From 492d0e800966b59c0382427b8702a6a30cbd7839 Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Wed, 24 Feb 2021 18:11:55 -0800 Subject: [PATCH] remove kustomize patchesJSON6902 Signed-off-by: Shuting Zhao --- pkg/engine/mutate/mutation.go | 25 ++++++++++-- pkg/engine/mutate/patchJson6902.go | 61 +++++++----------------------- pkg/engine/mutate/patchesUtils.go | 11 ++---- 3 files changed, 39 insertions(+), 58 deletions(-) diff --git a/pkg/engine/mutate/mutation.go b/pkg/engine/mutate/mutation.go index 285f29a3b9..abeb26a00b 100644 --- a/pkg/engine/mutate/mutation.go +++ b/pkg/engine/mutate/mutation.go @@ -113,7 +113,15 @@ func (h patchesJSON6902Handler) Handle() (resp response.RuleResponse, patchedRes resp.Name = h.ruleName resp.Type = utils.Mutation.String() - skip, err := preProcessJSONPatches(*h.mutation, h.patchedResource, h.logger) + patchesJSON6902, err := convertPatchesToJSON(h.mutation.PatchesJSON6902) + if err != nil { + resp.Success = false + h.logger.Error(err, "error in type conversion") + resp.Message = err.Error() + return resp, h.patchedResource + } + + skip, err := preProcessJSONPatches(patchesJSON6902, h.patchedResource, h.logger) if err != nil { h.logger.Error(err, "failed to preProcessJSONPatches") } @@ -123,7 +131,7 @@ func (h patchesJSON6902Handler) Handle() (resp response.RuleResponse, patchedRes return resp, h.patchedResource } - return ProcessPatchJSON6902(h.ruleName, *h.mutation, h.patchedResource, h.logger) + return ProcessPatchJSON6902(h.ruleName, patchesJSON6902, h.patchedResource, h.logger) } func (h overlayHandler) Handle() (response.RuleResponse, unstructured.Unstructured) { @@ -133,7 +141,7 @@ func (h overlayHandler) Handle() (response.RuleResponse, unstructured.Unstructur // substitute the variables var err error if overlay, err = variables.SubstituteVars(h.logger, h.evalCtx, overlay); err != nil { - // variable subsitution failed + // variable substitution failed ruleResponse.Success = false ruleResponse.Message = err.Error() return ruleResponse, h.patchedResource @@ -165,7 +173,16 @@ func (h patchesHandler) Handle() (resp response.RuleResponse, patchedResource un resp.Name = h.ruleName resp.Type = utils.Mutation.String() - skip, err := preProcessJSONPatches(*h.mutation, h.patchedResource, h.logger) + // patches is already converted to patchesJSON6902 + patchesJSON6902, err := convertPatchesToJSON(h.mutation.PatchesJSON6902) + if err != nil { + resp.Success = false + h.logger.Error(err, "error in type conversion") + resp.Message = err.Error() + return resp, h.patchedResource + } + + skip, err := preProcessJSONPatches(patchesJSON6902, h.patchedResource, h.logger) if err != nil { h.logger.Error(err, "failed to preProcessJSONPatches") } diff --git a/pkg/engine/mutate/patchJson6902.go b/pkg/engine/mutate/patchJson6902.go index 1c28849093..408b44278e 100644 --- a/pkg/engine/mutate/patchJson6902.go +++ b/pkg/engine/mutate/patchJson6902.go @@ -1,25 +1,20 @@ package mutate import ( - "bytes" "encoding/json" "fmt" - "strings" "time" - jsonpatch "github.com/evanphx/json-patch" "github.com/go-logr/logr" kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1" "github.com/kyverno/kyverno/pkg/engine/response" "github.com/kyverno/kyverno/pkg/engine/utils" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - patchjson6902 "sigs.k8s.io/kustomize/api/filters/patchjson6902" - filtersutil "sigs.k8s.io/kustomize/kyaml/filtersutil" "sigs.k8s.io/yaml" ) // ProcessPatchJSON6902 ... -func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource unstructured.Unstructured, log logr.Logger) (resp response.RuleResponse, patchedResource unstructured.Unstructured) { +func ProcessPatchJSON6902(ruleName string, patchesJSON6902 []byte, resource unstructured.Unstructured, log logr.Logger) (resp response.RuleResponse, patchedResource unstructured.Unstructured) { logger := log.WithValues("rule", ruleName) startTime := time.Now() logger.V(4).Info("started JSON6902 patch", "startTime", startTime) @@ -38,7 +33,8 @@ func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource u return resp, resource } - patchedResourceRaw, err := patchJSON6902(string(resourceRaw), mutation.PatchesJSON6902) + patchedResourceRaw, err := utils.ApplyPatchNew(resourceRaw, patchesJSON6902) + // patchedResourceRaw, err := patchJSON6902(string(resourceRaw), mutation.PatchesJSON6902) if err != nil { resp.Success = false logger.Error(err, "failed to process JSON6902 patches") @@ -48,27 +44,14 @@ func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource u err = patchedResource.UnmarshalJSON(patchedResourceRaw) if err != nil { - logger.Error(err, "failed to unmmarshal resource") + logger.Error(err, "failed to unmarshal resource") resp.Success = false - resp.Message = fmt.Sprintf("failed to unmmarshal resource: %v", err) + resp.Message = fmt.Sprintf("failed to unmarshal resource: %v", err) return resp, resource } - var op []byte - if mutation.PatchesJSON6902[0] != '[' { - // if it doesn't seem to be JSON, imagine - // it is YAML, and convert to JSON. - op, err = yaml.YAMLToJSON([]byte(mutation.PatchesJSON6902)) - if err != nil { - resp.Success = false - resp.Message = fmt.Sprintf("failed to unmmarshal resource: %v", err) - return resp, resource - } - mutation.PatchesJSON6902 = string(op) - } - var decodedPatch []kyverno.Patch - err = json.Unmarshal(op, &decodedPatch) + err = json.Unmarshal(patchesJSON6902, &decodedPatch) if err != nil { resp.Success = false resp.Message = err.Error() @@ -94,32 +77,16 @@ func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource u return resp, patchedResource } -func patchJSON6902(base, patches string) ([]byte, error) { - f := patchjson6902.Filter{ - Patch: patches, - } - - baseObj := buffer{Buffer: bytes.NewBufferString(base)} - err := filtersutil.ApplyToJSON(f, baseObj) - - return baseObj.Bytes(), err -} - -func decodePatch(patch string) (jsonpatch.Patch, error) { - // If the patch doesn't look like a JSON6902 patch, we - // try to parse it to json. - if !strings.HasPrefix(patch, "[") { - p, err := yaml.YAMLToJSON([]byte(patch)) +func convertPatchesToJSON(patchesJSON6902 string) ([]byte, error) { + if patchesJSON6902[0] != '[' { + // If the patch doesn't look like a JSON6902 patch, we + // try to parse it to json. + op, err := yaml.YAMLToJSON([]byte(patchesJSON6902)) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to convert patchesJSON6902 to JSON: %v", err) } - patch = string(p) + return op, nil } - decodedPatch, err := jsonpatch.DecodePatch([]byte(patch)) - if err != nil { - return nil, err - } - - return decodedPatch, nil + return []byte(patchesJSON6902), nil } diff --git a/pkg/engine/mutate/patchesUtils.go b/pkg/engine/mutate/patchesUtils.go index 77571c2440..a2a2487a97 100644 --- a/pkg/engine/mutate/patchesUtils.go +++ b/pkg/engine/mutate/patchesUtils.go @@ -10,7 +10,6 @@ import ( evanjsonpatch "github.com/evanphx/json-patch" "github.com/go-logr/logr" - kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1" "github.com/mattbaird/jsonpatch" "github.com/minio/minio/pkg/wildcard" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -156,16 +155,14 @@ func ignorePatch(path string) bool { // This duplicate error only occurs on type array, if it's adding to a map // the value will be added to the map if nil, otherwise it overwrites the old value // return skip == true to skip the json patch application -func preProcessJSONPatches(mutation kyverno.Mutation, resource unstructured.Unstructured, +func preProcessJSONPatches(patchesJSON6902 []byte, resource unstructured.Unstructured, log logr.Logger) (skip bool, err error) { var patches evanjsonpatch.Patch log = log.WithName("preProcessJSONPatches") - if len(mutation.PatchesJSON6902) > 0 { - patches, err = decodePatch(mutation.PatchesJSON6902) - if err != nil { - return false, fmt.Errorf("failed to process JSON patches: %v", err) - } + patches, err = evanjsonpatch.DecodePatch(patchesJSON6902) + if err != nil { + return false, fmt.Errorf("cannot decode patches as an RFC 6902 patch: %v", err) } for _, patch := range patches {