Add Kyverno policy and audit results to the discovered policies table (stolostron#4016)

Ref: https://issues.redhat.com/browse/ACM-15244

Signed-off-by: yiraeChristineKim <yikim@redhat.com>

Author: yiraeChristineKim

frontend/public/locales/en/translation.json

@@ -3178,6 +3178,7 @@
   "View logs in Search details": "View logs in Search details",
   "View MultiClusterHubs": "View MultiClusterHubs",
   "View Pod YAML and Logs": "View Pod YAML and Logs",
+  "View policy report": "View policy report",
   "View Red Hat Insights": "View Red Hat Insights",
   "View related resources": "View related resources",
   "View resource YAML": "View resource YAML",

frontend/src/logos/kyverno.svg

@@ -1,7 +1,13 @@
 /* Copyright Contributors to the Open Cluster Management project */
 'use strict'
 
-import { hasInformOnlyPolicies, getPolicyRemediation, resolveExternalStatus, parseStringMap } from './util'
+import {
+  hasInformOnlyPolicies,
+  getPolicyRemediation,
+  resolveExternalStatus,
+  parseStringMap,
+  collectKinds,
+} from './util'
 import { PolicyTableItem } from '../policies/Policies'
 import { Policy, PolicyTemplate, REMEDIATION_ACTION } from '../../../resources'
 import { cloneDeep } from 'lodash'
@@ -901,3 +907,52 @@ describe('Test parseStringValue', () => {
     )
   })
 })
+
+describe('Test collectKinds', () => {
+  const mock = {
+    rules: [
+      {
+        name: 'require-team-label',
+        match: {
+          any: [
+            {
+              resources: {
+                kinds: ['Pod', 'Certificate'],
+              },
+            },
+          ],
+        },
+      },
+      {
+        name: 'require-team-label',
+        match: {
+          all: [
+            {
+              resources: {
+                kinds: ['ConfigurationPolicy'],
+              },
+            },
+            {
+              resources: {
+                kinds: ['ConfigMap'],
+              },
+            },
+          ],
+        },
+      },
+      {
+        name: 'require-team-label',
+        match: {
+          resources: {
+            resources: {
+              kinds: ['ConfigurationPolicy'],
+            },
+          },
+        },
+      },
+    ],
+  }
+  test('findKey should correctly find kinds values in Kyverno', () => {
+    expect(collectKinds(mock)).toMatchObject(['Pod', 'Certificate', 'ConfigurationPolicy', 'ConfigMap'])
+  })
+})

frontend/src/routes/Governance/common/util.test.tsx

@@ -31,6 +31,8 @@ import { DiscoveredPolicyItem } from '../discovered/useFetchPolicies'
 import GatekeeperSvg from '../../../logos/gatekeeper.svg'
 import OcmSvg from '../../../logos/ocm.svg'
 import Kubernetes from '../../../logos/kubernetes.svg'
+import KyvernoSvg from '../../../logos/kyverno.svg'
+import { uniq } from 'lodash'
 export interface PolicyCompliance {
   policyName: string
   policyNamespace: string
@@ -714,6 +716,8 @@ export function getEngineString(apiGroup: string): string {
       return 'Gatekeeper'
     case 'admissionregistration.k8s.io':
       return 'Kubernetes'
+    case 'kyverno.io':
+      return 'Kyverno'
     default:
       return 'Unknown'
   }
@@ -733,6 +737,9 @@ export function getEngineWithSvg(apiGroup: string): JSX.Element {
     case 'Kubernetes':
       logo = <Kubernetes />
       break
+    case 'Kyverno':
+      logo = <KyvernoSvg />
+      break
     default:
       return <>Unknown</>
   }
@@ -772,3 +779,21 @@ export const parseDiscoveredPolicies = (data: any): any => {
     return v
   })
 }
+
+// Used for collecting all kinds in Kyverno Policy
+export const collectKinds = (obj: object): string[] => {
+  let collected: string[] = []
+  const fnd = (obj: object) => {
+    for (const [k, v] of Object.entries(obj)) {
+      if (k === 'kinds') {
+        collected = collected.concat(v)
+      }
+      if (typeof v === 'object') {
+        fnd(v)
+      }
+    }
+  }
+
+  fnd(obj)
+  return uniq(collected)
+}

frontend/src/routes/Governance/common/util.tsx

@@ -11,7 +11,7 @@ import {
   getSeverityFilter,
   getSourceFilterOptions,
   DiscoveredViolationsCard,
-  getConstraintCompliance,
+  getTotalViolationsCompliance,
   policyViolationSummary,
 } from './common'
 import { useMemo } from 'react'
@@ -127,7 +127,7 @@ export default function DiscoveredByCluster({
                 let compliant: string
 
                 if (item.apigroup === 'constraints.gatekeeper.sh') {
-                  compliant = getConstraintCompliance(item?.totalViolations)
+                  compliant = getTotalViolationsCompliance(item?.totalViolations)
                 } else {
                   compliant = item?.compliant?.toLowerCase() ?? ''
                 }

frontend/src/routes/Governance/discovered/ByCluster/DiscoveredByCluster.tsx

@@ -1,7 +1,12 @@
 /* Copyright Contributors to the Open Cluster Management project */
 import { render } from '@testing-library/react'
 import { DiscoveredPolicyItem } from '../useFetchPolicies'
-import { convertYesNoCell, getConstraintCompliance, DiscoveredViolationsCard, policyViolationSummary } from './common'
+import {
+  convertYesNoCell,
+  getTotalViolationsCompliance,
+  DiscoveredViolationsCard,
+  policyViolationSummary,
+} from './common'
 import { waitForText } from '../../../../lib/test-util'
 import i18next from 'i18next'
 import { MemoryRouter } from 'react-router-dom-v5-compat'
@@ -150,10 +155,10 @@ describe('ByCluster common component test', () => {
   })
 })
 
-describe('getConstraintCompliance', () => {
-  test('getConstraintCompliance should work properly', () => {
-    expect(getConstraintCompliance(0)).toEqual('compliant')
-    expect(getConstraintCompliance(1)).toEqual('noncompliant')
-    expect(getConstraintCompliance(undefined)).toEqual('-')
+describe('getTotalViolationsCompliance', () => {
+  test('getTotalViolationsCompliance should work properly', () => {
+    expect(getTotalViolationsCompliance(0)).toEqual('compliant')
+    expect(getTotalViolationsCompliance(1)).toEqual('noncompliant')
+    expect(getTotalViolationsCompliance(undefined)).toEqual('-')
   })
 })

frontend/src/routes/Governance/discovered/ByCluster/common.test.tsx

@@ -23,9 +23,9 @@ export const policyViolationSummary = (discoveredPolicyItems: DiscoveredPolicyIt
   let unknown = 0
   for (const policy of discoveredPolicyItems) {
     let compliance: string
-
-    if (policy.apigroup === 'constraints.gatekeeper.sh') {
-      compliance = getConstraintCompliance(policy?.totalViolations)
+    // Kyverno resources also use the totalViolations field
+    if (['constraints.gatekeeper.sh', 'kyverno.io'].includes(policy.apigroup)) {
+      compliance = getTotalViolationsCompliance(policy?.totalViolations)
     } else {
       compliance = policy?.compliant?.toLowerCase() ?? ''
     }
@@ -49,7 +49,7 @@ export const policyViolationSummary = (discoveredPolicyItems: DiscoveredPolicyIt
   return { noncompliant, compliant, pending, unknown }
 }
 
-export const getConstraintCompliance = (totalViolations?: number): string => {
+export const getTotalViolationsCompliance = (totalViolations?: number): string => {
   totalViolations = totalViolations ?? -1
 
   if (totalViolations === 0) {
@@ -135,8 +135,8 @@ export const byClusterCols = (
           cell: (item: DiscoveredPolicyItem) => {
             let compliant: string
 
-            if (item.apigroup === 'constraints.gatekeeper.sh') {
-              compliant = getConstraintCompliance(item?.totalViolations)
+            if (['constraints.gatekeeper.sh', 'kyverno.io'].includes(item.apigroup)) {
+              compliant = getTotalViolationsCompliance(item?.totalViolations)
             } else {
               compliant = item?.compliant?.toLowerCase() ?? ''
             }
@@ -180,7 +180,7 @@ export const byClusterCols = (
           id: 'violations',
           exportContent: (item: DiscoveredPolicyItem) => {
             if (item.apigroup === 'constraints.gatekeeper.sh') {
-              const compliant = getConstraintCompliance(item?.totalViolations)
+              const compliant = getTotalViolationsCompliance(item?.totalViolations)
 
               if (compliant === 'noncompliant') {
                 return compliant + ' (' + item.totalViolations + ')'