From 232ff79cd819cbb51d0f01c638d5c0171d33cab8 Mon Sep 17 00:00:00 2001 From: Vishal Choudhary Date: Wed, 11 Jan 2023 11:32:44 +0530 Subject: [PATCH] removed condition type and missingAutoGenRules (#5964) Signed-off-by: Vishal Choudhary Signed-off-by: Vishal Choudhary Co-authored-by: shuting --- pkg/policy/condition.go | 13 ----------- pkg/policy/policy_controller.go | 41 --------------------------------- pkg/policy/validate_test.go | 40 -------------------------------- 3 files changed, 94 deletions(-) delete mode 100644 pkg/policy/condition.go diff --git a/pkg/policy/condition.go b/pkg/policy/condition.go deleted file mode 100644 index fac5d11878..0000000000 --- a/pkg/policy/condition.go +++ /dev/null @@ -1,13 +0,0 @@ -package policy - -// Condition defines condition type -type Condition int - -const ( - // NotEvaluate to not evaluate condition - NotEvaluate Condition = 0 - // Process to evaluate condition - Process Condition = 1 - // Skip to ignore/skip the condition - Skip Condition = 2 -) diff --git a/pkg/policy/policy_controller.go b/pkg/policy/policy_controller.go index e85841d691..ae9418d1ea 100644 --- a/pkg/policy/policy_controller.go +++ b/pkg/policy/policy_controller.go @@ -6,7 +6,6 @@ import ( "fmt" "math/big" "reflect" - "strings" "time" "github.com/go-logr/logr" @@ -31,7 +30,6 @@ import ( kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" "github.com/pkg/errors" "go.uber.org/multierr" - "golang.org/x/exp/slices" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -594,42 +592,3 @@ func updateUR(kyvernoClient versioned.Interface, urLister kyvernov1beta1listers. } } } - -func missingAutoGenRules(policy kyvernov1.PolicyInterface, log logr.Logger) bool { - var podRuleName []string - ruleCount := 1 - spec := policy.GetSpec() - if canApplyAutoGen, _ := autogen.CanAutoGen(spec); canApplyAutoGen { - for _, rule := range autogen.ComputeRules(policy) { - podRuleName = append(podRuleName, rule.Name) - } - } - - if len(podRuleName) > 0 { - annotations := policy.GetAnnotations() - val, ok := annotations[kyvernov1.PodControllersAnnotation] - if !ok { - return true - } - if val == "none" { - return false - } - res := strings.Split(val, ",") - - if len(res) == 1 { - ruleCount = 2 - } - if len(res) > 1 { - if slices.Contains(res, "CronJob") { - ruleCount = 3 - } else { - ruleCount = 2 - } - } - - if len(autogen.ComputeRules(policy)) != (ruleCount * len(podRuleName)) { - return true - } - } - return false -} diff --git a/pkg/policy/validate_test.go b/pkg/policy/validate_test.go index d7f6883706..9f2fc746f3 100644 --- a/pkg/policy/validate_test.go +++ b/pkg/policy/validate_test.go @@ -3,11 +3,9 @@ package policy import ( "encoding/json" "errors" - "fmt" "testing" kyverno "github.com/kyverno/kyverno/api/kyverno/v1" - "github.com/kyverno/kyverno/pkg/logging" "github.com/kyverno/kyverno/pkg/openapi" "gotest.tools/assert" "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" @@ -954,44 +952,6 @@ func Test_Validate_Any_Kind(t *testing.T) { assert.Assert(t, err != nil) } -func Test_checkAutoGenRules(t *testing.T) { - testCases := []struct { - name string - policy []byte - expectedResult bool - }{ - { - name: "rule-missing-autogen-cronjob", - policy: []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"test","annotations":{"pod-policies.kyverno.io/autogen-controllers":"Deployment,CronJob"}},"spec":{"rules":[{"match":{"resources":{"kinds":["Pod"]}},"name":"block-old-flux","validate":{"message":"CannotuseoldFluxv1annotation.","pattern":{"metadata":{"=(annotations)":{"X(fluxcd.io/*)":"*?"}}}}},{"match":{"resources":{"kinds":["Deployment"]}},"name":"autogen-block-old-flux","validate":{"message":"CannotuseoldFluxv1annotation.","pattern":{"spec":{"template":{"metadata":{"=(annotations)":{"X(fluxcd.io/*)":"*?"}}}}}}}]}}`), - expectedResult: true, - }, - { - name: "rule-missing-autogen-deployment", - policy: []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"test","annotations":{"pod-policies.kyverno.io/autogen-controllers":"Deployment,CronJob"}},"spec":{"rules":[{"match":{"resources":{"kinds":["Pod"]}},"name":"block-old-flux","validate":{"message":"CannotuseoldFluxv1annotation.","pattern":{"metadata":{"=(annotations)":{"X(fluxcd.io/*)":"*?"}}}}},{"match":{"resources":{"kinds":["CronJob"]}},"name":"autogen-cronjob-block-old-flux","validate":{"message":"CannotuseoldFluxv1annotation.","pattern":{"spec":{"jobTemplate":{"spec":{"template":{"metadata":{"=(annotations)":{"X(fluxcd.io/*)":"*?"}}}}}}}}}]}}`), - expectedResult: true, - }, - { - name: "rule-missing-autogen-all", - policy: []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"test","annotations":{"pod-policies.kyverno.io/autogen-controllers":"Deployment,CronJob,StatefulSet,Job,DaemonSet"}},"spec":{"rules":[{"match":{"resources":{"kinds":["Pod"]}},"name":"block-old-flux","validate":{"message":"CannotuseoldFluxv1annotation.","pattern":{"metadata":{"=(annotations)":{"X(fluxcd.io/*)":"*?"}}}}}]}}`), - expectedResult: true, - }, - { - name: "rule-with-autogen-disabled", - policy: []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"test","annotations":{"pod-policies.kyverno.io/autogen-controllers":"none"}},"spec":{"rules":[{"match":{"resources":{"kinds":["Pod"]}},"name":"block-old-flux","validate":{"message":"CannotuseoldFluxv1annotation.","pattern":{"metadata":{"=(annotations)":{"X(fluxcd.io/*)":"*?"}}}}}]}}`), - expectedResult: false, - }, - } - - for _, test := range testCases { - var policy kyverno.ClusterPolicy - err := json.Unmarshal(test.policy, &policy) - assert.NilError(t, err) - - res := missingAutoGenRules(&policy, logging.GlobalLogger()) - assert.Equal(t, test.expectedResult, res, fmt.Sprintf("test %s failed", test.name)) - } -} - func Test_Validate_ApiCall(t *testing.T) { testCases := []struct { resource kyverno.ContextEntry