2023-02-08 14:19:56 +01:00
|
|
|
package store
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
|
|
|
|
|
"github.com/go-logr/logr"
|
|
|
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
2023-06-14 12:06:52 +02:00
|
|
|
"github.com/kyverno/kyverno/pkg/engine/adapters"
|
2023-02-08 14:19:56 +01:00
|
|
|
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
|
|
|
|
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
|
2023-04-13 13:29:40 +02:00
|
|
|
"github.com/kyverno/kyverno/pkg/engine/jmespath"
|
2023-02-08 14:19:56 +01:00
|
|
|
"github.com/kyverno/kyverno/pkg/logging"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func ContextLoaderFactory(
|
|
|
|
|
cmResolver engineapi.ConfigmapResolver,
|
|
|
|
|
) engineapi.ContextLoaderFactory {
|
|
|
|
|
return func(policy kyvernov1.PolicyInterface, rule kyvernov1.Rule) engineapi.ContextLoader {
|
|
|
|
|
inner := engineapi.DefaultContextLoaderFactory(cmResolver)
|
|
|
|
|
if IsMock() {
|
|
|
|
|
return &mockContextLoader{
|
|
|
|
|
logger: logging.WithName("MockContextLoaderFactory"),
|
|
|
|
|
policyName: policy.GetName(),
|
|
|
|
|
ruleName: rule.Name,
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return inner(policy, rule)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type mockContextLoader struct {
|
|
|
|
|
logger logr.Logger
|
|
|
|
|
policyName string
|
|
|
|
|
ruleName string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (l *mockContextLoader) Load(
|
|
|
|
|
ctx context.Context,
|
2023-04-13 13:29:40 +02:00
|
|
|
jp jmespath.Interface,
|
2023-06-12 18:03:17 +02:00
|
|
|
client engineapi.RawClient,
|
2023-06-14 12:06:52 +02:00
|
|
|
_ engineapi.ImageDataClient,
|
2023-02-08 14:19:56 +01:00
|
|
|
contextEntries []kyvernov1.ContextEntry,
|
|
|
|
|
jsonContext enginecontext.Interface,
|
|
|
|
|
) error {
|
|
|
|
|
rule := GetPolicyRule(l.policyName, l.ruleName)
|
|
|
|
|
if rule != nil && len(rule.Values) > 0 {
|
|
|
|
|
variables := rule.Values
|
|
|
|
|
for key, value := range variables {
|
|
|
|
|
if err := jsonContext.AddVariable(key, value); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
hasRegistryAccess := GetRegistryAccess()
|
|
|
|
|
// Context Variable should be loaded after the values loaded from values file
|
|
|
|
|
for _, entry := range contextEntries {
|
|
|
|
|
if entry.ImageRegistry != nil && hasRegistryAccess {
|
|
|
|
|
rclient := GetRegistryClient()
|
2023-06-14 12:06:52 +02:00
|
|
|
if err := engineapi.LoadImageData(ctx, jp, adapters.ImageDataClient(rclient), l.logger, entry, jsonContext); err != nil {
|
2023-02-08 14:19:56 +01:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
} else if entry.Variable != nil {
|
2023-04-13 13:29:40 +02:00
|
|
|
if err := engineapi.LoadVariable(l.logger, jp, entry, jsonContext); err != nil {
|
2023-02-08 14:19:56 +01:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
} else if entry.APICall != nil && IsApiCallAllowed() {
|
2023-04-13 13:29:40 +02:00
|
|
|
if err := engineapi.LoadAPIData(ctx, jp, l.logger, entry, jsonContext, client); err != nil {
|
2023-02-08 14:19:56 +01:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if rule != nil && len(rule.ForEachValues) > 0 {
|
|
|
|
|
for key, value := range rule.ForEachValues {
|
|
|
|
|
if err := jsonContext.AddVariable(key, value[GetForeachElement()]); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
