Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-15244

Add Kyverno policy and audit results to the discovered policies table

XMLWordPrintable

    • 3
    • False
    • None
    • False
    • Hide

      Provide the required acceptance criteria using this template.
      * ...
      Show
      Provide the required acceptance criteria using this template. * ...
    • ACM-14724 - UI support for Kyverno policies
    • GRC Sprint 2024-21, GRC Sprint 2024-22
    • None

      Value Statement

      • As a Kyverno policy user, I can go to the Discovered policies dashboard and view the Kyverno policies I have deployed across the fleet
        • Name
        • Engine - Kyverno (w/ icon)
        • Kind - ClusterPolicy / Policy
        • Response action - spec.validationFailureAction (Enforce/Audit)
        • Source
        • Severity (same as how Gatekeeper works)
        • Cluster violations (from Cluster/PolicyReport) (# of clusters violating the policy)
      • As a Kyverno policy user, I can drill into a given policy and view the related clusters that have it deployed (same as Gatekeeper)
        • Cluster name
        • Severity
        • Source
        • Violations (# of violation instances on the cluster)
      • As a Kyverno policy user, I can drill into a given policy instance on a cluster to view more details
      • Add "Audit violation"/"No violation" badge in the details page header for Kyverno (like ConfigurationPolicy)
      • Add violation number next to the Kyverno policy name
      • Display the rules types such as validate or mutate in the details page

       

      The VAP and VAPB relationship will be handled separately. Showing the policy report message will also be handled separately.

      Definition of Done for Engineering Story Owner (Checklist)

      • As a Kyverno policy user, I can go to the Discovered policies dashboard and view the Kyverno policies I have deployed across the fleet
        • Name
        • Engine - Kyverno (w/ icon)
        • Kind - ClusterPolicy / Policy
        • Response action - spec.validationFailureAction (Enforce/Audit)
        • Source
        • Severity (same as how Gatekeeper works)
        • Cluster violations (from Cluster/PolicyReport) (# of clusters violating the policy)
      • As a Kyverno policy user, I can drill into a given policy and view the related clusters that have it deployed (same as Gatekeeper)
        • Cluster name
        • Severity
        • Source
        • Violations (# of violation instances on the cluster)
      • As a Kyverno policy user, I can drill into a given policy instance on a cluster to view more details

      Development Complete

      • The code is complete.
      • Functionality is working.
      • Any required downstream Docker file changes are made.

      Tests Automated

      • [x] Unit/function tests have been automated and incorporated into the
        build.
      • [x] 100% automated unit/function test coverage for new or changed APIs.

      Secure Design

      • [x] Security has been assessed and incorporated into your threat model.

      Multidisciplinary Teams Readiness

      • [] Create an informative documentation issue using the Customer

      Portal Doc template that you can access from [The Playbook](

      https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

      and ensure doc acceptance criteria is met.

      • Call out this sentence as it's own action:
      • [ ] Link the development issue to the doc issue.

      Support Readiness

      • [x] The must-gather script has been updated.

              yikim@redhat.com Yi Rae Kim
              mprahl Matthew Prahl
              Derek Ho Derek Ho
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: