kyverno/cmd/internal/engine.go

package internal

import (
	"context"
	"errors"
	"time"

	"github.com/go-logr/logr"
	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
	kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions"
	"github.com/kyverno/kyverno/pkg/clients/dclient"
	"github.com/kyverno/kyverno/pkg/config"
	"github.com/kyverno/kyverno/pkg/engine"
	"github.com/kyverno/kyverno/pkg/engine/adapters"
	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
	"github.com/kyverno/kyverno/pkg/engine/context/resolvers"
	"github.com/kyverno/kyverno/pkg/engine/jmespath"
	"github.com/kyverno/kyverno/pkg/registryclient"
	"k8s.io/client-go/kubernetes"
)

func NewEngine(
	ctx context.Context,
	logger logr.Logger,
	configuration config.Configuration,
	metricsConfiguration config.MetricsConfiguration,
	jp jmespath.Interface,
	client dclient.Interface,
	rclient registryclient.Client,
	kubeClient kubernetes.Interface,
	kyvernoClient versioned.Interface,
) engineapi.Engine {
	configMapResolver := NewConfigMapResolver(ctx, logger, kubeClient, 15*time.Minute)
	exceptionsSelector := NewExceptionSelector(ctx, logger, kyvernoClient, 15*time.Minute)
	logger = logger.WithName("engine")
	logger.Info("setup engine...")
	return engine.NewEngine(
		configuration,
		metricsConfiguration,
		jp,
		adapters.Client(client),
		adapters.ImageDataClient(rclient),
		rclient,
		engineapi.DefaultContextLoaderFactory(configMapResolver),
		exceptionsSelector,
		imageSignatureRepository,
	)
}

func NewExceptionSelector(
	ctx context.Context,
	logger logr.Logger,
	kyvernoClient versioned.Interface,
	resyncPeriod time.Duration,
) engineapi.PolicyExceptionSelector {
	logger = logger.WithName("exception-selector").WithValues("enablePolicyException", enablePolicyException, "exceptionNamespace", exceptionNamespace)
	logger.Info("setup exception selector...")
	var exceptionsLister engineapi.PolicyExceptionSelector
	if enablePolicyException {
		factory := kyvernoinformer.NewSharedInformerFactory(kyvernoClient, resyncPeriod)
		lister := factory.Kyverno().V2alpha1().PolicyExceptions().Lister()
		if exceptionNamespace != "" {
			exceptionsLister = lister.PolicyExceptions(exceptionNamespace)
		} else {
			exceptionsLister = lister
		}
		// start informers and wait for cache sync
		if !StartInformersAndWaitForCacheSync(ctx, logger, factory) {
			checkError(logger, errors.New("failed to wait for cache sync"), "failed to wait for cache sync")
		}
	}
	return exceptionsLister
}

func NewConfigMapResolver(
	ctx context.Context,
	logger logr.Logger,
	kubeClient kubernetes.Interface,
	resyncPeriod time.Duration,
) engineapi.ConfigmapResolver {
	logger = logger.WithName("configmap-resolver").WithValues("enableConfigMapCaching", enableConfigMapCaching)
	logger.Info("setup config map resolver...")
	clientBasedResolver, err := resolvers.NewClientBasedResolver(kubeClient)
	checkError(logger, err, "failed to create client based resolver")
	if !enableConfigMapCaching {
		return clientBasedResolver
	}
	factory, err := resolvers.GetCacheInformerFactory(kubeClient, resyncPeriod)
	checkError(logger, err, "failed to create cache informer factory")
	informerBasedResolver, err := resolvers.NewInformerBasedResolver(factory.Core().V1().ConfigMaps().Lister())
	checkError(logger, err, "failed to create informer based resolver")
	configMapResolver, err := engineapi.NewNamespacedResourceResolver(informerBasedResolver, clientBasedResolver)
	checkError(logger, err, "failed to create config map resolver")
	// start informers and wait for cache sync
	if !StartInformersAndWaitForCacheSync(ctx, logger, factory) {
		checkError(logger, errors.New("failed to wait for cache sync"), "failed to wait for cache sync")
	}
	return configMapResolver
}
refactor: factorise engine creation (#6837) * refactor: factorise engine creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 09:12:05 +02:00			`package internal`

			`import (`
			`"context"`
			`"errors"`
			`"time"`

			`"github.com/go-logr/logr"`
			`"github.com/kyverno/kyverno/pkg/client/clientset/versioned"`
			`kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions"`
			`"github.com/kyverno/kyverno/pkg/clients/dclient"`
			`"github.com/kyverno/kyverno/pkg/config"`
			`"github.com/kyverno/kyverno/pkg/engine"`
refactor: introduce abstract client interface in engine (#7377) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-06-10 11:20:34 +02:00			`"github.com/kyverno/kyverno/pkg/engine/adapters"`
refactor: factorise engine creation (#6837) * refactor: factorise engine creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 09:12:05 +02:00			`engineapi "github.com/kyverno/kyverno/pkg/engine/api"`
			`"github.com/kyverno/kyverno/pkg/engine/context/resolvers"`
refactor: introduce jmespath interface (#6882) * refactor: introduce jmespath interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-13 13:29:40 +02:00			`"github.com/kyverno/kyverno/pkg/engine/jmespath"`
refactor: factorise engine creation (#6837) * refactor: factorise engine creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 09:12:05 +02:00			`"github.com/kyverno/kyverno/pkg/registryclient"`
			`"k8s.io/client-go/kubernetes"`
			`)`

			`func NewEngine(`
			`ctx context.Context,`
			`logger logr.Logger,`
			`configuration config.Configuration,`
			`metricsConfiguration config.MetricsConfiguration,`
refactor: introduce jmespath interface (#6882) * refactor: introduce jmespath interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-13 13:29:40 +02:00			`jp jmespath.Interface,`
refactor: factorise engine creation (#6837) * refactor: factorise engine creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 09:12:05 +02:00			`client dclient.Interface,`
			`rclient registryclient.Client,`
			`kubeClient kubernetes.Interface,`
			`kyvernoClient versioned.Interface,`
			`) engineapi.Engine {`
			`configMapResolver := NewConfigMapResolver(ctx, logger, kubeClient, 15*time.Minute)`
			`exceptionsSelector := NewExceptionSelector(ctx, logger, kyvernoClient, 15*time.Minute)`
refactor: configuration config map controller (#6829) * refactor: configuration config map controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 14:05:20 +02:00			`logger = logger.WithName("engine")`
			`logger.Info("setup engine...")`
refactor: factorise engine creation (#6837) * refactor: factorise engine creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 09:12:05 +02:00			`return engine.NewEngine(`
			`configuration,`
			`metricsConfiguration,`
refactor: introduce jmespath interface (#6882) * refactor: introduce jmespath interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-13 13:29:40 +02:00			`jp,`
refactor: introduce abstract client interface in engine (#7377) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-06-10 11:20:34 +02:00			`adapters.Client(client),`
refactor: introduce engine image data client interface (#7529) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-06-14 12:06:52 +02:00			`adapters.ImageDataClient(rclient),`
refactor: factorise engine creation (#6837) * refactor: factorise engine creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 09:12:05 +02:00			`rclient,`
			`engineapi.DefaultContextLoaderFactory(configMapResolver),`
			`exceptionsSelector,`
fix: cosign global var (#7397) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-06-02 14:18:10 +02:00			`imageSignatureRepository,`
refactor: factorise engine creation (#6837) * refactor: factorise engine creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 09:12:05 +02:00			`)`
			`}`

			`func NewExceptionSelector(`
			`ctx context.Context,`
			`logger logr.Logger,`
			`kyvernoClient versioned.Interface,`
			`resyncPeriod time.Duration,`
			`) engineapi.PolicyExceptionSelector {`
			`logger = logger.WithName("exception-selector").WithValues("enablePolicyException", enablePolicyException, "exceptionNamespace", exceptionNamespace)`
refactor: configuration config map controller (#6829) * refactor: configuration config map controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 14:05:20 +02:00			`logger.Info("setup exception selector...")`
refactor: factorise engine creation (#6837) * refactor: factorise engine creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 09:12:05 +02:00			`var exceptionsLister engineapi.PolicyExceptionSelector`
			`if enablePolicyException {`
			`factory := kyvernoinformer.NewSharedInformerFactory(kyvernoClient, resyncPeriod)`
			`lister := factory.Kyverno().V2alpha1().PolicyExceptions().Lister()`
			`if exceptionNamespace != "" {`
			`exceptionsLister = lister.PolicyExceptions(exceptionNamespace)`
			`} else {`
			`exceptionsLister = lister`
			`}`
			`// start informers and wait for cache sync`
			`if !StartInformersAndWaitForCacheSync(ctx, logger, factory) {`
			`checkError(logger, errors.New("failed to wait for cache sync"), "failed to wait for cache sync")`
			`}`
			`}`
			`return exceptionsLister`
			`}`

			`func NewConfigMapResolver(`
			`ctx context.Context,`
			`logger logr.Logger,`
			`kubeClient kubernetes.Interface,`
			`resyncPeriod time.Duration,`
			`) engineapi.ConfigmapResolver {`
			`logger = logger.WithName("configmap-resolver").WithValues("enableConfigMapCaching", enableConfigMapCaching)`
refactor: configuration config map controller (#6829) * refactor: configuration config map controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 14:05:20 +02:00			`logger.Info("setup config map resolver...")`
refactor: factorise engine creation (#6837) * refactor: factorise engine creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-11 09:12:05 +02:00			`clientBasedResolver, err := resolvers.NewClientBasedResolver(kubeClient)`
			`checkError(logger, err, "failed to create client based resolver")`
			`if !enableConfigMapCaching {`
			`return clientBasedResolver`
			`}`
			`factory, err := resolvers.GetCacheInformerFactory(kubeClient, resyncPeriod)`
			`checkError(logger, err, "failed to create cache informer factory")`
			`informerBasedResolver, err := resolvers.NewInformerBasedResolver(factory.Core().V1().ConfigMaps().Lister())`
			`checkError(logger, err, "failed to create informer based resolver")`
			`configMapResolver, err := engineapi.NewNamespacedResourceResolver(informerBasedResolver, clientBasedResolver)`
			`checkError(logger, err, "failed to create config map resolver")`
			`// start informers and wait for cache sync`
			`if !StartInformersAndWaitForCacheSync(ctx, logger, factory) {`
			`checkError(logger, errors.New("failed to wait for cache sync"), "failed to wait for cache sync")`
			`}`
			`return configMapResolver`
			`}`