kyverno/pkg/controllers/validatingadmissionpolicy-generate/utils.go

package validatingadmissionpolicygenerate

import (
	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
	kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
	policiesv1alpha1 "github.com/kyverno/kyverno/api/policies.kyverno.io/v1alpha1"
	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
	"k8s.io/apimachinery/pkg/labels"
)

// getClusterPolicy gets the Kyverno ClusterPolicy
func (c *controller) getClusterPolicy(name string) (*kyvernov1.ClusterPolicy, error) {
	cpolicy, err := c.cpolLister.Get(name)
	if err != nil {
		return nil, err
	}
	return cpolicy, nil
}

// getClusterPolicy gets the Kyverno ValidatingPolicy
func (c *controller) getValidatingPolicy(name string) (*policiesv1alpha1.ValidatingPolicy, error) {
	vpol, err := c.vpolLister.Get(name)
	if err != nil {
		return nil, err
	}
	return vpol, nil
}

// getValidatingAdmissionPolicy gets the Kubernetes ValidatingAdmissionPolicy
func (c *controller) getValidatingAdmissionPolicy(name string) (*admissionregistrationv1.ValidatingAdmissionPolicy, error) {
	vap, err := c.vapLister.Get(name)
	if err != nil {
		return nil, err
	}
	return vap, nil
}

// getValidatingAdmissionPolicyBinding gets the Kubernetes ValidatingAdmissionPolicyBinding
func (c *controller) getValidatingAdmissionPolicyBinding(name string) (*admissionregistrationv1.ValidatingAdmissionPolicyBinding, error) {
	vapbinding, err := c.vapbindingLister.Get(name)
	if err != nil {
		return nil, err
	}
	return vapbinding, nil
}

// getExceptions get PolicyExceptions that match both the ClusterPolicy and the rule if exists.
func (c *controller) getExceptions(policyName, rule string) ([]kyvernov2.PolicyException, error) {
	var exceptions []kyvernov2.PolicyException
	polexs, err := c.polexLister.List(labels.Everything())
	if err != nil {
		return nil, err
	}
	for _, polex := range polexs {
		if polex.Contains(policyName, rule) {
			exceptions = append(exceptions, *polex)
		}
	}
	return exceptions, nil
}

func constructVapBindingName(vapName string) string {
	return vapName + "-binding"
}
feat: generate VAPs from VPs (#12222) * feat: generate VAPs from VPs Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix codegen Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2025-02-25 14:27:29 +02:00			`package validatingadmissionpolicygenerate`

			`import (`
			`kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"`
			`kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"`
			`policiesv1alpha1 "github.com/kyverno/kyverno/api/policies.kyverno.io/v1alpha1"`
			`admissionregistrationv1 "k8s.io/api/admissionregistration/v1"`
			`"k8s.io/apimachinery/pkg/labels"`
			`)`

			`// getClusterPolicy gets the Kyverno ClusterPolicy`
			`func (c controller) getClusterPolicy(name string) (kyvernov1.ClusterPolicy, error) {`
			`cpolicy, err := c.cpolLister.Get(name)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return cpolicy, nil`
			`}`

			`// getClusterPolicy gets the Kyverno ValidatingPolicy`
			`func (c controller) getValidatingPolicy(name string) (policiesv1alpha1.ValidatingPolicy, error) {`
			`vpol, err := c.vpolLister.Get(name)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return vpol, nil`
			`}`

			`// getValidatingAdmissionPolicy gets the Kubernetes ValidatingAdmissionPolicy`
			`func (c controller) getValidatingAdmissionPolicy(name string) (admissionregistrationv1.ValidatingAdmissionPolicy, error) {`
			`vap, err := c.vapLister.Get(name)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return vap, nil`
			`}`

			`// getValidatingAdmissionPolicyBinding gets the Kubernetes ValidatingAdmissionPolicyBinding`
			`func (c controller) getValidatingAdmissionPolicyBinding(name string) (admissionregistrationv1.ValidatingAdmissionPolicyBinding, error) {`
			`vapbinding, err := c.vapbindingLister.Get(name)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return vapbinding, nil`
			`}`

			`// getExceptions get PolicyExceptions that match both the ClusterPolicy and the rule if exists.`
			`func (c *controller) getExceptions(policyName, rule string) ([]kyvernov2.PolicyException, error) {`
			`var exceptions []kyvernov2.PolicyException`
			`polexs, err := c.polexLister.List(labels.Everything())`
			`if err != nil {`
			`return nil, err`
			`}`
			`for _, polex := range polexs {`
			`if polex.Contains(policyName, rule) {`
			`exceptions = append(exceptions, *polex)`
			`}`
			`}`
			`return exceptions, nil`
			`}`

			`func constructVapBindingName(vapName string) string {`
			`return vapName + "-binding"`
			`}`