mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-10 01:46:55 +00:00
Code Activity
kyverno/pkg/engine/mutate/patch/patchesUtils.go

66 lines
1.6 KiB
Go
Raw Normal View History

updates for foreach and mutate (#2891) * updates for foreach and mutate Signed-off-by: Jim Bugwadia <jim@nirmata.com> * allow tests to pass on Windows Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add elementIndex variable Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix jsonResult usage Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add mutate validation and fix error in validate.foreach Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * do not skip validation for all array entries when one is skipped Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add foreach tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix format errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused declarations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert namespaceWithLabelYaml Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix mutate of element list Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update CRDs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update api/kyverno/v1/policy_types.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/custom-functions/policy.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/foreach/policies.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * accept review comments and format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add comments to strategicMergePatch buffer Signed-off-by: Jim Bugwadia <jim@nirmata.com> * load context and evaluate preconditions foreach element Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test for foreach mutate context and precondition * precondition testcase * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Steven E. Harris <seh@panix.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-01-04 17:36:33 -08:00
package patch
Set mutating webhhok reinvocationPolicy to IfNeeded (#1097) * add watch policy to clusterrole kyverno:customresources * fix build * fix nil pointer * skip json patches if the mutation is re-invoked * set resource mutating webhook invocation policy to IfNeeded
2020-09-03 08:54:37 -07:00
import (
"strings"
feat: add support for subresources to validating and mutating policies (#4916) * feat: add support for subresources to validating and mutating policies Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add CLI test cases with subresources for validating policies Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Fix existing e2e tests for validating policies and remove tests migrated to kuttl Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for validating policies with subresources Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for mutating policies with subresources Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for validating policy by-pass by manipulating preconditions Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>
2022-12-09 22:15:23 +05:30
"github.com/kyverno/kyverno/pkg/utils/wildcard"
Remove unnecessary JSON patches; fixes strategicMergePatch for tolerations (#1478) * ignore certain paths when generates JSON patches Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove extra comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix https://github.com/kyverno/kyverno/issues/1339 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * resolve PR comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update comment Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-01-19 11:08:06 -08:00
"github.com/mattbaird/jsonpatch"
Set mutating webhhok reinvocationPolicy to IfNeeded (#1097) * add watch policy to clusterrole kyverno:customresources * fix build * fix nil pointer * skip json patches if the mutation is re-invoked * set resource mutating webhook invocation policy to IfNeeded
2020-09-03 08:54:37 -07:00
)
refactor: engine patchers (#7030) * refactor: engine patchers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-28 09:31:12 +02:00
func ConvertPatches(in ...jsonpatch.JsonPatchOperation) [][]byte {
var out [][]byte
for _, patch := range in {
if patch, err := patch.MarshalJSON(); err == nil {
out = append(out, patch)
Set mutating webhhok reinvocationPolicy to IfNeeded (#1097) * add watch policy to clusterrole kyverno:customresources * fix build * fix nil pointer * skip json patches if the mutation is re-invoked * set resource mutating webhook invocation policy to IfNeeded
2020-09-03 08:54:37 -07:00
}
}
refactor: engine patchers (#7030) * refactor: engine patchers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-28 09:31:12 +02:00
return out
}
Set mutating webhhok reinvocationPolicy to IfNeeded (#1097) * add watch policy to clusterrole kyverno:customresources * fix build * fix nil pointer * skip json patches if the mutation is re-invoked * set resource mutating webhook invocation policy to IfNeeded
2020-09-03 08:54:37 -07:00
refactor: engine patchers (#7030) * refactor: engine patchers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-28 09:31:12 +02:00
func generatePatches(src, dst []byte) ([]jsonpatch.JsonPatchOperation, error) {
if pp, err := jsonpatch.CreatePatch(src, dst); err != nil {
return nil, err
} else {
fix: replace mattbaird/jsonpatch with appscode/jsonpatch (#7401) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-03 14:08:58 +02:00
return filterInvalidPatches(pp), err
refactor: engine patchers (#7030) * refactor: engine patchers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-28 09:31:12 +02:00
}
Set mutating webhhok reinvocationPolicy to IfNeeded (#1097) * add watch policy to clusterrole kyverno:customresources * fix build * fix nil pointer * skip json patches if the mutation is re-invoked * set resource mutating webhook invocation policy to IfNeeded
2020-09-03 08:54:37 -07:00
}
Remove unnecessary JSON patches; fixes strategicMergePatch for tolerations (#1478) * ignore certain paths when generates JSON patches Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove extra comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix https://github.com/kyverno/kyverno/issues/1339 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * resolve PR comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update comment Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-01-19 11:08:06 -08:00
// filterInvalidPatches filters out patch with the following path:
// - not */metadata/name, */metadata/namespace, */metadata/labels, */metadata/annotations
// - /status
func filterInvalidPatches(patches []jsonpatch.JsonPatchOperation) []jsonpatch.JsonPatchOperation {
res := []jsonpatch.JsonPatchOperation{}
for _, patch := range patches {
if ignorePatch(patch.Path) {
continue
}
res = append(res, patch)
}
return res
}
func ignorePatch(path string) bool {
fix: fix mutating the "/metadata/serverAddress" section of a keda.s/v1alpha1/ScaledObject object (#5374) * fix: fix mutating the "/metadata/serverAddress" section of a keda.sh/v1alpha1/ScaledObject object Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com> * fix: update test policy Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com> Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com> Co-authored-by: shuting <shuting@nirmata.com>
2022-11-28 10:55:42 +01:00
if wildcard.Match("/spec/triggers/*/metadata/*", path) {
return false
}
Remove unnecessary JSON patches; fixes strategicMergePatch for tolerations (#1478) * ignore certain paths when generates JSON patches Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove extra comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix https://github.com/kyverno/kyverno/issues/1339 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * resolve PR comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update comment Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-01-19 11:08:06 -08:00
if wildcard.Match("*/metadata", path) {
return false
}
if strings.Contains(path, "/metadata") {
if !strings.Contains(path, "/metadata/name") &&
!strings.Contains(path, "/metadata/namespace") &&
!strings.Contains(path, "/metadata/annotations") &&
fix mutating ownerReferenecs (#3061) Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-01-24 13:20:27 +08:00
!strings.Contains(path, "/metadata/labels") &&
fix finalizers mutation with patchesJson6902 (#5132) * fix finalizers mutation with patchesJson6902 Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com>
2022-10-25 02:34:07 -04:00
!strings.Contains(path, "/metadata/ownerReferences") &&
fix generateName mutation (#5146)
2022-11-07 19:50:50 +05:30
!strings.Contains(path, "/metadata/generateName") &&
fix finalizers mutation with patchesJson6902 (#5132) * fix finalizers mutation with patchesJson6902 Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com>
2022-10-25 02:34:07 -04:00
!strings.Contains(path, "/metadata/finalizers") {
Remove unnecessary JSON patches; fixes strategicMergePatch for tolerations (#1478) * ignore certain paths when generates JSON patches Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove extra comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix https://github.com/kyverno/kyverno/issues/1339 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * resolve PR comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update comment Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-01-19 11:08:06 -08:00
return true
}
}
return false
}
Copy permalink