kyverno/pkg/engine/generation.go

package engine

import (
	"errors"
	"fmt"
	"log"

	client "github.com/nirmata/kube-policy/client"
	kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
	"github.com/nirmata/kube-policy/pkg/engine/mutation"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// Generate should be called to process generate rules on the resource
func Generate(client *client.Client, logger *log.Logger, policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) {
	// configMapGenerator and secretGenerator can be applied only to namespaces
	if gvk.Kind != "Namespace" {
		return
	}

	for i, rule := range policy.Spec.Rules {
		// Checks for preconditions
		// TODO: Rework PolicyEngine interface that it receives not a policy, but mutation object for
		// Mutate, validation for Validate and so on. It will allow to bring this checks outside of PolicyEngine
		// to common part as far as they present for all: mutation, validation, generation

		err := rule.Validate()
		if err != nil {
			logger.Printf("Rule has invalid structure: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)
			continue
		}

		ok, err := mutation.ResourceMeetsRules(rawResource, rule.ResourceDescription, gvk)
		if err != nil {
			logger.Printf("Rule has invalid data: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)
			continue
		}

		if !ok {
			logger.Printf("Rule is not applicable to the request: rule name = %s in policy %s \n", rule.Name, policy.ObjectMeta.Name)
			continue
		}

		err = applyRuleGenerator(client, rawResource, rule.Generation, gvk)
		if err != nil {
			logger.Printf("Failed to apply rule generator: %v", err)
		}
	}
}

// Applies "configMapGenerator" and "secretGenerator" described in PolicyRule
// TODO: plan to support all kinds of generator
func applyRuleGenerator(client *client.Client, rawResource []byte, generator *kubepolicy.Generation, gvk metav1.GroupVersionKind) error {
	if generator == nil {
		return nil
	}

	err := generator.Validate()
	if err != nil {
		return fmt.Errorf("Generator for '%s' is invalid: %s", generator.Kind, err)
	}

	namespaceName := mutation.ParseNameFromObject(rawResource)
	// Generate the resource
	switch gvk.Kind {
	case "configmap":
		err = client.GenerateConfigMap(*generator, namespaceName)
	case "secret":
		err = client.GenerateSecret(*generator, namespaceName)
	case "default":
		err = errors.New("resource not supported")
	}
	return err
}
Resolve PR 27 2019-05-13 18:17:28 -07:00			`package engine`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00
			`import (`
rebase with develop 2019-05-15 11:24:27 -07:00			`"errors"`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`"fmt"`
Implement Generate() 2019-05-14 18:20:41 -07:00			`"log"`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00
rebase with develop 2019-05-15 11:24:27 -07:00			`client "github.com/nirmata/kube-policy/client"`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"`
Resolve PR 27 2019-05-13 18:17:28 -07:00			`"github.com/nirmata/kube-policy/pkg/engine/mutation"`
Implement Generate() 2019-05-14 18:20:41 -07:00			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`)`

Implement Generate() 2019-05-14 18:20:41 -07:00			`// Generate should be called to process generate rules on the resource`
rebase with develop 2019-05-15 11:24:27 -07:00			`func Generate(client client.Client, logger log.Logger, policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) {`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`// configMapGenerator and secretGenerator can be applied only to namespaces`
Implement Generate() 2019-05-14 18:20:41 -07:00			`if gvk.Kind != "Namespace" {`
rebase with develop 2019-05-15 11:24:27 -07:00			`return`
Implement Generate() 2019-05-14 18:20:41 -07:00			`}`

			`for i, rule := range policy.Spec.Rules {`
			`// Checks for preconditions`
			`// TODO: Rework PolicyEngine interface that it receives not a policy, but mutation object for`
			`// Mutate, validation for Validate and so on. It will allow to bring this checks outside of PolicyEngine`
			`// to common part as far as they present for all: mutation, validation, generation`

			`err := rule.Validate()`
			`if err != nil {`
rebase with develop 2019-05-15 11:24:27 -07:00			`logger.Printf("Rule has invalid structure: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)`
Implement Generate() 2019-05-14 18:20:41 -07:00			`continue`
			`}`

			`ok, err := mutation.ResourceMeetsRules(rawResource, rule.ResourceDescription, gvk)`
			`if err != nil {`
rebase with develop 2019-05-15 11:24:27 -07:00			`logger.Printf("Rule has invalid data: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)`
Implement Generate() 2019-05-14 18:20:41 -07:00			`continue`
			`}`

			`if !ok {`
rebase with develop 2019-05-15 11:24:27 -07:00			`logger.Printf("Rule is not applicable to the request: rule name = %s in policy %s \n", rule.Name, policy.ObjectMeta.Name)`
Implement Generate() 2019-05-14 18:20:41 -07:00			`continue`
			`}`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00
rebase with develop 2019-05-15 11:24:27 -07:00			`err = applyRuleGenerator(client, rawResource, rule.Generation, gvk)`
Implement Generate() 2019-05-14 18:20:41 -07:00			`if err != nil {`
rebase with develop 2019-05-15 11:24:27 -07:00			`logger.Printf("Failed to apply rule generator: %v", err)`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`}`
			`}`
			`}`

Implement Generate() 2019-05-14 18:20:41 -07:00			`// Applies "configMapGenerator" and "secretGenerator" described in PolicyRule`
			`// TODO: plan to support all kinds of generator`
rebase with develop 2019-05-15 11:24:27 -07:00			`func applyRuleGenerator(client client.Client, rawResource []byte, generator kubepolicy.Generation, gvk metav1.GroupVersionKind) error {`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`if generator == nil {`
rebase with develop 2019-05-15 11:24:27 -07:00			`return nil`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`}`

			`err := generator.Validate()`
			`if err != nil {`
rebase with develop 2019-05-15 11:24:27 -07:00			`return fmt.Errorf("Generator for '%s' is invalid: %s", generator.Kind, err)`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`}`

Implement Generate() 2019-05-14 18:20:41 -07:00			`namespaceName := mutation.ParseNameFromObject(rawResource)`
rebase with develop 2019-05-15 11:24:27 -07:00			`// Generate the resource`
			`switch gvk.Kind {`
			`case "configmap":`
			`err = client.GenerateConfigMap(*generator, namespaceName)`
			`case "secret":`
			`err = client.GenerateSecret(*generator, namespaceName)`
			`case "default":`
			`err = errors.New("resource not supported")`
			`}`
			`return err`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`}`