mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-13 19:28:55 +00:00
refactor: simplify cli processor (#8352)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
9b0e6b6e9e
commit
045e955a6e
2 changed files with 12 additions and 93 deletions
|
|
@ -15,7 +15,6 @@ import (
|
|||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common"
|
||||
sanitizederror "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/sanitizedError"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/variables"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
"github.com/kyverno/kyverno/pkg/config"
|
||||
"github.com/kyverno/kyverno/pkg/engine"
|
||||
|
|
@ -99,7 +98,6 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
|
|||
return responses, err
|
||||
}
|
||||
mutateResponse := eng.Mutate(context.Background(), policyContext)
|
||||
combineRuleResponses(mutateResponse)
|
||||
err = p.processMutateEngineResponse(mutateResponse, resPath)
|
||||
if err != nil {
|
||||
if !sanitizederror.IsErrorSanitized(err) {
|
||||
|
|
@ -117,11 +115,8 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
|
|||
}
|
||||
// TODO annotation
|
||||
verifyImageResponse, _ := eng.VerifyAndPatchImages(context.TODO(), policyContext)
|
||||
if !verifyImageResponse.IsEmpty() {
|
||||
verifyImageResponse = combineRuleResponses(verifyImageResponse)
|
||||
responses = append(responses, verifyImageResponse)
|
||||
resource = verifyImageResponse.PatchedResource
|
||||
}
|
||||
responses = append(responses, verifyImageResponse)
|
||||
resource = verifyImageResponse.PatchedResource
|
||||
}
|
||||
// validate
|
||||
for _, policy := range p.Policies {
|
||||
|
|
@ -130,26 +125,16 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
|
|||
return responses, err
|
||||
}
|
||||
validateResponse := eng.Validate(context.TODO(), policyContext)
|
||||
if !validateResponse.IsEmpty() {
|
||||
validateResponse = combineRuleResponses(validateResponse)
|
||||
responses = append(responses, validateResponse)
|
||||
resource = validateResponse.PatchedResource
|
||||
}
|
||||
responses = append(responses, validateResponse)
|
||||
resource = validateResponse.PatchedResource
|
||||
}
|
||||
// generate
|
||||
for _, policy := range p.Policies {
|
||||
var policyHasGenerate bool
|
||||
for _, rule := range autogen.ComputeRules(policy) {
|
||||
if rule.HasGenerate() {
|
||||
policyHasGenerate = true
|
||||
}
|
||||
}
|
||||
if policyHasGenerate {
|
||||
if policyHasGenerate(policy) {
|
||||
policyContext, err := p.makePolicyContext(jp, cfg, resource, policy, namespaceLabels, gvk, subresource)
|
||||
if err != nil {
|
||||
return responses, err
|
||||
}
|
||||
|
||||
generateResponse := eng.ApplyBackgroundChecks(context.TODO(), policyContext)
|
||||
if !generateResponse.IsEmpty() {
|
||||
newRuleResponse, err := handleGeneratePolicy(&generateResponse, *policyContext, p.RuleToCloneSourceResource)
|
||||
|
|
@ -158,7 +143,6 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
|
|||
} else {
|
||||
generateResponse.PolicyResponse.Rules = newRuleResponse
|
||||
}
|
||||
combineRuleResponses(generateResponse)
|
||||
responses = append(responses, generateResponse)
|
||||
}
|
||||
p.Rc.addGenerateResponse(p.AuditWarn, resPath, generateResponse)
|
||||
|
|
|
|||
|
|
@ -1,79 +1,14 @@
|
|||
package processor
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
)
|
||||
|
||||
func combineRuleResponses(imageResponse engineapi.EngineResponse) engineapi.EngineResponse {
|
||||
if imageResponse.PolicyResponse.RulesAppliedCount() == 0 {
|
||||
return imageResponse
|
||||
func policyHasGenerate(policy kyvernov1.PolicyInterface) bool {
|
||||
for _, rule := range policy.GetSpec().Rules {
|
||||
if rule.HasGenerate() {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
completeRuleResponses := imageResponse.PolicyResponse.Rules
|
||||
var combineRuleResponses []engineapi.RuleResponse
|
||||
|
||||
ruleNameType := make(map[string][]engineapi.RuleResponse)
|
||||
for _, rsp := range completeRuleResponses {
|
||||
key := rsp.Name() + ";" + string(rsp.RuleType())
|
||||
ruleNameType[key] = append(ruleNameType[key], rsp)
|
||||
}
|
||||
|
||||
for key, ruleResponses := range ruleNameType {
|
||||
tokens := strings.Split(key, ";")
|
||||
ruleName := tokens[0]
|
||||
ruleType := tokens[1]
|
||||
var failRuleResponses []engineapi.RuleResponse
|
||||
var errorRuleResponses []engineapi.RuleResponse
|
||||
var passRuleResponses []engineapi.RuleResponse
|
||||
var skipRuleResponses []engineapi.RuleResponse
|
||||
|
||||
ruleMesssage := ""
|
||||
for _, rsp := range ruleResponses {
|
||||
if rsp.Status() == engineapi.RuleStatusFail {
|
||||
failRuleResponses = append(failRuleResponses, rsp)
|
||||
} else if rsp.Status() == engineapi.RuleStatusError {
|
||||
errorRuleResponses = append(errorRuleResponses, rsp)
|
||||
} else if rsp.Status() == engineapi.RuleStatusPass {
|
||||
passRuleResponses = append(passRuleResponses, rsp)
|
||||
} else if rsp.Status() == engineapi.RuleStatusSkip {
|
||||
skipRuleResponses = append(skipRuleResponses, rsp)
|
||||
}
|
||||
}
|
||||
if len(errorRuleResponses) > 0 {
|
||||
for _, errRsp := range errorRuleResponses {
|
||||
ruleMesssage += errRsp.Message() + ";"
|
||||
}
|
||||
errorResponse := engineapi.NewRuleResponse(ruleName, engineapi.RuleType(ruleType), ruleMesssage, engineapi.RuleStatusError)
|
||||
combineRuleResponses = append(combineRuleResponses, *errorResponse)
|
||||
continue
|
||||
}
|
||||
|
||||
if len(failRuleResponses) > 0 {
|
||||
for _, failRsp := range failRuleResponses {
|
||||
ruleMesssage += failRsp.Message() + ";"
|
||||
}
|
||||
failResponse := engineapi.NewRuleResponse(ruleName, engineapi.RuleType(ruleType), ruleMesssage, engineapi.RuleStatusFail)
|
||||
combineRuleResponses = append(combineRuleResponses, *failResponse)
|
||||
continue
|
||||
}
|
||||
|
||||
if len(passRuleResponses) > 0 {
|
||||
for _, passRsp := range passRuleResponses {
|
||||
ruleMesssage += passRsp.Message() + ";"
|
||||
}
|
||||
passResponse := engineapi.NewRuleResponse(ruleName, engineapi.RuleType(ruleType), ruleMesssage, engineapi.RuleStatusPass)
|
||||
combineRuleResponses = append(combineRuleResponses, *passResponse)
|
||||
continue
|
||||
}
|
||||
|
||||
for _, skipRsp := range skipRuleResponses {
|
||||
ruleMesssage += skipRsp.Message() + ";"
|
||||
}
|
||||
skipResponse := engineapi.NewRuleResponse(ruleName, engineapi.RuleType(ruleType), ruleMesssage, engineapi.RuleStatusSkip)
|
||||
combineRuleResponses = append(combineRuleResponses, *skipResponse)
|
||||
}
|
||||
imageResponse.PolicyResponse.Rules = combineRuleResponses
|
||||
return imageResponse
|
||||
return false
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue