1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

refactor: use BackgroundProcessingEnabled method (#3544)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-04-04 22:16:45 +02:00 committed by GitHub
parent a93ac45586
commit 4b3de26433
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 26 additions and 15 deletions

View file

@ -466,3 +466,16 @@ verify-helm: gen-helm ## Check Helm charts are up to date
.PHONY: help .PHONY: help
help: ## Shows the available commands help: ## Shows the available commands
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
.PHONY: kind-deploy
kind-deploy: docker-build-initContainer-local docker-build-kyverno-local
kind load docker-image $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG_DEV)
kind load docker-image $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_DEV)
helm upgrade --install kyverno --namespace kyverno --create-namespace ./charts/kyverno \
--set image.repository=$(REPO)/$(KYVERNO_IMAGE) \
--set image.tag=$(IMAGE_TAG_DEV) \
--set initImage.repository=$(REPO)/$(INITC_IMAGE) \
--set initImage.tag=$(IMAGE_TAG_DEV) \
--set extraArgs={--autogenInternals=true}
helm upgrade --install kyverno-policies --namespace kyverno --create-namespace ./charts/kyverno-policies

View file

@ -18,11 +18,10 @@ func ParsePolicyValidationMode(validationFailureAction kyverno.ValidationFailure
} }
} }
func ParsePolicyBackgroundMode(backgroundMode *bool) PolicyBackgroundMode { func ParsePolicyBackgroundMode(policy kyverno.PolicyInterface) PolicyBackgroundMode {
if backgroundMode == nil || *backgroundMode { if policy.BackgroundProcessingEnabled() {
return BackgroundTrue return BackgroundTrue
} }
return BackgroundFalse return BackgroundFalse
} }

View file

@ -46,7 +46,7 @@ func (pc PromConfig) RegisterPolicy(policy interface{}, policyChangeType PolicyC
if err != nil { if err != nil {
return err return err
} }
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background) policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
policyType := metrics.Cluster policyType := metrics.Cluster
policyNamespace := "" // doesn't matter for cluster policy policyNamespace := "" // doesn't matter for cluster policy
policyName := inputPolicy.GetName() policyName := inputPolicy.GetName()
@ -59,7 +59,7 @@ func (pc PromConfig) RegisterPolicy(policy interface{}, policyChangeType PolicyC
if err != nil { if err != nil {
return err return err
} }
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background) policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
policyType := metrics.Namespaced policyType := metrics.Namespaced
policyNamespace := inputPolicy.GetNamespace() policyNamespace := inputPolicy.GetNamespace()
policyName := inputPolicy.GetName() policyName := inputPolicy.GetName()

View file

@ -60,13 +60,12 @@ func (pc PromConfig) registerPolicyExecutionDurationMetric(
//policy - policy related data //policy - policy related data
//engineResponse - resource and rule related data //engineResponse - resource and rule related data
func (pc PromConfig) ProcessEngineResponse(policy kyverno.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, generateRuleLatencyType string, resourceRequestOperation metrics.ResourceRequestOperation) error { func (pc PromConfig) ProcessEngineResponse(policy kyverno.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, generateRuleLatencyType string, resourceRequestOperation metrics.ResourceRequestOperation) error {
policyValidationMode, err := metrics.ParsePolicyValidationMode(policy.GetSpec().GetValidationFailureAction()) policyValidationMode, err := metrics.ParsePolicyValidationMode(policy.GetSpec().GetValidationFailureAction())
if err != nil { if err != nil {
return err return err
} }
policyType := metrics.Namespaced policyType := metrics.Namespaced
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(policy.GetSpec().Background) policyBackgroundMode := metrics.ParsePolicyBackgroundMode(policy)
policyNamespace := policy.GetNamespace() policyNamespace := policy.GetNamespace()
if policyNamespace == "" { if policyNamespace == "" {
policyNamespace = "-" policyNamespace = "-"

View file

@ -59,7 +59,7 @@ func (pc PromConfig) ProcessEngineResponse(policy kyverno.PolicyInterface, engin
return err return err
} }
policyType := metrics.Namespaced policyType := metrics.Namespaced
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(policy.GetSpec().Background) policyBackgroundMode := metrics.ParsePolicyBackgroundMode(policy)
policyNamespace := policy.GetNamespace() policyNamespace := policy.GetNamespace()
if policyNamespace == "" { if policyNamespace == "" {
policyNamespace = "-" policyNamespace = "-"

View file

@ -69,7 +69,7 @@ func (pc PromConfig) AddPolicy(policy interface{}) error {
if err != nil { if err != nil {
return err return err
} }
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background) policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
policyType := metrics.Cluster policyType := metrics.Cluster
policyNamespace := "" // doesn't matter for cluster policy policyNamespace := "" // doesn't matter for cluster policy
policyName := inputPolicy.GetName() policyName := inputPolicy.GetName()
@ -89,7 +89,7 @@ func (pc PromConfig) AddPolicy(policy interface{}) error {
if err != nil { if err != nil {
return err return err
} }
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background) policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
policyType := metrics.Namespaced policyType := metrics.Namespaced
policyNamespace := inputPolicy.GetNamespace() policyNamespace := inputPolicy.GetNamespace()
policyName := inputPolicy.GetName() policyName := inputPolicy.GetName()
@ -117,7 +117,7 @@ func (pc PromConfig) RemovePolicy(policy interface{}) error {
if err != nil { if err != nil {
return err return err
} }
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background) policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
policyType := metrics.Cluster policyType := metrics.Cluster
policyNamespace := "" // doesn't matter for cluster policy policyNamespace := "" // doesn't matter for cluster policy
policyName := inputPolicy.GetName() policyName := inputPolicy.GetName()
@ -136,7 +136,7 @@ func (pc PromConfig) RemovePolicy(policy interface{}) error {
if err != nil { if err != nil {
return err return err
} }
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background) policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
policyType := metrics.Namespaced policyType := metrics.Namespaced
policyNamespace := inputPolicy.GetNamespace() policyNamespace := inputPolicy.GetNamespace()
policyName := inputPolicy.GetName() policyName := inputPolicy.GetName()

View file

@ -54,7 +54,7 @@ func (pc *PolicyController) registerPolicyChangesMetricUpdatePolicy(logger logr.
logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's updation", "name", oldP.GetName()) logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's updation", "name", oldP.GetName())
} }
// curP will require a new kyverno_policy_changes_total metric if the above update involved change in the following fields: // curP will require a new kyverno_policy_changes_total metric if the above update involved change in the following fields:
if curSpec.Background != oldSpec.Background || curSpec.GetValidationFailureAction() != oldSpec.GetValidationFailureAction() { if curSpec.BackgroundProcessingEnabled() != oldSpec.BackgroundProcessingEnabled() || curSpec.GetValidationFailureAction() != oldSpec.GetValidationFailureAction() {
err = policyChangesMetric.ParsePromConfig(*pc.promConfig).RegisterPolicy(curP, policyChangesMetric.PolicyUpdated) err = policyChangesMetric.ParsePromConfig(*pc.promConfig).RegisterPolicy(curP, policyChangesMetric.PolicyUpdated)
if err != nil { if err != nil {
logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's updation", "name", curP.GetName()) logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's updation", "name", curP.GetName())

View file

@ -81,7 +81,7 @@ func validateJSONPatchPathForForwardSlash(patch string) error {
func Validate(policy kyverno.PolicyInterface, client *dclient.Client, mock bool, openAPIController *openapi.Controller) (*v1beta1.AdmissionResponse, error) { func Validate(policy kyverno.PolicyInterface, client *dclient.Client, mock bool, openAPIController *openapi.Controller) (*v1beta1.AdmissionResponse, error) {
namespaced := policy.IsNamespaced() namespaced := policy.IsNamespaced()
spec := policy.GetSpec() spec := policy.GetSpec()
background := spec.Background == nil || *spec.Background background := spec.BackgroundProcessingEnabled()
var errs field.ErrorList var errs field.ErrorList
specPath := field.NewPath("spec") specPath := field.NewPath("spec")
@ -176,7 +176,7 @@ func Validate(policy kyverno.PolicyInterface, client *dclient.Client, mock bool,
} }
} }
if utils.ContainsString(rule.MatchResources.Kinds, "*") && (spec.Background == nil || *spec.Background) { if utils.ContainsString(rule.MatchResources.Kinds, "*") && spec.BackgroundProcessingEnabled() {
return nil, fmt.Errorf("wildcard policy not allowed in background mode. Set spec.background=false to disable background mode for this policy rule ") return nil, fmt.Errorf("wildcard policy not allowed in background mode. Set spec.background=false to disable background mode for this policy rule ")
} }