Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Set AdmissionRequest{}.RequestKind #149

Merged
merged 1 commit into from
Dec 6, 2023
Merged

fix: Set AdmissionRequest{}.RequestKind #149

merged 1 commit into from
Dec 6, 2023

Conversation

viccuad
Copy link
Member

@viccuad viccuad commented Dec 5, 2023
edited
Loading

Description

Fix #148.

RequestKind matches the type of original API request, in the case that there's several kinds that match the same object (e.g: deployments can be modified via apps/v1 ad apps/v1beta1), and conversion was performed.

The AdmissionRequests use AdmissionRequest.Kind to match the rule of the webhook registered for, hence RequestKind is there for book-keeping.

Set RequestKind, which gets consumed later on in policy-server to set the metrics baggage:
https://github.com/kubewarden/policy-server/blob/63c9f32052b7ced50b4007e8ce0b5ed27392aa7f/src/worker.rs#L226

Test

Built an audit-scanner image with the fix and tested that kubewarden_policy_evaluations_total now contain resource_kind:

Before:

kubewarden_policy_evaluations_total{accepted="true", container="otc-container", endpoint="metrics", exported_job="unknown_service", instance="10.244.0.165:8080", job="policy-server-default", mutated="false", namespace="kubewarden", pod="policy-server-default-fd79dc9-8mf6b", policy_mode="monitor", policy_name="clusterwide-no-privileged-pod", request_origin="audit", resource_namespace="prometheus", resource_request_operation="CREATE", service="policy-server-default"}

After:

kubewarden_policy_evaluations_total{accepted="false", container="otc-container", endpoint="metrics", exported_job="unknown_service", instance="10.244.0.165:8080", job="policy-server-default", mutated="false", namespace="kubewarden", pod="policy-server-default-fd79dc9-8mf6b", policy_mode="monitor", policy_name="clusterwide-no-privileged-pod", request_origin="validate",
resource_kind="Pod",    <----
 resource_namespace="default", resource_request_operation="CREATE", service="policy-server-default"}

Didn't add unit tests, as there's not much to do there. Integration tests would be too much.

Additional Information

Tradeoff

Potential improvement

@viccuad
fix: Set AdmissionRequest{}.RequestKind
6714ddf 
`RequestKind` matches the type of original API request, in the case that
there's several kinds that match the same object (e.g: deployments can
be modified via `apps/v1` ad `apps/v1beta1`), and conversion was
performed.

The `AdmissionRequests` use `AdmissionRequest.Kind` to match the rule of
the webhook registered for, hence `RequestKind` is there for
book-keeping.

Set `RequestKind`, which gets consumed later on in policy-server to set
the metrics baggage:
https://github.com/kubewarden/policy-server/blob/63c9f32052b7ced50b4007e8ce0b5ed27392aa7f/src/worker.rs#L226

Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
@viccuad viccuad requested a review from a team as a code owner December 5, 2023 11:37
@viccuad viccuad merged commit ee825ae into kubewarden:main Dec 6, 2023
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabriziosestito fabriziosestito fabriziosestito approved these changes

@jvanz jvanz jvanz approved these changes

Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

resource_kind isn't available as metrics baggage in kubewarden_policy_evaluations_total
3 participants
@viccuad @fabriziosestito @jvanz