mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00
Code Activity

fix: use FindResources in CLI (#6650)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-03-22 17:04:32 +01:00 committed by GitHub
parent 9e5f19b899
commit 4138fc3678
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
cmd/cli/kubectl-kyverno/utils/common/common.go
View file

@ -996,21 +996,25 @@ func GetKindsFromPolicy(policy kyvernov1.PolicyInterface, subresources []Subreso
} }
func getKind(kind string, subresources []Subresource, dClient dclient.Interface) (string, error) { func getKind(kind string, subresources []Subresource, dClient dclient.Interface) (string, error) {
gv, k := kubeutils.GetKindFromGVK(kind) group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
parentKind, subresource := kubeutils.SplitSubresource(k) if subresource == "" {
var err error return kind, nil
if subresource != "" {
if dClient != nil {
var apiResource *metav1.APIResource
apiResource, _, _, err = dClient.Discovery().FindResource(gv, k)
if err == nil {
k = apiResource.Kind
}
} else {
k, err = getSubresourceKind(gv, parentKind, subresource, subresources)
}
} }
return k, err if dClient == nil {
gv := schema.GroupVersion{Group: group, Version: version}
return getSubresourceKind(gv.String(), kind, subresource, subresources)
}
gvrss, err := dClient.Discovery().FindResources(group, version, kind, subresource)
if err != nil {
return kind, err
}
if len(gvrss) != 1 {
return kind, fmt.Errorf("no unique match for kind %s", kind)
}
for _, api := range gvrss {
return api.Kind, nil
}
return kind, nil
} }
func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []Subresource) (string, error) { func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []Subresource) (string, error) {

47
cmd/cli/kubectl-kyverno/utils/common/fetch.go
View file

@ -16,6 +16,7 @@ import (
"github.com/kyverno/kyverno/pkg/clients/dclient" "github.com/kyverno/kyverno/pkg/clients/dclient"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
yamlutils "github.com/kyverno/kyverno/pkg/utils/yaml" yamlutils "github.com/kyverno/kyverno/pkg/utils/yaml"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/kubernetes/scheme"
@ -72,7 +73,6 @@ func whenClusterIsTrue(resourceTypes []schema.GroupVersionKind, subresourceMap m
if err != nil { if err != nil {
return nil, err return nil, err
} }
if len(resourcePaths) == 0 { if len(resourcePaths) == 0 {
for _, rr := range resourceMap { for _, rr := range resourceMap {
resources = append(resources, rr) resources = append(resources, rr)
@ -86,7 +86,6 @@ func whenClusterIsTrue(resourceTypes []schema.GroupVersionKind, subresourceMap m
resources = append(resources, rr) resources = append(resources, rr)
} }
} }
if lenOfResource >= len(resources) { if lenOfResource >= len(resources) {
if policyReport { if policyReport {
log.Log.V(3).Info(fmt.Sprintf("%s not found in cluster", resourcePath)) log.Log.V(3).Info(fmt.Sprintf("%s not found in cluster", resourcePath))
@ -195,13 +194,11 @@ func GetResource(resourceBytes []byte) ([]*unstructured.Unstructured, error) {
func getResourcesOfTypeFromCluster(resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) { func getResourcesOfTypeFromCluster(resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) {
r := make(map[string]*unstructured.Unstructured) r := make(map[string]*unstructured.Unstructured)
for _, kind := range resourceTypes { for _, kind := range resourceTypes {
resourceList, err := dClient.ListResource(context.TODO(), kind.GroupVersion().String(), kind.Kind, namespace, nil) resourceList, err := dClient.ListResource(context.TODO(), kind.GroupVersion().String(), kind.Kind, namespace, nil)
if err != nil { if err != nil {
continue continue
} }
gvk := resourceList.GroupVersionKind() gvk := resourceList.GroupVersionKind()
for _, resource := range resourceList.Items { for _, resource := range resourceList.Items {
key := kind.Kind + "-" + resource.GetNamespace() + "-" + resource.GetName() key := kind.Kind + "-" + resource.GetNamespace() + "-" + resource.GetName()
@ -213,19 +210,16 @@ func getResourcesOfTypeFromCluster(resourceTypes []schema.GroupVersionKind, subr
r[key] = resource.DeepCopy() r[key] = resource.DeepCopy()
} }
} }
for _, subresource := range subresourceMap { for _, subresource := range subresourceMap {
parentGV := schema.GroupVersion{Group: subresource.ParentResource.Group, Version: subresource.ParentResource.Version} parentGV := schema.GroupVersion{Group: subresource.ParentResource.Group, Version: subresource.ParentResource.Version}
resourceList, err := dClient.ListResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, nil) resourceList, err := dClient.ListResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, nil)
if err != nil { if err != nil {
continue continue
} }
parentResourceNames := make([]string, 0) parentResourceNames := make([]string, 0)
for _, resource := range resourceList.Items { for _, resource := range resourceList.Items {
parentResourceNames = append(parentResourceNames, resource.GetName()) parentResourceNames = append(parentResourceNames, resource.GetName())
} }
for _, parentResourceName := range parentResourceNames { for _, parentResourceName := range parentResourceNames {
subresourceName := strings.Split(subresource.APIResource.Name, "/")[1] subresourceName := strings.Split(subresource.APIResource.Name, "/")[1]
resource, err := dClient.GetResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, parentResourceName, subresourceName) resource, err := dClient.GetResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, parentResourceName, subresourceName)
@ -330,7 +324,6 @@ func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema
for _, kind := range rule.MatchResources.Kinds { for _, kind := range rule.MatchResources.Kinds {
addGVKToResourceTypesMap(kind, resourceTypesMap, subresourceMap, client) addGVKToResourceTypesMap(kind, resourceTypesMap, subresourceMap, client)
} }
if rule.MatchResources.Any != nil { if rule.MatchResources.Any != nil {
for _, resFilter := range rule.MatchResources.Any { for _, resFilter := range rule.MatchResources.Any {
for _, kind := range resFilter.ResourceDescription.Kinds { for _, kind := range resFilter.ResourceDescription.Kinds {
@ -338,7 +331,6 @@ func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema
} }
} }
} }
if rule.MatchResources.All != nil { if rule.MatchResources.All != nil {
for _, resFilter := range rule.MatchResources.All { for _, resFilter := range rule.MatchResources.All {
for _, kind := range resFilter.ResourceDescription.Kinds { for _, kind := range resFilter.ResourceDescription.Kinds {
@ -350,28 +342,29 @@ func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema
} }
func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]Subresource, client dclient.Interface) { func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]Subresource, client dclient.Interface) {
gvString, k := kubeutils.GetKindFromGVK(kind) group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
apiResource, parentApiResource, _, err := client.Discovery().FindResource(gvString, k) gvrss, err := client.Discovery().FindResources(group, version, kind, subresource)
if err != nil { if err != nil {
log.Log.Info("failed to find resource", "kind", kind, "error", err) log.Log.Info("failed to find resource", "kind", kind, "error", err)
return return
} }
for parent, child := range gvrss {
// The resource is not a subresource // The resource is not a subresource
if parentApiResource == nil { if parent.SubResource == "" {
gvk := schema.GroupVersionKind{ resourceTypesMap[parent.GroupVersionKind()] = true
Group: apiResource.Group, } else {
Version: apiResource.Version, gvk := schema.GroupVersionKind{
Kind: apiResource.Kind, Group: child.Group, Version: child.Version, Kind: child.Kind,
} }
resourceTypesMap[gvk] = true subresourceMap[gvk] = Subresource{
} else { APIResource: child,
gvk := schema.GroupVersionKind{ ParentResource: metav1.APIResource{
Group: apiResource.Group, Version: apiResource.Version, Kind: apiResource.Kind, Group: parent.Group,
} Version: parent.Version,
subresourceMap[gvk] = Subresource{ Kind: parent.Kind,
APIResource: *apiResource, Name: parent.Resource,
ParentResource: *parentApiResource, },
}
} }
} }
} }