Fixes (#288)

Author: jdesouza

cmd/insights/insights

@@ -24,23 +24,19 @@ import (
 
 var pushKyvernoPoliciesSubDir string
 var pushSpecificPolicies []string
-var pushSkipValidation bool
-var pushForce bool
 
 const defaultPushKyvernoPoliciesSubDir = "kyverno-policies"
 
 func init() {
 	pushKyvernoPoliciesCmd.PersistentFlags().StringVarP(&pushKyvernoPoliciesSubDir, "push-kyverno-policies-subdirectory", "s", defaultPushKyvernoPoliciesSubDir, "Sub-directory within push-directory, to contain Kyverno policies.")
 	pushKyvernoPoliciesCmd.PersistentFlags().StringSliceVarP(&pushSpecificPolicies, "policies", "p", []string{}, "Specific policy names to push (e.g., require-labels,disallow-privileged). If not specified, all policies will be pushed.")
-	pushKyvernoPoliciesCmd.PersistentFlags().BoolVar(&pushSkipValidation, "skip-validation", false, "Skip validation before pushing (not recommended).")
-	pushKyvernoPoliciesCmd.PersistentFlags().BoolVar(&pushForce, "force", false, "Force push even if validation fails (use with extreme caution).")
 	pushCmd.AddCommand(pushKyvernoPoliciesCmd)
 }
 
 var pushKyvernoPoliciesCmd = &cobra.Command{
 	Use:   "kyverno-policies [-p policy1,policy2]",
 	Short: "Push Kyverno policies from local files to Insights.",
-	Long:  "Push Kyverno policies from local files to Insights. This command automatically validates all policies before pushing. If ANY validation fails, the push operation is aborted unless --force is used.",
+	Long:  "Push Kyverno policies from local files to Insights. We recommend validating policies before pushing. For validating you need to provide samples in the form of .success.yaml and .failure.yaml files.",
 	Example: `
 	# Push all policies from the default subdirectory
 	insights-cli push kyverno-policies
@@ -108,62 +104,6 @@ var pushKyvernoPoliciesCmd = &cobra.Command{
 			return
 		}
 
-		// Validate policies before pushing (unless skipped or forced)
-		if !pushSkipValidation {
-			logrus.Info("Validating policies before push...")
-
-			// Discover all policies and test cases for validation
-			policiesWithTestCases, err := kyverno.DiscoverPoliciesAndTestCases(policyDir)
-			if err != nil {
-				logrus.Fatalf("Unable to discover policies for validation: %v", err)
-			}
-
-			// Validate each policy that will be pushed
-			validationFailed := false
-			for _, policyToPush := range policiesToPush {
-				logrus.Infof("Validating policy: %s", policyToPush.Name)
-
-				// Find test cases for this policy
-				var testCases []kyverno.TestResource
-				for _, policyWithTestCases := range policiesWithTestCases {
-					if policyWithTestCases.Policy.Name == policyToPush.Name {
-						testCases = policyWithTestCases.TestCases
-						break
-					}
-				}
-
-				// Validate the policy
-				result, err := kyverno.ValidateKyvernoPolicy(
-					client, org, policyToPush, testCases, true)
-				if err != nil {
-					logrus.Errorf("Unable to validate policy %s: %v", policyToPush.Name, err)
-					validationFailed = true
-					continue
-				}
-
-				// Display validation results
-				displayValidationResults(result, testCases)
-				if !determineActualValidationResult(result, testCases) {
-					logrus.Errorf("Policy %s failed validation", policyToPush.Name)
-					validationFailed = true
-				} else {
-					logrus.Infof("Policy %s passed validation", policyToPush.Name)
-				}
-			}
-
-			// If ANY validation failed, check if force push is enabled
-			if validationFailed {
-				if pushForce {
-					logrus.Warnf("Validation failed but --force flag is set. Proceeding with push anyway...")
-					logrus.Warnf("WARNING: You are pushing policies that failed validation!")
-				} else {
-					logrus.Fatalf("Push aborted: One or more policies failed validation. Please fix the issues before pushing to Insights, or use --force to override.")
-				}
-			} else {
-				logrus.Info("All policies validated successfully!")
-			}
-		}
-
 		if pushDryRun {
 			logrus.Infof("Dry run: Would synchronize %d Kyverno policies with Insights:", len(policiesToPush))
 			for _, policy := range policiesToPush {
@@ -172,9 +112,6 @@ var pushKyvernoPoliciesCmd = &cobra.Command{
 			if pushDelete {
 				logrus.Info("Dry run: Would delete policies that exist in Insights but not locally")
 			}
-			if pushForce {
-				logrus.Warnf("Dry run: Force push is enabled - validation failures would be ignored")
-			}
 			return
 		}
 
@@ -184,10 +121,6 @@ var pushKyvernoPoliciesCmd = &cobra.Command{
 			logrus.Fatalf("Unable to synchronize kyverno-policies with Insights: %v", err)
 		}
 
-		if pushForce {
-			logrus.Warnf("Force push completed. Policies have been pushed to Insights despite validation failures.")
-		} else {
-			logrus.Infoln("Successfully synchronized kyverno-policies with Insights.")
-		}
+		logrus.Infoln("Successfully synchronized kyverno-policies with Insights.")
 	},
 }

pkg/cli/push_kyverno_policies.go

@@ -25,16 +25,16 @@ import (
 
 // KyvernoPolicy represents a Kyverno policy
 type KyvernoPolicy struct {
-	Name              string                 `json:"name" yaml:"metadata.name"`
-	Kind              string                 `json:"kind" yaml:"kind"`
-	APIVersion        string                 `json:"api_version" yaml:"apiVersion"`
-	Labels            map[string]interface{} `json:"labels,omitempty" yaml:"metadata.labels"`
-	Annotations       map[string]interface{} `json:"annotations,omitempty" yaml:"metadata.annotations"`
-	Spec              map[string]interface{} `json:"spec" yaml:"spec"`
-	Status            map[string]interface{} `json:"status,omitempty"`
-	ManagedByInsights *bool                  `json:"managed_by_insights,omitempty" yaml:"managedByInsights,omitempty"`
-	CreatedAt         *time.Time             `json:"created_at,omitempty"`
-	UpdatedAt         *time.Time             `json:"updated_at,omitempty"`
+	Name              string         `json:"name" yaml:"metadata.name"`
+	Kind              string         `json:"kind" yaml:"kind"`
+	APIVersion        string         `json:"apiVersion" yaml:"apiVersion"`
+	Labels            map[string]any `json:"labels,omitempty" yaml:"metadata.labels"`
+	Annotations       map[string]any `json:"annotations,omitempty" yaml:"metadata.annotations"`
+	Spec              map[string]any `json:"spec" yaml:"spec"`
+	Status            map[string]any `json:"status,omitempty"`
+	ManagedByInsights *bool          `json:"managedByInsights,omitempty" yaml:"managedByInsights,omitempty"`
+	CreatedAt         *time.Time     `json:"createdAt,omitempty" yaml:"createdAt,omitempty"`
+	UpdatedAt         *time.Time     `json:"updatedAt,omitempty" yaml:"updatedAt,omitempty"`
 }
 
 func (k KyvernoPolicy) GetYamlBytes() ([]byte, error) {
@@ -178,14 +178,14 @@ type KyvernoPolicyList struct {
 
 // KyvernoPolicyInput represents the input format expected by the API
 type KyvernoPolicyInput struct {
-	Name              string                  `json:"name"`
-	Kind              string                  `json:"kind"`
-	APIVersion        string                  `json:"apiVersion"`
-	Labels            map[string]string       `json:"labels,omitempty"`
-	Annotations       map[string]string       `json:"annotations,omitempty"`
-	Spec              map[string]interface{}  `json:"spec"`
-	Status            *map[string]interface{} `json:"status,omitempty"`
-	ManagedByInsights *bool                   `json:"managedByInsights,omitempty"`
+	Name              string            `json:"name"`
+	Kind              string            `json:"kind"`
+	APIVersion        string            `json:"apiVersion"`
+	Labels            map[string]string `json:"labels,omitempty"`
+	Annotations       map[string]string `json:"annotations,omitempty"`
+	Spec              map[string]any    `json:"spec"`
+	Status            *map[string]any   `json:"status,omitempty"`
+	ManagedByInsights *bool             `json:"managedByInsights,omitempty"`
 }
 
 // ValidationRequest represents the request format for policy validation
@@ -196,15 +196,15 @@ type ValidationRequest struct {
 
 // ToKyvernoPolicyInput converts a KyvernoPolicy to KyvernoPolicyInput format
 func (k KyvernoPolicy) ToKyvernoPolicyInput() KyvernoPolicyInput {
-	// Convert labels from map[string]interface{} to map[string]string
+	// Convert labels from map[string]any to map[string]string
 	labels := make(map[string]string)
 	for key, value := range k.Labels {
 		if str, ok := value.(string); ok {
 			labels[key] = str
 		}
 	}
 
-	// Convert annotations from map[string]interface{} to map[string]string
+	// Convert annotations from map[string]any to map[string]string
 	annotations := make(map[string]string)
 	for key, value := range k.Annotations {
 		if str, ok := value.(string); ok {
@@ -213,7 +213,7 @@ func (k KyvernoPolicy) ToKyvernoPolicyInput() KyvernoPolicyInput {
 	}
 
 	// Convert status to pointer if it exists
-	var status *map[string]interface{}
+	var status *map[string]any
 	if k.Status != nil {
 		status = &k.Status
 	}