mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

rename GenerateExistingOnPolicyUpdate to GenerateExisting (#6321)

Browse source 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
This commit is contained in:
shuting 2023-03-03 17:34:55 +08:00 committed by GitHub
parent 29a70e0faf
commit 0b359d07db
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 82 additions and 113 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
api/kyverno/v1/spec_types.go
View file

@ -101,11 +101,11 @@ type Spec struct {
// +optional
MutateExistingOnPolicyUpdate bool `json:"mutateExistingOnPolicyUpdate,omitempty" yaml:"mutateExistingOnPolicyUpdate,omitempty"`
// GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources
// GenerateExisting controls whether to trigger generate rule in existing resources
// If is set to "true" generate rule will be triggered and applied to existing matched resources.
// Defaults to "false" if not specified.
// +optional
GenerateExistingOnPolicyUpdate bool `json:"generateExistingOnPolicyUpdate,omitempty" yaml:"generateExistingOnPolicyUpdate,omitempty"`
GenerateExisting bool `json:"generateExisting,omitempty" yaml:"generateExisting,omitempty"`
}
func (s *Spec) SetRules(rules []Rule) {
@ -212,9 +212,9 @@ func (s *Spec) GetMutateExistingOnPolicyUpdate() bool {
return s.MutateExistingOnPolicyUpdate
}
// IsGenerateExistingOnPolicyUpdate return GenerateExistingOnPolicyUpdate set value
func (s *Spec) IsGenerateExistingOnPolicyUpdate() bool {
return s.GenerateExistingOnPolicyUpdate
// IsGenerateExisting return GenerateExisting set value
func (s *Spec) IsGenerateExisting() bool {
return s.GenerateExisting
}
// GetFailurePolicy returns the failure policy to be applied

10
api/kyverno/v2beta1/spec_types.go
View file

@ -63,11 +63,11 @@ type Spec struct {
// +optional
MutateExistingOnPolicyUpdate bool `json:"mutateExistingOnPolicyUpdate,omitempty" yaml:"mutateExistingOnPolicyUpdate,omitempty"`
// GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources
// GenerateExisting controls whether to trigger generate rule in existing resources
// If is set to "true" generate rule will be triggered and applied to existing matched resources.
// Defaults to "false" if not specified.
// +optional
GenerateExistingOnPolicyUpdate bool `json:"generateExistingOnPolicyUpdate,omitempty" yaml:"generateExistingOnPolicyUpdate,omitempty"`
GenerateExisting bool `json:"generateExisting,omitempty" yaml:"generateExisting,omitempty"`
}
func (s *Spec) SetRules(rules []Rule) {
@ -174,9 +174,9 @@ func (s *Spec) GetMutateExistingOnPolicyUpdate() bool {
return s.MutateExistingOnPolicyUpdate
}
// IsGenerateExistingOnPolicyUpdate return GenerateExistingOnPolicyUpdate set value
func (s *Spec) IsGenerateExistingOnPolicyUpdate() bool {
return s.GenerateExistingOnPolicyUpdate
// IsGenerateExisting return GenerateExisting set value
func (s *Spec) IsGenerateExisting() bool {
return s.GenerateExisting
}
// GetFailurePolicy returns the failure policy to be applied

40
charts/kyverno/templates/crds/crds.yaml
View file

@ -3503,11 +3503,11 @@ spec:
- Ignore
- Fail
type: string
generateExistingOnPolicyUpdate:
description: GenerateExistingOnPolicyUpdate controls whether to trigger
generate rule in existing resources If is set to "true" generate
rule will be triggered and applied to existing matched resources.
Defaults to "false" if not specified.
generateExisting:
description: GenerateExisting controls whether to trigger generate
rule in existing resources If is set to "true" generate rule will
be triggered and applied to existing matched resources. Defaults
to "false" if not specified.
type: boolean
mutateExistingOnPolicyUpdate:
description: MutateExistingOnPolicyUpdate controls if a mutateExisting
@ -10213,11 +10213,11 @@ spec:
- Ignore
- Fail
type: string
generateExistingOnPolicyUpdate:
description: GenerateExistingOnPolicyUpdate controls whether to trigger
generate rule in existing resources If is set to "true" generate
rule will be triggered and applied to existing matched resources.
Defaults to "false" if not specified.
generateExisting:
description: GenerateExisting controls whether to trigger generate
rule in existing resources If is set to "true" generate rule will
be triggered and applied to existing matched resources. Defaults
to "false" if not specified.
type: boolean
mutateExistingOnPolicyUpdate:
description: MutateExistingOnPolicyUpdate controls if a mutateExisting
@ -16682,11 +16682,11 @@ spec:
- Ignore
- Fail
type: string
generateExistingOnPolicyUpdate:
description: GenerateExistingOnPolicyUpdate controls whether to trigger
generate rule in existing resources If is set to "true" generate
rule will be triggered and applied to existing matched resources.
Defaults to "false" if not specified.
generateExisting:
description: GenerateExisting controls whether to trigger generate
rule in existing resources If is set to "true" generate rule will
be triggered and applied to existing matched resources. Defaults
to "false" if not specified.
type: boolean
mutateExistingOnPolicyUpdate:
description: MutateExistingOnPolicyUpdate controls if a mutateExisting
@ -23394,11 +23394,11 @@ spec:
- Ignore
- Fail
type: string
generateExistingOnPolicyUpdate:
description: GenerateExistingOnPolicyUpdate controls whether to trigger
generate rule in existing resources If is set to "true" generate
rule will be triggered and applied to existing matched resources.
Defaults to "false" if not specified.
generateExisting:
description: GenerateExisting controls whether to trigger generate
rule in existing resources If is set to "true" generate rule will
be triggered and applied to existing matched resources. Defaults
to "false" if not specified.
type: boolean
mutateExistingOnPolicyUpdate:
description: MutateExistingOnPolicyUpdate controls if a mutateExisting

20
config/crds/kyverno.io_clusterpolicies.yaml
View file

@ -101,11 +101,11 @@ spec:
- Ignore
- Fail
type: string
generateExistingOnPolicyUpdate:
description: GenerateExistingOnPolicyUpdate controls whether to trigger
generate rule in existing resources If is set to "true" generate
rule will be triggered and applied to existing matched resources.
Defaults to "false" if not specified.
generateExisting:
description: GenerateExisting controls whether to trigger generate
rule in existing resources If is set to "true" generate rule will
be triggered and applied to existing matched resources. Defaults
to "false" if not specified.
type: boolean
mutateExistingOnPolicyUpdate:
description: MutateExistingOnPolicyUpdate controls if a mutateExisting
@ -6811,11 +6811,11 @@ spec:
- Ignore
- Fail
type: string
generateExistingOnPolicyUpdate:
description: GenerateExistingOnPolicyUpdate controls whether to trigger
generate rule in existing resources If is set to "true" generate
rule will be triggered and applied to existing matched resources.
Defaults to "false" if not specified.
generateExisting:
description: GenerateExisting controls whether to trigger generate
rule in existing resources If is set to "true" generate rule will
be triggered and applied to existing matched resources. Defaults
to "false" if not specified.
type: boolean
mutateExistingOnPolicyUpdate:
description: MutateExistingOnPolicyUpdate controls if a mutateExisting

20
config/crds/kyverno.io_policies.yaml
View file

@ -102,11 +102,11 @@ spec:
- Ignore
- Fail
type: string
generateExistingOnPolicyUpdate:
description: GenerateExistingOnPolicyUpdate controls whether to trigger
generate rule in existing resources If is set to "true" generate
rule will be triggered and applied to existing matched resources.
Defaults to "false" if not specified.
generateExisting:
description: GenerateExisting controls whether to trigger generate
rule in existing resources If is set to "true" generate rule will
be triggered and applied to existing matched resources. Defaults
to "false" if not specified.
type: boolean
mutateExistingOnPolicyUpdate:
description: MutateExistingOnPolicyUpdate controls if a mutateExisting
@ -6814,11 +6814,11 @@ spec:
- Ignore
- Fail
type: string
generateExistingOnPolicyUpdate:
description: GenerateExistingOnPolicyUpdate controls whether to trigger
generate rule in existing resources If is set to "true" generate
rule will be triggered and applied to existing matched resources.
Defaults to "false" if not specified.
generateExisting:
description: GenerateExisting controls whether to trigger generate
rule in existing resources If is set to "true" generate rule will
be triggered and applied to existing matched resources. Defaults
to "false" if not specified.
type: boolean
mutateExistingOnPolicyUpdate:
description: MutateExistingOnPolicyUpdate controls if a mutateExisting

12
docs/crd/v1/index.html
View file

@ -222,14 +222,14 @@ Default value is &ldquo;false&rdquo;.</p>
</tr>
<tr>
<td>
<code>generateExistingOnPolicyUpdate</code></br>
<code>generateExisting</code></br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources
<p>GenerateExisting controls whether to trigger generate rule in existing resources
If is set to &ldquo;true&rdquo; generate rule will be triggered and applied to existing matched resources.
Defaults to &ldquo;false&rdquo; if not specified.</p>
</td>
@ -447,14 +447,14 @@ Default value is &ldquo;false&rdquo;.</p>
</tr>
<tr>
<td>
<code>generateExistingOnPolicyUpdate</code></br>
<code>generateExisting</code></br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources
<p>GenerateExisting controls whether to trigger generate rule in existing resources
If is set to &ldquo;true&rdquo; generate rule will be triggered and applied to existing matched resources.
Defaults to &ldquo;false&rdquo; if not specified.</p>
</td>
@ -3347,14 +3347,14 @@ Default value is &ldquo;false&rdquo;.</p>
</tr>
<tr>
<td>
<code>generateExistingOnPolicyUpdate</code></br>
<code>generateExisting</code></br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources
<p>GenerateExisting controls whether to trigger generate rule in existing resources
If is set to &ldquo;true&rdquo; generate rule will be triggered and applied to existing matched resources.
Defaults to &ldquo;false&rdquo; if not specified.</p>
</td>

24
docs/user/crd/index.html
View file

@ -238,14 +238,14 @@ Default value is &ldquo;false&rdquo;.</p>
</tr>
<tr>
<td>
<code>generateExistingOnPolicyUpdate</code><br/>
<code>generateExisting</code><br/>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources
<p>GenerateExisting controls whether to trigger generate rule in existing resources
If is set to &ldquo;true&rdquo; generate rule will be triggered and applied to existing matched resources.
Defaults to &ldquo;false&rdquo; if not specified.</p>
</td>
@ -464,14 +464,14 @@ Default value is &ldquo;false&rdquo;.</p>
</tr>
<tr>
<td>
<code>generateExistingOnPolicyUpdate</code><br/>
<code>generateExisting</code><br/>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources
<p>GenerateExisting controls whether to trigger generate rule in existing resources
If is set to &ldquo;true&rdquo; generate rule will be triggered and applied to existing matched resources.
Defaults to &ldquo;false&rdquo; if not specified.</p>
</td>
@ -3332,14 +3332,14 @@ Default value is &ldquo;false&rdquo;.</p>
</tr>
<tr>
<td>
<code>generateExistingOnPolicyUpdate</code><br/>
<code>generateExisting</code><br/>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources
<p>GenerateExisting controls whether to trigger generate rule in existing resources
If is set to &ldquo;true&rdquo; generate rule will be triggered and applied to existing matched resources.
Defaults to &ldquo;false&rdquo; if not specified.</p>
</td>
@ -5638,14 +5638,14 @@ Default value is &ldquo;false&rdquo;.</p>
</tr>
<tr>
<td>
<code>generateExistingOnPolicyUpdate</code><br/>
<code>generateExisting</code><br/>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources
<p>GenerateExisting controls whether to trigger generate rule in existing resources
If is set to &ldquo;true&rdquo; generate rule will be triggered and applied to existing matched resources.
Defaults to &ldquo;false&rdquo; if not specified.</p>
</td>
@ -5863,14 +5863,14 @@ Default value is &ldquo;false&rdquo;.</p>
</tr>
<tr>
<td>
<code>generateExistingOnPolicyUpdate</code><br/>
<code>generateExisting</code><br/>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources
<p>GenerateExisting controls whether to trigger generate rule in existing resources
If is set to &ldquo;true&rdquo; generate rule will be triggered and applied to existing matched resources.
Defaults to &ldquo;false&rdquo; if not specified.</p>
</td>
@ -6716,14 +6716,14 @@ Default value is &ldquo;false&rdquo;.</p>
</tr>
<tr>
<td>
<code>generateExistingOnPolicyUpdate</code><br/>
<code>generateExisting</code><br/>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources
<p>GenerateExisting controls whether to trigger generate rule in existing resources
If is set to &ldquo;true&rdquo; generate rule will be triggered and applied to existing matched resources.
Defaults to &ldquo;false&rdquo; if not specified.</p>
</td>

2
pkg/background/generate/generate.go
View file

@ -401,7 +401,7 @@ func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, r
label := newResource.GetLabels()
// Add background gen-rule label if generate rule applied on existing resource
if policy.GetSpec().IsGenerateExistingOnPolicyUpdate() {
if policy.GetSpec().IsGenerateExisting() {
label[LabelBackgroundGenRuleName] = rule.Name
}

11
pkg/policy/generate.go
View file

@ -21,16 +21,13 @@ func (pc *PolicyController) handleGenerate(policyKey string, policy kyvernov1.Po
logger := pc.log.WithName("handleGenerate").WithName(policyKey)
logger.Info("update URs on policy event")
generateURs := pc.listGenerateURs(policyKey, nil)
updateUR(pc.kyvernoClient, pc.urLister.UpdateRequests(config.KyvernoNamespace()), policyKey, generateURs, pc.log.WithName("updateUR"))
for _, rule := range policy.GetSpec().Rules {
if err := pc.createUR(policy, rule, false); err != nil {
if err := pc.createURForDataRule(policy, rule, false); err != nil {
logger.Error(err, "failed to create UR on policy event")
}
var ruleType kyvernov1beta1.RequestType
if policy.GetSpec().IsGenerateExistingOnPolicyUpdate() {
if policy.GetSpec().IsGenerateExisting() {
ruleType = kyvernov1beta1.Generate
triggers := generateTriggers(pc.client, rule, pc.log)
for _, trigger := range triggers {
@ -77,7 +74,7 @@ func (pc *PolicyController) createURForDownstreamDeletion(policy kyvernov1.Polic
for _, r := range rules {
generateType, sync := r.GetGenerateTypeAndSync()
if sync && (generateType == kyvernov1.Data) {
if err := pc.createUR(policy, r, true); err != nil {
if err := pc.createURForDataRule(policy, r, true); err != nil {
errs = append(errs, err)
}
}
@ -85,7 +82,7 @@ func (pc *PolicyController) createURForDownstreamDeletion(policy kyvernov1.Polic
return multierr.Combine(errs...)
}
func (pc *PolicyController) createUR(policy kyvernov1.PolicyInterface, rule kyvernov1.Rule, deleteDownstream bool) error {
func (pc *PolicyController) createURForDataRule(policy kyvernov1.PolicyInterface, rule kyvernov1.Rule, deleteDownstream bool) error {
generate := rule.Generation
if !generate.Synchronize {
// no action for non-sync policy/rule

28
pkg/policy/policy_controller.go
View file

@ -2,9 +2,7 @@ package policy
import (
"context"
"crypto/rand"
"fmt"
"math/big"
"reflect"
"time"
@ -453,29 +451,3 @@ func generateTriggers(client dclient.Interface, rule kyvernov1.Rule, log logr.Lo
}
return convertlist(list.Items)
}
func updateUR(kyvernoClient versioned.Interface, urLister kyvernov1beta1listers.UpdateRequestNamespaceLister, policyKey string, urList []*kyvernov1beta1.UpdateRequest, logger logr.Logger) {
for _, ur := range urList {
if policyKey == ur.Spec.GetPolicyKey() {
_, err := backgroundcommon.Update(kyvernoClient, urLister, ur.GetName(), func(ur *kyvernov1beta1.UpdateRequest) {
urLabels := ur.Labels
if len(urLabels) == 0 {
urLabels = make(map[string]string)
}
nBig, err := rand.Int(rand.Reader, big.NewInt(100000))
if err != nil {
logger.Error(err, "failed to generate random interger")
}
urLabels["policy-update"] = fmt.Sprintf("revision-count-%d", nBig.Int64())
ur.SetLabels(urLabels)
})
if err != nil {
logger.Error(err, "failed to update gr", "name", ur.GetName())
continue
}
if _, err := backgroundcommon.UpdateStatus(kyvernoClient, urLister, ur.GetName(), kyvernov1beta1.Pending, "", nil); err != nil {
logger.Error(err, "failed to set UpdateRequest state to Pending")
}
}
}
}

2
test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/cluster-policy.yaml
View file

@ -3,7 +3,7 @@ kind: ClusterPolicy
metadata:
name: sync-with-multi-clone
spec:
generateExistingOnPolicyUpdate: false
generateExisting: false
rules:
- name: sync-secret
match:

2
test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/cluster-policy.yaml
View file

@ -3,7 +3,7 @@ kind: ClusterPolicy
metadata:
name: sync-with-multi-clone-update
spec:
generateExistingOnPolicyUpdate: false
generateExisting: false
rules:
- name: sync-secret
match:

2
test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/01-manifests.yaml
View file

@ -3,7 +3,7 @@ kind: ClusterPolicy
metadata:
name: zk-kafka-address
spec:
generateExistingOnPolicyUpdate: true
generateExisting: true
rules:
- name: k-kafka-address
match:

2
test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/01-manifests.yaml
View file

@ -3,7 +3,7 @@ kind: ClusterPolicy
metadata:
name: zk-kafka-address
spec:
generateExistingOnPolicyUpdate: false
generateExisting: false
rules:
- name: k-kafka-address
match:

2
test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/01-manifests.yaml
View file

@ -3,7 +3,7 @@ kind: ClusterPolicy
metadata:
name: cpol-data-sync-delete-policy
spec:
generateExistingOnPolicyUpdate: false
generateExisting: false
rules:
- name: cpol-data-sync-delete-rule
match:

2
test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/01-manifests.yaml
View file

@ -3,7 +3,7 @@ kind: ClusterPolicy
metadata:
name: zk-kafka-address
spec:
generateExistingOnPolicyUpdate: true
generateExisting: true
rules:
- name: k-kafka-address
match:

2
test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/03-policy-update.yaml
View file

@ -3,7 +3,7 @@ kind: ClusterPolicy
metadata:
name: zk-kafka-address
spec:
generateExistingOnPolicyUpdate: true
generateExisting: true
rules:
- name: k-kafka-address
match:

2
test/conformance/kuttl/generate/clusterpolicy/standard/existing/existing-basic-create-data/policy.yaml
View file

@ -3,7 +3,7 @@ kind: ClusterPolicy
metadata:
name: existing-basic-create-data-policy
spec:
generateExistingOnPolicyUpdate: true
generateExisting: true
rules:
- name: existing-basic-create-rule
match:

2
test/conformance/kuttl/generate/clusterpolicy/standard/existing/existing-basic-create-preconditions-data/policy.yaml
View file

@ -3,7 +3,7 @@ kind: ClusterPolicy
metadata:
name: existing-basic-create-data-preconditions-policy
spec:
generateExistingOnPolicyUpdate: true
generateExisting: true
rules:
- name: existing-basic-create-data-preconditions-rule
match: