From 58bc63e1ad784ad3b3f96d3e0591ef397bbb6431 Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Wed, 11 Nov 2020 15:50:17 -0800 Subject: [PATCH] remove policy violation from types.go --- charts/kyverno/templates/clusterrole.yaml | 6 +- definitions/github/rbac.yaml | 4 - definitions/install.yaml | 67 ++---- definitions/install_debug.yaml | 67 ++---- definitions/k8s-resource/rbac.yaml | 62 ++---- pkg/api/kyverno/v1/generaterequest_types.go | 77 +++++++ pkg/api/kyverno/v1/register.go | 4 - pkg/api/kyverno/v1/types.go | 130 ------------ pkg/api/kyverno/v1/zz_generated.deepcopy.go | 181 ---------------- .../kyverno/v1/clusterpolicyviolation.go | 184 ---------------- .../v1/fake/fake_clusterpolicyviolation.go | 133 ------------ .../kyverno/v1/fake/fake_kyverno_client.go | 8 - .../kyverno/v1/fake/fake_policyviolation.go | 142 ------------- .../typed/kyverno/v1/generated_expansion.go | 4 - .../typed/kyverno/v1/kyverno_client.go | 10 - .../typed/kyverno/v1/policyviolation.go | 195 ----------------- .../informers/externalversions/generic.go | 4 - .../kyverno/v1/clusterpolicyviolation.go | 89 -------- .../externalversions/kyverno/v1/interface.go | 14 -- .../kyverno/v1/policyviolation.go | 90 -------- .../kyverno/v1/clusterpolicyviolation.go | 65 ------ .../kyverno/v1/custom_expansion_generated.go | 65 ++++++ .../listers/kyverno/v1/expansion_generated.go | 199 +----------------- .../listers/kyverno/v1/policyviolation.go | 94 --------- pkg/constant/constant.go | 2 +- pkg/policyreport/reportcontroller.go | 2 +- pkg/policyreport/reportrequest.go | 2 +- pkg/policystatus/status_test.go | 12 -- pkg/webhooks/common.go | 2 +- 29 files changed, 197 insertions(+), 1717 deletions(-) create mode 100644 pkg/api/kyverno/v1/generaterequest_types.go delete mode 100755 pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicyviolation.go delete mode 100755 pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicyviolation.go delete mode 100755 pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policyviolation.go delete mode 100755 pkg/client/clientset/versioned/typed/kyverno/v1/policyviolation.go delete mode 100755 pkg/client/informers/externalversions/kyverno/v1/clusterpolicyviolation.go delete mode 100755 pkg/client/informers/externalversions/kyverno/v1/policyviolation.go delete mode 100755 pkg/client/listers/kyverno/v1/clusterpolicyviolation.go create mode 100644 pkg/client/listers/kyverno/v1/custom_expansion_generated.go delete mode 100755 pkg/client/listers/kyverno/v1/policyviolation.go diff --git a/charts/kyverno/templates/clusterrole.yaml b/charts/kyverno/templates/clusterrole.yaml index b7f4781cf4..2e927b5a33 100644 --- a/charts/kyverno/templates/clusterrole.yaml +++ b/charts/kyverno/templates/clusterrole.yaml @@ -7,7 +7,7 @@ rules: - apiGroups: ["kyverno.io"] resources: - policyviolations - verbs: ["get", "list", "watch"] + verbs: ["get", "list", "watch", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -84,10 +84,6 @@ rules: - policies/status - clusterpolicies - clusterpolicies/status - - clusterpolicyviolations - - clusterpolicyviolations/status - - policyviolations - - policyviolations/status - generaterequests - generaterequests/status verbs: diff --git a/definitions/github/rbac.yaml b/definitions/github/rbac.yaml index 7b59306f29..de8653eb6a 100755 --- a/definitions/github/rbac.yaml +++ b/definitions/github/rbac.yaml @@ -30,10 +30,6 @@ rules: resources: - clusterpolicies - clusterpolicies/status - - clusterpolicyviolations - - clusterpolicyviolations/status - - policyviolations - - policyviolations/status - generaterequests - generaterequests/status verbs: diff --git a/definitions/install.yaml b/definitions/install.yaml index 199c23952b..59951f2269 100755 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -1986,10 +1986,6 @@ rules: - policyreports/status - clusterpolicyreports - clusterpolicyreports/status - - clusterpolicyviolations - - clusterpolicyviolations/status - - policyviolations - - policyviolations/status - generaterequests - generaterequests/status - reportchangerequests @@ -2165,22 +2161,6 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: kyverno:edit-policies-policyviolations -rules: -- apiGroups: - - kyverno.io - resources: - - policyviolations - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole metadata: name: kyverno:policyreport rules: @@ -2209,6 +2189,7 @@ rules: - get - list - watch + - delete --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole @@ -2228,39 +2209,6 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - name: kyverno:view-clusterpolicyviolations -rules: -- apiGroups: - - kyverno.io - resources: - - clusterpolicyviolations - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: kyverno:view-policies-policyviolations -rules: -- apiGroups: - - kyverno.io - resources: - - policyviolations - - policies - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -2329,6 +2277,19 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding +metadata: + name: kyverno:policyviolations +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kyverno:policyviolations +subjects: +- kind: ServiceAccount + name: kyverno-service-account + namespace: kyverno +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: kyverno:userinfo roleRef: diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml index 68ee83a349..7d01379e2d 100755 --- a/definitions/install_debug.yaml +++ b/definitions/install_debug.yaml @@ -1986,10 +1986,6 @@ rules: - policyreports/status - clusterpolicyreports - clusterpolicyreports/status - - clusterpolicyviolations - - clusterpolicyviolations/status - - policyviolations - - policyviolations/status - generaterequests - generaterequests/status - reportchangerequests @@ -2165,22 +2161,6 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: kyverno:edit-policies-policyviolations -rules: -- apiGroups: - - kyverno.io - resources: - - policyviolations - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole metadata: name: kyverno:policyreport rules: @@ -2209,6 +2189,7 @@ rules: - get - list - watch + - delete --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole @@ -2228,39 +2209,6 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - name: kyverno:view-clusterpolicyviolations -rules: -- apiGroups: - - kyverno.io - resources: - - clusterpolicyviolations - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: kyverno:view-policies-policyviolations -rules: -- apiGroups: - - kyverno.io - resources: - - policyviolations - - policies - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -2329,6 +2277,19 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding +metadata: + name: kyverno:policyviolations +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kyverno:policyviolations +subjects: +- kind: ServiceAccount + name: kyverno-service-account + namespace: kyverno +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: kyverno:userinfo roleRef: diff --git a/definitions/k8s-resource/rbac.yaml b/definitions/k8s-resource/rbac.yaml index 48621d5883..43e9881c91 100755 --- a/definitions/k8s-resource/rbac.yaml +++ b/definitions/k8s-resource/rbac.yaml @@ -32,7 +32,7 @@ rules: - apiGroups: ["kyverno.io"] resources: - policyviolations - verbs: ["get", "list", "watch"] + verbs: ["get", "list", "watch", "delete"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -73,6 +73,19 @@ subjects: name: kyverno-service-account namespace: kyverno --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kyverno:policyviolations +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kyverno:policyviolations +subjects: +- kind: ServiceAccount + name: kyverno-service-account + namespace: kyverno +--- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -180,10 +193,6 @@ rules: - policyreports/status - clusterpolicyreports - clusterpolicyreports/status - - clusterpolicyviolations - - clusterpolicyviolations/status - - policyviolations - - policyviolations/status - generaterequests - generaterequests/status - reportchangerequests @@ -254,31 +263,6 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole -metadata: - name: kyverno:view-policies-policyviolations - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["kyverno.io"] - resources: - - policyviolations - - policies - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: kyverno:view-clusterpolicyviolations - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: -- apiGroups: ["kyverno.io"] - resources: - - clusterpolicyviolations - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -373,20 +357,4 @@ rules: - policyreport - clusterpolicyreport verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: kyverno:edit-policies-policyviolations -rules: -- apiGroups: - - kyverno.io - resources: - - policyviolations - verbs: - - get - - list - - watch \ No newline at end of file + - '*' \ No newline at end of file diff --git a/pkg/api/kyverno/v1/generaterequest_types.go b/pkg/api/kyverno/v1/generaterequest_types.go new file mode 100644 index 0000000000..b88c2e8b33 --- /dev/null +++ b/pkg/api/kyverno/v1/generaterequest_types.go @@ -0,0 +1,77 @@ +package v1 + +import ( + authenticationv1 "k8s.io/api/authentication/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +//GenerateRequest is a request to process generate rule +type GenerateRequest struct { + metav1.TypeMeta `json:",inline" yaml:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"` + // Spec is the information to identify the generate request + Spec GenerateRequestSpec `json:"spec" yaml:"spec"` + // Status contains statistics related to generate request + Status GenerateRequestStatus `json:"status" yaml:"status"` +} + +//GenerateRequestSpec stores the request specification +type GenerateRequestSpec struct { + // Specifies the name of the policy + Policy string `json:"policy" yaml:"policy"` + // ResourceSpec is the information to identify the generate request + Resource ResourceSpec `json:"resource" yaml:"resource"` + // Context ... + Context GenerateRequestContext `json:"context" yaml:"context"` +} + +//GenerateRequestContext stores the context to be shared +type GenerateRequestContext struct { + UserRequestInfo RequestInfo `json:"userInfo,omitempty" yaml:"userInfo,omitempty"` +} + +// RequestInfo contains permission info carried in an admission request +type RequestInfo struct { + // Roles is a list of possible role send the request + Roles []string `json:"roles" yaml:"roles"` + // ClusterRoles is a list of possible clusterRoles send the request + ClusterRoles []string `json:"clusterRoles" yaml:"clusterRoles"` + // UserInfo is the userInfo carried in the admission request + AdmissionUserInfo authenticationv1.UserInfo `json:"userInfo" yaml:"userInfo"` +} + +//GenerateRequestStatus stores the status of generated request +type GenerateRequestStatus struct { + // State represents state of the generate request + State GenerateRequestState `json:"state" yaml:"state"` + // Specifies request status message + // +optional + Message string `json:"message,omitempty" yaml:"message,omitempty"` + // This will track the resources that are generated by the generate Policy + // Will be used during clean up resources + GeneratedResources []ResourceSpec `json:"generatedResources,omitempty" yaml:"generatedResources,omitempty"` +} + +//GenerateRequestState defines the state of +type GenerateRequestState string + +const ( + //Pending - the Request is yet to be processed or resource has not been created + Pending GenerateRequestState = "Pending" + //Failed - the Generate Request Controller failed to process the rules + Failed GenerateRequestState = "Failed" + //Completed - the Generate Request Controller created resources defined in the policy + Completed GenerateRequestState = "Completed" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +//GenerateRequestList stores the list of generate requests +type GenerateRequestList struct { + metav1.TypeMeta `json:",inline" yaml:",inline"` + metav1.ListMeta `json:"metadata" yaml:"metadata"` + Items []GenerateRequest `json:"items" yaml:"items"` +} diff --git a/pkg/api/kyverno/v1/register.go b/pkg/api/kyverno/v1/register.go index a68c2c41e9..c2f1d5e6f7 100755 --- a/pkg/api/kyverno/v1/register.go +++ b/pkg/api/kyverno/v1/register.go @@ -33,10 +33,6 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, &ClusterPolicy{}, &ClusterPolicyList{}, - &ClusterPolicyViolation{}, - &ClusterPolicyViolationList{}, - &PolicyViolation{}, - &PolicyViolationList{}, &GenerateRequest{}, &GenerateRequestList{}, &Policy{}, diff --git a/pkg/api/kyverno/v1/types.go b/pkg/api/kyverno/v1/types.go index ff3e893d4b..e0bd2978c4 100755 --- a/pkg/api/kyverno/v1/types.go +++ b/pkg/api/kyverno/v1/types.go @@ -1,82 +1,10 @@ package v1 import ( - authenticationv1 "k8s.io/api/authentication/v1" rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -//GenerateRequest is a request to process generate rule -type GenerateRequest struct { - metav1.TypeMeta `json:",inline" yaml:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"` - // Spec is the information to identify the generate request - Spec GenerateRequestSpec `json:"spec" yaml:"spec"` - // Status contains statistics related to generate request - Status GenerateRequestStatus `json:"status" yaml:"status"` -} - -//GenerateRequestSpec stores the request specification -type GenerateRequestSpec struct { - // Specifies the name of the policy - Policy string `json:"policy" yaml:"policy"` - // ResourceSpec is the information to identify the generate request - Resource ResourceSpec `json:"resource" yaml:"resource"` - // Context ... - Context GenerateRequestContext `json:"context" yaml:"context"` -} - -//GenerateRequestContext stores the context to be shared -type GenerateRequestContext struct { - UserRequestInfo RequestInfo `json:"userInfo,omitempty" yaml:"userInfo,omitempty"` -} - -// RequestInfo contains permission info carried in an admission request -type RequestInfo struct { - // Roles is a list of possible role send the request - Roles []string `json:"roles" yaml:"roles"` - // ClusterRoles is a list of possible clusterRoles send the request - ClusterRoles []string `json:"clusterRoles" yaml:"clusterRoles"` - // UserInfo is the userInfo carried in the admission request - AdmissionUserInfo authenticationv1.UserInfo `json:"userInfo" yaml:"userInfo"` -} - -//GenerateRequestStatus stores the status of generated request -type GenerateRequestStatus struct { - // State represents state of the generate request - State GenerateRequestState `json:"state" yaml:"state"` - // Specifies request status message - // +optional - Message string `json:"message,omitempty" yaml:"message,omitempty"` - // This will track the resources that are generated by the generate Policy - // Will be used during clean up resources - GeneratedResources []ResourceSpec `json:"generatedResources,omitempty" yaml:"generatedResources,omitempty"` -} - -//GenerateRequestState defines the state of -type GenerateRequestState string - -const ( - //Pending - the Request is yet to be processed or resource has not been created - Pending GenerateRequestState = "Pending" - //Failed - the Generate Request Controller failed to process the rules - Failed GenerateRequestState = "Failed" - //Completed - the Generate Request Controller created resources defined in the policy - Completed GenerateRequestState = "Completed" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -//GenerateRequestList stores the list of generate requests -type GenerateRequestList struct { - metav1.TypeMeta `json:",inline" yaml:",inline"` - metav1.ListMeta `json:"metadata" yaml:"metadata"` - Items []GenerateRequest `json:"items" yaml:"items"` -} - // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -101,37 +29,6 @@ type PolicyList struct { Items []Policy `json:"items" yaml:"items"` } -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterPolicyViolation represents cluster-wide violations -type ClusterPolicyViolation PolicyViolationTemplate - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterPolicyViolationList ... -type ClusterPolicyViolationList struct { - metav1.TypeMeta `json:",inline" yaml:",inline"` - metav1.ListMeta `json:"metadata" yaml:"metadata"` - Items []ClusterPolicyViolation `json:"items" yaml:"items"` -} - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PolicyViolation represents namespaced violations -type PolicyViolation PolicyViolationTemplate - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PolicyViolationList ... -type PolicyViolationList struct { - metav1.TypeMeta `json:",inline" yaml:",inline"` - metav1.ListMeta `json:"metadata" yaml:"metadata"` - Items []PolicyViolation `json:"items" yaml:"items"` -} - // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Policy contains rules to be applied to created resources @@ -373,25 +270,6 @@ type RuleStats struct { ResourcesGeneratedCount int `json:"resourcesGeneratedCount,omitempty" yaml:"resourcesGeneratedCount,omitempty"` } -// PolicyList is a list of Policy resources - -// PolicyViolationTemplate stores the information regarinding the resources for which a policy failed to apply -type PolicyViolationTemplate struct { - metav1.TypeMeta `json:",inline" yaml:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty" ` - Spec PolicyViolationSpec `json:"spec" yaml:"spec"` - Status PolicyViolationStatus `json:"status" yaml:"status"` -} - -// PolicyViolationSpec describes policy behavior by its rules -type PolicyViolationSpec struct { - // Specifies name of the policy - Policy string `json:"policy" yaml:"policy"` - ResourceSpec `json:"resource" yaml:"resource"` - // Specifies list of violated rule - ViolatedRules []ViolatedRule `json:"rules" yaml:"rules"` -} - // ResourceSpec information to identify the resource type ResourceSpec struct { // Specifies resource apiVersionm @@ -418,11 +296,3 @@ type ViolatedRule struct { // +optional Check string `json:"check" yaml:"check"` } - -//PolicyViolationStatus provides information regarding policyviolation status -// status: -// LastUpdateTime : the time the policy violation was updated -type PolicyViolationStatus struct { - // LastUpdateTime : the time the policy violation was updated - LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" yaml:"lastUpdateTime,omitempty"` -} diff --git a/pkg/api/kyverno/v1/zz_generated.deepcopy.go b/pkg/api/kyverno/v1/zz_generated.deepcopy.go index d798b88bcc..08aed56bcb 100755 --- a/pkg/api/kyverno/v1/zz_generated.deepcopy.go +++ b/pkg/api/kyverno/v1/zz_generated.deepcopy.go @@ -103,67 +103,6 @@ func (in *ClusterPolicyList) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterPolicyViolation) DeepCopyInto(out *ClusterPolicyViolation) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyViolation. -func (in *ClusterPolicyViolation) DeepCopy() *ClusterPolicyViolation { - if in == nil { - return nil - } - out := new(ClusterPolicyViolation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterPolicyViolation) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterPolicyViolationList) DeepCopyInto(out *ClusterPolicyViolationList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ClusterPolicyViolation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyViolationList. -func (in *ClusterPolicyViolationList) DeepCopy() *ClusterPolicyViolationList { - if in == nil { - return nil - } - out := new(ClusterPolicyViolationList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterPolicyViolationList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition. func (in *Condition) DeepCopy() *Condition { if in == nil { @@ -489,126 +428,6 @@ func (in *PolicyStatus) DeepCopy() *PolicyStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyViolation) DeepCopyInto(out *PolicyViolation) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolation. -func (in *PolicyViolation) DeepCopy() *PolicyViolation { - if in == nil { - return nil - } - out := new(PolicyViolation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PolicyViolation) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyViolationList) DeepCopyInto(out *PolicyViolationList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]PolicyViolation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationList. -func (in *PolicyViolationList) DeepCopy() *PolicyViolationList { - if in == nil { - return nil - } - out := new(PolicyViolationList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PolicyViolationList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyViolationSpec) DeepCopyInto(out *PolicyViolationSpec) { - *out = *in - out.ResourceSpec = in.ResourceSpec - if in.ViolatedRules != nil { - in, out := &in.ViolatedRules, &out.ViolatedRules - *out = make([]ViolatedRule, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationSpec. -func (in *PolicyViolationSpec) DeepCopy() *PolicyViolationSpec { - if in == nil { - return nil - } - out := new(PolicyViolationSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyViolationStatus) DeepCopyInto(out *PolicyViolationStatus) { - *out = *in - in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationStatus. -func (in *PolicyViolationStatus) DeepCopy() *PolicyViolationStatus { - if in == nil { - return nil - } - out := new(PolicyViolationStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyViolationTemplate) DeepCopyInto(out *PolicyViolationTemplate) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationTemplate. -func (in *PolicyViolationTemplate) DeepCopy() *PolicyViolationTemplate { - if in == nil { - return nil - } - out := new(PolicyViolationTemplate) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RequestInfo) DeepCopyInto(out *RequestInfo) { *out = *in diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicyviolation.go b/pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicyviolation.go deleted file mode 100755 index 30fda07fca..0000000000 --- a/pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicyviolation.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - "time" - - v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" - scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ClusterPolicyViolationsGetter has a method to return a ClusterPolicyViolationInterface. -// A group's client should implement this interface. -type ClusterPolicyViolationsGetter interface { - ClusterPolicyViolations() ClusterPolicyViolationInterface -} - -// ClusterPolicyViolationInterface has methods to work with ClusterPolicyViolation resources. -type ClusterPolicyViolationInterface interface { - Create(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.CreateOptions) (*v1.ClusterPolicyViolation, error) - Update(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (*v1.ClusterPolicyViolation, error) - UpdateStatus(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (*v1.ClusterPolicyViolation, error) - Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error - Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterPolicyViolation, error) - List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterPolicyViolationList, error) - Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterPolicyViolation, err error) - ClusterPolicyViolationExpansion -} - -// clusterPolicyViolations implements ClusterPolicyViolationInterface -type clusterPolicyViolations struct { - client rest.Interface -} - -// newClusterPolicyViolations returns a ClusterPolicyViolations -func newClusterPolicyViolations(c *KyvernoV1Client) *clusterPolicyViolations { - return &clusterPolicyViolations{ - client: c.RESTClient(), - } -} - -// Get takes name of the clusterPolicyViolation, and returns the corresponding clusterPolicyViolation object, and an error if there is any. -func (c *clusterPolicyViolations) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterPolicyViolation, err error) { - result = &v1.ClusterPolicyViolation{} - err = c.client.Get(). - Resource("clusterpolicyviolations"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ClusterPolicyViolations that match those selectors. -func (c *clusterPolicyViolations) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterPolicyViolationList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1.ClusterPolicyViolationList{} - err = c.client.Get(). - Resource("clusterpolicyviolations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested clusterPolicyViolations. -func (c *clusterPolicyViolations) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("clusterpolicyviolations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a clusterPolicyViolation and creates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any. -func (c *clusterPolicyViolations) Create(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.CreateOptions) (result *v1.ClusterPolicyViolation, err error) { - result = &v1.ClusterPolicyViolation{} - err = c.client.Post(). - Resource("clusterpolicyviolations"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(clusterPolicyViolation). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a clusterPolicyViolation and updates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any. -func (c *clusterPolicyViolations) Update(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (result *v1.ClusterPolicyViolation, err error) { - result = &v1.ClusterPolicyViolation{} - err = c.client.Put(). - Resource("clusterpolicyviolations"). - Name(clusterPolicyViolation.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(clusterPolicyViolation). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *clusterPolicyViolations) UpdateStatus(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (result *v1.ClusterPolicyViolation, err error) { - result = &v1.ClusterPolicyViolation{} - err = c.client.Put(). - Resource("clusterpolicyviolations"). - Name(clusterPolicyViolation.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(clusterPolicyViolation). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the clusterPolicyViolation and deletes it. Returns an error if one occurs. -func (c *clusterPolicyViolations) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - return c.client.Delete(). - Resource("clusterpolicyviolations"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *clusterPolicyViolations) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("clusterpolicyviolations"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched clusterPolicyViolation. -func (c *clusterPolicyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterPolicyViolation, err error) { - result = &v1.ClusterPolicyViolation{} - err = c.client.Patch(pt). - Resource("clusterpolicyviolations"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicyviolation.go b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicyviolation.go deleted file mode 100755 index 4cc4ca4d73..0000000000 --- a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicyviolation.go +++ /dev/null @@ -1,133 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeClusterPolicyViolations implements ClusterPolicyViolationInterface -type FakeClusterPolicyViolations struct { - Fake *FakeKyvernoV1 -} - -var clusterpolicyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1", Resource: "clusterpolicyviolations"} - -var clusterpolicyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "ClusterPolicyViolation"} - -// Get takes name of the clusterPolicyViolation, and returns the corresponding clusterPolicyViolation object, and an error if there is any. -func (c *FakeClusterPolicyViolations) Get(ctx context.Context, name string, options v1.GetOptions) (result *kyvernov1.ClusterPolicyViolation, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootGetAction(clusterpolicyviolationsResource, name), &kyvernov1.ClusterPolicyViolation{}) - if obj == nil { - return nil, err - } - return obj.(*kyvernov1.ClusterPolicyViolation), err -} - -// List takes label and field selectors, and returns the list of ClusterPolicyViolations that match those selectors. -func (c *FakeClusterPolicyViolations) List(ctx context.Context, opts v1.ListOptions) (result *kyvernov1.ClusterPolicyViolationList, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootListAction(clusterpolicyviolationsResource, clusterpolicyviolationsKind, opts), &kyvernov1.ClusterPolicyViolationList{}) - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &kyvernov1.ClusterPolicyViolationList{ListMeta: obj.(*kyvernov1.ClusterPolicyViolationList).ListMeta} - for _, item := range obj.(*kyvernov1.ClusterPolicyViolationList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested clusterPolicyViolations. -func (c *FakeClusterPolicyViolations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewRootWatchAction(clusterpolicyviolationsResource, opts)) -} - -// Create takes the representation of a clusterPolicyViolation and creates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any. -func (c *FakeClusterPolicyViolations) Create(ctx context.Context, clusterPolicyViolation *kyvernov1.ClusterPolicyViolation, opts v1.CreateOptions) (result *kyvernov1.ClusterPolicyViolation, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootCreateAction(clusterpolicyviolationsResource, clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{}) - if obj == nil { - return nil, err - } - return obj.(*kyvernov1.ClusterPolicyViolation), err -} - -// Update takes the representation of a clusterPolicyViolation and updates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any. -func (c *FakeClusterPolicyViolations) Update(ctx context.Context, clusterPolicyViolation *kyvernov1.ClusterPolicyViolation, opts v1.UpdateOptions) (result *kyvernov1.ClusterPolicyViolation, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateAction(clusterpolicyviolationsResource, clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{}) - if obj == nil { - return nil, err - } - return obj.(*kyvernov1.ClusterPolicyViolation), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeClusterPolicyViolations) UpdateStatus(ctx context.Context, clusterPolicyViolation *kyvernov1.ClusterPolicyViolation, opts v1.UpdateOptions) (*kyvernov1.ClusterPolicyViolation, error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateSubresourceAction(clusterpolicyviolationsResource, "status", clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{}) - if obj == nil { - return nil, err - } - return obj.(*kyvernov1.ClusterPolicyViolation), err -} - -// Delete takes name of the clusterPolicyViolation and deletes it. Returns an error if one occurs. -func (c *FakeClusterPolicyViolations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewRootDeleteAction(clusterpolicyviolationsResource, name), &kyvernov1.ClusterPolicyViolation{}) - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeClusterPolicyViolations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewRootDeleteCollectionAction(clusterpolicyviolationsResource, listOpts) - - _, err := c.Fake.Invokes(action, &kyvernov1.ClusterPolicyViolationList{}) - return err -} - -// Patch applies the patch and returns the patched clusterPolicyViolation. -func (c *FakeClusterPolicyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *kyvernov1.ClusterPolicyViolation, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyviolationsResource, name, pt, data, subresources...), &kyvernov1.ClusterPolicyViolation{}) - if obj == nil { - return nil, err - } - return obj.(*kyvernov1.ClusterPolicyViolation), err -} diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_kyverno_client.go index 6042bdbfe9..dd75bb7803 100755 --- a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_kyverno_client.go +++ b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_kyverno_client.go @@ -32,10 +32,6 @@ func (c *FakeKyvernoV1) ClusterPolicies() v1.ClusterPolicyInterface { return &FakeClusterPolicies{c} } -func (c *FakeKyvernoV1) ClusterPolicyViolations() v1.ClusterPolicyViolationInterface { - return &FakeClusterPolicyViolations{c} -} - func (c *FakeKyvernoV1) GenerateRequests(namespace string) v1.GenerateRequestInterface { return &FakeGenerateRequests{c, namespace} } @@ -44,10 +40,6 @@ func (c *FakeKyvernoV1) Policies(namespace string) v1.PolicyInterface { return &FakePolicies{c, namespace} } -func (c *FakeKyvernoV1) PolicyViolations(namespace string) v1.PolicyViolationInterface { - return &FakePolicyViolations{c, namespace} -} - // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. func (c *FakeKyvernoV1) RESTClient() rest.Interface { diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policyviolation.go b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policyviolation.go deleted file mode 100755 index 37d85a2b16..0000000000 --- a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policyviolation.go +++ /dev/null @@ -1,142 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakePolicyViolations implements PolicyViolationInterface -type FakePolicyViolations struct { - Fake *FakeKyvernoV1 - ns string -} - -var policyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1", Resource: "policyviolations"} - -var policyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "PolicyViolation"} - -// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any. -func (c *FakePolicyViolations) Get(ctx context.Context, name string, options v1.GetOptions) (result *kyvernov1.PolicyViolation, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(policyviolationsResource, c.ns, name), &kyvernov1.PolicyViolation{}) - - if obj == nil { - return nil, err - } - return obj.(*kyvernov1.PolicyViolation), err -} - -// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors. -func (c *FakePolicyViolations) List(ctx context.Context, opts v1.ListOptions) (result *kyvernov1.PolicyViolationList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(policyviolationsResource, policyviolationsKind, c.ns, opts), &kyvernov1.PolicyViolationList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &kyvernov1.PolicyViolationList{ListMeta: obj.(*kyvernov1.PolicyViolationList).ListMeta} - for _, item := range obj.(*kyvernov1.PolicyViolationList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested policyViolations. -func (c *FakePolicyViolations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(policyviolationsResource, c.ns, opts)) - -} - -// Create takes the representation of a policyViolation and creates it. Returns the server's representation of the policyViolation, and an error, if there is any. -func (c *FakePolicyViolations) Create(ctx context.Context, policyViolation *kyvernov1.PolicyViolation, opts v1.CreateOptions) (result *kyvernov1.PolicyViolation, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(policyviolationsResource, c.ns, policyViolation), &kyvernov1.PolicyViolation{}) - - if obj == nil { - return nil, err - } - return obj.(*kyvernov1.PolicyViolation), err -} - -// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any. -func (c *FakePolicyViolations) Update(ctx context.Context, policyViolation *kyvernov1.PolicyViolation, opts v1.UpdateOptions) (result *kyvernov1.PolicyViolation, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(policyviolationsResource, c.ns, policyViolation), &kyvernov1.PolicyViolation{}) - - if obj == nil { - return nil, err - } - return obj.(*kyvernov1.PolicyViolation), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakePolicyViolations) UpdateStatus(ctx context.Context, policyViolation *kyvernov1.PolicyViolation, opts v1.UpdateOptions) (*kyvernov1.PolicyViolation, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(policyviolationsResource, "status", c.ns, policyViolation), &kyvernov1.PolicyViolation{}) - - if obj == nil { - return nil, err - } - return obj.(*kyvernov1.PolicyViolation), err -} - -// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs. -func (c *FakePolicyViolations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(policyviolationsResource, c.ns, name), &kyvernov1.PolicyViolation{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakePolicyViolations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(policyviolationsResource, c.ns, listOpts) - - _, err := c.Fake.Invokes(action, &kyvernov1.PolicyViolationList{}) - return err -} - -// Patch applies the patch and returns the patched policyViolation. -func (c *FakePolicyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *kyvernov1.PolicyViolation, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(policyviolationsResource, c.ns, name, pt, data, subresources...), &kyvernov1.PolicyViolation{}) - - if obj == nil { - return nil, err - } - return obj.(*kyvernov1.PolicyViolation), err -} diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/kyverno/v1/generated_expansion.go index e5717f5ba4..d9052490e6 100755 --- a/pkg/client/clientset/versioned/typed/kyverno/v1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/kyverno/v1/generated_expansion.go @@ -20,10 +20,6 @@ package v1 type ClusterPolicyExpansion interface{} -type ClusterPolicyViolationExpansion interface{} - type GenerateRequestExpansion interface{} type PolicyExpansion interface{} - -type PolicyViolationExpansion interface{} diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v1/kyverno_client.go index f2ae0d05e3..e58f3cdd98 100755 --- a/pkg/client/clientset/versioned/typed/kyverno/v1/kyverno_client.go +++ b/pkg/client/clientset/versioned/typed/kyverno/v1/kyverno_client.go @@ -27,10 +27,8 @@ import ( type KyvernoV1Interface interface { RESTClient() rest.Interface ClusterPoliciesGetter - ClusterPolicyViolationsGetter GenerateRequestsGetter PoliciesGetter - PolicyViolationsGetter } // KyvernoV1Client is used to interact with features provided by the kyverno.io group. @@ -42,10 +40,6 @@ func (c *KyvernoV1Client) ClusterPolicies() ClusterPolicyInterface { return newClusterPolicies(c) } -func (c *KyvernoV1Client) ClusterPolicyViolations() ClusterPolicyViolationInterface { - return newClusterPolicyViolations(c) -} - func (c *KyvernoV1Client) GenerateRequests(namespace string) GenerateRequestInterface { return newGenerateRequests(c, namespace) } @@ -54,10 +48,6 @@ func (c *KyvernoV1Client) Policies(namespace string) PolicyInterface { return newPolicies(c, namespace) } -func (c *KyvernoV1Client) PolicyViolations(namespace string) PolicyViolationInterface { - return newPolicyViolations(c, namespace) -} - // NewForConfig creates a new KyvernoV1Client for the given config. func NewForConfig(c *rest.Config) (*KyvernoV1Client, error) { config := *c diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/policyviolation.go b/pkg/client/clientset/versioned/typed/kyverno/v1/policyviolation.go deleted file mode 100755 index cc5659f1f1..0000000000 --- a/pkg/client/clientset/versioned/typed/kyverno/v1/policyviolation.go +++ /dev/null @@ -1,195 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - "time" - - v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" - scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// PolicyViolationsGetter has a method to return a PolicyViolationInterface. -// A group's client should implement this interface. -type PolicyViolationsGetter interface { - PolicyViolations(namespace string) PolicyViolationInterface -} - -// PolicyViolationInterface has methods to work with PolicyViolation resources. -type PolicyViolationInterface interface { - Create(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.CreateOptions) (*v1.PolicyViolation, error) - Update(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (*v1.PolicyViolation, error) - UpdateStatus(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (*v1.PolicyViolation, error) - Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error - Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.PolicyViolation, error) - List(ctx context.Context, opts metav1.ListOptions) (*v1.PolicyViolationList, error) - Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.PolicyViolation, err error) - PolicyViolationExpansion -} - -// policyViolations implements PolicyViolationInterface -type policyViolations struct { - client rest.Interface - ns string -} - -// newPolicyViolations returns a PolicyViolations -func newPolicyViolations(c *KyvernoV1Client, namespace string) *policyViolations { - return &policyViolations{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any. -func (c *policyViolations) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.PolicyViolation, err error) { - result = &v1.PolicyViolation{} - err = c.client.Get(). - Namespace(c.ns). - Resource("policyviolations"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors. -func (c *policyViolations) List(ctx context.Context, opts metav1.ListOptions) (result *v1.PolicyViolationList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1.PolicyViolationList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("policyviolations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested policyViolations. -func (c *policyViolations) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("policyviolations"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a policyViolation and creates it. Returns the server's representation of the policyViolation, and an error, if there is any. -func (c *policyViolations) Create(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.CreateOptions) (result *v1.PolicyViolation, err error) { - result = &v1.PolicyViolation{} - err = c.client.Post(). - Namespace(c.ns). - Resource("policyviolations"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(policyViolation). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any. -func (c *policyViolations) Update(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (result *v1.PolicyViolation, err error) { - result = &v1.PolicyViolation{} - err = c.client.Put(). - Namespace(c.ns). - Resource("policyviolations"). - Name(policyViolation.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(policyViolation). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *policyViolations) UpdateStatus(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (result *v1.PolicyViolation, err error) { - result = &v1.PolicyViolation{} - err = c.client.Put(). - Namespace(c.ns). - Resource("policyviolations"). - Name(policyViolation.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(policyViolation). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs. -func (c *policyViolations) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("policyviolations"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *policyViolations) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("policyviolations"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched policyViolation. -func (c *policyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.PolicyViolation, err error) { - result = &v1.PolicyViolation{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("policyviolations"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index 6a5cd8a23a..ec0f222113 100755 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -57,14 +57,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource // Group=kyverno.io, Version=v1 case v1.SchemeGroupVersion.WithResource("clusterpolicies"): return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().ClusterPolicies().Informer()}, nil - case v1.SchemeGroupVersion.WithResource("clusterpolicyviolations"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().ClusterPolicyViolations().Informer()}, nil case v1.SchemeGroupVersion.WithResource("generaterequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().GenerateRequests().Informer()}, nil case v1.SchemeGroupVersion.WithResource("policies"): return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().Policies().Informer()}, nil - case v1.SchemeGroupVersion.WithResource("policyviolations"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().PolicyViolations().Informer()}, nil // Group=kyverno.io, Version=v1alpha1 case v1alpha1.SchemeGroupVersion.WithResource("clusterreportchangerequests"): diff --git a/pkg/client/informers/externalversions/kyverno/v1/clusterpolicyviolation.go b/pkg/client/informers/externalversions/kyverno/v1/clusterpolicyviolation.go deleted file mode 100755 index 510fdf538b..0000000000 --- a/pkg/client/informers/externalversions/kyverno/v1/clusterpolicyviolation.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" - versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned" - internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces" - v1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterPolicyViolationInformer provides access to a shared informer and lister for -// ClusterPolicyViolations. -type ClusterPolicyViolationInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ClusterPolicyViolationLister -} - -type clusterPolicyViolationInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterPolicyViolationInformer constructs a new informer for ClusterPolicyViolation type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterPolicyViolationInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterPolicyViolationInformer constructs a new informer for ClusterPolicyViolation type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.KyvernoV1().ClusterPolicyViolations().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.KyvernoV1().ClusterPolicyViolations().Watch(context.TODO(), options) - }, - }, - &kyvernov1.ClusterPolicyViolation{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterPolicyViolationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterPolicyViolationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterPolicyViolationInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&kyvernov1.ClusterPolicyViolation{}, f.defaultInformer) -} - -func (f *clusterPolicyViolationInformer) Lister() v1.ClusterPolicyViolationLister { - return v1.NewClusterPolicyViolationLister(f.Informer().GetIndexer()) -} diff --git a/pkg/client/informers/externalversions/kyverno/v1/interface.go b/pkg/client/informers/externalversions/kyverno/v1/interface.go index 6ac96024cd..9fd27efb27 100755 --- a/pkg/client/informers/externalversions/kyverno/v1/interface.go +++ b/pkg/client/informers/externalversions/kyverno/v1/interface.go @@ -26,14 +26,10 @@ import ( type Interface interface { // ClusterPolicies returns a ClusterPolicyInformer. ClusterPolicies() ClusterPolicyInformer - // ClusterPolicyViolations returns a ClusterPolicyViolationInformer. - ClusterPolicyViolations() ClusterPolicyViolationInformer // GenerateRequests returns a GenerateRequestInformer. GenerateRequests() GenerateRequestInformer // Policies returns a PolicyInformer. Policies() PolicyInformer - // PolicyViolations returns a PolicyViolationInformer. - PolicyViolations() PolicyViolationInformer } type version struct { @@ -52,11 +48,6 @@ func (v *version) ClusterPolicies() ClusterPolicyInformer { return &clusterPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } -// ClusterPolicyViolations returns a ClusterPolicyViolationInformer. -func (v *version) ClusterPolicyViolations() ClusterPolicyViolationInformer { - return &clusterPolicyViolationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - // GenerateRequests returns a GenerateRequestInformer. func (v *version) GenerateRequests() GenerateRequestInformer { return &generateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} @@ -66,8 +57,3 @@ func (v *version) GenerateRequests() GenerateRequestInformer { func (v *version) Policies() PolicyInformer { return &policyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } - -// PolicyViolations returns a PolicyViolationInformer. -func (v *version) PolicyViolations() PolicyViolationInformer { - return &policyViolationInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/pkg/client/informers/externalversions/kyverno/v1/policyviolation.go b/pkg/client/informers/externalversions/kyverno/v1/policyviolation.go deleted file mode 100755 index d7b61bd1ae..0000000000 --- a/pkg/client/informers/externalversions/kyverno/v1/policyviolation.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" - versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned" - internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces" - v1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// PolicyViolationInformer provides access to a shared informer and lister for -// PolicyViolations. -type PolicyViolationInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.PolicyViolationLister -} - -type policyViolationInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewPolicyViolationInformer constructs a new informer for PolicyViolation type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPolicyViolationInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPolicyViolationInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredPolicyViolationInformer constructs a new informer for PolicyViolation type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPolicyViolationInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.KyvernoV1().PolicyViolations(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.KyvernoV1().PolicyViolations(namespace).Watch(context.TODO(), options) - }, - }, - &kyvernov1.PolicyViolation{}, - resyncPeriod, - indexers, - ) -} - -func (f *policyViolationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPolicyViolationInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *policyViolationInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&kyvernov1.PolicyViolation{}, f.defaultInformer) -} - -func (f *policyViolationInformer) Lister() v1.PolicyViolationLister { - return v1.NewPolicyViolationLister(f.Informer().GetIndexer()) -} diff --git a/pkg/client/listers/kyverno/v1/clusterpolicyviolation.go b/pkg/client/listers/kyverno/v1/clusterpolicyviolation.go deleted file mode 100755 index 9b1595da4c..0000000000 --- a/pkg/client/listers/kyverno/v1/clusterpolicyviolation.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ClusterPolicyViolationLister helps list ClusterPolicyViolations. -type ClusterPolicyViolationLister interface { - // List lists all ClusterPolicyViolations in the indexer. - List(selector labels.Selector) (ret []*v1.ClusterPolicyViolation, err error) - // Get retrieves the ClusterPolicyViolation from the index for a given name. - Get(name string) (*v1.ClusterPolicyViolation, error) - ClusterPolicyViolationListerExpansion -} - -// clusterPolicyViolationLister implements the ClusterPolicyViolationLister interface. -type clusterPolicyViolationLister struct { - indexer cache.Indexer -} - -// NewClusterPolicyViolationLister returns a new ClusterPolicyViolationLister. -func NewClusterPolicyViolationLister(indexer cache.Indexer) ClusterPolicyViolationLister { - return &clusterPolicyViolationLister{indexer: indexer} -} - -// List lists all ClusterPolicyViolations in the indexer. -func (s *clusterPolicyViolationLister) List(selector labels.Selector) (ret []*v1.ClusterPolicyViolation, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ClusterPolicyViolation)) - }) - return ret, err -} - -// Get retrieves the ClusterPolicyViolation from the index for a given name. -func (s *clusterPolicyViolationLister) Get(name string) (*v1.ClusterPolicyViolation, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("clusterpolicyviolation"), name) - } - return obj.(*v1.ClusterPolicyViolation), nil -} diff --git a/pkg/client/listers/kyverno/v1/custom_expansion_generated.go b/pkg/client/listers/kyverno/v1/custom_expansion_generated.go new file mode 100644 index 0000000000..ff52b65f61 --- /dev/null +++ b/pkg/client/listers/kyverno/v1/custom_expansion_generated.go @@ -0,0 +1,65 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" + "k8s.io/apimachinery/pkg/labels" +) + +//ListResources is a wrapper to List and adds the resource kind information +// as the lister is specific to a gvk we can harcode the values here +func (pl *clusterPolicyLister) ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicy, err error) { + policies, err := pl.List(selector) + for index := range policies { + policies[index].SetGroupVersionKind(kyvernov1.SchemeGroupVersion.WithKind("ClusterPolicy")) + } + return policies, err +} + +func (s generateRequestNamespaceLister) GetGenerateRequestsForResource(kind, namespace, name string) ([]*kyvernov1.GenerateRequest, error) { + var list []*kyvernov1.GenerateRequest + grs, err := s.List(labels.NewSelector()) + if err != nil { + return nil, err + } + for idx, gr := range grs { + if gr.Spec.Resource.Kind == kind && + gr.Spec.Resource.Namespace == namespace && + gr.Spec.Resource.Name == name { + list = append(list, grs[idx]) + + } + } + return list, err +} + +func (s generateRequestNamespaceLister) GetGenerateRequestsForClusterPolicy(policy string) ([]*kyvernov1.GenerateRequest, error) { + var list []*kyvernov1.GenerateRequest + grs, err := s.List(labels.NewSelector()) + if err != nil { + return nil, err + } + for idx, gr := range grs { + if gr.Spec.Policy == policy { + list = append(list, grs[idx]) + } + } + return list, err +} diff --git a/pkg/client/listers/kyverno/v1/expansion_generated.go b/pkg/client/listers/kyverno/v1/expansion_generated.go index 591dd4b849..65546708ce 100755 --- a/pkg/client/listers/kyverno/v1/expansion_generated.go +++ b/pkg/client/listers/kyverno/v1/expansion_generated.go @@ -19,141 +19,19 @@ limitations under the License. package v1 import ( - "fmt" - kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" ) -type PolicyNamespaceListerExpansion interface{} - // ClusterPolicyListerExpansion allows custom methods to be added to // ClusterPolicyLister. type ClusterPolicyListerExpansion interface { - GetPolicyForPolicyViolation(pv *kyvernov1.ClusterPolicyViolation) ([]*kyvernov1.ClusterPolicy, error) - GetPolicyForNamespacedPolicyViolation(pv *kyvernov1.PolicyViolation) ([]*kyvernov1.ClusterPolicy, error) ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicy, err error) } -// ClusterPolicyViolationListerExpansion allows custom methods to be added to -// ClusterPolicyViolationLister. -type ClusterPolicyViolationListerExpansion interface { - // List lists all PolicyViolations in the indexer with GVK. - ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicyViolation, err error) -} - -// PolicyViolationListerExpansion allows custom methods to be added to -// PolicyViolationLister. -type PolicyViolationListerExpansion interface{} - -// PolicyViolationNamespaceListerExpansion allows custom methods to be added to -// PolicyViolationNamespaceLister. -type PolicyViolationNamespaceListerExpansion interface{} - -//ListResources is a wrapper to List and adds the resource kind information -// as the lister is specific to a gvk we can harcode the values here -func (pvl *clusterPolicyViolationLister) ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicyViolation, err error) { - policyviolations, err := pvl.List(selector) - if err != nil { - return nil, err - } - for index := range policyviolations { - policyviolations[index].SetGroupVersionKind(kyvernov1.SchemeGroupVersion.WithKind("ClusterPolicyViolation")) - } - return policyviolations, nil -} - -//ListResources is a wrapper to List and adds the resource kind information -// as the lister is specific to a gvk we can harcode the values here -func (pl *clusterPolicyLister) ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicy, err error) { - policies, err := pl.List(selector) - for index := range policies { - policies[index].SetGroupVersionKind(kyvernov1.SchemeGroupVersion.WithKind("ClusterPolicy")) - } - return policies, err -} - -func (pl *clusterPolicyLister) GetPolicyForPolicyViolation(pv *kyvernov1.ClusterPolicyViolation) ([]*kyvernov1.ClusterPolicy, error) { - if len(pv.Labels) == 0 { - return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name) - } - - pList, err := pl.List(labels.Everything()) - if err != nil { - return nil, err - } - - var policies []*kyvernov1.ClusterPolicy - for _, p := range pList { - policyLabelmap := map[string]string{"policy": p.Name} - - ls := &metav1.LabelSelector{} - err = metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&policyLabelmap, ls, nil) - if err != nil { - return nil, fmt.Errorf("failed to generate label sector of Policy name %s: %v", p.Name, err) - } - selector, err := metav1.LabelSelectorAsSelector(ls) - if err != nil { - return nil, fmt.Errorf("invalid label selector: %v", err) - } - // If a policy with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pv.Labels)) { - continue - } - policies = append(policies, p) - } - - if len(policies) == 0 { - return nil, fmt.Errorf("could not find Policy set for PolicyViolation %s with labels: %v", pv.Name, pv.Labels) - } - - return policies, nil - -} - -func (pl *clusterPolicyLister) GetPolicyForNamespacedPolicyViolation(pv *kyvernov1.PolicyViolation) ([]*kyvernov1.ClusterPolicy, error) { - if len(pv.Labels) == 0 { - return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name) - } - - pList, err := pl.List(labels.Everything()) - if err != nil { - return nil, err - } - - var policies []*kyvernov1.ClusterPolicy - for _, p := range pList { - policyLabelmap := map[string]string{"policy": p.Name} - - ls := &metav1.LabelSelector{} - err = metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&policyLabelmap, ls, nil) - if err != nil { - return nil, fmt.Errorf("failed to generate label sector of Policy name %s: %v", p.Name, err) - } - selector, err := metav1.LabelSelectorAsSelector(ls) - if err != nil { - return nil, fmt.Errorf("invalid label selector: %v", err) - } - // If a policy with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pv.Labels)) { - continue - } - policies = append(policies, p) - } - - if len(policies) == 0 { - return nil, fmt.Errorf("could not find Policy set for Namespaced policy Violation %s with labels: %v", pv.Name, pv.Labels) - } - - return policies, nil - -} - // GenerateRequestListerExpansion allows custom methods to be added to // GenerateRequestLister. -type GenerateRequestListerExpansion interface { -} +type GenerateRequestListerExpansion interface{} // GenerateRequestNamespaceListerExpansion allows custom methods to be added to // GenerateRequestNamespaceLister. @@ -162,73 +40,10 @@ type GenerateRequestNamespaceListerExpansion interface { GetGenerateRequestsForResource(kind, namespace, name string) ([]*kyvernov1.GenerateRequest, error) } -func (s generateRequestNamespaceLister) GetGenerateRequestsForResource(kind, namespace, name string) ([]*kyvernov1.GenerateRequest, error) { - var list []*kyvernov1.GenerateRequest - grs, err := s.List(labels.NewSelector()) - if err != nil { - return nil, err - } - for idx, gr := range grs { - if gr.Spec.Resource.Kind == kind && - gr.Spec.Resource.Namespace == namespace && - gr.Spec.Resource.Name == name { - list = append(list, grs[idx]) +// PolicyListerExpansion allows custom methods to be added to +// PolicyLister. +type PolicyListerExpansion interface{} - } - } - return list, err -} - -func (s generateRequestNamespaceLister) GetGenerateRequestsForClusterPolicy(policy string) ([]*kyvernov1.GenerateRequest, error) { - var list []*kyvernov1.GenerateRequest - grs, err := s.List(labels.NewSelector()) - if err != nil { - return nil, err - } - for idx, gr := range grs { - if gr.Spec.Policy == policy { - list = append(list, grs[idx]) - } - } - return list, err -} - -type PolicyListerExpansion interface { - GetPolicyForPolicyViolation(pv *kyvernov1.PolicyViolation) ([]*kyvernov1.Policy, error) -} - -func (p *policyLister) GetPolicyForPolicyViolation(pv *kyvernov1.PolicyViolation) ([]*kyvernov1.Policy, error) { - if len(pv.Labels) == 0 { - return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name) - } - - pList, err := p.List(labels.Everything()) - if err != nil { - return nil, err - } - - var policies []*kyvernov1.Policy - for _, p := range pList { - policyLabelmap := map[string]string{"policy": p.Name} - - ls := &metav1.LabelSelector{} - err = metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&policyLabelmap, ls, nil) - if err != nil { - return nil, fmt.Errorf("failed to generate label sector of Policy name %s: %v", p.Name, err) - } - selector, err := metav1.LabelSelectorAsSelector(ls) - if err != nil { - return nil, fmt.Errorf("invalid label selector: %v", err) - } - // If a policy with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pv.Labels)) { - continue - } - if p.Namespace != pv.Namespace { - continue - } - policies = append(policies, p) - } - - return policies, err -} +// PolicyNamespaceListerExpansion allows custom methods to be added to +// PolicyNamespaceLister. +type PolicyNamespaceListerExpansion interface{} diff --git a/pkg/client/listers/kyverno/v1/policyviolation.go b/pkg/client/listers/kyverno/v1/policyviolation.go deleted file mode 100755 index 359eeae926..0000000000 --- a/pkg/client/listers/kyverno/v1/policyviolation.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PolicyViolationLister helps list PolicyViolations. -type PolicyViolationLister interface { - // List lists all PolicyViolations in the indexer. - List(selector labels.Selector) (ret []*v1.PolicyViolation, err error) - // PolicyViolations returns an object that can list and get PolicyViolations. - PolicyViolations(namespace string) PolicyViolationNamespaceLister - PolicyViolationListerExpansion -} - -// policyViolationLister implements the PolicyViolationLister interface. -type policyViolationLister struct { - indexer cache.Indexer -} - -// NewPolicyViolationLister returns a new PolicyViolationLister. -func NewPolicyViolationLister(indexer cache.Indexer) PolicyViolationLister { - return &policyViolationLister{indexer: indexer} -} - -// List lists all PolicyViolations in the indexer. -func (s *policyViolationLister) List(selector labels.Selector) (ret []*v1.PolicyViolation, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PolicyViolation)) - }) - return ret, err -} - -// PolicyViolations returns an object that can list and get PolicyViolations. -func (s *policyViolationLister) PolicyViolations(namespace string) PolicyViolationNamespaceLister { - return policyViolationNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// PolicyViolationNamespaceLister helps list and get PolicyViolations. -type PolicyViolationNamespaceLister interface { - // List lists all PolicyViolations in the indexer for a given namespace. - List(selector labels.Selector) (ret []*v1.PolicyViolation, err error) - // Get retrieves the PolicyViolation from the indexer for a given namespace and name. - Get(name string) (*v1.PolicyViolation, error) - PolicyViolationNamespaceListerExpansion -} - -// policyViolationNamespaceLister implements the PolicyViolationNamespaceLister -// interface. -type policyViolationNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PolicyViolations in the indexer for a given namespace. -func (s policyViolationNamespaceLister) List(selector labels.Selector) (ret []*v1.PolicyViolation, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PolicyViolation)) - }) - return ret, err -} - -// Get retrieves the PolicyViolation from the indexer for a given namespace and name. -func (s policyViolationNamespaceLister) Get(name string) (*v1.PolicyViolation, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("policyviolation"), name) - } - return obj.(*v1.PolicyViolation), nil -} diff --git a/pkg/constant/constant.go b/pkg/constant/constant.go index 3181c3d28e..8c4fee2ffa 100644 --- a/pkg/constant/constant.go +++ b/pkg/constant/constant.go @@ -4,7 +4,7 @@ import "time" const ( CRDControllerResync = 15 * time.Minute - PolicyViolationControllerResync = 15 * time.Minute + PolicyReportControllerResync = 15 * time.Minute PolicyControllerResync = 15 * time.Minute EventControllerResync = 15 * time.Minute GenerateControllerResync = 15 * time.Minute diff --git a/pkg/policyreport/reportcontroller.go b/pkg/policyreport/reportcontroller.go index 56546acf97..703f96ab80 100644 --- a/pkg/policyreport/reportcontroller.go +++ b/pkg/policyreport/reportcontroller.go @@ -180,7 +180,7 @@ func (g *ReportGenerator) Run(workers int, stopCh <-chan struct{}) { } for i := 0; i < workers; i++ { - go wait.Until(g.runWorker, constant.PolicyViolationControllerResync, stopCh) + go wait.Until(g.runWorker, constant.PolicyReportControllerResync, stopCh) } <-stopCh diff --git a/pkg/policyreport/reportrequest.go b/pkg/policyreport/reportrequest.go index 1651215bae..3b0fac5ad4 100755 --- a/pkg/policyreport/reportrequest.go +++ b/pkg/policyreport/reportrequest.go @@ -177,7 +177,7 @@ func (gen *Generator) Run(workers int, stopCh <-chan struct{}) { } for i := 0; i < workers; i++ { - go wait.Until(gen.runWorker, constant.PolicyViolationControllerResync, stopCh) + go wait.Until(gen.runWorker, constant.PolicyReportControllerResync, stopCh) } <-stopCh diff --git a/pkg/policystatus/status_test.go b/pkg/policystatus/status_test.go index bdf1760267..1d7e5a68b8 100644 --- a/pkg/policystatus/status_test.go +++ b/pkg/policystatus/status_test.go @@ -42,14 +42,6 @@ func (dl dummyLister) Get(name string) (*v1.ClusterPolicy, error) { return nil, fmt.Errorf("not implemented") } -func (dl dummyLister) GetPolicyForPolicyViolation(pv *v1.ClusterPolicyViolation) ([]*v1.ClusterPolicy, error) { - return nil, fmt.Errorf("not implemented") -} - -func (dl dummyLister) GetPolicyForNamespacedPolicyViolation(pv *v1.PolicyViolation) ([]*v1.ClusterPolicy, error) { - return nil, fmt.Errorf("not implemented") -} - func (dl dummyLister) ListResources(selector labels.Selector) (ret []*v1.ClusterPolicy, err error) { return nil, fmt.Errorf("not implemented") } @@ -71,10 +63,6 @@ func (dl dummyNsLister) Get(name string) (*v1.Policy, error) { return nil, fmt.Errorf("not implemented") } -func (dl dummyNsLister) GetPolicyForPolicyViolation(pv *v1.PolicyViolation) ([]*v1.Policy, error) { - return nil, fmt.Errorf("not implemented") -} - func TestKeyToMutex(t *testing.T) { expectedCache := `{"policy1":{"rulesAppliedCount":100}}` diff --git a/pkg/webhooks/common.go b/pkg/webhooks/common.go index 0fae1504a1..2e973cfc22 100644 --- a/pkg/webhooks/common.go +++ b/pkg/webhooks/common.go @@ -167,7 +167,7 @@ func convertResource(raw []byte, group, version, kind, namespace string) (unstru func excludeKyvernoResources(kind string) bool { switch kind { - case "ClusterPolicy", "ClusterPolicyViolation", "PolicyViolation", "GenerateRequest", "Policy": + case "ClusterPolicy", "GenerateRequest", "Policy", "ClusterPolicyReport", "PolicyReport", "ClusterReportChangeRequest", "ReportChangeRequest": return true default: return false