mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
fix: exception validation follow up (#5697)
* fix: exception validation follow up Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
560c4b7aef
commit
66ba0fc5ec
4 changed files with 17 additions and 10 deletions
|
|
@ -40,12 +40,6 @@ type PolicyException struct {
|
|||
// Validate implements programmatic validation
|
||||
func (p *PolicyException) Validate() (errs field.ErrorList) {
|
||||
errs = append(errs, p.Spec.Validate(field.NewPath("spec"))...)
|
||||
// errs = append(errs, ValidateSchedule(path.Child("schedule"), p.Schedule)...)
|
||||
// errs = append(errs, p.MatchResources.Validate(path.Child("match"), namespaced, clusterResources)...)
|
||||
// if p.ExcludeResources != nil {
|
||||
// errs = append(errs, p.ExcludeResources.Validate(path.Child("exclude"), namespaced, clusterResources)...)
|
||||
// }
|
||||
// errs = append(errs, p.ValidateMatchExcludeConflict(path)...)
|
||||
return errs
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -48,6 +48,7 @@ import (
|
|||
"github.com/kyverno/kyverno/pkg/utils"
|
||||
runtimeutils "github.com/kyverno/kyverno/pkg/utils/runtime"
|
||||
"github.com/kyverno/kyverno/pkg/webhooks"
|
||||
webhooksexception "github.com/kyverno/kyverno/pkg/webhooks/exception"
|
||||
webhookspolicy "github.com/kyverno/kyverno/pkg/webhooks/policy"
|
||||
webhooksresource "github.com/kyverno/kyverno/pkg/webhooks/resource"
|
||||
webhookgenerate "github.com/kyverno/kyverno/pkg/webhooks/updaterequest"
|
||||
|
|
@ -633,9 +634,11 @@ func main() {
|
|||
openApiManager,
|
||||
admissionReports,
|
||||
)
|
||||
exceptionHandlers := webhooksexception.NewHandlers()
|
||||
server := webhooks.NewServer(
|
||||
policyHandlers,
|
||||
resourceHandlers,
|
||||
exceptionHandlers,
|
||||
configuration,
|
||||
metricsConfig,
|
||||
webhooks.DebugModeOptions{
|
||||
|
|
|
|||
|
|
@ -7,13 +7,18 @@ import (
|
|||
"github.com/go-logr/logr"
|
||||
admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
|
||||
validation "github.com/kyverno/kyverno/pkg/validation/exception"
|
||||
"github.com/kyverno/kyverno/pkg/webhooks"
|
||||
admissionv1 "k8s.io/api/admission/v1"
|
||||
)
|
||||
|
||||
// TODO: wrap this into an interface passed at server creation time
|
||||
type handlers struct{}
|
||||
|
||||
func NewHandlers() webhooks.ExceptionHandlers {
|
||||
return &handlers{}
|
||||
}
|
||||
|
||||
// Validate performs the validation check on policy exception resources
|
||||
func Validate(ctx context.Context, logger logr.Logger, request *admissionv1.AdmissionRequest, startTime time.Time) *admissionv1.AdmissionResponse {
|
||||
func (h *handlers) Validate(ctx context.Context, logger logr.Logger, request *admissionv1.AdmissionRequest, startTime time.Time) *admissionv1.AdmissionResponse {
|
||||
polex, _, err := admissionutils.GetPolicyExceptions(request)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to unmarshal policy exceptions from admission request")
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ import (
|
|||
"github.com/kyverno/kyverno/pkg/toggle"
|
||||
controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
|
||||
runtimeutils "github.com/kyverno/kyverno/pkg/utils/runtime"
|
||||
"github.com/kyverno/kyverno/pkg/webhooks/exception"
|
||||
"github.com/kyverno/kyverno/pkg/webhooks/handlers"
|
||||
admissionv1 "k8s.io/api/admission/v1"
|
||||
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
|
||||
|
|
@ -38,6 +37,11 @@ type Server interface {
|
|||
Cleanup() <-chan struct{}
|
||||
}
|
||||
|
||||
type ExceptionHandlers interface {
|
||||
// Validate performs the validation check on exception resources
|
||||
Validate(context.Context, logr.Logger, *admissionv1.AdmissionRequest, time.Time) *admissionv1.AdmissionResponse
|
||||
}
|
||||
|
||||
type PolicyHandlers interface {
|
||||
// Mutate performs the mutation of policy resources
|
||||
Mutate(context.Context, logr.Logger, *admissionv1.AdmissionRequest, time.Time) *admissionv1.AdmissionResponse
|
||||
|
|
@ -67,6 +71,7 @@ type TlsProvider func() ([]byte, []byte, error)
|
|||
func NewServer(
|
||||
policyHandlers PolicyHandlers,
|
||||
resourceHandlers ResourceHandlers,
|
||||
exceptionHandlers ExceptionHandlers,
|
||||
configuration config.Configuration,
|
||||
metricsConfig metrics.MetricsConfigManager,
|
||||
debugModeOpts DebugModeOptions,
|
||||
|
|
@ -132,7 +137,7 @@ func NewServer(
|
|||
mux.HandlerFunc(
|
||||
"POST",
|
||||
config.ExceptionValidatingWebhookServicePath,
|
||||
handlers.FromAdmissionFunc("VALIDATE", exception.Validate).
|
||||
handlers.FromAdmissionFunc("VALIDATE", exceptionHandlers.Validate).
|
||||
WithDump(debugModeOpts.DumpPayload).
|
||||
WithSubResourceFilter().
|
||||
WithMetrics(exceptionLogger, metricsConfig.Config(), metrics.WebhookValidating).
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue