mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-29 02:45:06 +00:00
522 added ability to override default openAPI document
This commit is contained in:
shravan
parent
aec7a78822
commit
1b707f10a0
2 changed files with 48 additions and 0 deletions
|
|
@ -5,6 +5,8 @@ import (
|
|||
"flag"
|
||||
"time"
|
||||
|
||||
"k8s.io/client-go/discovery"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/nirmata/kyverno/pkg/checker"
|
||||
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
|
||||
|
|
@ -198,6 +200,22 @@ func main() {
|
|||
glog.Fatalf("Failed registering Admission Webhooks: %v\n", err)
|
||||
}
|
||||
|
||||
// OpenAPI document
|
||||
// Getting openApi document from kubernetes and overriding default openapi document
|
||||
restClient, err := discovery.NewDiscoveryClientForConfig(clientConfig)
|
||||
if err != nil {
|
||||
glog.Fatalf("Could not get rest client to get openApi doc: %v\n", err)
|
||||
}
|
||||
|
||||
openApiDoc, err := restClient.RESTClient().Get().RequestURI("/openapi/v2").Do().Raw()
|
||||
if err != nil {
|
||||
glog.Fatalf("OpenApiDoc request failed: %v\n", err)
|
||||
}
|
||||
|
||||
if err := policy.UseCustomOpenApiDocument(openApiDoc); err != nil {
|
||||
glog.Fatalf("Could not set custom OpenApi document: %v\n", err)
|
||||
}
|
||||
|
||||
// WEBHOOOK
|
||||
// - https server to provide endpoints called based on rules defined in Mutating & Validation webhook configuration
|
||||
// - reports the results based on the response from the policy engine:
|
||||
|
|
|
|||
|
|
@ -39,6 +39,36 @@ func init() {
|
|||
}
|
||||
}
|
||||
|
||||
func UseCustomOpenApiDocument(customDoc []byte) error {
|
||||
var spec yaml.MapSlice
|
||||
err := yaml.Unmarshal(customDoc, &spec)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
validationGlobalState.document, err = openapi_v2.NewDocument(spec, compiler.NewContext("$root", nil))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
validationGlobalState.definitions = make(map[string]*openapi_v2.Schema)
|
||||
validationGlobalState.kindToDefinitionName = make(map[string]string)
|
||||
for _, definition := range validationGlobalState.document.GetDefinitions().AdditionalProperties {
|
||||
validationGlobalState.definitions[definition.GetName()] = definition.GetValue()
|
||||
path := strings.Split(definition.GetName(), ".")
|
||||
validationGlobalState.kindToDefinitionName[path[len(path)-1]] = definition.GetName()
|
||||
}
|
||||
|
||||
validationGlobalState.models, err = proto.NewOpenAPIData(validationGlobalState.document)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
validationGlobalState.isSet = true
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func ValidatePolicyMutation(policy v1.ClusterPolicy) error {
|
||||
if !validationGlobalState.isSet {
|
||||
glog.V(4).Info("Cannot Validate policy: Validation global state not set")
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue