feat: send matched bypass permissions criteria with evaluation results

go.mod

@@ -3,7 +3,7 @@ module github.com/datreeio/admission-webhook-datree
 go 1.19
 
 require (
-	github.com/datreeio/datree v1.8.42
+	github.com/datreeio/datree v1.9.10
 	github.com/ghodss/yaml v1.0.0
 	github.com/google/go-cmp v0.5.9
 	github.com/lithammer/shortuuid v3.0.0+incompatible

go.sum

@@ -31,6 +31,8 @@ github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWH
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/datreeio/datree v1.8.42 h1:nR2HnqdZFzY8bD78eN8yYLMfaRxmOPYs3MonnOVoYbU=
 github.com/datreeio/datree v1.8.42/go.mod h1:H9iOfrpbK6pLk+5q9e97uUf+hfyFezhnE7pp/ZE0rHA=
+github.com/datreeio/datree v1.9.10 h1:bmyzB49+IPz0t5AMRnufTlS/UeebP9NzpNTWBi3p5cI=
+github.com/datreeio/datree v1.9.10/go.mod h1:RWd7yt4qEFfz2wxaAeJF3oqrJf68ktY6OOuX4c7+l7A=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

pkg/clients/cliServiceClient.go

@@ -161,21 +161,44 @@ type WebhookEvaluationRequestData struct {
 	MetadataName   string
 }
 
+type BypassCriteriaType int
+
+const (
+	ServiceAccount BypassCriteriaType = iota
+	UserAccount
+	Group
+)
+
+func (s BypassCriteriaType) String() string {
+	switch s {
+	case ServiceAccount:
+		return "serviceAccount"
+	case UserAccount:
+		return "userAccount"
+	case Group:
+		return "group"
+	default:
+		return "unknown"
+	}
+}
+
 type EvaluationResultRequest struct {
-	ClientId           string                                      `json:"clientId"`
-	Token              string                                      `json:"token"`
-	Metadata           *Metadata                                   `json:"metadata"`
-	K8sVersion         string                                      `json:"k8sVersion"`
-	PolicyName         string                                      `json:"policyName"`
-	FailedYamlFiles    []string                                    `json:"failedYamlFiles"`
-	FailedK8sFiles     []string                                    `json:"failedK8sFiles"`
-	AllExecutedRules   []cliClient.RuleData                        `json:"allExecutedRules"`
-	AllEvaluatedFiles  []cliClient.FileData                        `json:"allEvaluatedFiles"`
-	PolicyCheckResults map[string]map[string]*cliClient.FailedRule `json:"policyCheckResults"`
-	ClusterUuid        k8sTypes.UID                                `json:"clusterUuid,omitempty"`
-	Namespace          string                                      `json:"namespace,omitempty"`
-	Kind               string                                      `json:"kind"`
-	MetadataName       string                                      `json:"metadataName"`
+	ClientId                string                                      `json:"clientId"`
+	Token                   string                                      `json:"token"`
+	Metadata                *Metadata                                   `json:"metadata"`
+	K8sVersion              string                                      `json:"k8sVersion"`
+	PolicyName              string                                      `json:"policyName"`
+	FailedYamlFiles         []string                                    `json:"failedYamlFiles"`
+	FailedK8sFiles          []string                                    `json:"failedK8sFiles"`
+	AllExecutedRules        []cliClient.RuleData                        `json:"allExecutedRules"`
+	AllEvaluatedFiles       []cliClient.FileData                        `json:"allEvaluatedFiles"`
+	PolicyCheckResults      map[string]map[string]*cliClient.FailedRule `json:"policyCheckResults"`
+	ClusterUuid             k8sTypes.UID                                `json:"clusterUuid,omitempty"`
+	Namespace               string                                      `json:"namespace,omitempty"`
+	Kind                    string                                      `json:"kind"`
+	MetadataName            string                                      `json:"metadataName"`
+	MatchedBypassCriteria   *BypassCriteria                             `json:"matchedBypassCriteria,omitempty"`
+	IsBypassedByPermissions bool                                        `json:"isBypassedByPermissions"`
 }
 
 type Metadata struct {
@@ -187,16 +210,22 @@ type Metadata struct {
 	EvaluationDurationSeconds float64              `json:"evaluationDurationSeconds"`
 }
 
+type BypassCriteria struct {
+	Type  BypassCriteriaType
+	Value string
+}
+
 type ClusterContext struct {
 	WebhookVersion string `json:"webhookVersion"`
 	IsInCluster    bool   `json:"isInCluster"`
 	IsEnforceMode  bool   `json:"isEnforceMode"`
 }
 
-func (c *CliClient) SendWebhookEvaluationResult(request *EvaluationResultRequest) (*cliClient.SendEvaluationResultsResponse, error) {
+func (c *CliClient) SaveWebhookEvaluationResults(request *EvaluationResultRequest) (*cliClient.SendEvaluationResultsResponse, error) {
 	if c.networkValidator.IsLocalMode() {
 		return &cliClient.SendEvaluationResultsResponse{}, nil
 	}
+
 	httpRes, err := c.httpClient.Request(http.MethodPost, "/cli/evaluation/policyCheck/result", request, c.flagsHeaders)
 	if err != nil {
 		networkErr := c.networkValidator.IdentifyNetworkError(err)