diff --git a/api/kyverno/v2alpha1/policy_exception_types.go b/api/kyverno/v2alpha1/policy_exception_types.go index 0e8e2e61ed..aff4d9407d 100644 --- a/api/kyverno/v2alpha1/policy_exception_types.go +++ b/api/kyverno/v2alpha1/policy_exception_types.go @@ -40,12 +40,6 @@ type PolicyException struct { // Validate implements programmatic validation func (p *PolicyException) Validate() (errs field.ErrorList) { errs = append(errs, p.Spec.Validate(field.NewPath("spec"))...) - // errs = append(errs, ValidateSchedule(path.Child("schedule"), p.Schedule)...) - // errs = append(errs, p.MatchResources.Validate(path.Child("match"), namespaced, clusterResources)...) - // if p.ExcludeResources != nil { - // errs = append(errs, p.ExcludeResources.Validate(path.Child("exclude"), namespaced, clusterResources)...) - // } - // errs = append(errs, p.ValidateMatchExcludeConflict(path)...) return errs } diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index 4e6a3ea0ae..6d91eabc30 100644 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -48,6 +48,7 @@ import ( "github.com/kyverno/kyverno/pkg/utils" runtimeutils "github.com/kyverno/kyverno/pkg/utils/runtime" "github.com/kyverno/kyverno/pkg/webhooks" + webhooksexception "github.com/kyverno/kyverno/pkg/webhooks/exception" webhookspolicy "github.com/kyverno/kyverno/pkg/webhooks/policy" webhooksresource "github.com/kyverno/kyverno/pkg/webhooks/resource" webhookgenerate "github.com/kyverno/kyverno/pkg/webhooks/updaterequest" @@ -633,9 +634,11 @@ func main() { openApiManager, admissionReports, ) + exceptionHandlers := webhooksexception.NewHandlers() server := webhooks.NewServer( policyHandlers, resourceHandlers, + exceptionHandlers, configuration, metricsConfig, webhooks.DebugModeOptions{ diff --git a/pkg/webhooks/exception/validate.go b/pkg/webhooks/exception/validate.go index 9b7f07ac0e..98a4b66e5b 100644 --- a/pkg/webhooks/exception/validate.go +++ b/pkg/webhooks/exception/validate.go @@ -7,13 +7,18 @@ import ( "github.com/go-logr/logr" admissionutils "github.com/kyverno/kyverno/pkg/utils/admission" validation "github.com/kyverno/kyverno/pkg/validation/exception" + "github.com/kyverno/kyverno/pkg/webhooks" admissionv1 "k8s.io/api/admission/v1" ) -// TODO: wrap this into an interface passed at server creation time +type handlers struct{} + +func NewHandlers() webhooks.ExceptionHandlers { + return &handlers{} +} // Validate performs the validation check on policy exception resources -func Validate(ctx context.Context, logger logr.Logger, request *admissionv1.AdmissionRequest, startTime time.Time) *admissionv1.AdmissionResponse { +func (h *handlers) Validate(ctx context.Context, logger logr.Logger, request *admissionv1.AdmissionRequest, startTime time.Time) *admissionv1.AdmissionResponse { polex, _, err := admissionutils.GetPolicyExceptions(request) if err != nil { logger.Error(err, "failed to unmarshal policy exceptions from admission request") diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go index e9b2e488e6..b78cb9ce55 100644 --- a/pkg/webhooks/server.go +++ b/pkg/webhooks/server.go @@ -14,7 +14,6 @@ import ( "github.com/kyverno/kyverno/pkg/toggle" controllerutils "github.com/kyverno/kyverno/pkg/utils/controller" runtimeutils "github.com/kyverno/kyverno/pkg/utils/runtime" - "github.com/kyverno/kyverno/pkg/webhooks/exception" "github.com/kyverno/kyverno/pkg/webhooks/handlers" admissionv1 "k8s.io/api/admission/v1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" @@ -38,6 +37,11 @@ type Server interface { Cleanup() <-chan struct{} } +type ExceptionHandlers interface { + // Validate performs the validation check on exception resources + Validate(context.Context, logr.Logger, *admissionv1.AdmissionRequest, time.Time) *admissionv1.AdmissionResponse +} + type PolicyHandlers interface { // Mutate performs the mutation of policy resources Mutate(context.Context, logr.Logger, *admissionv1.AdmissionRequest, time.Time) *admissionv1.AdmissionResponse @@ -67,6 +71,7 @@ type TlsProvider func() ([]byte, []byte, error) func NewServer( policyHandlers PolicyHandlers, resourceHandlers ResourceHandlers, + exceptionHandlers ExceptionHandlers, configuration config.Configuration, metricsConfig metrics.MetricsConfigManager, debugModeOpts DebugModeOptions, @@ -132,7 +137,7 @@ func NewServer( mux.HandlerFunc( "POST", config.ExceptionValidatingWebhookServicePath, - handlers.FromAdmissionFunc("VALIDATE", exception.Validate). + handlers.FromAdmissionFunc("VALIDATE", exceptionHandlers.Validate). WithDump(debugModeOpts.DumpPayload). WithSubResourceFilter(). WithMetrics(exceptionLogger, metricsConfig.Config(), metrics.WebhookValidating).