kyverno/pkg/engine/mutation.go

package engine

import (
	"log"

	kubepolicy "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
	"github.com/nirmata/kyverno/pkg/engine/mutation"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// Mutate performs mutation. Overlay first and then mutation patches
// TODO: return events and violations
func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) ([]mutation.PatchBytes, []byte) {
	var policyPatches []mutation.PatchBytes
	var processedPatches []mutation.PatchBytes
	var err error
	patchedDocument := rawResource

	for _, rule := range policy.Spec.Rules {
		if rule.Mutation == nil {
			continue
		}

		ok := ResourceMeetsDescription(rawResource, rule.ResourceDescription, gvk)
		if !ok {
			log.Printf("Rule \"%s\" is not applicable to resource\n", rule.Name)
			continue
		}

		// Process Overlay

		if rule.Mutation.Overlay != nil {
			overlayPatches, err := mutation.ProcessOverlay(rule.Mutation.Overlay, rawResource)
			if err != nil {
				log.Printf("Overlay application has failed for rule %s in policy %s, err: %v\n", rule.Name, policy.ObjectMeta.Name, err)
			} else {
				policyPatches = append(policyPatches, overlayPatches...)
			}
		}

		// Process Patches

		if rule.Mutation.Patches != nil {
			processedPatches, patchedDocument, err = mutation.ProcessPatches(rule.Mutation.Patches, patchedDocument)
			if err != nil {
				log.Printf("Patches application has failed for rule %s in policy %s, err: %v\n", rule.Name, policy.ObjectMeta.Name, err)
			} else {
				policyPatches = append(policyPatches, processedPatches...)
			}
		}
	}

	return policyPatches, patchedDocument
}
Resolve PR 27 2019-05-13 18:17:28 -07:00			`package engine`
Add PolicyEngine 2019-05-09 22:26:22 -07:00
			`import (`
initial commit, remove kubeclient from policy engine 2019-05-14 11:24:40 -07:00			`"log"`

rename pkg to kyverno 2019-05-21 11:00:09 -07:00			`kubepolicy "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"`
			`"github.com/nirmata/kyverno/pkg/engine/mutation"`
Fixed issue with absent kind in resource raw data in PolicyEngine 2019-05-14 19:40:17 +03:00			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`)`

Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`// Mutate performs mutation. Overlay first and then mutation patches`
Implement Generate() 2019-05-14 18:20:41 -07:00			`// TODO: return events and violations`
Support Mutate from command line 2019-05-20 13:02:55 -07:00			`func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) ([]mutation.PatchBytes, []byte) {`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`var policyPatches []mutation.PatchBytes`
Support Mutate from command line 2019-05-20 13:02:55 -07:00			`var processedPatches []mutation.PatchBytes`
- handle operation remove case: if path does not exist - remove duplicate log - support validate in CLI 2019-05-20 15:14:01 -07:00			`var err error`
Support Mutate from command line 2019-05-20 13:02:55 -07:00			`patchedDocument := rawResource`
Add PolicyEngine 2019-05-09 22:26:22 -07:00
Fixed issue with validation error messages 2019-05-20 14:48:38 +03:00			`for _, rule := range policy.Spec.Rules {`
			`if rule.Mutation == nil {`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`continue`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`}`

Fixed issue with validation error messages 2019-05-20 14:48:38 +03:00			`ok := ResourceMeetsDescription(rawResource, rule.ResourceDescription, gvk)`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`if !ok {`
Fixed issue with validation error messages 2019-05-20 14:48:38 +03:00			`log.Printf("Rule \"%s\" is not applicable to resource\n", rule.Name)`
Implemented Validation Pattern base. Updated Webhooks registration logic. Updated project for using TLS package 2019-05-14 18:10:25 +03:00			`continue`
			`}`

Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`// Process Overlay`
Add PolicyEngine 2019-05-09 22:26:22 -07:00
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`if rule.Mutation.Overlay != nil {`
			`overlayPatches, err := mutation.ProcessOverlay(rule.Mutation.Overlay, rawResource)`
			`if err != nil {`
Fixed issue with validation error messages 2019-05-20 14:48:38 +03:00			`log.Printf("Overlay application has failed for rule %s in policy %s, err: %v\n", rule.Name, policy.ObjectMeta.Name, err)`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`} else {`
			`policyPatches = append(policyPatches, overlayPatches...)`
			`}`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`}`

Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`// Process Patches`
Add PolicyEngine 2019-05-09 22:26:22 -07:00
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`if rule.Mutation.Patches != nil {`
Support Mutate from command line 2019-05-20 13:02:55 -07:00			`processedPatches, patchedDocument, err = mutation.ProcessPatches(rule.Mutation.Patches, patchedDocument)`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`if err != nil {`
Fixed issue with validation error messages 2019-05-20 14:48:38 +03:00			`log.Printf("Patches application has failed for rule %s in policy %s, err: %v\n", rule.Name, policy.ObjectMeta.Name, err)`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`} else {`
			`policyPatches = append(policyPatches, processedPatches...)`
			`}`
			`}`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`}`

Support Mutate from command line 2019-05-20 13:02:55 -07:00			`return policyPatches, patchedDocument`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`}`