refactor: move label helper utils from policy package to background package (#3996)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2025-03-31 03:45:17 +00:00 · 2022-05-24 09:41:12 +02:00 · 2022-05-24 09:41:12 +02:00 · 1712dfa947
commit 1712dfa947
parent 8fe9163f4e
9 changed files with 87 additions and 94 deletions
--- a/api/kyverno/v1/common_types.go
+++ b/api/kyverno/v1/common_types.go
@ -451,17 +451,3 @@ type CloneFrom struct {
 	// Name specifies name of the resource.
 	Name string `json:"name,omitempty" yaml:"name,omitempty"`
 }
-
-type ResourceSpec struct {
-	// APIVersion specifies resource apiVersion.
-	// +optional
-	APIVersion string `json:"apiVersion,omitempty" yaml:"apiVersion,omitempty"`
-	// Kind specifies resource kind.
-	Kind string `json:"kind,omitempty" yaml:"kind,omitempty"`
-	// Namespace specifies resource namespace.
-	// +optional
-	Namespace string `json:"namespace,omitempty" yaml:"namespace,omitempty"`
-	// Name specifies the resource name.
-	// +optional
-	Name string `json:"name,omitempty" yaml:"name,omitempty"`
-}
--- a/api/kyverno/v1/resource_spec_types.go
+++ b/api/kyverno/v1/resource_spec_types.go
@ -0,0 +1,20 @@
+package v1
+
+type ResourceSpec struct {
+	// APIVersion specifies resource apiVersion.
+	// +optional
+	APIVersion string `json:"apiVersion,omitempty" yaml:"apiVersion,omitempty"`
+	// Kind specifies resource kind.
+	Kind string `json:"kind,omitempty" yaml:"kind,omitempty"`
+	// Namespace specifies resource namespace.
+	// +optional
+	Namespace string `json:"namespace,omitempty" yaml:"namespace,omitempty"`
+	// Name specifies the resource name.
+	// +optional
+	Name string `json:"name,omitempty" yaml:"name,omitempty"`
+}
+
+func (s ResourceSpec) GetName() string       { return s.Name }
+func (s ResourceSpec) GetNamespace() string  { return s.Namespace }
+func (s ResourceSpec) GetKind() string       { return s.Kind }
+func (s ResourceSpec) GetAPIVersion() string { return s.APIVersion }
--- a/api/kyverno/v1beta1/constants.go
+++ b/api/kyverno/v1beta1/constants.go
@ -9,5 +9,9 @@ const (
 	URMutatetriggerAPIVersionLabel = "mutate.updaterequest.kyverno.io/trigger-apiversion"

 	// URGeneratePolicyLabel adds the policy name to URs for generate policies
-	URGeneratePolicyLabel = "generate.kyverno.io/policy-name"
+	URGeneratePolicyLabel          = "generate.kyverno.io/policy-name"
+	URGenerateResourceNameLabel    = "generate.kyverno.io/resource-name"
+	URGenerateResourceNSLabel      = "generate.kyverno.io/resource-namespace"
+	URGenerateResourceKindLabel    = "generate.kyverno.io/resource-kind"
+	URGenerateRetryCountAnnotation = "generate.kyverno.io/retry-count"
 )
--- a/pkg/background/common/labels.go
+++ b/pkg/background/common/labels.go
@ -2,11 +2,21 @@ package common

 import (
 	"fmt"
+	"reflect"

+	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	pkglabels "k8s.io/apimachinery/pkg/labels"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )

+type Object interface {
+	GetName() string
+	GetNamespace() string
+	GetKind() string
+	GetAPIVersion() string
+}
+
 func ManageLabels(unstr *unstructured.Unstructured, triggerResource unstructured.Unstructured) {
 	// add managedBY label if not defined
 	labels := unstr.GetLabels()
@ -23,6 +33,35 @@ func ManageLabels(unstr *unstructured.Unstructured, triggerResource unstructured
 	unstr.SetLabels(labels)
 }

+func MutateLabelsSet(policyKey string, trigger Object) pkglabels.Set {
+	set := pkglabels.Set{
+		kyvernov1beta1.URMutatePolicyLabel: policyKey,
+	}
+	isNil := trigger == nil || (reflect.ValueOf(trigger).Kind() == reflect.Ptr && reflect.ValueOf(trigger).IsNil())
+	if !isNil {
+		set[kyvernov1beta1.URMutateTriggerNameLabel] = trigger.GetName()
+		set[kyvernov1beta1.URMutateTriggerNSLabel] = trigger.GetNamespace()
+		set[kyvernov1beta1.URMutatetriggerKindLabel] = trigger.GetKind()
+		if trigger.GetAPIVersion() != "" {
+			set[kyvernov1beta1.URMutatetriggerAPIVersionLabel] = trigger.GetAPIVersion()
+		}
+	}
+	return set
+}
+
+func GenerateLabelsSet(policyKey string, trigger Object) pkglabels.Set {
+	set := pkglabels.Set{
+		kyvernov1beta1.URGeneratePolicyLabel: policyKey,
+	}
+	isNil := trigger == nil || (reflect.ValueOf(trigger).Kind() == reflect.Ptr && reflect.ValueOf(trigger).IsNil())
+	if !isNil {
+		set[kyvernov1beta1.URGenerateResourceNameLabel] = trigger.GetName()
+		set[kyvernov1beta1.URGenerateResourceNSLabel] = trigger.GetNamespace()
+		set[kyvernov1beta1.URGenerateResourceKindLabel] = trigger.GetKind()
+	}
+	return set
+}
+
 func managedBy(labels map[string]string) {
 	// ManagedBy label
 	key := "app.kubernetes.io/managed-by"
--- a/pkg/background/generate/cleanup/cleanup.go
+++ b/pkg/background/generate/cleanup/cleanup.go
@ -19,7 +19,7 @@ func (c *Controller) processUR(ur kyvernov1beta1.UpdateRequest) error {
 		deleteUR := false
 		// check retry count in annotaion
 		urAnnotations := ur.Annotations
-		if val, ok := urAnnotations["generate.kyverno.io/retry-count"]; ok {
+		if val, ok := urAnnotations[kyvernov1beta1.URGenerateRetryCountAnnotation]; ok {
 			retryCount, err := strconv.ParseUint(val, 10, 32)
 			if err != nil {
 				logger.Error(err, "unable to convert retry-count")
--- a/pkg/background/generate/generate.go
+++ b/pkg/background/generate/generate.go
@ -113,10 +113,11 @@ func (c *GenerateController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {
 		urAnnotations := ur.Annotations

 		if len(urAnnotations) == 0 {
-			urAnnotations = make(map[string]string)
-			urAnnotations["generate.kyverno.io/retry-count"] = "1"
+			urAnnotations = map[string]string{
+				urAnnotations[kyvernov1beta1.URGenerateRetryCountAnnotation]: "1",
+			}
 		} else {
-			if val, ok := urAnnotations["generate.kyverno.io/retry-count"]; ok {
+			if val, ok := urAnnotations[kyvernov1beta1.URGenerateRetryCountAnnotation]; ok {
 				sleepCountInt64, err := strconv.ParseUint(val, 10, 32)
 				if err != nil {
 					logger.Error(err, "unable to convert retry-count")
@ -135,11 +136,11 @@ func (c *GenerateController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {
 				} else {
 					time.Sleep(time.Second * time.Duration(sleepCountInt))
 					incrementedCountString := strconv.Itoa(sleepCountInt)
-					urAnnotations["generate.kyverno.io/retry-count"] = incrementedCountString
+					urAnnotations[kyvernov1beta1.URGenerateRetryCountAnnotation] = incrementedCountString
 				}
 			} else {
 				time.Sleep(time.Second * 1)
-				urAnnotations["generate.kyverno.io/retry-count"] = "1"
+				urAnnotations[kyvernov1beta1.URGenerateRetryCountAnnotation] = "1"
 			}
 		}

@ -217,10 +218,10 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
 		if r.Status != response.RuleStatusPass {
 			logger.V(4).Info("querying all update requests")
 			selector := labels.SelectorFromSet(labels.Set(map[string]string{
-				kyvernov1beta1.URGeneratePolicyLabel:     engineResponse.PolicyResponse.Policy.Name,
-				"generate.kyverno.io/resource-name":      engineResponse.PolicyResponse.Resource.Name,
-				"generate.kyverno.io/resource-kind":      engineResponse.PolicyResponse.Resource.Kind,
-				"generate.kyverno.io/resource-namespace": engineResponse.PolicyResponse.Resource.Namespace,
+				kyvernov1beta1.URGeneratePolicyLabel:       engineResponse.PolicyResponse.Policy.Name,
+				kyvernov1beta1.URGenerateResourceNameLabel: engineResponse.PolicyResponse.Resource.Name,
+				kyvernov1beta1.URGenerateResourceKindLabel: engineResponse.PolicyResponse.Resource.Kind,
+				kyvernov1beta1.URGenerateResourceNSLabel:   engineResponse.PolicyResponse.Resource.Namespace,
 			}))
 			urList, err := c.urLister.List(selector)
 			if err != nil {
--- a/pkg/policy/updaterequest.go
+++ b/pkg/policy/updaterequest.go
@ -124,22 +124,18 @@ func (pc *PolicyController) handleUpdateRequest(ur *kyvernov1beta1.UpdateRequest
 }

 func (pc *PolicyController) listMutateURs(policyKey string, trigger *unstructured.Unstructured) []*kyvernov1beta1.UpdateRequest {
-	selector := createMutateLabels(policyKey, trigger)
-	mutateURs, err := pc.urLister.List(labels.SelectorFromSet(selector))
+	mutateURs, err := pc.urLister.List(labels.SelectorFromSet(common.MutateLabelsSet(policyKey, trigger)))
 	if err != nil {
 		logger.Error(err, "failed to list update request for mutate policy")
 	}
-
 	return mutateURs
 }

 func (pc *PolicyController) listGenerateURs(policyKey string, trigger *unstructured.Unstructured) []*kyvernov1beta1.UpdateRequest {
-	selector := createGenerateLabels(policyKey, trigger)
-	generateURs, err := pc.urLister.List(labels.SelectorFromSet(selector))
+	generateURs, err := pc.urLister.List(labels.SelectorFromSet(common.GenerateLabelsSet(policyKey, trigger)))
 	if err != nil {
 		logger.Error(err, "failed to list update request for generate policy")
 	}
-
 	return generateURs
 }

@ -154,9 +150,9 @@ func newUR(policy kyvernov1.PolicyInterface, trigger *unstructured.Unstructured,

 	var label labels.Set
 	if ruleType == kyvernov1beta1.Mutate {
-		label = createMutateLabels(policyNameNamespaceKey, trigger)
+		label = common.MutateLabelsSet(policyNameNamespaceKey, trigger)
 	} else {
-		label = createGenerateLabels(policyNameNamespaceKey, trigger)
+		label = common.GenerateLabelsSet(policyNameNamespaceKey, trigger)
 	}

 	return &kyvernov1beta1.UpdateRequest{
@ -177,43 +173,3 @@ func newUR(policy kyvernov1.PolicyInterface, trigger *unstructured.Unstructured,
 		},
 	}
 }
-
-func createMutateLabels(policyKey string, trigger *unstructured.Unstructured) labels.Set {
-	var selector labels.Set
-	if trigger == nil {
-		selector = labels.Set(map[string]string{
-			kyvernov1beta1.URMutatePolicyLabel: policyKey,
-		})
-	} else {
-		selector = labels.Set(map[string]string{
-			kyvernov1beta1.URMutatePolicyLabel:      policyKey,
-			kyvernov1beta1.URMutateTriggerNameLabel: trigger.GetName(),
-			kyvernov1beta1.URMutateTriggerNSLabel:   trigger.GetNamespace(),
-			kyvernov1beta1.URMutatetriggerKindLabel: trigger.GetKind(),
-		})
-
-		if trigger.GetAPIVersion() != "" {
-			selector[kyvernov1beta1.URMutatetriggerAPIVersionLabel] = trigger.GetAPIVersion()
-		}
-	}
-
-	return selector
-}
-
-func createGenerateLabels(policyKey string, trigger *unstructured.Unstructured) labels.Set {
-	var selector labels.Set
-	if trigger == nil {
-		selector = labels.Set(map[string]string{
-			kyvernov1beta1.URGeneratePolicyLabel: policyKey,
-		})
-	} else {
-		selector = labels.Set(map[string]string{
-			kyvernov1beta1.URGeneratePolicyLabel:     policyKey,
-			"generate.kyverno.io/resource-name":      trigger.GetName(),
-			"generate.kyverno.io/resource-kind":      trigger.GetKind(),
-			"generate.kyverno.io/resource-namespace": trigger.GetNamespace(),
-		})
-	}
-
-	return selector
-}
--- a/pkg/webhooks/resource/generation.go
+++ b/pkg/webhooks/resource/generation.go
@ -221,10 +221,10 @@ func (h *handlers) handleUpdateGenerateTargetResource(request *admissionv1.Admis
 func (h *handlers) deleteGR(logger logr.Logger, engineResponse *response.EngineResponse) {
 	logger.V(4).Info("querying all update requests")
 	selector := labels.SelectorFromSet(labels.Set(map[string]string{
-		kyvernov1beta1.URGeneratePolicyLabel:     engineResponse.PolicyResponse.Policy.Name,
-		"generate.kyverno.io/resource-name":      engineResponse.PolicyResponse.Resource.Name,
-		"generate.kyverno.io/resource-kind":      engineResponse.PolicyResponse.Resource.Kind,
-		"generate.kyverno.io/resource-namespace": engineResponse.PolicyResponse.Resource.Namespace,
+		kyvernov1beta1.URGeneratePolicyLabel:       engineResponse.PolicyResponse.Policy.Name,
+		kyvernov1beta1.URGenerateResourceNameLabel: engineResponse.PolicyResponse.Resource.Name,
+		kyvernov1beta1.URGenerateResourceKindLabel: engineResponse.PolicyResponse.Resource.Kind,
+		kyvernov1beta1.URGenerateResourceNSLabel:   engineResponse.PolicyResponse.Resource.Namespace,
 	}))

 	urList, err := h.urLister.List(selector)
--- a/pkg/webhooks/updaterequest/generator.go
+++ b/pkg/webhooks/updaterequest/generator.go
@ -6,6 +6,7 @@ import (

 	backoff "github.com/cenkalti/backoff"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
+	"github.com/kyverno/kyverno/pkg/background/common"
 	kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
 	kyvernov1beta1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1beta1"
 	kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
@ -75,25 +76,11 @@ func (g *generator) tryApplyResource(policyName string, urSpec kyvernov1beta1.Up
 		},
 	}

-	queryLabels := make(map[string]string)
+	var queryLabels labels.Set
 	if ur.Spec.Type == kyvernov1beta1.Mutate {
-		queryLabels := map[string]string{
-			kyvernov1beta1.URMutatePolicyLabel:                  ur.Spec.Policy,
-			"mutate.updaterequest.kyverno.io/trigger-name":      ur.Spec.Resource.Name,
-			"mutate.updaterequest.kyverno.io/trigger-namespace": ur.Spec.Resource.Namespace,
-			"mutate.updaterequest.kyverno.io/trigger-kind":      ur.Spec.Resource.Kind,
-		}
-
-		if ur.Spec.Resource.APIVersion != "" {
-			queryLabels["mutate.updaterequest.kyverno.io/trigger-apiversion"] = ur.Spec.Resource.APIVersion
-		}
+		queryLabels = common.MutateLabelsSet(ur.Spec.Policy, ur.Spec.Resource)
 	} else if ur.Spec.Type == kyvernov1beta1.Generate {
-		queryLabels = labels.Set(map[string]string{
-			kyvernov1beta1.URGeneratePolicyLabel:     policyName,
-			"generate.kyverno.io/resource-name":      urSpec.Resource.Name,
-			"generate.kyverno.io/resource-kind":      urSpec.Resource.Kind,
-			"generate.kyverno.io/resource-namespace": urSpec.Resource.Namespace,
-		})
+		queryLabels = common.GenerateLabelsSet(ur.Spec.Policy, ur.Spec.Resource)
 	}

 	ur.SetNamespace(config.KyvernoNamespace())