refactor: namespace labels in engine response (#6880)

* refactor: policy response Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: engine response Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-04-09 10:42:22 +00:00 · 2023-04-12 19:02:40 +02:00 · 2023-04-12 19:02:40 +02:00 · 2d64cdf6e2
commit 2d64cdf6e2
parent b82c1bc386
2 changed files with 46 additions and 37 deletions
--- a/pkg/engine/api/engineresponse.go
+++ b/pkg/engine/api/engineresponse.go
@ -16,8 +16,8 @@ type EngineResponse struct {
 	Resource unstructured.Unstructured
 	// Policy is the original policy
 	Policy kyvernov1.PolicyInterface
-	// NamespaceLabels given by policy context
-	NamespaceLabels map[string]string
+	// namespaceLabels given by policy context
+	namespaceLabels map[string]string
 	// PatchedResource is the resource patched with the engine action changes
 	PatchedResource unstructured.Unstructured
 	// PolicyResponse contains the engine policy response
@ -50,7 +50,7 @@ func NewEngineResponse(
 	return EngineResponse{
 		Resource:        resource,
 		Policy:          policy,
-		NamespaceLabels: namespaceLabels,
+		namespaceLabels: namespaceLabels,
 		PatchedResource: resource,
 	}
 }
@ -70,6 +70,15 @@ func (er EngineResponse) WithPatchedResource(patchedResource unstructured.Unstru
 	return er
 }

+func (er EngineResponse) WithNamespaceLabels(namespaceLabels map[string]string) EngineResponse {
+	er.namespaceLabels = namespaceLabels
+	return er
+}
+
+func (er *EngineResponse) NamespaceLabels() map[string]string {
+	return er.namespaceLabels
+}
+
 // IsOneOf checks if any rule has status in a given list
 func (er EngineResponse) IsOneOf(status ...RuleStatus) bool {
 	for _, r := range er.PolicyResponse.Rules {
@ -172,7 +181,7 @@ func (er EngineResponse) GetValidationFailureAction() kyvernov1.ValidationFailur
 			continue
 		}
 		if v.Namespaces == nil {
-			hasPass, err := utils.CheckSelector(v.NamespaceSelector, er.NamespaceLabels)
+			hasPass, err := utils.CheckSelector(v.NamespaceSelector, er.namespaceLabels)
 			if err == nil && hasPass {
 				return v.Action
 			}
@ -182,7 +191,7 @@ func (er EngineResponse) GetValidationFailureAction() kyvernov1.ValidationFailur
 				if v.NamespaceSelector == nil {
 					return v.Action
 				}
-				hasPass, err := utils.CheckSelector(v.NamespaceSelector, er.NamespaceLabels)
+				hasPass, err := utils.CheckSelector(v.NamespaceSelector, er.namespaceLabels)
 				if err == nil && hasPass {
 					return v.Action
 				}
--- a/pkg/engine/api/engineresponse_test.go
+++ b/pkg/engine/api/engineresponse_test.go
@ -14,7 +14,7 @@ func TestEngineResponse_IsEmpty(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	tests := []struct {
 		name   string
@ -31,7 +31,7 @@ func TestEngineResponse_IsEmpty(t *testing.T) {
 		want: false,
 	}, {
 		fields: fields{
-			NamespaceLabels: map[string]string{
+			namespaceLabels: map[string]string{
 				"a": "b",
 			},
 		},
@ -43,7 +43,7 @@ func TestEngineResponse_IsEmpty(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.IsEmpty(); got != tt.want {
 				t.Errorf("EngineResponse.IsEmpty() = %v, want %v", got, tt.want)
@ -57,7 +57,7 @@ func TestEngineResponse_IsNil(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	tests := []struct {
 		name   string
@ -74,7 +74,7 @@ func TestEngineResponse_IsNil(t *testing.T) {
 		want: false,
 	}, {
 		fields: fields{
-			NamespaceLabels: map[string]string{
+			namespaceLabels: map[string]string{
 				"a": "b",
 			},
 		},
@ -86,7 +86,7 @@ func TestEngineResponse_IsNil(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.IsNil(); got != tt.want {
 				t.Errorf("EngineResponse.IsNil() = %v, want %v", got, tt.want)
@ -100,7 +100,7 @@ func TestEngineResponse_IsOneOf(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	type args struct {
 		status []RuleStatus
@ -174,7 +174,7 @@ func TestEngineResponse_IsOneOf(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.IsOneOf(tt.args.status...); got != tt.want {
 				t.Errorf("EngineResponse.IsOneOf() = %v, want %v", got, tt.want)
@ -188,7 +188,7 @@ func TestEngineResponse_IsSuccessful(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	tests := []struct {
 		name   string
@ -248,7 +248,7 @@ func TestEngineResponse_IsSuccessful(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.IsSuccessful(); got != tt.want {
 				t.Errorf("EngineResponse.IsSuccessful() = %v, want %v", got, tt.want)
@ -262,7 +262,7 @@ func TestEngineResponse_IsSkipped(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	tests := []struct {
 		name   string
@ -322,7 +322,7 @@ func TestEngineResponse_IsSkipped(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.IsSkipped(); got != tt.want {
 				t.Errorf("EngineResponse.IsSkipped() = %v, want %v", got, tt.want)
@ -336,7 +336,7 @@ func TestEngineResponse_IsFailed(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	tests := []struct {
 		name   string
@ -396,7 +396,7 @@ func TestEngineResponse_IsFailed(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.IsFailed(); got != tt.want {
 				t.Errorf("EngineResponse.IsFailed() = %v, want %v", got, tt.want)
@ -410,7 +410,7 @@ func TestEngineResponse_IsError(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	tests := []struct {
 		name   string
@ -470,7 +470,7 @@ func TestEngineResponse_IsError(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.IsError(); got != tt.want {
 				t.Errorf("EngineResponse.IsError() = %v, want %v", got, tt.want)
@ -484,7 +484,7 @@ func TestEngineResponse_GetFailedRules(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	tests := []struct {
 		name   string
@ -560,7 +560,7 @@ func TestEngineResponse_GetFailedRules(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.GetFailedRules(); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("EngineResponse.GetFailedRules() = %v, want %v", got, tt.want)
@ -574,7 +574,7 @@ func TestEngineResponse_GetSuccessRules(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	tests := []struct {
 		name   string
@ -677,7 +677,7 @@ func TestEngineResponse_GetSuccessRules(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.GetSuccessRules(); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("EngineResponse.GetSuccessRules() = %v, want %v", got, tt.want)
@ -693,7 +693,7 @@ func TestEngineResponse_GetValidationFailureAction(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	tests := []struct {
 		name   string
@ -773,7 +773,7 @@ func TestEngineResponse_GetValidationFailureAction(t *testing.T) {
 		want: kyvernov1.Enforce,
 	}, {
 		fields: fields{
-			NamespaceLabels: map[string]string{
+			namespaceLabels: map[string]string{
 				"foo": "bar",
 			},
 			PatchedResource: resource,
@ -794,7 +794,7 @@ func TestEngineResponse_GetValidationFailureAction(t *testing.T) {
 		want: kyvernov1.Enforce,
 	}, {
 		fields: fields{
-			NamespaceLabels: map[string]string{
+			namespaceLabels: map[string]string{
 				"foo": "bar",
 			},
 			PatchedResource: resource,
@ -815,7 +815,7 @@ func TestEngineResponse_GetValidationFailureAction(t *testing.T) {
 		want: kyvernov1.Audit,
 	}, {
 		fields: fields{
-			NamespaceLabels: map[string]string{
+			namespaceLabels: map[string]string{
 				"foo": "bar",
 			},
 			PatchedResource: resource,
@ -837,7 +837,7 @@ func TestEngineResponse_GetValidationFailureAction(t *testing.T) {
 		want: kyvernov1.Enforce,
 	}, {
 		fields: fields{
-			NamespaceLabels: map[string]string{
+			namespaceLabels: map[string]string{
 				"foo": "bar",
 			},
 			PatchedResource: resource,
@ -859,7 +859,7 @@ func TestEngineResponse_GetValidationFailureAction(t *testing.T) {
 		want: kyvernov1.Enforce,
 	}, {
 		fields: fields{
-			NamespaceLabels: map[string]string{
+			namespaceLabels: map[string]string{
 				"foo": "bar",
 			},
 			PatchedResource: resource,
@ -881,7 +881,7 @@ func TestEngineResponse_GetValidationFailureAction(t *testing.T) {
 		want: kyvernov1.Audit,
 	}, {
 		fields: fields{
-			NamespaceLabels: map[string]string{
+			namespaceLabels: map[string]string{
 				"foo": "bar",
 			},
 			PatchedResource: resource,
@ -908,7 +908,7 @@ func TestEngineResponse_GetValidationFailureAction(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.GetValidationFailureAction(); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("EngineResponse.GetValidationFailureAction() = %v, want %v", got, tt.want)
@ -922,7 +922,7 @@ func TestEngineResponse_GetPatches(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	tests := []struct {
 		name   string
@ -974,7 +974,7 @@ func TestEngineResponse_GetPatches(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.GetPatches(); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("EngineResponse.GetPatches() = %v, want %v", got, tt.want)
@ -999,7 +999,7 @@ func TestEngineResponse_GetResourceSpec(t *testing.T) {
 		PatchedResource unstructured.Unstructured
 		Policy          kyvernov1.PolicyInterface
 		PolicyResponse  PolicyResponse
-		NamespaceLabels map[string]string
+		namespaceLabels map[string]string
 	}
 	tests := []struct {
 		name   string
@ -1033,7 +1033,7 @@ func TestEngineResponse_GetResourceSpec(t *testing.T) {
 				PatchedResource: tt.fields.PatchedResource,
 				Policy:          tt.fields.Policy,
 				PolicyResponse:  tt.fields.PolicyResponse,
-				NamespaceLabels: tt.fields.NamespaceLabels,
+				namespaceLabels: tt.fields.namespaceLabels,
 			}
 			if got := er.GetResourceSpec(); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("EngineResponse.GetResourceSpec() = %v, want %v", got, tt.want)