feat: support GVK to GVR mapping in the CLI (#12301)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-23 00:01:55 +00:00 · 2025-03-06 07:24:48 +01:00 · 2025-03-06 07:24:48 +01:00 · 0bcc850d77
commit 0bcc850d77
parent 23d0f873b3
2 changed files with 42 additions and 4 deletions
--- a/cmd/cli/kubectl-kyverno/commands/apply/command.go
+++ b/cmd/cli/kubectl-kyverno/commands/apply/command.go
@ -15,6 +15,7 @@ import (
 	kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
 	policiesv1alpha1 "github.com/kyverno/kyverno/api/policies.kyverno.io/v1alpha1"
 	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
+	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/data"
 	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/deprecations"
 	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/exception"
 	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
@ -28,6 +29,7 @@ import (
 	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/variables"
 	"github.com/kyverno/kyverno/pkg/autogen"
 	"github.com/kyverno/kyverno/pkg/cel/engine"
+	"github.com/kyverno/kyverno/pkg/cel/matching"
 	celpolicy "github.com/kyverno/kyverno/pkg/cel/policy"
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
 	"github.com/kyverno/kyverno/pkg/config"
@ -44,6 +46,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/restmapper"
 )

 type SkippedInvalidPolicies struct {
@ -334,7 +337,7 @@ func (c *ApplyCommandConfig) applyValidatingPolicies(
 	if err != nil {
 		return nil, err
 	}
-	eng := engine.NewEngine(provider, namespaceProvider, nil)
+	eng := engine.NewEngine(provider, namespaceProvider, matching.NewMatcher())
 	// TODO: mock when no cluster provided
 	var contextProvider celpolicy.Context
 	if dclient != nil {
@ -346,17 +349,35 @@ func (c *ApplyCommandConfig) applyValidatingPolicies(
 			return nil, err
 		}
 	}
+	apiGroupResources, err := data.APIGroupResources()
+	if err != nil {
+		return nil, err
+	}
+	restMapper := restmapper.NewDiscoveryRESTMapper(apiGroupResources)
 	responses := make([]engineapi.EngineResponse, 0)
 	for _, resource := range resources {
+		// get gvk from resource
+		gvk := resource.GroupVersionKind()
+		// map gvk to gvr
+		mapping, err := restMapper.RESTMapping(gvk.GroupKind(), gvk.Version)
+		if err != nil {
+			if c.ContinueOnFail {
+				fmt.Printf("failed to map gvk to gvr %s (%v)\n", gvk, err)
+				continue
+			}
+			return responses, fmt.Errorf("failed to map gvk to gvr %s (%v)\n", gvk, err)
+		}
+		gvr := mapping.Resource
+		// create engine request
 		request := engine.Request(
 			contextProvider,
-			resource.GroupVersionKind(),
-			// TODO
-			schema.GroupVersionResource{},
+			gvk,
+			gvr,
 			// TODO
 			"",
 			resource.GetName(),
 			resource.GetNamespace(),
+			// TODO
 			admissionv1.Create,
 			resource,
 			nil,
--- a/cmd/cli/kubectl-kyverno/data/data.go
+++ b/cmd/cli/kubectl-kyverno/data/data.go
@ -2,7 +2,11 @@ package data

 import (
 	"embed"
+	"encoding/json"
 	"io/fs"
+	"sync"
+
+	"k8s.io/client-go/restmapper"
 )

 const crdsFolder = "crds"
@ -10,6 +14,19 @@ const crdsFolder = "crds"
 //go:embed crds
 var crdsFs embed.FS

+//go:embed api-group-resources.json
+var apiGroupResources []byte
+
+var _apiGroupResources = sync.OnceValues(func() ([]*restmapper.APIGroupResources, error) {
+	var out []*restmapper.APIGroupResources
+	err := json.Unmarshal(apiGroupResources, &out)
+	return out, err
+})
+
 func Crds() (fs.FS, error) {
 	return fs.Sub(crdsFs, crdsFolder)
 }
+
+func APIGroupResources() ([]*restmapper.APIGroupResources, error) {
+	return _apiGroupResources()
+}