From b03c04467bcb6c919f7700df8de3a8be0400cdc2 Mon Sep 17 00:00:00 2001 From: Yi Rae Kim Date: Fri, 20 Dec 2024 12:15:00 -0500 Subject: [PATCH] Add the 'rules' property to the PolicyReport result (#365) Ref: https://issues.redhat.com/browse/ACM-15958 Signed-off-by: yiraeChristineKim --- pkg/transforms/policyreport.go | 18 ++++++++++++++---- pkg/transforms/policyreport_test.go | 13 +++++++++---- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/pkg/transforms/policyreport.go b/pkg/transforms/policyreport.go index 601712ca..0186475c 100644 --- a/pkg/transforms/policyreport.go +++ b/pkg/transforms/policyreport.go @@ -26,6 +26,7 @@ type PolicyReport struct { // ReportResults rule violation results type ReportResults struct { Policy string `json:"policy"` + Rule string `json:"rule,omitempty"` Message string `json:"message"` Category string `json:"category"` Result string `json:"result"` @@ -78,6 +79,7 @@ func PolicyReportResourceBuilder(pr *PolicyReport) *PolicyReportResource { // Extract the properties specific to this type categoryMap := make(map[string]struct{}) policies := sets.Set[string]{} + rules := sets.Set[string]{} critical := 0 important := 0 moderate := 0 @@ -89,7 +91,12 @@ func PolicyReportResourceBuilder(pr *PolicyReport) *PolicyReportResource { for _, category := range strings.Split(result.Category, ",") { categoryMap[category] = struct{}{} } + policies.Insert(result.Policy) + if result.Rule != "" { + rules.Insert(result.Rule) + } + switch result.Properties.TotalRisk { case "4": critical++ @@ -117,8 +124,11 @@ func PolicyReportResourceBuilder(pr *PolicyReport) *PolicyReportResource { policyList := policies.UnsortedList() sort.Strings(policyList) - // "rules" is incorrect since there is a "rule" field in the results, but this is kept for backwards compatibility - node.Properties["rules"] = policyList + ruleList := rules.UnsortedList() + sort.Strings(ruleList) + + node.Properties["rules"] = ruleList + node.Properties["policies"] = policyList node.Properties["category"] = categories node.Properties["critical"] = critical node.Properties["important"] = important @@ -144,8 +154,8 @@ func (pr PolicyReportResource) BuildEdges(ns NodeStore) []Edge { return edges } - // "rules" represents the policies - for _, policy := range pr.node.Properties["rules"].([]string) { + // "policies" represents the policies + for _, policy := range pr.node.Properties["policies"].([]string) { var kind, namespace, name string splitPolicy := strings.SplitN(policy, "/", 2) diff --git a/pkg/transforms/policyreport_test.go b/pkg/transforms/policyreport_test.go index 5c017704..df92a183 100644 --- a/pkg/transforms/policyreport_test.go +++ b/pkg/transforms/policyreport_test.go @@ -17,7 +17,8 @@ func TestTransformPolicyReport(t *testing.T) { // Test unique fields that exist in policy report and are shown in UI - the common test will test the other bits AssertDeepEqual("category Length", len(node.Properties["category"].([]string)), 5, t) - AssertDeepEqual("rules", node.Properties["rules"], []string{"policyreport testing risk 1 policy", "policyreport testing risk 2 policy"}, t) + AssertDeepEqual("policies", node.Properties["policies"], []string{"policyreport testing risk 1 policy", "policyreport testing risk 2 policy"}, t) + AssertDeepEqual("rules", len(node.Properties["rules"].([]string)), 0, t) AssertDeepEqual("numRuleViolations", node.Properties["numRuleViolations"], 2, t) AssertDeepEqual("critical", node.Properties["critical"], 0, t) AssertDeepEqual("important", node.Properties["important"], 0, t) @@ -37,8 +38,10 @@ func TestTransformKyvernoClusterPolicyReport(t *testing.T) { UnmarshalFile("kyverno-clusterpolicyreport.json", &pr, t) node := PolicyReportResourceBuilder(&pr).BuildNode() + AssertDeepEqual("apiversion", node.Properties["apiversion"].(string), "v1alpha2", t) AssertDeepEqual("category", node.Properties["category"].([]string), []string{"Kubecost"}, t) - AssertDeepEqual("rules", node.Properties["rules"], []string{"no-label-of-monkey", "require-kubecost-labels"}, t) + AssertDeepEqual("policies", node.Properties["policies"], []string{"no-label-of-monkey", "require-kubecost-labels"}, t) + AssertDeepEqual("rules", node.Properties["rules"], []string{"no-monkey", "require-labels"}, t) // 1 failure and 1 error AssertDeepEqual("numRuleViolations", node.Properties["numRuleViolations"], 2, t) expected := map[string]int{"require-kubecost-labels": 2, "no-label-of-monkey": 0} @@ -51,12 +54,14 @@ func TestTransformKyvernoPolicyReport(t *testing.T) { node := PolicyReportResourceBuilder(&pr).BuildNode() AssertDeepEqual("category", node.Properties["category"].([]string), []string{"Kubecost"}, t) + AssertDeepEqual("apiversion", node.Properties["apiversion"].(string), "v1beta1", t) AssertDeepEqual( - "rules", - node.Properties["rules"], + "policies", + node.Properties["policies"], []string{"open-cluster-management-agent-addon/require-kubecost-labels", "require-kubecost-labels"}, t, ) + AssertDeepEqual("rules", node.Properties["rules"], []string{"require-labels"}, t) AssertDeepEqual("numRuleViolations", node.Properties["numRuleViolations"], 2, t) expected := map[string]int{ "require-kubecost-labels": 1,