refactor: violations and error in rule response

Signed-off-by: Charles-Edouard Brétéché <[email protected]>

pkg/commands/scan/options.go

@@ -13,6 +13,7 @@ import (
 	"github.com/kyverno/kyverno-json/pkg/policy"
 	"github.com/kyverno/kyverno/ext/output/pluralize"
 	"github.com/spf13/cobra"
+	"go.uber.org/multierr"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
@@ -85,10 +86,10 @@ func (c *options) run(cmd *cobra.Command, _ []string) error {
 	for _, response := range responses {
 		for _, policy := range response.Policies {
 			for _, rule := range policy.Rules {
-				if rule.Result == jsonengine.StatusFail {
-					out.println("-", policy.Policy.Name, "/", rule.Rule.Name, "/", rule.Identifier, "FAILED:", rule.Message)
-				} else if rule.Result == jsonengine.StatusError {
-					out.println("-", policy.Policy.Name, "/", rule.Rule.Name, "/", rule.Identifier, "ERROR:", rule.Message)
+				if rule.Error != nil {
+					out.println("-", policy.Policy.Name, "/", rule.Rule.Name, "/", rule.Identifier, "ERROR:", rule.Error.Error())
+				} else if len(rule.Violations) != 0 {
+					out.println("-", policy.Policy.Name, "/", rule.Rule.Name, "/", rule.Identifier, "FAILED:", multierr.Combine(rule.Violations...).Error())
 				} else {
 					// TODO: handle skip, warn
 					out.println("-", policy.Policy.Name, "/", rule.Rule.Name, "/", rule.Identifier, "PASSED")

pkg/json-engine/engine.go

@@ -11,7 +11,6 @@ import (
 	"github.com/kyverno/kyverno-json/pkg/engine/builder"
 	"github.com/kyverno/kyverno-json/pkg/engine/template"
 	"github.com/kyverno/kyverno-json/pkg/matching"
-	"go.uber.org/multierr"
 )
 
 type Request struct {
@@ -32,8 +31,8 @@ type PolicyResponse struct {
 type RuleResponse struct {
 	Rule       v1alpha1.ValidatingRule
 	Identifier string
-	Result     PolicyResult
-	Message    string
+	Error      error
+	Violations []error
 }
 
 // PolicyResult specifies state of a policy result
@@ -77,8 +76,7 @@ func New() engine.Engine[Request, Response] {
 					return []RuleResponse{{
 						Rule:       r.rule,
 						Identifier: identifier,
-						Result:     StatusError,
-						Message:    err.Error(),
+						Error:      err,
 					}}
 				}
 				// didn't match
@@ -92,48 +90,27 @@ func New() engine.Engine[Request, Response] {
 					return []RuleResponse{{
 						Rule:       r.rule,
 						Identifier: identifier,
-						Result:     StatusError,
-						Message:    err.Error(),
+						Error:      err,
 					}}
 				}
 				// matched
 				if len(errs) == 0 {
 					return nil
 				}
 			}
-			errs, err := matching.MatchAssert(ctx, nil, r.rule.Assert, r.resource, bindings)
+			violations, err := matching.MatchAssert(ctx, nil, r.rule.Assert, r.resource, bindings)
 			if err != nil {
 				return []RuleResponse{{
 					Rule:       r.rule,
 					Identifier: identifier,
-					Result:     StatusError,
-					Message:    err.Error(),
-				}}
-			}
-			if len(errs) == 0 {
-				return []RuleResponse{{
-					Rule:       r.rule,
-					Identifier: identifier,
-					Result:     StatusPass,
-					Message:    "",
+					Error:      err,
 				}}
 			}
 			return []RuleResponse{{
 				Rule:       r.rule,
 				Identifier: identifier,
-				Result:     StatusFail,
-				Message:    multierr.Combine(errs...).Error(),
+				Violations: violations,
 			}}
-			// var failures []RuleResponse
-			// 	for _, err := range errs {
-			// 		failures = append(failures, RuleResponse{
-			// 			Rule:       r.rule,
-			// 			Identifier: identifier,
-			// 			Result:     StatusFail,
-			// 			Message:    err.Error(),
-			// 		})
-			// 	}
-			// 	return failures
 		})
 	policyEngine := builder.
 		Function(func(ctx context.Context, r policyRequest) PolicyResponse {

pkg/server/model/response.go

@@ -2,6 +2,7 @@ package model
 
 import (
 	jsonengine "github.com/kyverno/kyverno-json/pkg/json-engine"
+	"go.uber.org/multierr"
 )
 
 type Response struct {
@@ -25,12 +26,32 @@ func MakeResponse(from ...jsonengine.Response) Response {
 					PolicyName: policy.Policy.Name,
 					RuleName:   rule.Rule.Name,
 					Identifier: rule.Identifier,
-					Result:     rule.Result,
-					Message:    rule.Message,
+					Result:     makeResult(rule),
+					Message:    makeMessage(rule),
 				}
 				response.Results = append(response.Results, ruleResponse)
 			}
 		}
 	}
 	return response
 }
+
+func makeResult(rule jsonengine.RuleResponse) jsonengine.PolicyResult {
+	if rule.Error != nil {
+		return jsonengine.StatusError
+	}
+	if len(rule.Violations) != 0 {
+		return jsonengine.StatusFail
+	}
+	return jsonengine.StatusPass
+}
+
+func makeMessage(rule jsonengine.RuleResponse) string {
+	if rule.Error != nil {
+		return rule.Error.Error()
+	}
+	if len(rule.Violations) != 0 {
+		return multierr.Combine(rule.Violations...).Error()
+	}
+	return ""
+}

test/api/go/main/main.go

@@ -7,6 +7,7 @@ import (
 
 	jsonengine "github.com/kyverno/kyverno-json/pkg/json-engine"
 	"github.com/kyverno/kyverno-json/pkg/policy"
+	"go.uber.org/multierr"
 )
 
 const policyYAML = `
@@ -66,12 +67,12 @@ func main() {
 
 	for _, policy := range response.Policies {
 		for _, rule := range policy.Rules {
-			if rule.Result == jsonengine.StatusFail {
-				logger.Printf("fail: %s/%s -> %s: %s", policy.Policy.Name, rule.Rule.Name, rule.Identifier, rule.Message)
-			} else if rule.Result == jsonengine.StatusError {
-				logger.Printf("error: %s/%s -> %s: %s", policy.Policy.Name, rule.Rule.Name, rule.Identifier, rule.Message)
+			if rule.Error != nil {
+				logger.Printf("error: %s/%s -> %s: %s", policy.Policy.Name, rule.Rule.Name, rule.Identifier, rule.Error)
+			} else if len(rule.Violations) != 0 {
+				logger.Printf("fail: %s/%s -> %s: %s", policy.Policy.Name, rule.Rule.Name, rule.Identifier, multierr.Combine(rule.Violations...))
 			} else {
-				logger.Printf("%s: %s/%s -> %s", rule.Result, policy.Policy.Name, rule.Rule.Name, rule.Identifier)
+				logger.Printf("pass: %s/%s -> %s", policy.Policy.Name, rule.Rule.Name, rule.Identifier)
 			}
 		}
 	}