kyverno/pkg/engine/exceptions.go

package engine

import (
	"fmt"

	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
	"k8s.io/apimachinery/pkg/labels"
	"k8s.io/client-go/tools/cache"
)

// GetPolicyExceptions get all exceptions that match both the policy and the rule.
func (e *engine) GetPolicyExceptions(
	policy kyvernov1.PolicyInterface,
	rule string,
) ([]kyvernov2beta1.PolicyException, error) {
	var exceptions []kyvernov2beta1.PolicyException
	if e.exceptionSelector == nil {
		return exceptions, nil
	}
	polexs, err := e.exceptionSelector.List(labels.Everything())
	if err != nil {
		return exceptions, err
	}
	policyName, err := cache.MetaNamespaceKeyFunc(policy)
	if err != nil {
		return exceptions, fmt.Errorf("failed to compute policy key: %w", err)
	}
	for _, polex := range polexs {
		if polex.Contains(policyName, rule) {
			exceptions = append(exceptions, *polex)
		}
	}
	return exceptions, nil
}
refactor: add more functionnalities to engine interface (#6212) * refactor: add more functionnalities to engine interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exclude mechanism Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * polex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-02-06 06:49:47 +01:00			`package engine`

			`import (`
			`"fmt"`

			`kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"`
fix: use v2beta1 of policy exceptions (#8587) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2023-10-09 10:27:25 +03:00			`kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"`
refactor: add more functionnalities to engine interface (#6212) * refactor: add more functionnalities to engine interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exclude mechanism Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * polex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-02-06 06:49:47 +01:00			`"k8s.io/apimachinery/pkg/labels"`
			`"k8s.io/client-go/tools/cache"`
			`)`

feat: compute policy exceptions as a part of the rule execution (#8713) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-11-13 17:43:25 +02:00			`// GetPolicyExceptions get all exceptions that match both the policy and the rule.`
			`func (e *engine) GetPolicyExceptions(`
refactor: add more functionnalities to engine interface (#6212) * refactor: add more functionnalities to engine interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exclude mechanism Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * polex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-02-06 06:49:47 +01:00			`policy kyvernov1.PolicyInterface,`
			`rule string,`
feat: compute policy exceptions as a part of the rule execution (#8713) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-11-13 17:43:25 +02:00			`) ([]kyvernov2beta1.PolicyException, error) {`
			`var exceptions []kyvernov2beta1.PolicyException`
			`if e.exceptionSelector == nil {`
			`return exceptions, nil`
refactor: add more functionnalities to engine interface (#6212) * refactor: add more functionnalities to engine interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exclude mechanism Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * polex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-02-06 06:49:47 +01:00			`}`
feat: compute policy exceptions as a part of the rule execution (#8713) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-11-13 17:43:25 +02:00			`polexs, err := e.exceptionSelector.List(labels.Everything())`
refactor: add more functionnalities to engine interface (#6212) * refactor: add more functionnalities to engine interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exclude mechanism Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * polex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-02-06 06:49:47 +01:00			`if err != nil {`
feat: compute policy exceptions as a part of the rule execution (#8713) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-11-13 17:43:25 +02:00			`return exceptions, err`
refactor: add more functionnalities to engine interface (#6212) * refactor: add more functionnalities to engine interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exclude mechanism Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * polex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-02-06 06:49:47 +01:00			`}`
			`policyName, err := cache.MetaNamespaceKeyFunc(policy)`
			`if err != nil {`
feat: compute policy exceptions as a part of the rule execution (#8713) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-11-13 17:43:25 +02:00			`return exceptions, fmt.Errorf("failed to compute policy key: %w", err)`
refactor: add more functionnalities to engine interface (#6212) * refactor: add more functionnalities to engine interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exclude mechanism Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * polex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-02-06 06:49:47 +01:00			`}`
			`for _, polex := range polexs {`
			`if polex.Contains(policyName, rule) {`
feat: compute policy exceptions as a part of the rule execution (#8713) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-11-13 17:43:25 +02:00			`exceptions = append(exceptions, *polex)`
refactor: add more functionnalities to engine interface (#6212) * refactor: add more functionnalities to engine interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exclude mechanism Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * polex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-02-06 06:49:47 +01:00			`}`
			`}`
feat: compute policy exceptions as a part of the rule execution (#8713) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-11-13 17:43:25 +02:00			`return exceptions, nil`
refactor: add more functionnalities to engine interface (#6212) * refactor: add more functionnalities to engine interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exclude mechanism Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * polex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-02-06 06:49:47 +01:00			`}`