Consistent behaviour across kyverno and kyverno json[Feature]

[anushkamittal2001]

Problem Statement

Today the responses of kyverno and kyverno json arent similar, they behave slightly differently. It makes sense that we have some basic consistent behaviour across the two with Kyverno Json as a child project.

Solution Description

we need some convergence of behaviors and at least common fields between our projects

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

• I have searched other issues in this repository and mine is not recorded.

[anushkamittal2001]

Today the Kyverno response looks like this:

type EngineResponse struct {
	// Resource is the original resource
	Resource unstructured.Unstructured
	// Policy is the original policy
	policy GenericPolicy
	// namespaceLabels given by policy context
	namespaceLabels map[string]string
	// PatchedResource is the resource patched with the engine action changes
	PatchedResource unstructured.Unstructured
	// PolicyResponse contains the engine policy response
	PolicyResponse PolicyResponse
	// stats contains engine statistics
	stats ExecutionStats
}
type PolicyResponse struct {
	// stats contains policy statistics
	stats PolicyStats
	// Rules contains policy rules responses
	Rules []RuleResponse
}
type RuleResponse struct {
	// name is the rule name specified in policy
	name string
	// ruleType is the rule type (Mutation,Generation,Validation) for Kyverno Policy
	ruleType RuleType
	// message is the message response from the rule application
	message string
	// status rule status
	status RuleStatus
	// stats contains rule statistics
	stats ExecutionStats
	// generatedResource is the generated by the generate rules of a policy
	generatedResource unstructured.Unstructured
	// patchedTarget is the patched resource for mutate.targets
	patchedTarget *unstructured.Unstructured
	// patchedTargetParentResourceGVR is the GVR of the parent resource of the PatchedTarget. This is only populated when PatchedTarget is a subresource.
	patchedTargetParentResourceGVR metav1.GroupVersionResource
	// patchedTargetSubresourceName is the name of the subresource which is patched, empty if the resource patched is not a subresource.
	patchedTargetSubresourceName string
	// podSecurityChecks contains pod security checks (only if this is a pod security rule)
	podSecurityChecks *PodSecurityChecks
	// exception is the exception applied (if any)
	exception *kyvernov2beta1.PolicyException
	// binding is the validatingadmissionpolicybinding (if any)
	binding *v1alpha1.ValidatingAdmissionPolicyBinding
	// emitWarning enable passing rule message as warning to api server warning header
	emitWarning bool
}

In kyverno json it looks like this:

type Response struct {
	Resource any
	Policies []PolicyResponse
}

type PolicyResponse struct {
	Policy *v1alpha1.ValidatingPolicy
	Rules  []RuleResponse
}

type RuleResponse struct {
	Rule       v1alpha1.ValidatingRule
	Timestamp  time.Time
	Identifier string
	Error      error
	Violations []matching.Result
}
type Result struct {
	field.ErrorList
	Message string
}

I think it makes sense to have some similarity in the two especially in the RuleResponse : rule status and message. New json engine struct could be something like this:

type Response struct {
	Resource any
	PolicyResponse []PolicyResponse
}

type PolicyResponse struct {
	Policy *v1alpha1.ValidatingPolicy
	Rules  []RuleResponse
}

type RuleResponse struct {
	Rule       v1alpha1.ValidatingRule
	Message    string
	Timestamp  time.Time
	Identifier string
	Status     RuleStatus
	Violations []matching.Result
}

[anushkamittal2001]

We can discuss what changes we could make further here.