Merge pull request #224 from oneiro-naut/fix-213

Change log action from Allow to Audit if its audit mode
kubearmor · Jul 29, 2021 · 515b037 · 515b037
2 parents bf3be83 + c7a7682
commit 515b037
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/KubeArmor/feeder/policyMatcher.go b/KubeArmor/feeder/policyMatcher.go
@@ -908,6 +908,14 @@ func (fd *Feeder) UpdateMatchedPolicy(log tp.Log) tp.Log {
 				return log
 			}
 		} else if log.Type == "MatchedPolicy" {
+			if log.PolicyEnabled == tp.KubeArmorPolicyAudited {
+				if log.Action == "Allow" {
+					log.Action = "Audit (Allow)"
+				} else if log.Action == "Block" {
+					log.Action = "Audit (Block)"
+				}
+			}
+
 			if log.Action == "Allow" && log.Result == "Passed" {
 				// use 'AllowWithAudit' to get the logs for allowed operations
 				return tp.Log{}