mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity
kyverno/pkg/utils/yaml/loadpolicy.go

144 lines
4.8 KiB
Go
Raw Normal View History

fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-09-06 17:16:44 +02:00
package yaml
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code
2020-09-01 09:11:20 -07:00
import (
"fmt"
chore: make kyverno api import aliases consistent (#3939) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-17 13:12:43 +02:00
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
feat: add ext/yaml package (#8760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-10-27 13:08:39 +02:00
extyaml "github.com/kyverno/kyverno/ext/yaml"
add package logger in files (#4766) * add package logger in files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add package logger to initContainer and other files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * helm docs Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * helm default values Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * release notes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-02 20:45:03 +01:00
log "github.com/kyverno/kyverno/pkg/logging"
chore: remove v1alpha1 of VAPs and use v1beta1 (#10955) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-29 18:31:25 +03:00
admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
allow list with policies in test (#5227) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com>
2022-11-11 16:18:17 +01:00
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code
2020-09-01 09:11:20 -07:00
"k8s.io/apimachinery/pkg/util/yaml"
)
fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-09-06 17:16:44 +02:00
// GetPolicy extracts policies from YAML bytes
chore: remove v1alpha1 of VAPs and use v1beta1 (#10955) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-29 18:31:25 +03:00
func GetPolicy(bytes []byte) (policies []kyvernov1.PolicyInterface, validatingAdmissionPolicies []admissionregistrationv1beta1.ValidatingAdmissionPolicy, validatingAdmissionPolicyBindings []admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding, err error) {
feat: add ext/yaml package (#8760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-10-27 13:08:39 +02:00
documents, err := extyaml.SplitDocuments(bytes)
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code
2020-09-01 09:11:20 -07:00
if err != nil {
feat: support validatingadmissionpolicybindings in CLI apply command (#9468) * feat: support validatingadmissionpolicybindings in CLI apply command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix linter issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-01-23 13:47:38 +02:00
return nil, nil, nil, err
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code
2020-09-01 09:11:20 -07:00
}
refactor: separate yaml utils package (#3520) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-04-01 11:56:16 +02:00
for _, thisPolicyBytes := range documents {
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code
2020-09-01 09:11:20 -07:00
policyBytes, err := yaml.ToJSON(thisPolicyBytes)
if err != nil {
feat: support validatingadmissionpolicybindings in CLI apply command (#9468) * feat: support validatingadmissionpolicybindings in CLI apply command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix linter issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-01-23 13:47:38 +02:00
return nil, nil, nil, fmt.Errorf("failed to convert to JSON: %v", err)
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code
2020-09-01 09:11:20 -07:00
}
refactor: get policy helper (#11891) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:30:54 +01:00
var us unstructured.Unstructured
if err := us.UnmarshalJSON(policyBytes); err != nil {
feat: support validatingadmissionpolicybindings in CLI apply command (#9468) * feat: support validatingadmissionpolicybindings in CLI apply command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix linter issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-01-23 13:47:38 +02:00
return nil, nil, nil, fmt.Errorf("failed to decode policy: %v", err)
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code
2020-09-01 09:11:20 -07:00
}
allow list with policies in test (#5227) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com>
2022-11-11 16:18:17 +01:00
if us.IsList() {
list, err := us.ToList()
if err != nil {
feat: support validatingadmissionpolicybindings in CLI apply command (#9468) * feat: support validatingadmissionpolicybindings in CLI apply command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix linter issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-01-23 13:47:38 +02:00
return nil, nil, nil, fmt.Errorf("failed to decode policy list: %v", err)
allow list with policies in test (#5227) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com>
2022-11-11 16:18:17 +01:00
}
for i := range list.Items {
item := list.Items[i]
refactor: get policy helper (#11891) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:30:54 +01:00
vap, vapb, pol, err := parse(item)
if err != nil {
feat: support validatingadmissionpolicybindings in CLI apply command (#9468) * feat: support validatingadmissionpolicybindings in CLI apply command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix linter issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-01-23 13:47:38 +02:00
return nil, nil, nil, err
allow list with policies in test (#5227) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com>
2022-11-11 16:18:17 +01:00
}
refactor: get policy helper (#11891) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:30:54 +01:00
if vap != nil {
validatingAdmissionPolicies = append(validatingAdmissionPolicies, *vap)
}
if vapb != nil {
validatingAdmissionPolicyBindings = append(validatingAdmissionPolicyBindings, *vapb)
}
if pol != nil {
policies = append(policies, pol)
}
Added Code to support the test command for mutate policy (#2279) * Added test-e2e-local in the Makefile * Added a proper Indentation * Added 3 more fields * Added getPolicyResourceFullPath function * Updating the patchedResource path to full path * Converts Namespaced policy to ClusterPolicy * Added GetPatchedResourceFromPath function * Added GetPatchedResource function * Checks for namespaced-policy from policy name provided bu user * Generalizing resultKey for both validate and mutate. Also added kind field to this key * Added Type field to PolicySpec * To handle mutate case when resource and patchedResource are equal * fetch patchResource from path provided by user and compare it with engine patchedResource * generating result by comparing patchedResource * Added kind to resultKey * Handles namespaced policy results * Skip is required * Added []*response.EngineResponse return type in ApplyPolicyOnResource function * namespaced policy only surpasses resources having same namespace as policy * apply command will print the patchedResource whereas test will not * passing engineResponse instead of validateEngineResponse because it supports results for both validate and mutate case * default namespace will printed in the output table if no namespace is being provided by the user * Added e2e test for mutate policy and also examples for both type of policies * Created a separate function to get resultKey * Changes in the resultKey for validate case * Added help description for test command in the cli * fixes code for more test cases * fixes code to support more cases and also added resources for e2e-test * some small changes like adding brackets, clubbing 2 if cond into one, changing variable name, etc. * Rearrange GetPatchedResourceFromPath function to get rid from repetion of same thing twice. * Added kind in the result section of test.yaml for all test-cases * engineResponse will handle different types of response * GetPatchedResource() uses GetResource function to fetch patched resource Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>
2021-10-01 14:16:33 +05:30
}
fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-09-06 17:16:44 +02:00
} else {
refactor: get policy helper (#11891) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:30:54 +01:00
vap, vapb, pol, err := parse(us)
if err != nil {
feat: support validatingadmissionpolicybindings in CLI apply command (#9468) * feat: support validatingadmissionpolicybindings in CLI apply command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix linter issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-01-23 13:47:38 +02:00
return nil, nil, nil, err
allow list with policies in test (#5227) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com>
2022-11-11 16:18:17 +01:00
}
refactor: get policy helper (#11891) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:30:54 +01:00
if vap != nil {
validatingAdmissionPolicies = append(validatingAdmissionPolicies, *vap)
}
if vapb != nil {
validatingAdmissionPolicyBindings = append(validatingAdmissionPolicyBindings, *vapb)
}
if pol != nil {
policies = append(policies, pol)
}
allow list with policies in test (#5227) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com>
2022-11-11 16:18:17 +01:00
}
}
feat: support validatingadmissionpolicybindings in CLI apply command (#9468) * feat: support validatingadmissionpolicybindings in CLI apply command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix linter issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-01-23 13:47:38 +02:00
return policies, validatingAdmissionPolicies, validatingAdmissionPolicyBindings, err
allow list with policies in test (#5227) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com>
2022-11-11 16:18:17 +01:00
}
refactor: get policy helper (#11891) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:30:54 +01:00
func parse(obj unstructured.Unstructured) (
*admissionregistrationv1beta1.ValidatingAdmissionPolicy,
*admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding,
kyvernov1.PolicyInterface,
error,
) {
switch obj.GetKind() {
case "ValidatingAdmissionPolicy":
out, err := parseValidatingAdmissionPolicy(obj)
return out, nil, nil, err
case "ValidatingAdmissionPolicyBinding":
out, err := parseValidatingAdmissionPolicyBinding(obj)
return nil, out, nil, err
case "Policy":
out, err := parsePolicy(obj)
return nil, nil, out, err
case "ClusterPolicy":
out, err := parseClusterPolicy(obj)
return nil, nil, out, err
}
return nil, nil, nil, nil
}
Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2023-05-10 11:12:53 +03:00
refactor: get policy helper (#11891) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:30:54 +01:00
func parseValidatingAdmissionPolicy(obj unstructured.Unstructured) (*admissionregistrationv1beta1.ValidatingAdmissionPolicy, error) {
var out admissionregistrationv1beta1.ValidatingAdmissionPolicy
if err := runtime.DefaultUnstructuredConverter.FromUnstructuredWithValidation(obj.Object, &out, true); err != nil {
return nil, fmt.Errorf("failed to decode policy: %v", err)
}
if out.Kind == "" {
log.V(3).Info("skipping file as ValidatingAdmissionPolicy.Kind not found")
return nil, nil
}
return &out, nil
}
Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2023-05-10 11:12:53 +03:00
refactor: get policy helper (#11891) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:30:54 +01:00
func parseValidatingAdmissionPolicyBinding(obj unstructured.Unstructured) (*admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding, error) {
var out admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding
if err := runtime.DefaultUnstructuredConverter.FromUnstructuredWithValidation(obj.Object, &out, true); err != nil {
return nil, fmt.Errorf("failed to decode policy: %v", err)
}
if out.Kind == "" {
log.V(3).Info("skipping file as ValidatingAdmissionPolicyBinding.Kind not found")
return nil, nil
}
return &out, nil
}
Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2023-05-10 11:12:53 +03:00
refactor: get policy helper (#11891) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:30:54 +01:00
func parsePolicy(obj unstructured.Unstructured) (*kyvernov1.Policy, error) {
var out kyvernov1.Policy
if err := runtime.DefaultUnstructuredConverter.FromUnstructuredWithValidation(obj.Object, &out, true); err != nil {
return nil, fmt.Errorf("failed to decode policy: %v", err)
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code
2020-09-01 09:11:20 -07:00
}
refactor: get policy helper (#11891) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:30:54 +01:00
if out.Kind == "" {
log.V(3).Info("skipping file as Policy.Kind not found")
return nil, nil
}
if out.GetNamespace() == "" {
out.SetNamespace("default")
}
return &out, nil
}
Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2023-05-10 11:12:53 +03:00
refactor: get policy helper (#11891) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:30:54 +01:00
func parseClusterPolicy(obj unstructured.Unstructured) (*kyvernov1.ClusterPolicy, error) {
var out kyvernov1.ClusterPolicy
if err := runtime.DefaultUnstructuredConverter.FromUnstructuredWithValidation(obj.Object, &out, true); err != nil {
return nil, fmt.Errorf("failed to decode policy: %v", err)
}
if out.Kind == "" {
log.V(3).Info("skipping file as ClusterPolicy.Kind not found")
return nil, nil
}
out.SetNamespace("")
return &out, nil
810 support cronJob for auto-gen (#1089) * add watch policy to clusterrole kyverno:customresources * - improve auto-gen policy application logic - remove unused code * move method to common util * auto-gen rule for cronJob * update doc * set CronJob as default auto-gen pod controller * - update doc; - fix test * remove unused code
2020-09-01 09:11:20 -07:00
}
Copy permalink