kyverno/pkg/engine/mutation.go

package engine

import (
	kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
	"github.com/nirmata/kube-policy/pkg/engine/mutation"
)

// Mutate performs mutation. Overlay first and then mutation patches
func (p *policyEngine) Mutate(policy kubepolicy.Policy, rawResource []byte) []mutation.PatchBytes {
	var policyPatches []mutation.PatchBytes

	for i, rule := range policy.Spec.Rules {

		// Checks for preconditions
		// TODO: Rework PolicyEngine interface that it receives not a policy, but mutation object for
		// Mutate, validation for Validate and so on. It will allow to bring this checks outside of PolicyEngine
		// to common part as far as they present for all: mutation, validation, generation

		err := rule.Validate()
		if err != nil {
			p.logger.Printf("Rule has invalid structure: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)
			continue
		}

		ok, err := mutation.IsRuleApplicableToResource(rawResource, rule.ResourceDescription)
		if err != nil {
			p.logger.Printf("Rule has invalid data: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)
			continue
		}

		if !ok {
			p.logger.Printf("Rule is not applicable t the request: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)
			continue
		}

		// Process Overlay

		if rule.Mutation.Overlay != nil {
			overlayPatches, err := mutation.ProcessOverlay(rule.Mutation.Overlay, rawResource)
			if err != nil {
				p.logger.Printf("Overlay application failed: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)
			} else {
				policyPatches = append(policyPatches, overlayPatches...)
			}
		}

		// Process Patches

		if rule.Mutation.Patches != nil {
			processedPatches, err := mutation.ProcessPatches(rule.Mutation.Patches, rawResource)
			if err != nil {
				p.logger.Printf("Patches application failed: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)
			} else {
				policyPatches = append(policyPatches, processedPatches...)
			}
		}

	}

	return policyPatches
}
Resolve PR 27 2019-05-13 18:17:28 -07:00			`package engine`
Add PolicyEngine 2019-05-09 22:26:22 -07:00
			`import (`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"`
Resolve PR 27 2019-05-13 18:17:28 -07:00			`"github.com/nirmata/kube-policy/pkg/engine/mutation"`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`)`

Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`// Mutate performs mutation. Overlay first and then mutation patches`
			`func (p *policyEngine) Mutate(policy kubepolicy.Policy, rawResource []byte) []mutation.PatchBytes {`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`var policyPatches []mutation.PatchBytes`

Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`for i, rule := range policy.Spec.Rules {`

			`// Checks for preconditions`
			`// TODO: Rework PolicyEngine interface that it receives not a policy, but mutation object for`
			`// Mutate, validation for Validate and so on. It will allow to bring this checks outside of PolicyEngine`
			`// to common part as far as they present for all: mutation, validation, generation`

Add PolicyEngine 2019-05-09 22:26:22 -07:00			`err := rule.Validate()`
			`if err != nil {`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`p.logger.Printf("Rule has invalid structure: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`continue`
			`}`

Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`ok, err := mutation.IsRuleApplicableToResource(rawResource, rule.ResourceDescription)`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`if err != nil {`
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`p.logger.Printf("Rule has invalid data: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)`
			`continue`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`}`

Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`if !ok {`
			`p.logger.Printf("Rule is not applicable t the request: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)`
			`continue`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`}`

Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`// Process Overlay`
Add PolicyEngine 2019-05-09 22:26:22 -07:00
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`if rule.Mutation.Overlay != nil {`
			`overlayPatches, err := mutation.ProcessOverlay(rule.Mutation.Overlay, rawResource)`
			`if err != nil {`
			`p.logger.Printf("Overlay application failed: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)`
			`} else {`
			`policyPatches = append(policyPatches, overlayPatches...)`
			`}`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`}`

Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`// Process Patches`
Add PolicyEngine 2019-05-09 22:26:22 -07:00
Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`if rule.Mutation.Patches != nil {`
			`processedPatches, err := mutation.ProcessPatches(rule.Mutation.Patches, rawResource)`
			`if err != nil {`
			`p.logger.Printf("Patches application failed: rule number = %d, rule name = %s in policy %s, err: %v\n", i, rule.Name, policy.ObjectMeta.Name, err)`
			`} else {`
			`policyPatches = append(policyPatches, processedPatches...)`
			`}`
			`}`
Add PolicyEngine 2019-05-09 22:26:22 -07:00
			`}`

Updated code in the project to be compilable with new version of Policy. Moved logic from webhooks/mutation.go to policyengine/mutation.go and server.go 2019-05-13 21:27:47 +03:00			`return policyPatches`
Add PolicyEngine 2019-05-09 22:26:22 -07:00			`}`