Skip to content

Commit

Permalink
chore(policies): log policy violations (chainloop-dev#1102)
Browse files Browse the repository at this point in the history 
Signed-off-by: Jose I. Paris <[email protected]>
  • Loading branch information
@jiparis
jiparis authored Jul 17, 2024
1 parent 8bb4104 commit ca2b646
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 0 deletions.
2 changes: 2 additions & 0 deletions internal/attestation/crafter/crafter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -577,6 +577,8 @@ func (c *Crafter) addMaterial(ctx context.Context, m *schemaapi.CraftingSchema_M
if err != nil {
return fmt.Errorf("error applying policies to material: %w", err)
}
// log policy violations
policies.LogPolicyViolations(policyResults, c.logger)
// store policy results
c.CraftingState.Attestation.PolicyEvaluations = append(c.CraftingState.Attestation.PolicyEvaluations, policyResults...)

Expand Down
2 changes: 2 additions & 0 deletions internal/attestation/renderer/renderer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,8 @@ func (ab *AttestationRenderer) Render(ctx context.Context) (*dsse.Envelope, erro
if err != nil {
return nil, fmt.Errorf("applying policies to statement: %w", err)
}
// log policy violations
policies.LogPolicyViolations(policyResults, &ab.logger)

// insert attestation level policy results into statement
if err = addPolicyResults(statement, policyResults); err != nil {
Expand Down
11 changes: 11 additions & 0 deletions pkg/policies/policies.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -316,3 +316,14 @@ func LoadPolicyScriptFromSpec(spec *v1.Policy) (*engine.Policy, error) {
Source: content,
}, nil
}

func LogPolicyViolations(evaluations []*v12.PolicyEvaluation, logger *zerolog.Logger) {
for _, policyEval := range evaluations {
if len(policyEval.Violations) > 0 {
logger.Warn().Msgf("found policy violations (%s) for %s", policyEval.Name, policyEval.MaterialName)
for _, v := range policyEval.Violations {
logger.Warn().Msgf(" - %s", v.Message)
}
}
}
}

0 comments on commit ca2b646

Please sign in to comment.