kyverno/pkg/validatingadmissionpolicy/api.go

package validatingadmissionpolicy

import (
	"context"

	"github.com/kyverno/kyverno/pkg/clients/dclient"
	"k8s.io/api/admissionregistration/v1alpha1"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/labels"
	corev1listers "k8s.io/client-go/listers/core/v1"
)

// Everything someone might need to validate a single ValidatingPolicyDefinition
// against all of its registered bindings.
type PolicyData struct {
	definition v1alpha1.ValidatingAdmissionPolicy
	bindings   []v1alpha1.ValidatingAdmissionPolicyBinding
}

func (p *PolicyData) AddBinding(binding v1alpha1.ValidatingAdmissionPolicyBinding) {
	p.bindings = append(p.bindings, binding)
}

func (p *PolicyData) GetDefinition() v1alpha1.ValidatingAdmissionPolicy {
	return p.definition
}

func (p *PolicyData) GetBindings() []v1alpha1.ValidatingAdmissionPolicyBinding {
	return p.bindings
}

func NewPolicyData(policy v1alpha1.ValidatingAdmissionPolicy) PolicyData {
	return PolicyData{
		definition: policy,
	}
}

type CustomNamespaceLister struct {
	dClient dclient.Interface
}

func (c *CustomNamespaceLister) List(selector labels.Selector) (ret []*corev1.Namespace, err error) {
	var namespaces []*corev1.Namespace
	namespace, err := c.dClient.GetKubeClient().CoreV1().Namespaces().List(context.Background(), metav1.ListOptions{})
	if err != nil {
		return nil, err
	}
	for _, ns := range namespace.Items {
		nsCopy := ns
		namespaces = append(namespaces, &nsCopy)
	}
	return namespaces, nil
}

func (c *CustomNamespaceLister) Get(name string) (*corev1.Namespace, error) {
	namespace, err := c.dClient.GetKubeClient().CoreV1().Namespaces().Get(context.Background(), name, metav1.GetOptions{})
	if err != nil {
		return nil, err
	}
	return namespace, nil
}

func NewCustomNamespaceLister(dClient dclient.Interface) corev1listers.NamespaceLister {
	return &CustomNamespaceLister{
		dClient: dClient,
	}
}
feat: support validatingadmissionpolicybindings in CLI apply command (#9468) * feat: support validatingadmissionpolicybindings in CLI apply command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix linter issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-01-23 13:47:38 +02:00			`package validatingadmissionpolicy`

			`import (`
			`"context"`

			`"github.com/kyverno/kyverno/pkg/clients/dclient"`
			`"k8s.io/api/admissionregistration/v1alpha1"`
			`corev1 "k8s.io/api/core/v1"`
			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
			`"k8s.io/apimachinery/pkg/labels"`
			`corev1listers "k8s.io/client-go/listers/core/v1"`
			`)`

			`// Everything someone might need to validate a single ValidatingPolicyDefinition`
			`// against all of its registered bindings.`
			`type PolicyData struct {`
			`definition v1alpha1.ValidatingAdmissionPolicy`
			`bindings []v1alpha1.ValidatingAdmissionPolicyBinding`
			`}`

			`func (p *PolicyData) AddBinding(binding v1alpha1.ValidatingAdmissionPolicyBinding) {`
			`p.bindings = append(p.bindings, binding)`
			`}`

			`func (p *PolicyData) GetDefinition() v1alpha1.ValidatingAdmissionPolicy {`
			`return p.definition`
			`}`

			`func (p *PolicyData) GetBindings() []v1alpha1.ValidatingAdmissionPolicyBinding {`
			`return p.bindings`
			`}`

			`func NewPolicyData(policy v1alpha1.ValidatingAdmissionPolicy) PolicyData {`
			`return PolicyData{`
			`definition: policy,`
			`}`
			`}`

			`type CustomNamespaceLister struct {`
			`dClient dclient.Interface`
			`}`

			`func (c CustomNamespaceLister) List(selector labels.Selector) (ret []corev1.Namespace, err error) {`
			`var namespaces []*corev1.Namespace`
			`namespace, err := c.dClient.GetKubeClient().CoreV1().Namespaces().List(context.Background(), metav1.ListOptions{})`
			`if err != nil {`
			`return nil, err`
			`}`
			`for _, ns := range namespace.Items {`
			`nsCopy := ns`
			`namespaces = append(namespaces, &nsCopy)`
			`}`
			`return namespaces, nil`
			`}`

			`func (c CustomNamespaceLister) Get(name string) (corev1.Namespace, error) {`
			`namespace, err := c.dClient.GetKubeClient().CoreV1().Namespaces().Get(context.Background(), name, metav1.GetOptions{})`
			`if err != nil {`
			`return nil, err`
			`}`
			`return namespace, nil`
			`}`

			`func NewCustomNamespaceLister(dClient dclient.Interface) corev1listers.NamespaceLister {`
			`return &CustomNamespaceLister{`
			`dClient: dClient,`
			`}`
			`}`