mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
fix: incorrect config loading when data is nil (#6818)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
15afddd1d3
commit
3eff458126
1 changed files with 26 additions and 20 deletions
|
|
@ -74,14 +74,18 @@ const (
|
||||||
MetricsPath = "/metrics"
|
MetricsPath = "/metrics"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// keys in config map
|
||||||
const (
|
const (
|
||||||
// Due to kubernetes issue, we must use next literal constants instead of deployment TypeMeta fields
|
resourceFilters = "resourceFilters"
|
||||||
// Issue: https://github.com/kubernetes/kubernetes/pull/63972
|
defaultRegistry = "defaultRegistry"
|
||||||
// When the issue is closed, we should use TypeMeta struct instead of this constants
|
enableDefaultRegistryMutation = "enableDefaultRegistryMutation"
|
||||||
// ClusterRoleAPIVersion define the default clusterrole resource apiVersion
|
excludeGroups = "excludeGroups"
|
||||||
ClusterRoleAPIVersion = "rbac.authorization.k8s.io/v1"
|
excludeUsernames = "excludeUsernames"
|
||||||
// ClusterRoleKind define the default clusterrole resource kind
|
excludeRoles = "excludeRoles"
|
||||||
ClusterRoleKind = "ClusterRole"
|
excludeClusterRoles = "excludeClusterRoles"
|
||||||
|
generateSuccessEvents = "generateSuccessEvents"
|
||||||
|
webhooks = "webhooks"
|
||||||
|
webhookAnnotations = "webhookAnnotations"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
@ -287,12 +291,13 @@ func (cd *configuration) Load(cm *corev1.ConfigMap) {
|
||||||
|
|
||||||
func (cd *configuration) load(cm *corev1.ConfigMap) {
|
func (cd *configuration) load(cm *corev1.ConfigMap) {
|
||||||
logger := logger.WithValues("name", cm.Name, "namespace", cm.Namespace)
|
logger := logger.WithValues("name", cm.Name, "namespace", cm.Namespace)
|
||||||
if cm.Data == nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
cd.mux.Lock()
|
cd.mux.Lock()
|
||||||
defer cd.mux.Unlock()
|
defer cd.mux.Unlock()
|
||||||
defer cd.notify()
|
defer cd.notify()
|
||||||
|
data := cm.Data
|
||||||
|
if data == nil {
|
||||||
|
data = map[string]string{}
|
||||||
|
}
|
||||||
// reset
|
// reset
|
||||||
cd.defaultRegistry = "docker.io"
|
cd.defaultRegistry = "docker.io"
|
||||||
cd.enableDefaultRegistryMutation = true
|
cd.enableDefaultRegistryMutation = true
|
||||||
|
|
@ -305,10 +310,10 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
||||||
cd.webhooks = nil
|
cd.webhooks = nil
|
||||||
cd.webhookAnnotations = nil
|
cd.webhookAnnotations = nil
|
||||||
// load filters
|
// load filters
|
||||||
cd.filters = parseKinds(cm.Data["resourceFilters"])
|
cd.filters = parseKinds(data[resourceFilters])
|
||||||
logger.Info("filters configured", "filters", cd.filters)
|
logger.Info("filters configured", "filters", cd.filters)
|
||||||
// load defaultRegistry
|
// load defaultRegistry
|
||||||
defaultRegistry, ok := cm.Data["defaultRegistry"]
|
defaultRegistry, ok := data[defaultRegistry]
|
||||||
if !ok {
|
if !ok {
|
||||||
logger.Info("defaultRegistry not set")
|
logger.Info("defaultRegistry not set")
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -321,7 +326,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// load enableDefaultRegistryMutation
|
// load enableDefaultRegistryMutation
|
||||||
enableDefaultRegistryMutation, ok := cm.Data["enableDefaultRegistryMutation"]
|
enableDefaultRegistryMutation, ok := data[enableDefaultRegistryMutation]
|
||||||
if !ok {
|
if !ok {
|
||||||
logger.Info("enableDefaultRegistryMutation not set")
|
logger.Info("enableDefaultRegistryMutation not set")
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -335,7 +340,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// load excludeGroupRole
|
// load excludeGroupRole
|
||||||
excludedGroups, ok := cm.Data["excludeGroups"]
|
excludedGroups, ok := data[excludeGroups]
|
||||||
if !ok {
|
if !ok {
|
||||||
logger.Info("excludeGroups not set")
|
logger.Info("excludeGroups not set")
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -343,7 +348,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
||||||
logger.Info("excludedGroups configured", "excludeGroups", cd.excludedGroups)
|
logger.Info("excludedGroups configured", "excludeGroups", cd.excludedGroups)
|
||||||
}
|
}
|
||||||
// load excludeUsername
|
// load excludeUsername
|
||||||
excludedUsernames, ok := cm.Data["excludeUsernames"]
|
excludedUsernames, ok := data[excludeUsernames]
|
||||||
if !ok {
|
if !ok {
|
||||||
logger.Info("excludeUsernames not set")
|
logger.Info("excludeUsernames not set")
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -351,7 +356,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
||||||
logger.Info("excludedUsernames configured", "excludeUsernames", cd.excludedUsernames)
|
logger.Info("excludedUsernames configured", "excludeUsernames", cd.excludedUsernames)
|
||||||
}
|
}
|
||||||
// load excludeRoles
|
// load excludeRoles
|
||||||
excludedRoles, ok := cm.Data["excludeRoles"]
|
excludedRoles, ok := data[excludeRoles]
|
||||||
if !ok {
|
if !ok {
|
||||||
logger.Info("excludeRoles not set")
|
logger.Info("excludeRoles not set")
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -359,7 +364,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
||||||
logger.Info("excludedRoles configured", "excludeRoles", cd.excludedRoles)
|
logger.Info("excludedRoles configured", "excludeRoles", cd.excludedRoles)
|
||||||
}
|
}
|
||||||
// load excludeClusterRoles
|
// load excludeClusterRoles
|
||||||
excludedClusterRoles, ok := cm.Data["excludeClusterRoles"]
|
excludedClusterRoles, ok := data[excludeClusterRoles]
|
||||||
if !ok {
|
if !ok {
|
||||||
logger.Info("excludeClusterRoles not set")
|
logger.Info("excludeClusterRoles not set")
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -367,7 +372,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
||||||
logger.Info("excludedClusterRoles configured", "excludeClusterRoles", cd.excludedClusterRoles)
|
logger.Info("excludedClusterRoles configured", "excludeClusterRoles", cd.excludedClusterRoles)
|
||||||
}
|
}
|
||||||
// load generateSuccessEvents
|
// load generateSuccessEvents
|
||||||
generateSuccessEvents, ok := cm.Data["generateSuccessEvents"]
|
generateSuccessEvents, ok := data[generateSuccessEvents]
|
||||||
if !ok {
|
if !ok {
|
||||||
logger.Info("generateSuccessEvents not set")
|
logger.Info("generateSuccessEvents not set")
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -381,7 +386,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// load webhooks
|
// load webhooks
|
||||||
webhooks, ok := cm.Data["webhooks"]
|
webhooks, ok := data[webhooks]
|
||||||
if !ok {
|
if !ok {
|
||||||
logger.Info("webhooks not set")
|
logger.Info("webhooks not set")
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -395,7 +400,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// load webhook annotations
|
// load webhook annotations
|
||||||
webhookAnnotations, ok := cm.Data["webhookAnnotations"]
|
webhookAnnotations, ok := data[webhookAnnotations]
|
||||||
if !ok {
|
if !ok {
|
||||||
logger.Info("webhookAnnotations not set")
|
logger.Info("webhookAnnotations not set")
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -424,6 +429,7 @@ func (cd *configuration) unload() {
|
||||||
cd.generateSuccessEvents = false
|
cd.generateSuccessEvents = false
|
||||||
cd.webhooks = nil
|
cd.webhooks = nil
|
||||||
cd.webhookAnnotations = nil
|
cd.webhookAnnotations = nil
|
||||||
|
logger.Info("configuration unloaded")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cd *configuration) notify() {
|
func (cd *configuration) notify() {
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue