mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

Merge branch 'master' into 522_validate_policy_resource_data

Browse source
This commit is contained in:
shravan 2020-01-29 14:33:21 +05:30
commit 1c06353172
9 changed files with 48 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/api/kyverno/v1/types.go
View file

@ -241,7 +241,7 @@ type PolicyStatus struct {
// average time required to process the policy Validation rules on a resource // average time required to process the policy Validation rules on a resource
AvgExecutionTimeGeneration string `json:"averageGenerationRulesExecutionTime"` AvgExecutionTimeGeneration string `json:"averageGenerationRulesExecutionTime"`
// statistics per rule // statistics per rule
Rules []RuleStats `json:"ruleStatus` Rules []RuleStats `json:"ruleStatus"`
} }
//RuleStats provides status per rule //RuleStats provides status per rule

3
pkg/dclient/utils.go
View file

@ -2,7 +2,6 @@ package client
import ( import (
"strings" "strings"
"time"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
@ -21,8 +20,6 @@ const (
// Namespaces Namespace // Namespaces Namespace
Namespaces string = "Namespace" Namespaces string = "Namespace"
) )
const namespaceCreationMaxWaitTime time.Duration = 30 * time.Second
const namespaceCreationWaitInterval time.Duration = 100 * time.Millisecond
//NewMockClient ---testing utilities //NewMockClient ---testing utilities
func NewMockClient(scheme *runtime.Scheme, objects ...runtime.Object) (*Client, error) { func NewMockClient(scheme *runtime.Scheme, objects ...runtime.Object) (*Client, error) {

5
pkg/engine/mutate/overlay.go
View file

@ -150,7 +150,7 @@ func mutateResourceWithOverlay(resource, pattern interface{}) ([][]byte, error)
// applyOverlay detects type of current item and goes down through overlay and resource trees applying overlay // applyOverlay detects type of current item and goes down through overlay and resource trees applying overlay
func applyOverlay(resource, overlay interface{}, path string) ([][]byte, error) { func applyOverlay(resource, overlay interface{}, path string) ([][]byte, error) {
var appliedPatches [][]byte
// resource item exists but has different type - replace // resource item exists but has different type - replace
// all subtree within this path by overlay // all subtree within this path by overlay
if reflect.TypeOf(resource) != reflect.TypeOf(overlay) { if reflect.TypeOf(resource) != reflect.TypeOf(overlay) {
@ -159,8 +159,7 @@ func applyOverlay(resource, overlay interface{}, path string) ([][]byte, error)
return nil, err return nil, err
} }
appliedPatches = append(appliedPatches, patch) return [][]byte{patch}, nil
//TODO : check if return is needed ?
} }
return applyOverlayForSameTypes(resource, overlay, path) return applyOverlayForSameTypes(resource, overlay, path)
} }

2
pkg/engine/mutation.go
View file

@ -83,7 +83,7 @@ func Mutate(policyContext PolicyContext) (resp response.EngineResponse) {
if rule.Mutation.Overlay != nil { if rule.Mutation.Overlay != nil {
var ruleResponse response.RuleResponse var ruleResponse response.RuleResponse
ruleResponse, patchedResource = mutate.ProcessOverlay(ctx, rule, patchedResource) ruleResponse, patchedResource = mutate.ProcessOverlay(ctx, rule, patchedResource)
if ruleResponse.Success == true { if ruleResponse.Success {
// - variable substitution path is not present // - variable substitution path is not present
if ruleResponse.PathNotPresent { if ruleResponse.PathNotPresent {
glog.V(4).Infof(ruleResponse.Message) glog.V(4).Infof(ruleResponse.Message)

2
pkg/engine/validate/pattern.go
View file

@ -139,7 +139,7 @@ func validateValueWithNilPattern(value interface{}) bool {
case string: case string:
return typed == "" return typed == ""
case bool: case bool:
return typed == false return !typed
case nil: case nil:
return true return true
case map[string]interface{}, []interface{}: case map[string]interface{}, []interface{}:

76
pkg/engine/validate/validate_test.go
View file

@ -97,8 +97,8 @@ func TestValidateMap(t *testing.T) {
}`) }`)
var pattern, resource map[string]interface{} var pattern, resource map[string]interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateMap(resource, pattern, pattern, "/") path, err := validateMap(resource, pattern, pattern, "/")
assert.Equal(t, path, "") assert.Equal(t, path, "")
@ -193,8 +193,8 @@ func TestValidateMap_AsteriskForInt(t *testing.T) {
`) `)
var pattern, resource map[string]interface{} var pattern, resource map[string]interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateMap(resource, pattern, pattern, "/") path, err := validateMap(resource, pattern, pattern, "/")
t.Log(path) t.Log(path)
@ -286,8 +286,8 @@ func TestValidateMap_AsteriskForMap(t *testing.T) {
}`) }`)
var pattern, resource map[string]interface{} var pattern, resource map[string]interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateMap(resource, pattern, pattern, "/") path, err := validateMap(resource, pattern, pattern, "/")
assert.Equal(t, path, "") assert.Equal(t, path, "")
@ -374,8 +374,8 @@ func TestValidateMap_AsteriskForArray(t *testing.T) {
}`) }`)
var pattern, resource map[string]interface{} var pattern, resource map[string]interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateMap(resource, pattern, pattern, "/") path, err := validateMap(resource, pattern, pattern, "/")
assert.Equal(t, path, "") assert.Equal(t, path, "")
@ -465,8 +465,8 @@ func TestValidateMap_AsteriskFieldIsMissing(t *testing.T) {
}`) }`)
var pattern, resource map[string]interface{} var pattern, resource map[string]interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateMap(resource, pattern, pattern, "/") path, err := validateMap(resource, pattern, pattern, "/")
assert.Equal(t, path, "/spec/template/spec/containers/0/") assert.Equal(t, path, "/spec/template/spec/containers/0/")
@ -556,7 +556,7 @@ func TestValidateMap_livenessProbeIsNull(t *testing.T) {
}`) }`)
var pattern, resource map[string]interface{} var pattern, resource map[string]interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) json.Unmarshal(rawMap, &resource)
path, err := validateMap(resource, pattern, pattern, "/") path, err := validateMap(resource, pattern, pattern, "/")
@ -646,8 +646,8 @@ func TestValidateMap_livenessProbeIsMissing(t *testing.T) {
}`) }`)
var pattern, resource map[string]interface{} var pattern, resource map[string]interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateMap(resource, pattern, pattern, "/") path, err := validateMap(resource, pattern, pattern, "/")
assert.Equal(t, path, "") assert.Equal(t, path, "")
@ -692,8 +692,8 @@ func TestValidateMapElement_TwoElementsInArrayOnePass(t *testing.T) {
}`) }`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "") assert.Equal(t, path, "")
@ -727,8 +727,8 @@ func TestValidateMapElement_OneElementInArrayPass(t *testing.T) {
]`) ]`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "") assert.Equal(t, path, "")
@ -781,8 +781,8 @@ func TestValidateMap_CorrectRelativePathInConfig(t *testing.T) {
}`) }`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "") assert.Equal(t, path, "")
@ -835,8 +835,8 @@ func TestValidateMap_RelativePathDoesNotExists(t *testing.T) {
}`) }`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "/spec/containers/0/resources/requests/memory/") assert.Equal(t, path, "/spec/containers/0/resources/requests/memory/")
@ -889,8 +889,8 @@ func TestValidateMap_OnlyAnchorsInPath(t *testing.T) {
}`) }`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "/spec/containers/0/resources/requests/memory/") assert.Equal(t, path, "/spec/containers/0/resources/requests/memory/")
@ -943,8 +943,8 @@ func TestValidateMap_MalformedReferenceOnlyDolarMark(t *testing.T) {
}`) }`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "/spec/containers/0/resources/requests/memory/") assert.Equal(t, path, "/spec/containers/0/resources/requests/memory/")
@ -997,8 +997,8 @@ func TestValidateMap_RelativePathWithParentheses(t *testing.T) {
}`) }`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "") assert.Equal(t, path, "")
@ -1051,8 +1051,8 @@ func TestValidateMap_MalformedPath(t *testing.T) {
}`) }`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "/spec/containers/0/resources/requests/memory/") assert.Equal(t, path, "/spec/containers/0/resources/requests/memory/")
@ -1105,8 +1105,8 @@ func TestValidateMap_AbosolutePathExists(t *testing.T) {
}`) }`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "") assert.Equal(t, path, "")
@ -1146,8 +1146,8 @@ func TestValidateMap_AbsolutePathToMetadata(t *testing.T) {
}`) }`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "") assert.Equal(t, path, "")
@ -1188,8 +1188,8 @@ func TestValidateMap_AbsolutePathToMetadata_fail(t *testing.T) {
}`) }`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "/spec/containers/0/image/") assert.Equal(t, path, "/spec/containers/0/image/")
@ -1242,8 +1242,8 @@ func TestValidateMap_AbosolutePathDoesNotExists(t *testing.T) {
}`) }`)
var pattern, resource interface{} var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
json.Unmarshal(rawMap, &resource) assert.Assert(t, json.Unmarshal(rawMap, &resource))
path, err := validateResourceElement(resource, pattern, pattern, "/") path, err := validateResourceElement(resource, pattern, pattern, "/")
assert.Equal(t, path, "/spec/containers/0/resources/requests/memory/") assert.Equal(t, path, "/spec/containers/0/resources/requests/memory/")
@ -1274,7 +1274,7 @@ func TestActualizePattern_GivenRelativePathThatExists(t *testing.T) {
var pattern interface{} var pattern interface{}
json.Unmarshal(rawPattern, &pattern) assert.Assert(t, json.Unmarshal(rawPattern, &pattern))
pattern, err := actualizePattern(pattern, referencePath, absolutePath) pattern, err := actualizePattern(pattern, referencePath, absolutePath)

2
pkg/namespace/generation.go
View file

@ -66,7 +66,7 @@ func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string
key := buildKey(policy, pv, kind, ns, name, rv) key := buildKey(policy, pv, kind, ns, name, rv)
_, ok := rm.data[key] _, ok := rm.data[key]
return ok == false return !ok
} }
//Drop drop the cache after every rebuild interval mins //Drop drop the cache after every rebuild interval mins

2
pkg/policy/existing.go
View file

@ -320,7 +320,7 @@ func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string
key := buildKey(policy, pv, kind, ns, name, rv) key := buildKey(policy, pv, kind, ns, name, rv)
_, ok := rm.data[key] _, ok := rm.data[key]
return ok == false return !ok
} }
func buildKey(policy, pv, kind, ns, name, rv string) string { func buildKey(policy, pv, kind, ns, name, rv string) string {

4
pkg/policy/validate.go
View file

@ -366,10 +366,12 @@ func validateMap(patternMap map[string]interface{}, path string, supportedAnchor
// check regex () -> this is anchor // check regex () -> this is anchor
// () // ()
// single char () // single char ()
matched, err := regexp.MatchString(`^.?\(.+\)$`, key) re, err := regexp.Compile(`^.?\(.+\)$`)
if err != nil { if err != nil {
return path + "/" + key, fmt.Errorf("Unable to parse the field %s: %v", key, err) return path + "/" + key, fmt.Errorf("Unable to parse the field %s: %v", key, err)
} }
matched := re.MatchString(key)
// check the type of anchor // check the type of anchor
if matched { if matched {
// some type of anchor // some type of anchor