2023-02-22 10:49:09 +00:00
|
|
|
package policy
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
2024-06-20 09:44:43 +00:00
|
|
|
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
|
2023-02-22 10:49:09 +00:00
|
|
|
backgroundcommon "github.com/kyverno/kyverno/pkg/background/common"
|
|
|
|
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
|
|
|
|
"k8s.io/apimachinery/pkg/labels"
|
|
|
|
|
)
|
|
|
|
|
|
2023-04-13 11:29:40 +00:00
|
|
|
func (pc *policyController) handleMutate(policyKey string, policy kyvernov1.PolicyInterface) error {
|
2023-02-22 10:49:09 +00:00
|
|
|
logger := pc.log.WithName("handleMutate").WithName(policyKey)
|
2024-11-18 13:22:26 +00:00
|
|
|
logger.V(4).Info("update URs on policy event")
|
2024-06-12 15:23:53 +00:00
|
|
|
|
2024-06-20 09:44:43 +00:00
|
|
|
ruleType := kyvernov2.Mutate
|
2024-08-07 15:06:01 +00:00
|
|
|
spec := policy.GetSpec()
|
2024-06-12 15:23:53 +00:00
|
|
|
policyNew := policy.CreateDeepCopy()
|
|
|
|
|
policyNew.GetSpec().Rules = nil
|
|
|
|
|
|
2024-08-07 15:06:01 +00:00
|
|
|
for _, rule := range spec.Rules {
|
2024-06-12 15:23:53 +00:00
|
|
|
if !rule.HasMutateExisting() {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-07 15:06:01 +00:00
|
|
|
mutateExisting := rule.Mutation.MutateExistingOnPolicyUpdate
|
|
|
|
|
if mutateExisting != nil {
|
|
|
|
|
if !*mutateExisting {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
} else if !spec.MutateExistingOnPolicyUpdate {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-12 15:23:53 +00:00
|
|
|
policyNew.GetSpec().SetRules([]kyvernov1.Rule{rule})
|
|
|
|
|
triggers := getTriggers(pc.client, rule, policyNew.IsNamespaced(), policyNew.GetNamespace(), pc.log)
|
|
|
|
|
for _, trigger := range triggers {
|
|
|
|
|
murs := pc.listMutateURs(policyKey, trigger)
|
|
|
|
|
if murs != nil {
|
|
|
|
|
logger.V(4).Info("UR was created", "rule", rule.Name, "rule type", ruleType, "trigger", trigger.GetNamespace()+trigger.GetName())
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2024-11-18 13:22:26 +00:00
|
|
|
logger.V(4).Info("creating new UR for mutate")
|
2024-08-13 17:14:06 +00:00
|
|
|
ur := newMutateUR(policy, backgroundcommon.ResourceSpecFromUnstructured(*trigger), rule.Name)
|
2024-06-12 15:23:53 +00:00
|
|
|
skip, err := pc.handleUpdateRequest(ur, trigger, rule.Name, policyNew)
|
|
|
|
|
if err != nil {
|
|
|
|
|
pc.log.Error(err, "failed to create new UR on policy update", "policy", policyNew.GetName(), "rule", rule.Name, "rule type", ruleType,
|
2023-02-22 10:49:09 +00:00
|
|
|
"target", fmt.Sprintf("%s/%s/%s/%s", trigger.GetAPIVersion(), trigger.GetKind(), trigger.GetNamespace(), trigger.GetName()))
|
2024-06-12 15:23:53 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
if skip {
|
|
|
|
|
continue
|
2023-02-22 10:49:09 +00:00
|
|
|
}
|
2024-06-12 15:23:53 +00:00
|
|
|
pc.log.V(2).Info("successfully created UR on policy update", "policy", policyNew.GetName(), "rule", rule.Name, "rule type", ruleType,
|
|
|
|
|
"target", fmt.Sprintf("%s/%s/%s/%s", trigger.GetAPIVersion(), trigger.GetKind(), trigger.GetNamespace(), trigger.GetName()))
|
2023-02-22 10:49:09 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-20 09:44:43 +00:00
|
|
|
func (pc *policyController) listMutateURs(policyKey string, trigger *unstructured.Unstructured) []*kyvernov2.UpdateRequest {
|
2023-02-22 10:49:09 +00:00
|
|
|
mutateURs, err := pc.urLister.List(labels.SelectorFromSet(backgroundcommon.MutateLabelsSet(policyKey, trigger)))
|
|
|
|
|
if err != nil {
|
|
|
|
|
pc.log.Error(err, "failed to list update request for mutate policy")
|
|
|
|
|
}
|
|
|
|
|
return mutateURs
|
|
|
|
|
}
|
