kyverno/pkg/utils/yaml/loadpolicy.go

package yaml

import (
	"encoding/json"
	"fmt"

	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
	"k8s.io/apimachinery/pkg/util/yaml"
	"sigs.k8s.io/controller-runtime/pkg/log"
)

// GetPolicy extracts policies from YAML bytes
func GetPolicy(bytes []byte) (policies []kyvernov1.PolicyInterface, err error) {
	documents, err := SplitDocuments(bytes)
	if err != nil {
		return nil, err
	}
	for _, thisPolicyBytes := range documents {
		policyBytes, err := yaml.ToJSON(thisPolicyBytes)
		if err != nil {
			return nil, fmt.Errorf("failed to convert to JSON: %v", err)
		}
		policy := &kyvernov1.ClusterPolicy{}
		if err := json.Unmarshal(policyBytes, policy); err != nil {
			return nil, fmt.Errorf("failed to decode policy: %v", err)
		}
		if policy.TypeMeta.Kind == "" {
			log.Log.V(3).Info("skipping file as policy.TypeMeta.Kind not found")
			continue
		}
		if policy.TypeMeta.Kind != "ClusterPolicy" && policy.TypeMeta.Kind != "Policy" {
			return nil, fmt.Errorf("resource %s/%s is not a Policy or a ClusterPolicy", policy.Kind, policy.Name)
		}
		if policy.Kind == "Policy" {
			if policy.Namespace == "" {
				policy.Namespace = "default"
			}
		} else {
			policy.Namespace = ""
		}
		policies = append(policies, policy)
	}
	return policies, nil
}
fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-09-06 17:16:44 +02:00			`package yaml`
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code 2020-09-01 09:11:20 -07:00
			`import (`
			`"encoding/json"`
			`"fmt"`

chore: make kyverno api import aliases consistent (#3939) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-05-17 13:12:43 +02:00			`kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"`
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code 2020-09-01 09:11:20 -07:00			`"k8s.io/apimachinery/pkg/util/yaml"`
Fix for commented yaml files in Kyverno CLI (#1849) * fix for commented policy yaml file Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * fix for commented resource yaml file Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> 2021-04-29 23:11:15 +05:30			`"sigs.k8s.io/controller-runtime/pkg/log"`
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code 2020-09-01 09:11:20 -07:00			`)`

fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-09-06 17:16:44 +02:00			`// GetPolicy extracts policies from YAML bytes`
chore: make kyverno api import aliases consistent (#3939) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-05-17 13:12:43 +02:00			`func GetPolicy(bytes []byte) (policies []kyvernov1.PolicyInterface, err error) {`
fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-09-06 17:16:44 +02:00			`documents, err := SplitDocuments(bytes)`
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code 2020-09-01 09:11:20 -07:00			`if err != nil {`
ignore non-policy files in CLI and improve validation messages (#1362) * improve validation message * improve error behaviors * fix tests * fix tests 2020-12-07 11:26:04 -08:00			`return nil, err`
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code 2020-09-01 09:11:20 -07:00			`}`
refactor: separate yaml utils package (#3520) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-04-01 11:56:16 +02:00			`for _, thisPolicyBytes := range documents {`
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code 2020-09-01 09:11:20 -07:00			`policyBytes, err := yaml.ToJSON(thisPolicyBytes)`
			`if err != nil {`
ignore non-policy files in CLI and improve validation messages (#1362) * improve validation message * improve error behaviors * fix tests * fix tests 2020-12-07 11:26:04 -08:00			`return nil, fmt.Errorf("failed to convert to JSON: %v", err)`
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code 2020-09-01 09:11:20 -07:00			`}`
chore: make kyverno api import aliases consistent (#3939) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-05-17 13:12:43 +02:00			`policy := &kyvernov1.ClusterPolicy{}`
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code 2020-09-01 09:11:20 -07:00			`if err := json.Unmarshal(policyBytes, policy); err != nil {`
ignore non-policy files in CLI and improve validation messages (#1362) * improve validation message * improve error behaviors * fix tests * fix tests 2020-12-07 11:26:04 -08:00			`return nil, fmt.Errorf("failed to decode policy: %v", err)`
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code 2020-09-01 09:11:20 -07:00			`}`
Fix for commented yaml files in Kyverno CLI (#1849) * fix for commented policy yaml file Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * fix for commented resource yaml file Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> 2021-04-29 23:11:15 +05:30			`if policy.TypeMeta.Kind == "" {`
			`log.Log.V(3).Info("skipping file as policy.TypeMeta.Kind not found")`
			`continue`
			`}`
refactor: separate yaml utils package (#3520) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-04-01 11:56:16 +02:00			`if policy.TypeMeta.Kind != "ClusterPolicy" && policy.TypeMeta.Kind != "Policy" {`
			`return nil, fmt.Errorf("resource %s/%s is not a Policy or a ClusterPolicy", policy.Kind, policy.Name)`
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code 2020-09-01 09:11:20 -07:00			`}`
fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-09-06 17:16:44 +02:00			`if policy.Kind == "Policy" {`
Added Code to support the test command for mutate policy (#2279) * Added test-e2e-local in the Makefile * Added a proper Indentation * Added 3 more fields * Added getPolicyResourceFullPath function * Updating the patchedResource path to full path * Converts Namespaced policy to ClusterPolicy * Added GetPatchedResourceFromPath function * Added GetPatchedResource function * Checks for namespaced-policy from policy name provided bu user * Generalizing resultKey for both validate and mutate. Also added kind field to this key * Added Type field to PolicySpec * To handle mutate case when resource and patchedResource are equal * fetch patchResource from path provided by user and compare it with engine patchedResource * generating result by comparing patchedResource * Added kind to resultKey * Handles namespaced policy results * Skip is required * Added []response.EngineResponse return type in ApplyPolicyOnResource function namespaced policy only surpasses resources having same namespace as policy * apply command will print the patchedResource whereas test will not * passing engineResponse instead of validateEngineResponse because it supports results for both validate and mutate case * default namespace will printed in the output table if no namespace is being provided by the user * Added e2e test for mutate policy and also examples for both type of policies * Created a separate function to get resultKey * Changes in the resultKey for validate case * Added help description for test command in the cli * fixes code for more test cases * fixes code to support more cases and also added resources for e2e-test * some small changes like adding brackets, clubbing 2 if cond into one, changing variable name, etc. * Rearrange GetPatchedResourceFromPath function to get rid from repetion of same thing twice. * Added kind in the result section of test.yaml for all test-cases * engineResponse will handle different types of response * GetPatchedResource() uses GetResource function to fetch patched resource Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> 2021-10-01 14:16:33 +05:30			`if policy.Namespace == "" {`
			`policy.Namespace = "default"`
			`}`
fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-09-06 17:16:44 +02:00			`} else {`
			`policy.Namespace = ""`
Added Code to support the test command for mutate policy (#2279) * Added test-e2e-local in the Makefile * Added a proper Indentation * Added 3 more fields * Added getPolicyResourceFullPath function * Updating the patchedResource path to full path * Converts Namespaced policy to ClusterPolicy * Added GetPatchedResourceFromPath function * Added GetPatchedResource function * Checks for namespaced-policy from policy name provided bu user * Generalizing resultKey for both validate and mutate. Also added kind field to this key * Added Type field to PolicySpec * To handle mutate case when resource and patchedResource are equal * fetch patchResource from path provided by user and compare it with engine patchedResource * generating result by comparing patchedResource * Added kind to resultKey * Handles namespaced policy results * Skip is required * Added []response.EngineResponse return type in ApplyPolicyOnResource function namespaced policy only surpasses resources having same namespace as policy * apply command will print the patchedResource whereas test will not * passing engineResponse instead of validateEngineResponse because it supports results for both validate and mutate case * default namespace will printed in the output table if no namespace is being provided by the user * Added e2e test for mutate policy and also examples for both type of policies * Created a separate function to get resultKey * Changes in the resultKey for validate case * Added help description for test command in the cli * fixes code for more test cases * fixes code to support more cases and also added resources for e2e-test * some small changes like adding brackets, clubbing 2 if cond into one, changing variable name, etc. * Rearrange GetPatchedResourceFromPath function to get rid from repetion of same thing twice. * Added kind in the result section of test.yaml for all test-cases * engineResponse will handle different types of response * GetPatchedResource() uses GetResource function to fetch patched resource Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> 2021-10-01 14:16:33 +05:30			`}`
refactor: separate yaml utils package (#3520) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-04-01 11:56:16 +02:00			`policies = append(policies, policy)`
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code 2020-09-01 09:11:20 -07:00			`}`
			`return policies, nil`
			`}`