mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

remove policy violation from types.go

Browse source
This commit is contained in:
Shuting Zhao 2020-11-11 15:50:17 -08:00
parent 2292bf860b
commit 58bc63e1ad
29 changed files with 197 additions and 1717 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
charts/kyverno/templates/clusterrole.yaml
View file

@ -7,7 +7,7 @@ rules:
- apiGroups: ["kyverno.io"]
resources:
- policyviolations
verbs: ["get", "list", "watch"]
verbs: ["get", "list", "watch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@ -84,10 +84,6 @@ rules:
- policies/status
- clusterpolicies
- clusterpolicies/status
- clusterpolicyviolations
- clusterpolicyviolations/status
- policyviolations
- policyviolations/status
- generaterequests
- generaterequests/status
verbs:

4
definitions/github/rbac.yaml
View file

@ -30,10 +30,6 @@ rules:
resources:
- clusterpolicies
- clusterpolicies/status
- clusterpolicyviolations
- clusterpolicyviolations/status
- policyviolations
- policyviolations/status
- generaterequests
- generaterequests/status
verbs:

67
definitions/install.yaml
View file

@ -1986,10 +1986,6 @@ rules:
- policyreports/status
- clusterpolicyreports
- clusterpolicyreports/status
- clusterpolicyviolations
- clusterpolicyviolations/status
- policyviolations
- policyviolations/status
- generaterequests
- generaterequests/status
- reportchangerequests
@ -2165,22 +2161,6 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyviolations
rules:
- apiGroups:
- kyverno.io
resources:
- policyviolations
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kyverno:policyreport
rules:
@ -2209,6 +2189,7 @@ rules:
- get
- list
- watch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
@ -2228,39 +2209,6 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:view-clusterpolicyviolations
rules:
- apiGroups:
- kyverno.io
resources:
- clusterpolicyviolations
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: kyverno:view-policies-policyviolations
rules:
- apiGroups:
- kyverno.io
resources:
- policyviolations
- policies
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -2329,6 +2277,19 @@ subjects:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kyverno:policyviolations
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kyverno:policyviolations
subjects:
- kind: ServiceAccount
name: kyverno-service-account
namespace: kyverno
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kyverno:userinfo
roleRef:

67
definitions/install_debug.yaml
View file

@ -1986,10 +1986,6 @@ rules:
- policyreports/status
- clusterpolicyreports
- clusterpolicyreports/status
- clusterpolicyviolations
- clusterpolicyviolations/status
- policyviolations
- policyviolations/status
- generaterequests
- generaterequests/status
- reportchangerequests
@ -2165,22 +2161,6 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyviolations
rules:
- apiGroups:
- kyverno.io
resources:
- policyviolations
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kyverno:policyreport
rules:
@ -2209,6 +2189,7 @@ rules:
- get
- list
- watch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
@ -2228,39 +2209,6 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:view-clusterpolicyviolations
rules:
- apiGroups:
- kyverno.io
resources:
- clusterpolicyviolations
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: kyverno:view-policies-policyviolations
rules:
- apiGroups:
- kyverno.io
resources:
- policyviolations
- policies
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -2329,6 +2277,19 @@ subjects:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kyverno:policyviolations
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kyverno:policyviolations
subjects:
- kind: ServiceAccount
name: kyverno-service-account
namespace: kyverno
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kyverno:userinfo
roleRef:

60
definitions/k8s-resource/rbac.yaml
View file

@ -32,7 +32,7 @@ rules:
- apiGroups: ["kyverno.io"]
resources:
- policyviolations
verbs: ["get", "list", "watch"]
verbs: ["get", "list", "watch", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@ -73,6 +73,19 @@ subjects:
name: kyverno-service-account
namespace: kyverno
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kyverno:policyviolations
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kyverno:policyviolations
subjects:
- kind: ServiceAccount
name: kyverno-service-account
namespace: kyverno
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@ -180,10 +193,6 @@ rules:
- policyreports/status
- clusterpolicyreports
- clusterpolicyreports/status
- clusterpolicyviolations
- clusterpolicyviolations/status
- policyviolations
- policyviolations/status
- generaterequests
- generaterequests/status
- reportchangerequests
@ -254,31 +263,6 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kyverno:view-policies-policyviolations
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups: ["kyverno.io"]
resources:
- policyviolations
- policies
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kyverno:view-clusterpolicyviolations
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["kyverno.io"]
resources:
- clusterpolicyviolations
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
@ -374,19 +358,3 @@ rules:
- clusterpolicyreport
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyviolations
rules:
- apiGroups:
- kyverno.io
resources:
- policyviolations
verbs:
- get
- list
- watch

77
pkg/api/kyverno/v1/generaterequest_types.go Normal file
View file

@ -0,0 +1,77 @@
package v1
import (
authenticationv1 "k8s.io/api/authentication/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
//GenerateRequest is a request to process generate rule
type GenerateRequest struct {
metav1.TypeMeta `json:",inline" yaml:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`
// Spec is the information to identify the generate request
Spec GenerateRequestSpec `json:"spec" yaml:"spec"`
// Status contains statistics related to generate request
Status GenerateRequestStatus `json:"status" yaml:"status"`
}
//GenerateRequestSpec stores the request specification
type GenerateRequestSpec struct {
// Specifies the name of the policy
Policy string `json:"policy" yaml:"policy"`
// ResourceSpec is the information to identify the generate request
Resource ResourceSpec `json:"resource" yaml:"resource"`
// Context ...
Context GenerateRequestContext `json:"context" yaml:"context"`
}
//GenerateRequestContext stores the context to be shared
type GenerateRequestContext struct {
UserRequestInfo RequestInfo `json:"userInfo,omitempty" yaml:"userInfo,omitempty"`
}
// RequestInfo contains permission info carried in an admission request
type RequestInfo struct {
// Roles is a list of possible role send the request
Roles []string `json:"roles" yaml:"roles"`
// ClusterRoles is a list of possible clusterRoles send the request
ClusterRoles []string `json:"clusterRoles" yaml:"clusterRoles"`
// UserInfo is the userInfo carried in the admission request
AdmissionUserInfo authenticationv1.UserInfo `json:"userInfo" yaml:"userInfo"`
}
//GenerateRequestStatus stores the status of generated request
type GenerateRequestStatus struct {
// State represents state of the generate request
State GenerateRequestState `json:"state" yaml:"state"`
// Specifies request status message
// +optional
Message string `json:"message,omitempty" yaml:"message,omitempty"`
// This will track the resources that are generated by the generate Policy
// Will be used during clean up resources
GeneratedResources []ResourceSpec `json:"generatedResources,omitempty" yaml:"generatedResources,omitempty"`
}
//GenerateRequestState defines the state of
type GenerateRequestState string
const (
//Pending - the Request is yet to be processed or resource has not been created
Pending GenerateRequestState = "Pending"
//Failed - the Generate Request Controller failed to process the rules
Failed GenerateRequestState = "Failed"
//Completed - the Generate Request Controller created resources defined in the policy
Completed GenerateRequestState = "Completed"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
//GenerateRequestList stores the list of generate requests
type GenerateRequestList struct {
metav1.TypeMeta `json:",inline" yaml:",inline"`
metav1.ListMeta `json:"metadata" yaml:"metadata"`
Items []GenerateRequest `json:"items" yaml:"items"`
}

4
pkg/api/kyverno/v1/register.go
View file

@ -33,10 +33,6 @@ func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&ClusterPolicy{},
&ClusterPolicyList{},
&ClusterPolicyViolation{},
&ClusterPolicyViolationList{},
&PolicyViolation{},
&PolicyViolationList{},
&GenerateRequest{},
&GenerateRequestList{},
&Policy{},

130
pkg/api/kyverno/v1/types.go
View file

@ -1,82 +1,10 @@
package v1
import (
authenticationv1 "k8s.io/api/authentication/v1"
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
//GenerateRequest is a request to process generate rule
type GenerateRequest struct {
metav1.TypeMeta `json:",inline" yaml:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`
// Spec is the information to identify the generate request
Spec GenerateRequestSpec `json:"spec" yaml:"spec"`
// Status contains statistics related to generate request
Status GenerateRequestStatus `json:"status" yaml:"status"`
}
//GenerateRequestSpec stores the request specification
type GenerateRequestSpec struct {
// Specifies the name of the policy
Policy string `json:"policy" yaml:"policy"`
// ResourceSpec is the information to identify the generate request
Resource ResourceSpec `json:"resource" yaml:"resource"`
// Context ...
Context GenerateRequestContext `json:"context" yaml:"context"`
}
//GenerateRequestContext stores the context to be shared
type GenerateRequestContext struct {
UserRequestInfo RequestInfo `json:"userInfo,omitempty" yaml:"userInfo,omitempty"`
}
// RequestInfo contains permission info carried in an admission request
type RequestInfo struct {
// Roles is a list of possible role send the request
Roles []string `json:"roles" yaml:"roles"`
// ClusterRoles is a list of possible clusterRoles send the request
ClusterRoles []string `json:"clusterRoles" yaml:"clusterRoles"`
// UserInfo is the userInfo carried in the admission request
AdmissionUserInfo authenticationv1.UserInfo `json:"userInfo" yaml:"userInfo"`
}
//GenerateRequestStatus stores the status of generated request
type GenerateRequestStatus struct {
// State represents state of the generate request
State GenerateRequestState `json:"state" yaml:"state"`
// Specifies request status message
// +optional
Message string `json:"message,omitempty" yaml:"message,omitempty"`
// This will track the resources that are generated by the generate Policy
// Will be used during clean up resources
GeneratedResources []ResourceSpec `json:"generatedResources,omitempty" yaml:"generatedResources,omitempty"`
}
//GenerateRequestState defines the state of
type GenerateRequestState string
const (
//Pending - the Request is yet to be processed or resource has not been created
Pending GenerateRequestState = "Pending"
//Failed - the Generate Request Controller failed to process the rules
Failed GenerateRequestState = "Failed"
//Completed - the Generate Request Controller created resources defined in the policy
Completed GenerateRequestState = "Completed"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
//GenerateRequestList stores the list of generate requests
type GenerateRequestList struct {
metav1.TypeMeta `json:",inline" yaml:",inline"`
metav1.ListMeta `json:"metadata" yaml:"metadata"`
Items []GenerateRequest `json:"items" yaml:"items"`
}
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@ -101,37 +29,6 @@ type PolicyList struct {
Items []Policy `json:"items" yaml:"items"`
}
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterPolicyViolation represents cluster-wide violations
type ClusterPolicyViolation PolicyViolationTemplate
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterPolicyViolationList ...
type ClusterPolicyViolationList struct {
metav1.TypeMeta `json:",inline" yaml:",inline"`
metav1.ListMeta `json:"metadata" yaml:"metadata"`
Items []ClusterPolicyViolation `json:"items" yaml:"items"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PolicyViolation represents namespaced violations
type PolicyViolation PolicyViolationTemplate
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PolicyViolationList ...
type PolicyViolationList struct {
metav1.TypeMeta `json:",inline" yaml:",inline"`
metav1.ListMeta `json:"metadata" yaml:"metadata"`
Items []PolicyViolation `json:"items" yaml:"items"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Policy contains rules to be applied to created resources
@ -373,25 +270,6 @@ type RuleStats struct {
ResourcesGeneratedCount int `json:"resourcesGeneratedCount,omitempty" yaml:"resourcesGeneratedCount,omitempty"`
}
// PolicyList is a list of Policy resources
// PolicyViolationTemplate stores the information regarinding the resources for which a policy failed to apply
type PolicyViolationTemplate struct {
metav1.TypeMeta `json:",inline" yaml:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty" `
Spec PolicyViolationSpec `json:"spec" yaml:"spec"`
Status PolicyViolationStatus `json:"status" yaml:"status"`
}
// PolicyViolationSpec describes policy behavior by its rules
type PolicyViolationSpec struct {
// Specifies name of the policy
Policy string `json:"policy" yaml:"policy"`
ResourceSpec `json:"resource" yaml:"resource"`
// Specifies list of violated rule
ViolatedRules []ViolatedRule `json:"rules" yaml:"rules"`
}
// ResourceSpec information to identify the resource
type ResourceSpec struct {
// Specifies resource apiVersionm
@ -418,11 +296,3 @@ type ViolatedRule struct {
// +optional
Check string `json:"check" yaml:"check"`
}
//PolicyViolationStatus provides information regarding policyviolation status
// status:
// LastUpdateTime : the time the policy violation was updated
type PolicyViolationStatus struct {
// LastUpdateTime : the time the policy violation was updated
LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" yaml:"lastUpdateTime,omitempty"`
}

181
pkg/api/kyverno/v1/zz_generated.deepcopy.go
View file

@ -103,67 +103,6 @@ func (in *ClusterPolicyList) DeepCopyObject() runtime.Object {
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterPolicyViolation) DeepCopyInto(out *ClusterPolicyViolation) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyViolation.
func (in *ClusterPolicyViolation) DeepCopy() *ClusterPolicyViolation {
if in == nil {
return nil
}
out := new(ClusterPolicyViolation)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterPolicyViolation) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterPolicyViolationList) DeepCopyInto(out *ClusterPolicyViolationList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]ClusterPolicyViolation, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyViolationList.
func (in *ClusterPolicyViolationList) DeepCopy() *ClusterPolicyViolationList {
if in == nil {
return nil
}
out := new(ClusterPolicyViolationList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterPolicyViolationList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
func (in *Condition) DeepCopy() *Condition {
if in == nil {
@ -489,126 +428,6 @@ func (in *PolicyStatus) DeepCopy() *PolicyStatus {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyViolation) DeepCopyInto(out *PolicyViolation) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolation.
func (in *PolicyViolation) DeepCopy() *PolicyViolation {
if in == nil {
return nil
}
out := new(PolicyViolation)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *PolicyViolation) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyViolationList) DeepCopyInto(out *PolicyViolationList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]PolicyViolation, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationList.
func (in *PolicyViolationList) DeepCopy() *PolicyViolationList {
if in == nil {
return nil
}
out := new(PolicyViolationList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *PolicyViolationList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyViolationSpec) DeepCopyInto(out *PolicyViolationSpec) {
*out = *in
out.ResourceSpec = in.ResourceSpec
if in.ViolatedRules != nil {
in, out := &in.ViolatedRules, &out.ViolatedRules
*out = make([]ViolatedRule, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationSpec.
func (in *PolicyViolationSpec) DeepCopy() *PolicyViolationSpec {
if in == nil {
return nil
}
out := new(PolicyViolationSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyViolationStatus) DeepCopyInto(out *PolicyViolationStatus) {
*out = *in
in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationStatus.
func (in *PolicyViolationStatus) DeepCopy() *PolicyViolationStatus {
if in == nil {
return nil
}
out := new(PolicyViolationStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyViolationTemplate) DeepCopyInto(out *PolicyViolationTemplate) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationTemplate.
func (in *PolicyViolationTemplate) DeepCopy() *PolicyViolationTemplate {
if in == nil {
return nil
}
out := new(PolicyViolationTemplate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RequestInfo) DeepCopyInto(out *RequestInfo) {
*out = *in

184
pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicyviolation.go
View file

@ -1,184 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1
import (
"context"
"time"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// ClusterPolicyViolationsGetter has a method to return a ClusterPolicyViolationInterface.
// A group's client should implement this interface.
type ClusterPolicyViolationsGetter interface {
ClusterPolicyViolations() ClusterPolicyViolationInterface
}
// ClusterPolicyViolationInterface has methods to work with ClusterPolicyViolation resources.
type ClusterPolicyViolationInterface interface {
Create(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.CreateOptions) (*v1.ClusterPolicyViolation, error)
Update(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (*v1.ClusterPolicyViolation, error)
UpdateStatus(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (*v1.ClusterPolicyViolation, error)
Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterPolicyViolation, error)
List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterPolicyViolationList, error)
Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterPolicyViolation, err error)
ClusterPolicyViolationExpansion
}
// clusterPolicyViolations implements ClusterPolicyViolationInterface
type clusterPolicyViolations struct {
client rest.Interface
}
// newClusterPolicyViolations returns a ClusterPolicyViolations
func newClusterPolicyViolations(c *KyvernoV1Client) *clusterPolicyViolations {
return &clusterPolicyViolations{
client: c.RESTClient(),
}
}
// Get takes name of the clusterPolicyViolation, and returns the corresponding clusterPolicyViolation object, and an error if there is any.
func (c *clusterPolicyViolations) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Get().
Resource("clusterpolicyviolations").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of ClusterPolicyViolations that match those selectors.
func (c *clusterPolicyViolations) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterPolicyViolationList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1.ClusterPolicyViolationList{}
err = c.client.Get().
Resource("clusterpolicyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested clusterPolicyViolations.
func (c *clusterPolicyViolations) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Resource("clusterpolicyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch(ctx)
}
// Create takes the representation of a clusterPolicyViolation and creates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *clusterPolicyViolations) Create(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.CreateOptions) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Post().
Resource("clusterpolicyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Body(clusterPolicyViolation).
Do(ctx).
Into(result)
return
}
// Update takes the representation of a clusterPolicyViolation and updates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *clusterPolicyViolations) Update(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Put().
Resource("clusterpolicyviolations").
Name(clusterPolicyViolation.Name).
VersionedParams(&opts, scheme.ParameterCodec).
Body(clusterPolicyViolation).
Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *clusterPolicyViolations) UpdateStatus(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Put().
Resource("clusterpolicyviolations").
Name(clusterPolicyViolation.Name).
SubResource("status").
VersionedParams(&opts, scheme.ParameterCodec).
Body(clusterPolicyViolation).
Do(ctx).
Into(result)
return
}
// Delete takes name of the clusterPolicyViolation and deletes it. Returns an error if one occurs.
func (c *clusterPolicyViolations) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
return c.client.Delete().
Resource("clusterpolicyviolations").
Name(name).
Body(&opts).
Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *clusterPolicyViolations) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
var timeout time.Duration
if listOpts.TimeoutSeconds != nil {
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("clusterpolicyviolations").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
Body(&opts).
Do(ctx).
Error()
}
// Patch applies the patch and returns the patched clusterPolicyViolation.
func (c *clusterPolicyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Patch(pt).
Resource("clusterpolicyviolations").
Name(name).
SubResource(subresources...).
VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}

133
pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicyviolation.go
View file

@ -1,133 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"context"
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeClusterPolicyViolations implements ClusterPolicyViolationInterface
type FakeClusterPolicyViolations struct {
Fake *FakeKyvernoV1
}
var clusterpolicyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1", Resource: "clusterpolicyviolations"}
var clusterpolicyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "ClusterPolicyViolation"}
// Get takes name of the clusterPolicyViolation, and returns the corresponding clusterPolicyViolation object, and an error if there is any.
func (c *FakeClusterPolicyViolations) Get(ctx context.Context, name string, options v1.GetOptions) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(clusterpolicyviolationsResource, name), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicyViolation), err
}
// List takes label and field selectors, and returns the list of ClusterPolicyViolations that match those selectors.
func (c *FakeClusterPolicyViolations) List(ctx context.Context, opts v1.ListOptions) (result *kyvernov1.ClusterPolicyViolationList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(clusterpolicyviolationsResource, clusterpolicyviolationsKind, opts), &kyvernov1.ClusterPolicyViolationList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &kyvernov1.ClusterPolicyViolationList{ListMeta: obj.(*kyvernov1.ClusterPolicyViolationList).ListMeta}
for _, item := range obj.(*kyvernov1.ClusterPolicyViolationList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested clusterPolicyViolations.
func (c *FakeClusterPolicyViolations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(clusterpolicyviolationsResource, opts))
}
// Create takes the representation of a clusterPolicyViolation and creates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *FakeClusterPolicyViolations) Create(ctx context.Context, clusterPolicyViolation *kyvernov1.ClusterPolicyViolation, opts v1.CreateOptions) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(clusterpolicyviolationsResource, clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicyViolation), err
}
// Update takes the representation of a clusterPolicyViolation and updates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *FakeClusterPolicyViolations) Update(ctx context.Context, clusterPolicyViolation *kyvernov1.ClusterPolicyViolation, opts v1.UpdateOptions) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(clusterpolicyviolationsResource, clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicyViolation), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeClusterPolicyViolations) UpdateStatus(ctx context.Context, clusterPolicyViolation *kyvernov1.ClusterPolicyViolation, opts v1.UpdateOptions) (*kyvernov1.ClusterPolicyViolation, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(clusterpolicyviolationsResource, "status", clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicyViolation), err
}
// Delete takes name of the clusterPolicyViolation and deletes it. Returns an error if one occurs.
func (c *FakeClusterPolicyViolations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(clusterpolicyviolationsResource, name), &kyvernov1.ClusterPolicyViolation{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeClusterPolicyViolations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(clusterpolicyviolationsResource, listOpts)
_, err := c.Fake.Invokes(action, &kyvernov1.ClusterPolicyViolationList{})
return err
}
// Patch applies the patch and returns the patched clusterPolicyViolation.
func (c *FakeClusterPolicyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyviolationsResource, name, pt, data, subresources...), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicyViolation), err
}

8
pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_kyverno_client.go
View file

@ -32,10 +32,6 @@ func (c *FakeKyvernoV1) ClusterPolicies() v1.ClusterPolicyInterface {
return &FakeClusterPolicies{c}
}
func (c *FakeKyvernoV1) ClusterPolicyViolations() v1.ClusterPolicyViolationInterface {
return &FakeClusterPolicyViolations{c}
}
func (c *FakeKyvernoV1) GenerateRequests(namespace string) v1.GenerateRequestInterface {
return &FakeGenerateRequests{c, namespace}
}
@ -44,10 +40,6 @@ func (c *FakeKyvernoV1) Policies(namespace string) v1.PolicyInterface {
return &FakePolicies{c, namespace}
}
func (c *FakeKyvernoV1) PolicyViolations(namespace string) v1.PolicyViolationInterface {
return &FakePolicyViolations{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeKyvernoV1) RESTClient() rest.Interface {

142
pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policyviolation.go
View file

@ -1,142 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"context"
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakePolicyViolations implements PolicyViolationInterface
type FakePolicyViolations struct {
Fake *FakeKyvernoV1
ns string
}
var policyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1", Resource: "policyviolations"}
var policyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "PolicyViolation"}
// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
func (c *FakePolicyViolations) Get(ctx context.Context, name string, options v1.GetOptions) (result *kyvernov1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(policyviolationsResource, c.ns, name), &kyvernov1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.PolicyViolation), err
}
// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
func (c *FakePolicyViolations) List(ctx context.Context, opts v1.ListOptions) (result *kyvernov1.PolicyViolationList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(policyviolationsResource, policyviolationsKind, c.ns, opts), &kyvernov1.PolicyViolationList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &kyvernov1.PolicyViolationList{ListMeta: obj.(*kyvernov1.PolicyViolationList).ListMeta}
for _, item := range obj.(*kyvernov1.PolicyViolationList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested policyViolations.
func (c *FakePolicyViolations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(policyviolationsResource, c.ns, opts))
}
// Create takes the representation of a policyViolation and creates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *FakePolicyViolations) Create(ctx context.Context, policyViolation *kyvernov1.PolicyViolation, opts v1.CreateOptions) (result *kyvernov1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(policyviolationsResource, c.ns, policyViolation), &kyvernov1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.PolicyViolation), err
}
// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *FakePolicyViolations) Update(ctx context.Context, policyViolation *kyvernov1.PolicyViolation, opts v1.UpdateOptions) (result *kyvernov1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(policyviolationsResource, c.ns, policyViolation), &kyvernov1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.PolicyViolation), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakePolicyViolations) UpdateStatus(ctx context.Context, policyViolation *kyvernov1.PolicyViolation, opts v1.UpdateOptions) (*kyvernov1.PolicyViolation, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(policyviolationsResource, "status", c.ns, policyViolation), &kyvernov1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.PolicyViolation), err
}
// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
func (c *FakePolicyViolations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(policyviolationsResource, c.ns, name), &kyvernov1.PolicyViolation{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakePolicyViolations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(policyviolationsResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &kyvernov1.PolicyViolationList{})
return err
}
// Patch applies the patch and returns the patched policyViolation.
func (c *FakePolicyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *kyvernov1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(policyviolationsResource, c.ns, name, pt, data, subresources...), &kyvernov1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.PolicyViolation), err
}

4
pkg/client/clientset/versioned/typed/kyverno/v1/generated_expansion.go
View file

@ -20,10 +20,6 @@ package v1
type ClusterPolicyExpansion interface{}
type ClusterPolicyViolationExpansion interface{}
type GenerateRequestExpansion interface{}
type PolicyExpansion interface{}
type PolicyViolationExpansion interface{}

10
pkg/client/clientset/versioned/typed/kyverno/v1/kyverno_client.go
View file

@ -27,10 +27,8 @@ import (
type KyvernoV1Interface interface {
RESTClient() rest.Interface
ClusterPoliciesGetter
ClusterPolicyViolationsGetter
GenerateRequestsGetter
PoliciesGetter
PolicyViolationsGetter
}
// KyvernoV1Client is used to interact with features provided by the kyverno.io group.
@ -42,10 +40,6 @@ func (c *KyvernoV1Client) ClusterPolicies() ClusterPolicyInterface {
return newClusterPolicies(c)
}
func (c *KyvernoV1Client) ClusterPolicyViolations() ClusterPolicyViolationInterface {
return newClusterPolicyViolations(c)
}
func (c *KyvernoV1Client) GenerateRequests(namespace string) GenerateRequestInterface {
return newGenerateRequests(c, namespace)
}
@ -54,10 +48,6 @@ func (c *KyvernoV1Client) Policies(namespace string) PolicyInterface {
return newPolicies(c, namespace)
}
func (c *KyvernoV1Client) PolicyViolations(namespace string) PolicyViolationInterface {
return newPolicyViolations(c, namespace)
}
// NewForConfig creates a new KyvernoV1Client for the given config.
func NewForConfig(c *rest.Config) (*KyvernoV1Client, error) {
config := *c

195
pkg/client/clientset/versioned/typed/kyverno/v1/policyviolation.go
View file

@ -1,195 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1
import (
"context"
"time"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// PolicyViolationsGetter has a method to return a PolicyViolationInterface.
// A group's client should implement this interface.
type PolicyViolationsGetter interface {
PolicyViolations(namespace string) PolicyViolationInterface
}
// PolicyViolationInterface has methods to work with PolicyViolation resources.
type PolicyViolationInterface interface {
Create(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.CreateOptions) (*v1.PolicyViolation, error)
Update(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (*v1.PolicyViolation, error)
UpdateStatus(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (*v1.PolicyViolation, error)
Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.PolicyViolation, error)
List(ctx context.Context, opts metav1.ListOptions) (*v1.PolicyViolationList, error)
Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.PolicyViolation, err error)
PolicyViolationExpansion
}
// policyViolations implements PolicyViolationInterface
type policyViolations struct {
client rest.Interface
ns string
}
// newPolicyViolations returns a PolicyViolations
func newPolicyViolations(c *KyvernoV1Client, namespace string) *policyViolations {
return &policyViolations{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
func (c *policyViolations) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.PolicyViolation, err error) {
result = &v1.PolicyViolation{}
err = c.client.Get().
Namespace(c.ns).
Resource("policyviolations").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
func (c *policyViolations) List(ctx context.Context, opts metav1.ListOptions) (result *v1.PolicyViolationList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1.PolicyViolationList{}
err = c.client.Get().
Namespace(c.ns).
Resource("policyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested policyViolations.
func (c *policyViolations) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("policyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch(ctx)
}
// Create takes the representation of a policyViolation and creates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *policyViolations) Create(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.CreateOptions) (result *v1.PolicyViolation, err error) {
result = &v1.PolicyViolation{}
err = c.client.Post().
Namespace(c.ns).
Resource("policyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Body(policyViolation).
Do(ctx).
Into(result)
return
}
// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *policyViolations) Update(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (result *v1.PolicyViolation, err error) {
result = &v1.PolicyViolation{}
err = c.client.Put().
Namespace(c.ns).
Resource("policyviolations").
Name(policyViolation.Name).
VersionedParams(&opts, scheme.ParameterCodec).
Body(policyViolation).
Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *policyViolations) UpdateStatus(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (result *v1.PolicyViolation, err error) {
result = &v1.PolicyViolation{}
err = c.client.Put().
Namespace(c.ns).
Resource("policyviolations").
Name(policyViolation.Name).
SubResource("status").
VersionedParams(&opts, scheme.ParameterCodec).
Body(policyViolation).
Do(ctx).
Into(result)
return
}
// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
func (c *policyViolations) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("policyviolations").
Name(name).
Body(&opts).
Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *policyViolations) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
var timeout time.Duration
if listOpts.TimeoutSeconds != nil {
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("policyviolations").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
Body(&opts).
Do(ctx).
Error()
}
// Patch applies the patch and returns the patched policyViolation.
func (c *policyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.PolicyViolation, err error) {
result = &v1.PolicyViolation{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("policyviolations").
Name(name).
SubResource(subresources...).
VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}

4
pkg/client/informers/externalversions/generic.go
View file

@ -57,14 +57,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
// Group=kyverno.io, Version=v1
case v1.SchemeGroupVersion.WithResource("clusterpolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().ClusterPolicies().Informer()}, nil
case v1.SchemeGroupVersion.WithResource("clusterpolicyviolations"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().ClusterPolicyViolations().Informer()}, nil
case v1.SchemeGroupVersion.WithResource("generaterequests"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().GenerateRequests().Informer()}, nil
case v1.SchemeGroupVersion.WithResource("policies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().Policies().Informer()}, nil
case v1.SchemeGroupVersion.WithResource("policyviolations"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().PolicyViolations().Informer()}, nil
// Group=kyverno.io, Version=v1alpha1
case v1alpha1.SchemeGroupVersion.WithResource("clusterreportchangerequests"):

89
pkg/client/informers/externalversions/kyverno/v1/clusterpolicyviolation.go
View file

@ -1,89 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1
import (
"context"
time "time"
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
v1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// ClusterPolicyViolationInformer provides access to a shared informer and lister for
// ClusterPolicyViolations.
type ClusterPolicyViolationInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1.ClusterPolicyViolationLister
}
type clusterPolicyViolationInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// NewClusterPolicyViolationInformer constructs a new informer for ClusterPolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewClusterPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredClusterPolicyViolationInformer(client, resyncPeriod, indexers, nil)
}
// NewFilteredClusterPolicyViolationInformer constructs a new informer for ClusterPolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredClusterPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().ClusterPolicyViolations().List(context.TODO(), options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().ClusterPolicyViolations().Watch(context.TODO(), options)
},
},
&kyvernov1.ClusterPolicyViolation{},
resyncPeriod,
indexers,
)
}
func (f *clusterPolicyViolationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredClusterPolicyViolationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *clusterPolicyViolationInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1.ClusterPolicyViolation{}, f.defaultInformer)
}
func (f *clusterPolicyViolationInformer) Lister() v1.ClusterPolicyViolationLister {
return v1.NewClusterPolicyViolationLister(f.Informer().GetIndexer())
}

14
pkg/client/informers/externalversions/kyverno/v1/interface.go
View file

@ -26,14 +26,10 @@ import (
type Interface interface {
// ClusterPolicies returns a ClusterPolicyInformer.
ClusterPolicies() ClusterPolicyInformer
// ClusterPolicyViolations returns a ClusterPolicyViolationInformer.
ClusterPolicyViolations() ClusterPolicyViolationInformer
// GenerateRequests returns a GenerateRequestInformer.
GenerateRequests() GenerateRequestInformer
// Policies returns a PolicyInformer.
Policies() PolicyInformer
// PolicyViolations returns a PolicyViolationInformer.
PolicyViolations() PolicyViolationInformer
}
type version struct {
@ -52,11 +48,6 @@ func (v *version) ClusterPolicies() ClusterPolicyInformer {
return &clusterPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
// ClusterPolicyViolations returns a ClusterPolicyViolationInformer.
func (v *version) ClusterPolicyViolations() ClusterPolicyViolationInformer {
return &clusterPolicyViolationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
// GenerateRequests returns a GenerateRequestInformer.
func (v *version) GenerateRequests() GenerateRequestInformer {
return &generateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
@ -66,8 +57,3 @@ func (v *version) GenerateRequests() GenerateRequestInformer {
func (v *version) Policies() PolicyInformer {
return &policyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
// PolicyViolations returns a PolicyViolationInformer.
func (v *version) PolicyViolations() PolicyViolationInformer {
return &policyViolationInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

90
pkg/client/informers/externalversions/kyverno/v1/policyviolation.go
View file

@ -1,90 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1
import (
"context"
time "time"
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
v1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// PolicyViolationInformer provides access to a shared informer and lister for
// PolicyViolations.
type PolicyViolationInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1.PolicyViolationLister
}
type policyViolationInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewPolicyViolationInformer constructs a new informer for PolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewPolicyViolationInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredPolicyViolationInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredPolicyViolationInformer constructs a new informer for PolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredPolicyViolationInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().PolicyViolations(namespace).List(context.TODO(), options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().PolicyViolations(namespace).Watch(context.TODO(), options)
},
},
&kyvernov1.PolicyViolation{},
resyncPeriod,
indexers,
)
}
func (f *policyViolationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredPolicyViolationInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *policyViolationInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1.PolicyViolation{}, f.defaultInformer)
}
func (f *policyViolationInformer) Lister() v1.PolicyViolationLister {
return v1.NewPolicyViolationLister(f.Informer().GetIndexer())
}

65
pkg/client/listers/kyverno/v1/clusterpolicyviolation.go
View file

@ -1,65 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1
import (
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// ClusterPolicyViolationLister helps list ClusterPolicyViolations.
type ClusterPolicyViolationLister interface {
// List lists all ClusterPolicyViolations in the indexer.
List(selector labels.Selector) (ret []*v1.ClusterPolicyViolation, err error)
// Get retrieves the ClusterPolicyViolation from the index for a given name.
Get(name string) (*v1.ClusterPolicyViolation, error)
ClusterPolicyViolationListerExpansion
}
// clusterPolicyViolationLister implements the ClusterPolicyViolationLister interface.
type clusterPolicyViolationLister struct {
indexer cache.Indexer
}
// NewClusterPolicyViolationLister returns a new ClusterPolicyViolationLister.
func NewClusterPolicyViolationLister(indexer cache.Indexer) ClusterPolicyViolationLister {
return &clusterPolicyViolationLister{indexer: indexer}
}
// List lists all ClusterPolicyViolations in the indexer.
func (s *clusterPolicyViolationLister) List(selector labels.Selector) (ret []*v1.ClusterPolicyViolation, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1.ClusterPolicyViolation))
})
return ret, err
}
// Get retrieves the ClusterPolicyViolation from the index for a given name.
func (s *clusterPolicyViolationLister) Get(name string) (*v1.ClusterPolicyViolation, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1.Resource("clusterpolicyviolation"), name)
}
return obj.(*v1.ClusterPolicyViolation), nil
}

65
pkg/client/listers/kyverno/v1/custom_expansion_generated.go Normal file
View file

@ -0,0 +1,65 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1
import (
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
"k8s.io/apimachinery/pkg/labels"
)
//ListResources is a wrapper to List and adds the resource kind information
// as the lister is specific to a gvk we can harcode the values here
func (pl *clusterPolicyLister) ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicy, err error) {
policies, err := pl.List(selector)
for index := range policies {
policies[index].SetGroupVersionKind(kyvernov1.SchemeGroupVersion.WithKind("ClusterPolicy"))
}
return policies, err
}
func (s generateRequestNamespaceLister) GetGenerateRequestsForResource(kind, namespace, name string) ([]*kyvernov1.GenerateRequest, error) {
var list []*kyvernov1.GenerateRequest
grs, err := s.List(labels.NewSelector())
if err != nil {
return nil, err
}
for idx, gr := range grs {
if gr.Spec.Resource.Kind == kind &&
gr.Spec.Resource.Namespace == namespace &&
gr.Spec.Resource.Name == name {
list = append(list, grs[idx])
}
}
return list, err
}
func (s generateRequestNamespaceLister) GetGenerateRequestsForClusterPolicy(policy string) ([]*kyvernov1.GenerateRequest, error) {
var list []*kyvernov1.GenerateRequest
grs, err := s.List(labels.NewSelector())
if err != nil {
return nil, err
}
for idx, gr := range grs {
if gr.Spec.Policy == policy {
list = append(list, grs[idx])
}
}
return list, err
}

199
pkg/client/listers/kyverno/v1/expansion_generated.go
View file

@ -19,141 +19,19 @@ limitations under the License.
package v1
import (
"fmt"
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
)
type PolicyNamespaceListerExpansion interface{}
// ClusterPolicyListerExpansion allows custom methods to be added to
// ClusterPolicyLister.
type ClusterPolicyListerExpansion interface {
GetPolicyForPolicyViolation(pv *kyvernov1.ClusterPolicyViolation) ([]*kyvernov1.ClusterPolicy, error)
GetPolicyForNamespacedPolicyViolation(pv *kyvernov1.PolicyViolation) ([]*kyvernov1.ClusterPolicy, error)
ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicy, err error)
}
// ClusterPolicyViolationListerExpansion allows custom methods to be added to
// ClusterPolicyViolationLister.
type ClusterPolicyViolationListerExpansion interface {
// List lists all PolicyViolations in the indexer with GVK.
ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicyViolation, err error)
}
// PolicyViolationListerExpansion allows custom methods to be added to
// PolicyViolationLister.
type PolicyViolationListerExpansion interface{}
// PolicyViolationNamespaceListerExpansion allows custom methods to be added to
// PolicyViolationNamespaceLister.
type PolicyViolationNamespaceListerExpansion interface{}
//ListResources is a wrapper to List and adds the resource kind information
// as the lister is specific to a gvk we can harcode the values here
func (pvl *clusterPolicyViolationLister) ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicyViolation, err error) {
policyviolations, err := pvl.List(selector)
if err != nil {
return nil, err
}
for index := range policyviolations {
policyviolations[index].SetGroupVersionKind(kyvernov1.SchemeGroupVersion.WithKind("ClusterPolicyViolation"))
}
return policyviolations, nil
}
//ListResources is a wrapper to List and adds the resource kind information
// as the lister is specific to a gvk we can harcode the values here
func (pl *clusterPolicyLister) ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicy, err error) {
policies, err := pl.List(selector)
for index := range policies {
policies[index].SetGroupVersionKind(kyvernov1.SchemeGroupVersion.WithKind("ClusterPolicy"))
}
return policies, err
}
func (pl *clusterPolicyLister) GetPolicyForPolicyViolation(pv *kyvernov1.ClusterPolicyViolation) ([]*kyvernov1.ClusterPolicy, error) {
if len(pv.Labels) == 0 {
return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name)
}
pList, err := pl.List(labels.Everything())
if err != nil {
return nil, err
}
var policies []*kyvernov1.ClusterPolicy
for _, p := range pList {
policyLabelmap := map[string]string{"policy": p.Name}
ls := &metav1.LabelSelector{}
err = metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&policyLabelmap, ls, nil)
if err != nil {
return nil, fmt.Errorf("failed to generate label sector of Policy name %s: %v", p.Name, err)
}
selector, err := metav1.LabelSelectorAsSelector(ls)
if err != nil {
return nil, fmt.Errorf("invalid label selector: %v", err)
}
// If a policy with a nil or empty selector creeps in, it should match nothing, not everything.
if selector.Empty() || !selector.Matches(labels.Set(pv.Labels)) {
continue
}
policies = append(policies, p)
}
if len(policies) == 0 {
return nil, fmt.Errorf("could not find Policy set for PolicyViolation %s with labels: %v", pv.Name, pv.Labels)
}
return policies, nil
}
func (pl *clusterPolicyLister) GetPolicyForNamespacedPolicyViolation(pv *kyvernov1.PolicyViolation) ([]*kyvernov1.ClusterPolicy, error) {
if len(pv.Labels) == 0 {
return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name)
}
pList, err := pl.List(labels.Everything())
if err != nil {
return nil, err
}
var policies []*kyvernov1.ClusterPolicy
for _, p := range pList {
policyLabelmap := map[string]string{"policy": p.Name}
ls := &metav1.LabelSelector{}
err = metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&policyLabelmap, ls, nil)
if err != nil {
return nil, fmt.Errorf("failed to generate label sector of Policy name %s: %v", p.Name, err)
}
selector, err := metav1.LabelSelectorAsSelector(ls)
if err != nil {
return nil, fmt.Errorf("invalid label selector: %v", err)
}
// If a policy with a nil or empty selector creeps in, it should match nothing, not everything.
if selector.Empty() || !selector.Matches(labels.Set(pv.Labels)) {
continue
}
policies = append(policies, p)
}
if len(policies) == 0 {
return nil, fmt.Errorf("could not find Policy set for Namespaced policy Violation %s with labels: %v", pv.Name, pv.Labels)
}
return policies, nil
}
// GenerateRequestListerExpansion allows custom methods to be added to
// GenerateRequestLister.
type GenerateRequestListerExpansion interface {
}
type GenerateRequestListerExpansion interface{}
// GenerateRequestNamespaceListerExpansion allows custom methods to be added to
// GenerateRequestNamespaceLister.
@ -162,73 +40,10 @@ type GenerateRequestNamespaceListerExpansion interface {
GetGenerateRequestsForResource(kind, namespace, name string) ([]*kyvernov1.GenerateRequest, error)
}
func (s generateRequestNamespaceLister) GetGenerateRequestsForResource(kind, namespace, name string) ([]*kyvernov1.GenerateRequest, error) {
var list []*kyvernov1.GenerateRequest
grs, err := s.List(labels.NewSelector())
if err != nil {
return nil, err
}
for idx, gr := range grs {
if gr.Spec.Resource.Kind == kind &&
gr.Spec.Resource.Namespace == namespace &&
gr.Spec.Resource.Name == name {
list = append(list, grs[idx])
// PolicyListerExpansion allows custom methods to be added to
// PolicyLister.
type PolicyListerExpansion interface{}
}
}
return list, err
}
func (s generateRequestNamespaceLister) GetGenerateRequestsForClusterPolicy(policy string) ([]*kyvernov1.GenerateRequest, error) {
var list []*kyvernov1.GenerateRequest
grs, err := s.List(labels.NewSelector())
if err != nil {
return nil, err
}
for idx, gr := range grs {
if gr.Spec.Policy == policy {
list = append(list, grs[idx])
}
}
return list, err
}
type PolicyListerExpansion interface {
GetPolicyForPolicyViolation(pv *kyvernov1.PolicyViolation) ([]*kyvernov1.Policy, error)
}
func (p *policyLister) GetPolicyForPolicyViolation(pv *kyvernov1.PolicyViolation) ([]*kyvernov1.Policy, error) {
if len(pv.Labels) == 0 {
return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name)
}
pList, err := p.List(labels.Everything())
if err != nil {
return nil, err
}
var policies []*kyvernov1.Policy
for _, p := range pList {
policyLabelmap := map[string]string{"policy": p.Name}
ls := &metav1.LabelSelector{}
err = metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&policyLabelmap, ls, nil)
if err != nil {
return nil, fmt.Errorf("failed to generate label sector of Policy name %s: %v", p.Name, err)
}
selector, err := metav1.LabelSelectorAsSelector(ls)
if err != nil {
return nil, fmt.Errorf("invalid label selector: %v", err)
}
// If a policy with a nil or empty selector creeps in, it should match nothing, not everything.
if selector.Empty() || !selector.Matches(labels.Set(pv.Labels)) {
continue
}
if p.Namespace != pv.Namespace {
continue
}
policies = append(policies, p)
}
return policies, err
}
// PolicyNamespaceListerExpansion allows custom methods to be added to
// PolicyNamespaceLister.
type PolicyNamespaceListerExpansion interface{}

94
pkg/client/listers/kyverno/v1/policyviolation.go
View file

@ -1,94 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1
import (
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// PolicyViolationLister helps list PolicyViolations.
type PolicyViolationLister interface {
// List lists all PolicyViolations in the indexer.
List(selector labels.Selector) (ret []*v1.PolicyViolation, err error)
// PolicyViolations returns an object that can list and get PolicyViolations.
PolicyViolations(namespace string) PolicyViolationNamespaceLister
PolicyViolationListerExpansion
}
// policyViolationLister implements the PolicyViolationLister interface.
type policyViolationLister struct {
indexer cache.Indexer
}
// NewPolicyViolationLister returns a new PolicyViolationLister.
func NewPolicyViolationLister(indexer cache.Indexer) PolicyViolationLister {
return &policyViolationLister{indexer: indexer}
}
// List lists all PolicyViolations in the indexer.
func (s *policyViolationLister) List(selector labels.Selector) (ret []*v1.PolicyViolation, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1.PolicyViolation))
})
return ret, err
}
// PolicyViolations returns an object that can list and get PolicyViolations.
func (s *policyViolationLister) PolicyViolations(namespace string) PolicyViolationNamespaceLister {
return policyViolationNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// PolicyViolationNamespaceLister helps list and get PolicyViolations.
type PolicyViolationNamespaceLister interface {
// List lists all PolicyViolations in the indexer for a given namespace.
List(selector labels.Selector) (ret []*v1.PolicyViolation, err error)
// Get retrieves the PolicyViolation from the indexer for a given namespace and name.
Get(name string) (*v1.PolicyViolation, error)
PolicyViolationNamespaceListerExpansion
}
// policyViolationNamespaceLister implements the PolicyViolationNamespaceLister
// interface.
type policyViolationNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all PolicyViolations in the indexer for a given namespace.
func (s policyViolationNamespaceLister) List(selector labels.Selector) (ret []*v1.PolicyViolation, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1.PolicyViolation))
})
return ret, err
}
// Get retrieves the PolicyViolation from the indexer for a given namespace and name.
func (s policyViolationNamespaceLister) Get(name string) (*v1.PolicyViolation, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1.Resource("policyviolation"), name)
}
return obj.(*v1.PolicyViolation), nil
}

2
pkg/constant/constant.go
View file

@ -4,7 +4,7 @@ import "time"
const (
CRDControllerResync = 15 * time.Minute
PolicyViolationControllerResync = 15 * time.Minute
PolicyReportControllerResync = 15 * time.Minute
PolicyControllerResync = 15 * time.Minute
EventControllerResync = 15 * time.Minute
GenerateControllerResync = 15 * time.Minute

2
pkg/policyreport/reportcontroller.go
View file

@ -180,7 +180,7 @@ func (g *ReportGenerator) Run(workers int, stopCh <-chan struct{}) {
}
for i := 0; i < workers; i++ {
go wait.Until(g.runWorker, constant.PolicyViolationControllerResync, stopCh)
go wait.Until(g.runWorker, constant.PolicyReportControllerResync, stopCh)
}
<-stopCh

2
pkg/policyreport/reportrequest.go
View file

@ -177,7 +177,7 @@ func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
}
for i := 0; i < workers; i++ {
go wait.Until(gen.runWorker, constant.PolicyViolationControllerResync, stopCh)
go wait.Until(gen.runWorker, constant.PolicyReportControllerResync, stopCh)
}
<-stopCh

12
pkg/policystatus/status_test.go
View file

@ -42,14 +42,6 @@ func (dl dummyLister) Get(name string) (*v1.ClusterPolicy, error) {
return nil, fmt.Errorf("not implemented")
}
func (dl dummyLister) GetPolicyForPolicyViolation(pv *v1.ClusterPolicyViolation) ([]*v1.ClusterPolicy, error) {
return nil, fmt.Errorf("not implemented")
}
func (dl dummyLister) GetPolicyForNamespacedPolicyViolation(pv *v1.PolicyViolation) ([]*v1.ClusterPolicy, error) {
return nil, fmt.Errorf("not implemented")
}
func (dl dummyLister) ListResources(selector labels.Selector) (ret []*v1.ClusterPolicy, err error) {
return nil, fmt.Errorf("not implemented")
}
@ -71,10 +63,6 @@ func (dl dummyNsLister) Get(name string) (*v1.Policy, error) {
return nil, fmt.Errorf("not implemented")
}
func (dl dummyNsLister) GetPolicyForPolicyViolation(pv *v1.PolicyViolation) ([]*v1.Policy, error) {
return nil, fmt.Errorf("not implemented")
}
func TestKeyToMutex(t *testing.T) {
expectedCache := `{"policy1":{"rulesAppliedCount":100}}`

2
pkg/webhooks/common.go
View file

@ -167,7 +167,7 @@ func convertResource(raw []byte, group, version, kind, namespace string) (unstru
func excludeKyvernoResources(kind string) bool {
switch kind {
case "ClusterPolicy", "ClusterPolicyViolation", "PolicyViolation", "GenerateRequest", "Policy":
case "ClusterPolicy", "GenerateRequest", "Policy", "ClusterPolicyReport", "PolicyReport", "ClusterReportChangeRequest", "ReportChangeRequest":
return true
default:
return false