mirror of
https://github.com/kyverno/kyverno.git
synced 2025-04-08 10:04:25 +00:00
annotations json path update
This commit is contained in:
shivkumar dudhani
parent
c3b1d1721b
commit
14bc6859f6
5 changed files with 38 additions and 56 deletions
|
|
@ -223,7 +223,7 @@ func AddPolicyJSONPatch(ann map[string]string, pi *pinfo.PolicyInfo, ruleType pi
|
|||
// insert policy information
|
||||
ann[BuildKey(pi.Name)] = string(PolicyByte)
|
||||
// create add JSON patch
|
||||
jsonPatch, err := createAddJSONPatch(ann)
|
||||
jsonPatch, err := createAddJSONPatch(BuildKey(pi.Name), string(PolicyByte))
|
||||
|
||||
return ann, jsonPatch, err
|
||||
}
|
||||
|
|
@ -244,7 +244,7 @@ func AddPolicyJSONPatch(ann map[string]string, pi *pinfo.PolicyInfo, ruleType pi
|
|||
// update policy information
|
||||
ann[BuildKey(pi.Name)] = string(cPolicyByte)
|
||||
// create update JSON patch
|
||||
jsonPatch, err := createReplaceJSONPatch(ann)
|
||||
jsonPatch, err := createReplaceJSONPatch(BuildKey(pi.Name), string(cPolicyByte))
|
||||
return ann, jsonPatch, err
|
||||
}
|
||||
|
||||
|
|
@ -253,12 +253,7 @@ func RemovePolicyJSONPatch(ann map[string]string, policy string) (map[string]str
|
|||
if ann == nil {
|
||||
return nil, nil, nil
|
||||
}
|
||||
delete(ann, policy)
|
||||
if len(ann) == 0 {
|
||||
jsonPatch, err := createRemoveJSONPatch(ann)
|
||||
return nil, jsonPatch, err
|
||||
}
|
||||
jsonPatch, err := createReplaceJSONPatch(ann)
|
||||
jsonPatch, err := createRemoveJSONPatchKey(policy)
|
||||
return ann, jsonPatch, err
|
||||
}
|
||||
|
||||
|
|
@ -268,7 +263,13 @@ type patchMapValue struct {
|
|||
Value map[string]string `json:"value"`
|
||||
}
|
||||
|
||||
func createRemoveJSONPatch(ann map[string]string) ([]byte, error) {
|
||||
type patchStringValue struct {
|
||||
Op string `json:"op"`
|
||||
Path string `json:"path"`
|
||||
Value string `json:"value"`
|
||||
}
|
||||
|
||||
func createRemoveJSONPatchMap() ([]byte, error) {
|
||||
payload := []patchMapValue{{
|
||||
Op: "remove",
|
||||
Path: "/metadata/annotations",
|
||||
|
|
@ -277,26 +278,33 @@ func createRemoveJSONPatch(ann map[string]string) ([]byte, error) {
|
|||
|
||||
}
|
||||
|
||||
func createAddJSONPatch(ann map[string]string) ([]byte, error) {
|
||||
if ann == nil {
|
||||
ann = make(map[string]string, 0)
|
||||
}
|
||||
payload := []patchMapValue{{
|
||||
func createAddJSONPatch(key, value string) ([]byte, error) {
|
||||
|
||||
payload := []patchStringValue{{
|
||||
Op: "add",
|
||||
Path: "/metadata/annotations",
|
||||
Value: ann,
|
||||
Path: "/metadata/annotations/" + key,
|
||||
Value: value,
|
||||
}}
|
||||
return json.Marshal(payload)
|
||||
}
|
||||
|
||||
func createReplaceJSONPatch(ann map[string]string) ([]byte, error) {
|
||||
if ann == nil {
|
||||
ann = make(map[string]string, 0)
|
||||
}
|
||||
payload := []patchMapValue{{
|
||||
func createReplaceJSONPatch(key, value string) ([]byte, error) {
|
||||
// if ann == nil {
|
||||
// ann = make(map[string]string, 0)
|
||||
// }
|
||||
payload := []patchStringValue{{
|
||||
Op: "replace",
|
||||
Path: "/metadata/annotations",
|
||||
Value: ann,
|
||||
Path: "/metadata/annotations/" + key,
|
||||
Value: value,
|
||||
}}
|
||||
return json.Marshal(payload)
|
||||
}
|
||||
|
||||
func createRemoveJSONPatchKey(key string) ([]byte, error) {
|
||||
payload := []patchStringValue{{
|
||||
Op: "remove",
|
||||
Path: "/metadata/annotations/" + key,
|
||||
}}
|
||||
return json.Marshal(payload)
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ package annotations
|
|||
|
||||
const annotationQueueName = "annotation-queue"
|
||||
const workerThreadCount = 1
|
||||
const workQueueRetryLimit = 3
|
||||
const workQueueRetryLimit = 5
|
||||
|
||||
func getStatus(status bool) string {
|
||||
if status {
|
||||
|
|
@ -12,5 +12,6 @@ func getStatus(status bool) string {
|
|||
}
|
||||
|
||||
func BuildKey(policyName string) string {
|
||||
return "policies.kyverno.io/" + policyName
|
||||
//JSON Pointers
|
||||
return "policies.kyverno.io~1" + policyName
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ const eventWorkQueueName = "policy-controller-events"
|
|||
|
||||
const eventWorkerThreadCount = 1
|
||||
|
||||
const workQueueRetryLimit = 1
|
||||
const workQueueRetryLimit = 5
|
||||
|
||||
//Info defines the event details
|
||||
type Info struct {
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
package webhooks
|
||||
|
||||
import (
|
||||
jsonpatch "github.com/evanphx/json-patch"
|
||||
"github.com/golang/glog"
|
||||
engine "github.com/nirmata/kyverno/pkg/engine"
|
||||
"github.com/nirmata/kyverno/pkg/info"
|
||||
|
|
@ -33,7 +32,6 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) *v1be
|
|||
}
|
||||
|
||||
var allPatches [][]byte
|
||||
var annPatches []byte
|
||||
policyInfos := []*info.PolicyInfo{}
|
||||
for _, policy := range policies {
|
||||
// check if policy has a rule for the admission request kind
|
||||
|
|
@ -79,14 +77,8 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) *v1be
|
|||
|
||||
annPatch := addAnnotationsToResource(request.Object.Raw, policyInfo, info.Mutation)
|
||||
if annPatch != nil {
|
||||
if annPatches == nil {
|
||||
annPatches = annPatch
|
||||
} else {
|
||||
annPatches, err = jsonpatch.MergePatch(annPatches, annPatch)
|
||||
if err != nil {
|
||||
glog.Error(err)
|
||||
}
|
||||
}
|
||||
// add annotations
|
||||
ws.annotationsController.Add(rkind, rns, rname, annPatch)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -94,12 +86,6 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) *v1be
|
|||
eventsInfo, _ := newEventInfoFromPolicyInfo(policyInfos, (request.Operation == v1beta1.Update), info.Mutation)
|
||||
ws.eventController.Add(eventsInfo...)
|
||||
}
|
||||
// add annotations
|
||||
if annPatches != nil {
|
||||
// fmt.Println(string(annPatches))
|
||||
ws.annotationsController.Add(rkind, rns, rname, annPatches)
|
||||
}
|
||||
|
||||
ok, msg := isAdmSuccesful(policyInfos)
|
||||
if ok {
|
||||
patchType := v1beta1.PatchTypeJSONPatch
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
package webhooks
|
||||
|
||||
import (
|
||||
jsonpatch "github.com/evanphx/json-patch"
|
||||
"github.com/golang/glog"
|
||||
engine "github.com/nirmata/kyverno/pkg/engine"
|
||||
"github.com/nirmata/kyverno/pkg/info"
|
||||
|
|
@ -34,7 +33,6 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1
|
|||
glog.Errorf("failed to parse KIND from request: Namespace=%s Name=%s UID=%s patchOperation=%s\n", request.Namespace, request.Name, request.UID, request.Operation)
|
||||
}
|
||||
|
||||
var annPatches []byte
|
||||
for _, policy := range policies {
|
||||
|
||||
if !StringInSlice(request.Kind.Kind, getApplicableKindsForPolicy(policy)) {
|
||||
|
|
@ -88,14 +86,7 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1
|
|||
// annotations
|
||||
annPatch := addAnnotationsToResource(request.Object.Raw, policyInfo, info.Validation)
|
||||
if annPatch != nil {
|
||||
if annPatches == nil {
|
||||
annPatches = annPatch
|
||||
} else {
|
||||
annPatches, err = jsonpatch.MergePatch(annPatches, annPatch)
|
||||
if err != nil {
|
||||
glog.Error(err)
|
||||
}
|
||||
}
|
||||
ws.annotationsController.Add(rkind, rns, rname, annPatch)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -106,10 +97,6 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1
|
|||
ws.violationBuilder.Add(violations...)
|
||||
ws.eventController.Add(eventsInfo...)
|
||||
}
|
||||
// add annotations
|
||||
if annPatches != nil {
|
||||
ws.annotationsController.Add(rkind, rns, rname, annPatches)
|
||||
}
|
||||
// If Validation fails then reject the request
|
||||
ok, msg := isAdmSuccesful(policyInfos)
|
||||
// violations are created if "audit" flag is set
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue