1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00

pass dynamic client

This commit is contained in:
shivkumar dudhani 2019-11-12 18:25:50 -08:00
parent f0505189d4
commit 1049e3fe81
5 changed files with 11 additions and 16 deletions

View file

@ -62,7 +62,6 @@ func main() {
if err != nil {
glog.Fatalf("Error creating client: %v\n", err)
}
// CRD CHECK
// - verify if the CRD for Policy & PolicyViolation are avialalbe
if !utils.CRDInstalled(client.DiscoveryClient) {
@ -107,7 +106,7 @@ func main() {
// POLICY VIOLATION GENERATOR
// -- generate policy violation
pvgen := policyviolation.NewPVGenerator(pclient, pInformer.Kyverno().V1alpha1().ClusterPolicyViolations().Lister())
pvgen := policyviolation.NewPVGenerator(pclient, client, pInformer.Kyverno().V1alpha1().ClusterPolicyViolations().Lister())
// POLICY CONTROLLER
// - reconciliation policy and policy violation

View file

@ -111,7 +111,6 @@ func (psa *PolicyStatusAggregator) aggregate(ps PolicyStat) {
}
func aggregateRules(old []RuleStatinfo, update []RuleStatinfo) []RuleStatinfo {
glog.V(4).Info(update)
var zeroDuration time.Duration
searchRule := func(list []RuleStatinfo, key string) *RuleStatinfo {
for _, v := range list {

View file

@ -92,11 +92,12 @@ type GeneratorInterface interface {
}
// NewPVGenerator returns a new instance of policy violation generator
func NewPVGenerator(client *kyvernoclient.Clientset,
func NewPVGenerator(client *kyvernoclient.Clientset, dclient *client.Client,
pvLister kyvernolister.ClusterPolicyViolationLister) *Generator {
gen := Generator{
pvInterface: client.KyvernoV1alpha1().ClusterPolicyViolations(),
pvLister: pvLister,
dclient: dclient,
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), workQueueName),
dataStore: NewDataStore(),
}
@ -122,8 +123,8 @@ func (gen *Generator) Add(infos ...Info) {
// Run starts the workers
func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
defer utilruntime.HandleCrash()
glog.Info("Start policy violaion generator")
defer glog.Info("Shutting down event generator")
glog.Info("Start policy violation generator")
defer glog.Info("Shutting down policy violation generator")
for i := 0; i < workers; i++ {
go wait.Until(gen.runWorker, time.Second, stopCh)
@ -195,6 +196,7 @@ func (gen *Generator) processNextWorkitem() bool {
}
func (gen *Generator) syncHandler(info Info) error {
glog.V(4).Infof("recieved info:%v", info)
var pvs []kyverno.ClusterPolicyViolation
if !info.Blocked {
pvs = append(pvs, buildPV(info))
@ -275,7 +277,6 @@ func buildPV(info Info) kyverno.ClusterPolicyViolation {
Name: info.Resource.GetName(),
}, info.Rules,
)
pv.SetGenerateName("pv-")
return pv
}
@ -288,6 +289,7 @@ func buildPVObj(policyName string, resourceSpec kyverno.ResourceSpec, rules []ky
ViolatedRules: rules,
},
}
pv.SetGenerateName("pv-")
return pv
}

View file

@ -102,10 +102,6 @@ func generatePV(ers []engine.EngineResponse, blocked bool) []policyviolation.Inf
// generate PV for each
for _, er := range ers {
// ignore creation of PV for resoruces that are yet to be assigned a name
if er.PolicyResponse.Resource.Name == "" {
glog.V(4).Infof("resource %v, has not been assigned a name, not creating a policy violation for it", er.PolicyResponse.Resource)
continue
}
if er.IsSuccesful() {
continue
}
@ -113,7 +109,7 @@ func generatePV(ers []engine.EngineResponse, blocked bool) []policyviolation.Inf
// build policy violation info
pvInfos = append(pvInfos, buildPVInfo(er, blocked))
}
return nil
return pvInfos
}
func buildPVInfo(er engine.EngineResponse, blocked bool) policyviolation.Info {

View file

@ -106,17 +106,16 @@ func (ws *WebhookServer) handleValidation(request *v1beta1.AdmissionRequest, pat
// violations are created with resource owner(if exist) on "enforce"
// and if there are any then we dont block the resource creation
// Even if one the policy being applied
blocked := toBlockResource(engineResponses)
if !isResponseSuccesful(engineResponses) && blocked {
if !isResponseSuccesful(engineResponses) && toBlockResource(engineResponses) {
glog.V(4).Infof("resource %s/%s/%s is blocked\n", resource.GetKind(), resource.GetNamespace(), resource.GetName())
pvInfos := generatePV(engineResponses, blocked)
pvInfos := generatePV(engineResponses, true)
ws.pvGenerator.Add(pvInfos...)
sendStat(true)
return false, getErrorMsg(engineResponses)
}
// ADD POLICY VIOLATIONS
// violations are created with resource on "audit"
pvInfos := generatePV(engineResponses, blocked)
pvInfos := generatePV(engineResponses, false)
ws.pvGenerator.Add(pvInfos...)
sendStat(false)
// report time end