kyverno/pkg/utils/conditions/condition.go

package conditions

import (
	"fmt"

	"github.com/go-logr/logr"
	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
	kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
	enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
	"github.com/kyverno/kyverno/pkg/engine/variables"
	"github.com/kyverno/kyverno/pkg/engine/variables/operator"
)

func CheckAnyAllConditions(logger logr.Logger, ctx enginecontext.Interface, condition kyvernov2.AnyAllConditions) (bool, error) {
	for _, condition := range condition.AllConditions {
		if passed, err := checkCondition(logger, ctx, condition); err != nil {
			return false, err
		} else if !passed {
			return false, nil
		}
	}
	for _, condition := range condition.AnyConditions {
		if passed, err := checkCondition(logger, ctx, condition); err != nil {
			return false, err
		} else if passed {
			return true, nil
		}
	}
	return len(condition.AnyConditions) == 0, nil
}

func checkCondition(logger logr.Logger, ctx enginecontext.Interface, condition kyvernov2.Condition) (bool, error) {
	key, err := variables.SubstituteAllInPreconditions(logger, ctx, condition.GetKey())
	if err != nil {
		return false, fmt.Errorf("failed to substitute variables in condition key: %w", err)
	}
	value, err := variables.SubstituteAllInPreconditions(logger, ctx, condition.GetValue())
	if err != nil {
		return false, fmt.Errorf("failed to substitute variables in condition value: %w", err)
	}
	handler := operator.CreateOperatorHandler(logger, ctx, kyvernov1.ConditionOperator(condition.Operator))
	if handler == nil {
		return false, fmt.Errorf("failed to create handler for condition operator: %w", err)
	}
	return handler.Evaluate(key, value), nil
}
feat: support conditions in PolicyException (#8577) * feat: support conditions in PolicyException Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix matchesException func Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * add codegen-all files Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix after review Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * remove variable validation from PolicyException Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix after review Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * add kuttl tests Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * remove ValidateVariables() from tests Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix errors Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * remove check-variables kuttl test Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix after review Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * add sleep step to kuttl Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> * miinor fix Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> * add readme for kuttl test Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> --------- Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-10-24 16:15:52 +05:30			`package conditions`
feat: add conditions matching to cleanup controller (#5626) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-12-09 11:24:04 +01:00
			`import (`
Remove dependency on github.com/pkg/errors (#6165) Signed-off-by: Fish-pro <zechun.chen@daocloud.io> 2023-02-01 14:38:04 +08:00			`"fmt"`

feat: add conditions matching to cleanup controller (#5626) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-12-09 11:24:04 +01:00			`"github.com/go-logr/logr"`
			`kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"`
feat: remove kyverno client v2beta1 (#10543) * feat: remove kyverno client v2beta1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-06-26 10:48:32 +02:00			`kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"`
feat: add conditions matching to cleanup controller (#5626) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-12-09 11:24:04 +01:00			`enginecontext "github.com/kyverno/kyverno/pkg/engine/context"`
			`"github.com/kyverno/kyverno/pkg/engine/variables"`
			`"github.com/kyverno/kyverno/pkg/engine/variables/operator"`
			`)`

feat: remove kyverno client v2beta1 (#10543) * feat: remove kyverno client v2beta1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-06-26 10:48:32 +02:00			`func CheckAnyAllConditions(logger logr.Logger, ctx enginecontext.Interface, condition kyvernov2.AnyAllConditions) (bool, error) {`
feat: add conditions matching to cleanup controller (#5626) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-12-09 11:24:04 +01:00			`for _, condition := range condition.AllConditions {`
			`if passed, err := checkCondition(logger, ctx, condition); err != nil {`
			`return false, err`
			`} else if !passed {`
			`return false, nil`
			`}`
			`}`
			`for _, condition := range condition.AnyConditions {`
			`if passed, err := checkCondition(logger, ctx, condition); err != nil {`
			`return false, err`
			`} else if passed {`
			`return true, nil`
			`}`
			`}`
feat: add metrics service and service monitor to cleanup controller (#5653) * feat: add metrics service and service monitor to cleanup controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more config Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * name and certs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: conditions check Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * leader election Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * workflows Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2022-12-12 19:39:29 +01:00			`return len(condition.AnyConditions) == 0, nil`
feat: add conditions matching to cleanup controller (#5626) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-12-09 11:24:04 +01:00			`}`

feat: remove kyverno client v2beta1 (#10543) * feat: remove kyverno client v2beta1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-06-26 10:48:32 +02:00			`func checkCondition(logger logr.Logger, ctx enginecontext.Interface, condition kyvernov2.Condition) (bool, error) {`
feat: add conditions matching to cleanup controller (#5626) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-12-09 11:24:04 +01:00			`key, err := variables.SubstituteAllInPreconditions(logger, ctx, condition.GetKey())`
			`if err != nil {`
Remove dependency on github.com/pkg/errors (#6165) Signed-off-by: Fish-pro <zechun.chen@daocloud.io> 2023-02-01 14:38:04 +08:00			`return false, fmt.Errorf("failed to substitute variables in condition key: %w", err)`
feat: add conditions matching to cleanup controller (#5626) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-12-09 11:24:04 +01:00			`}`
			`value, err := variables.SubstituteAllInPreconditions(logger, ctx, condition.GetValue())`
			`if err != nil {`
Remove dependency on github.com/pkg/errors (#6165) Signed-off-by: Fish-pro <zechun.chen@daocloud.io> 2023-02-01 14:38:04 +08:00			`return false, fmt.Errorf("failed to substitute variables in condition value: %w", err)`
feat: add conditions matching to cleanup controller (#5626) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-12-09 11:24:04 +01:00			`}`
			`handler := operator.CreateOperatorHandler(logger, ctx, kyvernov1.ConditionOperator(condition.Operator))`
			`if handler == nil {`
Remove dependency on github.com/pkg/errors (#6165) Signed-off-by: Fish-pro <zechun.chen@daocloud.io> 2023-02-01 14:38:04 +08:00			`return false, fmt.Errorf("failed to create handler for condition operator: %w", err)`
feat: add conditions matching to cleanup controller (#5626) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-12-09 11:24:04 +01:00			`}`
			`return handler.Evaluate(key, value), nil`
			`}`