mirror of
https://github.com/kyverno/kyverno.git
synced 2025-04-18 02:06:52 +00:00
Dynamic process of GVK
This commit is contained in:
Vyankatesh Kudtarkar
parent
cc957e2c6e
commit
2ee32214f9
7 changed files with 24 additions and 17 deletions
pkg
common
engine
kyverno/common
openapi
policy
policycache
policymutation
|
|
@ -3,10 +3,11 @@ package common
|
|||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
|
||||
"github.com/go-logr/logr"
|
||||
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
|
||||
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
||||
|
|
@ -201,3 +202,14 @@ func removePolicyFromLabels(pName string, labels map[string]string) (bool, map[s
|
|||
|
||||
return false, labels
|
||||
}
|
||||
|
||||
func GetFormatedKind(str string) (kind string) {
|
||||
if strings.Count(str, "/") == 0 {
|
||||
return strings.Title(str)
|
||||
}
|
||||
splitString := strings.Split(str, "/")
|
||||
if strings.Count(str, "/") == 1 {
|
||||
return splitString[0] + "/" + strings.Title(splitString[1])
|
||||
}
|
||||
return splitString[0] + "/" + splitString[1] + "/" + strings.Title(splitString[2])
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ type EngineStats struct {
|
|||
|
||||
func checkKind(kinds []string, resource unstructured.Unstructured) bool {
|
||||
for _, kind := range kinds {
|
||||
kind = strings.Title(kind)
|
||||
SplitGVK := strings.Split(kind, "/")
|
||||
if len(SplitGVK) == 1 {
|
||||
if resource.GetKind() == kind {
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import (
|
|||
|
||||
"github.com/go-git/go-billy/v5"
|
||||
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
|
||||
"github.com/kyverno/kyverno/pkg/common"
|
||||
client "github.com/kyverno/kyverno/pkg/dclient"
|
||||
engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
|
||||
"github.com/kyverno/kyverno/pkg/utils"
|
||||
|
|
@ -33,7 +34,7 @@ func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient
|
|||
for _, policy := range policies {
|
||||
for _, rule := range policy.Spec.Rules {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
resourceTypesMap[kind] = true
|
||||
resourceTypesMap[common.GetFormatedKind(kind)] = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import (
|
|||
openapiv2 "github.com/googleapis/gnostic/openapiv2"
|
||||
data "github.com/kyverno/kyverno/api"
|
||||
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
|
||||
"github.com/kyverno/kyverno/pkg/common"
|
||||
"github.com/kyverno/kyverno/pkg/engine"
|
||||
"github.com/kyverno/kyverno/pkg/utils"
|
||||
cmap "github.com/orcaman/concurrent-map"
|
||||
|
|
@ -144,7 +145,7 @@ func (o *Controller) ValidatePolicyMutation(policy v1.ClusterPolicy) error {
|
|||
for _, rule := range policy.Spec.Rules {
|
||||
if rule.HasMutate() {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
kindToRules[kind] = append(kindToRules[kind], rule)
|
||||
kindToRules[kind] = append(kindToRules[common.GetFormatedKind(kind)], rule)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,8 @@ func (pc *PolicyController) processExistingResources(policy *kyverno.ClusterPoli
|
|||
continue
|
||||
}
|
||||
|
||||
for _, k := range rule.MatchResources.Kinds {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
k := common.GetFormatedKind(kind)
|
||||
logger = logger.WithValues("rule", rule.Name, "kind", k)
|
||||
namespaced, err := pc.rm.GetScope(k)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package policycache
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/go-logr/logr"
|
||||
|
|
@ -141,7 +142,8 @@ func (m *pMap) add(policy *kyverno.ClusterPolicy) {
|
|||
|
||||
func addCacheHelper(rmr kyverno.ResourceFilter, m *pMap, rule kyverno.Rule, mutateMap map[string]bool, pName string, enforcePolicy bool, validateEnforceMap map[string]bool, validateAuditMap map[string]bool, generateMap map[string]bool, imageVerifyMap map[string]bool) {
|
||||
for _, gvk := range rmr.Kinds {
|
||||
_, kind := common.GetKindFromGVK(gvk)
|
||||
_, k := common.GetKindFromGVK(gvk)
|
||||
kind := strings.Title(k)
|
||||
_, ok := m.kindDataMap[kind]
|
||||
if !ok {
|
||||
m.kindDataMap[kind] = make(map[PolicyType][]string)
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ func checkForGVKFormatPatch(policy *kyverno.ClusterPolicy, log logr.Logger) (pat
|
|||
for i, rule := range policy.Spec.Rules {
|
||||
kindList := []string{}
|
||||
for _, k := range rule.MatchResources.Kinds {
|
||||
kindList = append(kindList, getFormatedKind(k))
|
||||
kindList = append(kindList, common.GetFormatedKind(k))
|
||||
}
|
||||
jsonPatch := struct {
|
||||
Path string `json:"path"`
|
||||
|
|
@ -110,17 +110,6 @@ func checkForGVKFormatPatch(policy *kyverno.ClusterPolicy, log logr.Logger) (pat
|
|||
return patches, errs
|
||||
}
|
||||
|
||||
func getFormatedKind(str string) (kind string) {
|
||||
if strings.Count(str, "/") == 0 {
|
||||
return strings.Title(str)
|
||||
}
|
||||
splitString := strings.Split(str, "/")
|
||||
if strings.Count(str, "/") == 1 {
|
||||
return splitString[0] + "/" + strings.Title(splitString[1])
|
||||
}
|
||||
return splitString[0] + "/" + splitString[1] + "/" + strings.Title(splitString[2])
|
||||
}
|
||||
|
||||
func convertPatchToJSON6902(policy *kyverno.ClusterPolicy, log logr.Logger) (patches [][]byte, errs []error) {
|
||||
patches = make([][]byte, 0)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue