-
Story
-
Resolution: Unresolved
-
Undefined
-
ACM 2.13.0
-
3
-
False
-
None
-
False
-
-
ACM-14724 - UI support for Kyverno policies
-
-
-
GRC Sprint 2024-21, GRC Sprint 2024-22
-
None
Value Statement
- As a Kyverno policy user, I can go to the Discovered policies dashboard and view the Kyverno policies I have deployed across the fleet
- Name
- Engine - Kyverno (w/ icon)
- Kind - ClusterPolicy / Policy
- Response action - spec.validationFailureAction (Enforce/Audit)
- Source
- Severity (same as how Gatekeeper works)
- Cluster violations (from Cluster/PolicyReport) (# of clusters violating the policy)
- As a Kyverno policy user, I can drill into a given policy and view the related clusters that have it deployed (same as Gatekeeper)
- Cluster name
- Severity
- Source
- Violations (# of violation instances on the cluster)
- As a Kyverno policy user, I can drill into a given policy instance on a cluster to view more details
- Add "Audit violation"/"No violation" badge in the details page header for Kyverno (like ConfigurationPolicy)
- Add violation number next to the Kyverno policy name
- Display the rules types such as validate or mutate in the details page
The VAP and VAPB relationship will be handled separately. Showing the policy report message will also be handled separately.
Definition of Done for Engineering Story Owner (Checklist)
- As a Kyverno policy user, I can go to the Discovered policies dashboard and view the Kyverno policies I have deployed across the fleet
- Name
- Engine - Kyverno (w/ icon)
- Kind - ClusterPolicy / Policy
- Response action - spec.validationFailureAction (Enforce/Audit)
- Source
- Severity (same as how Gatekeeper works)
- Cluster violations (from Cluster/PolicyReport) (# of clusters violating the policy)
- As a Kyverno policy user, I can drill into a given policy and view the related clusters that have it deployed (same as Gatekeeper)
- Cluster name
- Severity
- Source
- Violations (# of violation instances on the cluster)
- As a Kyverno policy user, I can drill into a given policy instance on a cluster to view more details
Development Complete
- The code is complete.
- Functionality is working.
- Any required downstream Docker file changes are made.
Tests Automated
- [x] Unit/function tests have been automated and incorporated into the
build. - [x] 100% automated unit/function test coverage for new or changed APIs.
Secure Design
- [x] Security has been assessed and incorporated into your threat model.
Multidisciplinary Teams Readiness
- [] Create an informative documentation issue using the Customer
Portal Doc template that you can access from [The Playbook](
and ensure doc acceptance criteria is met.
- Call out this sentence as it's own action:
- [ ] Link the development issue to the doc issue.
Support Readiness
- [x] The must-gather script has been updated.
- causes
-
ACM-16297 [Doc]Add Kyverno policy and audit results to the discovered policies table
- Backlog
- is depended on by
-
ACM-15245 Add the VAPB and VAP relationship to Kyverno policies
- Closed
- is duplicated by
-
ACM-15318 Improve Kyverno user experience on discovered policy
- Review
- is related to
-
ACM-15318 Improve Kyverno user experience on discovered policy
- Review