kyverno/pkg/engine/context/loaders/globalcontext.go

package loaders

import (
	"context"
	"encoding/json"
	"fmt"
	"strings"

	"github.com/go-logr/logr"
	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
	enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
	"github.com/kyverno/kyverno/pkg/engine/jmespath"
	"github.com/kyverno/kyverno/pkg/engine/variables"
	"github.com/kyverno/kyverno/pkg/globalcontext/store"
)

type Store interface {
	Get(key string) (store.Entry, bool)
}

type gctxLoader struct {
	ctx       context.Context //nolint:containedctx
	logger    logr.Logger
	entry     kyvernov1.ContextEntry
	enginectx enginecontext.Interface
	jp        jmespath.Interface
	gctxStore Store
	data      []byte
}

func NewGCTXLoader(
	ctx context.Context,
	logger logr.Logger,
	entry kyvernov1.ContextEntry,
	enginectx enginecontext.Interface,
	jp jmespath.Interface,
	gctxStore Store,
) enginecontext.Loader {
	return &gctxLoader{
		ctx:       ctx,
		logger:    logger,
		entry:     entry,
		enginectx: enginectx,
		jp:        jp,
		gctxStore: gctxStore,
	}
}

func (g *gctxLoader) HasLoaded() bool {
	return false
}

func (g *gctxLoader) LoadData() error {
	contextData, err := g.loadGctxData()
	if err != nil {
		g.logger.Error(err, "failed to marshal APICall data for context entry")
		return fmt.Errorf("failed to marshal APICall data for context entry %s: %w", g.entry.Name, err)
	}

	err = g.enginectx.AddContextEntry(g.entry.Name, contextData)
	if err != nil {
		g.logger.Error(err, "failed to add resource cache results for context entry")
		return fmt.Errorf("failed to add resource cache results for context entry %s: %w", g.entry.Name, err)
	}

	g.logger.V(6).Info("added context data", "name", g.entry.Name, "contextData", contextData)
	g.data = contextData
	return nil
}

func (g *gctxLoader) loadGctxData() ([]byte, error) {
	var data interface{}
	var err error
	if g.entry.GlobalReference == nil {
		g.logger.Error(err, "context entry does not have resource cache")
		return nil, fmt.Errorf("resource cache not found")
	}
	rc, err := variables.SubstituteAllInType(g.logger, g.enginectx, g.entry.GlobalReference)
	if err != nil {
		return nil, err
	}
	g.logger.V(6).Info("variables substituted", "resourcecache", rc)

	names := strings.Split(rc.Name, ".")
	if len(names) < 1 {
		err := fmt.Errorf("invalid resource cache name %s", rc.Name)
		g.logger.Error(err, "")
		return nil, err
	}

	gctxName := names[0]
	projectionName := ""
	if len(names) > 1 {
		projectionName = names[1]
	}

	storeEntry, ok := g.gctxStore.Get(gctxName)
	if !ok {
		err := fmt.Errorf("failed to fetch entry key=%s", gctxName)
		g.logger.Error(err, "")
		return nil, err
	}
	data, err = storeEntry.Get(projectionName)
	if err != nil {
		g.logger.Error(err, "failed to fetch data from entry")
		return nil, err
	}

	if rc.JMESPath == "" {
		jsonData, err := json.Marshal(data)
		if err != nil {
			return nil, err
		}
		return jsonData, nil
	}

	results, err := g.jp.Search(rc.JMESPath, data)
	if err != nil {
		g.logger.Error(err, "failed to apply JMESPath for context entry")
		return nil, fmt.Errorf("failed to apply JMESPath %s for context entry %s: %w", rc.JMESPath, g.entry.Name, err)
	}
	g.logger.V(6).Info("applied jmespath expression", "name", g.entry.Name, "results", results)

	return json.Marshal(results)
}
feat: add globalcontext loader and interface (#9602) * feat(globalcontext): add interface Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): package import path Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(globalcontext): create specific Store Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-02-05 13:24:37 +02:00			`package loaders`

			`import (`
			`"context"`
			`"encoding/json"`
			`"fmt"`
feat(gctx): add jmespath caching through projections (#11833) feat(gctx): move ready check to runtime Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-18 17:51:14 +02:00			`"strings"`
feat: add globalcontext loader and interface (#9602) * feat(globalcontext): add interface Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): package import path Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(globalcontext): create specific Store Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-02-05 13:24:37 +02:00
			`"github.com/go-logr/logr"`
			`kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"`
			`enginecontext "github.com/kyverno/kyverno/pkg/engine/context"`
			`"github.com/kyverno/kyverno/pkg/engine/jmespath"`
			`"github.com/kyverno/kyverno/pkg/engine/variables"`
			`"github.com/kyverno/kyverno/pkg/globalcontext/store"`
			`)`

			`type Store interface {`
			`Get(key string) (store.Entry, bool)`
			`}`

			`type gctxLoader struct {`
			`ctx context.Context //nolint:containedctx`
			`logger logr.Logger`
			`entry kyvernov1.ContextEntry`
			`enginectx enginecontext.Interface`
			`jp jmespath.Interface`
			`gctxStore Store`
			`data []byte`
			`}`

			`func NewGCTXLoader(`
			`ctx context.Context,`
			`logger logr.Logger,`
			`entry kyvernov1.ContextEntry,`
			`enginectx enginecontext.Interface,`
			`jp jmespath.Interface,`
			`gctxStore Store,`
			`) enginecontext.Loader {`
			`return &gctxLoader{`
			`ctx: ctx,`
			`logger: logger,`
			`entry: entry,`
			`enginectx: enginectx,`
			`jp: jp,`
			`gctxStore: gctxStore,`
			`}`
			`}`

			`func (g *gctxLoader) HasLoaded() bool {`
feat(gctx): add jmespath caching through projections (#11833) feat(gctx): move ready check to runtime Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-18 17:51:14 +02:00			`return false`
feat: add globalcontext loader and interface (#9602) * feat(globalcontext): add interface Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): package import path Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(globalcontext): create specific Store Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-02-05 13:24:37 +02:00			`}`

			`func (g *gctxLoader) LoadData() error {`
			`contextData, err := g.loadGctxData()`
			`if err != nil {`
			`g.logger.Error(err, "failed to marshal APICall data for context entry")`
			`return fmt.Errorf("failed to marshal APICall data for context entry %s: %w", g.entry.Name, err)`
			`}`

			`err = g.enginectx.AddContextEntry(g.entry.Name, contextData)`
			`if err != nil {`
			`g.logger.Error(err, "failed to add resource cache results for context entry")`
			`return fmt.Errorf("failed to add resource cache results for context entry %s: %w", g.entry.Name, err)`
			`}`

			`g.logger.V(6).Info("added context data", "name", g.entry.Name, "contextData", contextData)`
			`g.data = contextData`
			`return nil`
			`}`

			`func (g *gctxLoader) loadGctxData() ([]byte, error) {`
			`var data interface{}`
			`var err error`
			`if g.entry.GlobalReference == nil {`
			`g.logger.Error(err, "context entry does not have resource cache")`
			`return nil, fmt.Errorf("resource cache not found")`
			`}`
			`rc, err := variables.SubstituteAllInType(g.logger, g.enginectx, g.entry.GlobalReference)`
			`if err != nil {`
			`return nil, err`
			`}`
			`g.logger.V(6).Info("variables substituted", "resourcecache", rc)`

feat(gctx): add jmespath caching through projections (#11833) feat(gctx): move ready check to runtime Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-18 17:51:14 +02:00			`names := strings.Split(rc.Name, ".")`
			`if len(names) < 1 {`
			`err := fmt.Errorf("invalid resource cache name %s", rc.Name)`
			`g.logger.Error(err, "")`
			`return nil, err`
			`}`

			`gctxName := names[0]`
			`projectionName := ""`
			`if len(names) > 1 {`
			`projectionName = names[1]`
			`}`

			`storeEntry, ok := g.gctxStore.Get(gctxName)`
feat: add globalcontext loader and interface (#9602) * feat(globalcontext): add interface Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): package import path Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(globalcontext): create specific Store Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-02-05 13:24:37 +02:00			`if !ok {`
feat(gctx): add jmespath caching through projections (#11833) feat(gctx): move ready check to runtime Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-18 17:51:14 +02:00			`err := fmt.Errorf("failed to fetch entry key=%s", gctxName)`
feat: add globalcontext loader and interface (#9602) * feat(globalcontext): add interface Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): package import path Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(globalcontext): create specific Store Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-02-05 13:24:37 +02:00			`g.logger.Error(err, "")`
			`return nil, err`
			`}`
feat(gctx): add jmespath caching through projections (#11833) feat(gctx): move ready check to runtime Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-18 17:51:14 +02:00			`data, err = storeEntry.Get(projectionName)`
feat: add globalcontext loader and interface (#9602) * feat(globalcontext): add interface Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): package import path Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(globalcontext): create specific Store Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-02-05 13:24:37 +02:00			`if err != nil {`
			`g.logger.Error(err, "failed to fetch data from entry")`
			`return nil, err`
			`}`

fix(gctx): remove unnecessary json Marshal/Unmarshal operations to reduce memory usage (#12201) Signed-off-by: liuxu <liuxu623@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-27 17:03:36 +08:00			`if rc.JMESPath == "" {`
			`jsonData, err := json.Marshal(data)`
test(globalcontext): add e2e tests (#9661) * fix(globalcontext): validation Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): use existence instead of ready for now Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): improve not ready error message Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): allow any APICall Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): prevent double marshal Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(globalcontext): add e2e tests Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): move vaildation to OpenAPI V3 Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2024-02-06 19:03:32 +02:00			`if err != nil {`
			`return nil, err`
			`}`
feat: add globalcontext loader and interface (#9602) * feat(globalcontext): add interface Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): package import path Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(globalcontext): create specific Store Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-02-05 13:24:37 +02:00			`return jsonData, nil`
			`}`

fix(gctx): remove unnecessary json Marshal/Unmarshal operations to reduce memory usage (#12201) Signed-off-by: liuxu <liuxu623@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-27 17:03:36 +08:00			`results, err := g.jp.Search(rc.JMESPath, data)`
feat: add globalcontext loader and interface (#9602) * feat(globalcontext): add interface Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): package import path Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(globalcontext): create specific Store Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-02-05 13:24:37 +02:00			`if err != nil {`
			`g.logger.Error(err, "failed to apply JMESPath for context entry")`
fix(gctx): remove unnecessary json Marshal/Unmarshal operations to reduce memory usage (#12201) Signed-off-by: liuxu <liuxu623@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-27 17:03:36 +08:00			`return nil, fmt.Errorf("failed to apply JMESPath %s for context entry %s: %w", rc.JMESPath, g.entry.Name, err)`
feat: add globalcontext loader and interface (#9602) * feat(globalcontext): add interface Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): package import path Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(globalcontext): create specific Store Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-02-05 13:24:37 +02:00			`}`
			`g.logger.V(6).Info("applied jmespath expression", "name", g.entry.Name, "results", results)`

			`return json.Marshal(results)`
			`}`