2023-09-06 16:03:51 +02:00
|
|
|
package variables
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
|
2023-09-17 22:50:17 +02:00
|
|
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
2023-09-06 17:17:12 +02:00
|
|
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store"
|
2023-09-06 16:03:51 +02:00
|
|
|
"k8s.io/apimachinery/pkg/util/sets"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Variables struct {
|
2023-09-17 22:50:17 +02:00
|
|
|
values *v1alpha1.ValuesSpec
|
2023-09-06 16:03:51 +02:00
|
|
|
variables map[string]string
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-17 22:50:17 +02:00
|
|
|
func (v Variables) Subresources() []v1alpha1.Subresource {
|
2023-09-06 16:03:51 +02:00
|
|
|
if v.values == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2023-09-06 19:01:23 +02:00
|
|
|
if len(v.values.Subresources) == 0 {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2023-09-06 16:03:51 +02:00
|
|
|
return v.values.Subresources
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (v Variables) NamespaceSelectors() map[string]Labels {
|
|
|
|
|
if v.values == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
out := map[string]Labels{}
|
|
|
|
|
if v.values.NamespaceSelectors != nil {
|
|
|
|
|
for _, n := range v.values.NamespaceSelectors {
|
|
|
|
|
out[n.Name] = n.Labels
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if len(out) == 0 {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
return out
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-19 15:45:53 +01:00
|
|
|
func (v Variables) ComputeVariables(s *store.Store, policy, resource, kind string, kindMap sets.Set[string], variables ...string) (map[string]interface{}, error) {
|
2023-09-06 16:03:51 +02:00
|
|
|
resourceValues := map[string]interface{}{}
|
|
|
|
|
// first apply global values
|
|
|
|
|
if v.values != nil {
|
|
|
|
|
for k, v := range v.values.GlobalValues {
|
|
|
|
|
resourceValues[k] = v
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// apply resource values
|
|
|
|
|
if v.values != nil {
|
|
|
|
|
for _, p := range v.values.Policies {
|
|
|
|
|
if p.Name != policy {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
for _, r := range p.Resources {
|
|
|
|
|
if r.Name != resource {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
for k, v := range r.Values {
|
|
|
|
|
resourceValues[k] = v
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// apply variable
|
|
|
|
|
for k, v := range v.variables {
|
|
|
|
|
resourceValues[k] = v
|
|
|
|
|
}
|
|
|
|
|
// make sure `request.operation` is set
|
|
|
|
|
if _, ok := resourceValues["request.operation"]; !ok {
|
|
|
|
|
resourceValues["request.operation"] = "CREATE"
|
|
|
|
|
}
|
|
|
|
|
// skipping the variable check for non matching kind
|
|
|
|
|
// TODO remove dependency to store
|
2023-12-19 15:45:53 +01:00
|
|
|
if kindMap.Has(kind) && len(variables) > 0 && len(resourceValues) == 0 && s.HasPolicies() {
|
2023-09-06 16:03:51 +02:00
|
|
|
return nil, fmt.Errorf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policy, resource)
|
|
|
|
|
}
|
|
|
|
|
return resourceValues, nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-19 15:45:53 +01:00
|
|
|
func (v Variables) SetInStore(s *store.Store) {
|
2023-09-06 16:03:51 +02:00
|
|
|
storePolicies := []store.Policy{}
|
|
|
|
|
if v.values != nil {
|
|
|
|
|
for _, p := range v.values.Policies {
|
|
|
|
|
sp := store.Policy{
|
|
|
|
|
Name: p.Name,
|
|
|
|
|
}
|
|
|
|
|
for _, r := range p.Rules {
|
|
|
|
|
sr := store.Rule{
|
|
|
|
|
Name: r.Name,
|
|
|
|
|
Values: r.Values,
|
|
|
|
|
ForEachValues: r.ForeachValues,
|
|
|
|
|
}
|
|
|
|
|
sp.Rules = append(sp.Rules, sr)
|
|
|
|
|
}
|
|
|
|
|
storePolicies = append(storePolicies, sp)
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-12-19 15:45:53 +01:00
|
|
|
s.SetPolicies(storePolicies...)
|
2023-09-06 16:03:51 +02:00
|
|
|
}
|
