remove kustomize patchesJSON6902

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2025-03-31 03:45:17 +00:00 · 2021-02-24 18:11:55 -08:00 · 2021-02-24 18:11:55 -08:00 · 492d0e8009
commit 492d0e8009
parent 7a1629aa9d
3 changed files with 39 additions and 58 deletions
--- a/pkg/engine/mutate/mutation.go
+++ b/pkg/engine/mutate/mutation.go
@ -113,7 +113,15 @@ func (h patchesJSON6902Handler) Handle() (resp response.RuleResponse, patchedRes
 	resp.Name = h.ruleName
 	resp.Type = utils.Mutation.String()

-	skip, err := preProcessJSONPatches(*h.mutation, h.patchedResource, h.logger)
+	patchesJSON6902, err := convertPatchesToJSON(h.mutation.PatchesJSON6902)
+	if err != nil {
+		resp.Success = false
+		h.logger.Error(err, "error in type conversion")
+		resp.Message = err.Error()
+		return resp, h.patchedResource
+	}
+
+	skip, err := preProcessJSONPatches(patchesJSON6902, h.patchedResource, h.logger)
 	if err != nil {
 		h.logger.Error(err, "failed to preProcessJSONPatches")
 	}
@ -123,7 +131,7 @@ func (h patchesJSON6902Handler) Handle() (resp response.RuleResponse, patchedRes
 		return resp, h.patchedResource
 	}

-	return ProcessPatchJSON6902(h.ruleName, *h.mutation, h.patchedResource, h.logger)
+	return ProcessPatchJSON6902(h.ruleName, patchesJSON6902, h.patchedResource, h.logger)
 }

 func (h overlayHandler) Handle() (response.RuleResponse, unstructured.Unstructured) {
@ -133,7 +141,7 @@ func (h overlayHandler) Handle() (response.RuleResponse, unstructured.Unstructur
 	// substitute the variables
 	var err error
 	if overlay, err = variables.SubstituteVars(h.logger, h.evalCtx, overlay); err != nil {
-		// variable subsitution failed
+		// variable substitution failed
 		ruleResponse.Success = false
 		ruleResponse.Message = err.Error()
 		return ruleResponse, h.patchedResource
@ -165,7 +173,16 @@ func (h patchesHandler) Handle() (resp response.RuleResponse, patchedResource un
 	resp.Name = h.ruleName
 	resp.Type = utils.Mutation.String()

-	skip, err := preProcessJSONPatches(*h.mutation, h.patchedResource, h.logger)
+	// patches is already converted to patchesJSON6902
+	patchesJSON6902, err := convertPatchesToJSON(h.mutation.PatchesJSON6902)
+	if err != nil {
+		resp.Success = false
+		h.logger.Error(err, "error in type conversion")
+		resp.Message = err.Error()
+		return resp, h.patchedResource
+	}
+
+	skip, err := preProcessJSONPatches(patchesJSON6902, h.patchedResource, h.logger)
 	if err != nil {
 		h.logger.Error(err, "failed to preProcessJSONPatches")
 	}
--- a/pkg/engine/mutate/patchJson6902.go
+++ b/pkg/engine/mutate/patchJson6902.go
@ -1,25 +1,20 @@
 package mutate

 import (
-	"bytes"
 	"encoding/json"
 	"fmt"
-	"strings"
 	"time"

-	jsonpatch "github.com/evanphx/json-patch"
 	"github.com/go-logr/logr"
 	kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/engine/response"
 	"github.com/kyverno/kyverno/pkg/engine/utils"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	patchjson6902 "sigs.k8s.io/kustomize/api/filters/patchjson6902"
-	filtersutil "sigs.k8s.io/kustomize/kyaml/filtersutil"
 	"sigs.k8s.io/yaml"
 )

 // ProcessPatchJSON6902 ...
-func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource unstructured.Unstructured, log logr.Logger) (resp response.RuleResponse, patchedResource unstructured.Unstructured) {
+func ProcessPatchJSON6902(ruleName string, patchesJSON6902 []byte, resource unstructured.Unstructured, log logr.Logger) (resp response.RuleResponse, patchedResource unstructured.Unstructured) {
 	logger := log.WithValues("rule", ruleName)
 	startTime := time.Now()
 	logger.V(4).Info("started JSON6902 patch", "startTime", startTime)
@ -38,7 +33,8 @@ func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource u
 		return resp, resource
 	}

-	patchedResourceRaw, err := patchJSON6902(string(resourceRaw), mutation.PatchesJSON6902)
+	patchedResourceRaw, err := utils.ApplyPatchNew(resourceRaw, patchesJSON6902)
+	// patchedResourceRaw, err := patchJSON6902(string(resourceRaw), mutation.PatchesJSON6902)
 	if err != nil {
 		resp.Success = false
 		logger.Error(err, "failed to process JSON6902 patches")
@ -48,27 +44,14 @@ func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource u

 	err = patchedResource.UnmarshalJSON(patchedResourceRaw)
 	if err != nil {
-		logger.Error(err, "failed to unmmarshal resource")
+		logger.Error(err, "failed to unmarshal resource")
 		resp.Success = false
-		resp.Message = fmt.Sprintf("failed to unmmarshal resource: %v", err)
+		resp.Message = fmt.Sprintf("failed to unmarshal resource: %v", err)
 		return resp, resource
 	}

-	var op []byte
-	if mutation.PatchesJSON6902[0] != '[' {
-		// if it doesn't seem to be JSON, imagine
-		// it is YAML, and convert to JSON.
-		op, err = yaml.YAMLToJSON([]byte(mutation.PatchesJSON6902))
-		if err != nil {
-			resp.Success = false
-			resp.Message = fmt.Sprintf("failed to unmmarshal resource: %v", err)
-			return resp, resource
-		}
-		mutation.PatchesJSON6902 = string(op)
-	}
-
 	var decodedPatch []kyverno.Patch
-	err = json.Unmarshal(op, &decodedPatch)
+	err = json.Unmarshal(patchesJSON6902, &decodedPatch)
 	if err != nil {
 		resp.Success = false
 		resp.Message = err.Error()
@ -94,32 +77,16 @@ func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource u
 	return resp, patchedResource
 }

-func patchJSON6902(base, patches string) ([]byte, error) {
-	f := patchjson6902.Filter{
-		Patch: patches,
-	}
-
-	baseObj := buffer{Buffer: bytes.NewBufferString(base)}
-	err := filtersutil.ApplyToJSON(f, baseObj)
-
-	return baseObj.Bytes(), err
-}
-
-func decodePatch(patch string) (jsonpatch.Patch, error) {
-	// If the patch doesn't look like a JSON6902 patch, we
-	// try to parse it to json.
-	if !strings.HasPrefix(patch, "[") {
-		p, err := yaml.YAMLToJSON([]byte(patch))
+func convertPatchesToJSON(patchesJSON6902 string) ([]byte, error) {
+	if patchesJSON6902[0] != '[' {
+		// If the patch doesn't look like a JSON6902 patch, we
+		// try to parse it to json.
+		op, err := yaml.YAMLToJSON([]byte(patchesJSON6902))
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("failed to convert patchesJSON6902 to JSON: %v", err)
 		}
-		patch = string(p)
+		return op, nil
 	}

-	decodedPatch, err := jsonpatch.DecodePatch([]byte(patch))
-	if err != nil {
-		return nil, err
-	}
-
-	return decodedPatch, nil
+	return []byte(patchesJSON6902), nil
 }
--- a/pkg/engine/mutate/patchesUtils.go
+++ b/pkg/engine/mutate/patchesUtils.go
@ -10,7 +10,6 @@ import (

 	evanjsonpatch "github.com/evanphx/json-patch"
 	"github.com/go-logr/logr"
-	kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
 	"github.com/mattbaird/jsonpatch"
 	"github.com/minio/minio/pkg/wildcard"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -156,16 +155,14 @@ func ignorePatch(path string) bool {
 // This duplicate error only occurs on type array, if it's adding to a map
 // the value will be added to the map if nil, otherwise it overwrites the old value
 // return skip == true to skip the json patch application
-func preProcessJSONPatches(mutation kyverno.Mutation, resource unstructured.Unstructured,
+func preProcessJSONPatches(patchesJSON6902 []byte, resource unstructured.Unstructured,
 	log logr.Logger) (skip bool, err error) {
 	var patches evanjsonpatch.Patch
 	log = log.WithName("preProcessJSONPatches")

-	if len(mutation.PatchesJSON6902) > 0 {
-		patches, err = decodePatch(mutation.PatchesJSON6902)
-		if err != nil {
-			return false, fmt.Errorf("failed to process JSON patches: %v", err)
-		}
+	patches, err = evanjsonpatch.DecodePatch(patchesJSON6902)
+	if err != nil {
+		return false, fmt.Errorf("cannot decode patches as an RFC 6902 patch: %v", err)
 	}

 	for _, patch := range patches {