refactor: add a couple of constants in api (#4640)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2025-03-05 07:26:55 +00:00 · 2022-09-19 11:11:12 +02:00 · 2022-09-19 11:11:12 +02:00 · 42a2df56c1
commit 42a2df56c1
parent 634dff5639
12 changed files with 29 additions and 18 deletions
--- a/api/kyverno/v1/constants.go
+++ b/api/kyverno/v1/constants.go
@ -3,4 +3,8 @@ package v1
 const (
 	// PodControllersAnnotation defines the annotation key for Pod-Controllers
 	PodControllersAnnotation = "pod-policies.kyverno.io/autogen-controllers"
+	// LabelAppManagedBy defines the label key for managed-by label
+	LabelAppManagedBy = "app.kubernetes.io/managed-by"
+	// ValueKyvernoApp defines the kyverno application value
+	ValueKyvernoApp = "kyverno"
 )
--- a/pkg/background/common/labels.go
+++ b/pkg/background/common/labels.go
@ -5,6 +5,7 @@ import (
 	"reflect"
 	"strings"

+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	pkglabels "k8s.io/apimachinery/pkg/labels"
@ -70,8 +71,8 @@ func GenerateLabelsSet(policyKey string, trigger Object) pkglabels.Set {

 func managedBy(labels map[string]string) {
 	// ManagedBy label
-	key := "app.kubernetes.io/managed-by"
-	value := "kyverno"
+	key := kyvernov1.LabelAppManagedBy
+	value := kyvernov1.ValueKyvernoApp
 	val, ok := labels[key]
 	if ok {
 		if val != value {
--- a/pkg/policyreport/policyreport.go
+++ b/pkg/policyreport/policyreport.go
@ -8,6 +8,7 @@ import (
 	"strings"

 	"github.com/cornelk/hashmap"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
@ -230,7 +231,7 @@ func CleanupPolicyReport(client versioned.Interface) error {
 	var gracePeriod int64 = 0

 	deleteOptions := metav1.DeleteOptions{GracePeriodSeconds: &gracePeriod}
-	selector := labels.SelectorFromSet(labels.Set(map[string]string{LabelSelectorKey: LabelSelectorValue}))
+	selector := labels.SelectorFromSet(labels.Set(map[string]string{LabelSelectorKey: kyvernov1.ValueKyvernoApp}))

 	err := client.KyvernoV1alpha2().ClusterReportChangeRequests().DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{})
 	if err != nil {
--- a/pkg/policyreport/reportcontroller.go
+++ b/pkg/policyreport/reportcontroller.go
@ -8,6 +8,7 @@ import (
 	"time"

 	"github.com/go-logr/logr"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
@ -38,8 +39,7 @@ const (
 	prWorkQueueName     = "policy-report-controller"
 	clusterpolicyreport = "clusterpolicyreport"

-	LabelSelectorKey   = "managed-by"
-	LabelSelectorValue = "kyverno"
+	LabelSelectorKey = "managed-by"

 	deletedPolicyKey = "deletedpolicy"

@ -48,7 +48,7 @@ const (

 var LabelSelector = &metav1.LabelSelector{
 	MatchLabels: map[string]string{
-		LabelSelectorKey: LabelSelectorValue,
+		LabelSelectorKey: kyvernov1.ValueKyvernoApp,
 	},
 }

--- a/pkg/tls/renewer.go
+++ b/pkg/tls/renewer.go
@ -8,6 +8,7 @@ import (
 	"time"

 	"github.com/go-logr/logr"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@ -213,7 +214,7 @@ func (c *CertRenewer) writeSecret(name string, key *rsa.PrivateKey, certs ...*x5
 				Name:      name,
 				Namespace: config.KyvernoNamespace(),
 				Labels: map[string]string{
-					ManagedByLabel: "kyverno",
+					ManagedByLabel: kyvernov1.ValueKyvernoApp,
 				},
 			},
 			Type: corev1.SecretTypeTLS,
--- a/pkg/tls/utils.go
+++ b/pkg/tls/utils.go
@ -6,6 +6,7 @@ import (
 	"encoding/pem"
 	"time"

+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@ -103,7 +104,7 @@ func IsSecretManagedByKyverno(secret *corev1.Secret) bool {
 		if labels == nil {
 			return false
 		}
-		if labels[ManagedByLabel] != "kyverno" {
+		if labels[ManagedByLabel] != kyvernov1.ValueKyvernoApp {
 			return false
 		}
 	}
--- a/pkg/webhookconfig/common.go
+++ b/pkg/webhookconfig/common.go
@ -7,6 +7,7 @@ import (
 	"reflect"
 	"strings"

+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/metrics"
 	"github.com/kyverno/kyverno/pkg/tls"
@ -19,7 +20,6 @@ import (

 const (
 	managedByLabel string = "webhook.kyverno.io/managed-by"
-	kyvernoValue   string = "kyverno"
 )

 var (
@ -38,7 +38,7 @@ var (
 	}
 	vertifyObjectSelector = &metav1.LabelSelector{
 		MatchLabels: map[string]string{
-			"app.kubernetes.io/name": kyvernoValue,
+			"app.kubernetes.io/name": kyvernov1.ValueKyvernoApp,
 		},
 	}
 	update       = []admissionregistrationv1.OperationType{admissionregistrationv1.Update}
@ -75,7 +75,7 @@ func getHealthyPodsIP(pods []corev1.Pod) []string {
 func (wrc *Register) GetKubePolicyClusterRoleName() (*rbacv1.ClusterRole, error) {
 	selector := &metav1.LabelSelector{
 		MatchLabels: map[string]string{
-			"app.kubernetes.io/name": kyvernoValue,
+			"app.kubernetes.io/name": kyvernov1.ValueKyvernoApp,
 		},
 	}
 	clusterRoles, err := wrc.kubeClient.RbacV1().ClusterRoles().List(context.TODO(), metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(selector)})
@ -199,7 +199,7 @@ func generateObjectMeta(name string, owner ...metav1.OwnerReference) metav1.Obje
 	return metav1.ObjectMeta{
 		Name: name,
 		Labels: map[string]string{
-			managedByLabel: kyvernoValue,
+			managedByLabel: kyvernov1.ValueKyvernoApp,
 		},
 		OwnerReferences: owner,
 	}
--- a/pkg/webhookconfig/registration.go
+++ b/pkg/webhookconfig/registration.go
@ -10,6 +10,7 @@ import (
 	"time"

 	"github.com/go-logr/logr"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
 	kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
@ -223,7 +224,7 @@ func (wrc *Register) GetWebhookTimeOut() time.Duration {
 func (wrc *Register) UpdateWebhooksCaBundle() error {
 	selector := &metav1.LabelSelector{
 		MatchLabels: map[string]string{
-			managedByLabel: kyvernoValue,
+			managedByLabel: kyvernov1.ValueKyvernoApp,
 		},
 	}
 	caData := wrc.readCaData()
@ -419,7 +420,7 @@ func (wrc *Register) checkEndpoint() error {
 	}
 	selector := &metav1.LabelSelector{
 		MatchLabels: map[string]string{
-			"app.kubernetes.io/name": "kyverno",
+			"app.kubernetes.io/name": kyvernov1.ValueKyvernoApp,
 		},
 	}
 	pods, err := wrc.kubeClient.CoreV1().Pods(config.KyvernoNamespace()).List(context.TODO(), metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(selector)})
--- a/pkg/webhookconfig/status.go
+++ b/pkg/webhookconfig/status.go
@ -6,6 +6,7 @@ import (
 	"time"

 	"github.com/go-logr/logr"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/event"
 	"github.com/pkg/errors"
@ -106,7 +107,7 @@ func (vc statusControl) UpdateLastRequestTimestmap(new time.Time) error {
 	label := lease.GetLabels()
 	if len(label) == 0 {
 		label = make(map[string]string)
-		label["app.kubernetes.io/name"] = "kyverno"
+		label["app.kubernetes.io/name"] = kyvernov1.ValueKyvernoApp
 	}
 	lease.SetLabels(label)

--- a/pkg/webhooks/resource/generation/generation.go
+++ b/pkg/webhooks/resource/generation/generation.go
@ -156,7 +156,7 @@ func (h *generationHandler) HandleUpdatesForGenerateRules(request *admissionv1.A
 		h.handleUpdateGenerateSourceResource(resLabels)
 	}

-	if resLabels["app.kubernetes.io/managed-by"] == "kyverno" && resLabels["policy.kyverno.io/synchronize"] == "enable" && request.Operation == admissionv1.Update {
+	if resLabels[kyvernov1.LabelAppManagedBy] == kyvernov1.ValueKyvernoApp && resLabels["policy.kyverno.io/synchronize"] == "enable" && request.Operation == admissionv1.Update {
 		h.handleUpdateGenerateTargetResource(request, policies, resLabels)
 	}
 }
--- a/pkg/webhooks/resource/handlers.go
+++ b/pkg/webhooks/resource/handlers.go
@ -211,7 +211,7 @@ func (h *handlers) handleDelete(logger logr.Logger, request *admissionv1.Admissi
 		}

 		resLabels := resource.GetLabels()
-		if resLabels["app.kubernetes.io/managed-by"] == "kyverno" {
+		if resLabels[kyvernov1.LabelAppManagedBy] == kyvernov1.ValueKyvernoApp {
 			urName := resLabels["policy.kyverno.io/gr-name"]
 			ur, err := h.urLister.Get(urName)
 			if err != nil {
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@ -10,6 +10,7 @@ import (

 	"github.com/go-logr/logr"
 	"github.com/julienschmidt/httprouter"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/toggle"
 	"github.com/kyverno/kyverno/pkg/utils"
@ -133,7 +134,7 @@ func protect(inner handlers.AdmissionHandler) handlers.AdmissionHandler {
 			}
 			for _, resource := range []unstructured.Unstructured{newResource, oldResource} {
 				resLabels := resource.GetLabels()
-				if resLabels["app.kubernetes.io/managed-by"] == "kyverno" {
+				if resLabels[kyvernov1.LabelAppManagedBy] == kyvernov1.ValueKyvernoApp {
 					if request.UserInfo.Username != fmt.Sprintf("system:serviceaccount:%s:%s", config.KyvernoNamespace(), config.KyvernoServiceAccountName()) {
 						logger.Info("Access to the resource not authorized, this is a kyverno managed resource and should be altered only by kyverno")
 						return admissionutils.ResponseFailure("A kyverno managed resource can only be modified by kyverno")