implement exception controls

Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>
kyverno · Apr 3, 2024 · 1711d51 · 1711d51
1 parent 34f17de
commit 1711d51
Show file tree

Hide file tree

Showing 15 changed files with 92 additions and 101 deletions.
diff --git a/backend/go.mod b/backend/go.mod
@@ -3,34 +3,34 @@ module github.com/kyverno/policy-reporter-ui
 go 1.22
 
 require (
-	github.com/gin-contrib/cors v1.7.0
-	github.com/gin-contrib/gzip v0.0.6
-	github.com/gin-contrib/sessions v0.0.5
-	github.com/gin-contrib/zap v1.1.0
+	github.com/gin-contrib/cors v1.7.1
+	github.com/gin-contrib/gzip v1.0.0
+	github.com/gin-contrib/sessions v1.0.0
+	github.com/gin-contrib/zap v1.1.1
 	github.com/gin-gonic/gin v1.9.1
 	github.com/gorilla/sessions v1.2.2
 	github.com/gosimple/slug v1.14.0
-	github.com/kyverno/policy-reporter-plugins/sdk/api v0.0.0-20240325083038-a6ae859a1f9a
+	github.com/kyverno/policy-reporter-plugins/sdk/api v0.0.0-20240403084424-e8de40bf5c80
 	github.com/markbates/goth v1.79.0
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/viper v1.18.2
 	go.uber.org/zap v1.27.0
-	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
+	golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8
 	golang.org/x/sync v0.6.0
 	golang.org/x/text v0.14.0
-	k8s.io/api v0.29.2
-	k8s.io/apimachinery v0.29.2
-	k8s.io/client-go v0.29.2
+	k8s.io/api v0.29.3
+	k8s.io/apimachinery v0.29.3
+	k8s.io/client-go v0.29.3
 )
 
 require (
-	cloud.google.com/go/compute v1.25.0 // indirect
+	cloud.google.com/go/compute v1.25.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	github.com/bytedance/sonic v1.11.3 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
 	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
@@ -74,7 +74,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
@@ -100,7 +100,7 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 // indirect
 	k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect

diff --git a/backend/go.sum b/backend/go.sum
diff --git a/backend/pkg/server/api/mapper.go b/backend/pkg/server/api/mapper.go
@@ -14,7 +14,7 @@ func MapSourceCategoryTreeToNavi(sources []core.SourceCategoryTree) []Navigation
 	if len(sources) == 1 {
 		for _, category := range sources[0].Categories {
 			sourceBoards = append(sourceBoards, NavigationItem{
-				Title: category.Name,
+				Title: utils.Fallback(category.Name, "Other"),
 				Path:  fmt.Sprintf("/source/%s/%s", sources[0].Name, category.Name),
 			})
 		}
@@ -32,7 +32,7 @@ func MapSourceCategoryTreeToNavi(sources []core.SourceCategoryTree) []Navigation
 		} else if count == 1 {
 			sourceBoards = append(sourceBoards, NavigationItem{
 				Title:    utils.Title(source.Name),
-				Subtitle: source.Categories[0].Name,
+				Subtitle: utils.Fallback(source.Categories[0].Name, "Other"),
 				Path:     fmt.Sprintf("/source/%s/%s", source.Name, source.Categories[0].Name),
 			})
 		} else {
@@ -44,7 +44,7 @@ func MapSourceCategoryTreeToNavi(sources []core.SourceCategoryTree) []Navigation
 
 			for _, category := range source.Categories {
 				item.Children = append(item.Children, NavigationItem{
-					Title: category.Name,
+					Title: utils.Fallback(category.Name, "Other"),
 					Path:  fmt.Sprintf("/source/%s/%s", source.Name, category.Name),
 				})
 			}

diff --git a/backend/pkg/service/model.go b/backend/pkg/service/model.go
@@ -120,9 +120,14 @@ type PolicyDetails struct {
 	Exceptions  bool         `json:"exceptions"`
 }
 
+type ExceptionRule struct {
+	Name  string            `json:"name"`
+	Props map[string]string `json:"props"`
+}
+
 type ExceptionPolicy struct {
-	Name  string   `json:"name"`
-	Rules []string `json:"rules"`
+	Name  string          `json:"name"`
+	Rules []ExceptionRule `json:"rules"`
 }
 
 type ExceptionRequest struct {

diff --git a/backend/pkg/service/service.go b/backend/pkg/service/service.go
@@ -208,12 +208,12 @@ func (s *Service) CreateException(ctx context.Context, req ExceptionRequest) (*p
 			return nil, fmt.Errorf("failed to get resource results: %w", err)
 		}
 
-		results := make(map[string][]string, 0)
+		results := make(map[string][]ExceptionRule, 0)
 		for _, r := range list.Items {
 			if _, ok := results[r.Policy]; ok {
-				results[r.Policy] = append(results[r.Policy], r.Rule)
+				results[r.Policy] = append(results[r.Policy], ExceptionRule{Name: r.Rule, Props: r.Properties})
 			} else {
-				results[r.Policy] = []string{r.Rule}
+				results[r.Policy] = []ExceptionRule{{Name: r.Rule, Props: r.Properties}}
 			}
 		}
 
@@ -235,8 +235,13 @@ func (s *Service) CreateException(ctx context.Context, req ExceptionRequest) (*p
 		},
 		Policies: utils.Map(req.Policies, func(p ExceptionPolicy) *pluginAPI.ExceptionPolicy {
 			return &pluginAPI.ExceptionPolicy{
-				Name:  p.Name,
-				Rules: p.Rules,
+				Name: p.Name,
+				Rules: utils.Map(p.Rules, func(rule ExceptionRule) pluginAPI.ExceptionRule {
+					return pluginAPI.ExceptionRule{
+						Name:  rule.Name,
+						Props: rule.Props,
+					}
+				}),
 			}
 		}),
 	}

diff --git a/backend/pkg/utils/fallback.go b/backend/pkg/utils/fallback.go
@@ -0,0 +1,9 @@
+package utils
+
+func Fallback(s, f string) string {
+	if s != "" {
+		return s
+	}
+
+	return f
+}
diff --git a/frontend/bun.lockb b/frontend/bun.lockb
diff --git a/frontend/modules/core/api.ts b/frontend/modules/core/api.ts
@@ -15,7 +15,11 @@ import {
   type Profile,
   type LayoutConfig,
   type Dashboard,
-  type ResourceDetails, type SourceDetails, type PolicyDetails, type ExceptionResponse
+  type ResourceDetails,
+  type SourceDetails,
+  type PolicyDetails,
+  type ExceptionResponse,
+  type ExceptionPolicy,
 } from './types'
 
 import type { NitroFetchOptions, NitroFetchRequest } from "nitropack";
@@ -56,7 +60,7 @@ export class CoreAPI {
     return exec<ResourceDetails>(`/api/config/${this.cluster}/resource/${id}`, { baseURL: this.baseURL, params: filter })
   }
 
-  createException (id: string, source: string, policies: { name: string, rules: string[] }[], category?: string) {
+  createException (id: string, source: string, policies: ExceptionPolicy[], category?: string) {
     return exec<ExceptionResponse>(`/api/config/${this.cluster}/resource/${id}/exception`, { baseURL: this.baseURL, method: "POST", body: { policies, source, category } })
   }
 

diff --git a/frontend/modules/core/components/policy/Results.vue b/frontend/modules/core/components/policy/Results.vue
@@ -29,7 +29,7 @@
               <chip-severity v-if="value" @click="searchText = value" :severity="value" />
             </template>
             <template #item.exception="{ item }" v-if="props.exceptions && props.policy">
-              <exception-dialog :resource="item.resourceId" :source="props.source" :policies="[{ name: props.policy, rules: [item.rule]}]" />
+              <resource-exception-dialog :resource="item.resourceId" :source="props.source" :policies="[{ name: props.policy, rules: [{ name: item.rule, props: item.properties }]}]" />
             </template>
             <template #expanded-row="{ columns, item }">
               <tr :class="bg">
@@ -69,7 +69,6 @@ import type { Ref } from "vue";
 import { type Filter, Status } from "~/modules/core/types";
 import { APIFilter } from "~/modules/core/provider/dashboard";
 import { onChange } from "~/helper/compare";
-import ExceptionDialog from "~/modules/core/components/resource/ExceptionDialog.vue";
 
 const props = defineProps<{
   source: string;

diff --git a/frontend/modules/core/components/resource/ExceptionDialog.vue b/frontend/modules/core/components/resource/ExceptionDialog.vue
@@ -20,6 +20,9 @@
           <v-alert variant="tonal" type="error">Failed to create exception: {{ err }}</v-alert>
         </app-row>
         <template v-else>
+          <app-row v-if="minVersion">
+            <v-alert color="severity-info" icon="mdi-information" variant="tonal">Requires at least {{ capilize(source) }} {{ minVersion }}</v-alert>
+          </app-row>
           <app-row>
             <v-alert type="warning" variant="tonal">
               Creating many small PolicyExceptions can impact the performance. If you need to exclude multiple resources
@@ -72,18 +75,20 @@ import { callAPI } from "~/modules/core/composables/api";
 import { useClipboard } from '@vueuse/core'
 import { FetchError } from "ofetch";
 import { parse } from "yaml";
-
+import { type ExceptionPolicy } from "~/modules/core/types";
+import {capilize} from "../../layouthHelper";
 
 const props = defineProps<{
   source: string;
   resource: string;
   category?: string;
-  policies?: { name: string; rules: string[] }[];
+  policies?: ExceptionPolicy[];
   height?: string | number;
   btnClass?: string | undefined;
 }>()
 
 const content = ref('')
+const minVersion = ref()
 const open = ref(false)
 const loading = ref(false)
 const err = ref<string>()
@@ -100,6 +105,7 @@ const request = async () => {
   try {
     const response = await callAPI((api) => api.createException(props.resource, props.source, props.policies, props.category))
     content.value = response.resource
+    minVersion.value = response.minVersion
     err.value = undefined
 
   } catch (error: FetchError) {

diff --git a/frontend/modules/core/components/resource/Item.vue b/frontend/modules/core/components/resource/Item.vue
@@ -12,7 +12,7 @@
     <template v-slot:append>
       <ResultChip v-for="status in showed" :key="status" class="ml-2" :status="status" :count="item[status]" :tooltip="`${status} results`" />
 
-      <exception-dialog v-if="source && exceptions" :resource="item.id" :source="source" :category="category" :height="32" btn-class="ml-4" />
+      <resource-exception-dialog v-if="source && exceptions" :resource="item.id" :source="source" :category="category" :height="32" btn-class="ml-4" />
     </template>
   </v-list-item>
   <resource-source-results v-if="open" :id="item.id" :filter="filter" />
@@ -22,7 +22,6 @@
 import { type Filter, type ResourceResult, Status } from '~/modules/core/types'
 import { type PropType } from "vue";
 import { useStatusInjection } from "~/composables/status";
-import ExceptionDialog from "~/modules/core/components/resource/ExceptionDialog.vue";
 import {injectSourceContext} from "~/composables/source";
 
 const open = ref(false)

diff --git a/frontend/modules/core/components/resource/Results.vue b/frontend/modules/core/components/resource/Results.vue
@@ -32,7 +32,7 @@
             <chip-severity v-if="value" @click="searchText = value" :severity="value" />
           </template>
           <template #item.exception="{ item }" v-if="props.exceptions">
-            <exception-dialog :resource="props.resource" :source="props.source" :policies="[{ name: item.policy, rules: [item.rule]}]" />
+            <resource-exception-dialog :resource="props.resource" :source="props.source" :policies="[{ name: item.policy, rules: [{ name: item.rule, props: item.properties }]}]" />
           </template>
           <template #expanded-row="{ columns, item }">
             <tr :class="bg">
@@ -68,7 +68,6 @@
 import { Status } from "~/modules/core/types";
 import { capilize } from "~/modules/core/layouthHelper";
 import { mapResults } from "~/modules/core/mapper";
-import ExceptionDialog from "~/modules/core/components/resource/ExceptionDialog.vue";
 
 const props = defineProps<{
   source: string;

diff --git a/frontend/modules/core/mapper.ts b/frontend/modules/core/mapper.ts
@@ -51,7 +51,7 @@ export const mapResults = ({ items, count }: { items: ListResult[], count: numbe
 
     return {
       ...result,
-      properties: {},
+      properties,
       cards: sortByKeys(cards),
       chips: sortByKeys(chips),
       hasProps

diff --git a/frontend/modules/core/types.ts b/frontend/modules/core/types.ts
@@ -370,13 +370,11 @@ export type ResourceResult = {
     skip: number;
 }
 
-export type ExceptionRequest = {
-    policy: string;
-    source: string;
-    rule?: string;
-}
+export type ExceptionRule = { name: string, props: { [key: string]: string } }
+export type ExceptionPolicy = { name: string, rules: ExceptionRule[] }
 
 export type ExceptionResponse = {
+    minVersion?: string;
     resource: string;
 }
 

diff --git a/frontend/package.json b/frontend/package.json
@@ -14,7 +14,7 @@
     "@nuxt/devtools": "latest",
     "@types/chroma-js": "^2.4.3",
     "@types/lodash.debounce": "^4.0.9",
-    "nuxt": "^3.10.3",
+    "nuxt": "^3.11.1",
     "sass": "^1.69.5",
     "vite-plugin-vuetify": "^2.0.1",
     "vue": "^3.3.8",