From 2cd2309e6b1db1118a56cb4f8db4b7a54b277b73 Mon Sep 17 00:00:00 2001 From: ldpliu Date: Thu, 28 Mar 2024 08:37:49 +0000 Subject: [PATCH] handle pending policies Signed-off-by: ldpliu --- .../policies/complete_compliance_emitter.go | 12 +- .../controller/policies/compliance_emitter.go | 30 +- .../local-policies/create_local_policies.sql | 2 +- .../cronjob/task/local_compliance_history.go | 5 +- .../syncers/local_policy_complete_handler.go | 14 + .../local_policy_compliance_handler.go | 5 + .../local_policy_compliance_handler_test.go | 18 +- .../syncers/policy_complete_handler.go | 14 + .../syncers/policy_compliance_handler.go | 7 + .../syncers/policy_compliance_handler_test.go | 11 +- .../policy_delta_compliance_handler.go | 7 + .../hubofhubs/database/1.schemas.sql | 2 + .../hubofhubs/database/3.functions.sql | 2 + .../acm-global-adhoc-investigation.yaml | 230 ++++++-- ...bal-cluster-group-compliancy-overview.yaml | 129 ++-- .../acm-global-offending-clusters.yaml | 458 +++++++++++++-- .../acm-global-offending-policies.yaml | 549 ++++++++++++++++-- .../grafana/acm-global-overview.yaml | 81 ++- ...obal-policy-group-compliancy-overview.yaml | 116 ++-- .../acm-global-whats-changed-clusters.yaml | 64 +- .../acm-global-whats-changed-policies.yaml | 62 +- .../hubofhubs/upgrade/1.upgrade.sql | 6 +- pkg/bundle/grc/complete_compliance_bundle.go | 1 + pkg/bundle/grc/compliance_bundle.go | 1 + pkg/database/common/util.go | 2 + pkg/database/constants.go | 2 + 26 files changed, 1504 insertions(+), 326 deletions(-) diff --git a/agent/pkg/status/controller/policies/complete_compliance_emitter.go b/agent/pkg/status/controller/policies/complete_compliance_emitter.go index c9cc47e4d..94cd6d1f4 100644 --- a/agent/pkg/status/controller/policies/complete_compliance_emitter.go +++ b/agent/pkg/status/controller/policies/complete_compliance_emitter.go @@ -53,7 +53,8 @@ func (h *completeComplianceHandler) Update(obj client.Object) bool { index := getPayloadIndexByUID(originPolicyID, *(h.eventData)) if index == -1 { // object not found, need to add it to the bundle (only in case it contains non-compliant/unknown) // don't send in the bundle a policy where all clusters are compliant - if len(newComplete.UnknownComplianceClusters) == 0 && len(newComplete.NonCompliantClusters) == 0 { + if len(newComplete.UnknownComplianceClusters) == 0 && len(newComplete.NonCompliantClusters) == 0 && + len(newComplete.PendingComplianceClusters) == 0 { return false } @@ -64,6 +65,7 @@ func (h *completeComplianceHandler) Update(obj client.Object) bool { // if we reached here, policy already exists in the bundle with at least one non compliant or unknown cluster. oldComplete := (*h.eventData)[index] if utils.Equal(oldComplete.NonCompliantClusters, newComplete.NonCompliantClusters) && + utils.Equal(oldComplete.PendingComplianceClusters, newComplete.PendingComplianceClusters) && utils.Equal(oldComplete.UnknownComplianceClusters, newComplete.UnknownComplianceClusters) { return false } @@ -71,9 +73,11 @@ func (h *completeComplianceHandler) Update(obj client.Object) bool { // the payload is updated (*h.eventData)[index].NonCompliantClusters = newComplete.NonCompliantClusters (*h.eventData)[index].UnknownComplianceClusters = newComplete.UnknownComplianceClusters + (*h.eventData)[index].PendingComplianceClusters = newComplete.PendingComplianceClusters // don't send in the bundle a policy where all clusters are compliant - if len((*h.eventData)[index].NonCompliantClusters) == 0 && len((*h.eventData)[index].UnknownComplianceClusters) == 0 { + if len((*h.eventData)[index].NonCompliantClusters) == 0 && len((*h.eventData)[index].UnknownComplianceClusters) == 0 && + len((*h.eventData)[index].PendingComplianceClusters) == 0 { (*h.eventData) = append((*h.eventData)[:index], (*h.eventData)[index+1:]...) // remove from objects } return true @@ -98,6 +102,7 @@ func (h *completeComplianceHandler) Delete(obj client.Object) bool { func newCompleteCompliance(originPolicyID string, policy *policiesv1.Policy) *grc.CompleteCompliance { nonCompliantClusters := make([]string, 0) unknownComplianceClusters := make([]string, 0) + pendingComplianceClusters := make([]string, 0) for _, clusterCompliance := range policy.Status.Status { if clusterCompliance.ComplianceState == policiesv1.Compliant { @@ -105,6 +110,8 @@ func newCompleteCompliance(originPolicyID string, policy *policiesv1.Policy) *gr } if clusterCompliance.ComplianceState == policiesv1.NonCompliant { nonCompliantClusters = append(nonCompliantClusters, clusterCompliance.ClusterName) + } else if clusterCompliance.ComplianceState == policiesv1.Pending { + pendingComplianceClusters = append(pendingComplianceClusters, clusterCompliance.ClusterName) } else { // not compliant not non compliant -> means unknown unknownComplianceClusters = append(unknownComplianceClusters, clusterCompliance.ClusterName) } @@ -115,6 +122,7 @@ func newCompleteCompliance(originPolicyID string, policy *policiesv1.Policy) *gr NamespacedName: policy.Namespace + "/" + policy.Name, NonCompliantClusters: nonCompliantClusters, UnknownComplianceClusters: unknownComplianceClusters, + PendingComplianceClusters: pendingComplianceClusters, } } diff --git a/agent/pkg/status/controller/policies/compliance_emitter.go b/agent/pkg/status/controller/policies/compliance_emitter.go index 4d119c490..8da55304a 100644 --- a/agent/pkg/status/controller/policies/compliance_emitter.go +++ b/agent/pkg/status/controller/policies/compliance_emitter.go @@ -50,7 +50,7 @@ func (h *complianceHandler) Update(obj client.Object) bool { if index == -1 { // object not found, need to add it to the bundle compliance := getNewCompliance(policyID, policy) if len(compliance.CompliantClusters) == 0 && len(compliance.NonCompliantClusters) == 0 && - len(compliance.UnknownComplianceClusters) == 0 { + len(compliance.UnknownComplianceClusters) == 0 && len(compliance.PendingComplianceClusters) == 0 { return false } *h.eventData = append(*h.eventData, *compliance) @@ -70,18 +70,19 @@ func (h *complianceHandler) Update(obj client.Object) bool { // returns true if cluster list has changed(added/removed), otherwise returns false (even if cluster statuses changed). func (h *complianceHandler) updatePayloadIfChanged(objectIndex int, policy *policiesv1.Policy) bool { - newCompliantClusters, newNonCompliantClusters, newUnknownClusters := getClusterStatus(policy) - allClusters := utils.Merge(newCompliantClusters, newNonCompliantClusters, newUnknownClusters) + newCompliantClusters, newNonCompliantClusters, newUnknownClusters, newPendingClusters := getClusterStatus(policy) + allClusters := utils.Merge(newCompliantClusters, newNonCompliantClusters, newUnknownClusters, newPendingClusters) cachedCompliance := (*h.eventData)[objectIndex] clusterListChanged := false // check if any cluster was added or removed if len(cachedCompliance.CompliantClusters)+len(cachedCompliance.NonCompliantClusters)+ - len(cachedCompliance.UnknownComplianceClusters) != len(allClusters) || + len(cachedCompliance.UnknownComplianceClusters)+len(cachedCompliance.PendingComplianceClusters) != len(allClusters) || !utils.ContainSubStrings(allClusters, cachedCompliance.CompliantClusters) || !utils.ContainSubStrings(allClusters, cachedCompliance.NonCompliantClusters) || - !utils.ContainSubStrings(allClusters, cachedCompliance.UnknownComplianceClusters) { + !utils.ContainSubStrings(allClusters, cachedCompliance.UnknownComplianceClusters) || + !utils.ContainSubStrings(allClusters, cachedCompliance.PendingComplianceClusters) { clusterListChanged = true // at least one cluster was added/removed } @@ -89,6 +90,8 @@ func (h *complianceHandler) updatePayloadIfChanged(objectIndex int, policy *poli cachedCompliance.CompliantClusters = newCompliantClusters cachedCompliance.NonCompliantClusters = newNonCompliantClusters cachedCompliance.UnknownComplianceClusters = newUnknownClusters + cachedCompliance.PendingComplianceClusters = newPendingClusters + (*h.eventData)[objectIndex] = cachedCompliance return clusterListChanged } @@ -140,29 +143,34 @@ func getIndexByPolicyID(uid string, compliances []grc.Compliance) int { } func getNewCompliance(originPolicyID string, policy *policiesv1.Policy) *grc.Compliance { - compliantClusters, nonCompliantClusters, unknownComplianceClusters := getClusterStatus(policy) + compClusters, nonCompClusters, unknownCompClusters, pendingCompClusters := getClusterStatus(policy) return &grc.Compliance{ PolicyID: originPolicyID, NamespacedName: fmt.Sprintf("%s/%s", policy.GetNamespace(), policy.GetName()), - CompliantClusters: compliantClusters, - NonCompliantClusters: nonCompliantClusters, - UnknownComplianceClusters: unknownComplianceClusters, + CompliantClusters: compClusters, + NonCompliantClusters: nonCompClusters, + UnknownComplianceClusters: unknownCompClusters, + PendingComplianceClusters: pendingCompClusters, } } // getClusterStatus returns (list of compliant clusters, list of nonCompliant clusters, list of unknown clusters. -func getClusterStatus(policy *policiesv1.Policy) ([]string, []string, []string) { +func getClusterStatus(policy *policiesv1.Policy) ([]string, []string, []string, []string) { compliantClusters := make([]string, 0) nonCompliantClusters := make([]string, 0) unknownComplianceClusters := make([]string, 0) + pendingComplianceClusters := make([]string, 0) + for _, clusterStatus := range policy.Status.Status { if clusterStatus.ComplianceState == policiesv1.Compliant { compliantClusters = append(compliantClusters, clusterStatus.ClusterName) } else if clusterStatus.ComplianceState == policiesv1.NonCompliant { nonCompliantClusters = append(nonCompliantClusters, clusterStatus.ClusterName) + } else if clusterStatus.ComplianceState == policiesv1.Pending { + pendingComplianceClusters = append(pendingComplianceClusters, clusterStatus.ClusterName) } else { unknownComplianceClusters = append(unknownComplianceClusters, clusterStatus.ClusterName) } } - return compliantClusters, nonCompliantClusters, unknownComplianceClusters + return compliantClusters, nonCompliantClusters, unknownComplianceClusters, pendingComplianceClusters } diff --git a/doc/simulation/local-policies/create_local_policies.sql b/doc/simulation/local-policies/create_local_policies.sql index 6c131a352..b62330b4b 100644 --- a/doc/simulation/local-policies/create_local_policies.sql +++ b/doc/simulation/local-policies/create_local_policies.sql @@ -14,7 +14,7 @@ declare policy_control_random_index int; all_policy_severities text[] := '{"low","high"}'; policy_severity_random_index int; - all_compliances local_status.compliance_type[] := '{"compliant","non_compliant"}'; + all_compliances local_status.compliance_type[] := '{"compliant","unknown","pending","non_compliant"}'; compliance_random_index int; managed_cluster text; policy text; diff --git a/manager/pkg/cronjob/task/local_compliance_history.go b/manager/pkg/cronjob/task/local_compliance_history.go index a27fcc0b6..091369dc1 100644 --- a/manager/pkg/cronjob/task/local_compliance_history.go +++ b/manager/pkg/cronjob/task/local_compliance_history.go @@ -171,10 +171,10 @@ func insertToLocalComplianceHistoryByLocalStatus(ctx context.Context, tableName do $$ declare - all_compliances local_status.compliance_type[] := '{"compliant","non_compliant"}'; + all_compliances local_status.compliance_type[] := '{"compliant","non_compliant","unknown","pending"}'; compliance_random_index int; begin - SELECT floor(random() * 2 + 1)::int into compliance_random_index; + SELECT floor(random() * 4 + 1)::int into compliance_random_index; INSERT INTO history.local_compliance (policy_id, cluster_id, leaf_hub_name, compliance, compliance_date) ( SELECT policy_id,cluster_id,leaf_hub_name,all_compliances[compliance_random_index], @@ -251,6 +251,7 @@ func insertToLocalComplianceHistoryByPolicyEvent(ctx context.Context, totalCount CASE WHEN bool_or(compliance = 'non_compliant') THEN 'non_compliant' WHEN bool_or(compliance = 'unknown') THEN 'unknown' + WHEN bool_or(compliance = 'pending') THEN 'pending' ELSE 'compliant' END::local_status.compliance_type AS aggregated_compliance FROM event.local_policies diff --git a/manager/pkg/statussyncer/syncers/local_policy_complete_handler.go b/manager/pkg/statussyncer/syncers/local_policy_complete_handler.go index c93d0dfa9..5757f49c8 100644 --- a/manager/pkg/statussyncer/syncers/local_policy_complete_handler.go +++ b/manager/pkg/statussyncer/syncers/local_policy_complete_handler.go @@ -100,6 +100,20 @@ func handleCompleteCompliance(log logr.Logger, ctx context.Context, evt *cloudev allNonComplianceCluster.Remove(eventCluster) // mark cluster as handled } + // pending: go over the pending clusters from event + for _, eventCluster := range eventCompliance.PendingComplianceClusters { + if !nonComplianceClusterSetsFromDB.GetClusters(database.Pending).Contains(eventCluster) { + batchLocalCompliance = append(batchLocalCompliance, models.LocalStatusCompliance{ + PolicyID: policyID, + LeafHubName: leafHub, + ClusterName: eventCluster, + Compliance: database.Pending, + Error: database.ErrorNone, + }) + } + allNonComplianceCluster.Remove(eventCluster) // mark cluster as handled + } + // unknown: go over the unknown clusters from event for _, eventCluster := range eventCompliance.UnknownComplianceClusters { if !nonComplianceClusterSetsFromDB.GetClusters(database.Unknown).Contains(eventCluster) { diff --git a/manager/pkg/statussyncer/syncers/local_policy_compliance_handler.go b/manager/pkg/statussyncer/syncers/local_policy_compliance_handler.go index d14cf7f9e..aa6e779d8 100644 --- a/manager/pkg/statussyncer/syncers/local_policy_compliance_handler.go +++ b/manager/pkg/statussyncer/syncers/local_policy_compliance_handler.go @@ -90,10 +90,15 @@ func handleCompliance(log logr.Logger, ctx context.Context, evt *cloudevents.Eve unknownCompliances := newLocalCompliances(leafHub, policyID, database.Unknown, eventCompliance.UnknownComplianceClusters, allClustersOnDB) + // handle pending compliance clusters of the policy + pendingCompliances := newLocalCompliances(leafHub, policyID, database.Pending, + eventCompliance.PendingComplianceClusters, complianceClustersFromDB.GetClusters(database.Pending)) + batchLocalCompliances := []models.LocalStatusCompliance{} batchLocalCompliances = append(batchLocalCompliances, compliantCompliances...) batchLocalCompliances = append(batchLocalCompliances, nonCompliantCompliances...) batchLocalCompliances = append(batchLocalCompliances, unknownCompliances...) + batchLocalCompliances = append(batchLocalCompliances, pendingCompliances...) // batch upsert err = db.Clauses(clause.OnConflict{ diff --git a/manager/pkg/statussyncer/syncers/local_policy_compliance_handler_test.go b/manager/pkg/statussyncer/syncers/local_policy_compliance_handler_test.go index dd3feee37..3cc9cfacc 100644 --- a/manager/pkg/statussyncer/syncers/local_policy_compliance_handler_test.go +++ b/manager/pkg/statussyncer/syncers/local_policy_compliance_handler_test.go @@ -59,6 +59,7 @@ var _ = Describe("LocalPolicyComplianceHandler", Ordered, func() { PolicyID: createdPolicyId, CompliantClusters: []string{"cluster1"}, NonCompliantClusters: []string{"cluster2"}, + PendingComplianceClusters: []string{"cluster4"}, UnknownComplianceClusters: []string{}, }) @@ -83,13 +84,13 @@ var _ = Describe("LocalPolicyComplianceHandler", Ordered, func() { if c.PolicyID == expiredPolicyID && c.ClusterName == "cluster1" { expiredCount++ } - if c.PolicyID == createdPolicyId && c.ClusterName == "cluster1" || c.ClusterName == "cluster2" { + if c.PolicyID == createdPolicyId && c.ClusterName == "cluster1" || c.ClusterName == "cluster2" || c.ClusterName == "cluster4" { addedCount++ } fmt.Printf("LocalCompliance: ID(%s) %s/%s %s \n", c.PolicyID, c.LeafHubName, c.ClusterName, c.Compliance) } - if expiredCount == 0 && addedCount == 2 && len(localCompliances) == 2 { + if expiredCount == 0 && addedCount == 3 && len(localCompliances) == 3 { fmt.Println("LocalCompliance ========================================================== ") return nil } @@ -132,6 +133,7 @@ var _ = Describe("LocalPolicyComplianceHandler", Ordered, func() { PolicyID: createdPolicyId, CompliantClusters: []string{"cluster1"}, NonCompliantClusters: []string{"cluster2"}, + PendingComplianceClusters: []string{"cluster5"}, UnknownComplianceClusters: []string{}, }) complianceVersion.Incr() @@ -157,19 +159,19 @@ var _ = Describe("LocalPolicyComplianceHandler", Ordered, func() { addedCount := 0 for _, c := range localCompliances { fmt.Printf("LocalCompliance Resync: ID(%s) %s/%s %s \n", c.PolicyID, c.LeafHubName, c.ClusterName, c.Compliance) - if c.PolicyID == createdPolicyId && c.ClusterName == "cluster1" || c.ClusterName == "cluster2" { + if c.PolicyID == createdPolicyId && c.ClusterName == "cluster1" || c.ClusterName == "cluster2" || c.ClusterName == "cluster5" { addedCount++ } if c.ClusterName == "cluster3" { return fmt.Errorf("the cluster3 should be removed from database") } } - if addedCount == 2 && len(localCompliances) == 2 { + if addedCount == 3 && len(localCompliances) == 3 { fmt.Println("LocalCompliance(Resync) ========================================================== ") return nil } return fmt.Errorf("failed to sync local compliance") - }, 30*time.Second, 100*time.Millisecond).ShouldNot(HaveOccurred()) + }, 10*time.Second, 3*time.Second).ShouldNot(HaveOccurred()) }) It("shouldn't update the by the local complete compliance event", func() { @@ -237,6 +239,7 @@ var _ = Describe("LocalPolicyComplianceHandler", Ordered, func() { PolicyID: createdPolicyId, NonCompliantClusters: []string{"cluster1"}, UnknownComplianceClusters: []string{"cluster3"}, + PendingComplianceClusters: []string{"cluster5"}, }) evt := ToCloudEvent(leafHubName, string(enum.LocalCompleteComplianceType), version, data) @@ -264,13 +267,16 @@ var _ = Describe("LocalPolicyComplianceHandler", Ordered, func() { if c.ClusterName == "cluster2" && c.Compliance == database.Compliant { success++ } + if c.ClusterName == "cluster5" && c.Compliance == database.Pending { + success++ + } if c.ClusterName == "cluster3" { return fmt.Errorf("the cluster3 shouldn't synced by the local compliance bundle") } } } - if len(localCompliances) == 2 && success == 2 { + if len(localCompliances) == 3 && success == 3 { fmt.Println("LocalComplete update ========================================================== ") return nil } diff --git a/manager/pkg/statussyncer/syncers/policy_complete_handler.go b/manager/pkg/statussyncer/syncers/policy_complete_handler.go index c59078965..0863e4634 100644 --- a/manager/pkg/statussyncer/syncers/policy_complete_handler.go +++ b/manager/pkg/statussyncer/syncers/policy_complete_handler.go @@ -95,6 +95,20 @@ func (h *policyCompleteHandler) handleEvent(ctx context.Context, evt *cloudevent allNonComplianceCluster.Remove(eventCluster) // mark cluster as handled } + // pending: go over the pending clusters from event + for _, eventCluster := range eventCompliance.PendingComplianceClusters { + if !nonComplianceClusterSetsFromDB.GetClusters(database.Pending).Contains(eventCluster) { + batchCompliance = append(batchCompliance, models.StatusCompliance{ + PolicyID: policyID, + LeafHubName: leafHub, + ClusterName: eventCluster, + Compliance: database.Pending, + Error: database.ErrorNone, + }) + } + allNonComplianceCluster.Remove(eventCluster) // mark cluster as handled + } + // unknown: go over the unknown clusters from event for _, eventCluster := range eventCompliance.UnknownComplianceClusters { if !nonComplianceClusterSetsFromDB.GetClusters(database.Unknown).Contains(eventCluster) { diff --git a/manager/pkg/statussyncer/syncers/policy_compliance_handler.go b/manager/pkg/statussyncer/syncers/policy_compliance_handler.go index b43b4afdf..58a4a7c9e 100644 --- a/manager/pkg/statussyncer/syncers/policy_compliance_handler.go +++ b/manager/pkg/statussyncer/syncers/policy_compliance_handler.go @@ -97,10 +97,15 @@ func (h *policyComplianceHandler) handleEvent(ctx context.Context, evt *cloudeve unknownCompliances := newCompliances(leafHubName, policyID, database.Unknown, eventCompliance.UnknownComplianceClusters, allClustersOnDB) + // handle pending compliance clusters of the policy + pendingCompliances := newCompliances(leafHubName, policyID, database.Pending, + eventCompliance.PendingComplianceClusters, allClustersOnDB) + batchCompliances := []models.StatusCompliance{} batchCompliances = append(batchCompliances, compliantCompliances...) batchCompliances = append(batchCompliances, nonCompliantCompliances...) batchCompliances = append(batchCompliances, unknownCompliances...) + batchCompliances = append(batchCompliances, pendingCompliances...) // batch upsert err = db.Clauses(clause.OnConflict{ @@ -199,6 +204,7 @@ func NewPolicyClusterSets() *PolicyClustersSets { database.Compliant: set.NewSet(), database.NonCompliant: set.NewSet(), database.Unknown: set.NewSet(), + database.Pending: set.NewSet(), }, } } @@ -217,6 +223,7 @@ func (sets *PolicyClustersSets) AddCluster(clusterName string, complianceStatus func (sets *PolicyClustersSets) GetAllClusters() set.Set { return sets.complianceToSetMap[database.Compliant]. Union(sets.complianceToSetMap[database.NonCompliant]. + Union(sets.complianceToSetMap[database.Pending]). Union(sets.complianceToSetMap[database.Unknown])) } diff --git a/manager/pkg/statussyncer/syncers/policy_compliance_handler_test.go b/manager/pkg/statussyncer/syncers/policy_compliance_handler_test.go index 0c0354497..fc0661b05 100644 --- a/manager/pkg/statussyncer/syncers/policy_compliance_handler_test.go +++ b/manager/pkg/statussyncer/syncers/policy_compliance_handler_test.go @@ -63,6 +63,7 @@ var _ = Describe("GlobalPolicyComplianceHandler", Ordered, func() { PolicyID: createdPolicyId, CompliantClusters: []string{"cluster1"}, // generate record: createdPolicyId hub1-cluster1 compliant NonCompliantClusters: []string{"cluster2"}, // generate record: createdPolicyId hub1-cluster2 non_compliant + PendingComplianceClusters: []string{"cluster4"}, // generate record: createdPolicyId hub1-cluster4 pending UnknownComplianceClusters: []string{}, }) @@ -86,13 +87,13 @@ var _ = Describe("GlobalPolicyComplianceHandler", Ordered, func() { if c.PolicyID == expiredPolicyID && c.ClusterName == "cluster1" { expiredCount++ } - if c.PolicyID == createdPolicyId && c.ClusterName == "cluster1" || c.ClusterName == "cluster2" { + if c.PolicyID == createdPolicyId && c.ClusterName == "cluster1" || c.ClusterName == "cluster2" || c.ClusterName == "cluster4" { addedCount++ } fmt.Printf("Compliance: ID(%s) %s/%s %s \n", c.PolicyID, c.LeafHubName, c.ClusterName, c.Compliance) } - if expiredCount == 0 && addedCount == 2 && len(compliances) == 2 { + if expiredCount == 0 && addedCount == 3 && len(compliances) == 3 { return nil } return fmt.Errorf("failed to sync compliance") @@ -163,6 +164,7 @@ var _ = Describe("GlobalPolicyComplianceHandler", Ordered, func() { PolicyID: createdPolicyId, NonCompliantClusters: []string{"cluster1"}, UnknownComplianceClusters: []string{"cluster3"}, + PendingComplianceClusters: []string{"cluster4"}, }) evt := ToCloudEvent(leafHubName, string(enum.CompleteComplianceType), completeVersion, data) @@ -191,13 +193,16 @@ var _ = Describe("GlobalPolicyComplianceHandler", Ordered, func() { if c.ClusterName == "cluster2" && c.Compliance == database.Compliant { success++ } + if c.ClusterName == "cluster4" && c.Compliance == database.Pending { + success++ + } if c.ClusterName == "cluster3" { return fmt.Errorf("the cluster3 shouldn't synced by the compliance bundle") } } } - if len(compliances) == 2 && success == 2 { + if len(compliances) == 3 && success == 3 { return nil } return fmt.Errorf("failed to sync complete compliance") diff --git a/manager/pkg/statussyncer/syncers/policy_delta_compliance_handler.go b/manager/pkg/statussyncer/syncers/policy_delta_compliance_handler.go index b659e6357..a619f0a4e 100644 --- a/manager/pkg/statussyncer/syncers/policy_delta_compliance_handler.go +++ b/manager/pkg/statussyncer/syncers/policy_delta_compliance_handler.go @@ -85,6 +85,13 @@ func (h *policyDeltaComplianceHandler) handleEvent(ctx context.Context, evt *clo return err } } + + for _, cluster := range eventCompliance.PendingComplianceClusters { + err := updateCompliance(tx, eventCompliance.PolicyID, leafHub, cluster, database.Pending) + if err != nil { + return err + } + } } // return nil will commit the whole transaction diff --git a/operator/pkg/controllers/hubofhubs/database/1.schemas.sql b/operator/pkg/controllers/hubofhubs/database/1.schemas.sql index 6c1c65153..eba5ca4a3 100644 --- a/operator/pkg/controllers/hubofhubs/database/1.schemas.sql +++ b/operator/pkg/controllers/hubofhubs/database/1.schemas.sql @@ -13,6 +13,7 @@ DO $$ BEGIN CREATE TYPE local_status.compliance_type AS ENUM ( 'compliant', 'non_compliant', + 'pending', 'unknown' ); EXCEPTION @@ -23,6 +24,7 @@ DO $$ BEGIN CREATE TYPE status.compliance_type AS ENUM ( 'compliant', 'non_compliant', + 'pending', 'unknown' ); EXCEPTION diff --git a/operator/pkg/controllers/hubofhubs/database/3.functions.sql b/operator/pkg/controllers/hubofhubs/database/3.functions.sql index 40ff5a00f..7dd4ef91f 100644 --- a/operator/pkg/controllers/hubofhubs/database/3.functions.sql +++ b/operator/pkg/controllers/hubofhubs/database/3.functions.sql @@ -77,6 +77,8 @@ BEGIN SELECT cluster_id, policy_id, leaf_hub_name, CASE WHEN bool_and(compliance = ''compliant'') THEN ''compliant'' + WHEN bool_and(compliance = ''pending'') THEN ''pending'' + WHEN bool_and(compliance = ''unknown'') THEN ''unknown'' ELSE ''non_compliant'' END::local_status.compliance_type AS aggregated_compliance FROM event.local_policies diff --git a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-adhoc-investigation.yaml b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-adhoc-investigation.yaml index 227b9f512..5b9358283 100644 --- a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-adhoc-investigation.yaml +++ b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-adhoc-investigation.yaml @@ -98,13 +98,14 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, + "w": 4, "x": 0, "y": 1 }, @@ -121,10 +122,12 @@ data: "fields": "/^count$/", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -180,7 +183,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "description": "The distinct number of managed clusters that were \"compliant\" in the given time interval. The managed clusters are calculated by cluster id and not by the cluster name; therefore, if a cluster with the same name exist across two different hubs, it is counted as two distinct managed clusters.", @@ -199,14 +202,15 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, - "x": 6, + "w": 4, + "x": 4, "y": 1 }, "id": 48, @@ -222,10 +226,12 @@ data: "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -237,7 +243,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id \n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id \n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.leaf_hub_name IN ( $all_hubs )\n AND \n mc.leaf_hub_name IN ( $all_hubs )\n AND \n p.leaf_hub_name IN ( $all_hubs )\n AND\n p.policy_id ${policy_id_query:raw}\n AND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\n AND\n p.policy_name = '$policy'\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res\nWHERE\n compliant > 0\nAND\n non_compliant = 0\nAND\n unknown = 0", + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id \n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id \n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.leaf_hub_name IN ( $all_hubs )\n AND \n mc.leaf_hub_name IN ( $all_hubs )\n AND \n p.leaf_hub_name IN ( $all_hubs )\n AND\n p.policy_id ${policy_id_query:raw}\n AND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\n AND\n p.policy_name = '$policy'\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res\nWHERE\n compliant > 0\nAND\n non_compliant = 0\nAND\n unknown = 0\nAND \n pending = 0", "refId": "A", "select": [ [ @@ -281,7 +287,118 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" + }, + "description": "The distinct number of managed clusters that were \"pending\" in the given time interval. The managed clusters are calculated by cluster id and not by the cluster name; therefore, if a cluster with the same name exist across two different hubs, it is counted as two distinct managed clusters.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "links": [ + { + "targetBlank": true, + "title": "View all clusters for policy \"${policy}\" on hub cluster \"${hub}\"", + "url": "${hubConsoleURL}/multicloud/governance/policies/details/${namespace}/${policy}/results?perspective=acm\n" + } + ], + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "yellow", + "value": null + } + ] + }, + "unitScale": true + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 4, + "x": 8, + "y": 1 + }, + "id": 57, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.3.3", + "targets": [ + { + "datasource": { + "type": "postgres", + "uid": "P244538DD76A4C61D" + }, + "editorMode": "code", + "format": "table", + "group": [], + "metricColumn": "none", + "rawQuery": true, + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.leaf_hub_name IN ( $all_hubs )\n AND \n mc.leaf_hub_name IN ( $all_hubs )\n AND \n p.leaf_hub_name IN ( $all_hubs )\n AND \n p.policy_id ${policy_id_query:raw}\n AND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\n AND\n p.policy_name = '$policy'\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res\nWHERE\n pending > 0\nAND\n non_compliant = 0", + "refId": "A", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "column" + } + ] + ], + "sql": { + "columns": [ + { + "parameters": [], + "type": "function" + } + ], + "groupBy": [ + { + "property": { + "type": "string" + }, + "type": "groupBy" + } + ], + "limit": 50 + }, + "timeColumn": "time", + "where": [ + { + "name": "$__timeFilter", + "params": [], + "type": "macro" + } + ] + } + ], + "title": "Number of Pending Managed Clusters", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "description": "The distinct number of managed clusters that were \"unknown\" in the given time interval. The managed clusters are calculated by cluster id and not by the cluster name; therefore, if a cluster with the same name exist across two different hubs, it is counted as two distinct managed clusters.", @@ -307,17 +424,18 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, + "w": 4, "x": 12, "y": 1 }, - "id": 57, + "id": 67, "options": { "colorMode": "value", "graphMode": "area", @@ -330,10 +448,12 @@ data: "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -345,7 +465,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.leaf_hub_name IN ( $all_hubs )\n AND \n mc.leaf_hub_name IN ( $all_hubs )\n AND \n p.leaf_hub_name IN ( $all_hubs )\n AND \n p.policy_id ${policy_id_query:raw}\n AND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\n AND\n p.policy_name = '$policy'\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(non_compliant) as \"non_compliant\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res\nWHERE\n unknown > 0\nAND\n non_compliant = 0", + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.leaf_hub_name IN ( $all_hubs )\n AND \n mc.leaf_hub_name IN ( $all_hubs )\n AND \n p.leaf_hub_name IN ( $all_hubs )\n AND \n p.policy_id ${policy_id_query:raw}\n AND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\n AND\n p.policy_name = '$policy'\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res\nWHERE\n unknown > 0\nAND\n non_compliant = 0\nAND\n pending = 0", "refId": "A", "select": [ [ @@ -389,7 +509,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "description": "The distinct number of managed clusters that were in the given time interval. The managed clusters are calculated by cluster id and not by the cluster name; therefore, if a cluster with the same name exist across two different hubs, it is counted as two distinct managed clusters.", @@ -415,14 +535,15 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, - "x": 18, + "w": 8, + "x": 16, "y": 1 }, "id": 47, @@ -438,10 +559,12 @@ data: "fields": "/^count$/", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -453,7 +576,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id \n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id \n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.leaf_hub_name IN ( $all_hubs )\n AND \n mc.leaf_hub_name IN ( $all_hubs )\n AND \n p.leaf_hub_name IN ( $all_hubs )\n AND\n p.policy_id ${policy_id_query:raw}\n AND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\n AND\n p.policy_name = '$policy'\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res", + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id \n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id \n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.leaf_hub_name IN ( $all_hubs )\n AND \n mc.leaf_hub_name IN ( $all_hubs )\n AND \n p.leaf_hub_name IN ( $all_hubs )\n AND\n p.policy_id ${policy_id_query:raw}\n AND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\n AND\n p.policy_name = '$policy'\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res", "refId": "A", "select": [ [ @@ -523,7 +646,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "description": "List of offending managed clusters count for one policy based on non compliant message.(If a policy has multiple templates, only show one failed message)", @@ -553,7 +676,8 @@ data: } ] }, - "unit": "string" + "unit": "string", + "unitScale": true }, "overrides": [ { @@ -622,7 +746,7 @@ data: "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -634,7 +758,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH eventdata AS (\n WITH alleventdata AS(\n SELECT \n policy_id,\n cluster_id,\n leaf_hub_name,\n message,\n reason,\n compliance,\n ROW_NUMBER() OVER(\n PARTITION BY policy_id,cluster_id \n ORDER BY created_at DESC\n ) row_num\n FROM\n event.local_policies\n WHERE\n compliance = 'non_compliant'\n AND \n policy_id IN (\n SELECT DISTINCT policy_id \n FROM local_spec.policies\n WHERE leaf_hub_name IN ( $all_hubs ) AND payload -> 'metadata' ->> 'namespace' = '$namespace' AND policy_name = '$policy' AND policy_id ${policy_id_query:raw}\n )\n )\n SELECT * FROM\n alleventdata\n WHERE row_num = 1\n),\nmessagedata as(\n SELECT\n p.policy_name as \"policy\",\n replace(message,mc.cluster_name,'') as \"groupmessage\",\n mc.cluster_id,\n reason\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id \n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id \n LEFT OUTER JOIN\n eventdata ed ON ed.policy_id = p.policy_id AND ed.cluster_id = mc.cluster_id AND ed.compliance = ch.compliance\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.leaf_hub_name IN ( $all_hubs )\n AND \n mc.leaf_hub_name IN ( $all_hubs )\n AND \n p.leaf_hub_name IN ( $all_hubs )\n AND \n ed.leaf_hub_name IN ( $all_hubs )\n AND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\n AND\n p.policy_name = '$policy'\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n AND\n ch.compliance = 'non_compliant'\n)\nSELECT \n policy,\n groupmessage,\n COUNT(DISTINCT cluster_id) as \"clustercount\"\nFROM\n messagedata\nGROUP BY(policy,groupmessage)\nORDER BY clustercount DESC", + "rawSql": "WITH eventdata AS (\n WITH alleventdata AS(\n SELECT \n policy_id,\n cluster_id,\n leaf_hub_name,\n message,\n reason,\n compliance,\n ROW_NUMBER() OVER(\n PARTITION BY policy_id,cluster_id \n ORDER BY created_at DESC\n ) row_num\n FROM\n event.local_policies\n WHERE\n (compliance = 'non_compliant' OR compliance = 'pending')\n AND \n policy_id IN (\n SELECT DISTINCT policy_id \n FROM local_spec.policies\n WHERE leaf_hub_name IN ( $all_hubs ) AND payload -> 'metadata' ->> 'namespace' = '$namespace' AND policy_name = '$policy' AND policy_id ${policy_id_query:raw}\n )\n )\n SELECT * FROM\n alleventdata\n WHERE row_num = 1\n),\nmessagedata as(\n SELECT\n p.policy_name as \"policy\",\n replace(message,mc.cluster_name,'') as \"groupmessage\",\n mc.cluster_id,\n reason\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id \n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id \n LEFT OUTER JOIN\n eventdata ed ON ed.policy_id = p.policy_id AND ed.cluster_id = mc.cluster_id AND ed.compliance = ch.compliance\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.leaf_hub_name IN ( $all_hubs )\n AND \n mc.leaf_hub_name IN ( $all_hubs )\n AND \n p.leaf_hub_name IN ( $all_hubs )\n AND \n ed.leaf_hub_name IN ( $all_hubs )\n AND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\n AND\n p.policy_name = '$policy'\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n AND\n (ch.compliance = 'non_compliant' OR ch.compliance = 'pending')\n)\nSELECT \n policy,\n groupmessage,\n COUNT(DISTINCT cluster_id) as \"clustercount\"\nFROM\n messagedata\nGROUP BY(policy,groupmessage)\nORDER BY clustercount DESC", "refId": "A", "select": [ [ @@ -703,7 +827,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "description": "List of offending managed clusters(If a policy has multiple templates, only show one failed message)", @@ -733,7 +857,8 @@ data: } ] }, - "unit": "string" + "unit": "string", + "unitScale": true }, "overrides": [ { @@ -857,7 +982,7 @@ data: "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -869,7 +994,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH eventdata AS (\n WITH alleventdata AS(\n SELECT \n policy_id,\n cluster_id,\n leaf_hub_name,\n message,\n reason,\n compliance,\n ROW_NUMBER() OVER(\n PARTITION BY policy_id,cluster_id \n ORDER BY created_at DESC\n ) row_num\n FROM\n event.local_policies\n WHERE\n compliance = 'non_compliant'\n AND \n policy_id IN (\n SELECT DISTINCT policy_id \n FROM local_spec.policies\n WHERE leaf_hub_name IN ( $all_hubs ) AND payload -> 'metadata' ->> 'namespace' = '$namespace' AND policy_name = '$policy' AND policy_id ${policy_id_query:raw}\n )\n )\n SELECT * FROM\n alleventdata\n WHERE row_num = 1\n)\nSELECT\n ch.compliance_date as \"time\",\n mc.cluster_name as \"cluster\",\n p.policy_name as \"policy\",\n mc.payload -> 'metadata' -> 'labels' ->> '$label' AS \"label\",\n message,\n reason\nFROM\n history.local_compliance ch\nJOIN\n local_spec.policies p ON ch.policy_id = p.policy_id \nJOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id \nLEFT OUTER JOIN\n eventdata ed ON ed.policy_id = p.policy_id AND ed.cluster_id = mc.cluster_id AND ed.compliance = ch.compliance\nWHERE\n $__timeFilter(ch.compliance_date)\nAND\n ch.leaf_hub_name IN ( $all_hubs )\nAND \n mc.leaf_hub_name IN ( $all_hubs )\nAND \n p.leaf_hub_name IN ( $all_hubs )\nAND \n ed.leaf_hub_name IN ( $all_hubs )\nAND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\nAND\n p.policy_name = '$policy'\nAND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\nAND\n ch.compliance = 'non_compliant'\nORDER BY (ch.compliance_date) DESC\n", + "rawSql": "WITH eventdata AS (\n WITH alleventdata AS(\n SELECT \n policy_id,\n cluster_id,\n leaf_hub_name,\n message,\n reason,\n compliance,\n ROW_NUMBER() OVER(\n PARTITION BY policy_id,cluster_id \n ORDER BY created_at DESC\n ) row_num\n FROM\n event.local_policies\n WHERE\n (compliance = 'non_compliant' OR compliance = 'pending')\n AND \n policy_id IN (\n SELECT DISTINCT policy_id \n FROM local_spec.policies\n WHERE leaf_hub_name IN ( $all_hubs ) AND payload -> 'metadata' ->> 'namespace' = '$namespace' AND policy_name = '$policy' AND policy_id ${policy_id_query:raw}\n )\n )\n SELECT * FROM\n alleventdata\n WHERE row_num = 1\n)\nSELECT\n ch.compliance_date as \"time\",\n mc.cluster_name as \"cluster\",\n p.policy_name as \"policy\",\n mc.payload -> 'metadata' -> 'labels' ->> '$label' AS \"label\",\n message,\n reason\nFROM\n history.local_compliance ch\nJOIN\n local_spec.policies p ON ch.policy_id = p.policy_id \nJOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id \nLEFT OUTER JOIN\n eventdata ed ON ed.policy_id = p.policy_id AND ed.cluster_id = mc.cluster_id AND ed.compliance = ch.compliance\nWHERE\n $__timeFilter(ch.compliance_date)\nAND\n ch.leaf_hub_name IN ( $all_hubs )\nAND \n mc.leaf_hub_name IN ( $all_hubs )\nAND \n p.leaf_hub_name IN ( $all_hubs )\nAND \n ed.leaf_hub_name IN ( $all_hubs )\nAND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\nAND\n p.policy_name = '$policy'\nAND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\nAND\n (ch.compliance = 'non_compliant' OR ch.compliance = 'pending')\nORDER BY (ch.compliance_date) DESC\n", "refId": "A", "select": [ [ @@ -936,8 +1061,7 @@ data: } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": [], "templating": { "list": [ @@ -945,7 +1069,7 @@ data: "current": { "selected": false, "text": "Global-Hub-DataSource", - "value": "Global-Hub-DataSource" + "value": "P244538DD76A4C61D" }, "hide": 2, "includeAll": false, @@ -962,8 +1086,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "mc1", + "value": "mc1" }, "datasource": { "type": "postgres", @@ -1015,8 +1139,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "open-cluster-management-global-set", + "value": "open-cluster-management-global-set" }, "datasource": { "type": "postgres", @@ -1040,8 +1164,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "po-pending", + "value": "po-pending" }, "datasource": { "type": "postgres", @@ -1093,8 +1217,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "cloud", + "value": "cloud" }, "datasource": { "type": "postgres", @@ -1147,8 +1271,8 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('Amazon') ", + "value": " in ('Amazon') " }, "datasource": { "type": "postgres", @@ -1170,8 +1294,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "https://console-openshift-console.apps.obs-hub-of-hubs-aws-414-sno-t55kq.scale.red-chesterfield.com", + "value": "https://console-openshift-console.apps.obs-hub-of-hubs-aws-414-sno-t55kq.scale.red-chesterfield.com" }, "datasource": { "type": "postgres", @@ -1193,8 +1317,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('27fbdf48-f5c2-4715-9b01-6692dadaad18') ", + "value": " in ('27fbdf48-f5c2-4715-9b01-6692dadaad18') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${policy_id}$$)>0 then $$ in ($policy_id) $$ else ' is null ' end", "hide": 2, @@ -1212,7 +1340,7 @@ data: ] }, "time": { - "from": "now-24h", + "from": "now-30d", "to": "now" }, "timepicker": {}, diff --git a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-cluster-group-compliancy-overview.yaml b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-cluster-group-compliancy-overview.yaml index 3ecf3b8c0..9bfc12413 100644 --- a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-cluster-group-compliancy-overview.yaml +++ b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-cluster-group-compliancy-overview.yaml @@ -6,7 +6,10 @@ data: "list": [ { "builtIn": 1, - "datasource": "-- Grafana --", + "datasource": { + "type": "datasource", + "uid": "grafana" + }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", @@ -22,9 +25,9 @@ data: ] }, "editable": true, - "gnetId": null, + "fiscalYearStartMonth": 0, "graphTooltip": 0, - "iteration": 1687542352983, + "id": 9, "links": [ { "asDropdown": false, @@ -39,9 +42,13 @@ data: "url": "d/0e0ddb7f16b946f99d96a483a4a3f95f/global-hub-offending-clusters?orgId=1" } ], + "liveNow": false, "panels": [ { - "datasource": "${datasource}", + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "${datasource}" + }, "description": "Aggregated cluster group trend by cluster label: \"$label\" (Data updated once a day)", "fieldConfig": { "defaults": { @@ -49,6 +56,9 @@ data: "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, @@ -60,6 +70,7 @@ data: "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -99,7 +110,8 @@ data: } ] }, - "unit": "percentunit" + "unit": "percentunit", + "unitScale": true }, "overrides": [] }, @@ -114,20 +126,26 @@ data: "legend": { "calcs": [], "displayMode": "list", - "placement": "bottom" + "placement": "bottom", + "showLegend": true }, "tooltip": { - "mode": "single" + "mode": "single", + "sort": "none" } }, "pluginVersion": "8.5.20", "targets": [ { + "datasource": { + "uid": "${datasource}" + }, + "editorMode": "code", "format": "time_series", "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data as (\n SELECT\n lc.compliance_date as \"time\",\n mc.payload -> 'metadata' -> 'labels' ->> '$label' AS \"metric\",\n COUNT(CASE WHEN lc.compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN lc.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN lc.compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n status.managed_clusters mc\n JOIN\n history.local_compliance lc ON mc.cluster_id = lc.cluster_id\n JOIN\n local_spec.policies p ON lc.policy_id = p.policy_id\n WHERE\n $__timeFilter(lc.compliance_date)\n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n GROUP BY (lc.compliance_date, mc.payload -> 'metadata' -> 'labels' ->> '$label')\n ORDER BY (lc.compliance_date)\n)\nSELECT\n time,\n metric,\n compliant::float / NULLIF((compliant::float + non_compliant + unknown), 0) as \"value\"\nFROM\n data", + "rawSql": "WITH data as (\n SELECT\n lc.compliance_date as \"time\",\n mc.payload -> 'metadata' -> 'labels' ->> '$label' AS \"metric\",\n COUNT(CASE WHEN lc.compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN lc.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN lc.compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN lc.compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n status.managed_clusters mc\n JOIN\n history.local_compliance lc ON mc.cluster_id = lc.cluster_id\n JOIN\n local_spec.policies p ON lc.policy_id = p.policy_id\n WHERE\n $__timeFilter(lc.compliance_date)\n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n GROUP BY (lc.compliance_date, mc.payload -> 'metadata' -> 'labels' ->> '$label')\n ORDER BY (lc.compliance_date)\n)\nSELECT\n time,\n metric,\n compliant::float / NULLIF((compliant::float + non_compliant + unknown + pending), 0) as \"value\"\nFROM\n data", "refId": "A", "select": [ [ @@ -139,6 +157,23 @@ data: } ] ], + "sql": { + "columns": [ + { + "parameters": [], + "type": "function" + } + ], + "groupBy": [ + { + "property": { + "type": "string" + }, + "type": "groupBy" + } + ], + "limit": 50 + }, "timeColumn": "time", "where": [ { @@ -154,8 +189,7 @@ data: } ], "refresh": "", - "schemaVersion": 30, - "style": "dark", + "schemaVersion": 39, "tags": [], "templating": { "list": [ @@ -163,13 +197,10 @@ data: "current": { "selected": false, "text": "Global-Hub-DataSource", - "value": "Global-Hub-DataSource" + "value": "P244538DD76A4C61D" }, - "description": null, - "error": null, "hide": 2, "includeAll": false, - "label": null, "multi": false, "name": "datasource", "options": [], @@ -181,16 +212,17 @@ data: "type": "datasource" }, { - "allValue": null, "current": { "selected": false, "text": "vendor", "value": "vendor" }, - "datasource": "${datasource}", + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "${datasource}" + }, "definition": "WITH compcluster as(\n SELECT DISTINCT cluster_id\n FROM\n history.local_compliance ch\n WHERE\n $__timeFilter(ch.compliance_date)\n)\nSELECT\n DISTINCT jsonb_object_keys(payload -> 'metadata' -> 'labels')\nFROM\n status.managed_clusters mc \nJOIN\n compcluster ch \nON\n mc.cluster_id = ch.cluster_id", "description": "Managed cluster labels", - "error": null, "hide": 0, "includeAll": false, "label": "Label", @@ -205,7 +237,6 @@ data: "type": "query" }, { - "allValue": null, "current": { "selected": true, "text": [ @@ -215,10 +246,12 @@ data: "$__all" ] }, - "datasource": "${datasource}", + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "${datasource}" + }, "definition": "WITH compcluster as(\n SELECT DISTINCT cluster_id\n FROM\n history.local_compliance ch\n WHERE\n $__timeFilter(ch.compliance_date)\n)\nSELECT\n payload -> 'metadata' -> 'labels' ->> '$label'\nFROM\n status.managed_clusters mc\nJOIN\n compcluster ch \nON\n mc.cluster_id = ch.cluster_id\nWHERE\n payload -> 'metadata' -> 'labels' ->> '$label' IS NOT NULL", "description": "Managed clusters label values", - "error": null, "hide": 0, "includeAll": true, "label": "Value", @@ -233,7 +266,6 @@ data: "type": "query" }, { - "allValue": null, "current": { "selected": true, "text": [ @@ -243,10 +275,12 @@ data: "$__all" ] }, - "datasource": null, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" + }, "definition": "WITH compcluster as(\n SELECT DISTINCT policy_id\n FROM\n history.local_compliance ch\n WHERE\n $__timeFilter(ch.compliance_date)\n)\nSELECT\n DISTINCT policy_standard\nFROM\n local_spec.policies p\nJOIN\n compcluster ch \nON\n p.policy_id = ch.policy_id\nWHERE\npolicy_standard IS NOT NULL;", "description": "Managed cluster policy standards", - "error": null, "hide": 0, "includeAll": true, "label": "Standard", @@ -261,7 +295,6 @@ data: "type": "query" }, { - "allValue": null, "current": { "selected": true, "text": [ @@ -271,10 +304,12 @@ data: "$__all" ] }, - "datasource": null, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" + }, "definition": " WITH compcluster as(\n SELECT DISTINCT policy_id\n FROM\n history.local_compliance ch\n WHERE\n $__timeFilter(ch.compliance_date)\n)\nSELECT\n DISTINCT policy_category\nFROM\n local_spec.policies p\nJOIN\n compcluster ch \nON\n p.policy_id = ch.policy_id\nWHERE\n policy_standard IN ($standard) \nAND\n policy_category IS NOT NULL", "description": "Managed cluster policy categories", - "error": null, "hide": 0, "includeAll": true, "label": "Category", @@ -289,7 +324,6 @@ data: "type": "query" }, { - "allValue": null, "current": { "selected": true, "text": [ @@ -299,10 +333,12 @@ data: "$__all" ] }, - "datasource": null, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" + }, "definition": " WITH compcluster as(\n SELECT DISTINCT policy_id\n FROM\n history.local_compliance ch\n WHERE\n $__timeFilter(ch.compliance_date)\n)\nSELECT\n DISTINCT policy_control\nFROM\n local_spec.policies p\nJOIN\n compcluster ch \nON\n p.policy_id = ch.policy_id\nWHERE\n policy_standard IN ($standard)\nAND\n policy_category IN ($category)\nAND\n policy_control IS NOT NULL", "description": "Managed cluster labels policy controls", - "error": null, "hide": 0, "includeAll": true, "label": "Control", @@ -319,8 +355,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('OpenShift') ", + "value": " in ('OpenShift') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${value}$$)>0 then $$ in ($value) $$ else ' is null ' end", "hide": 2, @@ -338,8 +378,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('NIST SP 800-53') ", + "value": " in ('NIST SP 800-53') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${standard}$$)>0 then $$ in ($standard) $$ else ' is null ' end", "hide": 2, @@ -357,8 +401,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('CM Configuration Management') ", + "value": " in ('CM Configuration Management') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${category}$$)>0 then $$ in ($category) $$ else ' is null ' end", "hide": 2, @@ -376,8 +424,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('CM-2 Baseline Configuration','CM-2 Baseline Configuration, CM-6 Configuration Settings') ", + "value": " in ('CM-2 Baseline Configuration','CM-2 Baseline Configuration, CM-6 Configuration Settings') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${control}$$)>0 then $$ in ($control) $$ else ' is null ' end", "hide": 2, @@ -402,7 +454,8 @@ data: "timezone": "utc", "title": "Global Hub - Cluster Group Compliancy Overview", "uid": "868845a4d1334958bd62303c5ccb4c19", - "version": 1 + "version": 1, + "weekStart": "" } kind: ConfigMap metadata: diff --git a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-offending-clusters.yaml b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-offending-clusters.yaml index 54ab67feb..018344113 100644 --- a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-offending-clusters.yaml +++ b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-offending-clusters.yaml @@ -27,6 +27,7 @@ data: "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, + "id": 2, "links": [ { "asDropdown": false, @@ -100,13 +101,14 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, + "w": 4, "x": 0, "y": 1 }, @@ -123,10 +125,12 @@ data: "fields": "/^count$/", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -182,7 +186,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "description": "The distinct number of managed clusters that were \"compliant\" in the given time interval. The managed clusters are calculated by cluster id and not by the cluster name; therefore, if a cluster with the same name exist across two different hubs, it is counted as two distinct managed clusters.", @@ -201,14 +205,15 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, - "x": 6, + "w": 4, + "x": 4, "y": 1 }, "id": 48, @@ -224,10 +229,12 @@ data: "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -239,7 +246,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id\n WHERE\n $__timeFilter(ch.compliance_date)\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res\nWHERE\n compliant > 0\nAND\n non_compliant = 0\nAND\n unknown = 0", + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id\n WHERE\n $__timeFilter(ch.compliance_date)\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res\nWHERE\n compliant > 0\nAND\n non_compliant = 0\nAND\n unknown = 0\nAND \n pending = 0", "refId": "A", "select": [ [ @@ -283,7 +290,111 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" + }, + "description": "The distinct number of managed clusters that were \"pending\" in the given time interval. The managed clusters are calculated by cluster id and not by the cluster name; therefore, if a cluster with the same name exist across two different hubs, it is counted as two distinct managed clusters.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "yellow", + "value": null + } + ] + }, + "unitScale": true + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 4, + "x": 8, + "y": 1 + }, + "id": 57, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.3.3", + "targets": [ + { + "datasource": { + "type": "postgres", + "uid": "P244538DD76A4C61D" + }, + "editorMode": "code", + "format": "table", + "group": [], + "metricColumn": "none", + "rawQuery": true, + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\"\n FROM\n history.local_compliance ch\n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id\n WHERE\n $__timeFilter(ch.compliance_date)\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res\nWHERE\n pending > 0\nAND\n non_compliant = 0", + "refId": "A", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "column" + } + ] + ], + "sql": { + "columns": [ + { + "parameters": [], + "type": "function" + } + ], + "groupBy": [ + { + "property": { + "type": "string" + }, + "type": "groupBy" + } + ], + "limit": 50 + }, + "timeColumn": "time", + "where": [ + { + "name": "$__timeFilter", + "params": [], + "type": "macro" + } + ] + } + ], + "title": "Number of Pending Managed Clusters", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "description": "The distinct number of managed clusters that were \"unknown\" in the given time interval. The managed clusters are calculated by cluster id and not by the cluster name; therefore, if a cluster with the same name exist across two different hubs, it is counted as two distinct managed clusters.", @@ -302,17 +413,18 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, + "w": 4, "x": 12, "y": 1 }, - "id": 57, + "id": 62, "options": { "colorMode": "value", "graphMode": "area", @@ -325,10 +437,12 @@ data: "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -340,7 +454,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id\n WHERE\n $__timeFilter(ch.compliance_date)\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(non_compliant) as \"non_compliant\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res\nWHERE\n unknown > 0\nAND\n non_compliant = 0", + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id\n WHERE\n $__timeFilter(ch.compliance_date)\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res\nWHERE\n unknown > 0\nAND\n non_compliant = 0\nAND \n pending = 0", "refId": "A", "select": [ [ @@ -384,7 +498,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "description": "The distinct number of managed clusters that were in the given time interval. The managed clusters are calculated by cluster id and not by the cluster name; therefore, if a cluster with the same name exist across two different hubs, it is counted as two distinct managed clusters.", @@ -403,14 +517,15 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, - "x": 18, + "w": 8, + "x": 16, "y": 1 }, "id": 47, @@ -426,10 +541,12 @@ data: "fields": "/^count$/", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -441,7 +558,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id\n WHERE\n $__timeFilter(ch.compliance_date)\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res", + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_id,\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id\n WHERE\n $__timeFilter(ch.compliance_date)\n GROUP BY (ch.compliance_date, mc.cluster_id)\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n cluster_id,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (cluster_id)\n)\nSELECT\n COUNT(DISTINCT cluster_id)\nFROM\n res", "refId": "A", "select": [ [ @@ -511,7 +628,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "description": "List of offending managed clusters by label: $label.", @@ -540,7 +657,8 @@ data: } ] }, - "unit": "percentunit" + "unit": "percentunit", + "unitScale": true }, "overrides": [ { @@ -598,18 +716,19 @@ data: "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { "type": "postgres", "uid": "P244538DD76A4C61D" }, + "editorMode": "code", "format": "table", "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_name as \"cluster\",\n mc.leaf_hub_name as \"hub\",\n mc.payload -> 'metadata' -> 'labels' ->> '$label' AS \"label\",\n COUNT(CASE WHEN ch.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN ch.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN ch.compliance = 'compliant' THEN 1 END) AS \"compliant\"\n FROM\n status.managed_clusters mc\n JOIN\n history.local_compliance ch ON mc.cluster_id = ch.cluster_id\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_name, mc.cluster_id, mc.leaf_hub_name, mc.payload)\n ORDER BY (ch.compliance_date) DESC\n),\nres AS (\n SELECT\n time,\n cluster,\n hub,\n label,\n non_compliant::float / NULLIF((compliant::float + unknown + non_compliant), 0) as \"value\" \n FROM\n data\n WHERE\n non_compliant > 0\n)\nSELECT\n *\nFROM\n res\nORDER BY (time, value) DESC", + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_name as \"cluster\",\n mc.leaf_hub_name as \"hub\",\n mc.payload -> 'metadata' -> 'labels' ->> '$label' AS \"label\",\n COUNT(CASE WHEN ch.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN ch.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN ch.compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN ch.compliance = 'compliant' THEN 1 END) AS \"compliant\"\n FROM\n status.managed_clusters mc\n JOIN\n history.local_compliance ch ON mc.cluster_id = ch.cluster_id\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_name, mc.cluster_id, mc.leaf_hub_name, mc.payload)\n ORDER BY (ch.compliance_date) DESC\n),\nres AS (\n SELECT\n time,\n cluster,\n hub,\n label,\n non_compliant::float / NULLIF((compliant::float + unknown + non_compliant + pending), 0) as \"value\" \n FROM\n data\n WHERE\n non_compliant > 0\n)\nSELECT\n *\nFROM\n res\nORDER BY (time, value) DESC", "refId": "A", "select": [ [ @@ -621,6 +740,23 @@ data: } ] ], + "sql": { + "columns": [ + { + "parameters": [], + "type": "function" + } + ], + "groupBy": [ + { + "property": { + "type": "string" + }, + "type": "groupBy" + } + ], + "limit": 50 + }, "timeColumn": "time", "where": [ { @@ -652,6 +788,181 @@ data: ], "type": "table" }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 64, + "panels": [ + { + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" + }, + "description": "List of pending managed clusters by label: $label.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "links": [], + "mappings": [], + "noValue": "No data in response", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "yellow", + "value": null + } + ] + }, + "unit": "percentunit", + "unitScale": true + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Cluster" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "View What's Changed dashboard for cluster \"${__value.text}\"", + "url": "d/5a3a577af7894943aa6e7ca8408502fb/global-hub-whats-changed-clusters?orgId=1&from=${__value.time}&var-hub=${__data.fields.Hub}&var-cluster=${__value.text}" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "value" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "color-background" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 18 + }, + "id": 56, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.3.3", + "targets": [ + { + "datasource": { + "type": "postgres", + "uid": "P244538DD76A4C61D" + }, + "editorMode": "code", + "format": "table", + "group": [], + "metricColumn": "none", + "rawQuery": true, + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_name as \"cluster\",\n mc.leaf_hub_name as \"hub\",\n mc.payload -> 'metadata' -> 'labels' ->> '$label' AS \"label\",\n COUNT(CASE WHEN ch.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN ch.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN ch.compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN ch.compliance = 'compliant' THEN 1 END) AS \"compliant\"\n FROM\n status.managed_clusters mc\n JOIN\n history.local_compliance ch ON mc.cluster_id = ch.cluster_id\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw} \n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_name, mc.cluster_id, mc.leaf_hub_name, mc.payload)\n ORDER BY (ch.compliance_date) DESC\n),\nres AS (\n SELECT\n time,\n cluster,\n hub,\n label,\n pending::float / NULLIF((compliant::float + unknown + non_compliant + pending), 0) as \"value\" \n FROM\n data\n WHERE\n non_compliant = 0\n AND\n pending > 0\n)\nSELECT\n *\nFROM\n res\nORDER BY (value) DESC", + "refId": "A", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "column" + } + ] + ], + "sql": { + "columns": [ + { + "parameters": [], + "type": "function" + } + ], + "groupBy": [ + { + "property": { + "type": "string" + }, + "type": "groupBy" + } + ], + "limit": 50 + }, + "timeColumn": "time", + "where": [ + { + "name": "$__timeFilter", + "params": [], + "type": "macro" + } + ] + } + ], + "title": "Pending Clusters (By $label)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "cluster": "Cluster", + "hub": "Hub", + "name": "Name", + "time": "Time", + "value": "Pending", + "vendor": "Vendor" + } + } + } + ], + "type": "table" + } + ], + "title": "Cluster Status > Pending", + "type": "row" + }, { "collapsed": true, "datasource": { @@ -662,13 +973,13 @@ data: "h": 1, "w": 24, "x": 0, - "y": 17 + "y": 18 }, "id": 55, "panels": [ { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "description": "List of unknown managed clusters by label: $label.", @@ -682,7 +993,8 @@ data: "cellOptions": { "type": "auto" }, - "filterable": true + "filterable": true, + "inspect": false }, "links": [], "mappings": [], @@ -691,11 +1003,13 @@ data: "mode": "absolute", "steps": [ { - "color": "yellow" + "color": "yellow", + "value": null } ] }, - "unit": "percentunit" + "unit": "percentunit", + "unitScale": true }, "overrides": [ { @@ -753,25 +1067,35 @@ data: "h": 8, "w": 24, "x": 0, - "y": 18 + "y": 27 }, - "id": 56, + "id": 63, "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, "showHeader": true, "sortBy": [] }, - "pluginVersion": "8.5.20", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { "type": "postgres", "uid": "P244538DD76A4C61D" }, + "editorMode": "code", "format": "table", "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_name as \"cluster\",\n mc.leaf_hub_name as \"hub\",\n mc.payload -> 'metadata' -> 'labels' ->> '$label' AS \"label\",\n COUNT(CASE WHEN ch.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN ch.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN ch.compliance = 'compliant' THEN 1 END) AS \"compliant\"\n FROM\n status.managed_clusters mc\n JOIN\n history.local_compliance ch ON mc.cluster_id = ch.cluster_id\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw} \n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_name, mc.cluster_id, mc.leaf_hub_name, mc.payload)\n ORDER BY (ch.compliance_date) DESC\n),\nres AS (\n SELECT\n time,\n cluster,\n hub,\n label,\n unknown::float / NULLIF((compliant::float + unknown + non_compliant), 0) as \"value\" \n FROM\n data\n WHERE\n non_compliant = 0\n AND\n unknown > 0\n)\nSELECT\n *\nFROM\n res\nORDER BY (value) DESC", + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_name as \"cluster\",\n mc.leaf_hub_name as \"hub\",\n mc.payload -> 'metadata' -> 'labels' ->> '$label' AS \"label\",\n COUNT(CASE WHEN ch.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN ch.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN ch.compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN ch.compliance = 'compliant' THEN 1 END) AS \"compliant\"\n FROM\n status.managed_clusters mc\n JOIN\n history.local_compliance ch ON mc.cluster_id = ch.cluster_id\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n mc.payload -> 'metadata' -> 'labels' ->> '$label' ${value_query:raw} \n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n GROUP BY (ch.compliance_date, mc.cluster_name, mc.cluster_id, mc.leaf_hub_name, mc.payload)\n ORDER BY (ch.compliance_date) DESC\n),\nres AS (\n SELECT\n time,\n cluster,\n hub,\n label,\n unknown::float / NULLIF((compliant::float + unknown + non_compliant + pending), 0) as \"value\" \n FROM\n data\n WHERE\n non_compliant = 0\n AND \n pending = 0\n AND\n unknown > 0\n)\nSELECT\n *\nFROM\n res\nORDER BY (value) DESC", "refId": "A", "select": [ [ @@ -783,6 +1107,23 @@ data: } ] ], + "sql": { + "columns": [ + { + "parameters": [], + "type": "function" + } + ], + "groupBy": [ + { + "property": { + "type": "string" + }, + "type": "groupBy" + } + ], + "limit": 50 + }, "timeColumn": "time", "where": [ { @@ -805,7 +1146,7 @@ data: "hub": "Hub", "name": "Name", "time": "Time", - "value": "Status", + "value": "Unknown", "vendor": "Vendor" } } @@ -828,8 +1169,7 @@ data: } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": [], "templating": { "list": [ @@ -837,7 +1177,7 @@ data: "current": { "selected": false, "text": "Global-Hub-DataSource", - "value": "Global-Hub-DataSource" + "value": "P244538DD76A4C61D" }, "hide": 2, "includeAll": false, @@ -995,8 +1335,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('OpenShift') ", + "value": " in ('OpenShift') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${value}$$)>0 then $$ in ($value) $$ else ' is null ' end", "hide": 2, @@ -1014,8 +1358,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('NIST SP 800-53') ", + "value": " in ('NIST SP 800-53') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${standard}$$)>0 then $$ in ($standard) $$ else ' is null ' end", "hide": 2, @@ -1033,8 +1381,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('CM Configuration Management') ", + "value": " in ('CM Configuration Management') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${category}$$)>0 then $$ in ($category) $$ else ' is null ' end", "hide": 2, @@ -1052,8 +1404,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('CM-2 Baseline Configuration','CM-2 Baseline Configuration, CM-6 Configuration Settings') ", + "value": " in ('CM-2 Baseline Configuration','CM-2 Baseline Configuration, CM-6 Configuration Settings') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${control}$$)>0 then $$ in ($control) $$ else ' is null ' end", "hide": 2, @@ -1071,7 +1427,7 @@ data: ] }, "time": { - "from": "now-7d", + "from": "now-30d", "to": "now" }, "timepicker": {}, diff --git a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-offending-policies.yaml b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-offending-policies.yaml index 4d94bc5ea..8d09cd891 100644 --- a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-offending-policies.yaml +++ b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-offending-policies.yaml @@ -27,6 +27,7 @@ data: "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, + "id": 3, "links": [ { "asDropdown": false, @@ -83,7 +84,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "${datasource}" }, "description": "The distinct number of policies that were \"non compliant\" in the given time interval. The policies are calculated by policy uuid and not by the policy name; therefore, if a policy with the same name exist across two different hubs, it is counted as two distinct policies.", @@ -102,13 +103,14 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, + "w": 4, "x": 0, "y": 1 }, @@ -125,10 +127,12 @@ data: "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -183,7 +187,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "${datasource}" }, "description": "The distinct number of policies that were \"compliant\" in the given time interval. The policies are calculated by policy uuid and not by the policy name; therefore, if a policy with the same name exist across two different hubs, it is counted as two distinct policies.", @@ -202,14 +206,15 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, - "x": 6, + "w": 4, + "x": 4, "y": 1 }, "id": 48, @@ -225,10 +230,12 @@ data: "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -239,7 +246,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n p.policy_id,\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_id, p.payload -> 'metadata' ->> 'namespace')\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n policy_id,\n namespace,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (policy_id,namespace)\n)\nSELECT\n COUNT(*)\nFROM\n res\nWHERE\n compliant > 0\nAND\n non_compliant = 0\nAND\n unknown = 0", + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n p.policy_id,\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_id, p.payload -> 'metadata' ->> 'namespace')\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n policy_id,\n namespace,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (policy_id,namespace)\n)\nSELECT\n COUNT(*)\nFROM\n res\nWHERE\n compliant > 0\nAND\n non_compliant = 0\nAND\n unknown = 0\nAND\n pending = 0", "refId": "A", "select": [ [ @@ -283,7 +290,110 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", + "uid": "${datasource}" + }, + "description": "The distinct number of policies that were \"pending\" in the given time interval. The policies are calculated by policy uuid and not by the policy name; therefore, if a policy with the same name exist across two different hubs, it is counted as two distinct policies.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "yellow", + "value": null + } + ] + }, + "unitScale": true + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 4, + "x": 8, + "y": 1 + }, + "id": 58, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.3.3", + "targets": [ + { + "datasource": { + "uid": "${datasource}" + }, + "editorMode": "code", + "format": "table", + "group": [], + "metricColumn": "none", + "rawQuery": true, + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n p.policy_id,\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_id, p.payload -> 'metadata' ->> 'namespace')\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n policy_id,\n namespace,\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\"\n FROM\n data\n GROUP BY (policy_id,namespace)\n)\nSELECT\n COUNT(*)\nFROM\n res\nWHERE\n pending > 0\nAND\n non_compliant = 0", + "refId": "A", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "column" + } + ] + ], + "sql": { + "columns": [ + { + "parameters": [], + "type": "function" + } + ], + "groupBy": [ + { + "property": { + "type": "string" + }, + "type": "groupBy" + } + ], + "limit": 50 + }, + "timeColumn": "time", + "where": [ + { + "name": "$__timeFilter", + "params": [], + "type": "macro" + } + ] + } + ], + "title": "Number of Pending Policies", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-postgresql-datasource", "uid": "${datasource}" }, "description": "The distinct number of policies that were \"unknown\" in the given time interval. The policies are calculated by policy uuid and not by the policy name; therefore, if a policy with the same name exist across two different hubs, it is counted as two distinct policies.", @@ -302,17 +412,18 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, + "w": 4, "x": 12, "y": 1 }, - "id": 58, + "id": 65, "options": { "colorMode": "value", "graphMode": "area", @@ -325,10 +436,12 @@ data: "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -339,7 +452,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n p.policy_id,\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_id, p.payload -> 'metadata' ->> 'namespace')\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n policy_id,\n namespace,\n SUM(non_compliant) as \"non_compliant\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (policy_id,namespace)\n)\nSELECT\n COUNT(*)\nFROM\n res\nWHERE\n unknown > 0\nAND\n non_compliant = 0", + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n p.policy_id,\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_id, p.payload -> 'metadata' ->> 'namespace')\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n policy_id,\n namespace,\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (policy_id,namespace)\n)\nSELECT\n COUNT(*)\nFROM\n res\nWHERE\n unknown > 0\nAND\n non_compliant = 0\nAND\n pending = 0", "refId": "A", "select": [ [ @@ -383,7 +496,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "${datasource}" }, "description": "The distinct number of policies in the given time interval. The policies are calculated by policy uuid and not by the policy name; therefore, if a policy with the same name exist across two different hubs, it is counted as two distinct policies.", @@ -402,14 +515,15 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, "gridPos": { "h": 6, - "w": 6, - "x": 18, + "w": 8, + "x": 16, "y": 1 }, "id": 47, @@ -425,10 +539,12 @@ data: "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -439,7 +555,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n p.policy_id,\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_id, p.payload -> 'metadata' ->> 'namespace')\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n policy_id,\n namespace,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (policy_id,namespace)\n)\nSELECT\n COUNT(*)\nFROM\n res", + "rawSql": "WITH data AS (\n SELECT\n $__timeGroupAlias(ch.compliance_date, $__interval),\n p.policy_id,\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n history.local_compliance ch\n JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_id, p.payload -> 'metadata' ->> 'namespace')\n ORDER BY (ch.compliance_date) DESC\n),\nres as (\n SELECT\n policy_id,\n namespace,\n SUM(compliant) as \"compliant\",\n SUM(non_compliant) as \"non_compliant\",\n SUM(pending) as \"pending\",\n SUM(unknown) as \"unknown\"\n FROM\n data\n GROUP BY (policy_id,namespace)\n)\nSELECT\n COUNT(*)\nFROM\n res", "refId": "A", "select": [ [ @@ -509,6 +625,7 @@ data: }, { "datasource": { + "type": "grafana-postgresql-datasource", "uid": "${datasource}" }, "description": "List of offending managed cluster policies by standard, category, and control.", @@ -537,7 +654,8 @@ data: } ] }, - "unit": "percentunit" + "unit": "percentunit", + "unitScale": true }, "overrides": [ { @@ -681,17 +799,18 @@ data: "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { "uid": "${datasource}" }, + "editorMode": "code", "format": "table", "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n ch.compliance_date as \"time\",\n p.policy_name as \"policy\",\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n p.leaf_hub_name as \"hub\",\n p.policy_standard as \"standard\",\n p.policy_category as \"category\",\n p.policy_control as \"control\",\n COUNT(CASE WHEN ch.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN ch.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN ch.compliance = 'compliant' THEN 1 END) AS \"compliant\"\n FROM\n local_spec.policies p\n JOIN\n history.local_compliance ch ON p.policy_id = ch.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_name, p.policy_id, p.payload -> 'metadata' ->> 'namespace', p.policy_standard, p.policy_category, p.policy_control, p.leaf_hub_name)\n),\nres as (\n SELECT\n time,\n policy,\n namespace,\n hub,\n standard,\n category,\n control,\n non_compliant::float / NULLIF((compliant::float + unknown + non_compliant), 0) as \"value\"\n FROM\n data\n WHERE\n non_compliant > 0\n)\nSELECT\n *\nFROM\n res\nORDER BY (time, value) DESC\n", + "rawSql": "WITH data AS (\n SELECT\n ch.compliance_date as \"time\",\n p.policy_name as \"policy\",\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n p.leaf_hub_name as \"hub\",\n p.policy_standard as \"standard\",\n p.policy_category as \"category\",\n p.policy_control as \"control\",\n COUNT(CASE WHEN ch.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN ch.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN ch.compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN ch.compliance = 'compliant' THEN 1 END) AS \"compliant\"\n FROM\n local_spec.policies p\n JOIN\n history.local_compliance ch ON p.policy_id = ch.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_name, p.policy_id, p.payload -> 'metadata' ->> 'namespace', p.policy_standard, p.policy_category, p.policy_control, p.leaf_hub_name)\n),\nres as (\n SELECT\n time,\n policy,\n namespace,\n hub,\n standard,\n category,\n control,\n non_compliant::float / NULLIF((compliant::float + unknown + non_compliant + pending), 0) as \"value\"\n FROM\n data\n WHERE\n non_compliant > 0\n)\nSELECT\n *\nFROM\n res\nORDER BY (time, value) DESC\n", "refId": "A", "select": [ [ @@ -703,6 +822,23 @@ data: } ] ], + "sql": { + "columns": [ + { + "parameters": [], + "type": "function" + } + ], + "groupBy": [ + { + "property": { + "type": "string" + }, + "type": "groupBy" + } + ], + "limit": 50 + }, "timeColumn": "time", "where": [ { @@ -737,6 +873,285 @@ data: ], "type": "table" }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 67, + "panels": [ + { + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "${datasource}" + }, + "description": "List of pending managed cluster policies by standard, category, and control.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "links": [], + "mappings": [], + "noValue": "No data in response", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "yellow", + "value": null + } + ] + }, + "unit": "percentunit", + "unitScale": true + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Name" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "View What's Changed dashboard for policy \"${__value.text}\"", + "url": "d/5a3a577af7894943aa6e7ca8408502fa/global-hub-whats-changed-policies?orgId=1&from=${__value.time}&var-hub=${__data.fields.Hub}&var-namespace=${__data.fields.Namespace}&var-policy=${__value.text}" + } + ] + }, + { + "id": "custom.width", + "value": 142 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "value" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "color-background" + } + }, + { + "id": "mappings", + "value": [ + { + "options": { + "match": "null+nan", + "result": { + "color": "yellow", + "index": 0, + "text": "Unknown" + } + }, + "type": "special" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Time" + }, + "properties": [ + { + "id": "custom.width", + "value": 195 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Namespace" + }, + "properties": [ + { + "id": "custom.width", + "value": 216 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Hub" + }, + "properties": [ + { + "id": "custom.width", + "value": 115 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Standard" + }, + "properties": [ + { + "id": "custom.width", + "value": 187 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Category" + }, + "properties": [ + { + "id": "custom.width", + "value": 356 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Unknown" + }, + "properties": [ + { + "id": "custom.width", + "value": 150 + }, + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Investigate policy ${__data.fields.Name}", + "url": "d/pAqtIGj4k/global-hub-investigation-help??orgId=1&from=${__value.time}&to=${__value.time}&var-hub=${__data.fields.Hub}&var-namespace=${__data.fields.Namespace}&var-policy=${__data.fields.Name}" + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 9 + }, + "id": 57, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.3.3", + "targets": [ + { + "datasource": { + "uid": "${datasource}" + }, + "editorMode": "code", + "format": "table", + "group": [], + "metricColumn": "none", + "rawQuery": true, + "rawSql": "WITH data AS (\n SELECT\n ch.compliance_date as \"time\",\n p.policy_name as \"policy\",\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n p.leaf_hub_name as \"hub\",\n p.policy_standard as \"standard\",\n p.policy_category as \"category\",\n p.policy_control as \"control\",\n COUNT(CASE WHEN ch.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN ch.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN ch.compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN ch.compliance = 'compliant' THEN 1 END) AS \"compliant\"\n FROM\n local_spec.policies p\n JOIN\n history.local_compliance ch ON p.policy_id = ch.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_name, p.policy_id, p.payload -> 'metadata' ->> 'namespace', p.policy_standard, p.policy_category, p.policy_control, p.leaf_hub_name)\n),\nres as (\n SELECT\n time,\n policy,\n namespace,\n hub,\n standard,\n category,\n control,\n pending::float / NULLIF((compliant::float + unknown + non_compliant + pending), 0) as \"value\"\n FROM\n data\n WHERE\n non_compliant = 0 \n AND\n pending > 0\n)\nSELECT\n *\nFROM\n res\nORDER BY (time, value) DESC\n", + "refId": "A", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "column" + } + ] + ], + "sql": { + "columns": [ + { + "parameters": [], + "type": "function" + } + ], + "groupBy": [ + { + "property": { + "type": "string" + }, + "type": "groupBy" + } + ], + "limit": 50 + }, + "timeColumn": "time", + "where": [ + { + "name": "$__timeFilter", + "params": [], + "type": "macro" + } + ] + } + ], + "title": "Pending Policies", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "includeByName": {}, + "indexByName": {}, + "renameByName": { + "category": "Category", + "control": "Control", + "hub": "Hub", + "namespace": "Namespace", + "policy": "Name", + "severity": "Severity", + "standard": "Standard", + "time": "Time", + "value": "Pending" + } + } + } + ], + "type": "table" + } + ], + "title": "Policy Status > Pending", + "type": "row" + }, { "collapsed": true, "datasource": { @@ -747,12 +1162,13 @@ data: "h": 1, "w": 24, "x": 0, - "y": 16 + "y": 17 }, "id": 56, "panels": [ { "datasource": { + "type": "grafana-postgresql-datasource", "uid": "${datasource}" }, "description": "List of unknown managed cluster policies by standard, category, and control.", @@ -766,7 +1182,8 @@ data: "cellOptions": { "type": "auto" }, - "filterable": true + "filterable": true, + "inspect": false }, "links": [], "mappings": [], @@ -775,11 +1192,13 @@ data: "mode": "absolute", "steps": [ { - "color": "yellow" + "color": "yellow", + "value": null } ] }, - "unit": "percentunit" + "unit": "percentunit", + "unitScale": true }, "overrides": [ { @@ -923,23 +1342,33 @@ data: "h": 8, "w": 24, "x": 0, - "y": 17 + "y": 10 }, - "id": 57, + "id": 66, "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, "showHeader": true }, - "pluginVersion": "8.5.20", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { "uid": "${datasource}" }, + "editorMode": "code", "format": "table", "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data AS (\n SELECT\n ch.compliance_date as \"time\",\n p.policy_name as \"policy\",\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n p.leaf_hub_name as \"hub\",\n p.policy_standard as \"standard\",\n p.policy_category as \"category\",\n p.policy_control as \"control\",\n COUNT(CASE WHEN ch.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN ch.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN ch.compliance = 'compliant' THEN 1 END) AS \"compliant\"\n FROM\n local_spec.policies p\n JOIN\n history.local_compliance ch ON p.policy_id = ch.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_name, p.policy_id, p.payload -> 'metadata' ->> 'namespace', p.policy_standard, p.policy_category, p.policy_control, p.leaf_hub_name)\n),\nres as (\n SELECT\n time,\n policy,\n namespace,\n hub,\n standard,\n category,\n control,\n unknown::float / NULLIF((compliant::float + unknown + non_compliant), 0) as \"value\"\n FROM\n data\n WHERE\n non_compliant = 0 \n AND\n unknown > 0\n)\nSELECT\n *\nFROM\n res\nORDER BY (time, value) DESC\n", + "rawSql": "WITH data AS (\n SELECT\n ch.compliance_date as \"time\",\n p.policy_name as \"policy\",\n p.payload -> 'metadata' ->> 'namespace' as \"namespace\",\n p.leaf_hub_name as \"hub\",\n p.policy_standard as \"standard\",\n p.policy_category as \"category\",\n p.policy_control as \"control\",\n COUNT(CASE WHEN ch.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN ch.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN ch.compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN ch.compliance = 'compliant' THEN 1 END) AS \"compliant\"\n FROM\n local_spec.policies p\n JOIN\n history.local_compliance ch ON p.policy_id = ch.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n AND\n ch.cluster_id IS NOT NULL\n GROUP BY (ch.compliance_date, p.policy_name, p.policy_id, p.payload -> 'metadata' ->> 'namespace', p.policy_standard, p.policy_category, p.policy_control, p.leaf_hub_name)\n),\nres as (\n SELECT\n time,\n policy,\n namespace,\n hub,\n standard,\n category,\n control,\n unknown::float / NULLIF((compliant::float + unknown + non_compliant + pending), 0) as \"value\"\n FROM\n data\n WHERE\n non_compliant = 0 \n AND\n pending = 0\n AND\n unknown > 0\n)\nSELECT\n *\nFROM\n res\nORDER BY (time, value) DESC\n", "refId": "A", "select": [ [ @@ -951,6 +1380,23 @@ data: } ] ], + "sql": { + "columns": [ + { + "parameters": [], + "type": "function" + } + ], + "groupBy": [ + { + "property": { + "type": "string" + }, + "type": "groupBy" + } + ], + "limit": 50 + }, "timeColumn": "time", "where": [ { @@ -999,8 +1445,7 @@ data: } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": [], "templating": { "list": [ @@ -1008,7 +1453,7 @@ data: "current": { "selected": false, "text": "Global-Hub-DataSource", - "value": "Global-Hub-DataSource" + "value": "P244538DD76A4C61D" }, "hide": 2, "includeAll": false, @@ -1112,8 +1557,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('NIST SP 800-53') ", + "value": " in ('NIST SP 800-53') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${standard}$$)>0 then $$ in ($standard) $$ else ' is null ' end", "hide": 2, @@ -1131,8 +1580,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('CM Configuration Management') ", + "value": " in ('CM Configuration Management') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${category}$$)>0 then $$ in ($category) $$ else ' is null ' end", "hide": 2, @@ -1150,8 +1603,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('CM-2 Baseline Configuration','CM-2 Baseline Configuration, CM-6 Configuration Settings') ", + "value": " in ('CM-2 Baseline Configuration','CM-2 Baseline Configuration, CM-6 Configuration Settings') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${control}$$)>0 then $$ in ($control) $$ else ' is null ' end", "hide": 2, diff --git a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-overview.yaml b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-overview.yaml index 486f76a2b..c5a612df5 100644 --- a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-overview.yaml +++ b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-overview.yaml @@ -22,7 +22,7 @@ data: "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 3, + "id": 4, "links": [ { "asDropdown": false, @@ -70,7 +70,8 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, @@ -93,9 +94,11 @@ data: "fields": "", "values": false }, - "textMode": "auto" + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -131,7 +134,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "fieldConfig": { @@ -157,7 +160,8 @@ data: } ] }, - "unit": "string" + "unit": "string", + "unitScale": true }, "overrides": [ { @@ -255,6 +259,11 @@ data: "index": 1, "text": "Not Compliant" }, + "pending": { + "color": "yellow", + "index": 3, + "text": "Pending" + }, "unknown": { "color": "yellow", "index": 2, @@ -315,7 +324,7 @@ data: } ] }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -325,7 +334,7 @@ data: "editorMode": "code", "format": "table", "rawQuery": true, - "rawSql": "WITH data AS (\nSELECT\n cluster_id,\n COUNT(CASE WHEN lc.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN lc.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN lc.compliance = 'compliant' THEN 1 END) AS \"compliant\"\nFROM\n local_status.compliance lc\nGROUP BY (cluster_id)\n),\ncompliance_data AS(\nSELECT cluster_id,\nCASE\n WHEN non_compliant > 0 THEN 'non_compliant'\n WHEN non_compliant = 0 AND unknown = 0 AND compliant > 0 THEN 'compliant'\n ELSE 'unknown'\nEND AS compliance\nFROM data\n)\nSELECT \nmc.leaf_hub_name,\nconsole_url as \"hub_console_url\",\nCASE\n WHEN length(grafana_url) =0 THEN NULL\n ELSE grafana_url || '/d/8Qvi3edMz/acm-resource-optimization-cluster?var-cluster=' || cluster_name\nEND AS hub_obs_url,\ncluster_name,\ncd.compliance\nFROM status.managed_clusters mc\nLEFT JOIN status.leaf_hubs lh\nON mc.leaf_hub_name=lh.leaf_hub_name\nLEFT JOIN compliance_data cd\nON mc.cluster_id = cd.cluster_id\nWHERE mc.deleted_at IS NULL AND lh.deleted_at IS NULL", + "rawSql": "WITH data AS (\nSELECT\n cluster_id,\n COUNT(CASE WHEN lc.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN lc.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN lc.compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN lc.compliance = 'compliant' THEN 1 END) AS \"compliant\"\nFROM\n local_status.compliance lc\nGROUP BY (cluster_id)\n),\ncompliance_data AS(\nSELECT cluster_id,\nCASE\n WHEN non_compliant > 0 THEN 'non_compliant'\n WHEN non_compliant = 0 AND pending > 0 THEN 'pending'\n WHEN non_compliant = 0 AND unknown = 0 AND compliant > 0 THEN 'compliant'\n ELSE 'unknown'\nEND AS compliance\nFROM data\n)\nSELECT \nmc.leaf_hub_name,\nconsole_url as \"hub_console_url\",\nCASE\n WHEN length(grafana_url) =0 THEN NULL\n ELSE grafana_url || '/d/8Qvi3edMz/acm-resource-optimization-cluster?var-cluster=' || cluster_name\nEND AS hub_obs_url,\ncluster_name,\ncd.compliance\nFROM status.managed_clusters mc\nLEFT JOIN status.leaf_hubs lh\nON mc.leaf_hub_name=lh.leaf_hub_name\nLEFT JOIN compliance_data cd\nON mc.cluster_id = cd.cluster_id\nWHERE mc.deleted_at IS NULL AND lh.deleted_at IS NULL", "refId": "A", "sql": { "columns": [ @@ -385,7 +394,8 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, @@ -408,9 +418,11 @@ data: "fields": "", "values": false }, - "textMode": "auto" + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -446,7 +458,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "fieldConfig": { @@ -475,7 +487,8 @@ data: "value": 80 } ] - } + }, + "unitScale": true }, "overrides": [ { @@ -562,6 +575,11 @@ data: "index": 1, "text": "Not Compliant" }, + "pending": { + "color": "yellow", + "index": 3, + "text": "Pending" + }, "unknown": { "color": "yellow", "index": 2, @@ -617,7 +635,7 @@ data: "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -627,7 +645,7 @@ data: "editorMode": "code", "format": "table", "rawQuery": true, - "rawSql": "WITH data AS (\nSELECT\n policy_id,\n COUNT(CASE WHEN lc.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN lc.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN lc.compliance = 'compliant' THEN 1 END) AS \"compliant\"\nFROM\n local_status.compliance lc\nGROUP BY (policy_id)\n),\ncompliance_data AS(\nSELECT policy_id,\nCASE\n WHEN non_compliant > 0 THEN 'non_compliant'\n WHEN non_compliant = 0 AND unknown = 0 AND compliant > 0 THEN 'compliant'\n ELSE 'unknown'\nEND AS compliance\nFROM data\n)\nSELECT \np.leaf_hub_name,\np.payload -> 'metadata' ->> 'namespace' as \"namespace\",\nconsole_url as \"hub_console_url\",\npolicy_name,\ncompliance\nFROM local_spec.policies p\nLEFT JOIN status.leaf_hubs lh\nON p.leaf_hub_name=lh.leaf_hub_name\nLEFT JOIN compliance_data cd\nON p.policy_id = cd.policy_id\nwhere p.deleted_at IS NULL AND lh.deleted_at IS NULL", + "rawSql": "WITH data AS (\nSELECT\n policy_id,\n COUNT(CASE WHEN lc.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN lc.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN lc.compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN lc.compliance = 'compliant' THEN 1 END) AS \"compliant\"\nFROM\n local_status.compliance lc\nGROUP BY (policy_id)\n),\ncompliance_data AS(\nSELECT policy_id,\nCASE\n WHEN non_compliant > 0 THEN 'non_compliant'\n WHEN non_compliant = 0 AND pending > 0 THEN 'pending'\n WHEN non_compliant = 0 AND pending=0 AND unknown = 0 AND compliant > 0 THEN 'compliant'\n ELSE 'unknown'\nEND AS compliance\nFROM data\n)\nSELECT \np.leaf_hub_name,\np.payload -> 'metadata' ->> 'namespace' as \"namespace\",\nconsole_url as \"hub_console_url\",\npolicy_name,\ncompliance\nFROM local_spec.policies p\nLEFT JOIN status.leaf_hubs lh\nON p.leaf_hub_name=lh.leaf_hub_name\nLEFT JOIN compliance_data cd\nON p.policy_id = cd.policy_id\nwhere p.deleted_at IS NULL AND lh.deleted_at IS NULL", "refId": "A", "sql": { "columns": [ @@ -683,7 +701,8 @@ data: "viz": false } }, - "mappings": [] + "mappings": [], + "unitScale": true }, "overrides": [ { @@ -795,7 +814,8 @@ data: "viz": false } }, - "mappings": [] + "mappings": [], + "unitScale": true }, "overrides": [ { @@ -889,7 +909,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "fieldConfig": { @@ -916,7 +936,8 @@ data: } ] }, - "unit": "percentunit" + "unit": "percentunit", + "unitScale": true }, "overrides": [] }, @@ -929,8 +950,10 @@ data: "id": 9, "options": { "displayMode": "basic", + "maxVizHeight": 300, "minVizHeight": 10, "minVizWidth": 0, + "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": [], @@ -938,13 +961,14 @@ data: "values": true }, "showUnfilled": true, + "sizing": "auto", "text": { "titleSize": 14, "valueSize": 18 }, "valueMode": "color" }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -954,7 +978,7 @@ data: "editorMode": "code", "format": "table", "rawQuery": true, - "rawSql": "WITH data AS (\nSELECT\n lc.leaf_hub_name,\n cluster_id,\n COUNT(CASE WHEN lc.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN lc.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN lc.compliance = 'compliant' THEN 1 END) AS \"compliant\"\nFROM\n local_status.compliance lc\nGROUP BY (lc.leaf_hub_name, cluster_id)\n),\ncluster_compliant_data AS(\nSELECT \n leaf_hub_name,\n cluster_id,\n CASE WHEN compliant > 0 AND unknown=0 AND non_compliant=0 THEN 1 ELSE 0 END AS \"cluster_compliant\"\nFROM data\n)\nSELECT \n leaf_hub_name,\n SUM(cluster_compliant)::float/COUNT(*) AS \"compliant_percentage\"\nFROM\ncluster_compliant_data\nGROUP BY leaf_hub_name", + "rawSql": "WITH data AS (\nSELECT\n lc.leaf_hub_name,\n cluster_id,\n COUNT(CASE WHEN lc.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN lc.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN lc.compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN lc.compliance = 'compliant' THEN 1 END) AS \"compliant\"\nFROM\n local_status.compliance lc\nGROUP BY (lc.leaf_hub_name, cluster_id)\n),\ncluster_compliant_data AS(\nSELECT \n leaf_hub_name,\n cluster_id,\n CASE WHEN compliant > 0 AND unknown=0 AND pending=0 AND non_compliant=0 THEN 1 ELSE 0 END AS \"cluster_compliant\"\nFROM data\n)\nSELECT \n leaf_hub_name,\n SUM(cluster_compliant)::float/COUNT(*) AS \"compliant_percentage\"\nFROM\ncluster_compliant_data\nGROUP BY leaf_hub_name", "refId": "A", "sql": { "columns": [ @@ -980,7 +1004,7 @@ data: }, { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "P244538DD76A4C61D" }, "fieldConfig": { @@ -1007,7 +1031,8 @@ data: } ] }, - "unit": "percentunit" + "unit": "percentunit", + "unitScale": true }, "overrides": [] }, @@ -1020,8 +1045,10 @@ data: "id": 10, "options": { "displayMode": "basic", + "maxVizHeight": 300, "minVizHeight": 10, "minVizWidth": 0, + "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": [], @@ -1029,13 +1056,14 @@ data: "values": true }, "showUnfilled": true, + "sizing": "auto", "text": { "titleSize": 14, "valueSize": 18 }, "valueMode": "color" }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -1045,7 +1073,7 @@ data: "editorMode": "code", "format": "table", "rawQuery": true, - "rawSql": "WITH data AS (\nSELECT\n lc.leaf_hub_name,\n policy_id,\n COUNT(CASE WHEN lc.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN lc.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN lc.compliance = 'compliant' THEN 1 END) AS \"compliant\"\nFROM\n local_status.compliance lc\nGROUP BY (lc.leaf_hub_name, policy_id)\n),\npolicy_compliant_data AS(\nSELECT \n leaf_hub_name,\n policy_id,\n CASE WHEN compliant > 0 AND unknown=0 AND non_compliant=0 THEN 1 ELSE 0 END AS \"policy_compliant\"\nFROM data\n)\nSELECT \n leaf_hub_name,\n SUM(policy_compliant)::float/COUNT(*) AS \"compliant_percentage\"\nFROM\npolicy_compliant_data\nGROUP BY leaf_hub_name", + "rawSql": "WITH data AS (\nSELECT\n lc.leaf_hub_name,\n policy_id,\n COUNT(CASE WHEN lc.compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN lc.compliance = 'unknown' THEN 1 END) AS \"unknown\",\n COUNT(CASE WHEN lc.compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN lc.compliance = 'compliant' THEN 1 END) AS \"compliant\"\nFROM\n local_status.compliance lc\nGROUP BY (lc.leaf_hub_name, policy_id)\n),\npolicy_compliant_data AS(\nSELECT \n leaf_hub_name,\n policy_id,\n CASE WHEN compliant > 0 AND unknown=0 AND pending=0 AND non_compliant=0 THEN 1 ELSE 0 END AS \"policy_compliant\"\nFROM data\n)\nSELECT \n leaf_hub_name,\n SUM(policy_compliant)::float/COUNT(*) AS \"compliant_percentage\"\nFROM\npolicy_compliant_data\nGROUP BY leaf_hub_name", "refId": "A", "sql": { "columns": [ @@ -1071,8 +1099,7 @@ data: } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": [], "templating": { "list": [] diff --git a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-policy-group-compliancy-overview.yaml b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-policy-group-compliancy-overview.yaml index 45f3fbe8e..2f60e1040 100644 --- a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-policy-group-compliancy-overview.yaml +++ b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-policy-group-compliancy-overview.yaml @@ -6,7 +6,10 @@ data: "list": [ { "builtIn": 1, - "datasource": "-- Grafana --", + "datasource": { + "type": "datasource", + "uid": "grafana" + }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", @@ -22,10 +25,9 @@ data: ] }, "editable": true, - "gnetId": null, + "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 2, - "iteration": 1687542417113, + "id": 5, "links": [ { "asDropdown": false, @@ -40,9 +42,13 @@ data: "url": "d/b67e0727891f4121ae2dde09671520ae/global-hub-offending-policies?orgId=1" } ], + "liveNow": false, "panels": [ { - "datasource": "${datasource}", + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "${datasource}" + }, "description": "Aggregated policy group trend by standard, category, and control (Data updated once a day).", "fieldConfig": { "defaults": { @@ -50,6 +56,9 @@ data: "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, @@ -61,6 +70,7 @@ data: "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -100,7 +110,8 @@ data: } ] }, - "unit": "percentunit" + "unit": "percentunit", + "unitScale": true }, "overrides": [] }, @@ -115,20 +126,26 @@ data: "legend": { "calcs": [], "displayMode": "list", - "placement": "bottom" + "placement": "bottom", + "showLegend": true }, "tooltip": { - "mode": "single" + "mode": "single", + "sort": "none" } }, "pluginVersion": "8.5.20", "targets": [ { + "datasource": { + "uid": "${datasource}" + }, + "editorMode": "code", "format": "time_series", "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data as(\n WITH renamedata as (\n SELECT\n ch.compliance_date AS \"time\",\n p.policy_standard AS \"standard\",\n p.policy_category AS \"category\",\n p.policy_control AS \"control\",\n ch.compliance\n FROM\n local_spec.policies p\n INNER JOIN\n history.local_compliance ch ON p.policy_id = ch.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n AND\n ch.cluster_id IS NOT NULL\n )\n SELECT \n time,\n $group,\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n renamedata\n GROUP BY (time, $group)\n)\nSELECT\n time,\n $group as \"metric\",\n compliant::float / NULLIF((compliant::float + non_compliant + unknown), 0) as \"value\"\nFROM\n data\nORDER BY\n time", + "rawSql": "WITH data as(\n WITH renamedata as (\n SELECT\n ch.compliance_date AS \"time\",\n p.policy_standard AS \"standard\",\n p.policy_category AS \"category\",\n p.policy_control AS \"control\",\n ch.compliance\n FROM\n local_spec.policies p\n INNER JOIN\n history.local_compliance ch ON p.policy_id = ch.policy_id\n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n p.policy_standard ${standard_query:raw} AND p.policy_category ${category_query:raw} AND p.policy_control ${control_query:raw}\n AND\n ch.cluster_id IS NOT NULL\n )\n SELECT \n time,\n $group,\n COUNT(CASE WHEN compliance = 'compliant' THEN 1 END) AS \"compliant\",\n COUNT(CASE WHEN compliance = 'non_compliant' THEN 1 END) AS \"non_compliant\",\n COUNT(CASE WHEN compliance = 'pending' THEN 1 END) AS \"pending\",\n COUNT(CASE WHEN compliance = 'unknown' THEN 1 END) AS \"unknown\"\n FROM\n renamedata\n GROUP BY (time, $group)\n)\nSELECT\n time,\n $group as \"metric\",\n compliant::float / NULLIF((compliant::float + non_compliant + unknown + pending), 0) as \"value\"\nFROM\n data\nORDER BY\n time", "refId": "A", "select": [ [ @@ -140,6 +157,23 @@ data: } ] ], + "sql": { + "columns": [ + { + "parameters": [], + "type": "function" + } + ], + "groupBy": [ + { + "property": { + "type": "string" + }, + "type": "groupBy" + } + ], + "limit": 50 + }, "timeColumn": "time", "where": [ { @@ -155,8 +189,7 @@ data: } ], "refresh": "", - "schemaVersion": 30, - "style": "dark", + "schemaVersion": 39, "tags": [], "templating": { "list": [ @@ -164,13 +197,10 @@ data: "current": { "selected": false, "text": "Global-Hub-DataSource", - "value": "Global-Hub-DataSource" + "value": "P244538DD76A4C61D" }, - "description": null, - "error": null, "hide": 2, "includeAll": false, - "label": null, "multi": false, "name": "datasource", "options": [], @@ -182,7 +212,6 @@ data: "type": "datasource" }, { - "allValue": null, "current": { "selected": true, "text": [ @@ -192,10 +221,12 @@ data: "$__all" ] }, - "datasource": "${datasource}", + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "${datasource}" + }, "definition": "WITH compcluster as(\n SELECT DISTINCT policy_id\n FROM\n history.local_compliance ch\n WHERE\n $__timeFilter(ch.compliance_date)\n)\nSELECT\n DISTINCT policy_standard\nFROM\n local_spec.policies p\nJOIN\n compcluster ch \nON\n p.policy_id = ch.policy_id\nWHERE\npolicy_standard IS NOT NULL;", "description": "Cluster policy standards", - "error": null, "hide": 0, "includeAll": true, "label": "Standard", @@ -210,7 +241,6 @@ data: "type": "query" }, { - "allValue": null, "current": { "selected": true, "text": [ @@ -220,10 +250,12 @@ data: "$__all" ] }, - "datasource": "${datasource}", + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "${datasource}" + }, "definition": "WITH compcluster as(\n SELECT DISTINCT policy_id\n FROM\n history.local_compliance ch\n WHERE\n $__timeFilter(ch.compliance_date)\n)\nSELECT\n DISTINCT policy_category\nFROM\n local_spec.policies p\nJOIN\n compcluster ch \nON\n p.policy_id = ch.policy_id\nWHERE\n policy_standard IN ($standard) \nAND\n policy_category IS NOT NULL", "description": "Cluster policy categories", - "error": null, "hide": 0, "includeAll": true, "label": "Category", @@ -238,7 +270,6 @@ data: "type": "query" }, { - "allValue": null, "current": { "selected": true, "text": [ @@ -248,10 +279,12 @@ data: "$__all" ] }, - "datasource": "${datasource}", + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "${datasource}" + }, "definition": "WITH compcluster as(\n SELECT DISTINCT policy_id\n FROM\n history.local_compliance ch\n WHERE\n $__timeFilter(ch.compliance_date)\n)\nSELECT\n DISTINCT policy_control\nFROM\n local_spec.policies p\nJOIN\n compcluster ch \nON\n p.policy_id = ch.policy_id\nWHERE\n policy_standard IN ($standard)\nAND\n policy_category IN ($category)\nAND\n policy_control IS NOT NULL", "description": "Cluster policy controls", - "error": null, "hide": 0, "includeAll": true, "label": "Control", @@ -266,14 +299,12 @@ data: "type": "query" }, { - "allValue": null, "current": { - "selected": true, + "selected": false, "text": "standard", "value": "standard" }, "description": "Filter priority for policy grouping on the x-axis.", - "error": null, "hide": 0, "includeAll": false, "label": "x-axis Group", @@ -281,7 +312,7 @@ data: "name": "group", "options": [ { - "selected": true, + "selected": false, "text": "category", "value": "category" }, @@ -291,7 +322,7 @@ data: "value": "control" }, { - "selected": false, + "selected": true, "text": "standard", "value": "standard" } @@ -304,8 +335,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('NIST SP 800-53') ", + "value": " in ('NIST SP 800-53') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${standard}$$)>0 then $$ in ($standard) $$ else ' is null ' end", "hide": 2, @@ -323,8 +358,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('CM Configuration Management') ", + "value": " in ('CM Configuration Management') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${category}$$)>0 then $$ in ($category) $$ else ' is null ' end", "hide": 2, @@ -342,8 +381,12 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('CM-2 Baseline Configuration','CM-2 Baseline Configuration, CM-6 Configuration Settings') ", + "value": " in ('CM-2 Baseline Configuration','CM-2 Baseline Configuration, CM-6 Configuration Settings') " + }, + "datasource": { + "type": "grafana-postgresql-datasource", + "uid": "P244538DD76A4C61D" }, "definition": "select case when length($$${control}$$)>0 then $$ in ($control) $$ else ' is null ' end", "hide": 2, @@ -368,7 +411,8 @@ data: "timezone": "utc", "title": "Global Hub - Policy Group Compliancy Overview", "uid": "9bb3bee6a17e47f9a231f6d77f2408fa", - "version": 1 + "version": 1, + "weekStart": "" } kind: ConfigMap metadata: diff --git a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-whats-changed-clusters.yaml b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-whats-changed-clusters.yaml index 7e9f4ce88..422a980f1 100644 --- a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-whats-changed-clusters.yaml +++ b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-whats-changed-clusters.yaml @@ -27,7 +27,7 @@ data: "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 8, + "id": 6, "links": [ { "asDropdown": false, @@ -46,7 +46,7 @@ data: "panels": [ { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "${datasource}" }, "fieldConfig": { @@ -56,6 +56,12 @@ data: }, "custom": { "fillOpacity": 70, + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, "lineWidth": 0, "spanNulls": false }, @@ -98,12 +104,17 @@ data: "value": 1 }, { - "color": "red", + "color": "orange", "value": 2 + }, + { + "color": "red", + "value": 3 } ] }, - "unit": "none" + "unit": "none", + "unitScale": true }, "overrides": [] }, @@ -140,7 +151,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data as (\n SELECT \n $__timeGroupAlias(lc.compliance_date, $__interval),\n p.policy_name,\n CASE WHEN lc.compliance = 'non_compliant' THEN 2\n WHEN lc.compliance = 'unknown' THEN 1\n WHEN lc.compliance = 'compliant' THEN 0\n END AS \"compliance\"\n FROM\n history.local_compliance lc\n INNER JOIN\n local_spec.policies p ON lc.policy_id = p.policy_id\n INNER JOIN\n status.managed_clusters mc ON lc.cluster_id = mc.cluster_id \n WHERE\n $__timeFilter(lc.compliance_date)\n AND\n mc.cluster_name = '$cluster'\n AND \n lc.leaf_hub_name IN ( $all_hubs ) \n AND \n mc.leaf_hub_name IN ( $all_hubs )\n AND\n p.payload -> 'metadata' ->> 'namespace' ${namespace_query:raw}\n AND\n p.policy_name ${policy_query:raw}\n),\norderclusters as (\n SELECT\n policy_name,\n ROW_NUMBER () OVER (ORDER BY SUM(compliance) DESC) as row_number\n FROM\n data\n GROUP BY(policy_name)\n)\nSELECT\n time,\n dc.policy_name as \"metric\",\n compliance as \"value\"\nFROM\n orderclusters tc\nJOIN\n data dc on dc.policy_name = tc.policy_name\nWHERE\n tc.row_number >= $topleft AND tc.row_number <= $topright\nORDER BY (time)", + "rawSql": "WITH data as (\n SELECT \n $__timeGroupAlias(lc.compliance_date, $__interval),\n p.policy_name,\n CASE WHEN lc.compliance = 'non_compliant' THEN 3\n WHEN lc.compliance = 'pending' THEN 2\n WHEN lc.compliance = 'unknown' THEN 1\n WHEN lc.compliance = 'compliant' THEN 0\n END AS \"compliance\"\n FROM\n history.local_compliance lc\n INNER JOIN\n local_spec.policies p ON lc.policy_id = p.policy_id\n INNER JOIN\n status.managed_clusters mc ON lc.cluster_id = mc.cluster_id \n WHERE\n $__timeFilter(lc.compliance_date)\n AND\n mc.cluster_name = '$cluster'\n AND \n lc.leaf_hub_name IN ( $all_hubs ) \n AND \n mc.leaf_hub_name IN ( $all_hubs )\n AND\n p.payload -> 'metadata' ->> 'namespace' ${namespace_query:raw}\n AND\n p.policy_name ${policy_query:raw}\n),\norderclusters as (\n SELECT\n policy_name,\n ROW_NUMBER () OVER (ORDER BY SUM(compliance) DESC) as row_number\n FROM\n data\n GROUP BY(policy_name)\n)\nSELECT\n time,\n dc.policy_name as \"metric\",\n compliance as \"value\"\nFROM\n orderclusters tc\nJOIN\n data dc on dc.policy_name = tc.policy_name\nWHERE\n tc.row_number >= $topleft AND tc.row_number <= $topright\nORDER BY (time)", "refId": "A", "select": [ [ @@ -234,7 +245,8 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [ { @@ -317,7 +329,7 @@ data: "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -442,7 +454,8 @@ data: "value": 80 } ] - } + }, + "unitScale": true }, "overrides": [ { @@ -581,7 +594,7 @@ data: } ] }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -664,8 +677,7 @@ data: } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": [], "templating": { "list": [ @@ -673,7 +685,7 @@ data: "current": { "selected": false, "text": "Global-Hub-DataSource", - "value": "Global-Hub-DataSource" + "value": "P244538DD76A4C61D" }, "hide": 2, "includeAll": false, @@ -690,8 +702,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "mc1", + "value": "mc1" }, "datasource": { "type": "postgres", @@ -739,8 +751,8 @@ data: { "current": { "selected": false, - "text": "cluster-1", - "value": "cluster-1" + "text": "managed-c1", + "value": "managed-c1" }, "datasource": { "type": "postgres", @@ -834,8 +846,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "5", + "value": "5" }, "datasource": { "type": "postgres", @@ -858,8 +870,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "1", + "value": "1" }, "datasource": { "type": "postgres", @@ -881,8 +893,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "https://console-openshift-console.apps.obs-hub-of-hubs-aws-414-sno-t55kq.scale.red-chesterfield.com", + "value": "https://console-openshift-console.apps.obs-hub-of-hubs-aws-414-sno-t55kq.scale.red-chesterfield.com" }, "datasource": { "type": "postgres", @@ -960,8 +972,8 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('policy-1','te-un1','po-pending','po-pending-1','po-4') ", + "value": " in ('policy-1','te-un1','po-pending','po-pending-1','po-4') " }, "datasource": { "type": "postgres", @@ -983,8 +995,8 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('open-cluster-management-global-set') ", + "value": " in ('open-cluster-management-global-set') " }, "datasource": { "type": "postgres", diff --git a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-whats-changed-policies.yaml b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-whats-changed-policies.yaml index 553af3622..5de63a6d0 100644 --- a/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-whats-changed-policies.yaml +++ b/operator/pkg/controllers/hubofhubs/manifests/grafana/acm-global-whats-changed-policies.yaml @@ -27,7 +27,7 @@ data: "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 9, + "id": 7, "links": [ { "asDropdown": false, @@ -46,7 +46,7 @@ data: "panels": [ { "datasource": { - "type": "postgres", + "type": "grafana-postgresql-datasource", "uid": "${datasource}" }, "fieldConfig": { @@ -56,6 +56,12 @@ data: }, "custom": { "fillOpacity": 70, + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, "lineWidth": 0, "spanNulls": false }, @@ -98,12 +104,17 @@ data: "value": 1 }, { - "color": "red", + "color": "orange", "value": 2 + }, + { + "color": "red", + "value": 3 } ] }, - "unit": "none" + "unit": "none", + "unitScale": true }, "overrides": [] }, @@ -140,7 +151,7 @@ data: "group": [], "metricColumn": "none", "rawQuery": true, - "rawSql": "WITH data as (\n SELECT \n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_name,\n CASE WHEN ch.compliance = 'non_compliant' THEN 2\n WHEN ch.compliance = 'unknown' THEN 1\n WHEN ch.compliance = 'compliant' THEN 0\n END AS \"compliance\"\n FROM\n history.local_compliance ch\n INNER JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id \n INNER JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id \n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n policy_name = '$policy'\n AND \n ch.leaf_hub_name IN ( $all_hubs ) \n AND \n p.leaf_hub_name IN ( $all_hubs ) \n AND \n mc.leaf_hub_name IN ( $all_hubs ) \n AND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\n AND\n mc.cluster_name ${cluster_query:raw}\n),\norderclusters as (\n SELECT\n cluster_name,\n ROW_NUMBER () OVER (ORDER BY SUM(compliance) DESC) as row_number\n FROM\n data\n GROUP BY(cluster_name)\n)\nSELECT\n time,\n dc.cluster_name as \"metric\",\n compliance as \"value\"\nFROM\n orderclusters tc\nJOIN\n data dc on dc.cluster_name = tc.cluster_name\nWHERE\n tc.row_number >= $topleft AND tc.row_number <= $topright\nORDER BY (time)", + "rawSql": "WITH data as (\n SELECT \n $__timeGroupAlias(ch.compliance_date, $__interval),\n mc.cluster_name,\n CASE WHEN ch.compliance = 'non_compliant' THEN 3\n WHEN ch.compliance = 'pending' THEN 2\n WHEN ch.compliance = 'unknown' THEN 1\n WHEN ch.compliance = 'compliant' THEN 0\n END AS \"compliance\"\n FROM\n history.local_compliance ch\n INNER JOIN\n local_spec.policies p ON ch.policy_id = p.policy_id \n INNER JOIN\n status.managed_clusters mc ON ch.cluster_id = mc.cluster_id \n WHERE\n $__timeFilter(ch.compliance_date)\n AND\n policy_name = '$policy'\n AND \n ch.leaf_hub_name IN ( $all_hubs ) \n AND \n p.leaf_hub_name IN ( $all_hubs ) \n AND \n mc.leaf_hub_name IN ( $all_hubs ) \n AND\n p.payload -> 'metadata' ->> 'namespace' = '$namespace'\n AND\n mc.cluster_name ${cluster_query:raw}\n),\norderclusters as (\n SELECT\n cluster_name,\n ROW_NUMBER () OVER (ORDER BY SUM(compliance) DESC) as row_number\n FROM\n data\n GROUP BY(cluster_name)\n)\nSELECT\n time,\n dc.cluster_name as \"metric\",\n compliance as \"value\"\nFROM\n orderclusters tc\nJOIN\n data dc on dc.cluster_name = tc.cluster_name\nWHERE\n tc.row_number >= $topleft AND tc.row_number <= $topright\nORDER BY (time)", "refId": "A", "select": [ [ @@ -234,7 +245,8 @@ data: "value": null } ] - } + }, + "unitScale": true }, "overrides": [ { @@ -317,7 +329,7 @@ data: "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -440,7 +452,8 @@ data: "value": 80 } ] - } + }, + "unitScale": true }, "overrides": [ { @@ -579,7 +592,7 @@ data: } ] }, - "pluginVersion": "9.5.6", + "pluginVersion": "10.3.3", "targets": [ { "datasource": { @@ -662,8 +675,7 @@ data: } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": [], "templating": { "list": [ @@ -671,7 +683,7 @@ data: "current": { "selected": false, "text": "Global-Hub-DataSource", - "value": "Global-Hub-DataSource" + "value": "P244538DD76A4C61D" }, "hide": 2, "includeAll": false, @@ -688,8 +700,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "mc1", + "value": "mc1" }, "datasource": { "type": "postgres", @@ -766,8 +778,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "po-4", + "value": "po-4" }, "datasource": { "type": "postgres", @@ -789,7 +801,7 @@ data: }, { "current": { - "selected": true, + "selected": false, "text": "1:10", "value": "1:10" }, @@ -861,8 +873,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "1", + "value": "1" }, "datasource": { "type": "postgres", @@ -884,8 +896,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "-8", + "value": "-8" }, "datasource": { "type": "postgres", @@ -907,8 +919,8 @@ data: { "current": { "selected": false, - "text": "", - "value": "" + "text": "https://console-openshift-console.apps.obs-hub-of-hubs-aws-414-sno-t55kq.scale.red-chesterfield.com", + "value": "https://console-openshift-console.apps.obs-hub-of-hubs-aws-414-sno-t55kq.scale.red-chesterfield.com" }, "datasource": { "type": "postgres", @@ -958,8 +970,8 @@ data: { "current": { "selected": false, - "text": " is null ", - "value": " is null " + "text": " in ('managed-c1') ", + "value": " in ('managed-c1') " }, "datasource": { "type": "postgres", diff --git a/operator/pkg/controllers/hubofhubs/upgrade/1.upgrade.sql b/operator/pkg/controllers/hubofhubs/upgrade/1.upgrade.sql index cefb531fe..b1153b15b 100644 --- a/operator/pkg/controllers/hubofhubs/upgrade/1.upgrade.sql +++ b/operator/pkg/controllers/hubofhubs/upgrade/1.upgrade.sql @@ -8,4 +8,8 @@ ALTER TABLE status.leaf_hub_heartbeats ADD COLUMN IF NOT EXISTS status VARCHAR(1 CREATE INDEX IF NOT EXISTS leaf_hub_heartbeats_leaf_hub_status_idx ON status.leaf_hub_heartbeats(status); ALTER TABLE history.local_compliance DROP CONSTRAINT IF EXISTS local_policies_unique_constraint; -ALTER TABLE history.local_compliance ADD CONSTRAINT local_policies_unique_constraint UNIQUE (leaf_hub_name, policy_id, cluster_id, compliance_date); \ No newline at end of file +ALTER TABLE history.local_compliance ADD CONSTRAINT local_policies_unique_constraint UNIQUE (leaf_hub_name, policy_id, cluster_id, compliance_date); + +---- Handle Upgrade from 1.1 to 1.2 +ALTER TYPE status.compliance_type ADD VALUE IF NOT EXISTS 'pending'; +ALTER TYPE local_status.compliance_type ADD VALUE IF NOT EXISTS 'pending'; diff --git a/pkg/bundle/grc/complete_compliance_bundle.go b/pkg/bundle/grc/complete_compliance_bundle.go index 23d432ae8..5b9df017d 100644 --- a/pkg/bundle/grc/complete_compliance_bundle.go +++ b/pkg/bundle/grc/complete_compliance_bundle.go @@ -5,6 +5,7 @@ type CompleteCompliance struct { NamespacedName string `json:"-"` // need it to delete obj from bundle for local resources. NonCompliantClusters []string `json:"nonCompliantClusters"` UnknownComplianceClusters []string `json:"unknownComplianceClusters"` + PendingComplianceClusters []string `json:"pendingComplianceClusters"` } type CompleteComplianceBundle []CompleteCompliance diff --git a/pkg/bundle/grc/compliance_bundle.go b/pkg/bundle/grc/compliance_bundle.go index df8268b6a..080f55918 100644 --- a/pkg/bundle/grc/compliance_bundle.go +++ b/pkg/bundle/grc/compliance_bundle.go @@ -6,6 +6,7 @@ type Compliance struct { CompliantClusters []string `json:"compliantClusters"` NonCompliantClusters []string `json:"nonCompliantClusters"` UnknownComplianceClusters []string `json:"unknownComplianceClusters"` + PendingComplianceClusters []string `json:"pendingComplianceClusters"` } type ComplianceBundle []Compliance diff --git a/pkg/database/common/util.go b/pkg/database/common/util.go index 890281591..2a6179c82 100644 --- a/pkg/database/common/util.go +++ b/pkg/database/common/util.go @@ -16,6 +16,8 @@ func GetDatabaseCompliance(PolicyCompliance string) database.ComplianceStatus { status = database.Compliant case string(policyv1.NonCompliant): status = database.NonCompliant + case string(policyv1.Pending): + status = database.Pending default: log.Printf("unknown compliance status: %s", PolicyCompliance) } diff --git a/pkg/database/constants.go b/pkg/database/constants.go index 1d6bd69d2..f84618e72 100644 --- a/pkg/database/constants.go +++ b/pkg/database/constants.go @@ -64,6 +64,8 @@ const ( Compliant ComplianceStatus = "compliant" // Unknown unknown compliance state. Unknown ComplianceStatus = "unknown" + // Pending state + Pending ComplianceStatus = "pending" ) // unique db types.