2019-12-30 17:08:50 -08:00
|
|
|
package context
|
|
|
|
|
|
|
|
|
|
import (
|
2024-08-30 11:05:26 +05:30
|
|
|
cont "context"
|
2023-08-08 02:03:59 -05:00
|
|
|
"encoding/csv"
|
2022-12-12 07:20:20 -08:00
|
|
|
"fmt"
|
2023-12-03 23:35:36 -08:00
|
|
|
"regexp"
|
2020-01-07 15:13:57 -08:00
|
|
|
"strings"
|
2019-12-30 17:08:50 -08:00
|
|
|
|
2023-12-03 23:35:36 -08:00
|
|
|
jsoniter "github.com/json-iterator/go"
|
2022-05-03 10:45:08 +02:00
|
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
2024-06-20 11:44:43 +02:00
|
|
|
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
|
2023-01-02 18:14:40 +01:00
|
|
|
"github.com/kyverno/kyverno/pkg/config"
|
2023-04-13 13:29:40 +02:00
|
|
|
"github.com/kyverno/kyverno/pkg/engine/jmespath"
|
2023-12-03 23:35:36 -08:00
|
|
|
"github.com/kyverno/kyverno/pkg/engine/jsonutils"
|
2022-10-02 20:45:03 +01:00
|
|
|
"github.com/kyverno/kyverno/pkg/logging"
|
2024-08-30 11:05:26 +05:30
|
|
|
"github.com/kyverno/kyverno/pkg/toggle"
|
2022-05-03 10:45:08 +02:00
|
|
|
apiutils "github.com/kyverno/kyverno/pkg/utils/api"
|
2022-04-06 22:43:07 +02:00
|
|
|
admissionv1 "k8s.io/api/admission/v1"
|
2021-03-23 10:34:03 -07:00
|
|
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
2023-12-03 23:35:36 -08:00
|
|
|
"k8s.io/apimachinery/pkg/runtime"
|
2019-12-30 17:08:50 -08:00
|
|
|
)
|
|
|
|
|
|
2023-12-03 23:35:36 -08:00
|
|
|
var (
|
|
|
|
|
logger = logging.WithName("context")
|
|
|
|
|
json = jsoniter.ConfigCompatibleWithStandardLibrary
|
|
|
|
|
ReservedKeys = regexp.MustCompile(`request|serviceAccountName|serviceAccountNamespace|element|elementIndex|@|images|image|([a-z_0-9]+\()[^{}]`)
|
|
|
|
|
)
|
2022-04-09 13:52:50 +02:00
|
|
|
|
|
|
|
|
// EvalInterface is used to query and inspect context data
|
2023-06-27 09:58:50 -07:00
|
|
|
// TODO: move to contextapi to prevent circular dependencies
|
2022-04-09 13:52:50 +02:00
|
|
|
type EvalInterface interface {
|
|
|
|
|
// Query accepts a JMESPath expression and returns matching data
|
|
|
|
|
Query(query string) (interface{}, error)
|
2020-12-23 15:10:07 -08:00
|
|
|
|
2023-12-03 23:35:36 -08:00
|
|
|
// Operation returns the admission operation i.e. "request.operation"
|
|
|
|
|
QueryOperation() string
|
|
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// HasChanged accepts a JMESPath expression and compares matching data in the
|
|
|
|
|
// request.object and request.oldObject context fields. If the data has changed
|
|
|
|
|
// it return `true`. If the data has not changed it returns false. If either
|
|
|
|
|
// request.object or request.oldObject are not found, an error is returned.
|
|
|
|
|
HasChanged(jmespath string) (bool, error)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Interface to manage context operations
|
2023-06-27 09:58:50 -07:00
|
|
|
// TODO: move to contextapi to prevent circular dependencies
|
2022-04-09 13:52:50 +02:00
|
|
|
type Interface interface {
|
2024-03-13 21:54:53 +05:30
|
|
|
EvalInterface
|
|
|
|
|
|
2021-07-20 09:36:12 -07:00
|
|
|
// AddRequest marshals and adds the admission request to the context
|
2023-04-04 07:11:18 +02:00
|
|
|
AddRequest(request admissionv1.AdmissionRequest) error
|
2021-07-20 09:36:12 -07:00
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// AddVariable adds a variable to the context
|
2022-05-07 21:30:11 +01:00
|
|
|
AddVariable(key string, value interface{}) error
|
2022-04-09 13:52:50 +02:00
|
|
|
|
|
|
|
|
// AddContextEntry adds a context entry to the context
|
|
|
|
|
AddContextEntry(name string, dataRaw []byte) error
|
2020-12-23 15:10:07 -08:00
|
|
|
|
2022-04-25 12:06:07 +01:00
|
|
|
// ReplaceContextEntry replaces a context entry to the context
|
|
|
|
|
ReplaceContextEntry(name string, dataRaw []byte) error
|
|
|
|
|
|
2020-12-23 15:10:07 -08:00
|
|
|
// AddResource merges resource json under request.object
|
2022-04-09 13:52:50 +02:00
|
|
|
AddResource(data map[string]interface{}) error
|
|
|
|
|
|
|
|
|
|
// AddOldResource merges resource json under request.oldObject
|
|
|
|
|
AddOldResource(data map[string]interface{}) error
|
2020-12-23 15:10:07 -08:00
|
|
|
|
2023-05-12 17:43:36 +02:00
|
|
|
// SetTargetResource merges resource json under target
|
|
|
|
|
SetTargetResource(data map[string]interface{}) error
|
2022-05-24 20:19:36 +08:00
|
|
|
|
2022-10-13 16:03:49 +02:00
|
|
|
// AddOperation merges operation under request.operation
|
|
|
|
|
AddOperation(data string) error
|
|
|
|
|
|
2020-12-23 15:10:07 -08:00
|
|
|
// AddUserInfo merges userInfo json under kyverno.userInfo
|
2024-06-20 11:44:43 +02:00
|
|
|
AddUserInfo(userInfo kyvernov2.RequestInfo) error
|
2020-12-23 15:10:07 -08:00
|
|
|
|
|
|
|
|
// AddServiceAccount merges ServiceAccount types
|
|
|
|
|
AddServiceAccount(userName string) error
|
|
|
|
|
|
2021-02-22 17:22:23 -08:00
|
|
|
// AddNamespace merges resource json under request.namespace
|
|
|
|
|
AddNamespace(namespace string) error
|
|
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// AddElement adds element info to the context
|
2022-12-12 07:20:20 -08:00
|
|
|
AddElement(data interface{}, index, nesting int) error
|
2019-12-30 17:08:50 -08:00
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// AddImageInfo adds image info to the context
|
2023-01-02 18:14:40 +01:00
|
|
|
AddImageInfo(info apiutils.ImageInfo, cfg config.Configuration) error
|
2021-07-20 09:36:12 -07:00
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// AddImageInfos adds image infos to the context
|
2023-01-02 18:14:40 +01:00
|
|
|
AddImageInfos(resource *unstructured.Unstructured, cfg config.Configuration) error
|
2021-07-20 09:36:12 -07:00
|
|
|
|
2023-05-05 17:35:47 -07:00
|
|
|
// AddDeferredLoader adds a loader that is executed on first use (query)
|
2023-06-27 09:58:50 -07:00
|
|
|
// If deferred loading is disabled the loader is immediately executed.
|
|
|
|
|
AddDeferredLoader(loader DeferredLoader) error
|
2023-05-05 17:35:47 -07:00
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// ImageInfo returns image infos present in the context
|
2022-05-03 10:45:08 +02:00
|
|
|
ImageInfo() map[string]map[string]apiutils.ImageInfo
|
2022-04-09 13:52:50 +02:00
|
|
|
|
2022-04-14 17:08:30 +01:00
|
|
|
// GenerateCustomImageInfo returns image infos as defined by a custom image extraction config
|
|
|
|
|
// and updates the context
|
2023-01-02 18:14:40 +01:00
|
|
|
GenerateCustomImageInfo(resource *unstructured.Unstructured, imageExtractorConfigs kyvernov1.ImageExtractorConfigs, cfg config.Configuration) (map[string]map[string]apiutils.ImageInfo, error)
|
2022-04-14 17:08:30 +01:00
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// Checkpoint creates a copy of the current internal state and pushes it into a stack of stored states.
|
|
|
|
|
Checkpoint()
|
|
|
|
|
|
|
|
|
|
// Restore sets the internal state to the last checkpoint, and removes the checkpoint.
|
|
|
|
|
Restore()
|
|
|
|
|
|
|
|
|
|
// Reset sets the internal state to the last checkpoint, but does not remove the checkpoint.
|
|
|
|
|
Reset()
|
|
|
|
|
|
2023-12-03 23:35:36 -08:00
|
|
|
// AddJSON merges the json map with context
|
2024-07-05 18:06:48 +03:00
|
|
|
addJSON(dataMap map[string]interface{}, overwriteMaps bool) error
|
2019-12-30 17:08:50 -08:00
|
|
|
}
|
|
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// Context stores the data resources as JSON
|
|
|
|
|
type context struct {
|
2023-04-13 13:29:40 +02:00
|
|
|
jp jmespath.Interface
|
2023-12-03 23:35:36 -08:00
|
|
|
jsonRaw map[string]interface{}
|
|
|
|
|
jsonRawCheckpoints []map[string]interface{}
|
2022-05-03 10:45:08 +02:00
|
|
|
images map[string]map[string]apiutils.ImageInfo
|
2023-12-03 23:35:36 -08:00
|
|
|
operation kyvernov1.AdmissionOperation
|
2023-06-27 09:58:50 -07:00
|
|
|
deferred DeferredLoaders
|
2019-12-30 17:08:50 -08:00
|
|
|
}
|
|
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// NewContext returns a new context
|
2023-04-13 13:29:40 +02:00
|
|
|
func NewContext(jp jmespath.Interface) Interface {
|
2023-12-03 23:35:36 -08:00
|
|
|
return NewContextFromRaw(jp, map[string]interface{}{})
|
2022-04-09 13:52:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewContextFromRaw returns a new context initialized with raw data
|
2023-12-03 23:35:36 -08:00
|
|
|
func NewContextFromRaw(jp jmespath.Interface, raw map[string]interface{}) Interface {
|
2023-04-13 13:29:40 +02:00
|
|
|
return &context{
|
|
|
|
|
jp: jp,
|
2022-04-09 13:52:50 +02:00
|
|
|
jsonRaw: raw,
|
2023-12-03 23:35:36 -08:00
|
|
|
jsonRawCheckpoints: make([]map[string]interface{}, 0),
|
2023-06-27 09:58:50 -07:00
|
|
|
deferred: NewDeferredLoaders(),
|
2019-12-30 17:08:50 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// addJSON merges json data
|
2024-07-05 18:06:48 +03:00
|
|
|
func (ctx *context) addJSON(dataMap map[string]interface{}, overwriteMaps bool) error {
|
|
|
|
|
mergeMaps(dataMap, ctx.jsonRaw, overwriteMaps)
|
2019-12-30 17:08:50 -08:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-03 23:35:36 -08:00
|
|
|
func (ctx *context) QueryOperation() string {
|
|
|
|
|
if ctx.operation != "" {
|
|
|
|
|
return string(ctx.operation)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if requestMap, val := ctx.jsonRaw["request"].(map[string]interface{}); val {
|
|
|
|
|
if op, val := requestMap["operation"].(string); val {
|
|
|
|
|
return op
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ""
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-22 12:08:26 -08:00
|
|
|
// AddRequest adds an admission request to context
|
2023-04-04 07:11:18 +02:00
|
|
|
func (ctx *context) AddRequest(request admissionv1.AdmissionRequest) error {
|
2023-12-03 23:35:36 -08:00
|
|
|
// an AdmissionRequest needs to be marshaled / unmarshaled as
|
|
|
|
|
// JSON to properly convert types of runtime.RawExtension
|
|
|
|
|
mapObj, err := jsonutils.DocumentToUntyped(request)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-05 18:06:48 +03:00
|
|
|
if err := addToContext(ctx, mapObj, false, "request"); err != nil {
|
2023-12-03 23:35:36 -08:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.operation = kyvernov1.AdmissionOperation(request.Operation)
|
|
|
|
|
return nil
|
2020-04-15 21:17:14 +05:30
|
|
|
}
|
|
|
|
|
|
2022-05-07 21:30:11 +01:00
|
|
|
func (ctx *context) AddVariable(key string, value interface{}) error {
|
2023-08-08 02:03:59 -05:00
|
|
|
reader := csv.NewReader(strings.NewReader(key))
|
|
|
|
|
reader.Comma = '.'
|
|
|
|
|
if fields, err := reader.Read(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
} else {
|
2024-07-05 18:06:48 +03:00
|
|
|
return addToContext(ctx, value, false, fields...)
|
2023-08-08 02:03:59 -05:00
|
|
|
}
|
2021-07-24 00:02:48 +05:30
|
|
|
}
|
|
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
func (ctx *context) AddContextEntry(name string, dataRaw []byte) error {
|
2021-07-24 00:02:48 +05:30
|
|
|
var data interface{}
|
|
|
|
|
if err := json.Unmarshal(dataRaw, &data); err != nil {
|
2022-04-09 13:52:50 +02:00
|
|
|
logger.Error(err, "failed to unmarshal the resource")
|
2022-02-17 09:18:49 -08:00
|
|
|
return err
|
2021-07-22 14:23:03 -07:00
|
|
|
}
|
2024-07-05 18:06:48 +03:00
|
|
|
return addToContext(ctx, data, false, name)
|
2022-02-17 09:18:49 -08:00
|
|
|
}
|
|
|
|
|
|
2022-04-25 12:06:07 +01:00
|
|
|
func (ctx *context) ReplaceContextEntry(name string, dataRaw []byte) error {
|
|
|
|
|
var data interface{}
|
|
|
|
|
if err := json.Unmarshal(dataRaw, &data); err != nil {
|
|
|
|
|
logger.Error(err, "failed to unmarshal the resource")
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
// Adding a nil entry to clean out any existing data in the context with the entry name
|
2024-07-05 18:06:48 +03:00
|
|
|
if err := addToContext(ctx, nil, false, name); err != nil {
|
2022-04-25 12:06:07 +01:00
|
|
|
logger.Error(err, "unable to replace context entry", "context entry name", name)
|
|
|
|
|
return err
|
|
|
|
|
}
|
2024-07-05 18:06:48 +03:00
|
|
|
return addToContext(ctx, data, false, name)
|
2022-04-25 12:06:07 +01:00
|
|
|
}
|
|
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// AddResource data at path: request.object
|
|
|
|
|
func (ctx *context) AddResource(data map[string]interface{}) error {
|
2023-12-03 23:35:36 -08:00
|
|
|
clearLeafValue(ctx.jsonRaw, "request", "object")
|
2024-07-05 18:06:48 +03:00
|
|
|
return addToContext(ctx, data, false, "request", "object")
|
2022-02-17 09:18:49 -08:00
|
|
|
}
|
|
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// AddOldResource data at path: request.oldObject
|
|
|
|
|
func (ctx *context) AddOldResource(data map[string]interface{}) error {
|
2023-12-03 23:35:36 -08:00
|
|
|
clearLeafValue(ctx.jsonRaw, "request", "oldObject")
|
2024-07-05 18:06:48 +03:00
|
|
|
return addToContext(ctx, data, false, "request", "oldObject")
|
2021-07-22 14:23:03 -07:00
|
|
|
}
|
|
|
|
|
|
2022-05-24 20:19:36 +08:00
|
|
|
// AddTargetResource adds data at path: target
|
2023-05-12 17:43:36 +02:00
|
|
|
func (ctx *context) SetTargetResource(data map[string]interface{}) error {
|
2023-12-03 23:35:36 -08:00
|
|
|
clearLeafValue(ctx.jsonRaw, "target")
|
2024-07-05 18:06:48 +03:00
|
|
|
return addToContext(ctx, data, false, "target")
|
2022-05-24 20:19:36 +08:00
|
|
|
}
|
|
|
|
|
|
2022-10-13 16:03:49 +02:00
|
|
|
// AddOperation data at path: request.operation
|
|
|
|
|
func (ctx *context) AddOperation(data string) error {
|
2024-07-05 18:06:48 +03:00
|
|
|
if err := addToContext(ctx, data, false, "request", "operation"); err != nil {
|
2023-12-03 23:35:36 -08:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.operation = kyvernov1.AdmissionOperation(data)
|
|
|
|
|
return nil
|
2022-10-13 16:03:49 +02:00
|
|
|
}
|
|
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// AddUserInfo adds userInfo at path request.userInfo
|
2024-06-20 11:44:43 +02:00
|
|
|
func (ctx *context) AddUserInfo(userRequestInfo kyvernov2.RequestInfo) error {
|
2023-12-03 23:35:36 -08:00
|
|
|
if data, err := toUnstructured(&userRequestInfo); err == nil {
|
2024-07-05 18:06:48 +03:00
|
|
|
return addToContext(ctx, data, false, "request")
|
2023-12-03 23:35:36 -08:00
|
|
|
} else {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2019-12-30 17:08:50 -08:00
|
|
|
}
|
2020-01-07 15:13:57 -08:00
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
// AddServiceAccount removes prefix 'system:serviceaccount:' and namespace, then loads only SA name and SA namespace
|
|
|
|
|
func (ctx *context) AddServiceAccount(userName string) error {
|
2020-01-07 15:13:57 -08:00
|
|
|
saPrefix := "system:serviceaccount:"
|
|
|
|
|
var sa string
|
|
|
|
|
saName := ""
|
|
|
|
|
saNamespace := ""
|
|
|
|
|
if len(userName) <= len(saPrefix) {
|
|
|
|
|
sa = ""
|
|
|
|
|
} else {
|
|
|
|
|
sa = userName[len(saPrefix):]
|
|
|
|
|
}
|
|
|
|
|
// filter namespace
|
|
|
|
|
groups := strings.Split(sa, ":")
|
|
|
|
|
if len(groups) >= 2 {
|
|
|
|
|
saName = groups[1]
|
|
|
|
|
saNamespace = groups[0]
|
|
|
|
|
}
|
2023-12-03 23:35:36 -08:00
|
|
|
data := map[string]interface{}{
|
|
|
|
|
"serviceAccountName": saName,
|
|
|
|
|
"serviceAccountNamespace": saNamespace,
|
2020-01-07 15:13:57 -08:00
|
|
|
}
|
2024-07-05 18:06:48 +03:00
|
|
|
if err := ctx.addJSON(data, false); err != nil {
|
2020-01-07 15:13:57 -08:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-09 13:52:50 +02:00
|
|
|
logger.V(4).Info("Adding service account", "service account name", saName, "service account namespace", saNamespace)
|
2020-01-07 15:13:57 -08:00
|
|
|
return nil
|
|
|
|
|
}
|
2021-02-01 23:22:19 -08:00
|
|
|
|
2021-02-22 17:22:23 -08:00
|
|
|
// AddNamespace merges resource json under request.namespace
|
2022-04-09 13:52:50 +02:00
|
|
|
func (ctx *context) AddNamespace(namespace string) error {
|
2024-07-05 18:06:48 +03:00
|
|
|
return addToContext(ctx, namespace, false, "request", "namespace")
|
2022-04-09 13:52:50 +02:00
|
|
|
}
|
2021-02-22 17:22:23 -08:00
|
|
|
|
2022-12-12 07:20:20 -08:00
|
|
|
func (ctx *context) AddElement(data interface{}, index, nesting int) error {
|
|
|
|
|
nestedElement := fmt.Sprintf("element%d", nesting)
|
|
|
|
|
nestedElementIndex := fmt.Sprintf("elementIndex%d", nesting)
|
2022-04-09 13:52:50 +02:00
|
|
|
data = map[string]interface{}{
|
2022-12-12 07:20:20 -08:00
|
|
|
"element": data,
|
|
|
|
|
nestedElement: data,
|
2023-12-03 23:35:36 -08:00
|
|
|
"elementIndex": int64(index),
|
|
|
|
|
nestedElementIndex: int64(index),
|
2021-02-22 17:22:23 -08:00
|
|
|
}
|
2024-07-05 18:06:48 +03:00
|
|
|
return addToContext(ctx, data, true)
|
2022-04-09 13:52:50 +02:00
|
|
|
}
|
2021-02-22 17:22:23 -08:00
|
|
|
|
2023-01-02 18:14:40 +01:00
|
|
|
func (ctx *context) AddImageInfo(info apiutils.ImageInfo, cfg config.Configuration) error {
|
2022-04-09 13:52:50 +02:00
|
|
|
data := map[string]interface{}{
|
2023-12-22 03:15:50 -08:00
|
|
|
"reference": info.Reference,
|
|
|
|
|
"referenceWithTag": info.ReferenceWithTag,
|
2022-07-29 00:02:26 -07:00
|
|
|
"registry": info.Registry,
|
|
|
|
|
"path": info.Path,
|
|
|
|
|
"name": info.Name,
|
|
|
|
|
"tag": info.Tag,
|
|
|
|
|
"digest": info.Digest,
|
2022-04-09 13:52:50 +02:00
|
|
|
}
|
2024-07-05 18:06:48 +03:00
|
|
|
return addToContext(ctx, data, false, "image")
|
2021-02-22 17:22:23 -08:00
|
|
|
}
|
|
|
|
|
|
2023-01-02 18:14:40 +01:00
|
|
|
func (ctx *context) AddImageInfos(resource *unstructured.Unstructured, cfg config.Configuration) error {
|
2024-08-30 11:05:26 +05:30
|
|
|
imageInfoLoader := &ImageInfoLoader{
|
|
|
|
|
resource: resource,
|
|
|
|
|
eCtx: ctx,
|
|
|
|
|
cfg: cfg,
|
|
|
|
|
}
|
|
|
|
|
dl, err := NewDeferredLoader("images", imageInfoLoader, logger)
|
2022-04-11 10:30:38 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2024-08-30 11:05:26 +05:30
|
|
|
if toggle.FromContext(cont.Background()).EnableDeferredLoading() {
|
|
|
|
|
if err := ctx.AddDeferredLoader(dl); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if err := imageInfoLoader.LoadData(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
2023-12-03 23:35:36 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (ctx *context) addImageInfos(images map[string]map[string]apiutils.ImageInfo) error {
|
2022-04-11 10:30:38 +01:00
|
|
|
if len(images) == 0 {
|
2021-03-23 10:34:03 -07:00
|
|
|
return nil
|
|
|
|
|
}
|
2022-04-11 10:30:38 +01:00
|
|
|
ctx.images = images
|
2023-12-03 23:35:36 -08:00
|
|
|
utm, err := convertImagesToUnstructured(images)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
logging.V(4).Info("updated image info", "images", utm)
|
2024-07-05 18:06:48 +03:00
|
|
|
return addToContext(ctx, utm, false, "images")
|
2023-12-03 23:35:36 -08:00
|
|
|
}
|
|
|
|
|
|
2024-08-30 11:05:26 +05:30
|
|
|
type ImageInfoLoader struct {
|
|
|
|
|
resource *unstructured.Unstructured
|
|
|
|
|
hasLoaded bool
|
|
|
|
|
eCtx *context
|
|
|
|
|
cfg config.Configuration
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (l *ImageInfoLoader) HasLoaded() bool {
|
|
|
|
|
return l.hasLoaded
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (l *ImageInfoLoader) LoadData() error {
|
|
|
|
|
images, err := apiutils.ExtractImagesFromResource(*l.resource, nil, l.cfg)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return l.eCtx.addImageInfos(images)
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-03 23:35:36 -08:00
|
|
|
func convertImagesToUnstructured(images map[string]map[string]apiutils.ImageInfo) (map[string]interface{}, error) {
|
|
|
|
|
results := map[string]interface{}{}
|
|
|
|
|
for containerType, v := range images {
|
|
|
|
|
imgMap := map[string]interface{}{}
|
|
|
|
|
for containerName := range v {
|
|
|
|
|
imageInfo := v[containerName]
|
|
|
|
|
img, err := toUnstructured(&imageInfo.ImageInfo)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var pointer interface{} = imageInfo.Pointer
|
|
|
|
|
img["jsonPointer"] = pointer
|
|
|
|
|
|
|
|
|
|
imgMap[containerName] = img
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
results[containerType] = imgMap
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return results, nil
|
2021-03-23 10:34:03 -07:00
|
|
|
}
|
|
|
|
|
|
2023-01-02 18:14:40 +01:00
|
|
|
func (ctx *context) GenerateCustomImageInfo(resource *unstructured.Unstructured, imageExtractorConfigs kyvernov1.ImageExtractorConfigs, cfg config.Configuration) (map[string]map[string]apiutils.ImageInfo, error) {
|
|
|
|
|
images, err := apiutils.ExtractImagesFromResource(*resource, imageExtractorConfigs, cfg)
|
2022-04-14 17:08:30 +01:00
|
|
|
if err != nil {
|
2023-02-01 14:38:04 +08:00
|
|
|
return nil, fmt.Errorf("failed to extract images: %w", err)
|
2022-04-14 17:08:30 +01:00
|
|
|
}
|
2022-05-01 16:44:51 -07:00
|
|
|
|
2023-12-03 23:35:36 -08:00
|
|
|
if err := ctx.addImageInfos(images); err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to add images to context: %w", err)
|
2022-04-14 17:08:30 +01:00
|
|
|
}
|
2022-05-01 16:44:51 -07:00
|
|
|
|
2023-12-03 23:35:36 -08:00
|
|
|
return images, nil
|
2022-04-14 17:08:30 +01:00
|
|
|
}
|
|
|
|
|
|
2022-05-03 10:45:08 +02:00
|
|
|
func (ctx *context) ImageInfo() map[string]map[string]apiutils.ImageInfo {
|
2024-08-30 11:05:26 +05:30
|
|
|
// force load of image info from deferred loader
|
|
|
|
|
if len(ctx.images) == 0 {
|
|
|
|
|
if err := ctx.loadDeferred("images"); err != nil {
|
|
|
|
|
return map[string]map[string]apiutils.ImageInfo{}
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-07-09 18:01:46 -07:00
|
|
|
return ctx.images
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-26 02:12:31 -07:00
|
|
|
// Checkpoint creates a copy of the current internal state and
|
|
|
|
|
// pushes it into a stack of stored states.
|
2022-04-09 13:52:50 +02:00
|
|
|
func (ctx *context) Checkpoint() {
|
2023-12-03 23:35:36 -08:00
|
|
|
jsonRawCheckpoint := ctx.copyContext(ctx.jsonRaw)
|
2021-09-26 02:12:31 -07:00
|
|
|
ctx.jsonRawCheckpoints = append(ctx.jsonRawCheckpoints, jsonRawCheckpoint)
|
2021-02-01 23:22:19 -08:00
|
|
|
}
|
|
|
|
|
|
2023-12-03 23:35:36 -08:00
|
|
|
func (ctx *context) copyContext(in map[string]interface{}) map[string]interface{} {
|
|
|
|
|
out := make(map[string]interface{}, len(in))
|
|
|
|
|
for k, v := range in {
|
|
|
|
|
if ReservedKeys.MatchString(k) {
|
|
|
|
|
out[k] = v
|
|
|
|
|
} else {
|
|
|
|
|
out[k] = runtime.DeepCopyJSONValue(v)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return out
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-26 02:12:31 -07:00
|
|
|
// Restore sets the internal state to the last checkpoint, and removes the checkpoint.
|
2022-04-09 13:52:50 +02:00
|
|
|
func (ctx *context) Restore() {
|
2021-09-26 02:12:31 -07:00
|
|
|
ctx.reset(true)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Reset sets the internal state to the last checkpoint, but does not remove the checkpoint.
|
2022-04-09 13:52:50 +02:00
|
|
|
func (ctx *context) Reset() {
|
2021-09-26 02:12:31 -07:00
|
|
|
ctx.reset(false)
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-27 09:58:50 -07:00
|
|
|
func (ctx *context) reset(restore bool) {
|
|
|
|
|
if ctx.resetCheckpoint(restore) {
|
|
|
|
|
ctx.deferred.Reset(restore, len(ctx.jsonRawCheckpoints))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-03 23:35:36 -08:00
|
|
|
func (ctx *context) resetCheckpoint(restore bool) bool {
|
2021-09-27 23:40:05 -07:00
|
|
|
if len(ctx.jsonRawCheckpoints) == 0 {
|
2023-06-27 09:58:50 -07:00
|
|
|
return false
|
2021-02-01 23:22:19 -08:00
|
|
|
}
|
2023-06-27 09:58:50 -07:00
|
|
|
|
2021-09-26 02:12:31 -07:00
|
|
|
n := len(ctx.jsonRawCheckpoints) - 1
|
|
|
|
|
jsonRawCheckpoint := ctx.jsonRawCheckpoints[n]
|
2023-12-03 23:35:36 -08:00
|
|
|
|
|
|
|
|
if restore {
|
2021-09-26 02:12:31 -07:00
|
|
|
ctx.jsonRawCheckpoints = ctx.jsonRawCheckpoints[:n]
|
2023-12-03 23:35:36 -08:00
|
|
|
ctx.jsonRaw = jsonRawCheckpoint
|
|
|
|
|
} else {
|
|
|
|
|
ctx.jsonRaw = ctx.copyContext(jsonRawCheckpoint)
|
2021-09-26 02:12:31 -07:00
|
|
|
}
|
2023-06-27 09:58:50 -07:00
|
|
|
|
|
|
|
|
return true
|
2021-02-07 20:26:56 -08:00
|
|
|
}
|
2023-05-05 17:35:47 -07:00
|
|
|
|
2023-06-27 09:58:50 -07:00
|
|
|
func (ctx *context) AddDeferredLoader(dl DeferredLoader) error {
|
|
|
|
|
ctx.deferred.Add(dl, len(ctx.jsonRawCheckpoints))
|
2023-06-26 19:18:32 +02:00
|
|
|
return nil
|
2023-05-05 17:35:47 -07:00
|
|
|
}
|
