mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
fix typos and improve readability
This commit is contained in:
Jim Bugwadia
parent
8aa00106a5
commit
305adf2fa0
5 changed files with 25 additions and 14 deletions
|
|
@ -213,8 +213,8 @@ func defaultvalidationFailureAction(policy *kyverno.ClusterPolicy, log logr.Logg
|
|||
// as these fields may not be applicable to pod controllers
|
||||
// scenario B: "none", user explicitly disable this feature -> skip
|
||||
// scenario C: some certain controllers that user set -> generate on defined controllers
|
||||
// copy entrie match / exclude block, it's users' responsibility to
|
||||
// make sure all fields are applicable to pod cotrollers
|
||||
// copy entire match / exclude block, it's users' responsibility to
|
||||
// make sure all fields are applicable to pod controllers
|
||||
|
||||
// GeneratePodControllerRule returns two patches: rulePatches and annotation patch(if necessary)
|
||||
func GeneratePodControllerRule(policy kyverno.ClusterPolicy, log logr.Logger) (patches [][]byte, errs []error) {
|
||||
|
|
@ -385,7 +385,7 @@ func generateRuleForControllers(rule kyverno.Rule, controllers string, log logr.
|
|||
return kyvernoRule{}
|
||||
}
|
||||
|
||||
// Support backword compatibility
|
||||
// Support backwards compatibility
|
||||
skipAutoGeneration := false
|
||||
var controllersValidated []string
|
||||
if controllers == "all" {
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@ import (
|
|||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
)
|
||||
|
||||
// isResponseSuccesful return true if all responses are successful
|
||||
func isResponseSuccesful(engineReponses []response.EngineResponse) bool {
|
||||
// isResponseSuccessful return true if all responses are successful
|
||||
func isResponseSuccessful(engineReponses []response.EngineResponse) bool {
|
||||
for _, er := range engineReponses {
|
||||
if !er.IsSuccessful() {
|
||||
return false
|
||||
|
|
@ -110,7 +110,7 @@ func processResourceWithPatches(patch []byte, resource []byte, log logr.Logger)
|
|||
return resource
|
||||
}
|
||||
|
||||
func containRBACinfo(policies ...[]*kyverno.ClusterPolicy) bool {
|
||||
func containRBACInfo(policies ...[]*kyverno.ClusterPolicy) bool {
|
||||
for _, policySlice := range policies {
|
||||
for _, policy := range policySlice {
|
||||
for _, rule := range policy.Spec.Rules {
|
||||
|
|
@ -167,10 +167,21 @@ func convertResource(raw []byte, group, version, kind, namespace string) (unstru
|
|||
|
||||
func excludeKyvernoResources(kind string) bool {
|
||||
switch kind {
|
||||
case "ClusterPolicy", "GenerateRequest", "Policy", "ClusterPolicyReport", "PolicyReport", "ClusterReportChangeRequest", "ReportChangeRequest":
|
||||
case "ClusterPolicy":
|
||||
return true
|
||||
case "Policy":
|
||||
return true
|
||||
case "ClusterPolicyReport":
|
||||
return true
|
||||
case "PolicyReport":
|
||||
return true
|
||||
case "ReportChangeRequest":
|
||||
return true
|
||||
case "GenerateRequest":
|
||||
return true
|
||||
case "ClusterReportChangeRequest":
|
||||
return true
|
||||
default:
|
||||
return false
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ func (ws *WebhookServer) HandleMutation(
|
|||
}
|
||||
|
||||
// if any of the policies fails, print out the error
|
||||
if !isResponseSuccesful(engineResponses) {
|
||||
if !isResponseSuccessful(engineResponses) {
|
||||
logger.Info("failed to apply mutation rules on the resource, reporting policy violation", "errors", getErrorMsg(engineResponses))
|
||||
}
|
||||
}()
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ type WebhookServer struct {
|
|||
|
||||
auditHandler AuditHandler
|
||||
|
||||
log logr.Logger
|
||||
log logr.Logger
|
||||
|
||||
openAPIController *openapi.Controller
|
||||
|
||||
|
|
@ -179,7 +179,7 @@ func NewWebhookServer(
|
|||
log: log,
|
||||
openAPIController: openAPIController,
|
||||
supportMutateValidate: supportMutateValidate,
|
||||
resCache: resCache,
|
||||
resCache: resCache,
|
||||
}
|
||||
|
||||
mux := httprouter.New()
|
||||
|
|
@ -287,7 +287,7 @@ func (ws *WebhookServer) ResourceMutation(request *v1beta1.AdmissionRequest) *v1
|
|||
// getRoleRef only if policy has roles/clusterroles defined
|
||||
var roles, clusterRoles []string
|
||||
var err error
|
||||
if containRBACinfo(mutatePolicies, validatePolicies, generatePolicies) {
|
||||
if containRBACInfo(mutatePolicies, validatePolicies, generatePolicies) {
|
||||
roles, clusterRoles, err = userinfo.GetRoleRef(ws.rbLister, ws.crbLister, request, ws.configHandler)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to get RBAC information for request")
|
||||
|
|
@ -412,7 +412,7 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
|
|||
var roles, clusterRoles []string
|
||||
var err error
|
||||
// getRoleRef only if policy has roles/clusterroles defined
|
||||
if containRBACinfo(policies) {
|
||||
if containRBACInfo(policies) {
|
||||
roles, clusterRoles, err = userinfo.GetRoleRef(ws.rbLister, ws.crbLister, request, ws.configHandler)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to get RBAC information for request")
|
||||
|
|
|
|||
|
|
@ -143,7 +143,7 @@ func (h *auditHandler) process(request *v1beta1.AdmissionRequest) error {
|
|||
nsPolicies := h.pCache.Get(policycache.ValidateAudit, &request.Namespace)
|
||||
policies = append(policies, nsPolicies...)
|
||||
// getRoleRef only if policy has roles/clusterroles defined
|
||||
if containRBACinfo(policies) {
|
||||
if containRBACInfo(policies) {
|
||||
roles, clusterRoles, err = userinfo.GetRoleRef(h.rbLister, h.crbLister, request, h.configHandler)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to get RBAC information for request")
|
||||
|
|
|
|||
Loading…
Reference in a new issue