MCPcopy
hub / github.com/open-policy-agent/gatekeeper / auditFromCache

Method auditFromCache

pkg/audit/manager.go:579–646  ·  view source on GitHub ↗
(ctx context.Context)

Source from the content-addressed store, hash-verified

577}
578
579func (am *Manager) auditFromCache(ctx context.Context) ([]Result, []error) {
580 objs, err := am.auditCache.ListObjects(ctx)
581 if err != nil {
582 return nil, []error{fmt.Errorf("unable to list objects from audit cache: %w", err)}
583 }
584 nsMap, err := nsMapFromObjs(objs)
585 if err != nil {
586 return nil, []error{fmt.Errorf("unable to build namespaces from cache: %w", err)}
587 }
588
589 var results []Result
590
591 var errs []error
592 for i := range objs {
593 // Prevent referencing loop variables directly.
594 obj := objs[i]
595 ns, exists := nsMap[obj.GetNamespace()]
596 if !exists {
597 ns = nil
598 }
599
600 excluded, err := am.skipExcludedNamespace(&obj)
601 if err != nil {
602 am.log.Error(err, fmt.Sprintf("Unable to exclude object namespace for audit from cache %v %s/%s", obj.GroupVersionKind().String(), obj.GetNamespace(), obj.GetName()))
603 continue
604 }
605
606 if excluded {
607 am.log.V(logging.DebugLevel).Info(fmt.Sprintf("excluding object from audit from cache %v %s/%s", obj.GroupVersionKind().String(), obj.GetNamespace(), obj.GetName()))
608 continue
609 }
610
611 au := &target.AugmentedUnstructured{
612 Object: obj,
613 Namespace: ns,
614 }
615 opts := []reviews.ReviewOpt{
616 reviews.EnforcementPoint(util.AuditEnforcementPoint),
617 reviews.Stats(*logStatsAudit),
618 }
619 if opt := util.NamespaceReviewOpt(ns, am.log); opt != nil {
620 opts = append(opts, opt)
621 }
622 resp, err := am.opa.Review(ctx, au, opts...)
623 if err != nil {
624 am.log.Error(err, fmt.Sprintf("Unable to review object from audit cache %v %s/%s", obj.GroupVersionKind().String(), obj.GetNamespace(), obj.GetName()))
625 continue
626 }
627
628 if *logStatsAudit {
629 logging.LogStatsEntries(
630 am.opa,
631 am.log.WithValues(logging.EventType, "audit_cache_stats"),
632 resp.StatsEntries,
633 "audit from cache review request stats",
634 )
635 }
636

Callers 2

Test_auditFromCacheFunction · 0.95
auditMethod · 0.95

Calls 11

skipExcludedNamespaceMethod · 0.95
NamespaceReviewOptFunction · 0.92
LogStatsEntriesFunction · 0.92
nsMapFromObjsFunction · 0.85
ListObjectsMethod · 0.80
ReviewMethod · 0.80
ResultsMethod · 0.80
GetNamespaceMethod · 0.65
StringMethod · 0.65
GetNameMethod · 0.65
ErrorMethod · 0.45

Tested by 1

Test_auditFromCacheFunction · 0.76