mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

fix: use FindResources in CLI (#6650)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-03-22 17:04:32 +01:00 committed by GitHub
parent 9e5f19b899
commit 4138fc3678
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
cmd/cli/kubectl-kyverno/utils/common/common.go
View file

@ -996,21 +996,25 @@ func GetKindsFromPolicy(policy kyvernov1.PolicyInterface, subresources []Subreso
}
func getKind(kind string, subresources []Subresource, dClient dclient.Interface) (string, error) {
gv, k := kubeutils.GetKindFromGVK(kind)
parentKind, subresource := kubeutils.SplitSubresource(k)
var err error
if subresource != "" {
if dClient != nil {
var apiResource *metav1.APIResource
apiResource, _, _, err = dClient.Discovery().FindResource(gv, k)
if err == nil {
k = apiResource.Kind
}
} else {
k, err = getSubresourceKind(gv, parentKind, subresource, subresources)
}
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
if subresource == "" {
return kind, nil
}
return k, err
if dClient == nil {
gv := schema.GroupVersion{Group: group, Version: version}
return getSubresourceKind(gv.String(), kind, subresource, subresources)
}
gvrss, err := dClient.Discovery().FindResources(group, version, kind, subresource)
if err != nil {
return kind, err
}
if len(gvrss) != 1 {
return kind, fmt.Errorf("no unique match for kind %s", kind)
}
for _, api := range gvrss {
return api.Kind, nil
}
return kind, nil
}
func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []Subresource) (string, error) {

47
cmd/cli/kubectl-kyverno/utils/common/fetch.go
View file

@ -16,6 +16,7 @@ import (
"github.com/kyverno/kyverno/pkg/clients/dclient"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
yamlutils "github.com/kyverno/kyverno/pkg/utils/yaml"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/client-go/kubernetes/scheme"
@ -72,7 +73,6 @@ func whenClusterIsTrue(resourceTypes []schema.GroupVersionKind, subresourceMap m
if err != nil {
return nil, err
}
if len(resourcePaths) == 0 {
for _, rr := range resourceMap {
resources = append(resources, rr)
@ -86,7 +86,6 @@ func whenClusterIsTrue(resourceTypes []schema.GroupVersionKind, subresourceMap m
resources = append(resources, rr)
}
}
if lenOfResource >= len(resources) {
if policyReport {
log.Log.V(3).Info(fmt.Sprintf("%s not found in cluster", resourcePath))
@ -195,13 +194,11 @@ func GetResource(resourceBytes []byte) ([]*unstructured.Unstructured, error) {
func getResourcesOfTypeFromCluster(resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) {
r := make(map[string]*unstructured.Unstructured)
for _, kind := range resourceTypes {
resourceList, err := dClient.ListResource(context.TODO(), kind.GroupVersion().String(), kind.Kind, namespace, nil)
if err != nil {
continue
}
gvk := resourceList.GroupVersionKind()
for _, resource := range resourceList.Items {
key := kind.Kind + "-" + resource.GetNamespace() + "-" + resource.GetName()
@ -213,19 +210,16 @@ func getResourcesOfTypeFromCluster(resourceTypes []schema.GroupVersionKind, subr
r[key] = resource.DeepCopy()
}
}
for _, subresource := range subresourceMap {
parentGV := schema.GroupVersion{Group: subresource.ParentResource.Group, Version: subresource.ParentResource.Version}
resourceList, err := dClient.ListResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, nil)
if err != nil {
continue
}
parentResourceNames := make([]string, 0)
for _, resource := range resourceList.Items {
parentResourceNames = append(parentResourceNames, resource.GetName())
}
for _, parentResourceName := range parentResourceNames {
subresourceName := strings.Split(subresource.APIResource.Name, "/")[1]
resource, err := dClient.GetResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, parentResourceName, subresourceName)
@ -330,7 +324,6 @@ func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema
for _, kind := range rule.MatchResources.Kinds {
addGVKToResourceTypesMap(kind, resourceTypesMap, subresourceMap, client)
}
if rule.MatchResources.Any != nil {
for _, resFilter := range rule.MatchResources.Any {
for _, kind := range resFilter.ResourceDescription.Kinds {
@ -338,7 +331,6 @@ func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema
}
}
}
if rule.MatchResources.All != nil {
for _, resFilter := range rule.MatchResources.All {
for _, kind := range resFilter.ResourceDescription.Kinds {
@ -350,28 +342,29 @@ func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema
}
func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]Subresource, client dclient.Interface) {
gvString, k := kubeutils.GetKindFromGVK(kind)
apiResource, parentApiResource, _, err := client.Discovery().FindResource(gvString, k)
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
gvrss, err := client.Discovery().FindResources(group, version, kind, subresource)
if err != nil {
log.Log.Info("failed to find resource", "kind", kind, "error", err)
return
}
// The resource is not a subresource
if parentApiResource == nil {
gvk := schema.GroupVersionKind{
Group: apiResource.Group,
Version: apiResource.Version,
Kind: apiResource.Kind,
}
resourceTypesMap[gvk] = true
} else {
gvk := schema.GroupVersionKind{
Group: apiResource.Group, Version: apiResource.Version, Kind: apiResource.Kind,
}
subresourceMap[gvk] = Subresource{
APIResource: *apiResource,
ParentResource: *parentApiResource,
for parent, child := range gvrss {
// The resource is not a subresource
if parent.SubResource == "" {
resourceTypesMap[parent.GroupVersionKind()] = true
} else {
gvk := schema.GroupVersionKind{
Group: child.Group, Version: child.Version, Kind: child.Kind,
}
subresourceMap[gvk] = Subresource{
APIResource: child,
ParentResource: metav1.APIResource{
Group: parent.Group,
Version: parent.Version,
Kind: parent.Kind,
Name: parent.Resource,
},
}
}
}
}