Skip to content

Commit

Permalink
Update policy set to new resource spec (stolostron#1313)
Browse files Browse the repository at this point in the history 
* Update policy set to new resource spec

Signed-off-by: Zack Layne <[email protected]>

* code smells

Signed-off-by: Zack Layne <[email protected]>
  • Loading branch information
@zlayne
zlayne authored Mar 10, 2022
1 parent 416a1d5 commit a9b5023
Show file tree
Hide file tree
Showing 19 changed files with 520 additions and 653 deletions.
2 changes: 2 additions & 0 deletions frontend/public/locales/en/translation.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,8 @@
"Cluster violation": "Cluster violation",
"Cluster violations": "Cluster violations",
"Cluster where the selected Argo application resources are deployed.": "Cluster where the selected Argo application resources are deployed.",
"Cluster with policy violations": "Cluster with policy violations",
"Cluster without policy violations": "Cluster without policy violations",
"cluster.count.local": "Local",
"cluster.count.none": "None",
"cluster.create.ai.subtitle": "Discover new hosts",
Expand Down
19 changes: 3 additions & 16 deletions frontend/src/resources/policy-set.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,24 +35,11 @@ export interface PolicySetSpec {
export interface PolicySetStatus {
compliant?: 'NonCompliant' | 'Compliant'
placement?: PolicySetStatusPlacement[]
results: PolicySetStatusResult[]
}

export interface PolicySetStatusPlacement {
placement: string
placementBinding: string
placement?: string
placementRule?: string
placementBinding?: string
placementDecisions?: string[]
}

export interface PolicySetStatusResult {
policy: string
compliant?: 'NonCompliant' | 'Compliant'
message?: string
clusters?: PolicySetResultCluster[]
}

export interface PolicySetResultCluster {
clusterName: string
clusterNamespace: string
compliant: 'NonCompliant' | 'Compliant'
}
12 changes: 6 additions & 6 deletions frontend/src/routes/Governance/clusters/useClusterPolicyViolationsColumn.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
import { IAcmTableColumn } from '@stolostron/ui-components'
import { Fragment } from 'react'
import { useTranslation } from '../../../lib/acm-i18next'
import { Cluster, PolicySetResultCluster } from '../../../resources'
import { Cluster } from '../../../resources'
import { PolicyViolationIcons2 } from '../components/PolicyViolations'
import { ClusterViolationSummaryMap } from '../overview/ClusterViolationSummary'

Expand Down Expand Up @@ -39,12 +39,12 @@ export function useClusterPolicyViolationsColumn(

export function usePolicySetClusterPolicyViolationsColumn(
clusterViolationSummaryMap: ClusterViolationSummaryMap
): IAcmTableColumn<PolicySetResultCluster> {
): IAcmTableColumn<string> {
const { t } = useTranslation()
return {
header: t('Policy violations'),
cell: (cluster: PolicySetResultCluster) => {
const clusterViolationSummary = clusterViolationSummaryMap[cluster.clusterName ?? '']
cell: (cluster: string) => {
const clusterViolationSummary = clusterViolationSummaryMap[cluster ?? '']
if (!clusterViolationSummary) return <Fragment />
return (
<PolicyViolationIcons2
Expand All @@ -54,8 +54,8 @@ export function usePolicySetClusterPolicyViolationsColumn(
)
},
sort: (lhs, rhs) => {
const lhsViolations = clusterViolationSummaryMap[lhs.clusterName ?? '']
const rhsViolations = clusterViolationSummaryMap[rhs.clusterName ?? '']
const lhsViolations = clusterViolationSummaryMap[lhs ?? '']
const rhsViolations = clusterViolationSummaryMap[rhs ?? '']
if (lhsViolations === rhsViolations) return 0
if (!lhsViolations) return -1
if (!rhsViolations) return 1
Expand Down
69 changes: 69 additions & 0 deletions frontend/src/routes/Governance/common/util.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,11 @@ import {
import { PlacementDecision } from '../../../resources/placement-decision'
import ResourceLabels from '../../Applications/components/ResourceLabels'

export interface PolicyCompliance {
policyName: string
clusterCompliance: { clusterName: string; compliance: 'Compliant' | 'NonCompliant' }[]
}

export function getPlacementBindingsForResource(resource: Policy | PolicySet, placementBindings: PlacementBinding[]) {
return placementBindings.filter(
(placementBinding) =>
Expand Down Expand Up @@ -74,6 +79,70 @@ export function getPoliciesForPolicySet(policySet: PolicySet, policies: Policy[]
)
}

export function getPolicyComplianceForPolicySet(
policySet: PolicySet,
policies: Policy[],
placementDecisions: PlacementDecision[],
resourceBindings: PlacementBinding[],
placements: (Placement | PlacementRule)[]
) {
const policySetPlacementDecisions = getPlacementDecisionsForResource(
policySet,
placementDecisions,
resourceBindings,
placements
)
const policySetPolicies = getPoliciesForPolicySet(policySet, policies)

const policyCompliance: PolicyCompliance[] = []
for (const placementDecision of policySetPlacementDecisions) {
for (const decision of placementDecision.status.decisions) {
for (const policy of policySetPolicies) {
const policyIdx = policyCompliance.findIndex((p) => p.policyName === policy.metadata.name!)
const policyClusterStatus = policy.status?.status?.find(
(clusterStatus) => clusterStatus.clustername === decision.clusterName
)
if (policyClusterStatus?.compliant === 'NonCompliant') {
if (policyIdx < 0) {
policyCompliance.push({
policyName: policy.metadata.name!,
clusterCompliance: [
{
clusterName: decision.clusterName,
compliance: 'NonCompliant',
},
],
})
} else {
policyCompliance[policyIdx].clusterCompliance.push({
clusterName: decision.clusterName,
compliance: 'NonCompliant',
})
}
} else if (policyClusterStatus?.compliant === 'Compliant') {
if (policyIdx < 0) {
policyCompliance.push({
policyName: policy.metadata.name!,
clusterCompliance: [
{
clusterName: decision.clusterName,
compliance: 'Compliant',
},
],
})
} else {
policyCompliance[policyIdx].clusterCompliance.push({
clusterName: decision.clusterName,
compliance: 'Compliant',
})
}
}
}
}
}
return policyCompliance
}

export function getClustersComplianceForPolicySet(
policySet: PolicySet,
policies: Policy[],
Expand Down
7 changes: 0 additions & 7 deletions frontend/src/routes/Governance/policies/Policies.test.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,13 +108,6 @@ const policySet0: PolicySet = {
status: {
compliant: 'Compliant',
placement: [{ placement: 'policy-set-with-1-placement', placementBinding: 'policy-set-with-1-placement' }],
results: [
{
clusters: [{ clusterName: 'local-cluster', clusterNamespace: 'local-cluster', compliant: 'Compliant' }],
compliant: 'Compliant',
policy: 'policy-set-with-1-placement-policy-1',
},
],
},
}

Expand Down
7 changes: 0 additions & 7 deletions frontend/src/routes/Governance/policies/policy-details/PolicyDetailsOverview.test.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,13 +65,6 @@ const policySet: PolicySet = {
status: {
compliant: 'Compliant',
placement: [{ placement: 'policy-set-with-1-placement', placementBinding: 'policy-set-with-1-placement' }],
results: [
{
clusters: [{ clusterName: 'local-cluster', clusterNamespace: 'local-cluster', compliant: 'Compliant' }],
compliant: 'Compliant',
policy: 'policy-set-with-1-placement-policy',
},
],
},
}

Expand Down
123 changes: 2 additions & 121 deletions frontend/src/routes/Governance/policy-sets/PolicySets.test.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,111 +27,14 @@ const policySet0: PolicySet = {
],
},
status: {
compliant: 'NonCompliant',
placement: [
{
placement: 'placement1',
placementBinding: 'binding1',
placementDecisions: ['placementdecision1'],
},
],
results: [
{
policy: 'policy-testing',
compliant: 'NonCompliant',
clusters: [
{
clusterName: 'local-cluster',
clusterNamespace: 'local-cluster',
compliant: 'Compliant',
},
{
clusterName: 'managed1',
clusterNamespace: 'managed1',
compliant: 'NonCompliant',
},
{
clusterName: 'managed2',
clusterNamespace: 'managed2',
compliant: 'NonCompliant',
},
],
},
{
policy: 'policy-role',
compliant: 'NonCompliant',
clusters: [
{
clusterName: 'local-cluster',
clusterNamespace: 'local-cluster',
compliant: 'Compliant',
},
{
clusterName: 'managed2',
clusterNamespace: 'managed2',
compliant: 'NonCompliant',
},
],
},
{
policy: 'policy-securitycontextconstraints',
compliant: 'Compliant',
clusters: [
{
clusterName: 'local-cluster',
clusterNamespace: 'local-cluster',
compliant: 'Compliant',
},
],
},
{
policy: 'policy-testing-1',
compliant: 'Compliant',
clusters: [
{
clusterName: 'local-cluster',
clusterNamespace: 'local-cluster',
compliant: 'Compliant',
},
{
clusterName: 'managed1',
clusterNamespace: 'managed1',
compliant: 'NonCompliant',
},
{
clusterName: 'managed2',
clusterNamespace: 'managed2',
compliant: 'NonCompliant',
},
],
},
{
policy: 'policy-role-1',
compliant: 'Compliant',
clusters: [
{
clusterName: 'local-cluster',
clusterNamespace: 'local-cluster',
compliant: 'Compliant',
},
{
clusterName: 'managed2',
clusterNamespace: 'managed2',
compliant: 'NonCompliant',
},
],
},
{
policy: 'policy-securitycontextconstraints-1',
compliant: 'Compliant',
clusters: [
{
clusterName: 'local-cluster',
clusterNamespace: 'local-cluster',
compliant: 'Compliant',
},
],
},
],
},
}
const policySet1: PolicySet = {
Expand All @@ -146,36 +49,14 @@ const policySet1: PolicySet = {
policies: ['policy-1'],
},
status: {
compliant: 'Compliant',
placement: [
{
placement: 'placement1',
placementBinding: 'binding1',
placementDecisions: ['placementdecision1'],
},
],
results: [
{
policy: 'policy-1',
compliant: 'Compliant',
clusters: [
{
clusterName: 'local-cluster',
clusterNamespace: 'local-cluster',
compliant: 'Compliant',
},
{
clusterName: 'managed1',
clusterNamespace: 'managed1',
compliant: 'Compliant',
},
{
clusterName: 'managed2',
clusterNamespace: 'managed2',
compliant: 'NonCompliant',
},
],
},
],
},
}
export const mockEmptyPolicySets: PolicySet[] = []
Expand Down
Loading

0 comments on commit a9b5023

Please sign in to comment.