mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
kyverno/pkg/background/common/util.go

102 lines
3.6 KiB
Go
Raw Normal View History

refactor generate controller (#3589) * refact generate controller Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * rename the dir to background Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-04-13 18:15:04 +05:30
package common
fix(generate): use JSON patch for GenerateRequests status updates (#3000) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>
2022-01-18 20:23:48 +05:30
import (
"context"
fix: extend retry function to mutate rules (#8100) Uses the UpdateRetryAnnotation mechanism already implemented in generate rules for mutate rules. This fixes the issue that UpdateRequests keep existing indefinitely when the original trigger resource was deleted. Signed-off-by: Ströger Florian <stroeger@youniqx.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 14:24:57 +02:00
"fmt"
"strconv"
fix(generate): use JSON patch for GenerateRequests status updates (#3000) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>
2022-01-18 20:23:48 +05:30
fix: move ur controller filtering in reconciler (#3964) * fix: move ur controller filtering in reconciler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: mark ur retry on conflict Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: test data Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: add filter back in update ur handler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: added some logs about attempts and increased backoff Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: reconciliation logic Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: Test_Generate_Synchronize_Flag Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: small nits Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-19 18:06:56 +02:00
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
chore: make kyverno api import aliases consistent (#3939) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-17 13:12:43 +02:00
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
refactor: client wrappers (#4519) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-09-07 06:01:43 +02:00
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
fix: move ur controller filtering in reconciler (#3964) * fix: move ur controller filtering in reconciler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: mark ur retry on conflict Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: test data Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: add filter back in update ur handler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: added some logs about attempts and increased backoff Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: reconciliation logic Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: Test_Generate_Synchronize_Flag Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: small nits Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-19 18:06:56 +02:00
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
fix(generate): use JSON patch for GenerateRequests status updates (#3000) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>
2022-01-18 20:23:48 +05:30
"github.com/kyverno/kyverno/pkg/config"
add package logger in files (#4766) * add package logger in files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add package logger to initContainer and other files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * helm docs Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * helm default values Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * release notes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-02 20:45:03 +01:00
"github.com/kyverno/kyverno/pkg/logging"
fix: failed to update UR status (#6676) * reconcile failed URs Signed-off-by: ShutingZhao <shuting@nirmata.com> * - getting URs by client; - lose ur status update; Signed-off-by: ShutingZhao <shuting@nirmata.com> * retry if the trigger is in termination Signed-off-by: ShutingZhao <shuting@nirmata.com> * set retry limit to 3 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-27 16:44:12 +08:00
errors "github.com/pkg/errors"
fix(generate): use JSON patch for GenerateRequests status updates (#3000) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>
2022-01-18 20:23:48 +05:30
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
fix: delete downstream for a generate rule removal, with data and sync (#6393) * remove policy handler for updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove policy update handler from the ur controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * rework cleanup downstream on policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix downstream deletion on data rule removal Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for clusterpolicy Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * add delays Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix name assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> * delete downstream when deletes the clone source Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-source Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-downstream Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-data-sync-modify-rule Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix labels Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy assertions Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix annotation missing names Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove dead code Signed-off-by: ShutingZhao <shuting@nirmata.com> * create unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * create more unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2023-03-01 11:48:18 +08:00
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
fix(generate): use JSON patch for GenerateRequests status updates (#3000) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>
2022-01-18 20:23:48 +05:30
)
fix: failed to update UR status (#6676) * reconcile failed URs Signed-off-by: ShutingZhao <shuting@nirmata.com> * - getting URs by client; - lose ur status update; Signed-off-by: ShutingZhao <shuting@nirmata.com> * retry if the trigger is in termination Signed-off-by: ShutingZhao <shuting@nirmata.com> * set retry limit to 3 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-27 16:44:12 +08:00
func UpdateStatus(client versioned.Interface, urLister kyvernov1beta1listers.UpdateRequestNamespaceLister, name string, state kyvernov1beta1.UpdateRequestState, message string, genResources []kyvernov1.ResourceSpec) (*kyvernov1beta1.UpdateRequest, error) {
var latest *kyvernov1beta1.UpdateRequest
ur, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Get(context.TODO(), name, metav1.GetOptions{})
fix: move ur controller filtering in reconciler (#3964) * fix: move ur controller filtering in reconciler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: mark ur retry on conflict Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: test data Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: add filter back in update ur handler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: added some logs about attempts and increased backoff Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: reconciliation logic Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: Test_Generate_Synchronize_Flag Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: small nits Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-19 18:06:56 +02:00
if err != nil {
fix: failed to update UR status (#6676) * reconcile failed URs Signed-off-by: ShutingZhao <shuting@nirmata.com> * - getting URs by client; - lose ur status update; Signed-off-by: ShutingZhao <shuting@nirmata.com> * retry if the trigger is in termination Signed-off-by: ShutingZhao <shuting@nirmata.com> * set retry limit to 3 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-27 16:44:12 +08:00
return ur, errors.Wrapf(err, "failed to fetch update request")
}
latest = ur.DeepCopy()
latest.Status.State = state
latest.Status.Message = message
if genResources != nil {
latest.Status.GeneratedResources = genResources
fix(generate): use JSON patch for GenerateRequests status updates (#3000) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>
2022-01-18 20:23:48 +05:30
}
fix: move ur controller filtering in reconciler (#3964) * fix: move ur controller filtering in reconciler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: mark ur retry on conflict Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: test data Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: add filter back in update ur handler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: added some logs about attempts and increased backoff Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: reconciliation logic Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: Test_Generate_Synchronize_Flag Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: small nits Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-19 18:06:56 +02:00
fix: failed to update UR status (#6676) * reconcile failed URs Signed-off-by: ShutingZhao <shuting@nirmata.com> * - getting URs by client; - lose ur status update; Signed-off-by: ShutingZhao <shuting@nirmata.com> * retry if the trigger is in termination Signed-off-by: ShutingZhao <shuting@nirmata.com> * set retry limit to 3 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-27 16:44:12 +08:00
new, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), latest, metav1.UpdateOptions{})
fix(generate): use JSON patch for GenerateRequests status updates (#3000) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>
2022-01-18 20:23:48 +05:30
if err != nil {
fix: failed to update UR status (#6676) * reconcile failed URs Signed-off-by: ShutingZhao <shuting@nirmata.com> * - getting URs by client; - lose ur status update; Signed-off-by: ShutingZhao <shuting@nirmata.com> * retry if the trigger is in termination Signed-off-by: ShutingZhao <shuting@nirmata.com> * set retry limit to 3 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-27 16:44:12 +08:00
return ur, errors.Wrapf(err, "failed to update ur status to %s", string(state))
fix(generate): use JSON patch for GenerateRequests status updates (#3000) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>
2022-01-18 20:23:48 +05:30
}
fix: failed to update UR status (#6676) * reconcile failed URs Signed-off-by: ShutingZhao <shuting@nirmata.com> * - getting URs by client; - lose ur status update; Signed-off-by: ShutingZhao <shuting@nirmata.com> * retry if the trigger is in termination Signed-off-by: ShutingZhao <shuting@nirmata.com> * set retry limit to 3 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-27 16:44:12 +08:00
logging.V(3).Info("updated update request status", "name", name, "status", string(state), "state", new.Status.State)
return ur, nil
fix(generate): use JSON patch for GenerateRequests status updates (#3000) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>
2022-01-18 20:23:48 +05:30
}
add labels to downstream and source resources (#6322) Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-02-22 18:49:09 +08:00
func PolicyKey(namespace, name string) string {
if namespace != "" {
return namespace + "/" + name
}
return name
}
fix: delete downstream for a generate rule removal, with data and sync (#6393) * remove policy handler for updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove policy update handler from the ur controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * rework cleanup downstream on policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix downstream deletion on data rule removal Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for clusterpolicy Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * add delays Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix name assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> * delete downstream when deletes the clone source Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-source Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-downstream Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-data-sync-modify-rule Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix labels Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy assertions Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix annotation missing names Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove dead code Signed-off-by: ShutingZhao <shuting@nirmata.com> * create unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * create more unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2023-03-01 11:48:18 +08:00
func ResourceSpecFromUnstructured(obj unstructured.Unstructured) kyvernov1.ResourceSpec {
return kyvernov1.ResourceSpec{
APIVersion: obj.GetAPIVersion(),
Kind: obj.GetKind(),
Namespace: obj.GetNamespace(),
Name: obj.GetName(),
}
}
fix: extend retry function to mutate rules (#8100) Uses the UpdateRetryAnnotation mechanism already implemented in generate rules for mutate rules. This fixes the issue that UpdateRequests keep existing indefinitely when the original trigger resource was deleted. Signed-off-by: Ströger Florian <stroeger@youniqx.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 14:24:57 +02:00
func increaseRetryAnnotation(ur *kyvernov1beta1.UpdateRequest) (int, map[string]string, error) {
urAnnotations := ur.Annotations
if len(urAnnotations) == 0 {
urAnnotations = map[string]string{
kyvernov1beta1.URGenerateRetryCountAnnotation: "1",
}
}
retry := 1
val, ok := urAnnotations[kyvernov1beta1.URGenerateRetryCountAnnotation]
if !ok {
urAnnotations[kyvernov1beta1.URGenerateRetryCountAnnotation] = "1"
} else {
retryUint, err := strconv.ParseUint(val, 10, 64)
if err != nil {
return retry, urAnnotations, fmt.Errorf("unable to convert retry-count %v: %w", val, err)
}
retry = int(retryUint)
retry += 1
incrementedRetryString := strconv.Itoa(retry)
urAnnotations[kyvernov1beta1.URGenerateRetryCountAnnotation] = incrementedRetryString
}
return retry, urAnnotations, nil
}
func UpdateRetryAnnotation(kyvernoClient versioned.Interface, ur *kyvernov1beta1.UpdateRequest) error {
retry, urAnnotations, err := increaseRetryAnnotation(ur)
if err != nil {
return err
}
if retry > 3 {
err = kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), ur.GetName(), metav1.DeleteOptions{})
if err != nil {
return errors.Wrapf(err, "exceeds retry limit, failed to delete the UR: %s, retry: %v, resourceVersion: %s", ur.Name, retry, ur.GetResourceVersion())
}
} else {
ur.SetAnnotations(urAnnotations)
_, err = kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Update(context.TODO(), ur, metav1.UpdateOptions{})
if err != nil {
return errors.Wrapf(err, "failed to update annotation in update request: %s for the resource, retry: %v, resourceVersion %s, annotations: %v", ur.Name, retry, ur.GetResourceVersion(), urAnnotations)
}
}
return nil
}
Copy permalink