mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-30 03:15:05 +00:00
fix: incorrect config loading when data is nil (#6818)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
15afddd1d3
commit
3eff458126
1 changed files with 26 additions and 20 deletions
|
|
@ -74,14 +74,18 @@ const (
|
|||
MetricsPath = "/metrics"
|
||||
)
|
||||
|
||||
// keys in config map
|
||||
const (
|
||||
// Due to kubernetes issue, we must use next literal constants instead of deployment TypeMeta fields
|
||||
// Issue: https://github.com/kubernetes/kubernetes/pull/63972
|
||||
// When the issue is closed, we should use TypeMeta struct instead of this constants
|
||||
// ClusterRoleAPIVersion define the default clusterrole resource apiVersion
|
||||
ClusterRoleAPIVersion = "rbac.authorization.k8s.io/v1"
|
||||
// ClusterRoleKind define the default clusterrole resource kind
|
||||
ClusterRoleKind = "ClusterRole"
|
||||
resourceFilters = "resourceFilters"
|
||||
defaultRegistry = "defaultRegistry"
|
||||
enableDefaultRegistryMutation = "enableDefaultRegistryMutation"
|
||||
excludeGroups = "excludeGroups"
|
||||
excludeUsernames = "excludeUsernames"
|
||||
excludeRoles = "excludeRoles"
|
||||
excludeClusterRoles = "excludeClusterRoles"
|
||||
generateSuccessEvents = "generateSuccessEvents"
|
||||
webhooks = "webhooks"
|
||||
webhookAnnotations = "webhookAnnotations"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
@ -287,12 +291,13 @@ func (cd *configuration) Load(cm *corev1.ConfigMap) {
|
|||
|
||||
func (cd *configuration) load(cm *corev1.ConfigMap) {
|
||||
logger := logger.WithValues("name", cm.Name, "namespace", cm.Namespace)
|
||||
if cm.Data == nil {
|
||||
return
|
||||
}
|
||||
cd.mux.Lock()
|
||||
defer cd.mux.Unlock()
|
||||
defer cd.notify()
|
||||
data := cm.Data
|
||||
if data == nil {
|
||||
data = map[string]string{}
|
||||
}
|
||||
// reset
|
||||
cd.defaultRegistry = "docker.io"
|
||||
cd.enableDefaultRegistryMutation = true
|
||||
|
|
@ -305,10 +310,10 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
|||
cd.webhooks = nil
|
||||
cd.webhookAnnotations = nil
|
||||
// load filters
|
||||
cd.filters = parseKinds(cm.Data["resourceFilters"])
|
||||
cd.filters = parseKinds(data[resourceFilters])
|
||||
logger.Info("filters configured", "filters", cd.filters)
|
||||
// load defaultRegistry
|
||||
defaultRegistry, ok := cm.Data["defaultRegistry"]
|
||||
defaultRegistry, ok := data[defaultRegistry]
|
||||
if !ok {
|
||||
logger.Info("defaultRegistry not set")
|
||||
} else {
|
||||
|
|
@ -321,7 +326,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
|||
}
|
||||
}
|
||||
// load enableDefaultRegistryMutation
|
||||
enableDefaultRegistryMutation, ok := cm.Data["enableDefaultRegistryMutation"]
|
||||
enableDefaultRegistryMutation, ok := data[enableDefaultRegistryMutation]
|
||||
if !ok {
|
||||
logger.Info("enableDefaultRegistryMutation not set")
|
||||
} else {
|
||||
|
|
@ -335,7 +340,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
|||
}
|
||||
}
|
||||
// load excludeGroupRole
|
||||
excludedGroups, ok := cm.Data["excludeGroups"]
|
||||
excludedGroups, ok := data[excludeGroups]
|
||||
if !ok {
|
||||
logger.Info("excludeGroups not set")
|
||||
} else {
|
||||
|
|
@ -343,7 +348,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
|||
logger.Info("excludedGroups configured", "excludeGroups", cd.excludedGroups)
|
||||
}
|
||||
// load excludeUsername
|
||||
excludedUsernames, ok := cm.Data["excludeUsernames"]
|
||||
excludedUsernames, ok := data[excludeUsernames]
|
||||
if !ok {
|
||||
logger.Info("excludeUsernames not set")
|
||||
} else {
|
||||
|
|
@ -351,7 +356,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
|||
logger.Info("excludedUsernames configured", "excludeUsernames", cd.excludedUsernames)
|
||||
}
|
||||
// load excludeRoles
|
||||
excludedRoles, ok := cm.Data["excludeRoles"]
|
||||
excludedRoles, ok := data[excludeRoles]
|
||||
if !ok {
|
||||
logger.Info("excludeRoles not set")
|
||||
} else {
|
||||
|
|
@ -359,7 +364,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
|||
logger.Info("excludedRoles configured", "excludeRoles", cd.excludedRoles)
|
||||
}
|
||||
// load excludeClusterRoles
|
||||
excludedClusterRoles, ok := cm.Data["excludeClusterRoles"]
|
||||
excludedClusterRoles, ok := data[excludeClusterRoles]
|
||||
if !ok {
|
||||
logger.Info("excludeClusterRoles not set")
|
||||
} else {
|
||||
|
|
@ -367,7 +372,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
|||
logger.Info("excludedClusterRoles configured", "excludeClusterRoles", cd.excludedClusterRoles)
|
||||
}
|
||||
// load generateSuccessEvents
|
||||
generateSuccessEvents, ok := cm.Data["generateSuccessEvents"]
|
||||
generateSuccessEvents, ok := data[generateSuccessEvents]
|
||||
if !ok {
|
||||
logger.Info("generateSuccessEvents not set")
|
||||
} else {
|
||||
|
|
@ -381,7 +386,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
|||
}
|
||||
}
|
||||
// load webhooks
|
||||
webhooks, ok := cm.Data["webhooks"]
|
||||
webhooks, ok := data[webhooks]
|
||||
if !ok {
|
||||
logger.Info("webhooks not set")
|
||||
} else {
|
||||
|
|
@ -395,7 +400,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
|||
}
|
||||
}
|
||||
// load webhook annotations
|
||||
webhookAnnotations, ok := cm.Data["webhookAnnotations"]
|
||||
webhookAnnotations, ok := data[webhookAnnotations]
|
||||
if !ok {
|
||||
logger.Info("webhookAnnotations not set")
|
||||
} else {
|
||||
|
|
@ -424,6 +429,7 @@ func (cd *configuration) unload() {
|
|||
cd.generateSuccessEvents = false
|
||||
cd.webhooks = nil
|
||||
cd.webhookAnnotations = nil
|
||||
logger.Info("configuration unloaded")
|
||||
}
|
||||
|
||||
func (cd *configuration) notify() {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue