From 61d69c9290fdcd6d110b34265f389ea8876fc2ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Wed, 22 Jan 2025 10:03:48 +0100 Subject: [PATCH] refactor: reduce generic policy interface (#11974) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .../kubectl-kyverno/commands/apply/command.go | 8 +- .../kubectl-kyverno/commands/apply/table.go | 7 +- .../kubectl-kyverno/commands/test/output.go | 6 +- .../processor/policy_processor.go | 4 +- cmd/cli/kubectl-kyverno/report/report.go | 14 +-- .../report/background/controller.go | 6 +- pkg/controllers/report/utils/events.go | 4 +- pkg/engine/api/policy.go | 90 ------------------- pkg/event/events.go | 12 +-- pkg/utils/report/metadata.go | 4 +- pkg/utils/report/results.go | 15 ++-- pkg/utils/report/selector.go | 2 +- pkg/webhooks/resource/handlers.go | 4 +- pkg/webhooks/resource/utils.go | 6 +- pkg/webhooks/utils/block.go | 4 +- pkg/webhooks/utils/error.go | 2 +- pkg/webhooks/utils/warning.go | 2 +- 17 files changed, 54 insertions(+), 136 deletions(-) diff --git a/cmd/cli/kubectl-kyverno/commands/apply/command.go b/cmd/cli/kubectl-kyverno/commands/apply/command.go index 48d07d5cee..b5986f8025 100644 --- a/cmd/cli/kubectl-kyverno/commands/apply/command.go +++ b/cmd/cli/kubectl-kyverno/commands/apply/command.go @@ -113,9 +113,9 @@ func Command() *cobra.Command { } if rule.RuleType() == engineapi.Mutation { if rule.Status() == engineapi.RuleStatusSkip { - fmt.Fprintln(out, "\nskipped mutate policy", response.Policy().GetName(), "->", "resource", resPath) + fmt.Fprintln(out, "\nskipped mutate policy", response.Policy().MetaObject().GetName(), "->", "resource", resPath) } else if rule.Status() == engineapi.RuleStatusError { - fmt.Fprintln(out, "\nerror while applying mutate policy", response.Policy().GetName(), "->", "resource", resPath, "\nerror: ", rule.Message()) + fmt.Fprintln(out, "\nerror while applying mutate policy", response.Policy().MetaObject().GetName(), "->", "resource", resPath, "\nerror: ", rule.Message()) } } } @@ -125,9 +125,9 @@ func Command() *cobra.Command { auditWarn = true } if auditWarn { - fmt.Fprintln(out, "policy", response.Policy().GetName(), "->", "resource", resPath, "failed as audit warning:") + fmt.Fprintln(out, "policy", response.Policy().MetaObject().GetName(), "->", "resource", resPath, "failed as audit warning:") } else { - fmt.Fprintln(out, "policy", response.Policy().GetName(), "->", "resource", resPath, "failed:") + fmt.Fprintln(out, "policy", response.Policy().MetaObject().GetName(), "->", "resource", resPath, "failed:") } for i, rule := range failedRules { fmt.Fprintln(out, i+1, "-", rule.Name(), rule.Message()) diff --git a/cmd/cli/kubectl-kyverno/commands/apply/table.go b/cmd/cli/kubectl-kyverno/commands/apply/table.go index 168dc3091e..58068a8efb 100644 --- a/cmd/cli/kubectl-kyverno/commands/apply/table.go +++ b/cmd/cli/kubectl-kyverno/commands/apply/table.go @@ -14,9 +14,10 @@ func printTable(out io.Writer, compact, auditWarn bool, engineResponses ...engin id := 1 for _, engineResponse := range engineResponses { policy := engineResponse.Policy() - policyName := policy.GetName() - policyNamespace := policy.GetNamespace() - scored := annotations.Scored(policy.GetAnnotations()) + policyMeta := policy.MetaObject() + policyName := policyMeta.GetName() + policyNamespace := policyMeta.GetNamespace() + scored := annotations.Scored(policyMeta.GetAnnotations()) resourceKind := engineResponse.Resource.GetKind() resourceNamespace := engineResponse.Resource.GetNamespace() resourceName := engineResponse.Resource.GetName() diff --git a/cmd/cli/kubectl-kyverno/commands/test/output.go b/cmd/cli/kubectl-kyverno/commands/test/output.go index 1d115127b0..f6d1146baa 100644 --- a/cmd/cli/kubectl-kyverno/commands/test/output.go +++ b/cmd/cli/kubectl-kyverno/commands/test/output.go @@ -105,7 +105,7 @@ func printCheckResult( row := table.Row{ RowCompact: table.RowCompact{ ID: testCount, - Policy: color.Policy("", response.Policy().GetName()), + Policy: color.Policy("", response.Policy().MetaObject().GetName()), Rule: color.Rule(rule.Name()), Resource: color.Resource(response.Resource.GetKind(), response.Resource.GetNamespace(), response.Resource.GetName()), IsFailure: len(errs) != 0, @@ -136,7 +136,7 @@ func printCheckResult( row := table.Row{ RowCompact: table.RowCompact{ ID: testCount, - Policy: color.Policy("", response.Policy().GetName()), + Policy: color.Policy("", response.Policy().MetaObject().GetName()), Rule: color.Rule(rule.Name()), Resource: color.Resource(response.Resource.GetKind(), response.Resource.GetNamespace(), response.Resource.GetName()), IsFailure: len(errs) != 0, @@ -240,7 +240,7 @@ func printTestResult( if _, ok := responses.Trigger[resource]; ok { for _, response := range responses.Trigger[resource] { polNameNs := strings.Split(test.Policy, "/") - if response.Policy().GetName() != polNameNs[len(polNameNs)-1] { + if response.Policy().MetaObject().GetName() != polNameNs[len(polNameNs)-1] { continue } for _, rule := range lookupRuleResponses(test, response.PolicyResponse.Rules...) { diff --git a/cmd/cli/kubectl-kyverno/processor/policy_processor.go b/cmd/cli/kubectl-kyverno/processor/policy_processor.go index 95308d4c5d..03edbe3c73 100644 --- a/cmd/cli/kubectl-kyverno/processor/policy_processor.go +++ b/cmd/cli/kubectl-kyverno/processor/policy_processor.go @@ -399,7 +399,7 @@ func (p *PolicyProcessor) printOutput(resource interface{}, response engineapi.E resource := string(yamlEncodedResource) + string("\n---") if len(strings.TrimSpace(resource)) > 0 { if !p.Stdin { - fmt.Fprintf(p.Out, "\npolicy %s applied to %s:", response.Policy().GetName(), resourcePath) + fmt.Fprintf(p.Out, "\npolicy %s applied to %s:", response.Policy().MetaObject().GetName(), resourcePath) } fmt.Fprintf(p.Out, "\n"+resource+"\n") //nolint:govet if len(yamlEncodedTargetResources) > 0 { @@ -416,7 +416,7 @@ func (p *PolicyProcessor) printOutput(resource interface{}, response engineapi.E mutateLogPath := filepath.Clean(p.MutateLogPath) filename := p.Resource.GetName() + "-mutated" if isGenerate { - filename = response.Policy().GetName() + "-generated" + filename = response.Policy().MetaObject().GetName() + "-generated" } file, err = os.OpenFile(filepath.Join(mutateLogPath, filename+".yaml"), os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o600) // #nosec G304 diff --git a/cmd/cli/kubectl-kyverno/report/report.go b/cmd/cli/kubectl-kyverno/report/report.go index 1bfabd0659..89a46cf549 100644 --- a/cmd/cli/kubectl-kyverno/report/report.go +++ b/cmd/cli/kubectl-kyverno/report/report.go @@ -12,7 +12,8 @@ import ( func ComputePolicyReportResult(auditWarn bool, engineResponse engineapi.EngineResponse, ruleResponse engineapi.RuleResponse) policyreportv1alpha2.PolicyReportResult { policy := engineResponse.Policy() policyType := policy.GetType() - policyName := cache.MetaObjectToName(policy.MetaObject()).String() + policyMeta := policy.MetaObject() + policyName := cache.MetaObjectToName(policyMeta).String() resource := engineResponse.Resource resorceRef := &corev1.ObjectReference{ Kind: resource.GetKind(), @@ -23,7 +24,7 @@ func ComputePolicyReportResult(auditWarn bool, engineResponse engineapi.EngineRe ResourceVersion: resource.GetResourceVersion(), } - result := reportutils.ToPolicyReportResult(policyType, policyName, ruleResponse, policy.GetAnnotations(), resorceRef) + result := reportutils.ToPolicyReportResult(policyType, policyName, ruleResponse, policyMeta.GetAnnotations(), resorceRef) if result.Result == policyreportv1alpha2.StatusFail { audit := engineResponse.GetValidationFailureAction().Audit() if audit && auditWarn { @@ -60,7 +61,8 @@ func ComputePolicyReports(auditWarn bool, engineResponses ...engineapi.EngineRes var namespaced []policyreportv1alpha2.PolicyReport perPolicyResults := ComputePolicyReportResultsPerPolicy(auditWarn, engineResponses...) for policy, results := range perPolicyResults { - if policy.GetNamespace() == "" { + policyMeta := policy.MetaObject() + if policyMeta.GetNamespace() == "" { report := policyreportv1alpha2.ClusterPolicyReport{ TypeMeta: metav1.TypeMeta{ APIVersion: policyreportv1alpha2.SchemeGroupVersion.String(), @@ -69,7 +71,7 @@ func ComputePolicyReports(auditWarn bool, engineResponses ...engineapi.EngineRes Results: results, Summary: reportutils.CalculateSummary(results), } - report.SetName(policy.GetName()) + report.SetName(policy.MetaObject().GetName()) clustered = append(clustered, report) } else { report := policyreportv1alpha2.PolicyReport{ @@ -80,8 +82,8 @@ func ComputePolicyReports(auditWarn bool, engineResponses ...engineapi.EngineRes Results: results, Summary: reportutils.CalculateSummary(results), } - report.SetName(policy.GetName()) - report.SetNamespace(policy.GetNamespace()) + report.SetName(policy.MetaObject().GetName()) + report.SetNamespace(policyMeta.GetNamespace()) namespaced = append(namespaced, report) } } diff --git a/pkg/controllers/report/background/controller.go b/pkg/controllers/report/background/controller.go index 1ed5d4c46c..568c3c3523 100644 --- a/pkg/controllers/report/background/controller.go +++ b/pkg/controllers/report/background/controller.go @@ -284,7 +284,7 @@ func (c *controller) needsReconcile(namespace, name, hash string, exceptions []k // if a policy or an exception changed, we need a partial reconcile expected := map[string]string{} for _, policy := range policies { - expected[reportutils.PolicyLabel(policy)] = policy.GetResourceVersion() + expected[reportutils.PolicyLabel(policy)] = policy.MetaObject().GetResourceVersion() } for _, exception := range exceptions { expected[reportutils.PolicyExceptionLabel(exception)] = exception.GetResourceVersion() @@ -342,7 +342,7 @@ func (c *controller) reconcileReport( // build desired report expected := map[string]string{} for _, policy := range policies { - expected[reportutils.PolicyLabel(policy)] = policy.GetResourceVersion() + expected[reportutils.PolicyLabel(policy)] = policy.MetaObject().GetResourceVersion() } for _, exception := range exceptions { expected[reportutils.PolicyExceptionLabel(exception)] = exception.GetResourceVersion() @@ -427,7 +427,7 @@ func (c *controller) reconcileReport( } } } - if full || reevaluate || actual[reportutils.PolicyLabel(policy)] != policy.GetResourceVersion() { + if full || reevaluate || actual[reportutils.PolicyLabel(policy)] != policy.MetaObject().GetResourceVersion() { scanner := utils.NewScanner(logger, c.engine, c.config, c.jp, c.client, c.reportsConfig) for _, result := range scanner.ScanResource(ctx, *target, nsLabels, bindings, policy) { if result.Error != nil { diff --git a/pkg/controllers/report/utils/events.go b/pkg/controllers/report/utils/events.go index 208546d369..330b50f3d9 100644 --- a/pkg/controllers/report/utils/events.go +++ b/pkg/controllers/report/utils/events.go @@ -21,7 +21,7 @@ func GenerateEvents(logger logr.Logger, eventGen event.Interface, config config. func generateSuccessEvents(log logr.Logger, ers ...engineapi.EngineResponse) (eventInfos []event.Info) { for _, er := range ers { - logger := log.WithValues("policy", er.Policy().GetName(), "kind", er.Resource.GetKind(), "namespace", er.Resource.GetNamespace(), "name", er.Resource.GetName()) + logger := log.WithValues("policy", er.Policy().MetaObject().GetName(), "kind", er.Resource.GetKind(), "namespace", er.Resource.GetNamespace(), "name", er.Resource.GetName()) if !er.IsFailed() { logger.V(4).Info("generating event on policy for success rules") e := event.NewPolicyAppliedEvent(event.PolicyController, er) @@ -52,7 +52,7 @@ func generateFailEvents(log logr.Logger, ers ...engineapi.EngineResponse) (event func generateFailEventsPerEr(log logr.Logger, er engineapi.EngineResponse) []event.Info { var eventInfos []event.Info logger := log.WithValues( - "policy", er.Policy().GetName(), + "policy", er.Policy().MetaObject().GetName(), "kind", er.Resource.GetKind(), "namespace", er.Resource.GetNamespace(), "name", er.Resource.GetName(), diff --git a/pkg/engine/api/policy.go b/pkg/engine/api/policy.go index 3afe3655b4..c94705bb42 100644 --- a/pkg/engine/api/policy.go +++ b/pkg/engine/api/policy.go @@ -29,22 +29,12 @@ type GenericPolicy interface { AsKyvernoPolicy() kyvernov1.PolicyInterface // AsValidatingAdmissionPolicy returns the validating admission policy AsValidatingAdmissionPolicy() *admissionregistrationv1beta1.ValidatingAdmissionPolicy - // AsValidatingPolicy returns the validating policy - AsValidatingPolicy() *kyvernov2alpha1.ValidatingPolicy // GetType returns policy type GetType() PolicyType // GetAPIVersion returns policy API version GetAPIVersion() string - // GetName returns policy name - GetName() string - // GetNamespace returns policy namespace - GetNamespace() string // GetKind returns policy kind GetKind() string - // GetResourceVersion returns policy resource version - GetResourceVersion() string - // GetAnnotations returns policy annotations - GetAnnotations() map[string]string // IsNamespaced indicates if the policy is namespace scoped IsNamespaced() bool // MetaObject provides an object compatible with metav1.Object @@ -63,10 +53,6 @@ func (p *KyvernoPolicy) AsValidatingAdmissionPolicy() *admissionregistrationv1be return nil } -func (p *KyvernoPolicy) AsValidatingPolicy() *kyvernov2alpha1.ValidatingPolicy { - return nil -} - func (p *KyvernoPolicy) GetType() PolicyType { return KyvernoPolicyType } @@ -75,26 +61,10 @@ func (p *KyvernoPolicy) GetAPIVersion() string { return "kyverno.io/v1" } -func (p *KyvernoPolicy) GetName() string { - return p.policy.GetName() -} - -func (p *KyvernoPolicy) GetNamespace() string { - return p.policy.GetNamespace() -} - func (p *KyvernoPolicy) GetKind() string { return p.policy.GetKind() } -func (p *KyvernoPolicy) GetResourceVersion() string { - return p.policy.GetResourceVersion() -} - -func (p *KyvernoPolicy) GetAnnotations() map[string]string { - return p.policy.GetAnnotations() -} - func (p *KyvernoPolicy) IsNamespaced() bool { return p.policy.IsNamespaced() } @@ -121,10 +91,6 @@ func (p *ValidatingAdmissionPolicy) AsValidatingAdmissionPolicy() *admissionregi return &p.policy } -func (p *ValidatingAdmissionPolicy) AsValidatingPolicy() *kyvernov2alpha1.ValidatingPolicy { - return nil -} - func (p *ValidatingAdmissionPolicy) GetType() PolicyType { return ValidatingAdmissionPolicyType } @@ -133,26 +99,10 @@ func (p *ValidatingAdmissionPolicy) GetAPIVersion() string { return "admissionregistration.k8s.io/v1beta1" } -func (p *ValidatingAdmissionPolicy) GetName() string { - return p.policy.GetName() -} - -func (p *ValidatingAdmissionPolicy) GetNamespace() string { - return p.policy.GetNamespace() -} - func (p *ValidatingAdmissionPolicy) GetKind() string { return "ValidatingAdmissionPolicy" } -func (p *ValidatingAdmissionPolicy) GetResourceVersion() string { - return p.policy.GetResourceVersion() -} - -func (p *ValidatingAdmissionPolicy) GetAnnotations() map[string]string { - return p.policy.GetAnnotations() -} - func (p *ValidatingAdmissionPolicy) IsNamespaced() bool { return false } @@ -179,10 +129,6 @@ func (p *MutatingAdmissionPolicy) AsValidatingAdmissionPolicy() *admissionregist return nil } -func (p *MutatingAdmissionPolicy) AsValidatingPolicy() *kyvernov2alpha1.ValidatingPolicy { - return nil -} - func (p *MutatingAdmissionPolicy) GetType() PolicyType { return MutatingAdmissionPolicyType } @@ -191,26 +137,10 @@ func (p *MutatingAdmissionPolicy) GetAPIVersion() string { return "admissionregistration.k8s.io/v1alpha1" } -func (p *MutatingAdmissionPolicy) GetName() string { - return p.policy.GetName() -} - -func (p *MutatingAdmissionPolicy) GetNamespace() string { - return p.policy.GetNamespace() -} - func (p *MutatingAdmissionPolicy) GetKind() string { return "MutatingAdmissionPolicy" } -func (p *MutatingAdmissionPolicy) GetResourceVersion() string { - return p.policy.GetResourceVersion() -} - -func (p *MutatingAdmissionPolicy) GetAnnotations() map[string]string { - return p.policy.GetAnnotations() -} - func (p *MutatingAdmissionPolicy) IsNamespaced() bool { return false } @@ -237,10 +167,6 @@ func (p *ValidatingPolicy) AsValidatingAdmissionPolicy() *admissionregistrationv return nil } -func (p *ValidatingPolicy) AsValidatingPolicy() *kyvernov2alpha1.ValidatingPolicy { - return &p.policy -} - func (p *ValidatingPolicy) GetType() PolicyType { return ValidatingPolicyType } @@ -249,26 +175,10 @@ func (p *ValidatingPolicy) GetAPIVersion() string { return kyvernov2alpha1.GroupVersion.String() } -func (p *ValidatingPolicy) GetName() string { - return p.policy.GetName() -} - -func (p *ValidatingPolicy) GetNamespace() string { - return "" -} - func (p *ValidatingPolicy) GetKind() string { return "ValidatingPolicy" } -func (p *ValidatingPolicy) GetResourceVersion() string { - return p.policy.GetResourceVersion() -} - -func (p *ValidatingPolicy) GetAnnotations() map[string]string { - return p.policy.GetAnnotations() -} - func (p *ValidatingPolicy) IsNamespaced() bool { return false } diff --git a/pkg/event/events.go b/pkg/event/events.go index 256cb60055..dd85fe0758 100644 --- a/pkg/event/events.go +++ b/pkg/event/events.go @@ -18,11 +18,12 @@ func NewPolicyFailEvent(source Source, reason Reason, engineResponse engineapi.E action = ResourceBlocked } pol := engineResponse.Policy() + polMeta := pol.MetaObject() regarding := corev1.ObjectReference{ APIVersion: pol.GetAPIVersion(), Kind: pol.GetKind(), - Name: pol.GetName(), - Namespace: pol.GetNamespace(), + Name: polMeta.GetName(), + Namespace: polMeta.GetNamespace(), UID: pol.MetaObject().GetUID(), } related := engineResponse.GetResourceSpec() @@ -75,6 +76,7 @@ func NewPolicyAppliedEvent(source Source, engineResponse engineapi.EngineRespons var action Action policy := engineResponse.Policy() + policyMeta := policy.MetaObject() if policy.GetType() == engineapi.KyvernoPolicyType { pol := engineResponse.Policy().AsKyvernoPolicy() hasValidate := pol.GetSpec().HasValidate() @@ -94,8 +96,8 @@ func NewPolicyAppliedEvent(source Source, engineResponse engineapi.EngineRespons regarding := corev1.ObjectReference{ APIVersion: policy.GetAPIVersion(), Kind: policy.GetKind(), - Name: policy.GetName(), - Namespace: policy.GetNamespace(), + Name: policyMeta.GetName(), + Namespace: policyMeta.GetNamespace(), UID: policy.MetaObject().GetUID(), } related := engineResponse.GetResourceSpec() @@ -120,7 +122,7 @@ func NewResourceViolationEvent(source Source, reason Reason, engineResponse engi defer bldr.Reset() pol := engineResponse.Policy() - fmt.Fprintf(&bldr, "policy %s/%s %s: %s", pol.GetName(), + fmt.Fprintf(&bldr, "policy %s/%s %s: %s", pol.MetaObject().GetName(), ruleResp.Name(), ruleResp.Status(), ruleResp.Message()) resource := engineResponse.GetResourceSpec() regarding := corev1.ObjectReference{ diff --git a/pkg/utils/report/metadata.go b/pkg/utils/report/metadata.go index d75ecd09a8..41d87b969a 100644 --- a/pkg/utils/report/metadata.go +++ b/pkg/utils/report/metadata.go @@ -82,7 +82,7 @@ func PolicyLabelDomain(policy kyvernov1.PolicyInterface) string { } func PolicyLabel(policy engineapi.GenericPolicy) string { - return PolicyLabelPrefix(policy) + policy.GetName() + return PolicyLabelPrefix(policy) + policy.MetaObject().GetName() } func PolicyExceptionLabel(exception kyvernov2.PolicyException) string { @@ -167,7 +167,7 @@ func SetResourceVersionLabels(report reportsv1.ReportInterface, resource *unstru } func SetPolicyLabel(report reportsv1.ReportInterface, policy engineapi.GenericPolicy) { - controllerutils.SetLabel(report, PolicyLabel(policy), policy.GetResourceVersion()) + controllerutils.SetLabel(report, PolicyLabel(policy), policy.MetaObject().GetResourceVersion()) } func SetPolicyExceptionLabel(report reportsv1.ReportInterface, exception kyvernov2.PolicyException) { diff --git a/pkg/utils/report/results.go b/pkg/utils/report/results.go index c3005750a8..e0c517299b 100644 --- a/pkg/utils/report/results.go +++ b/pkg/utils/report/results.go @@ -179,9 +179,10 @@ func addPodSecurityProperties(pss *engineapi.PodSecurityChecks, result *policyre func EngineResponseToReportResults(response engineapi.EngineResponse) []policyreportv1alpha2.PolicyReportResult { pol := response.Policy() - policyName, _ := cache.MetaNamespaceKeyFunc(pol.AsKyvernoPolicy()) + polMeta := pol.MetaObject() + policyName, _ := cache.MetaNamespaceKeyFunc(polMeta) policyType := pol.GetType() - annotations := pol.GetAnnotations() + annotations := polMeta.GetAnnotations() results := make([]policyreportv1alpha2.PolicyReportResult, 0, len(response.PolicyResponse.Rules)) for _, ruleResult := range response.PolicyResponse.Rules { @@ -194,9 +195,10 @@ func EngineResponseToReportResults(response engineapi.EngineResponse) []policyre func MutationEngineResponseToReportResults(response engineapi.EngineResponse) []policyreportv1alpha2.PolicyReportResult { pol := response.Policy() - policyName, _ := cache.MetaNamespaceKeyFunc(pol.AsKyvernoPolicy()) + polMeta := pol.MetaObject() + policyName, _ := cache.MetaNamespaceKeyFunc(polMeta) policyType := pol.GetType() - annotations := pol.GetAnnotations() + annotations := polMeta.GetAnnotations() results := make([]policyreportv1alpha2.PolicyReportResult, 0, len(response.PolicyResponse.Rules)) for _, ruleResult := range response.PolicyResponse.Rules { @@ -212,9 +214,10 @@ func MutationEngineResponseToReportResults(response engineapi.EngineResponse) [] func GenerationEngineResponseToReportResults(response engineapi.EngineResponse) []policyreportv1alpha2.PolicyReportResult { pol := response.Policy() - policyName, _ := cache.MetaNamespaceKeyFunc(pol.AsKyvernoPolicy()) + polMeta := pol.MetaObject() + policyName, _ := cache.MetaNamespaceKeyFunc(polMeta) policyType := pol.GetType() - annotations := pol.GetAnnotations() + annotations := polMeta.GetAnnotations() results := make([]policyreportv1alpha2.PolicyReportResult, 0, len(response.PolicyResponse.Rules)) for _, ruleResult := range response.PolicyResponse.Rules { diff --git a/pkg/utils/report/selector.go b/pkg/utils/report/selector.go index fd8a4a8736..c9a2f713b6 100644 --- a/pkg/utils/report/selector.go +++ b/pkg/utils/report/selector.go @@ -36,7 +36,7 @@ func SelectorPolicyExists(policy engineapi.GenericPolicy) (labels.Selector, erro func SelectorPolicyNotEquals(policy engineapi.GenericPolicy) (labels.Selector, error) { selector := labels.Everything() - requirement, err := labels.NewRequirement(PolicyLabel(policy), selection.NotEquals, []string{policy.GetResourceVersion()}) + requirement, err := labels.NewRequirement(PolicyLabel(policy), selection.NotEquals, []string{policy.MetaObject().GetResourceVersion()}) if err == nil { selector = selector.Add(*requirement) } diff --git a/pkg/webhooks/resource/handlers.go b/pkg/webhooks/resource/handlers.go index 589b20e1bd..eb9478a66d 100644 --- a/pkg/webhooks/resource/handlers.go +++ b/pkg/webhooks/resource/handlers.go @@ -341,11 +341,11 @@ func mergeEngineResponses(auditResponses, enforceResponses []engineapi.EngineRes var responses []engineapi.EngineResponse for _, enforceResponse := range enforceResponses { - responseMap[enforceResponse.Policy().GetName()] = enforceResponse + responseMap[enforceResponse.Policy().MetaObject().GetName()] = enforceResponse } for _, auditResponse := range auditResponses { - policyName := auditResponse.Policy().GetName() + policyName := auditResponse.Policy().MetaObject().GetName() if enforceResponse, exists := responseMap[policyName]; exists { response := auditResponse for _, ruleResponse := range enforceResponse.PolicyResponse.Rules { diff --git a/pkg/webhooks/resource/utils.go b/pkg/webhooks/resource/utils.go index 909aae97db..a90a76cb2f 100644 --- a/pkg/webhooks/resource/utils.go +++ b/pkg/webhooks/resource/utils.go @@ -72,10 +72,10 @@ func applyUpdateRequest( func transform(admissionRequestInfo kyvernov2.AdmissionRequestInfoObject, userRequestInfo kyvernov2.RequestInfo, er *engineapi.EngineResponse, ruleType kyvernov2.RequestType) (urs []kyvernov2.UpdateRequestSpec) { var PolicyNameNamespaceKey string - if er.Policy().GetNamespace() != "" { - PolicyNameNamespaceKey = er.Policy().GetNamespace() + "/" + er.Policy().GetName() + if er.Policy().MetaObject().GetNamespace() != "" { + PolicyNameNamespaceKey = er.Policy().MetaObject().GetNamespace() + "/" + er.Policy().MetaObject().GetName() } else { - PolicyNameNamespaceKey = er.Policy().GetName() + PolicyNameNamespaceKey = er.Policy().MetaObject().GetName() } for _, rule := range er.PolicyResponse.Rules { diff --git a/pkg/webhooks/utils/block.go b/pkg/webhooks/utils/block.go index d3b19c6d62..6418b51159 100644 --- a/pkg/webhooks/utils/block.go +++ b/pkg/webhooks/utils/block.go @@ -26,7 +26,7 @@ func getAction(hasViolations bool, i int) string { func BlockRequest(engineResponses []engineapi.EngineResponse, failurePolicy kyvernov1.FailurePolicyType, log logr.Logger) bool { for _, er := range engineResponses { if engineutils.BlockRequest(er, failurePolicy) { - log.V(2).Info("blocking admission request", "policy", er.Policy().GetName()) + log.V(2).Info("blocking admission request", "policy", er.Policy().MetaObject().GetName()) return true } } @@ -48,7 +48,7 @@ func GetBlockedMessages(engineResponses []engineapi.EngineResponse) string { } } if len(ruleToReason) != 0 { - failures[er.Policy().GetName()] = ruleToReason + failures[er.Policy().MetaObject().GetName()] = ruleToReason } } if len(failures) == 0 { diff --git a/pkg/webhooks/utils/error.go b/pkg/webhooks/utils/error.go index 298804b7f4..ffddcf1943 100644 --- a/pkg/webhooks/utils/error.go +++ b/pkg/webhooks/utils/error.go @@ -14,7 +14,7 @@ func GetErrorMsg(engineReponses []engineapi.EngineResponse) string { if !er.IsSuccessful() { // resource in engineReponses is identical as this was called per admission request resourceInfo = fmt.Sprintf("%s/%s/%s", er.Resource.GetKind(), er.Resource.GetNamespace(), er.Resource.GetName()) - str = append(str, fmt.Sprintf("failed policy %s:", er.Policy().GetName())) + str = append(str, fmt.Sprintf("failed policy %s:", er.Policy().MetaObject().GetName())) for _, rule := range er.PolicyResponse.Rules { if rule.Status() != engineapi.RuleStatusPass { str = append(str, rule.String()) diff --git a/pkg/webhooks/utils/warning.go b/pkg/webhooks/utils/warning.go index 9a9c921ec3..4d0d058eb8 100644 --- a/pkg/webhooks/utils/warning.go +++ b/pkg/webhooks/utils/warning.go @@ -11,7 +11,7 @@ func GetWarningMessages(engineResponses []engineapi.EngineResponse) []string { for _, er := range engineResponses { for _, rule := range er.PolicyResponse.Rules { if rule.EmitWarning() || (er.EmitsWarning() && rule.Status() != engineapi.RuleStatusSkip) { - msg := fmt.Sprintf("policy %s.%s: %s", er.Policy().GetName(), rule.Name(), rule.Message()) + msg := fmt.Sprintf("policy %s.%s: %s", er.Policy().MetaObject().GetName(), rule.Name(), rule.Message()) warnings = append(warnings, msg) } }