2019-05-14 01:17:28 +00:00
|
|
|
package engine
|
2019-05-13 18:27:47 +00:00
|
|
|
|
|
|
|
|
import (
|
2023-02-08 05:55:03 +00:00
|
|
|
"context"
|
2021-02-03 21:09:42 +00:00
|
|
|
"time"
|
|
|
|
|
|
2023-02-09 15:15:51 +00:00
|
|
|
"github.com/go-logr/logr"
|
2022-05-17 11:12:43 +00:00
|
|
|
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
2022-03-28 14:01:27 +00:00
|
|
|
"github.com/kyverno/kyverno/pkg/autogen"
|
2023-01-30 11:41:09 +00:00
|
|
|
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
2023-02-09 15:15:51 +00:00
|
|
|
"github.com/kyverno/kyverno/pkg/engine/internal"
|
2019-05-13 18:27:47 +00:00
|
|
|
)
|
|
|
|
|
|
2022-03-29 13:04:33 +00:00
|
|
|
// GenerateResponse checks for validity of generate rule on the resource
|
2023-02-06 12:49:04 +00:00
|
|
|
func (e *engine) generateResponse(
|
2023-02-08 05:55:03 +00:00
|
|
|
ctx context.Context,
|
2023-02-09 15:15:51 +00:00
|
|
|
logger logr.Logger,
|
2023-01-31 15:28:48 +00:00
|
|
|
policyContext engineapi.PolicyContext,
|
2023-01-31 14:30:40 +00:00
|
|
|
gr kyvernov1beta1.UpdateRequest,
|
2023-03-22 14:55:00 +00:00
|
|
|
) engineapi.EngineResponse {
|
2023-02-09 15:15:51 +00:00
|
|
|
return e.filterGenerateRules(policyContext, logger, gr.Spec.Policy, time.Now())
|
2022-03-29 13:04:33 +00:00
|
|
|
}
|
|
|
|
|
|
2023-02-06 12:49:04 +00:00
|
|
|
func (e *engine) filterGenerateRules(
|
2023-01-31 15:28:48 +00:00
|
|
|
policyContext engineapi.PolicyContext,
|
2023-02-09 15:15:51 +00:00
|
|
|
logger logr.Logger,
|
2023-01-31 14:30:40 +00:00
|
|
|
policyNameKey string,
|
|
|
|
|
startTime time.Time,
|
2023-03-22 14:55:00 +00:00
|
|
|
) engineapi.EngineResponse {
|
2023-01-31 15:28:48 +00:00
|
|
|
newResource := policyContext.NewResource()
|
|
|
|
|
kind := newResource.GetKind()
|
|
|
|
|
name := newResource.GetName()
|
|
|
|
|
namespace := newResource.GetNamespace()
|
2023-02-10 14:04:41 +00:00
|
|
|
resp := engineapi.NewEngineResponseFromPolicyContext(policyContext, nil)
|
2023-02-10 08:11:21 +00:00
|
|
|
resp.PolicyResponse = engineapi.PolicyResponse{
|
2023-02-10 19:35:55 +00:00
|
|
|
Stats: engineapi.PolicyStats{
|
2023-02-10 08:11:21 +00:00
|
|
|
ExecutionStats: engineapi.ExecutionStats{
|
|
|
|
|
Timestamp: startTime.Unix(),
|
2022-03-29 13:04:33 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
2023-02-06 12:49:04 +00:00
|
|
|
if e.configuration.ToFilter(kind, namespace, name) {
|
2023-02-09 15:15:51 +00:00
|
|
|
logger.Info("resource excluded")
|
2023-03-22 14:55:00 +00:00
|
|
|
return *resp
|
2022-03-29 13:04:33 +00:00
|
|
|
}
|
2023-01-31 15:28:48 +00:00
|
|
|
for _, rule := range autogen.ComputeRules(policyContext.Policy()) {
|
2023-02-09 15:15:51 +00:00
|
|
|
logger := internal.LoggerWithRule(logger, rule)
|
|
|
|
|
if ruleResp := e.filterRule(rule, logger, policyContext); ruleResp != nil {
|
2022-03-29 13:04:33 +00:00
|
|
|
resp.PolicyResponse.Rules = append(resp.PolicyResponse.Rules, *ruleResp)
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-03-22 14:55:00 +00:00
|
|
|
return *resp
|
2022-03-29 13:04:33 +00:00
|
|
|
}
|
