From cfc4406f917a0fa2139660b9550085814a502d31 Mon Sep 17 00:00:00 2001 From: Frank Jogeleit Date: Mon, 16 Sep 2024 13:25:39 +0200 Subject: [PATCH] update NetworkPolicies Signed-off-by: Frank Jogeleit --- charts/policy-reporter/README.md | 8 ++--- charts/policy-reporter/configs/core.tmpl | 5 ++- .../configs/kyverno-plugin.tmpl | 2 +- .../policy-reporter/templates/deployment.yaml | 2 +- .../templates/networkpolicy.yaml | 18 +++++----- .../templates/plugins/kyverno/deployment.yaml | 2 +- .../templates/plugins/kyverno/role.yaml | 2 +- .../plugins/kyverno/rolebinding.yaml | 2 +- .../plugins/trivy/networkpolicy.yaml | 9 ++++- charts/policy-reporter/templates/role.yaml | 2 +- .../templates/rolebinding.yaml | 2 +- .../templates/ui/networkpolicy.yaml | 33 +++++++++++++++++-- charts/policy-reporter/values.yaml | 13 ++------ cmd/send/summary.go | 8 ++++- cmd/send/violations.go | 8 ++++- pkg/config/resolver.go | 27 +++++++++++---- pkg/email/filter.go | 26 ++++++++++++--- pkg/email/filter_test.go | 2 +- pkg/email/summary/fixtures_test.go | 2 +- pkg/email/summary/generator_test.go | 8 ++--- pkg/email/violations/fixtures_test.go | 2 +- pkg/email/violations/generator_test.go | 8 ++--- 22 files changed, 129 insertions(+), 62 deletions(-) diff --git a/charts/policy-reporter/README.md b/charts/policy-reporter/README.md index e57f5f53..9cd961b9 100644 --- a/charts/policy-reporter/README.md +++ b/charts/policy-reporter/README.md @@ -56,7 +56,7 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get | image.registry | string | `"ghcr.io"` | | | image.repository | string | `"kyverno/policy-reporter"` | | | image.pullPolicy | string | `"IfNotPresent"` | | -| image.tag | string | `"5cb6121"` | | +| image.tag | string | `"4d7a2e2"` | | | imagePullSecrets | list | `[]` | | | priorityClassName | string | `""` | | | replicaCount | int | `1` | | @@ -117,8 +117,6 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get | sourceFilters[0].uncontrolledOnly | bool | `true` | Filter out PolicyReports of controlled Pods and Jobs, only works for PolicyReport with scope resource | | sourceFilters[0].disableClusterReports | bool | `false` | Filter out ClusterPolicyReports | | sourceFilters[0].kinds | object | `{"exclude":["ReplicaSet"]}` | Filter out PolicyReports based on the scope resource kind | -| kyverno-plugin.enabled | bool | `false` | | -| trivy-plugin.enabled | bool | `false` | | | global.labels | object | `{}` | | | basicAuth.username | string | `""` | | | basicAuth.password | string | `""` | | @@ -311,7 +309,6 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get | target.gcs.customFields | object | `{}` | | | target.gcs.filter | object | `{}` | | | target.gcs.channels | list | `[]` | | -| leaderElection.enabled | bool | `false` | | | leaderElection.releaseOnCancel | bool | `true` | | | leaderElection.leaseDuration | int | `15` | | | leaderElection.renewDeadline | int | `10` | | @@ -373,7 +370,7 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get | ui.oauth.scopes | list | `[]` | OpenID Connect allowed Scopes | | ui.oauth.secretRef | string | `""` | Provide OpenID Connect configuration via Secret supported keys: `provider`, `clientId`, `clientSecret` | | ui.banner | string | `""` | optional banner text | -| ui.displayMode | string | `""` | DisplayMode dark/light uses the OS configured prefered color scheme as default | +| ui.displayMode | string | `""` | DisplayMode dark/light/colorblind/colorblinddark uses the OS configured prefered color scheme as default | | ui.customBoards | list | `[]` | Additional customizable dashboards | | ui.sources | list | `[]` | source specific configurations | | ui.clusters | list | `[]` | Connected Policy Reporter APIs | @@ -454,7 +451,6 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get | plugin.kyverno.networkPolicy.egress | list | `[{"ports":[{"port":6443,"protocol":"TCP"}]}]` | A list of valid from selectors according to https://kubernetes.io/docs/concepts/services-networking/network-policies. Enables Kubernetes API Server by default | | plugin.kyverno.networkPolicy.ingress | list | `[]` | A list of valid from selectors according to https://kubernetes.io/docs/concepts/services-networking/network-policies. | | plugin.kyverno.resources | object | `{}` | | -| plugin.kyverno.leaderElection.enabled | bool | `false` | Enables LeaderElection. | | plugin.kyverno.leaderElection.lockName | string | `"kyverno-plugin"` | Lock Name | | plugin.kyverno.leaderElection.releaseOnCancel | bool | `true` | Released lock when the run context is cancelled. | | plugin.kyverno.leaderElection.leaseDuration | int | `15` | LeaseDuration is the duration that non-leader candidates will wait to force acquire leadership. | diff --git a/charts/policy-reporter/configs/core.tmpl b/charts/policy-reporter/configs/core.tmpl index db6665f6..cd24c45b 100644 --- a/charts/policy-reporter/configs/core.tmpl +++ b/charts/policy-reporter/configs/core.tmpl @@ -142,8 +142,7 @@ reportFilter: exclude: {{- toYaml . | nindent 6 }} {{- end }} - clusterReports: - disabled: {{ .Values.reportFilter.clusterReports.disabled }} + disableClusterReports: {{ .Values.reportFilter.disableClusterReports }} {{- with .Values.sourceFilters }} sourceFilters: @@ -151,7 +150,7 @@ sourceFilters: {{- end }} leaderElection: - enabled: {{ or .Values.leaderElection.enabled (gt (int .Values.replicaCount) 1) }} + enabled: {{ gt (int .Values.replicaCount) 1 }} releaseOnCancel: {{ .Values.leaderElection.releaseOnCancel }} leaseDuration: {{ .Values.leaderElection.leaseDuration }} renewDeadline: {{ .Values.leaderElection.renewDeadline }} diff --git a/charts/policy-reporter/configs/kyverno-plugin.tmpl b/charts/policy-reporter/configs/kyverno-plugin.tmpl index a3eb217e..8267c2d4 100644 --- a/charts/policy-reporter/configs/kyverno-plugin.tmpl +++ b/charts/policy-reporter/configs/kyverno-plugin.tmpl @@ -1,5 +1,5 @@ leaderElection: - enabled: {{ or .Values.plugin.kyverno.leaderElection.enabled (gt (int .Values.plugin.kyverno.replicaCount) 1) }} + enabled: {{ gt (int .Values.plugin.kyverno.replicaCount) 1 }} releaseOnCancel: {{ .Values.plugin.kyverno.leaderElection.releaseOnCancel }} leaseDuration: {{ .Values.plugin.kyverno.leaderElection.leaseDuration }} renewDeadline: {{ .Values.plugin.kyverno.leaderElection.renewDeadline }} diff --git a/charts/policy-reporter/templates/deployment.yaml b/charts/policy-reporter/templates/deployment.yaml index 08fff8f4..659e4668 100644 --- a/charts/policy-reporter/templates/deployment.yaml +++ b/charts/policy-reporter/templates/deployment.yaml @@ -99,7 +99,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - {{- if or .Values.leaderElection.enabled (gt (int .Values.replicaCount) 1) }} + {{- if gt (int .Values.replicaCount) 1 }} - name: POD_NAME valueFrom: fieldRef: diff --git a/charts/policy-reporter/templates/networkpolicy.yaml b/charts/policy-reporter/templates/networkpolicy.yaml index ac09030a..b1ffdad6 100644 --- a/charts/policy-reporter/templates/networkpolicy.yaml +++ b/charts/policy-reporter/templates/networkpolicy.yaml @@ -22,21 +22,21 @@ spec: matchLabels: {{- include "ui.selectorLabels" . | nindent 10 }} ports: - protocol: TCP - port: 8080 - {{- end }} - {{- with .Values.networkPolicy.ingress }} - {{- toYaml . | nindent 2 }} + port: {{ .Values.ui.service.port }} {{- end }} - egress: - {{- if .Values.ui.enabled }} - - to: + {{- if .Values.plugin.trivy.enabled }} + - from: - podSelector: - matchLabels: {{- include "ui.selectorLabels" . | nindent 10 }} + matchLabels: {{- include "trivy-plugin.selectorLabels" . | nindent 10 }} ports: - protocol: TCP - port: {{ .Values.ui.service.port }} + port: {{ .Values.plugin.trivy.service.port }} + {{- end }} + {{- with .Values.networkPolicy.ingress }} + {{- toYaml . | nindent 2 }} {{- end }} {{- with .Values.networkPolicy.egress }} + egress: {{- toYaml . | nindent 2 }} {{- end }} {{- end }} diff --git a/charts/policy-reporter/templates/plugins/kyverno/deployment.yaml b/charts/policy-reporter/templates/plugins/kyverno/deployment.yaml index 180ea340..64e10133 100644 --- a/charts/policy-reporter/templates/plugins/kyverno/deployment.yaml +++ b/charts/policy-reporter/templates/plugins/kyverno/deployment.yaml @@ -74,7 +74,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - {{- if or .Values.plugin.kyverno.leaderElection.enabled (gt (int .Values.plugin.kyverno.replicaCount) 1) }} + {{- if gt (int .Values.plugin.kyverno.replicaCount) 1 }} - name: POD_NAME valueFrom: fieldRef: diff --git a/charts/policy-reporter/templates/plugins/kyverno/role.yaml b/charts/policy-reporter/templates/plugins/kyverno/role.yaml index 4006c0f2..be0b8585 100644 --- a/charts/policy-reporter/templates/plugins/kyverno/role.yaml +++ b/charts/policy-reporter/templates/plugins/kyverno/role.yaml @@ -1,5 +1,5 @@ {{- if .Values.plugin.kyverno.enabled -}} -{{- if and (and .Values.plugin.kyverno.serviceAccount.create .Values.plugin.kyverno.rbac.enabled) (and .Values.plugin.kyverno.blockReports.enabled (or .Values.plugin.kyverno.leaderElection.enabled (gt (int .Values.plugin.kyverno.replicaCount) 1))) -}} +{{- if and (and .Values.plugin.kyverno.serviceAccount.create .Values.plugin.kyverno.rbac.enabled) (and .Values.plugin.kyverno.blockReports.enabled (gt (int .Values.plugin.kyverno.replicaCount) 1)) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/charts/policy-reporter/templates/plugins/kyverno/rolebinding.yaml b/charts/policy-reporter/templates/plugins/kyverno/rolebinding.yaml index d617908e..0af9ec97 100644 --- a/charts/policy-reporter/templates/plugins/kyverno/rolebinding.yaml +++ b/charts/policy-reporter/templates/plugins/kyverno/rolebinding.yaml @@ -1,5 +1,5 @@ {{- if .Values.plugin.kyverno.enabled -}} -{{- if and (and .Values.plugin.kyverno.serviceAccount.create .Values.plugin.kyverno.rbac.enabled) (and .Values.plugin.kyverno.blockReports.enabled (or .Values.plugin.kyverno.leaderElection.enabled (gt (int .Values.plugin.kyverno.replicaCount) 1))) -}} +{{- if and (and .Values.plugin.kyverno.serviceAccount.create .Values.plugin.kyverno.rbac.enabled) (and .Values.plugin.kyverno.blockReports.enabled (gt (int .Values.plugin.kyverno.replicaCount) 1)) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/charts/policy-reporter/templates/plugins/trivy/networkpolicy.yaml b/charts/policy-reporter/templates/plugins/trivy/networkpolicy.yaml index 996894e0..011753a9 100644 --- a/charts/policy-reporter/templates/plugins/trivy/networkpolicy.yaml +++ b/charts/policy-reporter/templates/plugins/trivy/networkpolicy.yaml @@ -16,8 +16,15 @@ spec: ingress: {{- toYaml . | nindent 2 }} {{- end }} - {{- with .Values.plugin.trivy.networkPolicy.egress }} egress: + - to: + - podSelector: + matchLabels: + {{- include "policyreporter.selectorLabels" . | nindent 10 }} + ports: + - protocol: TCP + port: {{ .Values.service.port }} + {{- with .Values.plugin.trivy.networkPolicy.egress }} {{- toYaml . | nindent 2 }} {{- end }} {{- end }} diff --git a/charts/policy-reporter/templates/role.yaml b/charts/policy-reporter/templates/role.yaml index 93473ccd..ba46dab3 100644 --- a/charts/policy-reporter/templates/role.yaml +++ b/charts/policy-reporter/templates/role.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.enabled (or .Values.leaderElection.enabled (gt (int .Values.replicaCount) 1)) -}} +{{- if and .Values.rbac.enabled (gt (int .Values.replicaCount) 1) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/charts/policy-reporter/templates/rolebinding.yaml b/charts/policy-reporter/templates/rolebinding.yaml index 7690104a..6d2b1e4e 100644 --- a/charts/policy-reporter/templates/rolebinding.yaml +++ b/charts/policy-reporter/templates/rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.enabled (or .Values.leaderElection.enabled (gt (int .Values.replicaCount) 1)) -}} +{{- if and .Values.rbac.enabled (gt (int .Values.replicaCount) 1) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/charts/policy-reporter/templates/ui/networkpolicy.yaml b/charts/policy-reporter/templates/ui/networkpolicy.yaml index ae2c0631..9278f782 100644 --- a/charts/policy-reporter/templates/ui/networkpolicy.yaml +++ b/charts/policy-reporter/templates/ui/networkpolicy.yaml @@ -12,12 +12,41 @@ spec: policyTypes: - Ingress - Egress - {{- with .Values.ui.networkPolicy.ingress }} ingress: + - from: + ports: + - protocol: TCP + port: {{ .Values.ui.service.port }} + {{- with .Values.ui.networkPolicy.ingress }} {{- toYaml . | nindent 2 }} {{- end }} - {{- with .Values.ui.networkPolicy.egress }} egress: + - to: + - podSelector: + matchLabels: + {{- include "policyreporter.selectorLabels" . | nindent 10 }} + ports: + - protocol: TCP + port: {{ .Values.service.port }} + {{- if or .Values.plugin.kyverno.enabled }} + - to: + - podSelector: + matchLabels: + {{- include "kyverno-plugin.selectorLabels" . | nindent 10 }} + ports: + - protocol: TCP + port: {{ .Values.plugin.kyverno.service.port }} + {{- end }} + {{- if or .Values.plugin.trivy.enabled }} + - to: + - podSelector: + matchLabels: + {{- include "trivy-plugin.selectorLabels" . | nindent 10 }} + ports: + - protocol: TCP + port: {{ .Values.plugin.trivy.service.port }} + {{- end }} + {{- with .Values.networkPolicy.egress }} {{- toYaml . | nindent 2 }} {{- end }} {{- end }} diff --git a/charts/policy-reporter/values.yaml b/charts/policy-reporter/values.yaml index c5205889..4743b81a 100644 --- a/charts/policy-reporter/values.yaml +++ b/charts/policy-reporter/values.yaml @@ -11,7 +11,7 @@ image: registry: ghcr.io repository: kyverno/policy-reporter pullPolicy: IfNotPresent - tag: 5cb6121 + tag: 4d7a2e2 imagePullSecrets: [] @@ -187,12 +187,6 @@ sourceFilters: kinds: exclude: [ReplicaSet] -kyverno-plugin: - enabled: false - -trivy-plugin: - enabled: false - global: # additional labels added on each resource labels: {} @@ -661,7 +655,6 @@ target: # if no targets are configured, leaderElection is disabled automatically # will be enabled when replicaCount > 1 leaderElection: - enabled: false releaseOnCancel: true leaseDuration: 15 renewDeadline: 10 @@ -819,7 +812,7 @@ ui: # -- optional banner text banner: "" - # -- DisplayMode dark/light + # -- DisplayMode dark/light/colorblind/colorblinddark # uses the OS configured prefered color scheme as default displayMode: "" @@ -1190,8 +1183,6 @@ plugin: # if "blockReports" is disabled, leaderElection is also disabled automatically # will be enabled when replicaCount > 1 leaderElection: - # -- Enables LeaderElection. - enabled: false # -- Lock Name lockName: kyverno-plugin # -- Released lock when the run context is cancelled. diff --git a/cmd/send/summary.go b/cmd/send/summary.go index 34b2da3f..beeb7bfb 100644 --- a/cmd/send/summary.go +++ b/cmd/send/summary.go @@ -78,6 +78,12 @@ func NewSummaryCMD() *cobra.Command { logger.Sugar().Infof("email sent to %s\n", strings.Join(c.EmailReports.Summary.To, ", ")) }() + nsclient, err := resolver.NamespaceClient() + if err != nil { + logger.Error("failed to get namespace client", zap.Error(err)) + return err + } + for _, ch := range c.EmailReports.Violations.Channels { go func(channel config.EmailReport) { defer wg.Done() @@ -87,7 +93,7 @@ func NewSummaryCMD() *cobra.Command { return } - sources := summary.FilterSources(data, config.EmailReportFilterFromConfig(channel.Filter), !channel.Filter.DisableClusterReports) + sources := summary.FilterSources(data, config.EmailReportFilterFromConfig(nsclient, channel.Filter), !channel.Filter.DisableClusterReports) if len(sources) == 0 { logger.Info("skip email - no results to send") return diff --git a/cmd/send/violations.go b/cmd/send/violations.go index a30cf1c0..edf0c92e 100644 --- a/cmd/send/violations.go +++ b/cmd/send/violations.go @@ -78,6 +78,12 @@ func NewViolationsCMD() *cobra.Command { logger.Sugar().Infof("email sent to %s\n", strings.Join(c.EmailReports.Violations.To, ", ")) }() + nsclient, err := resolver.NamespaceClient() + if err != nil { + logger.Error("failed to get namespace client", zap.Error(err)) + return err + } + for _, ch := range c.EmailReports.Violations.Channels { go func(channel config.EmailReport) { defer wg.Done() @@ -87,7 +93,7 @@ func NewViolationsCMD() *cobra.Command { return } - sources := violations.FilterSources(data, config.EmailReportFilterFromConfig(channel.Filter), !channel.Filter.DisableClusterReports) + sources := violations.FilterSources(data, config.EmailReportFilterFromConfig(nsclient, channel.Filter), !channel.Filter.DisableClusterReports) if len(sources) == 0 { logger.Info("skip email - no results to send") return diff --git a/pkg/config/resolver.go b/pkg/config/resolver.go index fe92f249..e7068ea7 100644 --- a/pkg/config/resolver.go +++ b/pkg/config/resolver.go @@ -462,9 +462,14 @@ func (r *Resolver) SummaryGenerator() (*summary.Generator, error) { return nil, err } + nsclient, err := r.NamespaceClient() + if err != nil { + return nil, err + } + return summary.NewGenerator( client, - EmailReportFilterFromConfig(r.config.EmailReports.Summary.Filter), + EmailReportFilterFromConfig(nsclient, r.config.EmailReports.Summary.Filter), !r.config.EmailReports.Summary.Filter.DisableClusterReports, ), nil } @@ -483,9 +488,14 @@ func (r *Resolver) ViolationsGenerator() (*violations.Generator, error) { return nil, err } + nsclient, err := r.NamespaceClient() + if err != nil { + return nil, err + } + return violations.NewGenerator( client, - EmailReportFilterFromConfig(r.config.EmailReports.Violations.Filter), + EmailReportFilterFromConfig(nsclient, r.config.EmailReports.Violations.Filter), !r.config.EmailReports.Violations.Filter.DisableClusterReports, ), nil } @@ -639,13 +649,18 @@ func NewResolver(config *Config, k8sConfig *rest.Config) Resolver { } } -func EmailReportFilterFromConfig(config EmailReportFilter) email.Filter { - return email.NewFilter(ToRuleSet(config.Namespaces), ToRuleSet(config.Sources)) +func EmailReportFilterFromConfig(client namespaces.Client, config EmailReportFilter) email.Filter { + return email.NewFilter( + client, + ToRuleSet(config.Namespaces), + ToRuleSet(config.Sources), + ) } func ToRuleSet(filter ValueFilter) validate.RuleSets { return validate.RuleSets{ - Include: filter.Include, - Exclude: filter.Exclude, + Include: filter.Include, + Exclude: filter.Exclude, + Selector: helper.ConvertMap(filter.Selector), } } diff --git a/pkg/email/filter.go b/pkg/email/filter.go index 9f679fe3..a19c1fba 100644 --- a/pkg/email/filter.go +++ b/pkg/email/filter.go @@ -1,22 +1,40 @@ package email import ( + "context" + + "github.com/kyverno/policy-reporter/pkg/kubernetes/namespaces" "github.com/kyverno/policy-reporter/pkg/validate" + "go.uber.org/zap" ) type Filter struct { + client namespaces.Client namespace validate.RuleSets sources validate.RuleSets } func (f Filter) ValidateSource(source string) bool { - return validate.ContainsRuleSet(source, f.sources) + return validate.MatchRuleSet(source, f.sources) } func (f Filter) ValidateNamespace(namespace string) bool { - return validate.Namespace(namespace, f.namespace) + ruleset := f.namespace + + if len(f.namespace.Selector) > 0 { + list, err := f.client.List(context.Background(), f.namespace.Selector) + if err != nil { + zap.L().Error("failed to resolve namespace selector", zap.Error(err)) + } + + ruleset = validate.RuleSets{ + Include: list, + } + } + + return validate.Namespace(namespace, ruleset) } -func NewFilter(namespaces, sources validate.RuleSets) Filter { - return Filter{namespaces, sources} +func NewFilter(client namespaces.Client, namespaces, sources validate.RuleSets) Filter { + return Filter{client, namespaces, sources} } diff --git a/pkg/email/filter_test.go b/pkg/email/filter_test.go index 356f90d7..f1fc03a3 100644 --- a/pkg/email/filter_test.go +++ b/pkg/email/filter_test.go @@ -9,7 +9,7 @@ import ( func Test_Filters(t *testing.T) { t.Run("Validate Default", func(t *testing.T) { - filter := email.NewFilter(validate.RuleSets{}, validate.RuleSets{}) + filter := email.NewFilter(nil, validate.RuleSets{}, validate.RuleSets{}) if !filter.ValidateNamespace("test") { t.Errorf("Unexpected Validation Result without configured rules") diff --git a/pkg/email/summary/fixtures_test.go b/pkg/email/summary/fixtures_test.go index dbd17099..462854c0 100644 --- a/pkg/email/summary/fixtures_test.go +++ b/pkg/email/summary/fixtures_test.go @@ -10,7 +10,7 @@ import ( ) var ( - filter = email.NewFilter(validate.RuleSets{}, validate.RuleSets{}) + filter = email.NewFilter(nil, validate.RuleSets{}, validate.RuleSets{}) logger = zap.NewNop() ) diff --git a/pkg/email/summary/generator_test.go b/pkg/email/summary/generator_test.go index e473b42f..ce447412 100644 --- a/pkg/email/summary/generator_test.go +++ b/pkg/email/summary/generator_test.go @@ -81,7 +81,7 @@ func Test_GenerateDataWithSourceFilter(t *testing.T) { _, _ = cClient.Create(ctx, fixtures.EmptyClusterPolicyReport, v1.CreateOptions{}) _, _ = cClient.Create(ctx, fixtures.KyvernoClusterPolicyReport, v1.CreateOptions{}) - generator := summary.NewGenerator(client, email.NewFilter(validate.RuleSets{}, validate.RuleSets{Include: []string{"test"}}), true) + generator := summary.NewGenerator(client, email.NewFilter(nil, validate.RuleSets{}, validate.RuleSets{Include: []string{"test"}}), true) data, err := generator.GenerateData(ctx) if err != nil { @@ -113,7 +113,7 @@ func Test_FilterSourcesBySource(t *testing.T) { t.Fatalf("unexpected error: %s", err) } - data = summary.FilterSources(data, email.NewFilter(validate.RuleSets{}, validate.RuleSets{Include: []string{"Kyverno"}}), true) + data = summary.FilterSources(data, email.NewFilter(nil, validate.RuleSets{}, validate.RuleSets{Include: []string{"Kyverno"}}), true) if len(data) != 1 { t.Fatalf("expected one source left, got: %d", len(data)) } @@ -139,7 +139,7 @@ func Test_FilterSourcesByNamespace(t *testing.T) { t.Fatalf("unexpected error: %s", err) } - data = summary.FilterSources(data, email.NewFilter(validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), true) + data = summary.FilterSources(data, email.NewFilter(nil, validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), true) source := data[0] if source.Name != "Kyverno" { source = data[1] @@ -170,7 +170,7 @@ func Test_RemoveEmptySource(t *testing.T) { t.Fatalf("unexpected error: %s", err) } - data = summary.FilterSources(data, email.NewFilter(validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), false) + data = summary.FilterSources(data, email.NewFilter(nil, validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), false) if len(data) != 1 { t.Fatalf("expected one source left, got: %d", len(data)) } diff --git a/pkg/email/violations/fixtures_test.go b/pkg/email/violations/fixtures_test.go index 77bc2c11..dc38ce7e 100644 --- a/pkg/email/violations/fixtures_test.go +++ b/pkg/email/violations/fixtures_test.go @@ -10,7 +10,7 @@ import ( ) var ( - filter = email.NewFilter(validate.RuleSets{}, validate.RuleSets{}) + filter = email.NewFilter(nil, validate.RuleSets{}, validate.RuleSets{}) logger = zap.NewNop() ) diff --git a/pkg/email/violations/generator_test.go b/pkg/email/violations/generator_test.go index 519b92a7..f9adbc88 100644 --- a/pkg/email/violations/generator_test.go +++ b/pkg/email/violations/generator_test.go @@ -105,7 +105,7 @@ func Test_GenerateDataWithSourceFilter(t *testing.T) { _, _ = cClient.Create(ctx, fixtures.EmptyClusterPolicyReport, v1.CreateOptions{}) _, _ = cClient.Create(ctx, fixtures.KyvernoClusterPolicyReport, v1.CreateOptions{}) - generator := violations.NewGenerator(client, email.NewFilter(validate.RuleSets{}, validate.RuleSets{Include: []string{"test"}}), true) + generator := violations.NewGenerator(client, email.NewFilter(nil, validate.RuleSets{}, validate.RuleSets{Include: []string{"test"}}), true) data, err := generator.GenerateData(ctx) if err != nil { @@ -137,7 +137,7 @@ func Test_FilterSourcesBySource(t *testing.T) { t.Fatalf("unexpected error: %s", err) } - data = violations.FilterSources(data, email.NewFilter(validate.RuleSets{}, validate.RuleSets{Include: []string{"Kyverno"}}), true) + data = violations.FilterSources(data, email.NewFilter(nil, validate.RuleSets{}, validate.RuleSets{Include: []string{"Kyverno"}}), true) if len(data) != 1 { t.Fatalf("expected one source left, got: %d", len(data)) } @@ -163,7 +163,7 @@ func Test_FilterSourcesByNamespace(t *testing.T) { t.Fatalf("unexpected error: %s", err) } - data = violations.FilterSources(data, email.NewFilter(validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), true) + data = violations.FilterSources(data, email.NewFilter(nil, validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), true) source := data[0] if source.Name != "Kyverno" { source = data[1] @@ -194,7 +194,7 @@ func Test_RemoveEmptySource(t *testing.T) { t.Fatalf("unexpected error: %s", err) } - data = violations.FilterSources(data, email.NewFilter(validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), false) + data = violations.FilterSources(data, email.NewFilter(nil, validate.RuleSets{Exclude: []string{"kyverno"}}, validate.RuleSets{}), false) if len(data) != 1 { t.Fatalf("expected one source left, got: %d", len(data)) }