kyverno/cmd/cli/kubectl-kyverno/exception/load.go

package exception

import (
	"fmt"
	"os"
	"path/filepath"

	kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/data"
	"github.com/kyverno/kyverno/ext/resource/convert"
	resourceloader "github.com/kyverno/kyverno/ext/resource/loader"
	yamlutils "github.com/kyverno/kyverno/ext/yaml"
	"k8s.io/apimachinery/pkg/runtime/schema"
	"sigs.k8s.io/kubectl-validate/pkg/openapiclient"
)

var (
	factory, _        = resourceloader.New(openapiclient.NewComposite(openapiclient.NewLocalCRDFiles(data.Crds(), data.CrdsFolder)))
	exceptionV2alpha1 = schema.GroupVersion(kyvernov2alpha1.GroupVersion).WithKind("PolicyException")
	exceptionV2beta1  = schema.GroupVersion(kyvernov2beta1.GroupVersion).WithKind("PolicyException")
	exceptionV2       = schema.GroupVersion(kyvernov2.GroupVersion).WithKind("PolicyException")
)

func Load(paths ...string) ([]*kyvernov2beta1.PolicyException, error) {
	var out []*kyvernov2beta1.PolicyException
	for _, path := range paths {
		bytes, err := os.ReadFile(filepath.Clean(path))
		if err != nil {
			return nil, fmt.Errorf("unable to read yaml (%w)", err)
		}
		exceptions, err := load(bytes)
		if err != nil {
			return nil, fmt.Errorf("unable to load exceptions (%w)", err)
		}
		out = append(out, exceptions...)
	}
	return out, nil
}

func load(content []byte) ([]*kyvernov2beta1.PolicyException, error) {
	documents, err := yamlutils.SplitDocuments(content)
	if err != nil {
		return nil, err
	}
	var exceptions []*kyvernov2beta1.PolicyException
	for _, document := range documents {
		gvk, untyped, err := factory.Load(document)
		if err != nil {
			return nil, err
		}
		switch gvk {
		case exceptionV2alpha1, exceptionV2beta1, exceptionV2:
			exception, err := convert.To[kyvernov2beta1.PolicyException](untyped)
			if err != nil {
				return nil, err
			}
			exceptions = append(exceptions, exception)
		default:
			return nil, fmt.Errorf("policy exception type not supported %s", gvk)
		}
	}
	return exceptions, nil
}
feat: add cli package to load policy exceptions (#8508) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-22 11:53:19 +02:00			`package exception`

			`import (`
			`"fmt"`
Support PolicyExceptions with CLI (#9525) * loding policyExecptions from func Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * adding PolicyExceptions in crds Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * adding PolicyExceptions in GetPolicy function Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * adding policyexceptions in Load function Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * resolve error becuase of now Getpolicy return policyexceptions Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * added -exception flag loaded policyexception Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * added policyexceptions in processor and NewEngine Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * Revert "added -exception flag loaded policyexception" This reverts commit f53b205c089e780033b14c9a6343a141c20875b6. * Revert "Added support for PolicyExceptions for apply command " This reverts commit 82689ea0c1b914c566ac8ef30ab863f33d9b5460. * Update cmd/cli/kubectl-kyverno/commands/test/test.go loading exceptions with policies Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: Sanskar Gurdasani <92817635+Sanskarzz@users.noreply.github.com> * updated GetFullPaths function and remove unnecessary code Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * added tests for loading exceptions in GetPolicy function Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * added tests for loading policy exceptions Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * Used selector in List function Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * generated cli crd Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * updated loadpolicy_test tests and corrected kind Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * resolved unit test error in path_test.go file Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * limiting the usage of exceptions to ValidatingAdmissionPolicies Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * remove changes in common code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> Signed-off-by: Sanskar Gurdasani <92817635+Sanskarzz@users.noreply.github.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-02-01 03:58:14 +05:30			`"os"`
			`"path/filepath"`
feat: add cli package to load policy exceptions (#8508) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-22 11:53:19 +02:00
feat: promote policy exceptions to v2 (#9208) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2023-12-19 12:43:39 +02:00			`kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"`
fix: add the support of v2alpha1 exceptions in the CLI (#9714) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-02-13 00:57:03 +02:00			`kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"`
feat: add cli package to load policy exceptions (#8508) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-22 11:53:19 +02:00			`kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"`
			`"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/data"`
refactor: move resource/convert in ext (#8769) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-10-29 10:39:39 +01:00			`"github.com/kyverno/kyverno/ext/resource/convert"`
refactor: move resource loader package to ext (#8780) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-10-30 18:27:02 +01:00			`resourceloader "github.com/kyverno/kyverno/ext/resource/loader"`
feat: add ext/yaml package (#8760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-10-27 13:08:39 +02:00			`yamlutils "github.com/kyverno/kyverno/ext/yaml"`
feat: add cli package to load policy exceptions (#8508) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-22 11:53:19 +02:00			`"k8s.io/apimachinery/pkg/runtime/schema"`
			`"sigs.k8s.io/kubectl-validate/pkg/openapiclient"`
			`)`

			`var (`
fix: add the support of v2alpha1 exceptions in the CLI (#9714) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-02-13 00:57:03 +02:00			`factory, _ = resourceloader.New(openapiclient.NewComposite(openapiclient.NewLocalCRDFiles(data.Crds(), data.CrdsFolder)))`
			`exceptionV2alpha1 = schema.GroupVersion(kyvernov2alpha1.GroupVersion).WithKind("PolicyException")`
			`exceptionV2beta1 = schema.GroupVersion(kyvernov2beta1.GroupVersion).WithKind("PolicyException")`
			`exceptionV2 = schema.GroupVersion(kyvernov2.GroupVersion).WithKind("PolicyException")`
feat: add cli package to load policy exceptions (#8508) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-22 11:53:19 +02:00			`)`

Support PolicyExceptions with CLI (#9525) * loding policyExecptions from func Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * adding PolicyExceptions in crds Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * adding PolicyExceptions in GetPolicy function Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * adding policyexceptions in Load function Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * resolve error becuase of now Getpolicy return policyexceptions Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * added -exception flag loaded policyexception Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * added policyexceptions in processor and NewEngine Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * Revert "added -exception flag loaded policyexception" This reverts commit f53b205c089e780033b14c9a6343a141c20875b6. * Revert "Added support for PolicyExceptions for apply command " This reverts commit 82689ea0c1b914c566ac8ef30ab863f33d9b5460. * Update cmd/cli/kubectl-kyverno/commands/test/test.go loading exceptions with policies Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: Sanskar Gurdasani <92817635+Sanskarzz@users.noreply.github.com> * updated GetFullPaths function and remove unnecessary code Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * added tests for loading exceptions in GetPolicy function Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * added tests for loading policy exceptions Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * Used selector in List function Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * generated cli crd Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * updated loadpolicy_test tests and corrected kind Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * resolved unit test error in path_test.go file Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * limiting the usage of exceptions to ValidatingAdmissionPolicies Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * remove changes in common code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> Signed-off-by: Sanskar Gurdasani <92817635+Sanskarzz@users.noreply.github.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-02-01 03:58:14 +05:30			`func Load(paths ...string) ([]*kyvernov2beta1.PolicyException, error) {`
			`var out []*kyvernov2beta1.PolicyException`
			`for _, path := range paths {`
			`bytes, err := os.ReadFile(filepath.Clean(path))`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to read yaml (%w)", err)`
			`}`
			`exceptions, err := load(bytes)`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to load exceptions (%w)", err)`
			`}`
			`out = append(out, exceptions...)`
			`}`
			`return out, nil`
			`}`

			`func load(content []byte) ([]*kyvernov2beta1.PolicyException, error) {`
feat: add cli package to load policy exceptions (#8508) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-22 11:53:19 +02:00			`documents, err := yamlutils.SplitDocuments(content)`
			`if err != nil {`
			`return nil, err`
			`}`
fix: set v2beta1 of exceptions the storage version (#9254) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-12-22 12:13:58 +02:00			`var exceptions []*kyvernov2beta1.PolicyException`
feat: add cli package to load policy exceptions (#8508) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-22 11:53:19 +02:00			`for _, document := range documents {`
			`gvk, untyped, err := factory.Load(document)`
			`if err != nil {`
			`return nil, err`
			`}`
			`switch gvk {`
fix: add the support of v2alpha1 exceptions in the CLI (#9714) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-02-13 00:57:03 +02:00			`case exceptionV2alpha1, exceptionV2beta1, exceptionV2:`
fix: set v2beta1 of exceptions the storage version (#9254) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-12-22 12:13:58 +02:00			`exception, err := convert.To[kyvernov2beta1.PolicyException](untyped)`
feat: add cli package to load policy exceptions (#8508) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-22 11:53:19 +02:00			`if err != nil {`
			`return nil, err`
			`}`
			`exceptions = append(exceptions, exception)`
			`default:`
			`return nil, fmt.Errorf("policy exception type not supported %s", gvk)`
			`}`
			`}`
			`return exceptions, nil`
			`}`