kyverno/pkg/engine/policyContext.go

package engine

import (
	kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
	client "github.com/kyverno/kyverno/pkg/dclient"
	"github.com/kyverno/kyverno/pkg/engine/context"
	"github.com/kyverno/kyverno/pkg/resourcecache"
	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)

// PolicyContext contains the contexts for engine to process
type PolicyContext struct {

	// Policy is the policy to be processed
	Policy kyverno.ClusterPolicy

	// NewResource is the resource to be processed
	NewResource unstructured.Unstructured

	// OldResource is the prior resource for an update, or nil
	OldResource unstructured.Unstructured

	// Element is set when the context is used for processing a foreach loop
	Element unstructured.Unstructured

	// AdmissionInfo contains the admission request information
	AdmissionInfo kyverno.RequestInfo

	// Dynamic client - used by generate
	Client *client.Client

	// Config handler
	ExcludeGroupRole []string

	ExcludeResourceFunc func(kind, namespace, name string) bool

	// ResourceCache provides listers to resources. Currently Supports Configmap
	ResourceCache resourcecache.ResourceCache

	// JSONContext is the variable context
	JSONContext *context.Context

	// NamespaceLabels stores the label of namespace to be processed by namespace selector
	NamespaceLabels map[string]string
}

func (pc *PolicyContext) Copy() *PolicyContext {
	return &PolicyContext{
		Policy:              pc.Policy,
		NewResource:         pc.NewResource,
		OldResource:         pc.OldResource,
		AdmissionInfo:       pc.AdmissionInfo,
		Client:              pc.Client,
		ExcludeGroupRole:    pc.ExcludeGroupRole,
		ExcludeResourceFunc: pc.ExcludeResourceFunc,
		ResourceCache:       pc.ResourceCache,
		JSONContext:         pc.JSONContext,
		NamespaceLabels:     pc.NamespaceLabels,
	}
}
change engine interface to take policyContext struct 2019-11-08 18:57:27 -08:00			`package engine`

			`import (`
update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00			`kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"`
			`client "github.com/kyverno/kyverno/pkg/dclient"`
			`"github.com/kyverno/kyverno/pkg/engine/context"`
			`"github.com/kyverno/kyverno/pkg/resourcecache"`
change engine interface to take policyContext struct 2019-11-08 18:57:27 -08:00			`"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"`
			`)`

			`// PolicyContext contains the contexts for engine to process`
			`type PolicyContext struct {`
filter resources excluded in config (#1404) 2020-12-16 12:29:16 -08:00
			`// Policy is the policy to be processed`
change engine interface to take policyContext struct 2019-11-08 18:57:27 -08:00			`Policy kyverno.ClusterPolicy`
filter resources excluded in config (#1404) 2020-12-16 12:29:16 -08:00
			`// NewResource is the resource to be processed`
skip validation if the resource updates dont violate policy rules (#477) 2019-11-13 13:13:07 -08:00			`NewResource unstructured.Unstructured`
filter resources excluded in config (#1404) 2020-12-16 12:29:16 -08:00
			`// OldResource is the prior resource for an update, or nil`
			`OldResource unstructured.Unstructured`

add validation; add 'element' to context Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-02 16:53:02 -07:00			`// Element is set when the context is used for processing a foreach loop`
			`Element unstructured.Unstructured`

filter resources excluded in config (#1404) 2020-12-16 12:29:16 -08:00			`// AdmissionInfo contains the admission request information`
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs 2020-01-07 10:33:28 -08:00			`AdmissionInfo kyverno.RequestInfo`
filter resources excluded in config (#1404) 2020-12-16 12:29:16 -08:00
use PolicyContext with engine.Generate (#483) 2019-11-13 15:46:43 -08:00			`// Dynamic client - used by generate`
			`Client *client.Client`
filter resources excluded in config (#1404) 2020-12-16 12:29:16 -08:00
configrable rules added (#1017) * configrable rules added * fix exclude group logic from code * flag added in yaml * exclude username added * exclude username added * config interface implimented * configure exclude username * get role ref * test case fixed * panic fix * move from interface to slice * exclude added in mutate * trim strings * configmap changes added * kustomize changes for configmap * k8s resources added 2020-08-07 17:09:24 -07:00			`// Config handler`
			`ExcludeGroupRole []string`
Feature/configmaps var 724 (#1118) * added configmap data substitution for foreground mutate and validate * added configmap data substitution for foreground mutate and validate fmt * added configmap lookup for background * added comments to resource cache * added configmap data lookup in preConditions * added parse strings in In operator and configmap lookup docs * added configmap lookup docs * modified configmap lookup docs 2020-09-23 02:41:49 +05:30
filter resources excluded in config (#1404) 2020-12-16 12:29:16 -08:00			`ExcludeResourceFunc func(kind, namespace, name string) bool`

			`// ResourceCache provides listers to resources. Currently Supports Configmap`
Refactor resourceCache; Reduce throttling requests (background controller) (#1500) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix bug - namespace is not returned properly Signed-off-by: Shuting Zhao <shutting06@gmail.com> * reduce throttling - list resource using lister * refactor resource cache * fix test Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix label selector Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix build failure Signed-off-by: Shuting Zhao <shutting06@gmail.com> 2021-01-29 17:38:23 -08:00			`ResourceCache resourcecache.ResourceCache`
filter resources excluded in config (#1404) 2020-12-16 12:29:16 -08:00
			`// JSONContext is the variable context`
Feature/configmaps var 724 (#1118) * added configmap data substitution for foreground mutate and validate * added configmap data substitution for foreground mutate and validate fmt * added configmap lookup for background * added comments to resource cache * added configmap data lookup in preConditions * added parse strings in In operator and configmap lookup docs * added configmap lookup docs * modified configmap lookup docs 2020-09-23 02:41:49 +05:30			`JSONContext *context.Context`
namespace selector (#1532) * updated crd with namespace selector Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logic for validate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added condition in utils for namespace labels Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added function for extracting namespace label using lister Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logic for generate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added lister in generate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * commented generate controller changes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns lister Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in apply.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in generation.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in mutation.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label for validation Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * using dynaminc informer Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> 2021-02-04 02:39:42 +05:30
			`// NamespaceLabels stores the label of namespace to be processed by namespace selector`
			`NamespaceLabels map[string]string`
change engine interface to take policyContext struct 2019-11-08 18:57:27 -08:00			`}`
fix deny rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-09-27 14:28:55 -07:00
			`func (pc PolicyContext) Copy() PolicyContext {`
			`return &PolicyContext{`
fix deny check and fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-09-27 23:40:05 -07:00			`Policy: pc.Policy,`
			`NewResource: pc.NewResource,`
			`OldResource: pc.OldResource,`
			`AdmissionInfo: pc.AdmissionInfo,`
			`Client: pc.Client,`
			`ExcludeGroupRole: pc.ExcludeGroupRole,`
fix deny rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-09-27 14:28:55 -07:00			`ExcludeResourceFunc: pc.ExcludeResourceFunc,`
fix deny check and fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-09-27 23:40:05 -07:00			`ResourceCache: pc.ResourceCache,`
			`JSONContext: pc.JSONContext,`
			`NamespaceLabels: pc.NamespaceLabels,`
fix deny rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-09-27 14:28:55 -07:00			`}`
fix deny check and fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-09-27 23:40:05 -07:00			`}`