mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
Feature/read from stdin (#1165)
* temp * added pipe logic for apply * removed comments * updated readme
This commit is contained in:
Pooja Singh
GitHub
parent
f35e6893e9
commit
168c92333c
2 changed files with 79 additions and 47 deletions
|
|
@ -36,7 +36,7 @@ yay -S kyverno-git
|
|||
|
||||
## Commands
|
||||
|
||||
#### Version
|
||||
### Version
|
||||
|
||||
Prints the version of kyverno used by the CLI.
|
||||
|
||||
|
|
@ -45,7 +45,7 @@ Example:
|
|||
kyverno version
|
||||
```
|
||||
|
||||
#### Validate
|
||||
### Validate
|
||||
Validates a policy, can validate multiple policy resource description files or even an entire folder containing policy resource description
|
||||
files. Currently supports files with resource description in yaml.
|
||||
|
||||
|
|
@ -68,7 +68,7 @@ Example:
|
|||
kyverno validate /path/to/policy1.yaml -c /path/to/crd.yaml -c /path/to/folderFullOfCRDs
|
||||
```
|
||||
|
||||
#### Apply
|
||||
### Apply
|
||||
Applies policies on resources, and supports applying multiple policies on multiple resources in a single command.
|
||||
Also supports applying the given policies to an entire cluster. The current kubectl context will be used to access the cluster.
|
||||
|
||||
|
|
@ -84,6 +84,11 @@ Apply to all matching resources in a cluster:
|
|||
kyverno apply /path/to/policy.yaml --cluster > policy-results.txt
|
||||
```
|
||||
|
||||
The resources can also be passed from stdin:
|
||||
```
|
||||
kustomize build nginx/overlays/envs/prod/ | kyverno apply /path/to/policy.yaml --resource -
|
||||
```
|
||||
|
||||
Apply multiple policies to multiple resources:
|
||||
```
|
||||
kyverno apply /path/to/policy1.yaml /path/to/folderFullOfPolicies --resource /path/to/resource1.yaml --resource /path/to/resource2.yaml --cluster
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package apply
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
|
@ -170,9 +171,26 @@ func Command() *cobra.Command {
|
|||
}
|
||||
}
|
||||
|
||||
resources, err := getResources(policies, resourcePaths, dClient)
|
||||
if err != nil {
|
||||
return sanitizedError.NewWithError("failed to load resources", err)
|
||||
var resources []*unstructured.Unstructured
|
||||
if resourcePaths[0] == "-" {
|
||||
if isInputFromPipe() {
|
||||
resourceStr := ""
|
||||
scanner := bufio.NewScanner(os.Stdin)
|
||||
for scanner.Scan() {
|
||||
resourceStr = resourceStr + scanner.Text() + "\n"
|
||||
}
|
||||
|
||||
yamlBytes := []byte(resourceStr)
|
||||
resources, err = getResource(yamlBytes)
|
||||
if err != nil {
|
||||
return sanitizedError.NewWithError("failed to extract the resources", err)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
resources, err = getResources(policies, resourcePaths, dClient)
|
||||
if err != nil {
|
||||
return sanitizedError.NewWithError("failed to load resources", err)
|
||||
}
|
||||
}
|
||||
|
||||
mutatedPolicies, err := mutatePolices(policies)
|
||||
|
|
@ -279,7 +297,11 @@ func getResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient
|
|||
}
|
||||
|
||||
for _, resourcePath := range resourcePaths {
|
||||
getResources, err := getResource(resourcePath)
|
||||
resourceBytes, err := getFileBytes(resourcePath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
getResources, err := getResource(resourceBytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -315,62 +337,32 @@ func getResourcesOfTypeFromCluster(resourceTypes []string, dClient *client.Clien
|
|||
return resources, nil
|
||||
}
|
||||
|
||||
func getResource(path string) ([]*unstructured.Unstructured, error) {
|
||||
|
||||
resources := make([]*unstructured.Unstructured, 0)
|
||||
getResourceErrors := make([]error, 0)
|
||||
|
||||
func getFileBytes(path string) ([]byte, error) {
|
||||
file, err := ioutil.ReadFile(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return file, err
|
||||
}
|
||||
|
||||
files, splitDocError := utils.SplitYAMLDocuments(file)
|
||||
func getResource(resourceBytes []byte) ([]*unstructured.Unstructured, error) {
|
||||
resources := make([]*unstructured.Unstructured, 0)
|
||||
var getErrString string
|
||||
|
||||
files, splitDocError := utils.SplitYAMLDocuments(resourceBytes)
|
||||
if splitDocError != nil {
|
||||
return nil, splitDocError
|
||||
}
|
||||
|
||||
for _, resourceYaml := range files {
|
||||
|
||||
decode := scheme.Codecs.UniversalDeserializer().Decode
|
||||
resourceObject, metaData, err := decode(resourceYaml, nil, nil)
|
||||
resource, err := convertResourceToUnstructured(resourceYaml)
|
||||
if err != nil {
|
||||
getResourceErrors = append(getResourceErrors, err)
|
||||
continue
|
||||
}
|
||||
|
||||
resourceUnstructured, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&resourceObject)
|
||||
if err != nil {
|
||||
getResourceErrors = append(getResourceErrors, err)
|
||||
continue
|
||||
}
|
||||
|
||||
resourceJSON, err := json.Marshal(resourceUnstructured)
|
||||
if err != nil {
|
||||
getResourceErrors = append(getResourceErrors, err)
|
||||
continue
|
||||
}
|
||||
|
||||
resource, err := engineutils.ConvertToUnstructured(resourceJSON)
|
||||
if err != nil {
|
||||
getResourceErrors = append(getResourceErrors, err)
|
||||
continue
|
||||
}
|
||||
|
||||
resource.SetGroupVersionKind(*metaData)
|
||||
|
||||
if resource.GetNamespace() == "" {
|
||||
resource.SetNamespace("default")
|
||||
getErrString = getErrString + err.Error() + "\n"
|
||||
}
|
||||
|
||||
resources = append(resources, resource)
|
||||
}
|
||||
|
||||
var getErrString string
|
||||
for _, getResourceError := range getResourceErrors {
|
||||
getErrString = getErrString + getResourceError.Error() + "\n"
|
||||
}
|
||||
|
||||
if getErrString != "" {
|
||||
return nil, errors.New(getErrString)
|
||||
}
|
||||
|
|
@ -378,6 +370,36 @@ func getResource(path string) ([]*unstructured.Unstructured, error) {
|
|||
return resources, nil
|
||||
}
|
||||
|
||||
func convertResourceToUnstructured(resourceYaml []byte) (*unstructured.Unstructured, error) {
|
||||
decode := scheme.Codecs.UniversalDeserializer().Decode
|
||||
resourceObject, metaData, err := decode(resourceYaml, nil, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
resourceUnstructured, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&resourceObject)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
resourceJSON, err := json.Marshal(resourceUnstructured)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
resource, err := engineutils.ConvertToUnstructured(resourceJSON)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
resource.SetGroupVersionKind(*metaData)
|
||||
|
||||
if resource.GetNamespace() == "" {
|
||||
resource.SetNamespace("default")
|
||||
}
|
||||
return resource, nil
|
||||
}
|
||||
|
||||
// applyPolicyOnResource - function to apply policy on resource
|
||||
func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, rc *resultCounts) error {
|
||||
responseError := false
|
||||
|
|
@ -566,3 +588,8 @@ func createFileOrFolder(mutateLogPath string, mutateLogPathIsDir bool) error {
|
|||
|
||||
return nil
|
||||
}
|
||||
|
||||
func isInputFromPipe() bool {
|
||||
fileInfo, _ := os.Stdin.Stat()
|
||||
return fileInfo.Mode()&os.ModeCharDevice == 0
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue