kyverno/pkg/policycache/informer.go

package policycache

import (
	"reflect"

	"github.com/go-logr/logr"
	kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
	kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
	"k8s.io/client-go/tools/cache"
)

// Controller is responsible for synchronizing Policy Cache,
// it embeds a policy informer to handle policy events.
// The cache is synced when a policy is add/update/delete.
// This cache is only used in the admission webhook to fast retrieve
// policies based on types (Mutate/ValidateEnforce/Generate).
type Controller struct {
	pSynched   cache.InformerSynced
	nspSynched cache.InformerSynced
	Cache      Interface
	log        logr.Logger
}

// NewPolicyCacheController create a new PolicyController
func NewPolicyCacheController(
	pInformer kyvernoinformer.ClusterPolicyInformer,
	nspInformer kyvernoinformer.PolicyInformer,
	log logr.Logger) *Controller {

	pc := Controller{
		Cache: newPolicyCache(log),
		log:   log,
	}

	// ClusterPolicy Informer
	pInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
		AddFunc:    pc.addPolicy,
		UpdateFunc: pc.updatePolicy,
		DeleteFunc: pc.deletePolicy,
	})

	// Policy Informer
	nspInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
		AddFunc:    pc.addNsPolicy,
		UpdateFunc: pc.updateNsPolicy,
		DeleteFunc: pc.deleteNsPolicy,
	})

	pc.pSynched = pInformer.Informer().HasSynced
	pc.nspSynched = nspInformer.Informer().HasSynced

	return &pc
}

// convertPolicyToClusterPolicy - convert Policy to ClusterPolicy
// This will retain the kind of Policy and convert type to ClusterPolicy
func convertPolicyToClusterPolicy(nsPolicies *kyverno.Policy) *kyverno.ClusterPolicy {
	cpol := kyverno.ClusterPolicy(*nsPolicies)
	return &cpol
}

func (c *Controller) addPolicy(obj interface{}) {
	p := obj.(*kyverno.ClusterPolicy)
	c.Cache.Add(p)
}

func (c *Controller) updatePolicy(old, cur interface{}) {
	pOld := old.(*kyverno.ClusterPolicy)
	pNew := cur.(*kyverno.ClusterPolicy)

	if reflect.DeepEqual(pOld.Spec, pNew.Spec) {
		return
	}
	c.Cache.Remove(pOld)
	c.Cache.Add(pNew)
}

func (c *Controller) deletePolicy(obj interface{}) {
	p := obj.(*kyverno.ClusterPolicy)
	c.Cache.Remove(p)
}

// addNsPolicy - Add Policy to cache
func (c *Controller) addNsPolicy(obj interface{}) {
	p := obj.(*kyverno.Policy)
	c.Cache.Add(convertPolicyToClusterPolicy(p))
}

// updateNsPolicy - Update Policy of cache
func (c *Controller) updateNsPolicy(old, cur interface{}) {
	npOld := old.(*kyverno.Policy)
	npNew := cur.(*kyverno.Policy)
	if reflect.DeepEqual(npOld.Spec, npNew.Spec) {
		return
	}
	c.Cache.Remove(convertPolicyToClusterPolicy(npOld))
	c.Cache.Add(convertPolicyToClusterPolicy(npNew))
}

// deleteNsPolicy - Delete Policy from cache
func (c *Controller) deleteNsPolicy(obj interface{}) {
	p := obj.(*kyverno.Policy)
	c.Cache.Remove(convertPolicyToClusterPolicy(p))
}

// Run waits until policy informer to be synced
func (c *Controller) Run(workers int, stopCh <-chan struct{}) {
	logger := c.log
	logger.Info("starting")
	defer logger.Info("shutting down")

	if !cache.WaitForCacheSync(stopCh, c.pSynched) {
		logger.Info("failed to sync informer cache")
		return
	}

	<-stopCh
}
Add policy cache based on policyType (#960) * add policy cache based on policyType * fetch policy from cache in webhook * add unit test for policy cache * update log for exclude resources filter * skip webhook mutation on DELETE operation * remove duplicate k8s version check * add description 2020-07-02 19:49:10 +00:00			`package policycache`

			`import (`
			`"reflect"`

			`"github.com/go-logr/logr"`
update nirmata/kyverno to kyverno/kyverno 2020-10-07 18:12:31 +00:00			`kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"`
			`kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"`
Add policy cache based on policyType (#960) * add policy cache based on policyType * fetch policy from cache in webhook * add unit test for policy cache * update log for exclude resources filter * skip webhook mutation on DELETE operation * remove duplicate k8s version check * add description 2020-07-02 19:49:10 +00:00			`"k8s.io/client-go/tools/cache"`
			`)`

			`// Controller is responsible for synchronizing Policy Cache,`
			`// it embeds a policy informer to handle policy events.`
			`// The cache is synced when a policy is add/update/delete.`
			`// This cache is only used in the admission webhook to fast retrieve`
			`// policies based on types (Mutate/ValidateEnforce/Generate).`
			`type Controller struct {`
Feature/namespaced policy 280 (#1058) * namespaced policy crd and cache * modified main.go * removed kyverno * implemented policy violation generator for namespaced policy on audit * modified cache * added validation for cluster resource types * install.yaml * install.yaml * removed namespaces from crd and refactored code * modified NamespacePolicy to Policy * added ClusterRole aggregate for policies * modified clusterrole 2020-08-19 16:07:23 +00:00			`pSynched cache.InformerSynced`
			`nspSynched cache.InformerSynced`
			`Cache Interface`
			`log logr.Logger`
Add policy cache based on policyType (#960) * add policy cache based on policyType * fetch policy from cache in webhook * add unit test for policy cache * update log for exclude resources filter * skip webhook mutation on DELETE operation * remove duplicate k8s version check * add description 2020-07-02 19:49:10 +00:00			`}`

			`// NewPolicyCacheController create a new PolicyController`
			`func NewPolicyCacheController(`
			`pInformer kyvernoinformer.ClusterPolicyInformer,`
Feature/namespaced policy 280 (#1058) * namespaced policy crd and cache * modified main.go * removed kyverno * implemented policy violation generator for namespaced policy on audit * modified cache * added validation for cluster resource types * install.yaml * install.yaml * removed namespaces from crd and refactored code * modified NamespacePolicy to Policy * added ClusterRole aggregate for policies * modified clusterrole 2020-08-19 16:07:23 +00:00			`nspInformer kyvernoinformer.PolicyInformer,`
Add policy cache based on policyType (#960) * add policy cache based on policyType * fetch policy from cache in webhook * add unit test for policy cache * update log for exclude resources filter * skip webhook mutation on DELETE operation * remove duplicate k8s version check * add description 2020-07-02 19:49:10 +00:00			`log logr.Logger) *Controller {`

			`pc := Controller{`
			`Cache: newPolicyCache(log),`
			`log: log,`
			`}`

Feature/namespaced policy 280 (#1058) * namespaced policy crd and cache * modified main.go * removed kyverno * implemented policy violation generator for namespaced policy on audit * modified cache * added validation for cluster resource types * install.yaml * install.yaml * removed namespaces from crd and refactored code * modified NamespacePolicy to Policy * added ClusterRole aggregate for policies * modified clusterrole 2020-08-19 16:07:23 +00:00			`// ClusterPolicy Informer`
Add policy cache based on policyType (#960) * add policy cache based on policyType * fetch policy from cache in webhook * add unit test for policy cache * update log for exclude resources filter * skip webhook mutation on DELETE operation * remove duplicate k8s version check * add description 2020-07-02 19:49:10 +00:00			`pInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{`
			`AddFunc: pc.addPolicy,`
			`UpdateFunc: pc.updatePolicy,`
			`DeleteFunc: pc.deletePolicy,`
			`})`

Feature/namespaced policy 280 (#1058) * namespaced policy crd and cache * modified main.go * removed kyverno * implemented policy violation generator for namespaced policy on audit * modified cache * added validation for cluster resource types * install.yaml * install.yaml * removed namespaces from crd and refactored code * modified NamespacePolicy to Policy * added ClusterRole aggregate for policies * modified clusterrole 2020-08-19 16:07:23 +00:00			`// Policy Informer`
			`nspInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{`
			`AddFunc: pc.addNsPolicy,`
			`UpdateFunc: pc.updateNsPolicy,`
			`DeleteFunc: pc.deleteNsPolicy,`
			`})`

Add policy cache based on policyType (#960) * add policy cache based on policyType * fetch policy from cache in webhook * add unit test for policy cache * update log for exclude resources filter * skip webhook mutation on DELETE operation * remove duplicate k8s version check * add description 2020-07-02 19:49:10 +00:00			`pc.pSynched = pInformer.Informer().HasSynced`
Feature/namespaced policy 280 (#1058) * namespaced policy crd and cache * modified main.go * removed kyverno * implemented policy violation generator for namespaced policy on audit * modified cache * added validation for cluster resource types * install.yaml * install.yaml * removed namespaces from crd and refactored code * modified NamespacePolicy to Policy * added ClusterRole aggregate for policies * modified clusterrole 2020-08-19 16:07:23 +00:00			`pc.nspSynched = nspInformer.Informer().HasSynced`
Add policy cache based on policyType (#960) * add policy cache based on policyType * fetch policy from cache in webhook * add unit test for policy cache * update log for exclude resources filter * skip webhook mutation on DELETE operation * remove duplicate k8s version check * add description 2020-07-02 19:49:10 +00:00
			`return &pc`
			`}`

Feature/namespaced policy 280 (#1058) * namespaced policy crd and cache * modified main.go * removed kyverno * implemented policy violation generator for namespaced policy on audit * modified cache * added validation for cluster resource types * install.yaml * install.yaml * removed namespaces from crd and refactored code * modified NamespacePolicy to Policy * added ClusterRole aggregate for policies * modified clusterrole 2020-08-19 16:07:23 +00:00			`// convertPolicyToClusterPolicy - convert Policy to ClusterPolicy`
			`// This will retain the kind of Policy and convert type to ClusterPolicy`
			`func convertPolicyToClusterPolicy(nsPolicies kyverno.Policy) kyverno.ClusterPolicy {`
			`cpol := kyverno.ClusterPolicy(*nsPolicies)`
			`return &cpol`
			`}`

Add policy cache based on policyType (#960) * add policy cache based on policyType * fetch policy from cache in webhook * add unit test for policy cache * update log for exclude resources filter * skip webhook mutation on DELETE operation * remove duplicate k8s version check * add description 2020-07-02 19:49:10 +00:00			`func (c *Controller) addPolicy(obj interface{}) {`
			`p := obj.(*kyverno.ClusterPolicy)`
			`c.Cache.Add(p)`
			`}`

			`func (c *Controller) updatePolicy(old, cur interface{}) {`
			`pOld := old.(*kyverno.ClusterPolicy)`
			`pNew := cur.(*kyverno.ClusterPolicy)`

			`if reflect.DeepEqual(pOld.Spec, pNew.Spec) {`
			`return`
			`}`
			`c.Cache.Remove(pOld)`
			`c.Cache.Add(pNew)`
			`}`

			`func (c *Controller) deletePolicy(obj interface{}) {`
			`p := obj.(*kyverno.ClusterPolicy)`
			`c.Cache.Remove(p)`
			`}`

Feature/namespaced policy 280 (#1058) * namespaced policy crd and cache * modified main.go * removed kyverno * implemented policy violation generator for namespaced policy on audit * modified cache * added validation for cluster resource types * install.yaml * install.yaml * removed namespaces from crd and refactored code * modified NamespacePolicy to Policy * added ClusterRole aggregate for policies * modified clusterrole 2020-08-19 16:07:23 +00:00			`// addNsPolicy - Add Policy to cache`
			`func (c *Controller) addNsPolicy(obj interface{}) {`
			`p := obj.(*kyverno.Policy)`
			`c.Cache.Add(convertPolicyToClusterPolicy(p))`
			`}`

			`// updateNsPolicy - Update Policy of cache`
			`func (c *Controller) updateNsPolicy(old, cur interface{}) {`
			`npOld := old.(*kyverno.Policy)`
			`npNew := cur.(*kyverno.Policy)`
			`if reflect.DeepEqual(npOld.Spec, npNew.Spec) {`
			`return`
			`}`
			`c.Cache.Remove(convertPolicyToClusterPolicy(npOld))`
			`c.Cache.Add(convertPolicyToClusterPolicy(npNew))`
			`}`

			`// deleteNsPolicy - Delete Policy from cache`
			`func (c *Controller) deleteNsPolicy(obj interface{}) {`
			`p := obj.(*kyverno.Policy)`
			`c.Cache.Remove(convertPolicyToClusterPolicy(p))`
			`}`

Add policy cache based on policyType (#960) * add policy cache based on policyType * fetch policy from cache in webhook * add unit test for policy cache * update log for exclude resources filter * skip webhook mutation on DELETE operation * remove duplicate k8s version check * add description 2020-07-02 19:49:10 +00:00			`// Run waits until policy informer to be synced`
			`func (c *Controller) Run(workers int, stopCh <-chan struct{}) {`
			`logger := c.log`
			`logger.Info("starting")`
			`defer logger.Info("shutting down")`

			`if !cache.WaitForCacheSync(stopCh, c.pSynched) {`
			`logger.Info("failed to sync informer cache")`
			`return`
			`}`

			`<-stopCh`
			`}`