mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
kyverno/pkg/policy/updaterequest.go

226 lines
8.1 KiB
Go
Raw Normal View History

Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
package policy
import (
"context"
"fmt"
"github.com/gardener/controller-manager-library/pkg/logger"
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
urkyverno "github.com/kyverno/kyverno/api/kyverno/v1beta1"
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
common "github.com/kyverno/kyverno/pkg/background/common"
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
"github.com/kyverno/kyverno/pkg/config"
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
"github.com/kyverno/kyverno/pkg/engine"
"github.com/kyverno/kyverno/pkg/engine/response"
engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
"github.com/pkg/errors"
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
chore: enble gci linter (#3930) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2022-05-17 07:56:48 +02:00
"k8s.io/apimachinery/pkg/labels"
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
)
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
func (pc *PolicyController) updateUR(policyKey string, policy kyverno.PolicyInterface) error {
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
logger := pc.log.WithName("updateUR").WithName(policyKey)
Load `mutate.targets` via dclient (#3797) * Load mutate.targets via dclient Signed-off-by: ShutingZhao <shuting@nirmata.com> * Do not fail on namespace cleanup for e2e generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * Fix wildcard name listing for a certain namespace Signed-off-by: ShutingZhao <shuting@nirmata.com> * Rename onPolicyUpdate to mutateExistingOnPolicyUpdate Signed-off-by: ShutingZhao <shuting@nirmata.com> * Enable "mutateExistingOnPolicyUpdate" on policy events Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-06 13:46:36 +08:00
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
if !policy.GetSpec().MutateExistingOnPolicyUpdate && !policy.GetSpec().IsGenerateExistingOnPolicyUpdate() {
logger.V(4).Info("skip policy application on policy event", "policyKey", policyKey, "mutateExiting", policy.GetSpec().MutateExistingOnPolicyUpdate, "generateExisting", policy.GetSpec().IsGenerateExistingOnPolicyUpdate())
return nil
Load `mutate.targets` via dclient (#3797) * Load mutate.targets via dclient Signed-off-by: ShutingZhao <shuting@nirmata.com> * Do not fail on namespace cleanup for e2e generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * Fix wildcard name listing for a certain namespace Signed-off-by: ShutingZhao <shuting@nirmata.com> * Rename onPolicyUpdate to mutateExistingOnPolicyUpdate Signed-off-by: ShutingZhao <shuting@nirmata.com> * Enable "mutateExistingOnPolicyUpdate" on policy events Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-06 13:46:36 +08:00
}
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
logger.Info("update URs on policy event")
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
var errors []error
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
mutateURs := pc.listMutateURs(policyKey, nil)
generateURs := pc.listGenerateURs(policyKey, nil)
Add `handler` to `UR.status` (#3791) * - Add "handler" to "ur.status" - Mark / Unmark handler upon UR reconciliation Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add field onPolicyUpdate Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update API docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add delay in generate e2e tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * Remove duplicate logic for cleaning up the cloned resource Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-05-05 18:56:27 +08:00
updateUR(pc.kyvernoClient, policyKey, append(mutateURs, generateURs...), pc.log.WithName("updateUR"))
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
for _, rule := range policy.GetSpec().Rules {
var ruleType urkyverno.RequestType
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
if rule.IsMutateExisting() {
ruleType = urkyverno.Mutate
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
triggers := generateTriggers(pc.client, rule, pc.log)
for _, trigger := range triggers {
murs := pc.listMutateURs(policyKey, trigger)
if murs != nil {
logger.V(4).Info("UR was created", "rule", rule.Name, "rule type", ruleType, "trigger", trigger.GetNamespace()+trigger.GetName())
continue
}
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
logger.Info("creating new UR for mutate")
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
ur := newUR(policy, trigger, ruleType)
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
skip, err := pc.handleUpdateRequest(ur, trigger, rule, policy)
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
if err != nil {
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
pc.log.Error(err, "failed to create new UR on policy update", "policy", policy.GetName(), "rule", rule.Name, "rule type", ruleType,
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
"target", fmt.Sprintf("%s/%s/%s/%s", trigger.GetAPIVersion(), trigger.GetKind(), trigger.GetNamespace(), trigger.GetName()))
continue
}
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
if skip {
continue
}
pc.log.V(4).Info("successfully created UR on policy update", "policy", policy.GetName(), "rule", rule.Name, "rule type", ruleType,
"target", fmt.Sprintf("%s/%s/%s/%s", trigger.GetAPIVersion(), trigger.GetKind(), trigger.GetNamespace(), trigger.GetName()))
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
}
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
}
if policy.GetSpec().IsGenerateExistingOnPolicyUpdate() {
ruleType = urkyverno.Generate
triggers := generateTriggers(pc.client, rule, pc.log)
for _, trigger := range triggers {
gurs := pc.listGenerateURs(policyKey, trigger)
if gurs != nil {
logger.V(4).Info("UR was created", "rule", rule.Name, "rule type", ruleType, "trigger", trigger.GetNamespace()+"/"+trigger.GetName())
continue
}
ur := newUR(policy, trigger, ruleType)
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
skip, err := pc.handleUpdateRequest(ur, trigger, rule, policy)
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
if err != nil {
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
pc.log.Error(err, "failed to create new UR on policy update", "policy", policy.GetName(), "rule", rule.Name, "rule type", ruleType,
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
"target", fmt.Sprintf("%s/%s/%s/%s", trigger.GetAPIVersion(), trigger.GetKind(), trigger.GetNamespace(), trigger.GetName()))
errors = append(errors, err)
continue
}
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
if skip {
continue
}
pc.log.V(4).Info("successfully created UR on policy update", "policy", policy.GetName(), "rule", rule.Name, "rule type", ruleType,
"target", fmt.Sprintf("%s/%s/%s/%s", trigger.GetAPIVersion(), trigger.GetKind(), trigger.GetNamespace(), trigger.GetName()))
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
}
err := engineutils.CombineErrors(errors)
return err
}
}
return nil
}
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
func (pc *PolicyController) handleUpdateRequest(ur *urkyverno.UpdateRequest, triggerResource *unstructured.Unstructured, rule kyverno.Rule, policy kyverno.PolicyInterface) (skip bool, err error) {
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
policyContext, _, err := common.NewBackgroundContext(pc.client, ur, policy, triggerResource, pc.configHandler, nil, pc.log)
if err != nil {
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
return false, errors.Wrapf(err, "failed to build policy context for rule %s", rule.Name)
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
}
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
engineResponse := engine.ApplyBackgroundChecks(policyContext)
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
if len(engineResponse.PolicyResponse.Rules) == 0 {
return true, nil
}
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
for _, ruleResponse := range engineResponse.PolicyResponse.Rules {
if ruleResponse.Status != response.RuleStatusPass {
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
pc.log.Error(err, "can not create new UR on policy update", "policy", policy.GetName(), "rule", rule.Name, "rule.Status", ruleResponse.Status)
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
continue
}
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
fix: use patch to update handler status in UR (#3928) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-17 13:51:53 +05:30
pc.log.Info("creating new UR for generate")
refactor: make config vars private (#3823) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-11 08:14:30 +02:00
new, err := pc.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Create(context.TODO(), ur, metav1.CreateOptions{})
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
if err != nil {
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
return false, err
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
}
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
new.Status.State = urkyverno.Pending
refactor: make config vars private (#3823) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-11 08:14:30 +02:00
if _, err := pc.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{}); err != nil {
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
pc.log.Error(err, "failed to set UpdateRequest state to Pending")
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
return false, err
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
}
}
Handle errors properly for mutate and generate on existing resources (#3863) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-11 00:36:50 +08:00
return false, err
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
}
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
func (pc *PolicyController) listMutateURs(policyKey string, trigger *unstructured.Unstructured) []*urkyverno.UpdateRequest {
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
selector := createMutateLabels(policyKey, trigger)
mutateURs, err := pc.urLister.List(labels.SelectorFromSet(selector))
if err != nil {
logger.Error(err, "failed to list update request for mutate policy")
}
return mutateURs
}
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
func (pc *PolicyController) listGenerateURs(policyKey string, trigger *unstructured.Unstructured) []*urkyverno.UpdateRequest {
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
selector := createGenerateLabels(policyKey, trigger)
generateURs, err := pc.urLister.List(labels.SelectorFromSet(selector))
if err != nil {
logger.Error(err, "failed to list update request for generate policy")
}
return generateURs
}
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
func newUR(policy kyverno.PolicyInterface, trigger *unstructured.Unstructured, ruleType urkyverno.RequestType) *urkyverno.UpdateRequest {
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
var policyNameNamespaceKey string
if policy.IsNamespaced() {
policyNameNamespaceKey = policy.GetNamespace() + "/" + policy.GetName()
} else {
policyNameNamespaceKey = policy.GetName()
}
var label labels.Set
if ruleType == urkyverno.Mutate {
label = createMutateLabels(policyNameNamespaceKey, trigger)
} else {
label = createGenerateLabels(policyNameNamespaceKey, trigger)
}
return &urkyverno.UpdateRequest{
ObjectMeta: metav1.ObjectMeta{
GenerateName: "ur-",
refactor: make config vars private (#3823) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-11 08:14:30 +02:00
Namespace: config.KyvernoNamespace(),
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
Labels: label,
},
Spec: urkyverno.UpdateRequestSpec{
Type: ruleType,
Policy: policyNameNamespaceKey,
Resource: kyverno.ResourceSpec{
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
Kind: trigger.GetKind(),
Namespace: trigger.GetNamespace(),
Name: trigger.GetName(),
APIVersion: trigger.GetAPIVersion(),
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
},
},
}
}
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
func createMutateLabels(policyKey string, trigger *unstructured.Unstructured) labels.Set {
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
var selector labels.Set
if trigger == nil {
selector = labels.Set(map[string]string{
urkyverno.URMutatePolicyLabel: policyKey,
})
} else {
selector = labels.Set(map[string]string{
urkyverno.URMutatePolicyLabel: policyKey,
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
urkyverno.URMutateTriggerNameLabel: trigger.GetName(),
urkyverno.URMutateTriggerNSLabel: trigger.GetNamespace(),
urkyverno.URMutatetriggerKindLabel: trigger.GetKind(),
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
})
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
if trigger.GetAPIVersion() != "" {
selector[urkyverno.URMutatetriggerAPIVersionLabel] = trigger.GetAPIVersion()
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
}
}
return selector
}
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
func createGenerateLabels(policyKey string, trigger *unstructured.Unstructured) labels.Set {
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
var selector labels.Set
if trigger == nil {
selector = labels.Set(map[string]string{
urkyverno.URGeneratePolicyLabel: policyKey,
})
} else {
selector = labels.Set(map[string]string{
urkyverno.URGeneratePolicyLabel: policyKey,
feat: trigger generate on existing matched resource (#3819) * feat: trigger generate on existing matched resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the triggers and fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add trigger for other matching kinds Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * implement match exclude using dynamic client Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor generate trigger Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * increase sleep timeout Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * optimize unstructured list Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * log refactor and clean debug comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 12:43:11 +05:30
"generate.kyverno.io/resource-name": trigger.GetName(),
"generate.kyverno.io/resource-kind": trigger.GetKind(),
"generate.kyverno.io/resource-namespace": trigger.GetNamespace(),
Create UR for both mutate and generate policies (#3717) * remove mutateExisting field Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy controller to create UR for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update api docs - Ignore e2e tests cleanup failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add back index to helm template Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-04-29 13:31:02 +08:00
})
}
return selector
}
Copy permalink