mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity

Merge pull request #288 from nirmata/284_bug_multipleNamespaces

Browse source 
284 bug multiple namespaces
This commit is contained in:
Shivkumar Dudhani 2019-08-19 11:55:39 -07:00 committed by GitHub
commit 2192703df1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
49 changed files with 467 additions and 2087 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
definitions/install.yaml
View file

@ -54,8 +54,10 @@ spec:
type: string
name:
type: string
namespace:
type: string
namespaces:
type: array
items:
type: string
selector:
properties:
matchLabels:
@ -92,8 +94,10 @@ spec:
type: string
name:
type: string
namespace:
type: string
namespaces:
type: array
items:
type: string
selector:
properties:
matchLabels:

12
definitions/install_debug.yaml
View file

@ -54,8 +54,10 @@ spec:
type: string
name:
type: string
namespace:
type: string
namespaces:
type: array
items:
type: string
selector:
properties:
matchLabels:
@ -92,8 +94,10 @@ spec:
type: string
name:
type: string
namespace:
type: string
namespaces:
type: array
items:
type: string
selector:
properties:
matchLabels:

6
main.go
View file

@ -5,8 +5,8 @@ import (
"time"
"github.com/golang/glog"
clientNew "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
kyvernoinformer "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions"
"github.com/nirmata/kyverno/pkg/config"
client "github.com/nirmata/kyverno/pkg/dclient"
event "github.com/nirmata/kyverno/pkg/event"
@ -39,7 +39,7 @@ func main() {
// access CRD resources
// - Policy
// - PolicyViolation
pclient, err := clientNew.NewForConfig(clientConfig)
pclient, err := kyvernoclient.NewForConfig(clientConfig)
if err != nil {
glog.Fatalf("Error creating client: %v\n", err)
}

8
pkg/api/kyverno/v1alpha1/types.go
View file

@ -45,10 +45,10 @@ type ExcludeResources struct {
// ResourceDescription describes the resource to which the PolicyRule will be applied.
type ResourceDescription struct {
Kinds []string `json:"kinds"`
Name string `json:"name"`
Namespace string `json:"namespace,omitempty"`
Selector *metav1.LabelSelector `json:"selector"`
Kinds []string `json:"kinds"`
Name string `json:"name"`
Namespaces []string `json:"namespaces,omitempty"`
Selector *metav1.LabelSelector `json:"selector"`
}
// Mutation describes the way how Mutating Webhook will react on resource creation

5
pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go
View file

@ -280,6 +280,11 @@ func (in *ResourceDescription) DeepCopyInto(out *ResourceDescription) {
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Namespaces != nil {
in, out := &in.Namespaces, &out.Namespaces
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Selector != nil {
in, out := &in.Selector, &out.Selector
*out = new(v1.LabelSelector)

2
pkg/clientNew/clientset/versioned/clientset.go → pkg/client/clientset/versioned/clientset.go
View file

@ -19,7 +19,7 @@ limitations under the License.
package versioned
import (
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1"
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest"
flowcontrol "k8s.io/client-go/util/flowcontrol"

0
pkg/clientNew/clientset/versioned/doc.go → pkg/client/clientset/versioned/doc.go
View file

6
pkg/clientNew/clientset/versioned/fake/clientset_generated.go → pkg/client/clientset/versioned/fake/clientset_generated.go
View file

@ -19,9 +19,9 @@ limitations under the License.
package fake
import (
clientset "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1"
fakekyvernov1alpha1 "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/fake"
clientset "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
fakekyvernov1alpha1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/discovery"

0
pkg/clientNew/clientset/versioned/fake/doc.go → pkg/client/clientset/versioned/fake/doc.go
View file

0
pkg/clientNew/clientset/versioned/fake/register.go → pkg/client/clientset/versioned/fake/register.go
View file

0
pkg/clientNew/clientset/versioned/scheme/doc.go → pkg/client/clientset/versioned/scheme/doc.go
View file

0
pkg/clientNew/clientset/versioned/scheme/register.go → pkg/client/clientset/versioned/scheme/register.go
View file

6
pkg/clientNew/informers/externalversions/factory.go → pkg/client/informers/externalversions/factory.go
View file

@ -23,9 +23,9 @@ import (
sync "sync"
time "time"
versioned "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
internalinterfaces "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/internalinterfaces"
kyverno "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/kyverno"
versioned "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/nirmata/kyverno/pkg/client/informers/externalversions/internalinterfaces"
kyverno "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"

0
pkg/clientNew/informers/externalversions/generic.go → pkg/client/informers/externalversions/generic.go
View file

2
pkg/clientNew/informers/externalversions/internalinterfaces/factory_interfaces.go → pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go
View file

@ -21,7 +21,7 @@ package internalinterfaces
import (
time "time"
versioned "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
versioned "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
cache "k8s.io/client-go/tools/cache"

20
pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/doc.go
View file

@ -1,20 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
package v1alpha1

20
pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/fake/doc.go
View file

@ -1,20 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// Package fake has the automatically generated clients.
package fake

44
pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_kyverno_client.go
View file

@ -1,44 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)
type FakeKyvernoV1alpha1 struct {
*testing.Fake
}
func (c *FakeKyvernoV1alpha1) Policies() v1alpha1.PolicyInterface {
return &FakePolicies{c}
}
func (c *FakeKyvernoV1alpha1) PolicyViolations() v1alpha1.PolicyViolationInterface {
return &FakePolicyViolations{c}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeKyvernoV1alpha1) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}

131
pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_policy.go
View file

@ -1,131 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakePolicies implements PolicyInterface
type FakePolicies struct {
Fake *FakeKyvernoV1alpha1
}
var policiesResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "policies"}
var policiesKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "Policy"}
// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
func (c *FakePolicies) Get(name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(policiesResource, name), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}
// List takes label and field selectors, and returns the list of Policies that match those selectors.
func (c *FakePolicies) List(opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(policiesResource, policiesKind, opts), &v1alpha1.PolicyList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.PolicyList{ListMeta: obj.(*v1alpha1.PolicyList).ListMeta}
for _, item := range obj.(*v1alpha1.PolicyList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested policies.
func (c *FakePolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(policiesResource, opts))
}
// Create takes the representation of a policy and creates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *FakePolicies) Create(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(policiesResource, policy), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}
// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *FakePolicies) Update(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(policiesResource, policy), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakePolicies) UpdateStatus(policy *v1alpha1.Policy) (*v1alpha1.Policy, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(policiesResource, "status", policy), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}
// Delete takes name of the policy and deletes it. Returns an error if one occurs.
func (c *FakePolicies) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(policiesResource, name), &v1alpha1.Policy{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakePolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(policiesResource, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.PolicyList{})
return err
}
// Patch applies the patch and returns the patched policy.
func (c *FakePolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(policiesResource, name, pt, data, subresources...), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}

131
pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_policyviolation.go
View file

@ -1,131 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakePolicyViolations implements PolicyViolationInterface
type FakePolicyViolations struct {
Fake *FakeKyvernoV1alpha1
}
var policyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "policyviolations"}
var policyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "PolicyViolation"}
// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
func (c *FakePolicyViolations) Get(name string, options v1.GetOptions) (result *v1alpha1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(policyviolationsResource, name), &v1alpha1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.PolicyViolation), err
}
// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
func (c *FakePolicyViolations) List(opts v1.ListOptions) (result *v1alpha1.PolicyViolationList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(policyviolationsResource, policyviolationsKind, opts), &v1alpha1.PolicyViolationList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.PolicyViolationList{ListMeta: obj.(*v1alpha1.PolicyViolationList).ListMeta}
for _, item := range obj.(*v1alpha1.PolicyViolationList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested policyViolations.
func (c *FakePolicyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(policyviolationsResource, opts))
}
// Create takes the representation of a policyViolation and creates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *FakePolicyViolations) Create(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(policyviolationsResource, policyViolation), &v1alpha1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.PolicyViolation), err
}
// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *FakePolicyViolations) Update(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(policyviolationsResource, policyViolation), &v1alpha1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.PolicyViolation), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakePolicyViolations) UpdateStatus(policyViolation *v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(policyviolationsResource, "status", policyViolation), &v1alpha1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.PolicyViolation), err
}
// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
func (c *FakePolicyViolations) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(policyviolationsResource, name), &v1alpha1.PolicyViolation{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakePolicyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(policyviolationsResource, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.PolicyViolationList{})
return err
}
// Patch applies the patch and returns the patched policyViolation.
func (c *FakePolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(policyviolationsResource, name, pt, data, subresources...), &v1alpha1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.PolicyViolation), err
}

23
pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/generated_expansion.go
View file

@ -1,23 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
type PolicyExpansion interface{}
type PolicyViolationExpansion interface{}

95
pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/kyverno_client.go
View file

@ -1,95 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
"github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/scheme"
serializer "k8s.io/apimachinery/pkg/runtime/serializer"
rest "k8s.io/client-go/rest"
)
type KyvernoV1alpha1Interface interface {
RESTClient() rest.Interface
PoliciesGetter
PolicyViolationsGetter
}
// KyvernoV1alpha1Client is used to interact with features provided by the kyverno.io group.
type KyvernoV1alpha1Client struct {
restClient rest.Interface
}
func (c *KyvernoV1alpha1Client) Policies() PolicyInterface {
return newPolicies(c)
}
func (c *KyvernoV1alpha1Client) PolicyViolations() PolicyViolationInterface {
return newPolicyViolations(c)
}
// NewForConfig creates a new KyvernoV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*KyvernoV1alpha1Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
client, err := rest.RESTClientFor(&config)
if err != nil {
return nil, err
}
return &KyvernoV1alpha1Client{client}, nil
}
// NewForConfigOrDie creates a new KyvernoV1alpha1Client for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *KyvernoV1alpha1Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
}
return client
}
// New creates a new KyvernoV1alpha1Client for the given RESTClient.
func New(c rest.Interface) *KyvernoV1alpha1Client {
return &KyvernoV1alpha1Client{c}
}
func setConfigDefaults(config *rest.Config) error {
gv := v1alpha1.SchemeGroupVersion
config.GroupVersion = &gv
config.APIPath = "/apis"
config.NegotiatedSerializer = serializer.DirectCodecFactory{CodecFactory: scheme.Codecs}
if config.UserAgent == "" {
config.UserAgent = rest.DefaultKubernetesUserAgent()
}
return nil
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *KyvernoV1alpha1Client) RESTClient() rest.Interface {
if c == nil {
return nil
}
return c.restClient
}

180
pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/policy.go
View file

@ -1,180 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"time"
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
scheme "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// PoliciesGetter has a method to return a PolicyInterface.
// A group's client should implement this interface.
type PoliciesGetter interface {
Policies() PolicyInterface
}
// PolicyInterface has methods to work with Policy resources.
type PolicyInterface interface {
Create(*v1alpha1.Policy) (*v1alpha1.Policy, error)
Update(*v1alpha1.Policy) (*v1alpha1.Policy, error)
UpdateStatus(*v1alpha1.Policy) (*v1alpha1.Policy, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*v1alpha1.Policy, error)
List(opts v1.ListOptions) (*v1alpha1.PolicyList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error)
PolicyExpansion
}
// policies implements PolicyInterface
type policies struct {
client rest.Interface
}
// newPolicies returns a Policies
func newPolicies(c *KyvernoV1alpha1Client) *policies {
return &policies{
client: c.RESTClient(),
}
}
// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
func (c *policies) Get(name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Get().
Resource("policies").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of Policies that match those selectors.
func (c *policies) List(opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.PolicyList{}
err = c.client.Get().
Resource("policies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested policies.
func (c *policies) Watch(opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Resource("policies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch()
}
// Create takes the representation of a policy and creates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *policies) Create(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Post().
Resource("policies").
Body(policy).
Do().
Into(result)
return
}
// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *policies) Update(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Put().
Resource("policies").
Name(policy.Name).
Body(policy).
Do().
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *policies) UpdateStatus(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Put().
Resource("policies").
Name(policy.Name).
SubResource("status").
Body(policy).
Do().
Into(result)
return
}
// Delete takes name of the policy and deletes it. Returns an error if one occurs.
func (c *policies) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Resource("policies").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *policies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
var timeout time.Duration
if listOptions.TimeoutSeconds != nil {
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("policies").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched policy.
func (c *policies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Patch(pt).
Resource("policies").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

180
pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/policyviolation.go
View file

@ -1,180 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"time"
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
scheme "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// PolicyViolationsGetter has a method to return a PolicyViolationInterface.
// A group's client should implement this interface.
type PolicyViolationsGetter interface {
PolicyViolations() PolicyViolationInterface
}
// PolicyViolationInterface has methods to work with PolicyViolation resources.
type PolicyViolationInterface interface {
Create(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
Update(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
UpdateStatus(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*v1alpha1.PolicyViolation, error)
List(opts v1.ListOptions) (*v1alpha1.PolicyViolationList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error)
PolicyViolationExpansion
}
// policyViolations implements PolicyViolationInterface
type policyViolations struct {
client rest.Interface
}
// newPolicyViolations returns a PolicyViolations
func newPolicyViolations(c *KyvernoV1alpha1Client) *policyViolations {
return &policyViolations{
client: c.RESTClient(),
}
}
// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
func (c *policyViolations) Get(name string, options v1.GetOptions) (result *v1alpha1.PolicyViolation, err error) {
result = &v1alpha1.PolicyViolation{}
err = c.client.Get().
Resource("policyviolations").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
func (c *policyViolations) List(opts v1.ListOptions) (result *v1alpha1.PolicyViolationList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.PolicyViolationList{}
err = c.client.Get().
Resource("policyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested policyViolations.
func (c *policyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Resource("policyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch()
}
// Create takes the representation of a policyViolation and creates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *policyViolations) Create(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
result = &v1alpha1.PolicyViolation{}
err = c.client.Post().
Resource("policyviolations").
Body(policyViolation).
Do().
Into(result)
return
}
// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *policyViolations) Update(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
result = &v1alpha1.PolicyViolation{}
err = c.client.Put().
Resource("policyviolations").
Name(policyViolation.Name).
Body(policyViolation).
Do().
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *policyViolations) UpdateStatus(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
result = &v1alpha1.PolicyViolation{}
err = c.client.Put().
Resource("policyviolations").
Name(policyViolation.Name).
SubResource("status").
Body(policyViolation).
Do().
Into(result)
return
}
// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
func (c *policyViolations) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Resource("policyviolations").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *policyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
var timeout time.Duration
if listOptions.TimeoutSeconds != nil {
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("policyviolations").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched policyViolation.
func (c *policyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error) {
result = &v1alpha1.PolicyViolation{}
err = c.client.Patch(pt).
Resource("policyviolations").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

46
pkg/clientNew/informers/externalversions/kyverno/interface.go
View file

@ -1,46 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package kyverno
import (
internalinterfaces "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/internalinterfaces"
v1alpha1 "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/kyverno/v1alpha1"
)
// Interface provides access to each of this group's versions.
type Interface interface {
// V1alpha1 provides access to shared informers for resources in V1alpha1.
V1alpha1() v1alpha1.Interface
}
type group struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// V1alpha1 returns a new v1alpha1.Interface.
func (g *group) V1alpha1() v1alpha1.Interface {
return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
}

52
pkg/clientNew/informers/externalversions/kyverno/v1alpha1/interface.go
View file

@ -1,52 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
internalinterfaces "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/internalinterfaces"
)
// Interface provides access to all the informers in this group version.
type Interface interface {
// Policies returns a PolicyInformer.
Policies() PolicyInformer
// PolicyViolations returns a PolicyViolationInformer.
PolicyViolations() PolicyViolationInformer
}
type version struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// Policies returns a PolicyInformer.
func (v *version) Policies() PolicyInformer {
return &policyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
// PolicyViolations returns a PolicyViolationInformer.
func (v *version) PolicyViolations() PolicyViolationInformer {
return &policyViolationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}

88
pkg/clientNew/informers/externalversions/kyverno/v1alpha1/policy.go
View file

@ -1,88 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
time "time"
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
versioned "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
internalinterfaces "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/internalinterfaces"
v1alpha1 "github.com/nirmata/kyverno/pkg/clientNew/listers/kyverno/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// PolicyInformer provides access to a shared informer and lister for
// Policies.
type PolicyInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha1.PolicyLister
}
type policyInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// NewPolicyInformer constructs a new informer for Policy type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredPolicyInformer(client, resyncPeriod, indexers, nil)
}
// NewFilteredPolicyInformer constructs a new informer for Policy type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().Policies().List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().Policies().Watch(options)
},
},
&kyvernov1alpha1.Policy{},
resyncPeriod,
indexers,
)
}
func (f *policyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *policyInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1alpha1.Policy{}, f.defaultInformer)
}
func (f *policyInformer) Lister() v1alpha1.PolicyLister {
return v1alpha1.NewPolicyLister(f.Informer().GetIndexer())
}

88
pkg/clientNew/informers/externalversions/kyverno/v1alpha1/policyviolation.go
View file

@ -1,88 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
time "time"
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
versioned "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
internalinterfaces "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/internalinterfaces"
v1alpha1 "github.com/nirmata/kyverno/pkg/clientNew/listers/kyverno/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// PolicyViolationInformer provides access to a shared informer and lister for
// PolicyViolations.
type PolicyViolationInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha1.PolicyViolationLister
}
type policyViolationInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// NewPolicyViolationInformer constructs a new informer for PolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredPolicyViolationInformer(client, resyncPeriod, indexers, nil)
}
// NewFilteredPolicyViolationInformer constructs a new informer for PolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().PolicyViolations().List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().PolicyViolations().Watch(options)
},
},
&kyvernov1alpha1.PolicyViolation{},
resyncPeriod,
indexers,
)
}
func (f *policyViolationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredPolicyViolationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *policyViolationInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1alpha1.PolicyViolation{}, f.defaultInformer)
}
func (f *policyViolationInformer) Lister() v1alpha1.PolicyViolationLister {
return v1alpha1.NewPolicyViolationLister(f.Informer().GetIndexer())
}

101
pkg/clientNew/listers/kyverno/v1alpha1/expansion_generated.go
View file

@ -1,101 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
"fmt"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
)
// PolicyListerExpansion allows custom methods to be added to
// PolicyLister.
type PolicyListerExpansion interface {
GetPolicyForPolicyViolation(pv *kyverno.PolicyViolation) ([]*kyverno.Policy, error)
ListResources(selector labels.Selector) (ret []*v1alpha1.Policy, err error)
}
// PolicyViolationListerExpansion allows custom methods to be added to
// PolicyViolationLister.
type PolicyViolationListerExpansion interface {
// List lists all PolicyViolations in the indexer with GVK.
// List lists all PolicyViolations in the indexer with GVK.
ListResources(selector labels.Selector) (ret []*v1alpha1.PolicyViolation, err error)
}
//ListResources is a wrapper to List and adds the resource kind information
// as the lister is specific to a gvk we can harcode the values here
func (pvl *policyViolationLister) ListResources(selector labels.Selector) (ret []*v1alpha1.PolicyViolation, err error) {
policyviolations, err := pvl.List(selector)
for index := range policyviolations {
policyviolations[index].SetGroupVersionKind(kyverno.SchemeGroupVersion.WithKind("PolicyViolation"))
}
return policyviolations, nil
}
//ListResources is a wrapper to List and adds the resource kind information
// as the lister is specific to a gvk we can harcode the values here
func (pl *policyLister) ListResources(selector labels.Selector) (ret []*v1alpha1.Policy, err error) {
policies, err := pl.List(selector)
for index := range policies {
policies[index].SetGroupVersionKind(kyverno.SchemeGroupVersion.WithKind("Policy"))
}
return policies, err
}
func (pl *policyLister) GetPolicyForPolicyViolation(pv *kyverno.PolicyViolation) ([]*kyverno.Policy, error) {
if len(pv.Labels) == 0 {
return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name)
}
pList, err := pl.List(labels.Everything())
if err != nil {
return nil, err
}
var policies []*kyverno.Policy
for _, p := range pList {
policyLabelmap := map[string]string{"policy": p.Name}
ls := &metav1.LabelSelector{}
err = metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&policyLabelmap, ls, nil)
if err != nil {
return nil, fmt.Errorf("failed to generate label sector of Policy name %s: %v", p.Name, err)
}
selector, err := metav1.LabelSelectorAsSelector(ls)
if err != nil {
return nil, fmt.Errorf("invalid label selector: %v", err)
}
// If a policy with a nil or empty selector creeps in, it should match nothing, not everything.
if selector.Empty() || !selector.Matches(labels.Set(pv.Labels)) {
continue
}
policies = append(policies, p)
}
if len(policies) == 0 {
return nil, fmt.Errorf("could not find Policy set for PolicyViolation %s with labels: %v", pv.Name, pv.Labels)
}
return policies, nil
}

65
pkg/clientNew/listers/kyverno/v1alpha1/policy.go
View file

@ -1,65 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// PolicyLister helps list Policies.
type PolicyLister interface {
// List lists all Policies in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.Policy, err error)
// Get retrieves the Policy from the index for a given name.
Get(name string) (*v1alpha1.Policy, error)
PolicyListerExpansion
}
// policyLister implements the PolicyLister interface.
type policyLister struct {
indexer cache.Indexer
}
// NewPolicyLister returns a new PolicyLister.
func NewPolicyLister(indexer cache.Indexer) PolicyLister {
return &policyLister{indexer: indexer}
}
// List lists all Policies in the indexer.
func (s *policyLister) List(selector labels.Selector) (ret []*v1alpha1.Policy, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.Policy))
})
return ret, err
}
// Get retrieves the Policy from the index for a given name.
func (s *policyLister) Get(name string) (*v1alpha1.Policy, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha1.Resource("policy"), name)
}
return obj.(*v1alpha1.Policy), nil
}

65
pkg/clientNew/listers/kyverno/v1alpha1/policyviolation.go
View file

@ -1,65 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// PolicyViolationLister helps list PolicyViolations.
type PolicyViolationLister interface {
// List lists all PolicyViolations in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.PolicyViolation, err error)
// Get retrieves the PolicyViolation from the index for a given name.
Get(name string) (*v1alpha1.PolicyViolation, error)
PolicyViolationListerExpansion
}
// policyViolationLister implements the PolicyViolationLister interface.
type policyViolationLister struct {
indexer cache.Indexer
}
// NewPolicyViolationLister returns a new PolicyViolationLister.
func NewPolicyViolationLister(indexer cache.Indexer) PolicyViolationLister {
return &policyViolationLister{indexer: indexer}
}
// List lists all PolicyViolations in the indexer.
func (s *policyViolationLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyViolation, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.PolicyViolation))
})
return ret, err
}
// Get retrieves the PolicyViolation from the index for a given name.
func (s *policyViolationLister) Get(name string) (*v1alpha1.PolicyViolation, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha1.Resource("policyviolation"), name)
}
return obj.(*v1alpha1.PolicyViolation), nil
}

105
pkg/engine/engine.go
View file

@ -1,105 +0,0 @@
package engine
import (
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
client "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/info"
"github.com/nirmata/kyverno/pkg/utils"
)
// ProcessExisting checks for mutation and validation violations of existing resources
func ProcessExisting(client *client.Client, policy *kyverno.Policy, filterK8Resources []utils.K8Resource) []info.PolicyInfo {
return nil
// glog.Infof("Applying policy %s on existing resources", policy.Name)
// // key uid
// resourceMap := ListResourcesThatApplyToPolicy(client, policy, filterK8Resources)
// policyInfos := []info.PolicyInfo{}
// // for the filtered resource apply policy
// for _, v := range resourceMap {
// policyInfo, err := applyPolicy(client, policy, v)
// if err != nil {
// glog.Errorf("unable to apply policy %s on resource %s/%s", policy.Name, v.Resource.GetName(), v.Resource.GetNamespace())
// glog.Error(err)
// continue
// }
// policyInfos = append(policyInfos, policyInfo)
// }
// return policyInfos
}
// func applyPolicy(client *client.Client, policy *kyverno.Policy, res resourceInfo) (info.PolicyInfo, error) {
// var policyInfo info.PolicyInfo
// glog.Infof("Applying policy %s with %d rules\n", policy.ObjectMeta.Name, len(policy.Spec.Rules))
// rawResource, err := res.Resource.MarshalJSON()
// if err != nil {
// return policyInfo, err
// }
// // Mutate
// mruleInfos, err := mutation(policy, rawResource, res.Gvk)
// policyInfo.AddRuleInfos(mruleInfos)
// if err != nil {
// return policyInfo, err
// }
// // Validation
// //TODO check by value or pointer
// vruleInfos, err := Validate(*policy, rawResource, *res.Gvk)
// if err != nil {
// return policyInfo, err
// }
// policyInfo.AddRuleInfos(vruleInfos)
// policyInfo = info.NewPolicyInfo(policy.Name, res.Gvk.Kind, res.Resource.GetName(), res.Resource.GetNamespace(), policy.Spec.ValidationFailureAction)
// if res.Gvk.Kind == "Namespace" {
// // Generation
// gruleInfos := Generate(client, policy, res.Resource)
// policyInfo.AddRuleInfos(gruleInfos)
// }
// return policyInfo, nil
// }
// func mutation(p *kyverno.Policy, rawResource []byte, gvk *metav1.GroupVersionKind) ([]*info.RuleInfo, error) {
// patches, ruleInfos := Mutate(*p, rawResource, *gvk)
// if len(ruleInfos) == 0 {
// // no rules were processed
// return nil, nil
// }
// // if there are any errors return
// for _, r := range ruleInfos {
// if !r.IsSuccessful() {
// return ruleInfos, nil
// }
// }
// // if there are no patches // for overlay
// if len(patches) == 0 {
// return ruleInfos, nil
// }
// // option 2: (original Resource + patch) compare with (original resource)
// mergePatches := JoinPatches(patches)
// // merge the patches
// patch, err := jsonpatch.DecodePatch(mergePatches)
// if err != nil {
// return nil, err
// }
// // apply the patches returned by mutate to the original resource
// patchedResource, err := patch.Apply(rawResource)
// if err != nil {
// return nil, err
// }
// // compare (original Resource + patch) vs (original resource)
// // to verify if they are equal
// ruleInfo := info.NewRuleInfo("over-all mutation", info.Mutation)
// if !jsonpatch.Equal(patchedResource, rawResource) {
// //resource does not match so there was a mutation rule violated
// // TODO : check the rule name "mutation rules"
// ruleInfo.Fail()
// ruleInfo.Add("resource does not satisfy mutation rules")
// } else {
// ruleInfo.Add("resource satisfys the mutation rule")
// }
// ruleInfos = append(ruleInfos, ruleInfo)
// return ruleInfos, nil
// }

2
pkg/engine/overlay.go
View file

@ -31,11 +31,9 @@ func processOverlay(resourceUnstr unstructured.Unstructured, rule kyverno.Rule)
return nil, err
}
// resourceInfo := ParseResourceInfoFromObject(rawResource)
patches, err := processOverlayPatches(resource, rule.Mutation.Overlay)
if err != nil && strings.Contains(err.Error(), "Conditions are not met") {
glog.V(4).Infof("overlay pattern %s does not match resource %s/%s", rule.Mutation.Overlay, resourceUnstr.GetNamespace(), resourceUnstr.GetName())
// glog.Infof("Resource does not meet conditions in overlay pattern, resource=%s, rule=%s\n", resourceInfo, rule.Name)
return nil, nil
}

2
pkg/engine/overlayPatch.go
View file

@ -13,7 +13,7 @@ func patchOverlay(rule kyverno.Rule, rawResource []byte) ([][]byte, error) {
if err := json.Unmarshal(rawResource, &resource); err != nil {
return nil, err
}
//TODO: evaluate, Unmarshall called thrice
resourceInfo := ParseResourceInfoFromObject(rawResource)
patches, err := processOverlayPatches(resource, rule.Mutation.Overlay)
if err != nil && strings.Contains(err.Error(), "Conditions are not met") {

304
pkg/engine/utils.go
View file

@ -10,145 +10,13 @@ import (
"github.com/minio/minio/pkg/wildcard"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
client "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/utils"
v1helper "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
)
//ListResourcesThatApplyToPolicy returns list of resources that are filtered by policy rules
func ListResourcesThatApplyToPolicy(client *client.Client, policy *kyverno.Policy, filterK8Resources []utils.K8Resource) map[string]resourceInfo {
// key uid
resourceMap := map[string]resourceInfo{}
for _, rule := range policy.Spec.Rules {
// Match
for _, k := range rule.MatchResources.Kinds {
namespaces := []string{}
if k == "Namespace" {
namespaces = []string{""}
} else {
if rule.MatchResources.Namespace != "" {
// if namespace is specified then we add the namespace
namespaces = append(namespaces, rule.MatchResources.Namespace)
} else {
// no namespace specified, refer to all namespaces
namespaces = getAllNamespaces(client)
}
// Check if exclude namespace is not clashing
namespaces = excludeNamespaces(namespaces, rule.ExcludeResources.Namespace)
}
// If kind is namespace then namespace is "", override
// Get resources in the namespace
for _, ns := range namespaces {
rMap := getResourcesPerNamespace(k, client, ns, rule, filterK8Resources)
mergeresources(resourceMap, rMap)
}
}
}
return resourceMap
}
func getResourcesPerNamespace(kind string, client *client.Client, namespace string, rule kyverno.Rule, filterK8Resources []utils.K8Resource) map[string]resourceInfo {
resourceMap := map[string]resourceInfo{}
// List resources
list, err := client.ListResource(kind, namespace, rule.MatchResources.Selector)
if err != nil {
glog.Errorf("unable to list resource for %s with label selector %s", kind, rule.MatchResources.Selector.String())
return nil
}
var selector labels.Selector
// exclude label selector
if rule.ExcludeResources.Selector != nil {
selector, err = v1helper.LabelSelectorAsSelector(rule.ExcludeResources.Selector)
if err != nil {
glog.Error(err)
}
}
for _, res := range list.Items {
// exclude label selectors
if selector != nil {
set := labels.Set(res.GetLabels())
if selector.Matches(set) {
// if matches
continue
}
}
var name string
// match
// name
// wild card matching
name = rule.MatchResources.Name
if name != "" {
// if does not match then we skip
if !wildcard.Match(name, res.GetName()) {
continue
}
}
// exclude
// name
// wild card matching
name = rule.ExcludeResources.Name
if name != "nil" {
// if matches then we skip
if wildcard.Match(name, res.GetName()) {
continue
}
}
gvk := res.GroupVersionKind()
ri := resourceInfo{Resource: res, Gvk: &metav1.GroupVersionKind{Group: gvk.Group,
Version: gvk.Version,
Kind: gvk.Kind}}
// Skip the filtered resources
if utils.SkipFilteredResources(gvk.Kind, res.GetNamespace(), res.GetName(), filterK8Resources) {
continue
}
resourceMap[string(res.GetUID())] = ri
}
return resourceMap
}
// merge b into a map
func mergeresources(a, b map[string]resourceInfo) {
for k, v := range b {
a[k] = v
}
}
func getAllNamespaces(client *client.Client) []string {
namespaces := []string{}
// get all namespaces
nsList, err := client.ListResource("Namespace", "", nil)
if err != nil {
glog.Error(err)
return namespaces
}
for _, ns := range nsList.Items {
namespaces = append(namespaces, ns.GetName())
}
return namespaces
}
func excludeNamespaces(namespaces []string, excludeNs string) []string {
if excludeNs == "" {
return namespaces
}
filteredNamespaces := []string{}
for _, n := range namespaces {
if n == excludeNs {
continue
}
filteredNamespaces = append(filteredNamespaces, n)
}
return filteredNamespaces
}
//MatchesResourceDescription checks if the resource matches resource desription of the rule or not
func MatchesResourceDescription(resource unstructured.Unstructured, rule kyverno.Rule) bool {
matches := rule.MatchResources.ResourceDescription
@ -158,8 +26,8 @@ func MatchesResourceDescription(resource unstructured.Unstructured, rule kyverno
return false
}
// meta := parseMetadataFromObject(resourceRaw)
name := resource.GetName()
namespace := resource.GetNamespace()
if matches.Name != "" {
@ -175,14 +43,18 @@ func MatchesResourceDescription(resource unstructured.Unstructured, rule kyverno
return false
}
}
// Matches
if matches.Namespace != "" && matches.Namespace != namespace {
// check if the resource namespace is defined in the list of namespaces for inclusion
if len(matches.Namespaces) > 0 && !utils.Contains(matches.Namespaces, namespace) {
return false
}
// Exclude
if exclude.Namespace != "" && exclude.Namespace == namespace {
// check if the resource namespace is defined in the list of namespace for exclusion
if len(exclude.Namespaces) > 0 && utils.Contains(exclude.Namespaces, namespace) {
return false
}
// Matches
if matches.Selector != nil {
selector, err := metav1.LabelSelectorAsSelector(matches.Selector)
@ -209,82 +81,74 @@ func MatchesResourceDescription(resource unstructured.Unstructured, rule kyverno
return true
}
// ResourceMeetsDescription checks requests kind, name and labels to fit the policy rule
func ResourceMeetsDescription(resourceRaw []byte, matches kyverno.ResourceDescription, exclude kyverno.ResourceDescription, gvk metav1.GroupVersionKind) bool {
if !findKind(matches.Kinds, gvk.Kind) {
return false
}
// // ResourceMeetsDescription checks requests kind, name and labels to fit the policy rule
// func ResourceMeetsDescription(resourceRaw []byte, matches kyverno.ResourceDescription, exclude kyverno.ResourceDescription, gvk metav1.GroupVersionKind) bool {
// if !findKind(matches.Kinds, gvk.Kind) {
// return false
// }
if resourceRaw != nil {
meta := parseMetadataFromObject(resourceRaw)
name := ParseNameFromObject(resourceRaw)
namespace := ParseNamespaceFromObject(resourceRaw)
// if resourceRaw != nil {
// meta := parseMetadataFromObject(resourceRaw)
// name := ParseNameFromObject(resourceRaw)
// namespace := ParseNamespaceFromObject(resourceRaw)
if matches.Name != "" {
// Matches
if !wildcard.Match(matches.Name, name) {
return false
}
}
// Exclude
// the resource name matches the exclude resource name then reject
if exclude.Name != "" {
if wildcard.Match(exclude.Name, name) {
return false
}
}
// Matches
if matches.Namespace != "" && matches.Namespace != namespace {
return false
}
// Exclude
if exclude.Namespace != "" && exclude.Namespace == namespace {
return false
}
// Matches
if matches.Selector != nil {
selector, err := metav1.LabelSelectorAsSelector(matches.Selector)
if err != nil {
glog.Error(err)
return false
}
if meta != nil {
labelMap := parseLabelsFromMetadata(meta)
if !selector.Matches(labelMap) {
return false
}
}
}
// Exclude
if exclude.Selector != nil {
selector, err := metav1.LabelSelectorAsSelector(exclude.Selector)
// if the label selector is incorrect, should be fail or
if err != nil {
glog.Error(err)
return false
}
// if matches.Name != "" {
// // Matches
// if !wildcard.Match(matches.Name, name) {
// return false
// }
// }
// // Exclude
// // the resource name matches the exclude resource name then reject
// if exclude.Name != "" {
// if wildcard.Match(exclude.Name, name) {
// return false
// }
// }
// // Matches
// // check if the resource namespace is defined in the list of namespaces for inclusion
// if len(matches.Namespaces) > 0 && !utils.Contains(matches.Namespaces, namespace) {
// return false
// }
// // Exclude
// // check if the resource namespace is defined in the list of namespace for exclusion
// if len(exclude.Namespaces) > 0 && utils.Contains(exclude.Namespaces, namespace) {
// return false
// }
// // Matches
// if matches.Selector != nil {
// selector, err := metav1.LabelSelectorAsSelector(matches.Selector)
// if err != nil {
// glog.Error(err)
// return false
// }
// if meta != nil {
// labelMap := parseLabelsFromMetadata(meta)
// if !selector.Matches(labelMap) {
// return false
// }
// }
// }
// // Exclude
// if exclude.Selector != nil {
// selector, err := metav1.LabelSelectorAsSelector(exclude.Selector)
// // if the label selector is incorrect, should be fail or
// if err != nil {
// glog.Error(err)
// return false
// }
if meta != nil {
labelMap := parseLabelsFromMetadata(meta)
if selector.Matches(labelMap) {
return false
}
}
}
// if meta != nil {
// labelMap := parseLabelsFromMetadata(meta)
// if selector.Matches(labelMap) {
// return false
// }
// }
// }
}
return true
}
func parseMetadataFromObject(bytes []byte) map[string]interface{} {
var objectJSON map[string]interface{}
json.Unmarshal(bytes, &objectJSON)
meta, ok := objectJSON["metadata"].(map[string]interface{})
if !ok {
return nil
}
return meta
}
// }
// return true
// }
// ParseResourceInfoFromObject get kind/namepace/name from resource
func ParseResourceInfoFromObject(rawResource []byte) string {
@ -303,18 +167,6 @@ func ParseKindFromObject(bytes []byte) string {
return objectJSON["kind"].(string)
}
func parseLabelsFromMetadata(meta map[string]interface{}) labels.Set {
if interfaceMap, ok := meta["labels"].(map[string]interface{}); ok {
labelMap := make(labels.Set, len(interfaceMap))
for key, value := range interfaceMap {
labelMap[key] = value.(string)
}
return labelMap
}
return nil
}
//ParseNameFromObject extracts resource name from JSON obj
func ParseNameFromObject(bytes []byte) string {
var objectJSON map[string]interface{}
@ -354,15 +206,6 @@ func ParseNamespaceFromObject(bytes []byte) string {
return ""
}
// ParseRegexPolicyResourceName returns true if policyResourceName is a regexp
func ParseRegexPolicyResourceName(policyResourceName string) (string, bool) {
regex := strings.Split(policyResourceName, "regex:")
if len(regex) == 1 {
return regex[0], false
}
return strings.Trim(regex[1], " "), true
}
func getAnchorsFromMap(anchorsMap map[string]interface{}) map[string]interface{} {
result := make(map[string]interface{})
@ -512,8 +355,3 @@ func convertToFloat(value interface{}) (float64, error) {
return 0, fmt.Errorf("Could not convert %T to float64", value)
}
}
type resourceInfo struct {
Resource unstructured.Unstructured
Gvk *metav1.GroupVersionKind
}

608
pkg/engine/utils_test.go
View file

@ -3,341 +3,339 @@ package engine
import (
"testing"
types "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
"gotest.tools/assert"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func TestResourceMeetsDescription_Kind(t *testing.T) {
resourceName := "test-config-map"
resourceDescription := types.ResourceDescription{
Kinds: []string{"ConfigMap"},
Name: &resourceName,
Selector: &metav1.LabelSelector{
MatchLabels: nil,
MatchExpressions: nil,
},
}
excludeResourcesResourceDesc := types.ResourceDescription{}
groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
// func TestResourceMeetsDescription_Kind(t *testing.T) {
// resourceName := "test-config-map"
// resourceDescription := types.ResourceDescription{
// Kinds: []string{"ConfigMap"},
// Name: &resourceName,
// Selector: &metav1.LabelSelector{
// MatchLabels: nil,
// MatchExpressions: nil,
// },
// }
// excludeResourcesResourceDesc := types.ResourceDescription{}
// groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
rawResource := []byte(`{
"metadata":{
"name":"test-config-map",
"namespace":"default",
"creationTimestamp":null,
"labels":{
"label1":"test1",
"label2":"test2"
}
}
}`)
// rawResource := []byte(`{
// "metadata":{
// "name":"test-config-map",
// "namespace":"default",
// "creationTimestamp":null,
// "labels":{
// "label1":"test1",
// "label2":"test2"
// }
// }
// }`)
assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
resourceDescription.Kinds[0] = "Deployment"
assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
resourceDescription.Kinds[0] = "ConfigMap"
groupVersionKind.Kind = "Deployment"
assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
}
// assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// resourceDescription.Kinds[0] = "Deployment"
// assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// resourceDescription.Kinds[0] = "ConfigMap"
// groupVersionKind.Kind = "Deployment"
// assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// }
func TestResourceMeetsDescription_Name(t *testing.T) {
resourceName := "test-config-map"
resourceDescription := types.ResourceDescription{
Kinds: []string{"ConfigMap"},
Name: &resourceName,
Selector: &metav1.LabelSelector{
MatchLabels: nil,
MatchExpressions: nil,
},
}
excludeResourcesResourceDesc := types.ResourceDescription{}
// func TestResourceMeetsDescription_Name(t *testing.T) {
// resourceName := "test-config-map"
// resourceDescription := types.ResourceDescription{
// Kinds: []string{"ConfigMap"},
// Name: &resourceName,
// Selector: &metav1.LabelSelector{
// MatchLabels: nil,
// MatchExpressions: nil,
// },
// }
// excludeResourcesResourceDesc := types.ResourceDescription{}
groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
// groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
rawResource := []byte(`{
"metadata":{
"name":"test-config-map",
"namespace":"default",
"creationTimestamp":null,
"labels":{
"label1":"test1",
"label2":"test2"
}
}
}`)
// rawResource := []byte(`{
// "metadata":{
// "name":"test-config-map",
// "namespace":"default",
// "creationTimestamp":null,
// "labels":{
// "label1":"test1",
// "label2":"test2"
// }
// }
// }`)
assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
resourceName = "test-config-map-new"
assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// resourceName = "test-config-map-new"
// assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
rawResource = []byte(`{
"metadata":{
"name":"test-config-map-new",
"namespace":"default",
"creationTimestamp":null,
"labels":{
"label1":"test1",
"label2":"test2"
}
}
}`)
assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// rawResource = []byte(`{
// "metadata":{
// "name":"test-config-map-new",
// "namespace":"default",
// "creationTimestamp":null,
// "labels":{
// "label1":"test1",
// "label2":"test2"
// }
// }
// }`)
// assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
rawResource = []byte(`{
"metadata":{
"name":"",
"namespace":"default",
"creationTimestamp":null,
"labels":{
"label1":"test1",
"label2":"test2"
}
}
}`)
assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
}
// rawResource = []byte(`{
// "metadata":{
// "name":"",
// "namespace":"default",
// "creationTimestamp":null,
// "labels":{
// "label1":"test1",
// "label2":"test2"
// }
// }
// }`)
// assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// }
func TestResourceMeetsDescription_MatchExpressions(t *testing.T) {
resourceName := "test-config-map"
resourceDescription := types.ResourceDescription{
Kinds: []string{"ConfigMap"},
Name: &resourceName,
Selector: &metav1.LabelSelector{
MatchLabels: nil,
MatchExpressions: []metav1.LabelSelectorRequirement{
metav1.LabelSelectorRequirement{
Key: "label2",
Operator: "NotIn",
Values: []string{
"sometest1",
},
},
metav1.LabelSelectorRequirement{
Key: "label1",
Operator: "In",
Values: []string{
"test1",
"test8",
"test201",
},
},
metav1.LabelSelectorRequirement{
Key: "label3",
Operator: "DoesNotExist",
Values: nil,
},
metav1.LabelSelectorRequirement{
Key: "label2",
Operator: "In",
Values: []string{
"test2",
},
},
},
},
}
excludeResourcesResourceDesc := types.ResourceDescription{}
// func TestResourceMeetsDescription_MatchExpressions(t *testing.T) {
// resourceName := "test-config-map"
// resourceDescription := types.ResourceDescription{
// Kinds: []string{"ConfigMap"},
// Name: &resourceName,
// Selector: &metav1.LabelSelector{
// MatchLabels: nil,
// MatchExpressions: []metav1.LabelSelectorRequirement{
// metav1.LabelSelectorRequirement{
// Key: "label2",
// Operator: "NotIn",
// Values: []string{
// "sometest1",
// },
// },
// metav1.LabelSelectorRequirement{
// Key: "label1",
// Operator: "In",
// Values: []string{
// "test1",
// "test8",
// "test201",
// },
// },
// metav1.LabelSelectorRequirement{
// Key: "label3",
// Operator: "DoesNotExist",
// Values: nil,
// },
// metav1.LabelSelectorRequirement{
// Key: "label2",
// Operator: "In",
// Values: []string{
// "test2",
// },
// },
// },
// },
// }
// excludeResourcesResourceDesc := types.ResourceDescription{}
groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
rawResource := []byte(`{
"metadata":{
"name":"test-config-map",
"namespace":"default",
"creationTimestamp":null,
"labels":{
"label1":"test1",
"label2":"test2"
}
}
}`)
// groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
// rawResource := []byte(`{
// "metadata":{
// "name":"test-config-map",
// "namespace":"default",
// "creationTimestamp":null,
// "labels":{
// "label1":"test1",
// "label2":"test2"
// }
// }
// }`)
assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
rawResource = []byte(`{
"metadata":{
"name":"test-config-map",
"namespace":"default",
"creationTimestamp":null,
"labels":{
"label1":"test1234567890",
"label2":"test2"
}
}
}`)
// rawResource = []byte(`{
// "metadata":{
// "name":"test-config-map",
// "namespace":"default",
// "creationTimestamp":null,
// "labels":{
// "label1":"test1234567890",
// "label2":"test2"
// }
// }
// }`)
assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
}
// assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// }
func TestResourceMeetsDescription_MatchLabels(t *testing.T) {
resourceName := "test-config-map"
resourceDescription := types.ResourceDescription{
Kinds: []string{"ConfigMap"},
Name: &resourceName,
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"label1": "test1",
"label2": "test2",
},
MatchExpressions: nil,
},
}
groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
excludeResourcesResourceDesc := types.ResourceDescription{}
// func TestResourceMeetsDescription_MatchLabels(t *testing.T) {
// resourceName := "test-config-map"
// resourceDescription := types.ResourceDescription{
// Kinds: []string{"ConfigMap"},
// Name: &resourceName,
// Selector: &metav1.LabelSelector{
// MatchLabels: map[string]string{
// "label1": "test1",
// "label2": "test2",
// },
// MatchExpressions: nil,
// },
// }
// groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
// excludeResourcesResourceDesc := types.ResourceDescription{}
rawResource := []byte(`{
"metadata":{
"name":"test-config-map",
"namespace":"default",
"creationTimestamp":null,
"labels":{
"label1":"test1",
"label2":"test2"
}
}
}`)
assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// rawResource := []byte(`{
// "metadata":{
// "name":"test-config-map",
// "namespace":"default",
// "creationTimestamp":null,
// "labels":{
// "label1":"test1",
// "label2":"test2"
// }
// }
// }`)
// assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
rawResource = []byte(`{
"metadata":{
"name":"test-config-map",
"namespace":"default",
"creationTimestamp":null,
"labels":{
"label3":"test1",
"label2":"test2"
}
}
}`)
assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// rawResource = []byte(`{
// "metadata":{
// "name":"test-config-map",
// "namespace":"default",
// "creationTimestamp":null,
// "labels":{
// "label3":"test1",
// "label2":"test2"
// }
// }
// }`)
// assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
resourceDescription = types.ResourceDescription{
Kinds: []string{"ConfigMap"},
Name: &resourceName,
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"label3": "test1",
"label2": "test2",
},
MatchExpressions: nil,
},
}
// resourceDescription = types.ResourceDescription{
// Kinds: []string{"ConfigMap"},
// Name: &resourceName,
// Selector: &metav1.LabelSelector{
// MatchLabels: map[string]string{
// "label3": "test1",
// "label2": "test2",
// },
// MatchExpressions: nil,
// },
// }
assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
}
// assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// }
func TestResourceMeetsDescription_MatchLabelsAndMatchExpressions(t *testing.T) {
resourceName := "test-config-map"
resourceDescription := types.ResourceDescription{
Kinds: []string{"ConfigMap"},
Name: &resourceName,
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"label1": "test1",
},
MatchExpressions: []metav1.LabelSelectorRequirement{
metav1.LabelSelectorRequirement{
Key: "label2",
Operator: "In",
Values: []string{
"test2",
},
},
},
},
}
groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
excludeResourcesResourceDesc := types.ResourceDescription{}
// func TestResourceMeetsDescription_MatchLabelsAndMatchExpressions(t *testing.T) {
// resourceName := "test-config-map"
// resourceDescription := types.ResourceDescription{
// Kinds: []string{"ConfigMap"},
// Name: &resourceName,
// Selector: &metav1.LabelSelector{
// MatchLabels: map[string]string{
// "label1": "test1",
// },
// MatchExpressions: []metav1.LabelSelectorRequirement{
// metav1.LabelSelectorRequirement{
// Key: "label2",
// Operator: "In",
// Values: []string{
// "test2",
// },
// },
// },
// },
// }
// groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
// excludeResourcesResourceDesc := types.ResourceDescription{}
rawResource := []byte(`{
"metadata":{
"name":"test-config-map",
"namespace":"default",
"creationTimestamp":null,
"labels":{
"label1":"test1",
"label2":"test2"
}
}
}`)
// rawResource := []byte(`{
// "metadata":{
// "name":"test-config-map",
// "namespace":"default",
// "creationTimestamp":null,
// "labels":{
// "label1":"test1",
// "label2":"test2"
// }
// }
// }`)
assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
resourceDescription = types.ResourceDescription{
Kinds: []string{"ConfigMap"},
Name: &resourceName,
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"label1": "test1",
},
MatchExpressions: []metav1.LabelSelectorRequirement{
metav1.LabelSelectorRequirement{
Key: "label2",
Operator: "NotIn",
Values: []string{
"sometest1",
},
},
},
},
}
// resourceDescription = types.ResourceDescription{
// Kinds: []string{"ConfigMap"},
// Name: &resourceName,
// Selector: &metav1.LabelSelector{
// MatchLabels: map[string]string{
// "label1": "test1",
// },
// MatchExpressions: []metav1.LabelSelectorRequirement{
// metav1.LabelSelectorRequirement{
// Key: "label2",
// Operator: "NotIn",
// Values: []string{
// "sometest1",
// },
// },
// },
// },
// }
rawResource = []byte(`{
"metadata":{
"name":"test-config-map",
"namespace":"default",
"creationTimestamp":null,
"labels":{
"label1":"test1",
"label2":"test2"
}
}
}`)
assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// rawResource = []byte(`{
// "metadata":{
// "name":"test-config-map",
// "namespace":"default",
// "creationTimestamp":null,
// "labels":{
// "label1":"test1",
// "label2":"test2"
// }
// }
// }`)
// assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
resourceDescription = types.ResourceDescription{
Kinds: []string{"ConfigMap"},
Name: &resourceName,
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"label1": "test1",
},
MatchExpressions: []metav1.LabelSelectorRequirement{
metav1.LabelSelectorRequirement{
Key: "label2",
Operator: "In",
Values: []string{
"sometest1",
},
},
},
},
}
// resourceDescription = types.ResourceDescription{
// Kinds: []string{"ConfigMap"},
// Name: &resourceName,
// Selector: &metav1.LabelSelector{
// MatchLabels: map[string]string{
// "label1": "test1",
// },
// MatchExpressions: []metav1.LabelSelectorRequirement{
// metav1.LabelSelectorRequirement{
// Key: "label2",
// Operator: "In",
// Values: []string{
// "sometest1",
// },
// },
// },
// },
// }
assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
resourceDescription = types.ResourceDescription{
Kinds: []string{"ConfigMap"},
Name: &resourceName,
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"label1": "test1",
"label3": "test3",
},
MatchExpressions: []metav1.LabelSelectorRequirement{
metav1.LabelSelectorRequirement{
Key: "label2",
Operator: "In",
Values: []string{
"test2",
},
},
},
},
}
// resourceDescription = types.ResourceDescription{
// Kinds: []string{"ConfigMap"},
// Name: &resourceName,
// Selector: &metav1.LabelSelector{
// MatchLabels: map[string]string{
// "label1": "test1",
// "label3": "test3",
// },
// MatchExpressions: []metav1.LabelSelectorRequirement{
// metav1.LabelSelectorRequirement{
// Key: "label2",
// Operator: "In",
// Values: []string{
// "test2",
// },
// },
// },
// },
// }
assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
}
// assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, excludeResourcesResourceDesc, groupVersionKind))
// }
func TestWrappedWithParentheses_StringIsWrappedWithParentheses(t *testing.T) {
str := "(something)"

13
pkg/event/controller.go
View file

@ -5,10 +5,9 @@ import (
"github.com/golang/glog"
"github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/scheme"
policyscheme "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/scheme"
informer "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/kyverno/v1alpha1"
lister "github.com/nirmata/kyverno/pkg/clientNew/listers/kyverno/v1alpha1"
"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
client "github.com/nirmata/kyverno/pkg/dclient"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -22,7 +21,7 @@ import (
//Generator generate events
type Generator struct {
client *client.Client
pLister lister.PolicyLister
pLister kyvernolister.PolicyLister
queue workqueue.RateLimitingInterface
recorder record.EventRecorder
}
@ -34,7 +33,7 @@ type Interface interface {
//NewEventGenerator to generate a new event controller
func NewEventGenerator(client *client.Client,
pInformer informer.PolicyInformer) *Generator {
pInformer kyvernoinformer.PolicyInformer) *Generator {
gen := Generator{
client: client,
@ -48,7 +47,7 @@ func NewEventGenerator(client *client.Client,
func initRecorder(client *client.Client) record.EventRecorder {
// Initliaze Event Broadcaster
err := policyscheme.AddToScheme(scheme.Scheme)
err := scheme.AddToScheme(scheme.Scheme)
if err != nil {
glog.Error(err)
return nil

14
pkg/namespace/controller.go
View file

@ -10,9 +10,9 @@ import (
"github.com/nirmata/kyverno/pkg/event"
"k8s.io/apimachinery/pkg/api/errors"
kyvernoclient "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
informer "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/kyverno/v1alpha1"
lister "github.com/nirmata/kyverno/pkg/clientNew/listers/kyverno/v1alpha1"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
v1 "k8s.io/api/core/v1"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
v1Informer "k8s.io/client-go/informers/core/v1"
@ -39,11 +39,11 @@ type NamespaceController struct {
// nsListerSynced returns true if the Namespace store has been synced at least once
nsListerSynced cache.InformerSynced
// pvLister can list/get policy violation from the shared informer's store
pLister lister.PolicyLister
pLister kyvernolister.PolicyLister
// pvListerSynced retrns true if the Policy store has been synced at least once
pvListerSynced cache.InformerSynced
// pvLister can list/get policy violation from the shared informer's store
pvLister lister.PolicyViolationLister
pvLister kyvernolister.PolicyViolationLister
// eventGen provides interface to generate evenets
eventGen event.Interface
@ -57,8 +57,8 @@ type NamespaceController struct {
func NewNamespaceController(kyvernoClient *kyvernoclient.Clientset,
client *client.Client,
nsInformer v1Informer.NamespaceInformer,
pInformer informer.PolicyInformer,
pvInformer informer.PolicyViolationInformer,
pInformer kyvernoinformer.PolicyInformer,
pvInformer kyvernoinformer.PolicyViolationInformer,
eventGen event.Interface) *NamespaceController {
//TODO: do we need to event recorder for this controller?
// create the controller

4
pkg/namespace/generation.go
View file

@ -11,7 +11,7 @@ import (
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
lister "github.com/nirmata/kyverno/pkg/clientNew/listers/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
"github.com/nirmata/kyverno/pkg/info"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -116,7 +116,7 @@ func (nsc *NamespaceController) processNamespace(namespace corev1.Namespace) []i
return policyInfos
}
func listpolicies(ns unstructured.Unstructured, pLister lister.PolicyLister) []*kyverno.Policy {
func listpolicies(ns unstructured.Unstructured, pLister kyvernolister.PolicyLister) []*kyverno.Policy {
var filteredpolicies []*kyverno.Policy
glog.V(4).Infof("listing policies for namespace %s", ns.GetName())
policies, err := pLister.List(labels.NewSelector())

14
pkg/policy/controller.go
View file

@ -9,10 +9,10 @@ import (
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyvernoclient "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
"github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/scheme"
informer "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/kyverno/v1alpha1"
lister "github.com/nirmata/kyverno/pkg/clientNew/listers/kyverno/v1alpha1"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
client "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/event"
"github.com/nirmata/kyverno/pkg/utils"
@ -57,9 +57,9 @@ type PolicyController struct {
// Policys that need to be synced
queue workqueue.RateLimitingInterface
// pLister can list/get policy from the shared informer's store
pLister lister.PolicyLister
pLister kyvernolister.PolicyLister
// pvLister can list/get policy violation from the shared informer's store
pvLister lister.PolicyViolationLister
pvLister kyvernolister.PolicyViolationLister
// pListerSynced returns true if the Policy store has been synced at least once
pListerSynced cache.InformerSynced
// pvListerSynced retrns true if the Policy store has been synced at least once
@ -71,7 +71,7 @@ type PolicyController struct {
}
// NewPolicyController create a new PolicyController
func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.Client, pInformer informer.PolicyInformer, pvInformer informer.PolicyViolationInformer, eventGen event.Interface) (*PolicyController, error) {
func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.Client, pInformer kyvernoinformer.PolicyInformer, pvInformer kyvernoinformer.PolicyViolationInformer, eventGen event.Interface) (*PolicyController, error) {
// Event broad caster
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(glog.Infof)

14
pkg/policy/existing.go
View file

@ -64,16 +64,16 @@ func listResources(client *client.Client, policy kyverno.Policy, filterK8Resourc
glog.V(4).Infof("skipping processing policy %s rule %s for kind Namespace", policy.Name, rule.Name)
continue
}
//TODO: if namespace is not define can we default to *
if rule.MatchResources.Namespace != "" {
namespaces = append(namespaces, rule.MatchResources.Namespace)
if len(rule.MatchResources.Namespaces) > 0 {
namespaces = append(namespaces, rule.MatchResources.Namespaces...)
glog.V(4).Infof("namespaces specified for inclusion: %v", rule.MatchResources.Namespaces)
} else {
glog.V(4).Infof("processing policy %s rule %s, namespace not defined, getting all namespaces ", policy.Name, rule.Name)
// get all namespaces
namespaces = getAllNamespaces(client)
}
// check if exclude namespace is not clashing
namespaces = excludeNamespaces(namespaces, rule.ExcludeResources.Namespace)
namespaces = excludeNamespaces(namespaces, rule.ExcludeResources.Namespaces)
// get resources in the namespaces
for _, ns := range namespaces {
@ -158,13 +158,13 @@ func kindIsExcluded(kind string, list []string) bool {
return false
}
func excludeNamespaces(namespaces []string, excludeNs string) []string {
if excludeNs == "" {
func excludeNamespaces(namespaces, excludeNs []string) []string {
if len(excludeNs) == 0 {
return namespaces
}
filteredNamespaces := []string{}
for _, n := range namespaces {
if n == excludeNs {
if utils.Contains(excludeNs, n) {
continue
}
filteredNamespaces = append(filteredNamespaces, n)

17
pkg/policyviolation/controller.go
View file

@ -7,10 +7,10 @@ import (
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyvernoclient "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
"github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/scheme"
informer "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/kyverno/v1alpha1"
lister "github.com/nirmata/kyverno/pkg/clientNew/listers/kyverno/v1alpha1"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
client "github.com/nirmata/kyverno/pkg/dclient"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
@ -47,9 +47,9 @@ type PolicyViolationController struct {
// Policys that need to be synced
queue workqueue.RateLimitingInterface
// pvLister can list/get policy violation from the shared informer's store
pvLister lister.PolicyViolationLister
pvLister kyvernolister.PolicyViolationLister
// pLister can list/get policy from the shared informer's store
pLister lister.PolicyLister
pLister kyvernolister.PolicyLister
// pListerSynced returns true if the Policy store has been synced at least once
pListerSynced cache.InformerSynced
// pvListerSynced retrns true if the Policy store has been synced at least once
@ -59,7 +59,7 @@ type PolicyViolationController struct {
}
//NewPolicyViolationController creates a new NewPolicyViolationController
func NewPolicyViolationController(client *client.Client, kyvernoClient *kyvernoclient.Clientset, pInformer informer.PolicyInformer, pvInformer informer.PolicyViolationInformer) (*PolicyViolationController, error) {
func NewPolicyViolationController(client *client.Client, kyvernoClient *kyvernoclient.Clientset, pInformer kyvernoinformer.PolicyInformer, pvInformer kyvernoinformer.PolicyViolationInformer) (*PolicyViolationController, error) {
// Event broad caster
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(glog.Infof)
@ -212,6 +212,7 @@ func (pvc *PolicyViolationController) syncPolicyViolation(key string) error {
pv := policyViolation.DeepCopy()
// TODO: Update Status to update ObserverdGeneration
// TODO: check if the policy violation refers to a resource thats active ? // done by policy controller
// TODO: remove the PV, if the corresponding policy is not present
// TODO: additional check on deleted webhook for a resource, to delete a policy violation it has a policy violation
// list the resource with label selectors, but this can be expensive for each delete request of a resource
if err := pvc.syncActiveResource(pv); err != nil {
@ -242,6 +243,8 @@ func (pvc *PolicyViolationController) syncActiveResource(curPv *kyverno.PolicyVi
glog.V(4).Infof("error while retrieved resource %s/%s/%s: %v", rspec.Kind, rspec.Namespace, rspec.Name, err)
return err
}
//TODO- if the policy is not present, remove the policy violation
return nil
}

8
pkg/policyviolation/helpers.go
View file

@ -6,8 +6,8 @@ import (
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyvernoclient "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
lister "github.com/nirmata/kyverno/pkg/clientNew/listers/kyverno/v1alpha1"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
"github.com/nirmata/kyverno/pkg/info"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/tools/cache"
@ -54,7 +54,7 @@ func buildPolicyViolationsForAPolicy(pi info.PolicyInfo) kyverno.PolicyViolation
//generatePolicyViolations generate policyViolation resources for the rules that failed
//TODO: check if pvListerSynced is needed
func GeneratePolicyViolations(pvListerSynced cache.InformerSynced, pvLister lister.PolicyViolationLister, client *kyvernoclient.Clientset, policyInfos []info.PolicyInfo) {
func GeneratePolicyViolations(pvListerSynced cache.InformerSynced, pvLister kyvernolister.PolicyViolationLister, client *kyvernoclient.Clientset, policyInfos []info.PolicyInfo) {
var pvs []kyverno.PolicyViolation
for _, policyInfo := range policyInfos {
if !policyInfo.IsSuccessful() {
@ -100,7 +100,7 @@ func GeneratePolicyViolations(pvListerSynced cache.InformerSynced, pvLister list
}
//TODO: change the name
func getExistingPolicyViolationIfAny(pvListerSynced cache.InformerSynced, pvLister lister.PolicyViolationLister, newPv kyverno.PolicyViolation) (*kyverno.PolicyViolation, error) {
func getExistingPolicyViolationIfAny(pvListerSynced cache.InformerSynced, pvLister kyvernolister.PolicyViolationLister, newPv kyverno.PolicyViolation) (*kyverno.PolicyViolation, error) {
// TODO: check for existing ov using label selectors on resource and policy
labelMap := map[string]string{"policy": newPv.Spec.Policy, "resource": newPv.Spec.ResourceSpec.ToKey()}
ls := &metav1.LabelSelector{}

3
pkg/webhooks/mutation.go
View file

@ -4,6 +4,7 @@ import (
"github.com/golang/glog"
engine "github.com/nirmata/kyverno/pkg/engine"
"github.com/nirmata/kyverno/pkg/info"
"github.com/nirmata/kyverno/pkg/utils"
v1beta1 "k8s.io/api/admission/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
@ -42,7 +43,7 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) *v1be
for _, policy := range policies {
// check if policy has a rule for the admission request kind
if !StringInSlice(request.Kind.Kind, getApplicableKindsForPolicy(policy)) {
if !utils.Contains(getApplicableKindsForPolicy(policy), request.Kind.Kind) {
continue
}
policyInfo := info.NewPolicyInfo(policy.Name, resource.GetKind(), resource.GetName(), resource.GetNamespace(), policy.Spec.ValidationFailureAction)

14
pkg/webhooks/server.go
View file

@ -11,9 +11,9 @@ import (
"time"
"github.com/golang/glog"
kyvernoclient "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
informer "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/kyverno/v1alpha1"
lister "github.com/nirmata/kyverno/pkg/clientNew/listers/kyverno/v1alpha1"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
"github.com/nirmata/kyverno/pkg/config"
client "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/event"
@ -29,8 +29,8 @@ type WebhookServer struct {
server http.Server
client *client.Client
kyvernoClient *kyvernoclient.Clientset
pLister lister.PolicyLister
pvLister lister.PolicyViolationLister
pLister kyvernolister.PolicyLister
pvLister kyvernolister.PolicyViolationLister
pListerSynced cache.InformerSynced
pvListerSynced cache.InformerSynced
eventGen event.Interface
@ -43,8 +43,8 @@ func NewWebhookServer(
kyvernoClient *kyvernoclient.Clientset,
client *client.Client,
tlsPair *tlsutils.TlsPemPair,
pInformer informer.PolicyInformer,
pvInormer informer.PolicyViolationInformer,
pInformer kyvernoinformer.PolicyInformer,
pvInormer kyvernoinformer.PolicyViolationInformer,
eventGen event.Interface,
filterK8Resources string) (*WebhookServer, error) {

10
pkg/webhooks/utils.go
View file

@ -27,16 +27,6 @@ func isAdmSuccesful(policyInfos []info.PolicyInfo) (bool, string) {
return admSuccess, strings.Join(errMsgs, ";")
}
//StringInSlice checks if string is present in slice of strings
func StringInSlice(kind string, list []string) bool {
for _, b := range list {
if b == kind {
return true
}
}
return false
}
//ArrayFlags to store filterkinds
type ArrayFlags []string

3
pkg/webhooks/validation.go
View file

@ -5,6 +5,7 @@ import (
engine "github.com/nirmata/kyverno/pkg/engine"
"github.com/nirmata/kyverno/pkg/info"
"github.com/nirmata/kyverno/pkg/policyviolation"
"github.com/nirmata/kyverno/pkg/utils"
v1beta1 "k8s.io/api/admission/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
@ -42,7 +43,7 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1
for _, policy := range policies {
if !StringInSlice(request.Kind.Kind, getApplicableKindsForPolicy(policy)) {
if !utils.Contains(getApplicableKindsForPolicy(policy), request.Kind.Kind) {
continue
}

27
scripts/new_update-codegen.sh
View file

@ -1,27 +0,0 @@
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
case "$(uname -s)" in
Linux*) linkutil=readlink;;
Darwin*) linkutil=greadlink;;
*) machine="UNKNOWN:${unameOut}"
esac
# get nirmata root
NIRMATA_DIR=$(dirname ${BASH_SOURCE})/..
NIRMATA_ROOT=$(${linkutil} -f ${NIRMATA_DIR})
# get relative path to code generation script
CODEGEN_PKG=${NIRMATA_DIR}/vendor/k8s.io/code-generator
# get relative path of nirmata
NIRMATA_PKG=${NIRMATA_ROOT#"${GOPATH}/src/"}
# perform code generation
${CODEGEN_PKG}/generate-groups.sh \
"deepcopy,client,informer,lister" \
${NIRMATA_PKG}/pkg/clientNew \
${NIRMATA_PKG}/pkg/api \
kyverno:v1alpha1

4
scripts/update-codegen.sh
View file

@ -23,5 +23,5 @@ NIRMATA_PKG=${NIRMATA_ROOT#"${GOPATH}/src/"}
${CODEGEN_PKG}/generate-groups.sh \
"deepcopy,client,informer,lister" \
${NIRMATA_PKG}/pkg/client \
${NIRMATA_PKG}/pkg/apis \
policy:v1alpha1
${NIRMATA_PKG}/pkg/api \
kyverno:v1alpha1