2022-09-28 13:45:16 +02:00
|
|
|
package utils
|
|
|
|
|
|
|
|
|
|
import (
|
2022-11-24 14:21:08 +01:00
|
|
|
"reflect"
|
|
|
|
|
|
2022-09-28 13:45:16 +02:00
|
|
|
"github.com/go-logr/logr"
|
|
|
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
2022-11-24 14:21:08 +01:00
|
|
|
kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
|
2022-09-28 13:45:16 +02:00
|
|
|
"github.com/kyverno/kyverno/pkg/autogen"
|
|
|
|
|
"github.com/kyverno/kyverno/pkg/policy"
|
2022-11-24 14:21:08 +01:00
|
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
2022-09-28 13:45:16 +02:00
|
|
|
"k8s.io/apimachinery/pkg/util/sets"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func CanBackgroundProcess(logger logr.Logger, p kyvernov1.PolicyInterface) bool {
|
|
|
|
|
if !p.BackgroundProcessingEnabled() {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
if err := policy.ValidateVariables(p, true); err != nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func BuildKindSet(logger logr.Logger, policies ...kyvernov1.PolicyInterface) sets.String {
|
|
|
|
|
kinds := sets.NewString()
|
|
|
|
|
for _, policy := range policies {
|
|
|
|
|
for _, rule := range autogen.ComputeRules(policy) {
|
|
|
|
|
if rule.HasValidate() || rule.HasVerifyImages() {
|
|
|
|
|
kinds.Insert(rule.MatchResources.GetKinds()...)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return kinds
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-17 13:01:41 +02:00
|
|
|
func RemoveNonBackgroundPolicies(logger logr.Logger, policies ...kyvernov1.PolicyInterface) []kyvernov1.PolicyInterface {
|
|
|
|
|
var backgroundPolicies []kyvernov1.PolicyInterface
|
|
|
|
|
for _, pol := range policies {
|
|
|
|
|
if CanBackgroundProcess(logger, pol) {
|
|
|
|
|
backgroundPolicies = append(backgroundPolicies, pol)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return backgroundPolicies
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-14 15:55:50 +02:00
|
|
|
func RemoveNonValidationPolicies(logger logr.Logger, policies ...kyvernov1.PolicyInterface) []kyvernov1.PolicyInterface {
|
|
|
|
|
var validationPolicies []kyvernov1.PolicyInterface
|
2022-09-28 13:45:16 +02:00
|
|
|
for _, pol := range policies {
|
2022-10-14 15:55:50 +02:00
|
|
|
spec := pol.GetSpec()
|
|
|
|
|
if spec.HasVerifyImages() || spec.HasValidate() || spec.HasYAMLSignatureVerify() {
|
|
|
|
|
validationPolicies = append(validationPolicies, pol)
|
2022-09-28 13:45:16 +02:00
|
|
|
}
|
|
|
|
|
}
|
2022-10-14 15:55:50 +02:00
|
|
|
return validationPolicies
|
2022-09-28 13:45:16 +02:00
|
|
|
}
|
2022-11-24 14:21:08 +01:00
|
|
|
|
|
|
|
|
func ReportsAreIdentical(before, after kyvernov1alpha2.ReportInterface) bool {
|
2022-12-20 16:42:08 +01:00
|
|
|
if !reflect.DeepEqual(before.GetAnnotations(), after.GetAnnotations()) {
|
|
|
|
|
return false
|
|
|
|
|
}
|
2022-11-24 14:21:08 +01:00
|
|
|
bLabels := sets.NewString()
|
|
|
|
|
aLabels := sets.NewString()
|
|
|
|
|
for key := range before.GetLabels() {
|
|
|
|
|
bLabels.Insert(key)
|
|
|
|
|
}
|
|
|
|
|
for key := range after.GetLabels() {
|
|
|
|
|
aLabels.Insert(key)
|
|
|
|
|
}
|
|
|
|
|
if !aLabels.Equal(bLabels) {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
b := before.GetResults()
|
|
|
|
|
a := after.GetResults()
|
|
|
|
|
if len(a) != len(b) {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
for i := range a {
|
|
|
|
|
a := a[i]
|
|
|
|
|
b := b[i]
|
|
|
|
|
a.Timestamp = metav1.Timestamp{}
|
|
|
|
|
b.Timestamp = metav1.Timestamp{}
|
|
|
|
|
if !reflect.DeepEqual(&a, &b) {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
