mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00
Code Activity
kyverno/pkg/engine/handlers/mutation/common.go

184 lines
6 KiB
Go
Raw Normal View History

refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
package mutation
import (
"context"
feat: Removal of multiple elements using JSON patch in a foreach loop (#6335) * handle mismatch of indices for removal operation while using foreach in mutate rule Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * Refactor elementIsRemoved function to pass 'gofumpt' check Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * traverse elements array in reverse order to handle removal of multiple elements Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * handle failing test case by changing assertion order Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * add kuttl tests Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * remove cleanup file from kuttl test Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * sort patches at the end Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix policy Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * move tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>
2023-04-13 17:34:56 +00:00
"encoding/json"
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
"fmt"
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
"github.com/kyverno/kyverno/pkg/engine/internal"
"github.com/kyverno/kyverno/pkg/engine/mutate"
feat: Removal of multiple elements using JSON patch in a foreach loop (#6335) * handle mismatch of indices for removal operation while using foreach in mutate rule Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * Refactor elementIsRemoved function to pass 'gofumpt' check Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * traverse elements array in reverse order to handle removal of multiple elements Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * handle failing test case by changing assertion order Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * add kuttl tests Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * remove cleanup file from kuttl test Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * sort patches at the end Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix policy Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * move tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>
2023-04-13 17:34:56 +00:00
"github.com/kyverno/kyverno/pkg/engine/mutate/patch"
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
"github.com/kyverno/kyverno/pkg/utils/api"
feat: Removal of multiple elements using JSON patch in a foreach loop (#6335) * handle mismatch of indices for removal operation while using foreach in mutate rule Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * Refactor elementIsRemoved function to pass 'gofumpt' check Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * traverse elements array in reverse order to handle removal of multiple elements Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * handle failing test case by changing assertion order Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * add kuttl tests Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * remove cleanup file from kuttl test Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * sort patches at the end Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix policy Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * move tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>
2023-04-13 17:34:56 +00:00
"github.com/mattbaird/jsonpatch"
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
type forEachMutator struct {
feat: add context/preconditions support to mutate existing (#6754) * refactor: engine handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add context/preconditions support to mutate existing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix and context kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * final fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-04-03 21:58:58 +02:00
logger logr.Logger
rule kyvernov1.Rule
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
policyContext engineapi.PolicyContext
foreach []kyvernov1.ForEachMutation
resource resourceInfo
nesting int
contextLoader engineapi.EngineContextLoader
}
func (f *forEachMutator) mutateForEach(ctx context.Context) *mutate.Response {
var applyCount int
allPatches := make([][]byte, 0)
for _, foreach := range f.foreach {
elements, err := engineutils.EvaluateList(foreach.List, f.policyContext.JSONContext())
if err != nil {
msg := fmt.Sprintf("failed to evaluate list %s: %v", foreach.List, err)
return mutate.NewErrorResponse(msg, err)
}
mutateResp := f.mutateElements(ctx, foreach, elements)
if mutateResp.Status == engineapi.RuleStatusError {
return mutate.NewErrorResponse("failed to mutate elements", err)
}
if mutateResp.Status != engineapi.RuleStatusSkip {
applyCount++
if len(mutateResp.Patches) > 0 {
f.resource.unstructured = mutateResp.PatchedResource
allPatches = append(allPatches, mutateResp.Patches...)
}
feat: add context/preconditions support to mutate existing (#6754) * refactor: engine handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add context/preconditions support to mutate existing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix and context kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * final fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-04-03 21:58:58 +02:00
f.logger.Info("mutateResp.PatchedResource", "resource", mutateResp.PatchedResource)
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
if err := f.policyContext.JSONContext().AddResource(mutateResp.PatchedResource.Object); err != nil {
feat: add context/preconditions support to mutate existing (#6754) * refactor: engine handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add context/preconditions support to mutate existing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix and context kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * final fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-04-03 21:58:58 +02:00
f.logger.Error(err, "failed to update resource in context")
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
}
}
}
msg := fmt.Sprintf("%d elements processed", applyCount)
if applyCount == 0 {
return mutate.NewResponse(engineapi.RuleStatusSkip, f.resource.unstructured, allPatches, msg)
}
return mutate.NewResponse(engineapi.RuleStatusPass, f.resource.unstructured, allPatches, msg)
}
func (f *forEachMutator) mutateElements(ctx context.Context, foreach kyvernov1.ForEachMutation, elements []interface{}) *mutate.Response {
f.policyContext.JSONContext().Checkpoint()
defer f.policyContext.JSONContext().Restore()
patchedResource := f.resource
var allPatches [][]byte
if foreach.RawPatchStrategicMerge != nil {
engineutils.InvertedElement(elements)
}
for index, element := range elements {
if element == nil {
continue
}
f.policyContext.JSONContext().Reset()
policyContext := f.policyContext.Copy()
falseVar := false
if err := engineutils.AddElementToContext(policyContext, element, index, f.nesting, &falseVar); err != nil {
return mutate.NewErrorResponse(fmt.Sprintf("failed to add element to mutate.foreach[%d].context", index), err)
}
if err := f.contextLoader(ctx, foreach.Context, policyContext.JSONContext()); err != nil {
return mutate.NewErrorResponse(fmt.Sprintf("failed to load to mutate.foreach[%d].context", index), err)
}
feat: add context/preconditions support to mutate existing (#6754) * refactor: engine handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add context/preconditions support to mutate existing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix and context kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * final fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-04-03 21:58:58 +02:00
preconditionsPassed, err := internal.CheckPreconditions(f.logger, policyContext.JSONContext(), foreach.AnyAllConditions)
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
if err != nil {
return mutate.NewErrorResponse(fmt.Sprintf("failed to evaluate mutate.foreach[%d].preconditions", index), err)
}
if !preconditionsPassed {
feat: add context/preconditions support to mutate existing (#6754) * refactor: engine handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add context/preconditions support to mutate existing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix and context kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * final fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-04-03 21:58:58 +02:00
f.logger.Info("mutate.foreach.preconditions not met", "elementIndex", index)
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
continue
}
var mutateResp *mutate.Response
if foreach.ForEachMutation != nil {
nestedForEach, err := api.DeserializeJSONArray[kyvernov1.ForEachMutation](foreach.ForEachMutation)
if err != nil {
return mutate.NewErrorResponse("failed to deserialize foreach", err)
}
m := &forEachMutator{
rule: f.rule,
policyContext: f.policyContext,
resource: patchedResource,
feat: add context/preconditions support to mutate existing (#6754) * refactor: engine handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add context/preconditions support to mutate existing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix and context kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * final fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-04-03 21:58:58 +02:00
logger: f.logger,
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
foreach: nestedForEach,
nesting: f.nesting + 1,
contextLoader: f.contextLoader,
}
mutateResp = m.mutateForEach(ctx)
} else {
feat: add context/preconditions support to mutate existing (#6754) * refactor: engine handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add context/preconditions support to mutate existing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix and context kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * final fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-04-03 21:58:58 +02:00
mutateResp = mutate.ForEach(f.rule.Name, foreach, policyContext, patchedResource.unstructured, element, f.logger)
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
}
if mutateResp.Status == engineapi.RuleStatusFail || mutateResp.Status == engineapi.RuleStatusError {
return mutateResp
}
if len(mutateResp.Patches) > 0 {
patchedResource.unstructured = mutateResp.PatchedResource
allPatches = append(allPatches, mutateResp.Patches...)
}
}
feat: Removal of multiple elements using JSON patch in a foreach loop (#6335) * handle mismatch of indices for removal operation while using foreach in mutate rule Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * Refactor elementIsRemoved function to pass 'gofumpt' check Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * traverse elements array in reverse order to handle removal of multiple elements Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * handle failing test case by changing assertion order Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * add kuttl tests Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * remove cleanup file from kuttl test Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> * sort patches at the end Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix policy Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * move tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Ashwin901 <ashwinprasanna9@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>
2023-04-13 17:34:56 +00:00
var sortedPatches []jsonpatch.JsonPatchOperation
for _, p := range allPatches {
var jp jsonpatch.JsonPatchOperation
if err := json.Unmarshal(p, &jp); err != nil {
return mutate.NewErrorResponse("failed to convert patch", err)
}
sortedPatches = append(sortedPatches, jp)
}
sortedPatches = patch.FilterAndSortPatches(sortedPatches)
var finalPatches [][]byte
for _, p := range sortedPatches {
if data, err := p.MarshalJSON(); err != nil {
return mutate.NewErrorResponse("failed to marshal patch", err)
} else {
finalPatches = append(finalPatches, data)
}
}
return mutate.NewResponse(engineapi.RuleStatusPass, patchedResource.unstructured, finalPatches, "")
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
}
func buildRuleResponse(rule *kyvernov1.Rule, mutateResp *mutate.Response, info resourceInfo) *engineapi.RuleResponse {
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 12:35:38 +02:00
message := mutateResp.Message
if mutateResp.Status == engineapi.RuleStatusPass {
message = buildSuccessMessage(mutateResp.PatchedResource)
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
}
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 12:35:38 +02:00
resp := engineapi.NewRuleResponse(
rule.Name,
engineapi.Mutation,
message,
mutateResp.Status,
)
if mutateResp.Status == engineapi.RuleStatusPass {
resp = resp.WithPatches(mutateResp.Patches...)
if len(rule.Mutation.Targets) != 0 {
resp = resp.WithPatchedTarget(&mutateResp.PatchedResource, info.parentResourceGVR, info.subresource)
}
refactor: implement mutation rule handlers (#6684) * refactor: implement mutation rule handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 10:09:46 +02:00
}
return resp
}
func buildSuccessMessage(r unstructured.Unstructured) string {
if r.Object == nil {
return "mutated resource"
}
if r.GetNamespace() == "" {
return fmt.Sprintf("mutated %s/%s", r.GetKind(), r.GetName())
}
return fmt.Sprintf("mutated %s/%s in namespace %s", r.GetKind(), r.GetName(), r.GetNamespace())
}
Copy permalink