent/gatekeeper/pkg/audit"
"github.com/open-policy-agent/gatekeeper/pkg/controller"
"github.com/open-policy-agent/gatekeeper/pkg/target"
"github.com/open-policy-agent/gatekeeper/pkg/webhook"
@@ -88,6 +89,12 @@ func main() {
os.Exit(1)
}

log.Info("setting up audit")
if err := audit.AddToManager(mgr, client); err != nil {
log.Error(err, "unable to register audit to the manager")
os.Exit(1)
}

// Start the Cmd
log.Info("Starting the Cmd.")
if err := mgr.Start(signals.SetupSignalHandler()); err != nil {
@@ -0,0 +1,29 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package audit

import (
"context"

opa "github.com/open-policy-agent/frameworks/constraint/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/manager"
)

// AddToManager adds audit manager to the Manager
func AddToManager(m manager.Manager, opa opa.Client) error {
am, err := New(context.Background(), m.GetConfig(), opa)
if err != nil {
return err
}
return m.Add(am)
}

0 comments on commit 8eadf3e

Please sign in to comment.
You can’t perform that action at this time.