pass dynamic client

2025-03-31 03:45:17 +00:00 · 2019-11-12 18:25:50 -08:00 · 2019-11-12 18:25:50 -08:00 · 1049e3fe81
commit 1049e3fe81
parent f0505189d4
5 changed files with 11 additions and 16 deletions
--- a/main.go
+++ b/main.go
@ -62,7 +62,6 @@ func main() {
 	if err != nil {
 		glog.Fatalf("Error creating client: %v\n", err)
 	}
-
 	// CRD CHECK
 	// - verify if the CRD for Policy & PolicyViolation are avialalbe
 	if !utils.CRDInstalled(client.DiscoveryClient) {
@ -107,7 +106,7 @@ func main() {

 	// POLICY VIOLATION GENERATOR
 	// -- generate policy violation
-	pvgen := policyviolation.NewPVGenerator(pclient, pInformer.Kyverno().V1alpha1().ClusterPolicyViolations().Lister())
+	pvgen := policyviolation.NewPVGenerator(pclient, client, pInformer.Kyverno().V1alpha1().ClusterPolicyViolations().Lister())

 	// POLICY CONTROLLER
 	// - reconciliation policy and policy violation
--- a/pkg/policy/status.go
+++ b/pkg/policy/status.go
@ -111,7 +111,6 @@ func (psa *PolicyStatusAggregator) aggregate(ps PolicyStat) {
 }

 func aggregateRules(old []RuleStatinfo, update []RuleStatinfo) []RuleStatinfo {
-	glog.V(4).Info(update)
 	var zeroDuration time.Duration
 	searchRule := func(list []RuleStatinfo, key string) *RuleStatinfo {
 		for _, v := range list {
--- a/pkg/policyviolation/generator.go
+++ b/pkg/policyviolation/generator.go
@ -92,11 +92,12 @@ type GeneratorInterface interface {
 }

 // NewPVGenerator returns a new instance of policy violation generator
-func NewPVGenerator(client *kyvernoclient.Clientset,
+func NewPVGenerator(client *kyvernoclient.Clientset, dclient *client.Client,
 	pvLister kyvernolister.ClusterPolicyViolationLister) *Generator {
 	gen := Generator{
 		pvInterface: client.KyvernoV1alpha1().ClusterPolicyViolations(),
 		pvLister:    pvLister,
+		dclient:     dclient,
 		queue:       workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), workQueueName),
 		dataStore:   NewDataStore(),
 	}
@ -122,8 +123,8 @@ func (gen *Generator) Add(infos ...Info) {
 // Run starts the workers
 func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
 	defer utilruntime.HandleCrash()
-	glog.Info("Start policy violaion generator")
-	defer glog.Info("Shutting down event generator")
+	glog.Info("Start policy violation generator")
+	defer glog.Info("Shutting down policy violation generator")

 	for i := 0; i < workers; i++ {
 		go wait.Until(gen.runWorker, time.Second, stopCh)
@ -195,6 +196,7 @@ func (gen *Generator) processNextWorkitem() bool {
 }

 func (gen *Generator) syncHandler(info Info) error {
+	glog.V(4).Infof("recieved info:%v", info)
 	var pvs []kyverno.ClusterPolicyViolation
 	if !info.Blocked {
 		pvs = append(pvs, buildPV(info))
@ -275,7 +277,6 @@ func buildPV(info Info) kyverno.ClusterPolicyViolation {
 		Name:      info.Resource.GetName(),
 	}, info.Rules,
 	)
-	pv.SetGenerateName("pv-")
 	return pv
 }

@ -288,6 +289,7 @@ func buildPVObj(policyName string, resourceSpec kyverno.ResourceSpec, rules []ky
 			ViolatedRules: rules,
 		},
 	}
+	pv.SetGenerateName("pv-")
 	return pv
 }

--- a/pkg/webhooks/report.go
+++ b/pkg/webhooks/report.go
@ -102,10 +102,6 @@ func generatePV(ers []engine.EngineResponse, blocked bool) []policyviolation.Inf
 	// generate PV for each
 	for _, er := range ers {
 		// ignore creation of PV for resoruces that are yet to be assigned a name
-		if er.PolicyResponse.Resource.Name == "" {
-			glog.V(4).Infof("resource %v, has not been assigned a name, not creating a policy violation for it", er.PolicyResponse.Resource)
-			continue
-		}
 		if er.IsSuccesful() {
 			continue
 		}
@ -113,7 +109,7 @@ func generatePV(ers []engine.EngineResponse, blocked bool) []policyviolation.Inf
 		// build policy violation info
 		pvInfos = append(pvInfos, buildPVInfo(er, blocked))
 	}
-	return nil
+	return pvInfos
 }

 func buildPVInfo(er engine.EngineResponse, blocked bool) policyviolation.Info {
--- a/pkg/webhooks/validation.go
+++ b/pkg/webhooks/validation.go
@ -106,17 +106,16 @@ func (ws *WebhookServer) handleValidation(request *v1beta1.AdmissionRequest, pat
 	// violations are created with resource owner(if exist) on "enforce"
 	// and if there are any then we dont block the resource creation
 	// Even if one the policy being applied
-	blocked := toBlockResource(engineResponses)
-	if !isResponseSuccesful(engineResponses) && blocked {
+	if !isResponseSuccesful(engineResponses) && toBlockResource(engineResponses) {
 		glog.V(4).Infof("resource %s/%s/%s is blocked\n", resource.GetKind(), resource.GetNamespace(), resource.GetName())
-		pvInfos := generatePV(engineResponses, blocked)
+		pvInfos := generatePV(engineResponses, true)
 		ws.pvGenerator.Add(pvInfos...)
 		sendStat(true)
 		return false, getErrorMsg(engineResponses)
 	}
 	// ADD POLICY VIOLATIONS
 	// violations are created with resource on "audit"
-	pvInfos := generatePV(engineResponses, blocked)
+	pvInfos := generatePV(engineResponses, false)
 	ws.pvGenerator.Add(pvInfos...)
 	sendStat(false)
 	// report time end