mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00
Code Activity
kyverno/pkg/webhooks/policy/handlers.go

44 lines
1.4 KiB
Go
Raw Normal View History

refactor: separate policy mutation/validation handlers from server (#3905) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-13 07:33:20 +02:00
package policy
import (
refactor: propagate context through admission handlers (#5392) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-11-17 16:17:52 +01:00
"context"
refactor: separate policy mutation/validation handlers from server (#3905) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-13 07:33:20 +02:00
"time"
"github.com/go-logr/logr"
Add the metric "kyverno_client_queries_total" (#4359) * Add metric "kyverno_kube_client_queries_total" Signed-off-by: ShutingZhao <shuting@nirmata.com> * publish metric for missing queries Signed-off-by: ShutingZhao <shuting@nirmata.com> * Refactor the way Kyverno registers QPS metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * Move clientsets to a dedicated folder Signed-off-by: ShutingZhao <shuting@nirmata.com> * Wrap Kyverno client and policyreport client to register client query metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * Switch to use wrapper clients Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-08-31 14:03:47 +08:00
"github.com/kyverno/kyverno/pkg/clients/dclient"
refactor: separate policy mutation/validation handlers from server (#3905) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-13 07:33:20 +02:00
"github.com/kyverno/kyverno/pkg/openapi"
policyvalidate "github.com/kyverno/kyverno/pkg/policy"
admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
refactor: separate resource mutation/validation handlers from server (#3908) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * separate resource mutation from server code Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-16 16:36:21 +02:00
"github.com/kyverno/kyverno/pkg/webhooks"
refactor: remove more admission request pointers (#6774) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-04 07:11:18 +02:00
"github.com/kyverno/kyverno/pkg/webhooks/handlers"
refactor: separate policy mutation/validation handlers from server (#3905) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-13 07:33:20 +02:00
)
refactor: remove more admission request pointers (#6774) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-04 07:11:18 +02:00
type policyHandlers struct {
refactor: openapi controller part 1 (#4901) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-10-12 13:38:48 +02:00
client dclient.Interface
refactor: openapi controller part 2 (#4910) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-12 18:54:16 +02:00
openApiManager openapi.Manager
refactor: separate policy mutation/validation handlers from server (#3905) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-13 07:33:20 +02:00
}
refactor: openapi controller part 2 (#4910) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-12 18:54:16 +02:00
func NewHandlers(client dclient.Interface, openApiManager openapi.Manager) webhooks.PolicyHandlers {
refactor: remove more admission request pointers (#6774) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-04 07:11:18 +02:00
return &policyHandlers{
refactor: openapi controller part 1 (#4901) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-10-12 13:38:48 +02:00
client: client,
refactor: openapi controller part 2 (#4910) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-12 18:54:16 +02:00
openApiManager: openApiManager,
refactor: separate policy mutation/validation handlers from server (#3905) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-13 07:33:20 +02:00
}
}
refactor: remove more admission request pointers (#6774) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-04 07:11:18 +02:00
func (h *policyHandlers) Validate(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, _ time.Time) handlers.AdmissionResponse {
policy, oldPolicy, err := admissionutils.GetPolicies(request.AdmissionRequest)
refactor: separate policy mutation/validation handlers from server (#3905) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-13 07:33:20 +02:00
if err != nil {
logger.Error(err, "failed to unmarshal policies from admission request")
feat: use admission review v1 (#5464) * feat: use admission review v1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * logs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * patch type Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-11-30 16:37:42 +01:00
return admissionutils.Response(request.UID, err)
refactor: separate policy mutation/validation handlers from server (#3905) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-13 07:33:20 +02:00
}
feat: add validations for generate immutable fields (#6328) * add validations for generate immutable fields Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump github.com/onsi/gomega from 1.26.0 to 1.27.0 (#6334) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.26.0 to 1.27.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Jmespath typo fix (#6342) Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> * chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#6341) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#6348) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.0.5 to 2.1.0. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/compare/bd2868d14a756969608c618665394415a238de69...b9ddf6a5153efe6fb94f071c8915175afdce60fa) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/onsi/gomega from 1.27.0 to 1.27.1 (#6347) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.0 to 1.27.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.0...v1.27.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: dump admission response (#6349) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use labels.Everything in userinfo clusterroles matching (#6351) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update k8s.gcr.io to registry.k8s.io (#6340) Signed-off-by: Rayan Das <rayandas91@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * Notary v2 (#6011) * fix make debug-deploy Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve log messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update registry credentials handling order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * comment out ACR helper - breaks anonymous image pull Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main and refactor verifiers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix opt init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove local address Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update to NotaryV2 RC Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update deps Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format imports Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove env and no-op statement Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused field Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * renable ACR credential helper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update .vscode/launch.json Signed-off-by: shuting <shutting06@gmail.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> * chore(deps): bump fluxcd/flux2 from 0.39.0 to 0.40.0 (#6362) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.39.0 to 0.40.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/978cc0c5b8b85a976edd7e457a09b0f4d1255390...2cac6ce281d8205dc03a6d653064ff06dee257dd) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * oldObject translation solved in autogen (#6305) * OldObject translation solved in autogen Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> * CronJob fixed in autogen Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> * tests added Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> --------- Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: logger key value in wrong order (#6365) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: missing metrics for policies in audit mode (#6363) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github.com/notaryproject/notation-go (#6361) Bumps [github.com/notaryproject/notation-go](https://github.com/notaryproject/notation-go) from 1.0.0-rc.1 to 1.0.0-rc.3. - [Release notes](https://github.com/notaryproject/notation-go/releases) - [Commits](https://github.com/notaryproject/notation-go/compare/v1.0.0-rc.1...v1.0.0-rc.3) --- updated-dependencies: - dependency-name: github.com/notaryproject/notation-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: role matching from authentication infos (#6358) * fix: role matching from authentication infos Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: delete certificate secret if type is not TLS (#6368) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: user/groups exclusions (#6357) * refactor: user/groups exclusions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * wildcard Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * add labels to downstream and source resources (#6322) Signed-off-by: ShutingZhao <shuting@nirmata.com> * update generate validation checks Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Rayan Das <rayandas91@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Abhishek Kumar <76171953+octonawish-akcodes@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Rayan Das <rayandas91@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2023-03-01 14:52:20 +08:00
warnings, err := policyvalidate.Validate(policy, oldPolicy, h.client, false, h.openApiManager)
refactor: separate policy mutation/validation handlers from server (#3905) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-13 07:33:20 +02:00
if err != nil {
logger.Error(err, "policy validation errors")
}
feat: use admission review v1 (#5464) * feat: use admission review v1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * logs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * patch type Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-11-30 16:37:42 +01:00
return admissionutils.Response(request.UID, err, warnings...)
refactor: separate policy mutation/validation handlers from server (#3905) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-13 07:33:20 +02:00
}
refactor: remove more admission request pointers (#6774) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-04 07:11:18 +02:00
func (h *policyHandlers) Mutate(_ context.Context, _ logr.Logger, request handlers.AdmissionRequest, _ time.Time) handlers.AdmissionResponse {
refactor: remove admission request/response pointers (#6769) * refactor: remove admission request/response pointers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-03 20:08:57 +02:00
return admissionutils.ResponseSuccess(request.UID)
refactor: separate policy mutation/validation handlers from server (#3905) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-13 07:33:20 +02:00
}
Copy permalink