kyverno/pkg/webhooks/webhookManager.go

package webhooks

import (
	"reflect"

	"github.com/golang/glog"
	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
	v1beta1 "k8s.io/api/admission/v1beta1"
	"k8s.io/apimachinery/pkg/labels"
)

type policyType int

const (
	none policyType = iota
	mutate
	validate
	all
)

func (ws *WebhookServer) manageWebhookConfigurations(policy kyverno.Policy, op v1beta1.Operation) {
	switch op {
	case v1beta1.Create:
		ws.registerWebhookConfigurations(policy)
	case v1beta1.Delete:
		ws.deregisterWebhookConfigurations(policy)
	}
}

func (ws *WebhookServer) registerWebhookConfigurations(policy kyverno.Policy) error {
	if !HasMutateOrValidate(policy) {
		return nil
	}

	if !ws.webhookRegistrationClient.MutationRegistered.IsSet() {
		if err := ws.webhookRegistrationClient.RegisterMutatingWebhook(); err != nil {
			return err
		}
		glog.Infof("Mutating webhook registered")
	}

	return nil
}

func (ws *WebhookServer) deregisterWebhookConfigurations(policy kyverno.Policy) error {
	policies, _ := ws.pLister.List(labels.NewSelector())

	// deregister webhook if no mutate/validate policy found in cluster
	if !HasMutateOrValidatePolicies(policies) {
		ws.webhookRegistrationClient.DeregisterMutatingWebhook()
		glog.Infoln("Mutating webhook deregistered")
	}

	return nil
}

func HasMutateOrValidatePolicies(policies []*kyverno.Policy) bool {
	for _, policy := range policies {
		if HasMutateOrValidate(*policy) {
			return true
		}
	}
	return false
}

func HasMutateOrValidate(policy kyverno.Policy) bool {
	for _, rule := range policy.Spec.Rules {
		if !reflect.DeepEqual(rule.Mutation, kyverno.Mutation{}) || !reflect.DeepEqual(rule.Validation, kyverno.Validation{}) {
			glog.Infoln(rule.Name)
			return true
		}
	}
	return false
}
register webhookconfigurations when policy first applied 2019-08-07 18:01:28 -07:00			`package webhooks`

			`import (`
fix pr comments 2019-08-20 17:01:47 -07:00			`"reflect"`

register webhookconfigurations when policy first applied 2019-08-07 18:01:28 -07:00			`"github.com/golang/glog"`
Merge branch 'policyViolation' into 254_dynamic_webhook_configurations # Conflicts: # main.go # pkg/annotations/annotations.go # pkg/annotations/controller.go # pkg/controller/controller.go # pkg/controller/controller_test.go # pkg/engine/engine.go # pkg/engine/generation.go # pkg/engine/mutation.go # pkg/engine/validation.go # pkg/event/controller.go # pkg/webhooks/mutation.go # pkg/webhooks/policyvalidation.go # pkg/webhooks/report.go # pkg/webhooks/server.go # pkg/webhooks/validation.go 2019-08-14 19:00:37 -07:00			`kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"`
implement deletion logic 2019-08-08 13:09:40 -07:00			`v1beta1 "k8s.io/api/admission/v1beta1"`
			`"k8s.io/apimachinery/pkg/labels"`
register webhookconfigurations when policy first applied 2019-08-07 18:01:28 -07:00			`)`

implement deletion logic 2019-08-08 13:09:40 -07:00			`type policyType int`

			`const (`
			`none policyType = iota`
			`mutate`
			`validate`
			`all`
			`)`

Merge branch 'policyViolation' into 254_dynamic_webhook_configurations # Conflicts: # main.go # pkg/annotations/annotations.go # pkg/annotations/controller.go # pkg/controller/controller.go # pkg/controller/controller_test.go # pkg/engine/engine.go # pkg/engine/generation.go # pkg/engine/mutation.go # pkg/engine/validation.go # pkg/event/controller.go # pkg/webhooks/mutation.go # pkg/webhooks/policyvalidation.go # pkg/webhooks/report.go # pkg/webhooks/server.go # pkg/webhooks/validation.go 2019-08-14 19:00:37 -07:00			`func (ws *WebhookServer) manageWebhookConfigurations(policy kyverno.Policy, op v1beta1.Operation) {`
implement deletion logic 2019-08-08 13:09:40 -07:00			`switch op {`
			`case v1beta1.Create:`
			`ws.registerWebhookConfigurations(policy)`
			`case v1beta1.Delete:`
			`ws.deregisterWebhookConfigurations(policy)`
			`}`
			`}`
register webhookconfigurations when policy first applied 2019-08-07 18:01:28 -07:00
Merge branch 'policyViolation' into 254_dynamic_webhook_configurations # Conflicts: # main.go # pkg/annotations/annotations.go # pkg/annotations/controller.go # pkg/controller/controller.go # pkg/controller/controller_test.go # pkg/engine/engine.go # pkg/engine/generation.go # pkg/engine/mutation.go # pkg/engine/validation.go # pkg/event/controller.go # pkg/webhooks/mutation.go # pkg/webhooks/policyvalidation.go # pkg/webhooks/report.go # pkg/webhooks/server.go # pkg/webhooks/validation.go 2019-08-14 19:00:37 -07:00			`func (ws *WebhookServer) registerWebhookConfigurations(policy kyverno.Policy) error {`
fix pr comments 2019-08-20 17:01:47 -07:00			`if !HasMutateOrValidate(policy) {`
			`return nil`
			`}`

combine policy engine returns into single struct 2019-08-14 15:18:46 -07:00			`if !ws.webhookRegistrationClient.MutationRegistered.IsSet() {`
			`if err := ws.webhookRegistrationClient.RegisterMutatingWebhook(); err != nil {`
			`return err`
register webhookconfigurations when policy first applied 2019-08-07 18:01:28 -07:00			`}`
combine policy engine returns into single struct 2019-08-14 15:18:46 -07:00			`glog.Infof("Mutating webhook registered")`
register webhookconfigurations when policy first applied 2019-08-07 18:01:28 -07:00			`}`
combine policy engine returns into single struct 2019-08-14 15:18:46 -07:00
register webhookconfigurations when policy first applied 2019-08-07 18:01:28 -07:00			`return nil`
			`}`
implement deletion logic 2019-08-08 13:09:40 -07:00
Merge branch 'policyViolation' into 254_dynamic_webhook_configurations # Conflicts: # main.go # pkg/annotations/annotations.go # pkg/annotations/controller.go # pkg/controller/controller.go # pkg/controller/controller_test.go # pkg/engine/engine.go # pkg/engine/generation.go # pkg/engine/mutation.go # pkg/engine/validation.go # pkg/event/controller.go # pkg/webhooks/mutation.go # pkg/webhooks/policyvalidation.go # pkg/webhooks/report.go # pkg/webhooks/server.go # pkg/webhooks/validation.go 2019-08-14 19:00:37 -07:00			`func (ws *WebhookServer) deregisterWebhookConfigurations(policy kyverno.Policy) error {`
			`policies, _ := ws.pLister.List(labels.NewSelector())`
implement deletion logic 2019-08-08 13:09:40 -07:00
fix pr comments 2019-08-20 17:01:47 -07:00			`// deregister webhook if no mutate/validate policy found in cluster`
			`if !HasMutateOrValidatePolicies(policies) {`
add check for registerinig webhookconfiguration in policy controller 2019-08-19 19:26:51 -07:00			`ws.webhookRegistrationClient.DeregisterMutatingWebhook()`
- Patch resource between every rule application - move mutation & validation to mutate webhook 2019-08-14 11:51:01 -07:00			`glog.Infoln("Mutating webhook deregistered")`
implement deletion logic 2019-08-08 13:09:40 -07:00			`}`

			`return nil`
			`}`
fix pr comments 2019-08-20 17:01:47 -07:00
			`func HasMutateOrValidatePolicies(policies []*kyverno.Policy) bool {`
			`for _, policy := range policies {`
			`if HasMutateOrValidate(*policy) {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

			`func HasMutateOrValidate(policy kyverno.Policy) bool {`
			`for _, rule := range policy.Spec.Rules {`
			`if !reflect.DeepEqual(rule.Mutation, kyverno.Mutation{}) \|\| !reflect.DeepEqual(rule.Validation, kyverno.Validation{}) {`
			`glog.Infoln(rule.Name)`
			`return true`
			`}`
			`}`
			`return false`
			`}`