| 577 | } |
| 578 | |
| 579 | func (am *Manager) auditFromCache(ctx context.Context) ([]Result, []error) { |
| 580 | objs, err := am.auditCache.ListObjects(ctx) |
| 581 | if err != nil { |
| 582 | return nil, []error{fmt.Errorf("unable to list objects from audit cache: %w", err)} |
| 583 | } |
| 584 | nsMap, err := nsMapFromObjs(objs) |
| 585 | if err != nil { |
| 586 | return nil, []error{fmt.Errorf("unable to build namespaces from cache: %w", err)} |
| 587 | } |
| 588 | |
| 589 | var results []Result |
| 590 | |
| 591 | var errs []error |
| 592 | for i := range objs { |
| 593 | // Prevent referencing loop variables directly. |
| 594 | obj := objs[i] |
| 595 | ns, exists := nsMap[obj.GetNamespace()] |
| 596 | if !exists { |
| 597 | ns = nil |
| 598 | } |
| 599 | |
| 600 | excluded, err := am.skipExcludedNamespace(&obj) |
| 601 | if err != nil { |
| 602 | am.log.Error(err, fmt.Sprintf("Unable to exclude object namespace for audit from cache %v %s/%s", obj.GroupVersionKind().String(), obj.GetNamespace(), obj.GetName())) |
| 603 | continue |
| 604 | } |
| 605 | |
| 606 | if excluded { |
| 607 | am.log.V(logging.DebugLevel).Info(fmt.Sprintf("excluding object from audit from cache %v %s/%s", obj.GroupVersionKind().String(), obj.GetNamespace(), obj.GetName())) |
| 608 | continue |
| 609 | } |
| 610 | |
| 611 | au := &target.AugmentedUnstructured{ |
| 612 | Object: obj, |
| 613 | Namespace: ns, |
| 614 | } |
| 615 | opts := []reviews.ReviewOpt{ |
| 616 | reviews.EnforcementPoint(util.AuditEnforcementPoint), |
| 617 | reviews.Stats(*logStatsAudit), |
| 618 | } |
| 619 | if opt := util.NamespaceReviewOpt(ns, am.log); opt != nil { |
| 620 | opts = append(opts, opt) |
| 621 | } |
| 622 | resp, err := am.opa.Review(ctx, au, opts...) |
| 623 | if err != nil { |
| 624 | am.log.Error(err, fmt.Sprintf("Unable to review object from audit cache %v %s/%s", obj.GroupVersionKind().String(), obj.GetNamespace(), obj.GetName())) |
| 625 | continue |
| 626 | } |
| 627 | |
| 628 | if *logStatsAudit { |
| 629 | logging.LogStatsEntries( |
| 630 | am.opa, |
| 631 | am.log.WithValues(logging.EventType, "audit_cache_stats"), |
| 632 | resp.StatsEntries, |
| 633 | "audit from cache review request stats", |
| 634 | ) |
| 635 | } |
| 636 | |