2023-09-06 06:48:55 +02:00
|
|
|
package processor
|
|
|
|
|
|
|
|
|
|
import (
|
2024-01-23 13:47:38 +02:00
|
|
|
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
2023-09-06 06:48:55 +02:00
|
|
|
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
|
|
|
|
"github.com/kyverno/kyverno/pkg/validatingadmissionpolicy"
|
|
|
|
|
"k8s.io/api/admissionregistration/v1alpha1"
|
|
|
|
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type ValidatingAdmissionPolicyProcessor struct {
|
2024-02-21 09:52:25 +02:00
|
|
|
Policies []v1alpha1.ValidatingAdmissionPolicy
|
|
|
|
|
Bindings []v1alpha1.ValidatingAdmissionPolicyBinding
|
|
|
|
|
Resource *unstructured.Unstructured
|
|
|
|
|
NamespaceSelectorMap map[string]map[string]string
|
|
|
|
|
PolicyReport bool
|
|
|
|
|
Rc *ResultCounts
|
|
|
|
|
Client dclient.Interface
|
2023-09-06 06:48:55 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (p *ValidatingAdmissionPolicyProcessor) ApplyPolicyOnResource() ([]engineapi.EngineResponse, error) {
|
2023-09-11 12:49:02 +02:00
|
|
|
var responses []engineapi.EngineResponse
|
|
|
|
|
for _, policy := range p.Policies {
|
2024-01-23 13:47:38 +02:00
|
|
|
policyData := validatingadmissionpolicy.NewPolicyData(policy)
|
|
|
|
|
for _, binding := range p.Bindings {
|
|
|
|
|
if binding.Spec.PolicyName == policy.Name {
|
|
|
|
|
policyData.AddBinding(binding)
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-02-21 09:52:25 +02:00
|
|
|
response, _ := validatingadmissionpolicy.Validate(policyData, *p.Resource, p.NamespaceSelectorMap, p.Client)
|
2023-09-11 12:49:02 +02:00
|
|
|
responses = append(responses, response)
|
|
|
|
|
p.Rc.addValidatingAdmissionResponse(policy, response)
|
|
|
|
|
}
|
|
|
|
|
return responses, nil
|
2023-09-06 06:48:55 +02:00
|
|
|
}
|
