diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index dbeccec154..8bff0bcd2f 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -99,7 +99,8 @@ jobs:
- name: Run chart-testing (install)
run: |
kubectl create namespace kyverno
- ct install --target-branch=main --namespace=kyverno
+ helm install kyverno-crds charts/kyverno-crds -n kyverno
+ ct install --target-branch=main --namespace=kyverno --charts charts/kyverno
- name: Debug failure
if: failure()
diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml
index b804564db5..f804d522b1 100644
--- a/.github/workflows/helm-release.yaml
+++ b/.github/workflows/helm-release.yaml
@@ -1,11 +1,8 @@
name: helm-release
on:
push:
- branches:
- - 'main'
- paths:
- - 'charts/kyverno/Chart.yaml'
- - '.github/workflows/helm-release.yaml'
+ tags:
+ - 'helm-chart-v*'
jobs:
helm-tests:
diff --git a/Makefile b/Makefile
index 45de4ef429..6b274fc94d 100644
--- a/Makefile
+++ b/Makefile
@@ -210,7 +210,7 @@ godownloader:
# kustomize-crd will create install.yaml
kustomize-crd:
# Create CRD for helm deployment Helm
- kustomize build ./definitions/crds > ./charts/kyverno/crds/crds.yaml
+ kustomize build ./definitions/crds > ./charts/kyverno-crds/templates/crds.yaml
# Generate install.yaml that have all resources for kyverno
kustomize build ./definitions > ./definitions/install.yaml
# Generate install_debug.yaml that for developer testing
@@ -219,18 +219,18 @@ kustomize-crd:
# guidance https://github.com/kyverno/kyverno/wiki/Generate-a-Release
release:
kustomize build ./definitions > ./definitions/install.yaml
- kustomize build ./definitions > ./definitions/release/install.yaml
+ kustomize build ./definitions/release > ./definitions/release/install.yaml
release-notes:
@bash -c 'while IFS= read -r line ; do if [[ "$$line" == "## "* && "$$line" != "## $(VERSION)" ]]; then break ; fi; echo "$$line"; done < "CHANGELOG.md"' \
true
kyverno-crd: controller-gen
- $(CONTROLLER_GEN) crd paths=./pkg/api/kyverno/v1alpha1 output:dir=./definitions/crds
+ $(CONTROLLER_GEN) crd paths=./pkg/api/kyverno/v1alpha2 output:dir=./definitions/crds
$(CONTROLLER_GEN) crd paths=./pkg/api/kyverno/v1 output:dir=./definitions/crds
report-crd: controller-gen
- $(CONTROLLER_GEN) crd paths=./pkg/api/policyreport/v1alpha1 output:dir=./definitions/crds
+ $(CONTROLLER_GEN) crd paths=./pkg/api/policyreport/v1alpha2 output:dir=./definitions/crds
# install the right version of controller-gen
install-controller-gen:
diff --git a/charts/kyverno-crds/Chart.yaml b/charts/kyverno-crds/Chart.yaml
new file mode 100644
index 0000000000..39cb84977e
--- /dev/null
+++ b/charts/kyverno-crds/Chart.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+name: kyverno-crds
+version: v2.0.2
+appVersion: v1.4.2
+icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
+description: Kubernetes Native Policy Management CRDs
+keywords:
+ - kubernetes
+ - nirmata
+ - policy agent
+ - validating webhook
+ - admissions controller
+home: https://kyverno.io/
+sources:
+ - https://github.com/kyverno/kyverno
+maintainers:
+ - name: Nirmata
+ url: https://kyverno.io/
+engine: gotpl
+kubeVersion: ">=1.10.0-0"
diff --git a/charts/kyverno/crds/crds.yaml b/charts/kyverno-crds/templates/crds.yaml
similarity index 97%
rename from charts/kyverno/crds/crds.yaml
rename to charts/kyverno-crds/templates/crds.yaml
index faaf54cb74..f58ab19455 100644
--- a/charts/kyverno/crds/crds.yaml
+++ b/charts/kyverno-crds/templates/crds.yaml
@@ -1057,7 +1057,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ClusterPolicyReport is the Schema for the clusterpolicyreports API
@@ -1078,10 +1078,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -1089,6 +1089,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -1160,8 +1185,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
@@ -1303,7 +1328,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ClusterReportChangeRequest is the Schema for the ClusterReportChangeRequests API
@@ -1324,10 +1349,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -1335,6 +1360,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -1406,8 +1456,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
@@ -2728,7 +2778,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: PolicyReport is the Schema for the policyreports API
@@ -2749,10 +2799,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -2760,6 +2810,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -2831,8 +2906,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
@@ -2974,7 +3049,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ReportChangeRequest is the Schema for the ReportChangeRequests API
@@ -2995,10 +3070,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -3006,6 +3081,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -3077,8 +3177,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
diff --git a/charts/kyverno-crds/values.yaml b/charts/kyverno-crds/values.yaml
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml
index bcec1d25a0..658b9efdd8 100644
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: kyverno
-version: v2.0
+version: v2.0.2
appVersion: v1.4.2
icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
description: Kubernetes Native Policy Management
diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index 9b133a2006..c2357b6f1d 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -106,6 +106,7 @@ The following table lists the configurable parameters of the kyverno chart and t
| `service.port` | port for the service | `443` |
| `service.type` | type of service | `ClusterIP` |
| `serviceMonitor.enabled` | create a ServiceMonitor(Requires Prometheus) | `false` |
+| `serviceMonitor.namespace` | override namespace for ServiceMonitor (default is same than kyverno) | `false` |
| `serviceMonitor.additionalLabels` | additional labels to add for ServiceMonitor | `nil` |
| `serviceMonitor.interval` | interval to scrape metrics | `30s` |
| `serviceMonitor.scrapeTimeout` | timeout if metrics can't be retrieved in given time interval | `25s` |
diff --git a/charts/kyverno/templates/clusterrole.yaml b/charts/kyverno/templates/clusterrole.yaml
index cc00e4e8f8..8c0c7ee7eb 100644
--- a/charts/kyverno/templates/clusterrole.yaml
+++ b/charts/kyverno/templates/clusterrole.yaml
@@ -205,7 +205,7 @@ metadata:
name: {{ template "kyverno.fullname" . }}:admin-policyreport
rules:
- apiGroups:
- - wgpolicyk8s.io/v1alpha1
+ - wgpolicyk8s.io/v1alpha2
resources:
- policyreport
- clusterpolicyreport
diff --git a/charts/kyverno/templates/deployment.yaml b/charts/kyverno/templates/deployment.yaml
index 5099370611..fb2cddd29d 100644
--- a/charts/kyverno/templates/deployment.yaml
+++ b/charts/kyverno/templates/deployment.yaml
@@ -9,6 +9,10 @@ spec:
selector:
matchLabels: {{ include "kyverno.matchLabels" . | nindent 6 }}
replicas: {{ .Values.replicaCount }}
+ {{- if .Values.updateStrategy }}
+ strategy:
+ {{ toYaml .Values.updateStrategy | nindent 4 | trim }}
+ {{- end }}
template:
metadata:
labels: {{ include "kyverno.labels" . | nindent 8 }}
diff --git a/charts/kyverno/templates/servicemonitor.yaml b/charts/kyverno/templates/servicemonitor.yaml
index 75fd648f1e..769c98b176 100644
--- a/charts/kyverno/templates/servicemonitor.yaml
+++ b/charts/kyverno/templates/servicemonitor.yaml
@@ -13,7 +13,11 @@ metadata:
{{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
name: {{ template "kyverno.serviceName" . }}-service-monitor
+{{- if .Values.serviceMonitor.namespace }}
+ namespace: {{ .Values.serviceMonitor.namespace }}
+{{- else }}
namespace: {{ template "kyverno.namespace" . }}
+{{- end }}
spec:
selector:
matchLabels: {{ include "kyverno.matchLabels" . | nindent 6 }}
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index c86b2824e1..cf3cd40e07 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -153,6 +153,14 @@ config:
generateSuccessEvents: 'false'
# existingConfig: init-config
+## Deployment update strategy
+## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+updateStrategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 40%
+ type: RollingUpdate
+
service:
port: 443
type: ClusterIP
@@ -181,6 +189,8 @@ serviceMonitor:
# Additional labels
additionalLabels:
# key: value
+ # Override namespace (default is same than kyverno)
+ namespace:
# Interval to scrape metrics
interval: 30s
diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go
index f2372ef65c..18286e2ca2 100755
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@@ -198,8 +198,8 @@ func main() {
// POLICY Report GENERATOR
reportReqGen := policyreport.NewReportChangeRequestGenerator(pclient,
client,
- pInformer.Kyverno().V1alpha1().ReportChangeRequests(),
- pInformer.Kyverno().V1alpha1().ClusterReportChangeRequests(),
+ pInformer.Kyverno().V1alpha2().ReportChangeRequests(),
+ pInformer.Kyverno().V1alpha2().ClusterReportChangeRequests(),
pInformer.Kyverno().V1().ClusterPolicies(),
pInformer.Kyverno().V1().Policies(),
log.Log.WithName("ReportChangeRequestGenerator"),
@@ -209,10 +209,10 @@ func main() {
kubeClient,
pclient,
client,
- pInformer.Wgpolicyk8s().V1alpha1().ClusterPolicyReports(),
- pInformer.Wgpolicyk8s().V1alpha1().PolicyReports(),
- pInformer.Kyverno().V1alpha1().ReportChangeRequests(),
- pInformer.Kyverno().V1alpha1().ClusterReportChangeRequests(),
+ pInformer.Wgpolicyk8s().V1alpha2().ClusterPolicyReports(),
+ pInformer.Wgpolicyk8s().V1alpha2().PolicyReports(),
+ pInformer.Kyverno().V1alpha2().ReportChangeRequests(),
+ pInformer.Kyverno().V1alpha2().ClusterReportChangeRequests(),
kubeInformer.Core().V1().Namespaces(),
log.Log.WithName("PolicyReportGenerator"),
)
diff --git a/definitions/bundle/kustomization.yaml b/definitions/bundle/kustomization.yaml
new file mode 100644
index 0000000000..266bdb3517
--- /dev/null
+++ b/definitions/bundle/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kyverno
+
+transformers:
+ - labels.yaml
+
+resources:
+- ../crds/
+- ../manifest/
+- ../k8s-resource/
+- namespace.yaml
diff --git a/definitions/labels.yaml b/definitions/bundle/labels.yaml
similarity index 91%
rename from definitions/labels.yaml
rename to definitions/bundle/labels.yaml
index a1fbf631ba..c119cc6f5f 100644
--- a/definitions/labels.yaml
+++ b/definitions/bundle/labels.yaml
@@ -9,7 +9,6 @@ labels:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.4.2
fieldSpecs:
- path: metadata/labels
create: true
diff --git a/definitions/k8s-resource/namespace.yaml b/definitions/bundle/namespace.yaml
similarity index 100%
rename from definitions/k8s-resource/namespace.yaml
rename to definitions/bundle/namespace.yaml
diff --git a/definitions/crds/kyverno.io_clusterreportchangerequests.yaml b/definitions/crds/kyverno.io_clusterreportchangerequests.yaml
index a841f2a1d7..4afb4dd166 100644
--- a/definitions/crds/kyverno.io_clusterreportchangerequests.yaml
+++ b/definitions/crds/kyverno.io_clusterreportchangerequests.yaml
@@ -45,7 +45,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ClusterReportChangeRequest is the Schema for the ClusterReportChangeRequests
@@ -72,12 +72,6 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
- additionalProperties:
- type: string
- description: Data provides additional information for the policy
- rule
- type: object
message:
description: Message is a short user friendly description of the
policy rule
@@ -85,6 +79,12 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for the
+ policy rule
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
@@ -197,6 +197,15 @@ spec:
type: string
type: object
type: array
+ result:
+ description: Result indicates the outcome of the policy rule execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
rule:
description: Rule is the name of the policy rule
type: string
@@ -210,15 +219,31 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
- enum:
- - pass
- - fail
- - warn
- - error
- - skip
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
required:
- policy
type: object
diff --git a/definitions/crds/kyverno.io_reportchangerequests.yaml b/definitions/crds/kyverno.io_reportchangerequests.yaml
index cac1ff44af..45ef6ccc14 100644
--- a/definitions/crds/kyverno.io_reportchangerequests.yaml
+++ b/definitions/crds/kyverno.io_reportchangerequests.yaml
@@ -45,7 +45,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ReportChangeRequest is the Schema for the ReportChangeRequests
@@ -72,12 +72,6 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
- additionalProperties:
- type: string
- description: Data provides additional information for the policy
- rule
- type: object
message:
description: Message is a short user friendly description of the
policy rule
@@ -85,6 +79,12 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for the
+ policy rule
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
@@ -197,6 +197,15 @@ spec:
type: string
type: object
type: array
+ result:
+ description: Result indicates the outcome of the policy rule execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
rule:
description: Rule is the name of the policy rule
type: string
@@ -210,15 +219,31 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
- enum:
- - pass
- - fail
- - warn
- - error
- - skip
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
required:
- policy
type: object
diff --git a/definitions/crds/wgpolicyk8s.io_clusterpolicyreports.yaml b/definitions/crds/wgpolicyk8s.io_clusterpolicyreports.yaml
index a662d76635..78e741d4f7 100644
--- a/definitions/crds/wgpolicyk8s.io_clusterpolicyreports.yaml
+++ b/definitions/crds/wgpolicyk8s.io_clusterpolicyreports.yaml
@@ -45,7 +45,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ClusterPolicyReport is the Schema for the clusterpolicyreports
@@ -72,12 +72,6 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
- additionalProperties:
- type: string
- description: Data provides additional information for the policy
- rule
- type: object
message:
description: Message is a short user friendly description of the
policy rule
@@ -85,6 +79,12 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for the
+ policy rule
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
@@ -197,6 +197,15 @@ spec:
type: string
type: object
type: array
+ result:
+ description: Result indicates the outcome of the policy rule execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
rule:
description: Rule is the name of the policy rule
type: string
@@ -210,15 +219,31 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
- enum:
- - pass
- - fail
- - warn
- - error
- - skip
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
required:
- policy
type: object
diff --git a/definitions/crds/wgpolicyk8s.io_policyreports.yaml b/definitions/crds/wgpolicyk8s.io_policyreports.yaml
index a14def9c42..cb2f70b640 100644
--- a/definitions/crds/wgpolicyk8s.io_policyreports.yaml
+++ b/definitions/crds/wgpolicyk8s.io_policyreports.yaml
@@ -45,7 +45,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: PolicyReport is the Schema for the policyreports API
@@ -71,12 +71,6 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
- additionalProperties:
- type: string
- description: Data provides additional information for the policy
- rule
- type: object
message:
description: Message is a short user friendly description of the
policy rule
@@ -84,6 +78,12 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for the
+ policy rule
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
@@ -196,6 +196,15 @@ spec:
type: string
type: object
type: array
+ result:
+ description: Result indicates the outcome of the policy rule execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
rule:
description: Rule is the name of the policy rule
type: string
@@ -209,15 +218,31 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
- enum:
- - pass
- - fail
- - warn
- - error
- - skip
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
required:
- policy
type: object
diff --git a/definitions/debug/kustomization.yaml b/definitions/debug/kustomization.yaml
index aad3273fe2..d8462a8e6a 100755
--- a/definitions/debug/kustomization.yaml
+++ b/definitions/debug/kustomization.yaml
@@ -1,6 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: kyverno
+
resources:
- ../crds/
-- ../k8s-resource/
\ No newline at end of file
+- ../k8s-resource/
+- namespace.yaml
diff --git a/definitions/debug/namespace.yaml b/definitions/debug/namespace.yaml
new file mode 100644
index 0000000000..7f75ffcc8c
--- /dev/null
+++ b/definitions/debug/namespace.yaml
@@ -0,0 +1,7 @@
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+ labels:
+ app: kyverno
+ name: kyverno
diff --git a/definitions/install.yaml b/definitions/install.yaml
index 6af0f0969d..930047671d 100644
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@@ -1084,7 +1084,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ClusterPolicyReport is the Schema for the clusterpolicyreports API
@@ -1105,10 +1105,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -1116,6 +1116,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -1187,8 +1212,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
@@ -1337,7 +1362,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ClusterReportChangeRequest is the Schema for the ClusterReportChangeRequests API
@@ -1358,10 +1383,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -1369,6 +1394,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -1440,8 +1490,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
@@ -2783,7 +2833,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: PolicyReport is the Schema for the policyreports API
@@ -2804,10 +2854,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -2815,6 +2865,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -2886,8 +2961,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
@@ -3036,7 +3111,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ReportChangeRequest is the Schema for the ReportChangeRequests API
@@ -3057,10 +3132,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -3068,6 +3143,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -3139,8 +3239,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
@@ -3288,7 +3388,7 @@ metadata:
name: kyverno:admin-policyreport
rules:
- apiGroups:
- - wgpolicyk8s.io/v1alpha1
+ - wgpolicyk8s.io/v1alpha2
resources:
- policyreports
- clusterpolicyreports
@@ -3730,6 +3830,11 @@ spec:
matchLabels:
app: kyverno
app.kubernetes.io/name: kyverno
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 40%
+ type: RollingUpdate
template:
metadata:
labels:
diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml
index 689d7a398d..b8ce17ad23 100755
--- a/definitions/install_debug.yaml
+++ b/definitions/install_debug.yaml
@@ -1064,7 +1064,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ClusterPolicyReport is the Schema for the clusterpolicyreports API
@@ -1085,10 +1085,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -1096,6 +1096,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -1167,8 +1192,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
@@ -1310,7 +1335,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ClusterReportChangeRequest is the Schema for the ClusterReportChangeRequests API
@@ -1331,10 +1356,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -1342,6 +1367,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -1413,8 +1463,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
@@ -2735,7 +2785,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: PolicyReport is the Schema for the policyreports API
@@ -2756,10 +2806,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -2767,6 +2817,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -2838,8 +2913,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
@@ -2981,7 +3056,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1alpha1
+ name: v1alpha2
schema:
openAPIV3Schema:
description: ReportChangeRequest is the Schema for the ReportChangeRequests API
@@ -3002,10 +3077,10 @@ spec:
category:
description: Category indicates policy category
type: string
- data:
+ properties:
additionalProperties:
type: string
- description: Data provides additional information for the policy rule
+ description: Properties provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
@@ -3013,6 +3088,31 @@ spec:
policy:
description: Policy is the name of the policy
type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must still
+ have non-negative nanos values that count forward in time.
+ Must be from 0 to 999,999,999 inclusive. This field may be
+ limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+ 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
@@ -3084,8 +3184,8 @@ spec:
- low
- medium
type: string
- status:
- description: Status indicates the result of the policy rule check
+ result:
+ description: Result indicates the outcome of the policy rule execution
enum:
- pass
- fail
@@ -3215,7 +3315,7 @@ metadata:
name: kyverno:admin-policyreport
rules:
- apiGroups:
- - wgpolicyk8s.io/v1alpha1
+ - wgpolicyk8s.io/v1alpha2
resources:
- policyreports
- clusterpolicyreports
diff --git a/definitions/k8s-resource/clusterrolebindings.yaml b/definitions/k8s-resource/clusterrolebindings.yaml
index 92698b6ff0..b8fd48c5cc 100644
--- a/definitions/k8s-resource/clusterrolebindings.yaml
+++ b/definitions/k8s-resource/clusterrolebindings.yaml
@@ -12,7 +12,6 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
- namespace: kyverno
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@@ -27,7 +26,6 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
- namespace: kyverno
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@@ -42,7 +40,6 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
- namespace: kyverno
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@@ -57,7 +54,6 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
- namespace: kyverno
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@@ -72,7 +68,6 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
- namespace: kyverno
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@@ -87,4 +82,3 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
- namespace: kyverno
\ No newline at end of file
diff --git a/definitions/k8s-resource/clusterroles.yaml b/definitions/k8s-resource/clusterroles.yaml
index 830e127406..10421db242 100755
--- a/definitions/k8s-resource/clusterroles.yaml
+++ b/definitions/k8s-resource/clusterroles.yaml
@@ -201,7 +201,7 @@ metadata:
name: kyverno:admin-policyreport
rules:
- apiGroups:
- - wgpolicyk8s.io/v1alpha1
+ - wgpolicyk8s.io/v1alpha2
resources:
- policyreports
- clusterpolicyreports
diff --git a/definitions/k8s-resource/configmap.yaml b/definitions/k8s-resource/configmap.yaml
index 5a8746b7c7..4ce098f2ba 100755
--- a/definitions/k8s-resource/configmap.yaml
+++ b/definitions/k8s-resource/configmap.yaml
@@ -8,4 +8,3 @@ metadata:
labels:
app: kyverno
name: init-config
- namespace: kyverno
diff --git a/definitions/k8s-resource/kustomization.yaml b/definitions/k8s-resource/kustomization.yaml
index 3010f07737..9b394f7664 100755
--- a/definitions/k8s-resource/kustomization.yaml
+++ b/definitions/k8s-resource/kustomization.yaml
@@ -5,6 +5,5 @@ resources:
- ./clusterroles.yaml
- ./clusterrolebindings.yaml
- ./configmap.yaml
-- ./namespace.yaml
- ./service.yaml
-- ./serviceaccount.yaml
\ No newline at end of file
+- ./serviceaccount.yaml
diff --git a/definitions/k8s-resource/service.yaml b/definitions/k8s-resource/service.yaml
index a4d5e00dde..8721f629ac 100644
--- a/definitions/k8s-resource/service.yaml
+++ b/definitions/k8s-resource/service.yaml
@@ -4,7 +4,6 @@ kind: Service
metadata:
labels:
app: kyverno
- namespace: kyverno
name: kyverno-svc
spec:
ports:
@@ -21,7 +20,6 @@ kind: Service
metadata:
labels:
app: kyverno
- namespace: kyverno
name: kyverno-svc-metrics
spec:
ports:
@@ -31,4 +29,4 @@ spec:
selector:
app: kyverno
# do not remove
- app.kubernetes.io/name: kyverno
\ No newline at end of file
+ app.kubernetes.io/name: kyverno
diff --git a/definitions/k8s-resource/serviceaccount.yaml b/definitions/k8s-resource/serviceaccount.yaml
index ae822464f4..13e96e6a35 100644
--- a/definitions/k8s-resource/serviceaccount.yaml
+++ b/definitions/k8s-resource/serviceaccount.yaml
@@ -5,4 +5,3 @@ metadata:
labels:
app: kyverno
name: kyverno-service-account
- namespace: kyverno
\ No newline at end of file
diff --git a/definitions/kustomization.yaml b/definitions/kustomization.yaml
old mode 100755
new mode 100644
index 60ca28418f..1f08588912
--- a/definitions/kustomization.yaml
+++ b/definitions/kustomization.yaml
@@ -1,18 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-transformers:
- - labels.yaml
-
resources:
-- ./crds/
-- ./manifest/
-- ./k8s-resource/
-
-images:
-- name: ghcr.io/kyverno/kyverno
- newName: ghcr.io/kyverno/kyverno
- newTag: v1.4.2
-- name: ghcr.io/kyverno/kyvernopre
- newName: ghcr.io/kyverno/kyvernopre
- newTag: v1.4.2
+- ./release
diff --git a/definitions/manifest/deployment.yaml b/definitions/manifest/deployment.yaml
index feac992354..ca4219dac0 100755
--- a/definitions/manifest/deployment.yaml
+++ b/definitions/manifest/deployment.yaml
@@ -6,7 +6,6 @@ metadata:
app: kyverno
# do not remove
app.kubernetes.io/name: kyverno
- namespace: kyverno
name: kyverno
spec:
selector:
@@ -107,3 +106,8 @@ spec:
timeoutSeconds: 5
failureThreshold: 4
successThreshold: 1
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 40%
+ maxSurge: 1
diff --git a/definitions/release/install.yaml b/definitions/release/install.yaml
index 6af0f0969d..35a417cc00 100755
--- a/definitions/release/install.yaml
+++ b/definitions/release/install.yaml
@@ -3730,6 +3730,11 @@ spec:
matchLabels:
app: kyverno
app.kubernetes.io/name: kyverno
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 40%
+ type: RollingUpdate
template:
metadata:
labels:
diff --git a/definitions/release/kustomization.yaml b/definitions/release/kustomization.yaml
new file mode 100755
index 0000000000..bca272c826
--- /dev/null
+++ b/definitions/release/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../bundle/
+
+transformers:
+- labels.yaml
+
+images:
+- name: ghcr.io/kyverno/kyverno
+ newTag: v1.4.2
+- name: ghcr.io/kyverno/kyvernopre
+ newTag: v1.4.2
diff --git a/definitions/release/labels.yaml b/definitions/release/labels.yaml
new file mode 100644
index 0000000000..6687ae2c8e
--- /dev/null
+++ b/definitions/release/labels.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: builtin
+kind: LabelTransformer
+metadata:
+ name: labelTransformer
+labels:
+ app.kubernetes.io/version: v1.4.2
+fieldSpecs:
+- path: metadata/labels
+ create: true
+- kind: Deployment
+ path: spec/template/metadata/labels
+ create: true
diff --git a/go.mod b/go.mod
index 65d220da54..215d557602 100644
--- a/go.mod
+++ b/go.mod
@@ -33,7 +33,6 @@ require (
github.com/sigstore/cosign v1.0.0
github.com/sigstore/rekor v0.3.0 // indirect
github.com/sigstore/sigstore v0.0.0-20210726180807-7e34e36ecda1
- github.com/sigstore/fulcio v0.1.1
github.com/spf13/cobra v1.2.1
github.com/stretchr/testify v1.7.0
gopkg.in/yaml.v2 v2.4.0
diff --git a/pkg/api/kyverno/v1alpha1/clusterreportchangerequest_types.go b/pkg/api/kyverno/v1alpha2/clusterreportchangerequest_types.go
similarity index 99%
rename from pkg/api/kyverno/v1alpha1/clusterreportchangerequest_types.go
rename to pkg/api/kyverno/v1alpha2/clusterreportchangerequest_types.go
index 7f9350839a..528f884553 100644
--- a/pkg/api/kyverno/v1alpha1/clusterreportchangerequest_types.go
+++ b/pkg/api/kyverno/v1alpha2/clusterreportchangerequest_types.go
@@ -14,10 +14,10 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-package v1alpha1
+package v1alpha2
import (
- report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
diff --git a/pkg/api/kyverno/v1alpha1/doc.go b/pkg/api/kyverno/v1alpha2/doc.go
similarity index 86%
rename from pkg/api/kyverno/v1alpha1/doc.go
rename to pkg/api/kyverno/v1alpha2/doc.go
index 1d745e779c..598479fc95 100644
--- a/pkg/api/kyverno/v1alpha1/doc.go
+++ b/pkg/api/kyverno/v1alpha2/doc.go
@@ -14,8 +14,8 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group
// +k8s:deepcopy-gen=package
// +kubebuilder:object:generate=true
// +groupName=kyverno.io
-package v1alpha1
+package v1alpha2
diff --git a/pkg/api/kyverno/v1alpha1/groupversion_info.go b/pkg/api/kyverno/v1alpha2/groupversion_info.go
similarity index 88%
rename from pkg/api/kyverno/v1alpha1/groupversion_info.go
rename to pkg/api/kyverno/v1alpha2/groupversion_info.go
index 4ac1cbf0e8..ccd7f4b7d6 100755
--- a/pkg/api/kyverno/v1alpha1/groupversion_info.go
+++ b/pkg/api/kyverno/v1alpha2/groupversion_info.go
@@ -14,22 +14,22 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group
// +kubebuilder:object:generate=true
// +groupName=kyverno.io
-package v1alpha1
+package v1alpha2
import (
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/scheme"
)
-// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group
// +kubebuilder:object:generate=true
// +groupName=kyverno.io
var (
// SchemeGroupVersion is group version used to register these objects
- SchemeGroupVersion = schema.GroupVersion{Group: "kyverno.io", Version: "v1alpha1"}
+ SchemeGroupVersion = schema.GroupVersion{Group: "kyverno.io", Version: "v1alpha2"}
// SchemeBuilder is used to add go types to the GroupVersionKind scheme
SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
diff --git a/pkg/api/kyverno/v1alpha1/reportchangerequest_types.go b/pkg/api/kyverno/v1alpha2/reportchangerequest_types.go
similarity index 99%
rename from pkg/api/kyverno/v1alpha1/reportchangerequest_types.go
rename to pkg/api/kyverno/v1alpha2/reportchangerequest_types.go
index e23437c46b..59e70bd4bc 100644
--- a/pkg/api/kyverno/v1alpha1/reportchangerequest_types.go
+++ b/pkg/api/kyverno/v1alpha2/reportchangerequest_types.go
@@ -14,10 +14,10 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-package v1alpha1
+package v1alpha2
import (
- report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
diff --git a/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go b/pkg/api/kyverno/v1alpha2/zz_generated.deepcopy.go
similarity index 94%
rename from pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go
rename to pkg/api/kyverno/v1alpha2/zz_generated.deepcopy.go
index c9ffcd64d3..ed2a1e15f3 100644
--- a/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/api/kyverno/v1alpha2/zz_generated.deepcopy.go
@@ -18,10 +18,10 @@ limitations under the License.
// Code generated by deepcopy-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
- policyreportv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ policyreportv1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
@@ -45,11 +45,11 @@ func (in *ClusterReportChangeRequest) DeepCopyInto(out *ClusterReportChangeReque
out.Summary = in.Summary
if in.Results != nil {
in, out := &in.Results, &out.Results
- *out = make([]*policyreportv1alpha1.PolicyReportResult, len(*in))
+ *out = make([]*policyreportv1alpha2.PolicyReportResult, len(*in))
for i := range *in {
if (*in)[i] != nil {
in, out := &(*in)[i], &(*out)[i]
- *out = new(policyreportv1alpha1.PolicyReportResult)
+ *out = new(policyreportv1alpha2.PolicyReportResult)
(*in).DeepCopyInto(*out)
}
}
@@ -126,11 +126,11 @@ func (in *ReportChangeRequest) DeepCopyInto(out *ReportChangeRequest) {
out.Summary = in.Summary
if in.Results != nil {
in, out := &in.Results, &out.Results
- *out = make([]*policyreportv1alpha1.PolicyReportResult, len(*in))
+ *out = make([]*policyreportv1alpha2.PolicyReportResult, len(*in))
for i := range *in {
if (*in)[i] != nil {
in, out := &(*in)[i], &(*out)[i]
- *out = new(policyreportv1alpha1.PolicyReportResult)
+ *out = new(policyreportv1alpha2.PolicyReportResult)
(*in).DeepCopyInto(*out)
}
}
diff --git a/pkg/api/policyreport/v1alpha1/clusterpolicyreport_types.go b/pkg/api/policyreport/v1alpha2/clusterpolicyreport_types.go
similarity index 99%
rename from pkg/api/policyreport/v1alpha1/clusterpolicyreport_types.go
rename to pkg/api/policyreport/v1alpha2/clusterpolicyreport_types.go
index cf6746d1c5..79f57fbfaf 100755
--- a/pkg/api/policyreport/v1alpha1/clusterpolicyreport_types.go
+++ b/pkg/api/policyreport/v1alpha2/clusterpolicyreport_types.go
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-package v1alpha1
+package v1alpha2
import (
corev1 "k8s.io/api/core/v1"
diff --git a/pkg/api/policyreport/v1alpha1/doc.go b/pkg/api/policyreport/v1alpha2/doc.go
similarity index 86%
rename from pkg/api/policyreport/v1alpha1/doc.go
rename to pkg/api/policyreport/v1alpha2/doc.go
index 5f19dddf3b..59fb21d3ad 100755
--- a/pkg/api/policyreport/v1alpha1/doc.go
+++ b/pkg/api/policyreport/v1alpha2/doc.go
@@ -14,8 +14,8 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group
// +k8s:deepcopy-gen=package
// +kubebuilder:object:generate=true
// +groupName=wgpolicyk8s.io
-package v1alpha1
+package v1alpha2
diff --git a/pkg/api/policyreport/v1alpha1/groupversion_info.go b/pkg/api/policyreport/v1alpha2/groupversion_info.go
similarity index 88%
rename from pkg/api/policyreport/v1alpha1/groupversion_info.go
rename to pkg/api/policyreport/v1alpha2/groupversion_info.go
index 2573e89a01..463433e9a2 100755
--- a/pkg/api/policyreport/v1alpha1/groupversion_info.go
+++ b/pkg/api/policyreport/v1alpha2/groupversion_info.go
@@ -14,22 +14,22 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group
// +kubebuilder:object:generate=true
// +groupName=wgpolicyk8s.io
-package v1alpha1
+package v1alpha2
import (
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/scheme"
)
-// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group
// +kubebuilder:object:generate=true
// +groupName=wgpolicyk8s.io
var (
// SchemeGroupVersion is group version used to register these objects
- SchemeGroupVersion = schema.GroupVersion{Group: "wgpolicyk8s.io", Version: "v1alpha1"}
+ SchemeGroupVersion = schema.GroupVersion{Group: "wgpolicyk8s.io", Version: "v1alpha2"}
// SchemeBuilder is used to add go types to the GroupVersionKind scheme
SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
diff --git a/pkg/api/policyreport/v1alpha1/policyreport_types.go b/pkg/api/policyreport/v1alpha2/policyreport_types.go
similarity index 91%
rename from pkg/api/policyreport/v1alpha1/policyreport_types.go
rename to pkg/api/policyreport/v1alpha2/policyreport_types.go
index cd26025a2c..bf814e258b 100755
--- a/pkg/api/policyreport/v1alpha1/policyreport_types.go
+++ b/pkg/api/policyreport/v1alpha2/policyreport_types.go
@@ -11,7 +11,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-package v1alpha1
+package v1alpha2
import (
corev1 "k8s.io/api/core/v1"
@@ -61,7 +61,7 @@ type PolicyReportSummary struct {
Skip int `json:"skip"`
}
-// PolicyStatus has one of the following values:
+// PolicyResult has one of the following values:
// - pass: indicates that the policy requirements are met
// - fail: indicates that the policy requirements are not met
// - warn: indicates that the policy requirements and not met, and the policy is not scored
@@ -69,7 +69,7 @@ type PolicyReportSummary struct {
// - skip: indicates that the policy was not selected based on user inputs or applicability
//
// +kubebuilder:validation:Enum=pass;fail;warn;error;skip
-type PolicyStatus string
+type PolicyResult string
// PolicySeverity has one of the following values:
// - high
@@ -81,6 +81,10 @@ type PolicySeverity string
// PolicyReportResult provides the result for an individual policy
type PolicyReportResult struct {
+ // Source is an identifier for the policy engine that manages this report
+ // +optional
+ Source string `json:"source"`
+
// Policy is the name of the policy
Policy string `json:"policy"`
@@ -102,14 +106,17 @@ type PolicyReportResult struct {
// Message is a short user friendly description of the policy rule
Message string `json:"message,omitempty"`
- // Status indicates the result of the policy rule check
- Status PolicyStatus `json:"status,omitempty"`
+ // Result indicates the outcome of the policy rule execution
+ Result PolicyResult `json:"result,omitempty"`
// Scored indicates if this policy rule is scored
Scored bool `json:"scored,omitempty"`
- // Data provides additional information for the policy rule
- Data map[string]string `json:"data,omitempty"`
+ // Properties provides additional information for the policy rule
+ Properties map[string]string `json:"properties,omitempty"`
+
+ // Timestamp indicates the time the result was found
+ Timestamp metav1.Timestamp `json:"timestamp,omitempty"`
// Category indicates policy category
// +optional
diff --git a/pkg/api/policyreport/v1alpha1/zz_generated.deepcopy.go b/pkg/api/policyreport/v1alpha2/zz_generated.deepcopy.go
similarity index 98%
rename from pkg/api/policyreport/v1alpha1/zz_generated.deepcopy.go
rename to pkg/api/policyreport/v1alpha2/zz_generated.deepcopy.go
index 683557bf02..f153b0739c 100644
--- a/pkg/api/policyreport/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/api/policyreport/v1alpha2/zz_generated.deepcopy.go
@@ -18,7 +18,7 @@ limitations under the License.
// Code generated by deepcopy-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
v1 "k8s.io/api/core/v1"
@@ -207,13 +207,14 @@ func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) {
*out = new(metav1.LabelSelector)
(*in).DeepCopyInto(*out)
}
- if in.Data != nil {
- in, out := &in.Data, &out.Data
+ if in.Properties != nil {
+ in, out := &in.Properties, &out.Properties
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
+ out.Timestamp = in.Timestamp
return
}
diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go
index 5dab4bbf15..6bf38fee98 100755
--- a/pkg/client/clientset/versioned/clientset.go
+++ b/pkg/client/clientset/versioned/clientset.go
@@ -22,8 +22,8 @@ import (
"fmt"
kyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
- kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
- wgpolicyk8sv1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha1"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha2"
+ wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest"
flowcontrol "k8s.io/client-go/util/flowcontrol"
@@ -32,8 +32,8 @@ import (
type Interface interface {
Discovery() discovery.DiscoveryInterface
KyvernoV1() kyvernov1.KyvernoV1Interface
- KyvernoV1alpha1() kyvernov1alpha1.KyvernoV1alpha1Interface
- Wgpolicyk8sV1alpha1() wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Interface
+ KyvernoV1alpha2() kyvernov1alpha2.KyvernoV1alpha2Interface
+ Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface
}
// Clientset contains the clients for groups. Each group has exactly one
@@ -41,8 +41,8 @@ type Interface interface {
type Clientset struct {
*discovery.DiscoveryClient
kyvernoV1 *kyvernov1.KyvernoV1Client
- kyvernoV1alpha1 *kyvernov1alpha1.KyvernoV1alpha1Client
- wgpolicyk8sV1alpha1 *wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Client
+ kyvernoV1alpha2 *kyvernov1alpha2.KyvernoV1alpha2Client
+ wgpolicyk8sV1alpha2 *wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Client
}
// KyvernoV1 retrieves the KyvernoV1Client
@@ -50,14 +50,14 @@ func (c *Clientset) KyvernoV1() kyvernov1.KyvernoV1Interface {
return c.kyvernoV1
}
-// KyvernoV1alpha1 retrieves the KyvernoV1alpha1Client
-func (c *Clientset) KyvernoV1alpha1() kyvernov1alpha1.KyvernoV1alpha1Interface {
- return c.kyvernoV1alpha1
+// KyvernoV1alpha2 retrieves the KyvernoV1alpha2Client
+func (c *Clientset) KyvernoV1alpha2() kyvernov1alpha2.KyvernoV1alpha2Interface {
+ return c.kyvernoV1alpha2
}
-// Wgpolicyk8sV1alpha1 retrieves the Wgpolicyk8sV1alpha1Client
-func (c *Clientset) Wgpolicyk8sV1alpha1() wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Interface {
- return c.wgpolicyk8sV1alpha1
+// Wgpolicyk8sV1alpha2 retrieves the Wgpolicyk8sV1alpha2Client
+func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface {
+ return c.wgpolicyk8sV1alpha2
}
// Discovery retrieves the DiscoveryClient
@@ -85,11 +85,11 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
if err != nil {
return nil, err
}
- cs.kyvernoV1alpha1, err = kyvernov1alpha1.NewForConfig(&configShallowCopy)
+ cs.kyvernoV1alpha2, err = kyvernov1alpha2.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
- cs.wgpolicyk8sV1alpha1, err = wgpolicyk8sv1alpha1.NewForConfig(&configShallowCopy)
+ cs.wgpolicyk8sV1alpha2, err = wgpolicyk8sv1alpha2.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
@@ -106,8 +106,8 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
func NewForConfigOrDie(c *rest.Config) *Clientset {
var cs Clientset
cs.kyvernoV1 = kyvernov1.NewForConfigOrDie(c)
- cs.kyvernoV1alpha1 = kyvernov1alpha1.NewForConfigOrDie(c)
- cs.wgpolicyk8sV1alpha1 = wgpolicyk8sv1alpha1.NewForConfigOrDie(c)
+ cs.kyvernoV1alpha2 = kyvernov1alpha2.NewForConfigOrDie(c)
+ cs.wgpolicyk8sV1alpha2 = wgpolicyk8sv1alpha2.NewForConfigOrDie(c)
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
return &cs
@@ -117,8 +117,8 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
func New(c rest.Interface) *Clientset {
var cs Clientset
cs.kyvernoV1 = kyvernov1.New(c)
- cs.kyvernoV1alpha1 = kyvernov1alpha1.New(c)
- cs.wgpolicyk8sV1alpha1 = wgpolicyk8sv1alpha1.New(c)
+ cs.kyvernoV1alpha2 = kyvernov1alpha2.New(c)
+ cs.wgpolicyk8sV1alpha2 = wgpolicyk8sv1alpha2.New(c)
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
return &cs
diff --git a/pkg/client/clientset/versioned/fake/clientset_generated.go b/pkg/client/clientset/versioned/fake/clientset_generated.go
index 9dc1e5c0c1..66d34f31d5 100755
--- a/pkg/client/clientset/versioned/fake/clientset_generated.go
+++ b/pkg/client/clientset/versioned/fake/clientset_generated.go
@@ -22,10 +22,10 @@ import (
clientset "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
fakekyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1/fake"
- kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
- fakekyvernov1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake"
- wgpolicyk8sv1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha1"
- fakewgpolicyk8sv1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha2"
+ fakekyvernov1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake"
+ wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
+ fakewgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/discovery"
@@ -85,12 +85,12 @@ func (c *Clientset) KyvernoV1() kyvernov1.KyvernoV1Interface {
return &fakekyvernov1.FakeKyvernoV1{Fake: &c.Fake}
}
-// KyvernoV1alpha1 retrieves the KyvernoV1alpha1Client
-func (c *Clientset) KyvernoV1alpha1() kyvernov1alpha1.KyvernoV1alpha1Interface {
- return &fakekyvernov1alpha1.FakeKyvernoV1alpha1{Fake: &c.Fake}
+// KyvernoV1alpha2 retrieves the KyvernoV1alpha2Client
+func (c *Clientset) KyvernoV1alpha2() kyvernov1alpha2.KyvernoV1alpha2Interface {
+ return &fakekyvernov1alpha2.FakeKyvernoV1alpha2{Fake: &c.Fake}
}
-// Wgpolicyk8sV1alpha1 retrieves the Wgpolicyk8sV1alpha1Client
-func (c *Clientset) Wgpolicyk8sV1alpha1() wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Interface {
- return &fakewgpolicyk8sv1alpha1.FakeWgpolicyk8sV1alpha1{Fake: &c.Fake}
+// Wgpolicyk8sV1alpha2 retrieves the Wgpolicyk8sV1alpha2Client
+func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface {
+ return &fakewgpolicyk8sv1alpha2.FakeWgpolicyk8sV1alpha2{Fake: &c.Fake}
}
diff --git a/pkg/client/clientset/versioned/fake/register.go b/pkg/client/clientset/versioned/fake/register.go
index d00f26c51b..b377416ad8 100755
--- a/pkg/client/clientset/versioned/fake/register.go
+++ b/pkg/client/clientset/versioned/fake/register.go
@@ -20,8 +20,8 @@ package fake
import (
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
- wgpolicyk8sv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
+ wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -34,8 +34,8 @@ var codecs = serializer.NewCodecFactory(scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
kyvernov1.AddToScheme,
- kyvernov1alpha1.AddToScheme,
- wgpolicyk8sv1alpha1.AddToScheme,
+ kyvernov1alpha2.AddToScheme,
+ wgpolicyk8sv1alpha2.AddToScheme,
}
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
diff --git a/pkg/client/clientset/versioned/scheme/register.go b/pkg/client/clientset/versioned/scheme/register.go
index 23d6e3a33f..920d66d19a 100755
--- a/pkg/client/clientset/versioned/scheme/register.go
+++ b/pkg/client/clientset/versioned/scheme/register.go
@@ -20,8 +20,8 @@ package scheme
import (
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
- wgpolicyk8sv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
+ wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -34,8 +34,8 @@ var Codecs = serializer.NewCodecFactory(Scheme)
var ParameterCodec = runtime.NewParameterCodec(Scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
kyvernov1.AddToScheme,
- kyvernov1alpha1.AddToScheme,
- wgpolicyk8sv1alpha1.AddToScheme,
+ kyvernov1alpha2.AddToScheme,
+ wgpolicyk8sv1alpha2.AddToScheme,
}
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/clusterreportchangerequest.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/clusterreportchangerequest.go
similarity index 84%
rename from pkg/client/clientset/versioned/typed/kyverno/v1alpha1/clusterreportchangerequest.go
rename to pkg/client/clientset/versioned/typed/kyverno/v1alpha2/clusterreportchangerequest.go
index 1f9973a1ce..c895165392 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/clusterreportchangerequest.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/clusterreportchangerequest.go
@@ -16,13 +16,13 @@ limitations under the License.
// Code generated by client-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
"context"
"time"
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
@@ -38,14 +38,14 @@ type ClusterReportChangeRequestsGetter interface {
// ClusterReportChangeRequestInterface has methods to work with ClusterReportChangeRequest resources.
type ClusterReportChangeRequestInterface interface {
- Create(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.CreateOptions) (*v1alpha1.ClusterReportChangeRequest, error)
- Update(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.UpdateOptions) (*v1alpha1.ClusterReportChangeRequest, error)
+ Create(ctx context.Context, clusterReportChangeRequest *v1alpha2.ClusterReportChangeRequest, opts v1.CreateOptions) (*v1alpha2.ClusterReportChangeRequest, error)
+ Update(ctx context.Context, clusterReportChangeRequest *v1alpha2.ClusterReportChangeRequest, opts v1.UpdateOptions) (*v1alpha2.ClusterReportChangeRequest, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
- Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ClusterReportChangeRequest, error)
- List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ClusterReportChangeRequestList, error)
+ Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.ClusterReportChangeRequest, error)
+ List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.ClusterReportChangeRequestList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
- Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterReportChangeRequest, err error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterReportChangeRequest, err error)
ClusterReportChangeRequestExpansion
}
@@ -55,15 +55,15 @@ type clusterReportChangeRequests struct {
}
// newClusterReportChangeRequests returns a ClusterReportChangeRequests
-func newClusterReportChangeRequests(c *KyvernoV1alpha1Client) *clusterReportChangeRequests {
+func newClusterReportChangeRequests(c *KyvernoV1alpha2Client) *clusterReportChangeRequests {
return &clusterReportChangeRequests{
client: c.RESTClient(),
}
}
// Get takes name of the clusterReportChangeRequest, and returns the corresponding clusterReportChangeRequest object, and an error if there is any.
-func (c *clusterReportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
- result = &v1alpha1.ClusterReportChangeRequest{}
+func (c *clusterReportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterReportChangeRequest, err error) {
+ result = &v1alpha2.ClusterReportChangeRequest{}
err = c.client.Get().
Resource("clusterreportchangerequests").
Name(name).
@@ -74,12 +74,12 @@ func (c *clusterReportChangeRequests) Get(ctx context.Context, name string, opti
}
// List takes label and field selectors, and returns the list of ClusterReportChangeRequests that match those selectors.
-func (c *clusterReportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterReportChangeRequestList, err error) {
+func (c *clusterReportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ClusterReportChangeRequestList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
- result = &v1alpha1.ClusterReportChangeRequestList{}
+ result = &v1alpha2.ClusterReportChangeRequestList{}
err = c.client.Get().
Resource("clusterreportchangerequests").
VersionedParams(&opts, scheme.ParameterCodec).
@@ -104,8 +104,8 @@ func (c *clusterReportChangeRequests) Watch(ctx context.Context, opts v1.ListOpt
}
// Create takes the representation of a clusterReportChangeRequest and creates it. Returns the server's representation of the clusterReportChangeRequest, and an error, if there is any.
-func (c *clusterReportChangeRequests) Create(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.CreateOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
- result = &v1alpha1.ClusterReportChangeRequest{}
+func (c *clusterReportChangeRequests) Create(ctx context.Context, clusterReportChangeRequest *v1alpha2.ClusterReportChangeRequest, opts v1.CreateOptions) (result *v1alpha2.ClusterReportChangeRequest, err error) {
+ result = &v1alpha2.ClusterReportChangeRequest{}
err = c.client.Post().
Resource("clusterreportchangerequests").
VersionedParams(&opts, scheme.ParameterCodec).
@@ -116,8 +116,8 @@ func (c *clusterReportChangeRequests) Create(ctx context.Context, clusterReportC
}
// Update takes the representation of a clusterReportChangeRequest and updates it. Returns the server's representation of the clusterReportChangeRequest, and an error, if there is any.
-func (c *clusterReportChangeRequests) Update(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
- result = &v1alpha1.ClusterReportChangeRequest{}
+func (c *clusterReportChangeRequests) Update(ctx context.Context, clusterReportChangeRequest *v1alpha2.ClusterReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha2.ClusterReportChangeRequest, err error) {
+ result = &v1alpha2.ClusterReportChangeRequest{}
err = c.client.Put().
Resource("clusterreportchangerequests").
Name(clusterReportChangeRequest.Name).
@@ -154,8 +154,8 @@ func (c *clusterReportChangeRequests) DeleteCollection(ctx context.Context, opts
}
// Patch applies the patch and returns the patched clusterReportChangeRequest.
-func (c *clusterReportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterReportChangeRequest, err error) {
- result = &v1alpha1.ClusterReportChangeRequest{}
+func (c *clusterReportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterReportChangeRequest, err error) {
+ result = &v1alpha2.ClusterReportChangeRequest{}
err = c.client.Patch(pt).
Resource("clusterreportchangerequests").
Name(name).
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/doc.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/doc.go
old mode 100755
new mode 100644
similarity index 97%
rename from pkg/client/clientset/versioned/typed/policyreport/v1alpha1/doc.go
rename to pkg/client/clientset/versioned/typed/kyverno/v1alpha2/doc.go
index df51baa4d4..baaf2d9853
--- a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/doc.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/doc.go
@@ -17,4 +17,4 @@ limitations under the License.
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
-package v1alpha1
+package v1alpha2
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/doc.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake/doc.go
similarity index 100%
rename from pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/doc.go
rename to pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake/doc.go
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_clusterreportchangerequest.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake/fake_clusterreportchangerequest.go
similarity index 74%
rename from pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_clusterreportchangerequest.go
rename to pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake/fake_clusterreportchangerequest.go
index 0f709a4e39..61a45a7bf7 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_clusterreportchangerequest.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake/fake_clusterreportchangerequest.go
@@ -21,7 +21,7 @@ package fake
import (
"context"
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -32,27 +32,27 @@ import (
// FakeClusterReportChangeRequests implements ClusterReportChangeRequestInterface
type FakeClusterReportChangeRequests struct {
- Fake *FakeKyvernoV1alpha1
+ Fake *FakeKyvernoV1alpha2
}
-var clusterreportchangerequestsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "clusterreportchangerequests"}
+var clusterreportchangerequestsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha2", Resource: "clusterreportchangerequests"}
-var clusterreportchangerequestsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "ClusterReportChangeRequest"}
+var clusterreportchangerequestsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha2", Kind: "ClusterReportChangeRequest"}
// Get takes name of the clusterReportChangeRequest, and returns the corresponding clusterReportChangeRequest object, and an error if there is any.
-func (c *FakeClusterReportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+func (c *FakeClusterReportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterReportChangeRequest, err error) {
obj, err := c.Fake.
- Invokes(testing.NewRootGetAction(clusterreportchangerequestsResource, name), &v1alpha1.ClusterReportChangeRequest{})
+ Invokes(testing.NewRootGetAction(clusterreportchangerequestsResource, name), &v1alpha2.ClusterReportChangeRequest{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ClusterReportChangeRequest), err
+ return obj.(*v1alpha2.ClusterReportChangeRequest), err
}
// List takes label and field selectors, and returns the list of ClusterReportChangeRequests that match those selectors.
-func (c *FakeClusterReportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterReportChangeRequestList, err error) {
+func (c *FakeClusterReportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ClusterReportChangeRequestList, err error) {
obj, err := c.Fake.
- Invokes(testing.NewRootListAction(clusterreportchangerequestsResource, clusterreportchangerequestsKind, opts), &v1alpha1.ClusterReportChangeRequestList{})
+ Invokes(testing.NewRootListAction(clusterreportchangerequestsResource, clusterreportchangerequestsKind, opts), &v1alpha2.ClusterReportChangeRequestList{})
if obj == nil {
return nil, err
}
@@ -61,8 +61,8 @@ func (c *FakeClusterReportChangeRequests) List(ctx context.Context, opts v1.List
if label == nil {
label = labels.Everything()
}
- list := &v1alpha1.ClusterReportChangeRequestList{ListMeta: obj.(*v1alpha1.ClusterReportChangeRequestList).ListMeta}
- for _, item := range obj.(*v1alpha1.ClusterReportChangeRequestList).Items {
+ list := &v1alpha2.ClusterReportChangeRequestList{ListMeta: obj.(*v1alpha2.ClusterReportChangeRequestList).ListMeta}
+ for _, item := range obj.(*v1alpha2.ClusterReportChangeRequestList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
@@ -77,29 +77,29 @@ func (c *FakeClusterReportChangeRequests) Watch(ctx context.Context, opts v1.Lis
}
// Create takes the representation of a clusterReportChangeRequest and creates it. Returns the server's representation of the clusterReportChangeRequest, and an error, if there is any.
-func (c *FakeClusterReportChangeRequests) Create(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.CreateOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+func (c *FakeClusterReportChangeRequests) Create(ctx context.Context, clusterReportChangeRequest *v1alpha2.ClusterReportChangeRequest, opts v1.CreateOptions) (result *v1alpha2.ClusterReportChangeRequest, err error) {
obj, err := c.Fake.
- Invokes(testing.NewRootCreateAction(clusterreportchangerequestsResource, clusterReportChangeRequest), &v1alpha1.ClusterReportChangeRequest{})
+ Invokes(testing.NewRootCreateAction(clusterreportchangerequestsResource, clusterReportChangeRequest), &v1alpha2.ClusterReportChangeRequest{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ClusterReportChangeRequest), err
+ return obj.(*v1alpha2.ClusterReportChangeRequest), err
}
// Update takes the representation of a clusterReportChangeRequest and updates it. Returns the server's representation of the clusterReportChangeRequest, and an error, if there is any.
-func (c *FakeClusterReportChangeRequests) Update(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+func (c *FakeClusterReportChangeRequests) Update(ctx context.Context, clusterReportChangeRequest *v1alpha2.ClusterReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha2.ClusterReportChangeRequest, err error) {
obj, err := c.Fake.
- Invokes(testing.NewRootUpdateAction(clusterreportchangerequestsResource, clusterReportChangeRequest), &v1alpha1.ClusterReportChangeRequest{})
+ Invokes(testing.NewRootUpdateAction(clusterreportchangerequestsResource, clusterReportChangeRequest), &v1alpha2.ClusterReportChangeRequest{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ClusterReportChangeRequest), err
+ return obj.(*v1alpha2.ClusterReportChangeRequest), err
}
// Delete takes name of the clusterReportChangeRequest and deletes it. Returns an error if one occurs.
func (c *FakeClusterReportChangeRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
- Invokes(testing.NewRootDeleteAction(clusterreportchangerequestsResource, name), &v1alpha1.ClusterReportChangeRequest{})
+ Invokes(testing.NewRootDeleteAction(clusterreportchangerequestsResource, name), &v1alpha2.ClusterReportChangeRequest{})
return err
}
@@ -107,16 +107,16 @@ func (c *FakeClusterReportChangeRequests) Delete(ctx context.Context, name strin
func (c *FakeClusterReportChangeRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(clusterreportchangerequestsResource, listOpts)
- _, err := c.Fake.Invokes(action, &v1alpha1.ClusterReportChangeRequestList{})
+ _, err := c.Fake.Invokes(action, &v1alpha2.ClusterReportChangeRequestList{})
return err
}
// Patch applies the patch and returns the patched clusterReportChangeRequest.
-func (c *FakeClusterReportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+func (c *FakeClusterReportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterReportChangeRequest, err error) {
obj, err := c.Fake.
- Invokes(testing.NewRootPatchSubresourceAction(clusterreportchangerequestsResource, name, pt, data, subresources...), &v1alpha1.ClusterReportChangeRequest{})
+ Invokes(testing.NewRootPatchSubresourceAction(clusterreportchangerequestsResource, name, pt, data, subresources...), &v1alpha2.ClusterReportChangeRequest{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ClusterReportChangeRequest), err
+ return obj.(*v1alpha2.ClusterReportChangeRequest), err
}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake/fake_kyverno_client.go
similarity index 70%
rename from pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_kyverno_client.go
rename to pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake/fake_kyverno_client.go
index aa7cae6481..5c608cbdb4 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_kyverno_client.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake/fake_kyverno_client.go
@@ -19,26 +19,26 @@ limitations under the License.
package fake
import (
- v1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha2"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)
-type FakeKyvernoV1alpha1 struct {
+type FakeKyvernoV1alpha2 struct {
*testing.Fake
}
-func (c *FakeKyvernoV1alpha1) ClusterReportChangeRequests() v1alpha1.ClusterReportChangeRequestInterface {
+func (c *FakeKyvernoV1alpha2) ClusterReportChangeRequests() v1alpha2.ClusterReportChangeRequestInterface {
return &FakeClusterReportChangeRequests{c}
}
-func (c *FakeKyvernoV1alpha1) ReportChangeRequests(namespace string) v1alpha1.ReportChangeRequestInterface {
+func (c *FakeKyvernoV1alpha2) ReportChangeRequests(namespace string) v1alpha2.ReportChangeRequestInterface {
return &FakeReportChangeRequests{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
-func (c *FakeKyvernoV1alpha1) RESTClient() rest.Interface {
+func (c *FakeKyvernoV1alpha2) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_reportchangerequest.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake/fake_reportchangerequest.go
similarity index 73%
rename from pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_reportchangerequest.go
rename to pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake/fake_reportchangerequest.go
index 5126b2c435..bab79f04b0 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_reportchangerequest.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/fake/fake_reportchangerequest.go
@@ -21,7 +21,7 @@ package fake
import (
"context"
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -32,29 +32,29 @@ import (
// FakeReportChangeRequests implements ReportChangeRequestInterface
type FakeReportChangeRequests struct {
- Fake *FakeKyvernoV1alpha1
+ Fake *FakeKyvernoV1alpha2
ns string
}
-var reportchangerequestsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "reportchangerequests"}
+var reportchangerequestsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha2", Resource: "reportchangerequests"}
-var reportchangerequestsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "ReportChangeRequest"}
+var reportchangerequestsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha2", Kind: "ReportChangeRequest"}
// Get takes name of the reportChangeRequest, and returns the corresponding reportChangeRequest object, and an error if there is any.
-func (c *FakeReportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ReportChangeRequest, err error) {
+func (c *FakeReportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ReportChangeRequest, err error) {
obj, err := c.Fake.
- Invokes(testing.NewGetAction(reportchangerequestsResource, c.ns, name), &v1alpha1.ReportChangeRequest{})
+ Invokes(testing.NewGetAction(reportchangerequestsResource, c.ns, name), &v1alpha2.ReportChangeRequest{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ReportChangeRequest), err
+ return obj.(*v1alpha2.ReportChangeRequest), err
}
// List takes label and field selectors, and returns the list of ReportChangeRequests that match those selectors.
-func (c *FakeReportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ReportChangeRequestList, err error) {
+func (c *FakeReportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ReportChangeRequestList, err error) {
obj, err := c.Fake.
- Invokes(testing.NewListAction(reportchangerequestsResource, reportchangerequestsKind, c.ns, opts), &v1alpha1.ReportChangeRequestList{})
+ Invokes(testing.NewListAction(reportchangerequestsResource, reportchangerequestsKind, c.ns, opts), &v1alpha2.ReportChangeRequestList{})
if obj == nil {
return nil, err
@@ -64,8 +64,8 @@ func (c *FakeReportChangeRequests) List(ctx context.Context, opts v1.ListOptions
if label == nil {
label = labels.Everything()
}
- list := &v1alpha1.ReportChangeRequestList{ListMeta: obj.(*v1alpha1.ReportChangeRequestList).ListMeta}
- for _, item := range obj.(*v1alpha1.ReportChangeRequestList).Items {
+ list := &v1alpha2.ReportChangeRequestList{ListMeta: obj.(*v1alpha2.ReportChangeRequestList).ListMeta}
+ for _, item := range obj.(*v1alpha2.ReportChangeRequestList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
@@ -81,31 +81,31 @@ func (c *FakeReportChangeRequests) Watch(ctx context.Context, opts v1.ListOption
}
// Create takes the representation of a reportChangeRequest and creates it. Returns the server's representation of the reportChangeRequest, and an error, if there is any.
-func (c *FakeReportChangeRequests) Create(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.CreateOptions) (result *v1alpha1.ReportChangeRequest, err error) {
+func (c *FakeReportChangeRequests) Create(ctx context.Context, reportChangeRequest *v1alpha2.ReportChangeRequest, opts v1.CreateOptions) (result *v1alpha2.ReportChangeRequest, err error) {
obj, err := c.Fake.
- Invokes(testing.NewCreateAction(reportchangerequestsResource, c.ns, reportChangeRequest), &v1alpha1.ReportChangeRequest{})
+ Invokes(testing.NewCreateAction(reportchangerequestsResource, c.ns, reportChangeRequest), &v1alpha2.ReportChangeRequest{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ReportChangeRequest), err
+ return obj.(*v1alpha2.ReportChangeRequest), err
}
// Update takes the representation of a reportChangeRequest and updates it. Returns the server's representation of the reportChangeRequest, and an error, if there is any.
-func (c *FakeReportChangeRequests) Update(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha1.ReportChangeRequest, err error) {
+func (c *FakeReportChangeRequests) Update(ctx context.Context, reportChangeRequest *v1alpha2.ReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha2.ReportChangeRequest, err error) {
obj, err := c.Fake.
- Invokes(testing.NewUpdateAction(reportchangerequestsResource, c.ns, reportChangeRequest), &v1alpha1.ReportChangeRequest{})
+ Invokes(testing.NewUpdateAction(reportchangerequestsResource, c.ns, reportChangeRequest), &v1alpha2.ReportChangeRequest{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ReportChangeRequest), err
+ return obj.(*v1alpha2.ReportChangeRequest), err
}
// Delete takes name of the reportChangeRequest and deletes it. Returns an error if one occurs.
func (c *FakeReportChangeRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
- Invokes(testing.NewDeleteAction(reportchangerequestsResource, c.ns, name), &v1alpha1.ReportChangeRequest{})
+ Invokes(testing.NewDeleteAction(reportchangerequestsResource, c.ns, name), &v1alpha2.ReportChangeRequest{})
return err
}
@@ -114,17 +114,17 @@ func (c *FakeReportChangeRequests) Delete(ctx context.Context, name string, opts
func (c *FakeReportChangeRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(reportchangerequestsResource, c.ns, listOpts)
- _, err := c.Fake.Invokes(action, &v1alpha1.ReportChangeRequestList{})
+ _, err := c.Fake.Invokes(action, &v1alpha2.ReportChangeRequestList{})
return err
}
// Patch applies the patch and returns the patched reportChangeRequest.
-func (c *FakeReportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ReportChangeRequest, err error) {
+func (c *FakeReportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ReportChangeRequest, err error) {
obj, err := c.Fake.
- Invokes(testing.NewPatchSubresourceAction(reportchangerequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.ReportChangeRequest{})
+ Invokes(testing.NewPatchSubresourceAction(reportchangerequestsResource, c.ns, name, pt, data, subresources...), &v1alpha2.ReportChangeRequest{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ReportChangeRequest), err
+ return obj.(*v1alpha2.ReportChangeRequest), err
}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/generated_expansion.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/generated_expansion.go
similarity index 97%
rename from pkg/client/clientset/versioned/typed/kyverno/v1alpha1/generated_expansion.go
rename to pkg/client/clientset/versioned/typed/kyverno/v1alpha2/generated_expansion.go
index 9fd0ca8807..70ee2abcf0 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/generated_expansion.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/generated_expansion.go
@@ -16,7 +16,7 @@ limitations under the License.
// Code generated by client-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
type ClusterReportChangeRequestExpansion interface{}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/kyverno_client.go
similarity index 67%
rename from pkg/client/clientset/versioned/typed/kyverno/v1alpha1/kyverno_client.go
rename to pkg/client/clientset/versioned/typed/kyverno/v1alpha2/kyverno_client.go
index febdd8ffcd..5004feb988 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/kyverno_client.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/kyverno_client.go
@@ -16,35 +16,35 @@ limitations under the License.
// Code generated by client-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
rest "k8s.io/client-go/rest"
)
-type KyvernoV1alpha1Interface interface {
+type KyvernoV1alpha2Interface interface {
RESTClient() rest.Interface
ClusterReportChangeRequestsGetter
ReportChangeRequestsGetter
}
-// KyvernoV1alpha1Client is used to interact with features provided by the kyverno.io group.
-type KyvernoV1alpha1Client struct {
+// KyvernoV1alpha2Client is used to interact with features provided by the kyverno.io group.
+type KyvernoV1alpha2Client struct {
restClient rest.Interface
}
-func (c *KyvernoV1alpha1Client) ClusterReportChangeRequests() ClusterReportChangeRequestInterface {
+func (c *KyvernoV1alpha2Client) ClusterReportChangeRequests() ClusterReportChangeRequestInterface {
return newClusterReportChangeRequests(c)
}
-func (c *KyvernoV1alpha1Client) ReportChangeRequests(namespace string) ReportChangeRequestInterface {
+func (c *KyvernoV1alpha2Client) ReportChangeRequests(namespace string) ReportChangeRequestInterface {
return newReportChangeRequests(c, namespace)
}
-// NewForConfig creates a new KyvernoV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*KyvernoV1alpha1Client, error) {
+// NewForConfig creates a new KyvernoV1alpha2Client for the given config.
+func NewForConfig(c *rest.Config) (*KyvernoV1alpha2Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
@@ -53,12 +53,12 @@ func NewForConfig(c *rest.Config) (*KyvernoV1alpha1Client, error) {
if err != nil {
return nil, err
}
- return &KyvernoV1alpha1Client{client}, nil
+ return &KyvernoV1alpha2Client{client}, nil
}
-// NewForConfigOrDie creates a new KyvernoV1alpha1Client for the given config and
+// NewForConfigOrDie creates a new KyvernoV1alpha2Client for the given config and
// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *KyvernoV1alpha1Client {
+func NewForConfigOrDie(c *rest.Config) *KyvernoV1alpha2Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
@@ -66,13 +66,13 @@ func NewForConfigOrDie(c *rest.Config) *KyvernoV1alpha1Client {
return client
}
-// New creates a new KyvernoV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *KyvernoV1alpha1Client {
- return &KyvernoV1alpha1Client{c}
+// New creates a new KyvernoV1alpha2Client for the given RESTClient.
+func New(c rest.Interface) *KyvernoV1alpha2Client {
+ return &KyvernoV1alpha2Client{c}
}
func setConfigDefaults(config *rest.Config) error {
- gv := v1alpha1.SchemeGroupVersion
+ gv := v1alpha2.SchemeGroupVersion
config.GroupVersion = &gv
config.APIPath = "/apis"
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
@@ -86,7 +86,7 @@ func setConfigDefaults(config *rest.Config) error {
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
-func (c *KyvernoV1alpha1Client) RESTClient() rest.Interface {
+func (c *KyvernoV1alpha2Client) RESTClient() rest.Interface {
if c == nil {
return nil
}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/reportchangerequest.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/reportchangerequest.go
similarity index 82%
rename from pkg/client/clientset/versioned/typed/kyverno/v1alpha1/reportchangerequest.go
rename to pkg/client/clientset/versioned/typed/kyverno/v1alpha2/reportchangerequest.go
index 95e22f3507..03620ab149 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/reportchangerequest.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha2/reportchangerequest.go
@@ -16,13 +16,13 @@ limitations under the License.
// Code generated by client-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
"context"
"time"
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
@@ -38,14 +38,14 @@ type ReportChangeRequestsGetter interface {
// ReportChangeRequestInterface has methods to work with ReportChangeRequest resources.
type ReportChangeRequestInterface interface {
- Create(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.CreateOptions) (*v1alpha1.ReportChangeRequest, error)
- Update(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.UpdateOptions) (*v1alpha1.ReportChangeRequest, error)
+ Create(ctx context.Context, reportChangeRequest *v1alpha2.ReportChangeRequest, opts v1.CreateOptions) (*v1alpha2.ReportChangeRequest, error)
+ Update(ctx context.Context, reportChangeRequest *v1alpha2.ReportChangeRequest, opts v1.UpdateOptions) (*v1alpha2.ReportChangeRequest, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
- Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ReportChangeRequest, error)
- List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ReportChangeRequestList, error)
+ Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.ReportChangeRequest, error)
+ List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.ReportChangeRequestList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
- Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ReportChangeRequest, err error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ReportChangeRequest, err error)
ReportChangeRequestExpansion
}
@@ -56,7 +56,7 @@ type reportChangeRequests struct {
}
// newReportChangeRequests returns a ReportChangeRequests
-func newReportChangeRequests(c *KyvernoV1alpha1Client, namespace string) *reportChangeRequests {
+func newReportChangeRequests(c *KyvernoV1alpha2Client, namespace string) *reportChangeRequests {
return &reportChangeRequests{
client: c.RESTClient(),
ns: namespace,
@@ -64,8 +64,8 @@ func newReportChangeRequests(c *KyvernoV1alpha1Client, namespace string) *report
}
// Get takes name of the reportChangeRequest, and returns the corresponding reportChangeRequest object, and an error if there is any.
-func (c *reportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ReportChangeRequest, err error) {
- result = &v1alpha1.ReportChangeRequest{}
+func (c *reportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ReportChangeRequest, err error) {
+ result = &v1alpha2.ReportChangeRequest{}
err = c.client.Get().
Namespace(c.ns).
Resource("reportchangerequests").
@@ -77,12 +77,12 @@ func (c *reportChangeRequests) Get(ctx context.Context, name string, options v1.
}
// List takes label and field selectors, and returns the list of ReportChangeRequests that match those selectors.
-func (c *reportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ReportChangeRequestList, err error) {
+func (c *reportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ReportChangeRequestList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
- result = &v1alpha1.ReportChangeRequestList{}
+ result = &v1alpha2.ReportChangeRequestList{}
err = c.client.Get().
Namespace(c.ns).
Resource("reportchangerequests").
@@ -109,8 +109,8 @@ func (c *reportChangeRequests) Watch(ctx context.Context, opts v1.ListOptions) (
}
// Create takes the representation of a reportChangeRequest and creates it. Returns the server's representation of the reportChangeRequest, and an error, if there is any.
-func (c *reportChangeRequests) Create(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.CreateOptions) (result *v1alpha1.ReportChangeRequest, err error) {
- result = &v1alpha1.ReportChangeRequest{}
+func (c *reportChangeRequests) Create(ctx context.Context, reportChangeRequest *v1alpha2.ReportChangeRequest, opts v1.CreateOptions) (result *v1alpha2.ReportChangeRequest, err error) {
+ result = &v1alpha2.ReportChangeRequest{}
err = c.client.Post().
Namespace(c.ns).
Resource("reportchangerequests").
@@ -122,8 +122,8 @@ func (c *reportChangeRequests) Create(ctx context.Context, reportChangeRequest *
}
// Update takes the representation of a reportChangeRequest and updates it. Returns the server's representation of the reportChangeRequest, and an error, if there is any.
-func (c *reportChangeRequests) Update(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha1.ReportChangeRequest, err error) {
- result = &v1alpha1.ReportChangeRequest{}
+func (c *reportChangeRequests) Update(ctx context.Context, reportChangeRequest *v1alpha2.ReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha2.ReportChangeRequest, err error) {
+ result = &v1alpha2.ReportChangeRequest{}
err = c.client.Put().
Namespace(c.ns).
Resource("reportchangerequests").
@@ -163,8 +163,8 @@ func (c *reportChangeRequests) DeleteCollection(ctx context.Context, opts v1.Del
}
// Patch applies the patch and returns the patched reportChangeRequest.
-func (c *reportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ReportChangeRequest, err error) {
- result = &v1alpha1.ReportChangeRequest{}
+func (c *reportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ReportChangeRequest, err error) {
+ result = &v1alpha2.ReportChangeRequest{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("reportchangerequests").
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/clusterpolicyreport.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/clusterpolicyreport.go
similarity index 81%
rename from pkg/client/clientset/versioned/typed/policyreport/v1alpha1/clusterpolicyreport.go
rename to pkg/client/clientset/versioned/typed/policyreport/v1alpha2/clusterpolicyreport.go
index b490e14f0b..73d4bdc854 100755
--- a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/clusterpolicyreport.go
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/clusterpolicyreport.go
@@ -16,13 +16,13 @@ limitations under the License.
// Code generated by client-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
"context"
"time"
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
@@ -38,14 +38,14 @@ type ClusterPolicyReportsGetter interface {
// ClusterPolicyReportInterface has methods to work with ClusterPolicyReport resources.
type ClusterPolicyReportInterface interface {
- Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (*v1alpha1.ClusterPolicyReport, error)
- Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (*v1alpha1.ClusterPolicyReport, error)
+ Create(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.CreateOptions) (*v1alpha2.ClusterPolicyReport, error)
+ Update(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.UpdateOptions) (*v1alpha2.ClusterPolicyReport, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
- Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ClusterPolicyReport, error)
- List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ClusterPolicyReportList, error)
+ Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.ClusterPolicyReport, error)
+ List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.ClusterPolicyReportList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
- Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterPolicyReport, err error)
ClusterPolicyReportExpansion
}
@@ -55,15 +55,15 @@ type clusterPolicyReports struct {
}
// newClusterPolicyReports returns a ClusterPolicyReports
-func newClusterPolicyReports(c *Wgpolicyk8sV1alpha1Client) *clusterPolicyReports {
+func newClusterPolicyReports(c *Wgpolicyk8sV1alpha2Client) *clusterPolicyReports {
return &clusterPolicyReports{
client: c.RESTClient(),
}
}
// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any.
-func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
- result = &v1alpha1.ClusterPolicyReport{}
+func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
+ result = &v1alpha2.ClusterPolicyReport{}
err = c.client.Get().
Resource("clusterpolicyreports").
Name(name).
@@ -74,12 +74,12 @@ func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.
}
// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors.
-func (c *clusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterPolicyReportList, err error) {
+func (c *clusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ClusterPolicyReportList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
- result = &v1alpha1.ClusterPolicyReportList{}
+ result = &v1alpha2.ClusterPolicyReportList{}
err = c.client.Get().
Resource("clusterpolicyreports").
VersionedParams(&opts, scheme.ParameterCodec).
@@ -104,8 +104,8 @@ func (c *clusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (
}
// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
-func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
- result = &v1alpha1.ClusterPolicyReport{}
+func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
+ result = &v1alpha2.ClusterPolicyReport{}
err = c.client.Post().
Resource("clusterpolicyreports").
VersionedParams(&opts, scheme.ParameterCodec).
@@ -116,8 +116,8 @@ func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *
}
// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
-func (c *clusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
- result = &v1alpha1.ClusterPolicyReport{}
+func (c *clusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
+ result = &v1alpha2.ClusterPolicyReport{}
err = c.client.Put().
Resource("clusterpolicyreports").
Name(clusterPolicyReport.Name).
@@ -154,8 +154,8 @@ func (c *clusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.Del
}
// Patch applies the patch and returns the patched clusterPolicyReport.
-func (c *clusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error) {
- result = &v1alpha1.ClusterPolicyReport{}
+func (c *clusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterPolicyReport, err error) {
+ result = &v1alpha2.ClusterPolicyReport{}
err = c.client.Patch(pt).
Resource("clusterpolicyreports").
Name(name).
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/doc.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/doc.go
old mode 100644
new mode 100755
similarity index 97%
rename from pkg/client/clientset/versioned/typed/kyverno/v1alpha1/doc.go
rename to pkg/client/clientset/versioned/typed/policyreport/v1alpha2/doc.go
index df51baa4d4..baaf2d9853
--- a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/doc.go
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/doc.go
@@ -17,4 +17,4 @@ limitations under the License.
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
-package v1alpha1
+package v1alpha2
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/doc.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake/doc.go
similarity index 100%
rename from pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/doc.go
rename to pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake/doc.go
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_clusterpolicyreport.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake/fake_clusterpolicyreport.go
similarity index 73%
rename from pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_clusterpolicyreport.go
rename to pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake/fake_clusterpolicyreport.go
index 183b463f2e..40f960d563 100755
--- a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_clusterpolicyreport.go
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake/fake_clusterpolicyreport.go
@@ -21,7 +21,7 @@ package fake
import (
"context"
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -32,27 +32,27 @@ import (
// FakeClusterPolicyReports implements ClusterPolicyReportInterface
type FakeClusterPolicyReports struct {
- Fake *FakeWgpolicyk8sV1alpha1
+ Fake *FakeWgpolicyk8sV1alpha2
}
-var clusterpolicyreportsResource = schema.GroupVersionResource{Group: "wgpolicyk8s.io", Version: "v1alpha1", Resource: "clusterpolicyreports"}
+var clusterpolicyreportsResource = schema.GroupVersionResource{Group: "wgpolicyk8s.io", Version: "v1alpha2", Resource: "clusterpolicyreports"}
-var clusterpolicyreportsKind = schema.GroupVersionKind{Group: "wgpolicyk8s.io", Version: "v1alpha1", Kind: "ClusterPolicyReport"}
+var clusterpolicyreportsKind = schema.GroupVersionKind{Group: "wgpolicyk8s.io", Version: "v1alpha2", Kind: "ClusterPolicyReport"}
// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any.
-func (c *FakeClusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+func (c *FakeClusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
obj, err := c.Fake.
- Invokes(testing.NewRootGetAction(clusterpolicyreportsResource, name), &v1alpha1.ClusterPolicyReport{})
+ Invokes(testing.NewRootGetAction(clusterpolicyreportsResource, name), &v1alpha2.ClusterPolicyReport{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ClusterPolicyReport), err
+ return obj.(*v1alpha2.ClusterPolicyReport), err
}
// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors.
-func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterPolicyReportList, err error) {
+func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ClusterPolicyReportList, err error) {
obj, err := c.Fake.
- Invokes(testing.NewRootListAction(clusterpolicyreportsResource, clusterpolicyreportsKind, opts), &v1alpha1.ClusterPolicyReportList{})
+ Invokes(testing.NewRootListAction(clusterpolicyreportsResource, clusterpolicyreportsKind, opts), &v1alpha2.ClusterPolicyReportList{})
if obj == nil {
return nil, err
}
@@ -61,8 +61,8 @@ func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions
if label == nil {
label = labels.Everything()
}
- list := &v1alpha1.ClusterPolicyReportList{ListMeta: obj.(*v1alpha1.ClusterPolicyReportList).ListMeta}
- for _, item := range obj.(*v1alpha1.ClusterPolicyReportList).Items {
+ list := &v1alpha2.ClusterPolicyReportList{ListMeta: obj.(*v1alpha2.ClusterPolicyReportList).ListMeta}
+ for _, item := range obj.(*v1alpha2.ClusterPolicyReportList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
@@ -77,29 +77,29 @@ func (c *FakeClusterPolicyReports) Watch(ctx context.Context, opts v1.ListOption
}
// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
-func (c *FakeClusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+func (c *FakeClusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
obj, err := c.Fake.
- Invokes(testing.NewRootCreateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha1.ClusterPolicyReport{})
+ Invokes(testing.NewRootCreateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha2.ClusterPolicyReport{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ClusterPolicyReport), err
+ return obj.(*v1alpha2.ClusterPolicyReport), err
}
// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
-func (c *FakeClusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+func (c *FakeClusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
obj, err := c.Fake.
- Invokes(testing.NewRootUpdateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha1.ClusterPolicyReport{})
+ Invokes(testing.NewRootUpdateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha2.ClusterPolicyReport{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ClusterPolicyReport), err
+ return obj.(*v1alpha2.ClusterPolicyReport), err
}
// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs.
func (c *FakeClusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
- Invokes(testing.NewRootDeleteAction(clusterpolicyreportsResource, name), &v1alpha1.ClusterPolicyReport{})
+ Invokes(testing.NewRootDeleteAction(clusterpolicyreportsResource, name), &v1alpha2.ClusterPolicyReport{})
return err
}
@@ -107,16 +107,16 @@ func (c *FakeClusterPolicyReports) Delete(ctx context.Context, name string, opts
func (c *FakeClusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(clusterpolicyreportsResource, listOpts)
- _, err := c.Fake.Invokes(action, &v1alpha1.ClusterPolicyReportList{})
+ _, err := c.Fake.Invokes(action, &v1alpha2.ClusterPolicyReportList{})
return err
}
// Patch applies the patch and returns the patched clusterPolicyReport.
-func (c *FakeClusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error) {
+func (c *FakeClusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterPolicyReport, err error) {
obj, err := c.Fake.
- Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyreportsResource, name, pt, data, subresources...), &v1alpha1.ClusterPolicyReport{})
+ Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyreportsResource, name, pt, data, subresources...), &v1alpha2.ClusterPolicyReport{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.ClusterPolicyReport), err
+ return obj.(*v1alpha2.ClusterPolicyReport), err
}
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake/fake_policyreport.go
similarity index 75%
rename from pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport.go
rename to pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake/fake_policyreport.go
index 5e1d7d1500..c572a6c89f 100755
--- a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport.go
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake/fake_policyreport.go
@@ -21,7 +21,7 @@ package fake
import (
"context"
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -32,29 +32,29 @@ import (
// FakePolicyReports implements PolicyReportInterface
type FakePolicyReports struct {
- Fake *FakeWgpolicyk8sV1alpha1
+ Fake *FakeWgpolicyk8sV1alpha2
ns string
}
-var policyreportsResource = schema.GroupVersionResource{Group: "wgpolicyk8s.io", Version: "v1alpha1", Resource: "policyreports"}
+var policyreportsResource = schema.GroupVersionResource{Group: "wgpolicyk8s.io", Version: "v1alpha2", Resource: "policyreports"}
-var policyreportsKind = schema.GroupVersionKind{Group: "wgpolicyk8s.io", Version: "v1alpha1", Kind: "PolicyReport"}
+var policyreportsKind = schema.GroupVersionKind{Group: "wgpolicyk8s.io", Version: "v1alpha2", Kind: "PolicyReport"}
// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any.
-func (c *FakePolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PolicyReport, err error) {
+func (c *FakePolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.PolicyReport, err error) {
obj, err := c.Fake.
- Invokes(testing.NewGetAction(policyreportsResource, c.ns, name), &v1alpha1.PolicyReport{})
+ Invokes(testing.NewGetAction(policyreportsResource, c.ns, name), &v1alpha2.PolicyReport{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.PolicyReport), err
+ return obj.(*v1alpha2.PolicyReport), err
}
// List takes label and field selectors, and returns the list of PolicyReports that match those selectors.
-func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyReportList, err error) {
+func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.PolicyReportList, err error) {
obj, err := c.Fake.
- Invokes(testing.NewListAction(policyreportsResource, policyreportsKind, c.ns, opts), &v1alpha1.PolicyReportList{})
+ Invokes(testing.NewListAction(policyreportsResource, policyreportsKind, c.ns, opts), &v1alpha2.PolicyReportList{})
if obj == nil {
return nil, err
@@ -64,8 +64,8 @@ func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (resu
if label == nil {
label = labels.Everything()
}
- list := &v1alpha1.PolicyReportList{ListMeta: obj.(*v1alpha1.PolicyReportList).ListMeta}
- for _, item := range obj.(*v1alpha1.PolicyReportList).Items {
+ list := &v1alpha2.PolicyReportList{ListMeta: obj.(*v1alpha2.PolicyReportList).ListMeta}
+ for _, item := range obj.(*v1alpha2.PolicyReportList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
@@ -81,31 +81,31 @@ func (c *FakePolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (wat
}
// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any.
-func (c *FakePolicyReports) Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (result *v1alpha1.PolicyReport, err error) {
+func (c *FakePolicyReports) Create(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.CreateOptions) (result *v1alpha2.PolicyReport, err error) {
obj, err := c.Fake.
- Invokes(testing.NewCreateAction(policyreportsResource, c.ns, policyReport), &v1alpha1.PolicyReport{})
+ Invokes(testing.NewCreateAction(policyreportsResource, c.ns, policyReport), &v1alpha2.PolicyReport{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.PolicyReport), err
+ return obj.(*v1alpha2.PolicyReport), err
}
// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any.
-func (c *FakePolicyReports) Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (result *v1alpha1.PolicyReport, err error) {
+func (c *FakePolicyReports) Update(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.UpdateOptions) (result *v1alpha2.PolicyReport, err error) {
obj, err := c.Fake.
- Invokes(testing.NewUpdateAction(policyreportsResource, c.ns, policyReport), &v1alpha1.PolicyReport{})
+ Invokes(testing.NewUpdateAction(policyreportsResource, c.ns, policyReport), &v1alpha2.PolicyReport{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.PolicyReport), err
+ return obj.(*v1alpha2.PolicyReport), err
}
// Delete takes name of the policyReport and deletes it. Returns an error if one occurs.
func (c *FakePolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
- Invokes(testing.NewDeleteAction(policyreportsResource, c.ns, name), &v1alpha1.PolicyReport{})
+ Invokes(testing.NewDeleteAction(policyreportsResource, c.ns, name), &v1alpha2.PolicyReport{})
return err
}
@@ -114,17 +114,17 @@ func (c *FakePolicyReports) Delete(ctx context.Context, name string, opts v1.Del
func (c *FakePolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(policyreportsResource, c.ns, listOpts)
- _, err := c.Fake.Invokes(action, &v1alpha1.PolicyReportList{})
+ _, err := c.Fake.Invokes(action, &v1alpha2.PolicyReportList{})
return err
}
// Patch applies the patch and returns the patched policyReport.
-func (c *FakePolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error) {
+func (c *FakePolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.PolicyReport, err error) {
obj, err := c.Fake.
- Invokes(testing.NewPatchSubresourceAction(policyreportsResource, c.ns, name, pt, data, subresources...), &v1alpha1.PolicyReport{})
+ Invokes(testing.NewPatchSubresourceAction(policyreportsResource, c.ns, name, pt, data, subresources...), &v1alpha2.PolicyReport{})
if obj == nil {
return nil, err
}
- return obj.(*v1alpha1.PolicyReport), err
+ return obj.(*v1alpha2.PolicyReport), err
}
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport_client.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake/fake_policyreport_client.go
similarity index 70%
rename from pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport_client.go
rename to pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake/fake_policyreport_client.go
index 901d24739a..29a7cc7c50 100755
--- a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport_client.go
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake/fake_policyreport_client.go
@@ -19,26 +19,26 @@ limitations under the License.
package fake
import (
- v1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)
-type FakeWgpolicyk8sV1alpha1 struct {
+type FakeWgpolicyk8sV1alpha2 struct {
*testing.Fake
}
-func (c *FakeWgpolicyk8sV1alpha1) ClusterPolicyReports() v1alpha1.ClusterPolicyReportInterface {
+func (c *FakeWgpolicyk8sV1alpha2) ClusterPolicyReports() v1alpha2.ClusterPolicyReportInterface {
return &FakeClusterPolicyReports{c}
}
-func (c *FakeWgpolicyk8sV1alpha1) PolicyReports(namespace string) v1alpha1.PolicyReportInterface {
+func (c *FakeWgpolicyk8sV1alpha2) PolicyReports(namespace string) v1alpha2.PolicyReportInterface {
return &FakePolicyReports{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
-func (c *FakeWgpolicyk8sV1alpha1) RESTClient() rest.Interface {
+func (c *FakeWgpolicyk8sV1alpha2) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/generated_expansion.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/generated_expansion.go
similarity index 97%
rename from pkg/client/clientset/versioned/typed/policyreport/v1alpha1/generated_expansion.go
rename to pkg/client/clientset/versioned/typed/policyreport/v1alpha2/generated_expansion.go
index c649bc0a20..00cae098c5 100755
--- a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/generated_expansion.go
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/generated_expansion.go
@@ -16,7 +16,7 @@ limitations under the License.
// Code generated by client-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
type ClusterPolicyReportExpansion interface{}
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/policyreport.go
similarity index 83%
rename from pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport.go
rename to pkg/client/clientset/versioned/typed/policyreport/v1alpha2/policyreport.go
index c46df029ba..3eff375e85 100755
--- a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport.go
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/policyreport.go
@@ -16,13 +16,13 @@ limitations under the License.
// Code generated by client-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
"context"
"time"
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
@@ -38,14 +38,14 @@ type PolicyReportsGetter interface {
// PolicyReportInterface has methods to work with PolicyReport resources.
type PolicyReportInterface interface {
- Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (*v1alpha1.PolicyReport, error)
- Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (*v1alpha1.PolicyReport, error)
+ Create(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.CreateOptions) (*v1alpha2.PolicyReport, error)
+ Update(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.UpdateOptions) (*v1alpha2.PolicyReport, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
- Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.PolicyReport, error)
- List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.PolicyReportList, error)
+ Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.PolicyReport, error)
+ List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.PolicyReportList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
- Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.PolicyReport, err error)
PolicyReportExpansion
}
@@ -56,7 +56,7 @@ type policyReports struct {
}
// newPolicyReports returns a PolicyReports
-func newPolicyReports(c *Wgpolicyk8sV1alpha1Client, namespace string) *policyReports {
+func newPolicyReports(c *Wgpolicyk8sV1alpha2Client, namespace string) *policyReports {
return &policyReports{
client: c.RESTClient(),
ns: namespace,
@@ -64,8 +64,8 @@ func newPolicyReports(c *Wgpolicyk8sV1alpha1Client, namespace string) *policyRep
}
// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any.
-func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PolicyReport, err error) {
- result = &v1alpha1.PolicyReport{}
+func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.PolicyReport, err error) {
+ result = &v1alpha2.PolicyReport{}
err = c.client.Get().
Namespace(c.ns).
Resource("policyreports").
@@ -77,12 +77,12 @@ func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOpti
}
// List takes label and field selectors, and returns the list of PolicyReports that match those selectors.
-func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyReportList, err error) {
+func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.PolicyReportList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
- result = &v1alpha1.PolicyReportList{}
+ result = &v1alpha2.PolicyReportList{}
err = c.client.Get().
Namespace(c.ns).
Resource("policyreports").
@@ -109,8 +109,8 @@ func (c *policyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.I
}
// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any.
-func (c *policyReports) Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (result *v1alpha1.PolicyReport, err error) {
- result = &v1alpha1.PolicyReport{}
+func (c *policyReports) Create(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.CreateOptions) (result *v1alpha2.PolicyReport, err error) {
+ result = &v1alpha2.PolicyReport{}
err = c.client.Post().
Namespace(c.ns).
Resource("policyreports").
@@ -122,8 +122,8 @@ func (c *policyReports) Create(ctx context.Context, policyReport *v1alpha1.Polic
}
// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any.
-func (c *policyReports) Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (result *v1alpha1.PolicyReport, err error) {
- result = &v1alpha1.PolicyReport{}
+func (c *policyReports) Update(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.UpdateOptions) (result *v1alpha2.PolicyReport, err error) {
+ result = &v1alpha2.PolicyReport{}
err = c.client.Put().
Namespace(c.ns).
Resource("policyreports").
@@ -163,8 +163,8 @@ func (c *policyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOpti
}
// Patch applies the patch and returns the patched policyReport.
-func (c *policyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error) {
- result = &v1alpha1.PolicyReport{}
+func (c *policyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.PolicyReport, err error) {
+ result = &v1alpha2.PolicyReport{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("policyreports").
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport_client.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/policyreport_client.go
similarity index 66%
rename from pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport_client.go
rename to pkg/client/clientset/versioned/typed/policyreport/v1alpha2/policyreport_client.go
index cb2266248a..58e7b9b4f4 100755
--- a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport_client.go
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/policyreport_client.go
@@ -16,35 +16,35 @@ limitations under the License.
// Code generated by client-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
rest "k8s.io/client-go/rest"
)
-type Wgpolicyk8sV1alpha1Interface interface {
+type Wgpolicyk8sV1alpha2Interface interface {
RESTClient() rest.Interface
ClusterPolicyReportsGetter
PolicyReportsGetter
}
-// Wgpolicyk8sV1alpha1Client is used to interact with features provided by the wgpolicyk8s.io group.
-type Wgpolicyk8sV1alpha1Client struct {
+// Wgpolicyk8sV1alpha2Client is used to interact with features provided by the wgpolicyk8s.io group.
+type Wgpolicyk8sV1alpha2Client struct {
restClient rest.Interface
}
-func (c *Wgpolicyk8sV1alpha1Client) ClusterPolicyReports() ClusterPolicyReportInterface {
+func (c *Wgpolicyk8sV1alpha2Client) ClusterPolicyReports() ClusterPolicyReportInterface {
return newClusterPolicyReports(c)
}
-func (c *Wgpolicyk8sV1alpha1Client) PolicyReports(namespace string) PolicyReportInterface {
+func (c *Wgpolicyk8sV1alpha2Client) PolicyReports(namespace string) PolicyReportInterface {
return newPolicyReports(c, namespace)
}
-// NewForConfig creates a new Wgpolicyk8sV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*Wgpolicyk8sV1alpha1Client, error) {
+// NewForConfig creates a new Wgpolicyk8sV1alpha2Client for the given config.
+func NewForConfig(c *rest.Config) (*Wgpolicyk8sV1alpha2Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
@@ -53,12 +53,12 @@ func NewForConfig(c *rest.Config) (*Wgpolicyk8sV1alpha1Client, error) {
if err != nil {
return nil, err
}
- return &Wgpolicyk8sV1alpha1Client{client}, nil
+ return &Wgpolicyk8sV1alpha2Client{client}, nil
}
-// NewForConfigOrDie creates a new Wgpolicyk8sV1alpha1Client for the given config and
+// NewForConfigOrDie creates a new Wgpolicyk8sV1alpha2Client for the given config and
// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *Wgpolicyk8sV1alpha1Client {
+func NewForConfigOrDie(c *rest.Config) *Wgpolicyk8sV1alpha2Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
@@ -66,13 +66,13 @@ func NewForConfigOrDie(c *rest.Config) *Wgpolicyk8sV1alpha1Client {
return client
}
-// New creates a new Wgpolicyk8sV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *Wgpolicyk8sV1alpha1Client {
- return &Wgpolicyk8sV1alpha1Client{c}
+// New creates a new Wgpolicyk8sV1alpha2Client for the given RESTClient.
+func New(c rest.Interface) *Wgpolicyk8sV1alpha2Client {
+ return &Wgpolicyk8sV1alpha2Client{c}
}
func setConfigDefaults(config *rest.Config) error {
- gv := v1alpha1.SchemeGroupVersion
+ gv := v1alpha2.SchemeGroupVersion
config.GroupVersion = &gv
config.APIPath = "/apis"
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
@@ -86,7 +86,7 @@ func setConfigDefaults(config *rest.Config) error {
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
-func (c *Wgpolicyk8sV1alpha1Client) RESTClient() rest.Interface {
+func (c *Wgpolicyk8sV1alpha2Client) RESTClient() rest.Interface {
if c == nil {
return nil
}
diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go
index ec0f222113..4193c9c5c0 100755
--- a/pkg/client/informers/externalversions/generic.go
+++ b/pkg/client/informers/externalversions/generic.go
@@ -22,8 +22,8 @@ import (
"fmt"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
- policyreportv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
+ policyreportv1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
schema "k8s.io/apimachinery/pkg/runtime/schema"
cache "k8s.io/client-go/tools/cache"
)
@@ -62,17 +62,17 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
case v1.SchemeGroupVersion.WithResource("policies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().Policies().Informer()}, nil
- // Group=kyverno.io, Version=v1alpha1
- case v1alpha1.SchemeGroupVersion.WithResource("clusterreportchangerequests"):
- return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha1().ClusterReportChangeRequests().Informer()}, nil
- case v1alpha1.SchemeGroupVersion.WithResource("reportchangerequests"):
- return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha1().ReportChangeRequests().Informer()}, nil
+ // Group=kyverno.io, Version=v1alpha2
+ case v1alpha2.SchemeGroupVersion.WithResource("clusterreportchangerequests"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha2().ClusterReportChangeRequests().Informer()}, nil
+ case v1alpha2.SchemeGroupVersion.WithResource("reportchangerequests"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha2().ReportChangeRequests().Informer()}, nil
- // Group=wgpolicyk8s.io, Version=v1alpha1
- case policyreportv1alpha1.SchemeGroupVersion.WithResource("clusterpolicyreports"):
- return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha1().ClusterPolicyReports().Informer()}, nil
- case policyreportv1alpha1.SchemeGroupVersion.WithResource("policyreports"):
- return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha1().PolicyReports().Informer()}, nil
+ // Group=wgpolicyk8s.io, Version=v1alpha2
+ case policyreportv1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha2().ClusterPolicyReports().Informer()}, nil
+ case policyreportv1alpha2.SchemeGroupVersion.WithResource("policyreports"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha2().PolicyReports().Informer()}, nil
}
diff --git a/pkg/client/informers/externalversions/kyverno/interface.go b/pkg/client/informers/externalversions/kyverno/interface.go
index 1323fe1439..c5062abc7c 100755
--- a/pkg/client/informers/externalversions/kyverno/interface.go
+++ b/pkg/client/informers/externalversions/kyverno/interface.go
@@ -21,15 +21,15 @@ package kyverno
import (
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
v1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
- v1alpha1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha2"
)
// Interface provides access to each of this group's versions.
type Interface interface {
// V1 provides access to shared informers for resources in V1.
V1() v1.Interface
- // V1alpha1 provides access to shared informers for resources in V1alpha1.
- V1alpha1() v1alpha1.Interface
+ // V1alpha2 provides access to shared informers for resources in V1alpha2.
+ V1alpha2() v1alpha2.Interface
}
type group struct {
@@ -48,7 +48,7 @@ func (g *group) V1() v1.Interface {
return v1.New(g.factory, g.namespace, g.tweakListOptions)
}
-// V1alpha1 returns a new v1alpha1.Interface.
-func (g *group) V1alpha1() v1alpha1.Interface {
- return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
+// V1alpha2 returns a new v1alpha2.Interface.
+func (g *group) V1alpha2() v1alpha2.Interface {
+ return v1alpha2.New(g.factory, g.namespace, g.tweakListOptions)
}
diff --git a/pkg/client/informers/externalversions/kyverno/v1alpha1/clusterreportchangerequest.go b/pkg/client/informers/externalversions/kyverno/v1alpha2/clusterreportchangerequest.go
similarity index 85%
rename from pkg/client/informers/externalversions/kyverno/v1alpha1/clusterreportchangerequest.go
rename to pkg/client/informers/externalversions/kyverno/v1alpha2/clusterreportchangerequest.go
index a8a3c6fc33..ae3a15b516 100644
--- a/pkg/client/informers/externalversions/kyverno/v1alpha1/clusterreportchangerequest.go
+++ b/pkg/client/informers/externalversions/kyverno/v1alpha2/clusterreportchangerequest.go
@@ -16,16 +16,16 @@ limitations under the License.
// Code generated by informer-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
"context"
time "time"
- kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
- v1alpha1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
@@ -36,7 +36,7 @@ import (
// ClusterReportChangeRequests.
type ClusterReportChangeRequestInformer interface {
Informer() cache.SharedIndexInformer
- Lister() v1alpha1.ClusterReportChangeRequestLister
+ Lister() v1alpha2.ClusterReportChangeRequestLister
}
type clusterReportChangeRequestInformer struct {
@@ -61,16 +61,16 @@ func NewFilteredClusterReportChangeRequestInformer(client versioned.Interface, r
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1alpha1().ClusterReportChangeRequests().List(context.TODO(), options)
+ return client.KyvernoV1alpha2().ClusterReportChangeRequests().List(context.TODO(), options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1alpha1().ClusterReportChangeRequests().Watch(context.TODO(), options)
+ return client.KyvernoV1alpha2().ClusterReportChangeRequests().Watch(context.TODO(), options)
},
},
- &kyvernov1alpha1.ClusterReportChangeRequest{},
+ &kyvernov1alpha2.ClusterReportChangeRequest{},
resyncPeriod,
indexers,
)
@@ -81,9 +81,9 @@ func (f *clusterReportChangeRequestInformer) defaultInformer(client versioned.In
}
func (f *clusterReportChangeRequestInformer) Informer() cache.SharedIndexInformer {
- return f.factory.InformerFor(&kyvernov1alpha1.ClusterReportChangeRequest{}, f.defaultInformer)
+ return f.factory.InformerFor(&kyvernov1alpha2.ClusterReportChangeRequest{}, f.defaultInformer)
}
-func (f *clusterReportChangeRequestInformer) Lister() v1alpha1.ClusterReportChangeRequestLister {
- return v1alpha1.NewClusterReportChangeRequestLister(f.Informer().GetIndexer())
+func (f *clusterReportChangeRequestInformer) Lister() v1alpha2.ClusterReportChangeRequestLister {
+ return v1alpha2.NewClusterReportChangeRequestLister(f.Informer().GetIndexer())
}
diff --git a/pkg/client/informers/externalversions/kyverno/v1alpha1/interface.go b/pkg/client/informers/externalversions/kyverno/v1alpha2/interface.go
similarity index 99%
rename from pkg/client/informers/externalversions/kyverno/v1alpha1/interface.go
rename to pkg/client/informers/externalversions/kyverno/v1alpha2/interface.go
index 8ed636622d..54b17720cc 100644
--- a/pkg/client/informers/externalversions/kyverno/v1alpha1/interface.go
+++ b/pkg/client/informers/externalversions/kyverno/v1alpha2/interface.go
@@ -16,7 +16,7 @@ limitations under the License.
// Code generated by informer-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
diff --git a/pkg/client/informers/externalversions/kyverno/v1alpha1/reportchangerequest.go b/pkg/client/informers/externalversions/kyverno/v1alpha2/reportchangerequest.go
similarity index 85%
rename from pkg/client/informers/externalversions/kyverno/v1alpha1/reportchangerequest.go
rename to pkg/client/informers/externalversions/kyverno/v1alpha2/reportchangerequest.go
index 5e21fd4bd5..fcc5475a7a 100644
--- a/pkg/client/informers/externalversions/kyverno/v1alpha1/reportchangerequest.go
+++ b/pkg/client/informers/externalversions/kyverno/v1alpha2/reportchangerequest.go
@@ -16,16 +16,16 @@ limitations under the License.
// Code generated by informer-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
"context"
time "time"
- kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
- v1alpha1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
@@ -36,7 +36,7 @@ import (
// ReportChangeRequests.
type ReportChangeRequestInformer interface {
Informer() cache.SharedIndexInformer
- Lister() v1alpha1.ReportChangeRequestLister
+ Lister() v1alpha2.ReportChangeRequestLister
}
type reportChangeRequestInformer struct {
@@ -62,16 +62,16 @@ func NewFilteredReportChangeRequestInformer(client versioned.Interface, namespac
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1alpha1().ReportChangeRequests(namespace).List(context.TODO(), options)
+ return client.KyvernoV1alpha2().ReportChangeRequests(namespace).List(context.TODO(), options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1alpha1().ReportChangeRequests(namespace).Watch(context.TODO(), options)
+ return client.KyvernoV1alpha2().ReportChangeRequests(namespace).Watch(context.TODO(), options)
},
},
- &kyvernov1alpha1.ReportChangeRequest{},
+ &kyvernov1alpha2.ReportChangeRequest{},
resyncPeriod,
indexers,
)
@@ -82,9 +82,9 @@ func (f *reportChangeRequestInformer) defaultInformer(client versioned.Interface
}
func (f *reportChangeRequestInformer) Informer() cache.SharedIndexInformer {
- return f.factory.InformerFor(&kyvernov1alpha1.ReportChangeRequest{}, f.defaultInformer)
+ return f.factory.InformerFor(&kyvernov1alpha2.ReportChangeRequest{}, f.defaultInformer)
}
-func (f *reportChangeRequestInformer) Lister() v1alpha1.ReportChangeRequestLister {
- return v1alpha1.NewReportChangeRequestLister(f.Informer().GetIndexer())
+func (f *reportChangeRequestInformer) Lister() v1alpha2.ReportChangeRequestLister {
+ return v1alpha2.NewReportChangeRequestLister(f.Informer().GetIndexer())
}
diff --git a/pkg/client/informers/externalversions/policyreport/interface.go b/pkg/client/informers/externalversions/policyreport/interface.go
index c077590130..f96ce7436f 100755
--- a/pkg/client/informers/externalversions/policyreport/interface.go
+++ b/pkg/client/informers/externalversions/policyreport/interface.go
@@ -20,13 +20,13 @@ package policyreport
import (
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
- v1alpha1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport/v1alpha2"
)
// Interface provides access to each of this group's versions.
type Interface interface {
- // V1alpha1 provides access to shared informers for resources in V1alpha1.
- V1alpha1() v1alpha1.Interface
+ // V1alpha2 provides access to shared informers for resources in V1alpha2.
+ V1alpha2() v1alpha2.Interface
}
type group struct {
@@ -40,7 +40,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
-// V1alpha1 returns a new v1alpha1.Interface.
-func (g *group) V1alpha1() v1alpha1.Interface {
- return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
+// V1alpha2 returns a new v1alpha2.Interface.
+func (g *group) V1alpha2() v1alpha2.Interface {
+ return v1alpha2.New(g.factory, g.namespace, g.tweakListOptions)
}
diff --git a/pkg/client/informers/externalversions/policyreport/v1alpha1/clusterpolicyreport.go b/pkg/client/informers/externalversions/policyreport/v1alpha2/clusterpolicyreport.go
similarity index 84%
rename from pkg/client/informers/externalversions/policyreport/v1alpha1/clusterpolicyreport.go
rename to pkg/client/informers/externalversions/policyreport/v1alpha2/clusterpolicyreport.go
index d86fbae934..2ade14a772 100755
--- a/pkg/client/informers/externalversions/policyreport/v1alpha1/clusterpolicyreport.go
+++ b/pkg/client/informers/externalversions/policyreport/v1alpha2/clusterpolicyreport.go
@@ -16,16 +16,16 @@ limitations under the License.
// Code generated by informer-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
"context"
time "time"
- policyreportv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ policyreportv1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
- v1alpha1 "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
@@ -36,7 +36,7 @@ import (
// ClusterPolicyReports.
type ClusterPolicyReportInformer interface {
Informer() cache.SharedIndexInformer
- Lister() v1alpha1.ClusterPolicyReportLister
+ Lister() v1alpha2.ClusterPolicyReportLister
}
type clusterPolicyReportInformer struct {
@@ -61,16 +61,16 @@ func NewFilteredClusterPolicyReportInformer(client versioned.Interface, resyncPe
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.Wgpolicyk8sV1alpha1().ClusterPolicyReports().List(context.TODO(), options)
+ return client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().List(context.TODO(), options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.Wgpolicyk8sV1alpha1().ClusterPolicyReports().Watch(context.TODO(), options)
+ return client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Watch(context.TODO(), options)
},
},
- &policyreportv1alpha1.ClusterPolicyReport{},
+ &policyreportv1alpha2.ClusterPolicyReport{},
resyncPeriod,
indexers,
)
@@ -81,9 +81,9 @@ func (f *clusterPolicyReportInformer) defaultInformer(client versioned.Interface
}
func (f *clusterPolicyReportInformer) Informer() cache.SharedIndexInformer {
- return f.factory.InformerFor(&policyreportv1alpha1.ClusterPolicyReport{}, f.defaultInformer)
+ return f.factory.InformerFor(&policyreportv1alpha2.ClusterPolicyReport{}, f.defaultInformer)
}
-func (f *clusterPolicyReportInformer) Lister() v1alpha1.ClusterPolicyReportLister {
- return v1alpha1.NewClusterPolicyReportLister(f.Informer().GetIndexer())
+func (f *clusterPolicyReportInformer) Lister() v1alpha2.ClusterPolicyReportLister {
+ return v1alpha2.NewClusterPolicyReportLister(f.Informer().GetIndexer())
}
diff --git a/pkg/client/informers/externalversions/policyreport/v1alpha1/interface.go b/pkg/client/informers/externalversions/policyreport/v1alpha2/interface.go
similarity index 99%
rename from pkg/client/informers/externalversions/policyreport/v1alpha1/interface.go
rename to pkg/client/informers/externalversions/policyreport/v1alpha2/interface.go
index a5f300ee2a..b4fe84b9ee 100755
--- a/pkg/client/informers/externalversions/policyreport/v1alpha1/interface.go
+++ b/pkg/client/informers/externalversions/policyreport/v1alpha2/interface.go
@@ -16,7 +16,7 @@ limitations under the License.
// Code generated by informer-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
diff --git a/pkg/client/informers/externalversions/policyreport/v1alpha1/policyreport.go b/pkg/client/informers/externalversions/policyreport/v1alpha2/policyreport.go
similarity index 84%
rename from pkg/client/informers/externalversions/policyreport/v1alpha1/policyreport.go
rename to pkg/client/informers/externalversions/policyreport/v1alpha2/policyreport.go
index 27bd2aa63b..10d0075b29 100755
--- a/pkg/client/informers/externalversions/policyreport/v1alpha1/policyreport.go
+++ b/pkg/client/informers/externalversions/policyreport/v1alpha2/policyreport.go
@@ -16,16 +16,16 @@ limitations under the License.
// Code generated by informer-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
"context"
time "time"
- policyreportv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ policyreportv1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
- v1alpha1 "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
@@ -36,7 +36,7 @@ import (
// PolicyReports.
type PolicyReportInformer interface {
Informer() cache.SharedIndexInformer
- Lister() v1alpha1.PolicyReportLister
+ Lister() v1alpha2.PolicyReportLister
}
type policyReportInformer struct {
@@ -62,16 +62,16 @@ func NewFilteredPolicyReportInformer(client versioned.Interface, namespace strin
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.Wgpolicyk8sV1alpha1().PolicyReports(namespace).List(context.TODO(), options)
+ return client.Wgpolicyk8sV1alpha2().PolicyReports(namespace).List(context.TODO(), options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.Wgpolicyk8sV1alpha1().PolicyReports(namespace).Watch(context.TODO(), options)
+ return client.Wgpolicyk8sV1alpha2().PolicyReports(namespace).Watch(context.TODO(), options)
},
},
- &policyreportv1alpha1.PolicyReport{},
+ &policyreportv1alpha2.PolicyReport{},
resyncPeriod,
indexers,
)
@@ -82,9 +82,9 @@ func (f *policyReportInformer) defaultInformer(client versioned.Interface, resyn
}
func (f *policyReportInformer) Informer() cache.SharedIndexInformer {
- return f.factory.InformerFor(&policyreportv1alpha1.PolicyReport{}, f.defaultInformer)
+ return f.factory.InformerFor(&policyreportv1alpha2.PolicyReport{}, f.defaultInformer)
}
-func (f *policyReportInformer) Lister() v1alpha1.PolicyReportLister {
- return v1alpha1.NewPolicyReportLister(f.Informer().GetIndexer())
+func (f *policyReportInformer) Lister() v1alpha2.PolicyReportLister {
+ return v1alpha2.NewPolicyReportLister(f.Informer().GetIndexer())
}
diff --git a/pkg/client/listers/kyverno/v1alpha1/clusterreportchangerequest.go b/pkg/client/listers/kyverno/v1alpha2/clusterreportchangerequest.go
similarity index 81%
rename from pkg/client/listers/kyverno/v1alpha1/clusterreportchangerequest.go
rename to pkg/client/listers/kyverno/v1alpha2/clusterreportchangerequest.go
index 7ef7ebc401..44a7ae469c 100644
--- a/pkg/client/listers/kyverno/v1alpha1/clusterreportchangerequest.go
+++ b/pkg/client/listers/kyverno/v1alpha2/clusterreportchangerequest.go
@@ -16,10 +16,10 @@ limitations under the License.
// Code generated by lister-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
@@ -30,10 +30,10 @@ import (
type ClusterReportChangeRequestLister interface {
// List lists all ClusterReportChangeRequests in the indexer.
// Objects returned here must be treated as read-only.
- List(selector labels.Selector) (ret []*v1alpha1.ClusterReportChangeRequest, err error)
+ List(selector labels.Selector) (ret []*v1alpha2.ClusterReportChangeRequest, err error)
// Get retrieves the ClusterReportChangeRequest from the index for a given name.
// Objects returned here must be treated as read-only.
- Get(name string) (*v1alpha1.ClusterReportChangeRequest, error)
+ Get(name string) (*v1alpha2.ClusterReportChangeRequest, error)
ClusterReportChangeRequestListerExpansion
}
@@ -48,21 +48,21 @@ func NewClusterReportChangeRequestLister(indexer cache.Indexer) ClusterReportCha
}
// List lists all ClusterReportChangeRequests in the indexer.
-func (s *clusterReportChangeRequestLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterReportChangeRequest, err error) {
+func (s *clusterReportChangeRequestLister) List(selector labels.Selector) (ret []*v1alpha2.ClusterReportChangeRequest, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
- ret = append(ret, m.(*v1alpha1.ClusterReportChangeRequest))
+ ret = append(ret, m.(*v1alpha2.ClusterReportChangeRequest))
})
return ret, err
}
// Get retrieves the ClusterReportChangeRequest from the index for a given name.
-func (s *clusterReportChangeRequestLister) Get(name string) (*v1alpha1.ClusterReportChangeRequest, error) {
+func (s *clusterReportChangeRequestLister) Get(name string) (*v1alpha2.ClusterReportChangeRequest, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
- return nil, errors.NewNotFound(v1alpha1.Resource("clusterreportchangerequest"), name)
+ return nil, errors.NewNotFound(v1alpha2.Resource("clusterreportchangerequest"), name)
}
- return obj.(*v1alpha1.ClusterReportChangeRequest), nil
+ return obj.(*v1alpha2.ClusterReportChangeRequest), nil
}
diff --git a/pkg/client/listers/kyverno/v1alpha1/expansion_generated.go b/pkg/client/listers/kyverno/v1alpha2/expansion_generated.go
similarity index 98%
rename from pkg/client/listers/kyverno/v1alpha1/expansion_generated.go
rename to pkg/client/listers/kyverno/v1alpha2/expansion_generated.go
index 427df586e0..7f44ac9089 100644
--- a/pkg/client/listers/kyverno/v1alpha1/expansion_generated.go
+++ b/pkg/client/listers/kyverno/v1alpha2/expansion_generated.go
@@ -16,7 +16,7 @@ limitations under the License.
// Code generated by lister-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
// ClusterReportChangeRequestListerExpansion allows custom methods to be added to
// ClusterReportChangeRequestLister.
diff --git a/pkg/client/listers/kyverno/v1alpha1/reportchangerequest.go b/pkg/client/listers/kyverno/v1alpha2/reportchangerequest.go
similarity index 83%
rename from pkg/client/listers/kyverno/v1alpha1/reportchangerequest.go
rename to pkg/client/listers/kyverno/v1alpha2/reportchangerequest.go
index 5cf5b10c85..d43189694d 100644
--- a/pkg/client/listers/kyverno/v1alpha1/reportchangerequest.go
+++ b/pkg/client/listers/kyverno/v1alpha2/reportchangerequest.go
@@ -16,10 +16,10 @@ limitations under the License.
// Code generated by lister-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
@@ -30,7 +30,7 @@ import (
type ReportChangeRequestLister interface {
// List lists all ReportChangeRequests in the indexer.
// Objects returned here must be treated as read-only.
- List(selector labels.Selector) (ret []*v1alpha1.ReportChangeRequest, err error)
+ List(selector labels.Selector) (ret []*v1alpha2.ReportChangeRequest, err error)
// ReportChangeRequests returns an object that can list and get ReportChangeRequests.
ReportChangeRequests(namespace string) ReportChangeRequestNamespaceLister
ReportChangeRequestListerExpansion
@@ -47,9 +47,9 @@ func NewReportChangeRequestLister(indexer cache.Indexer) ReportChangeRequestList
}
// List lists all ReportChangeRequests in the indexer.
-func (s *reportChangeRequestLister) List(selector labels.Selector) (ret []*v1alpha1.ReportChangeRequest, err error) {
+func (s *reportChangeRequestLister) List(selector labels.Selector) (ret []*v1alpha2.ReportChangeRequest, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
- ret = append(ret, m.(*v1alpha1.ReportChangeRequest))
+ ret = append(ret, m.(*v1alpha2.ReportChangeRequest))
})
return ret, err
}
@@ -64,10 +64,10 @@ func (s *reportChangeRequestLister) ReportChangeRequests(namespace string) Repor
type ReportChangeRequestNamespaceLister interface {
// List lists all ReportChangeRequests in the indexer for a given namespace.
// Objects returned here must be treated as read-only.
- List(selector labels.Selector) (ret []*v1alpha1.ReportChangeRequest, err error)
+ List(selector labels.Selector) (ret []*v1alpha2.ReportChangeRequest, err error)
// Get retrieves the ReportChangeRequest from the indexer for a given namespace and name.
// Objects returned here must be treated as read-only.
- Get(name string) (*v1alpha1.ReportChangeRequest, error)
+ Get(name string) (*v1alpha2.ReportChangeRequest, error)
ReportChangeRequestNamespaceListerExpansion
}
@@ -79,21 +79,21 @@ type reportChangeRequestNamespaceLister struct {
}
// List lists all ReportChangeRequests in the indexer for a given namespace.
-func (s reportChangeRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.ReportChangeRequest, err error) {
+func (s reportChangeRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha2.ReportChangeRequest, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
- ret = append(ret, m.(*v1alpha1.ReportChangeRequest))
+ ret = append(ret, m.(*v1alpha2.ReportChangeRequest))
})
return ret, err
}
// Get retrieves the ReportChangeRequest from the indexer for a given namespace and name.
-func (s reportChangeRequestNamespaceLister) Get(name string) (*v1alpha1.ReportChangeRequest, error) {
+func (s reportChangeRequestNamespaceLister) Get(name string) (*v1alpha2.ReportChangeRequest, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
- return nil, errors.NewNotFound(v1alpha1.Resource("reportchangerequest"), name)
+ return nil, errors.NewNotFound(v1alpha2.Resource("reportchangerequest"), name)
}
- return obj.(*v1alpha1.ReportChangeRequest), nil
+ return obj.(*v1alpha2.ReportChangeRequest), nil
}
diff --git a/pkg/client/listers/policyreport/v1alpha1/clusterpolicyreport.go b/pkg/client/listers/policyreport/v1alpha2/clusterpolicyreport.go
similarity index 80%
rename from pkg/client/listers/policyreport/v1alpha1/clusterpolicyreport.go
rename to pkg/client/listers/policyreport/v1alpha2/clusterpolicyreport.go
index 8857b29b11..6e97f7db72 100755
--- a/pkg/client/listers/policyreport/v1alpha1/clusterpolicyreport.go
+++ b/pkg/client/listers/policyreport/v1alpha2/clusterpolicyreport.go
@@ -16,10 +16,10 @@ limitations under the License.
// Code generated by lister-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
@@ -30,10 +30,10 @@ import (
type ClusterPolicyReportLister interface {
// List lists all ClusterPolicyReports in the indexer.
// Objects returned here must be treated as read-only.
- List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyReport, err error)
+ List(selector labels.Selector) (ret []*v1alpha2.ClusterPolicyReport, err error)
// Get retrieves the ClusterPolicyReport from the index for a given name.
// Objects returned here must be treated as read-only.
- Get(name string) (*v1alpha1.ClusterPolicyReport, error)
+ Get(name string) (*v1alpha2.ClusterPolicyReport, error)
ClusterPolicyReportListerExpansion
}
@@ -48,21 +48,21 @@ func NewClusterPolicyReportLister(indexer cache.Indexer) ClusterPolicyReportList
}
// List lists all ClusterPolicyReports in the indexer.
-func (s *clusterPolicyReportLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyReport, err error) {
+func (s *clusterPolicyReportLister) List(selector labels.Selector) (ret []*v1alpha2.ClusterPolicyReport, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
- ret = append(ret, m.(*v1alpha1.ClusterPolicyReport))
+ ret = append(ret, m.(*v1alpha2.ClusterPolicyReport))
})
return ret, err
}
// Get retrieves the ClusterPolicyReport from the index for a given name.
-func (s *clusterPolicyReportLister) Get(name string) (*v1alpha1.ClusterPolicyReport, error) {
+func (s *clusterPolicyReportLister) Get(name string) (*v1alpha2.ClusterPolicyReport, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
- return nil, errors.NewNotFound(v1alpha1.Resource("clusterpolicyreport"), name)
+ return nil, errors.NewNotFound(v1alpha2.Resource("clusterpolicyreport"), name)
}
- return obj.(*v1alpha1.ClusterPolicyReport), nil
+ return obj.(*v1alpha2.ClusterPolicyReport), nil
}
diff --git a/pkg/client/listers/policyreport/v1alpha1/expansion_generated.go b/pkg/client/listers/policyreport/v1alpha2/expansion_generated.go
similarity index 98%
rename from pkg/client/listers/policyreport/v1alpha1/expansion_generated.go
rename to pkg/client/listers/policyreport/v1alpha2/expansion_generated.go
index d0f6e8a96b..e73ff1ccd0 100755
--- a/pkg/client/listers/policyreport/v1alpha1/expansion_generated.go
+++ b/pkg/client/listers/policyreport/v1alpha2/expansion_generated.go
@@ -16,7 +16,7 @@ limitations under the License.
// Code generated by lister-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
// ClusterPolicyReportListerExpansion allows custom methods to be added to
// ClusterPolicyReportLister.
diff --git a/pkg/client/listers/policyreport/v1alpha1/policyreport.go b/pkg/client/listers/policyreport/v1alpha2/policyreport.go
similarity index 83%
rename from pkg/client/listers/policyreport/v1alpha1/policyreport.go
rename to pkg/client/listers/policyreport/v1alpha2/policyreport.go
index 9f2bc01520..9f6a386e73 100755
--- a/pkg/client/listers/policyreport/v1alpha1/policyreport.go
+++ b/pkg/client/listers/policyreport/v1alpha2/policyreport.go
@@ -16,10 +16,10 @@ limitations under the License.
// Code generated by lister-gen. DO NOT EDIT.
-package v1alpha1
+package v1alpha2
import (
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
@@ -30,7 +30,7 @@ import (
type PolicyReportLister interface {
// List lists all PolicyReports in the indexer.
// Objects returned here must be treated as read-only.
- List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error)
+ List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error)
// PolicyReports returns an object that can list and get PolicyReports.
PolicyReports(namespace string) PolicyReportNamespaceLister
PolicyReportListerExpansion
@@ -47,9 +47,9 @@ func NewPolicyReportLister(indexer cache.Indexer) PolicyReportLister {
}
// List lists all PolicyReports in the indexer.
-func (s *policyReportLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error) {
+func (s *policyReportLister) List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
- ret = append(ret, m.(*v1alpha1.PolicyReport))
+ ret = append(ret, m.(*v1alpha2.PolicyReport))
})
return ret, err
}
@@ -64,10 +64,10 @@ func (s *policyReportLister) PolicyReports(namespace string) PolicyReportNamespa
type PolicyReportNamespaceLister interface {
// List lists all PolicyReports in the indexer for a given namespace.
// Objects returned here must be treated as read-only.
- List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error)
+ List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error)
// Get retrieves the PolicyReport from the indexer for a given namespace and name.
// Objects returned here must be treated as read-only.
- Get(name string) (*v1alpha1.PolicyReport, error)
+ Get(name string) (*v1alpha2.PolicyReport, error)
PolicyReportNamespaceListerExpansion
}
@@ -79,21 +79,21 @@ type policyReportNamespaceLister struct {
}
// List lists all PolicyReports in the indexer for a given namespace.
-func (s policyReportNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error) {
+func (s policyReportNamespaceLister) List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
- ret = append(ret, m.(*v1alpha1.PolicyReport))
+ ret = append(ret, m.(*v1alpha2.PolicyReport))
})
return ret, err
}
// Get retrieves the PolicyReport from the indexer for a given namespace and name.
-func (s policyReportNamespaceLister) Get(name string) (*v1alpha1.PolicyReport, error) {
+func (s policyReportNamespaceLister) Get(name string) (*v1alpha2.PolicyReport, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
- return nil, errors.NewNotFound(v1alpha1.Resource("policyreport"), name)
+ return nil, errors.NewNotFound(v1alpha2.Resource("policyreport"), name)
}
- return obj.(*v1alpha1.PolicyReport), nil
+ return obj.(*v1alpha2.PolicyReport), nil
}
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 056dfdb396..5c960ee759 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -51,6 +51,12 @@ const (
// DeploymentAPIVersion define the default deployment resource apiVersion
DeploymentAPIVersion = "apps/v1"
+
+ // NamespaceKind define the default namespace resource kind
+ NamespaceKind = "Namespace"
+
+ // NamespaceAPIVersion define the default namespace resource apiVersion
+ NamespaceAPIVersion = "v1"
)
var (
diff --git a/pkg/engine/mutation.go b/pkg/engine/mutation.go
index db2f092091..75a5a74ef4 100644
--- a/pkg/engine/mutation.go
+++ b/pkg/engine/mutation.go
@@ -101,7 +101,7 @@ func Mutate(policyContext *PolicyContext) (resp *response.EngineResponse) {
}
// operate on the copy of the conditions, as we perform variable substitution
- copyConditions, err := transformConditions(rule.AnyAllConditions)
+ copyConditions, err := transformConditions(ruleCopy.AnyAllConditions)
if err != nil {
logger.V(2).Info("failed to load context", "reason", err.Error())
continue
diff --git a/pkg/engine/mutation_test.go b/pkg/engine/mutation_test.go
index f441b52419..f242d6fbd3 100644
--- a/pkg/engine/mutation_test.go
+++ b/pkg/engine/mutation_test.go
@@ -14,69 +14,65 @@ import (
)
func Test_VariableSubstitutionOverlay(t *testing.T) {
- rawPolicy := []byte(`
- {
- "apiVersion": "kyverno.io/v1",
- "kind": "ClusterPolicy",
- "metadata": {
- "name": "add-label"
- },
- "spec": {
- "rules": [
- {
- "name": "add-name-label",
- "match": {
- "resources": {
- "kinds": [
- "Pod"
- ]
- }
- },
- "mutate": {
- "overlay": {
- "metadata": {
- "labels": {
- "appname": "{{request.object.metadata.name}}"
- }
- }
- }
- }
- }
- ]
- }
- }
- `)
- rawResource := []byte(`
- {
- "apiVersion": "v1",
- "kind": "Pod",
- "metadata": {
- "name": "check-root-user"
- },
- "spec": {
- "containers": [
- {
- "name": "check-root-user",
- "image": "nginxinc/nginx-unprivileged",
- "securityContext": {
- "runAsNonRoot": true
- }
- }
- ]
- }
- }
- `)
+ policyRaw := []byte(`{
+ "apiVersion": "kyverno.io/v1",
+ "kind": "ClusterPolicy",
+ "metadata": {
+ "name": "add-label"
+ },
+ "spec": {
+ "rules": [
+ {
+ "name": "add-name-label",
+ "match": {
+ "resources": {
+ "kinds": [
+ "Pod"
+ ]
+ }
+ },
+ "mutate": {
+ "overlay": {
+ "metadata": {
+ "labels": {
+ "appname": "{{request.object.metadata.name}}"
+ }
+ }
+ }
+ }
+ }
+ ]
+ }
+}`)
+ resourceRaw := []byte(`{
+ "apiVersion": "v1",
+ "kind": "Pod",
+ "metadata": {
+ "name": "check-root-user"
+ },
+ "spec": {
+ "containers": [
+ {
+ "name": "check-root-user",
+ "image": "nginxinc/nginx-unprivileged",
+ "securityContext": {
+ "runAsNonRoot": true
+ }
+ }
+ ]
+ }
+}`)
expectedPatch := []byte(`{"op":"add","path":"/metadata/labels","value":{"appname":"check-root-user"}}`)
var policy kyverno.ClusterPolicy
- err := json.Unmarshal(rawPolicy, &policy)
+ err := json.Unmarshal(policyRaw, &policy)
if err != nil {
t.Error(err)
}
- resourceUnstructured, err := utils.ConvertToUnstructured(rawResource)
+ resourceUnstructured, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
- err = ctx.AddResource(rawResource)
+ err = ctx.AddResource(resourceRaw)
if err != nil {
t.Error(err)
}
@@ -100,55 +96,54 @@ func Test_VariableSubstitutionOverlay(t *testing.T) {
func Test_variableSubstitutionPathNotExist(t *testing.T) {
resourceRaw := []byte(`{
- "apiVersion": "v1",
- "kind": "Pod",
- "metadata": {
- "name": "check-root-user"
- },
- "spec": {
- "containers": [
- {
- "name": "check-root-user",
- "image": "nginxinc/nginx-unprivileged",
- "securityContext": {
- "runAsNonRoot": true
- }
- }
- ]
- }
- }`)
-
- policyraw := []byte(`{
- "apiVersion": "kyverno.io/v1",
- "kind": "ClusterPolicy",
- "metadata": {
- "name": "substitute-variable"
- },
- "spec": {
- "rules": [
- {
- "name": "test-path-not-exist",
- "match": {
- "resources": {
- "kinds": [
- "Pod"
- ]
- }
- },
- "mutate": {
- "overlay": {
- "spec": {
- "name": "{{request.object.metadata.name1}}"
- }
- }
- }
- }
- ]
- }
- }`)
+ "apiVersion": "v1",
+ "kind": "Pod",
+ "metadata": {
+ "name": "check-root-user"
+ },
+ "spec": {
+ "containers": [
+ {
+ "name": "check-root-user",
+ "image": "nginxinc/nginx-unprivileged",
+ "securityContext": {
+ "runAsNonRoot": true
+ }
+ }
+ ]
+ }
+}`)
+ policyRaw := []byte(`{
+ "apiVersion": "kyverno.io/v1",
+ "kind": "ClusterPolicy",
+ "metadata": {
+ "name": "substitute-variable"
+ },
+ "spec": {
+ "rules": [
+ {
+ "name": "test-path-not-exist",
+ "match": {
+ "resources": {
+ "kinds": [
+ "Pod"
+ ]
+ }
+ },
+ "mutate": {
+ "overlay": {
+ "spec": {
+ "name": "{{request.object.metadata.name1}}"
+ }
+ }
+ }
+ }
+ ]
+ }
+}`)
var policy kyverno.ClusterPolicy
- err := json.Unmarshal(policyraw, &policy)
+ err := json.Unmarshal(policyRaw, &policy)
assert.NilError(t, err)
resourceUnstructured, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
@@ -168,60 +163,59 @@ func Test_variableSubstitutionPathNotExist(t *testing.T) {
func Test_variableSubstitutionCLI(t *testing.T) {
resourceRaw := []byte(`{
- "apiVersion": "v1",
- "kind": "Pod",
- "metadata": {
- "name": "nginx-config-test"
- },
- "spec": {
- "containers": [
- {
- "image": "nginx:latest",
- "name": "test-nginx"
- }
- ]
- }
- }`)
-
- policyraw := []byte(`{
- "apiVersion": "kyverno.io/v1",
- "kind": "ClusterPolicy",
- "metadata": {
- "name": "cm-variable-example"
- },
- "spec": {
- "rules": [
- {
- "name": "example-configmap-lookup",
- "context": [
- {
- "name": "dictionary",
- "configMap": {
- "name": "mycmap",
- "namespace": "default"
- }
- }
- ],
- "match": {
- "resources": {
- "kinds": [
- "Pod"
- ]
- }
- },
- "mutate": {
- "patchStrategicMerge": {
- "metadata": {
- "labels": {
- "my-environment-name": "{{dictionary.data.env}}"
- }
- }
- }
- }
- }
- ]
- }
- }`)
+ "apiVersion": "v1",
+ "kind": "Pod",
+ "metadata": {
+ "name": "nginx-config-test"
+ },
+ "spec": {
+ "containers": [
+ {
+ "image": "nginx:latest",
+ "name": "test-nginx"
+ }
+ ]
+ }
+}`)
+ policyRaw := []byte(`{
+ "apiVersion": "kyverno.io/v1",
+ "kind": "ClusterPolicy",
+ "metadata": {
+ "name": "cm-variable-example"
+ },
+ "spec": {
+ "rules": [
+ {
+ "name": "example-configmap-lookup",
+ "context": [
+ {
+ "name": "dictionary",
+ "configMap": {
+ "name": "mycmap",
+ "namespace": "default"
+ }
+ }
+ ],
+ "match": {
+ "resources": {
+ "kinds": [
+ "Pod"
+ ]
+ }
+ },
+ "mutate": {
+ "patchStrategicMerge": {
+ "metadata": {
+ "labels": {
+ "my-environment-name": "{{dictionary.data.env}}"
+ }
+ }
+ }
+ }
+ }
+ ]
+ }
+}`)
configMapVariableContext := store.Context{
Policies: []store.Policy{
@@ -244,7 +238,7 @@ func Test_variableSubstitutionCLI(t *testing.T) {
store.SetContext(configMapVariableContext)
store.SetMock(true)
var policy kyverno.ClusterPolicy
- err := json.Unmarshal(policyraw, &policy)
+ err := json.Unmarshal(policyRaw, &policy)
assert.NilError(t, err)
resourceUnstructured, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
@@ -269,12 +263,84 @@ func Test_variableSubstitutionCLI(t *testing.T) {
// https://github.com/kyverno/kyverno/issues/2022
func Test_chained_rules(t *testing.T) {
- policyRaw := []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"replace-image-registry","annotations":{"policies.kyverno.io/minversion":"1.4.2"}},"spec":{"background":false,"rules":[{"name":"replace-image-registry","match":{"resources":{"kinds":["Pod"]}},"mutate":{"patchStrategicMerge":{"spec":{"containers":[{"(name)":"*","image":"{{regex_replace_all('^[^/]+','{{@}}','myregistry.corp.com')}}"}]}}}},{"name":"replace-image-registry-chained","match":{"resources":{"kinds":["Pod"]}},"mutate":{"patchStrategicMerge":{"spec":{"containers":[{"(name)":"*","image":"{{regex_replace_all('\\b(myregistry.corp.com)\\b','{{@}}','otherregistry.corp.com')}}"}]}}}}]}}`)
+ policyRaw := []byte(`{
+ "apiVersion": "kyverno.io/v1",
+ "kind": "ClusterPolicy",
+ "metadata": {
+ "name": "replace-image-registry",
+ "annotations": {
+ "policies.kyverno.io/minversion": "1.4.2"
+ }
+ },
+ "spec": {
+ "background": false,
+ "rules": [
+ {
+ "name": "replace-image-registry",
+ "match": {
+ "resources": {
+ "kinds": [
+ "Pod"
+ ]
+ }
+ },
+ "mutate": {
+ "patchStrategicMerge": {
+ "spec": {
+ "containers": [
+ {
+ "(name)": "*",
+ "image": "{{regex_replace_all('^[^/]+','{{@}}','myregistry.corp.com')}}"
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "name": "replace-image-registry-chained",
+ "match": {
+ "resources": {
+ "kinds": [
+ "Pod"
+ ]
+ }
+ },
+ "mutate": {
+ "patchStrategicMerge": {
+ "spec": {
+ "containers": [
+ {
+ "(name)": "*",
+ "image": "{{regex_replace_all('\\b(myregistry.corp.com)\\b','{{@}}','otherregistry.corp.com')}}"
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+ }
+}`)
+ resourceRaw := []byte(`{
+ "apiVersion": "v1",
+ "kind": "Pod",
+ "metadata": {
+ "name": "test"
+ },
+ "spec": {
+ "containers": [
+ {
+ "name": "test",
+ "image": "foo/bash:5.0"
+ }
+ ]
+ }
+}`)
var policy kyverno.ClusterPolicy
err := json.Unmarshal(policyRaw, &policy)
assert.NilError(t, err)
- resourceRaw := []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"test"},"spec":{"containers":[{"name":"test","image":"foo/bash:5.0"}]}}`)
resource, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
@@ -302,3 +368,183 @@ func Test_chained_rules(t *testing.T) {
assert.Equal(t, string(er.PolicyResponse.Rules[0].Patches[0]), `{"op":"replace","path":"/spec/containers/0/image","value":"myregistry.corp.com/foo/bash:5.0"}`)
assert.Equal(t, string(er.PolicyResponse.Rules[1].Patches[0]), `{"op":"replace","path":"/spec/containers/0/image","value":"otherregistry.corp.com/foo/bash:5.0"}`)
}
+
+func Test_precondition(t *testing.T) {
+ resourceRaw := []byte(`{
+ "apiVersion": "v1",
+ "kind": "Pod",
+ "metadata": {
+ "name": "nginx-config-test",
+ "labels": {
+ "app.kubernetes.io/managed-by": "Helm"
+ }
+ },
+ "spec": {
+ "containers": [
+ {
+ "image": "nginx:latest",
+ "name": "test-nginx"
+ }
+ ]
+ }
+}`)
+ policyRaw := []byte(`{
+ "apiVersion": "kyverno.io/v1",
+ "kind": "ClusterPolicy",
+ "metadata": {
+ "name": "cm-variable-example"
+ },
+ "spec": {
+ "rules": [
+ {
+ "name": "example-configmap-lookup",
+ "match": {
+ "resources": {
+ "kinds": [
+ "Pod"
+ ]
+ }
+ },
+ "preconditions": [
+ {
+ "key": "{{ request.object.metadata.labels.\"app.kubernetes.io/managed-by\"}}",
+ "operator": "Equals",
+ "value": "Helm"
+ }
+ ],
+ "mutate": {
+ "patchStrategicMerge": {
+ "metadata": {
+ "labels": {
+ "my-added-label": "test"
+ }
+ }
+ }
+ }
+ }
+ ]
+ }
+}`)
+ expectedPatch := []byte(`{"op":"add","path":"/metadata/labels/my-added-label","value":"test"}`)
+
+ store.SetMock(true)
+ var policy kyverno.ClusterPolicy
+ err := json.Unmarshal(policyRaw, &policy)
+ assert.NilError(t, err)
+ resourceUnstructured, err := utils.ConvertToUnstructured(resourceRaw)
+ assert.NilError(t, err)
+
+ ctx := context.NewContext()
+ err = ctx.AddResource(resourceRaw)
+ assert.NilError(t, err)
+
+ policyContext := &PolicyContext{
+ Policy: policy,
+ JSONContext: ctx,
+ NewResource: *resourceUnstructured,
+ }
+
+ er := Mutate(policyContext)
+ t.Log(string(expectedPatch))
+ t.Log(string(er.PolicyResponse.Rules[0].Patches[0]))
+ if !reflect.DeepEqual(expectedPatch, er.PolicyResponse.Rules[0].Patches[0]) {
+ t.Error("patches don't match")
+ }
+}
+
+func Test_nonZeroIndexNumberPatchesJson6902(t *testing.T) {
+ resourceRaw := []byte(`{
+ "apiVersion": "v1",
+ "kind": "Endpoints",
+ "metadata": {
+ "name": "my-service"
+ },
+ "subsets": [
+ {
+ "addresses": [
+ {
+ "ip": "127.0.0.1"
+ }
+ ]
+ }
+ ]
+}`)
+
+ policyraw := []byte(`{
+ "apiVersion": "kyverno.io/v1",
+ "kind": "ClusterPolicy",
+ "metadata": {
+ "name": "policy-endpoints"
+ },
+ "spec": {
+ "rules": [
+ {
+ "name": "Add IP to subset",
+ "match": {
+ "resources": {
+ "kinds": [
+ "Endpoints"
+ ]
+ }
+ },
+ "preconditions": [
+ {
+ "key": "{{ request.object.subsets[] | length(@) }}",
+ "operator": "Equals",
+ "value": "1"
+ }
+ ],
+ "mutate": {
+ "patchesJson6902": "- path: \"/subsets/0/addresses/-\"\n op: add\n value: {\"ip\":\"192.168.42.172\"}"
+ }
+ },
+ {
+ "name": "Add IP to subsets",
+ "match": {
+ "resources": {
+ "kinds": [
+ "Endpoints"
+ ]
+ }
+ },
+ "preconditions": [
+ {
+ "key": "{{ request.object.subsets[] | length(@) }}",
+ "operator": "Equals",
+ "value": "2"
+ }
+ ],
+ "mutate": {
+ "patchesJson6902": "- path: \"/subsets/0/addresses/-\"\n op: add\n value: {\"ip\":\"192.168.42.172\"}\n- path: \"/subsets/1/addresses/-\"\n op: add\n value: {\"ip\":\"192.168.42.173\"}"
+ }
+ }
+ ]
+ }
+}`)
+
+ expectedPatch := []byte(`{"op":"add","path":"/subsets/0/addresses/1","value":{"ip":"192.168.42.172"}}`)
+
+ store.SetMock(true)
+ var policy kyverno.ClusterPolicy
+ err := json.Unmarshal(policyraw, &policy)
+ assert.NilError(t, err)
+ resourceUnstructured, err := utils.ConvertToUnstructured(resourceRaw)
+ assert.NilError(t, err)
+
+ ctx := context.NewContext()
+ err = ctx.AddResource(resourceRaw)
+ assert.NilError(t, err)
+
+ policyContext := &PolicyContext{
+ Policy: policy,
+ JSONContext: ctx,
+ NewResource: *resourceUnstructured,
+ }
+
+ er := Mutate(policyContext)
+ t.Log(string(expectedPatch))
+ t.Log(string(er.PolicyResponse.Rules[0].Patches[0]))
+ if !reflect.DeepEqual(expectedPatch, er.PolicyResponse.Rules[0].Patches[0]) {
+ t.Error("patches don't match")
+ }
+}
diff --git a/pkg/engine/variables/vars.go b/pkg/engine/variables/vars.go
index ac5b52bfe9..aa4098d154 100644
--- a/pkg/engine/variables/vars.go
+++ b/pkg/engine/variables/vars.go
@@ -53,7 +53,7 @@ func newPreconditionsVariableResolver(log logr.Logger) VariableResolver {
return func(ctx context.EvalInterface, variable string) (interface{}, error) {
value, err := DefaultVariableResolver(ctx, variable)
if err != nil {
- log.Info(fmt.Sprintf("Variable \"%s\" is not resolved in preconditions. Considering it as an empty string", variable))
+ log.V(4).Info(fmt.Sprintf("Variable \"%s\" is not resolved in preconditions. Considering it as an empty string", variable))
return "", nil
}
diff --git a/pkg/generate/generate.go b/pkg/generate/generate.go
index 382ddf02cb..bae06323e3 100644
--- a/pkg/generate/generate.go
+++ b/pkg/generate/generate.go
@@ -359,19 +359,44 @@ func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resou
logger.V(2).Info("created generate target resource")
} else if mode == Update {
+ // if synchronize is true - update the label and generated resource with generate policy data
if rule.Generation.Synchronize {
+ logger.V(4).Info("updating existing resource")
label["policy.kyverno.io/synchronize"] = "enable"
+ newResource.SetLabels(label)
+ _, err := client.UpdateResource(genAPIVersion, genKind, genNamespace, newResource, false)
+ if err != nil {
+ logger.Error(err, "failed to update resource")
+ return noGenResource, err
+ }
} else {
- label["policy.kyverno.io/synchronize"] = "disable"
+ // if synchronize is false - update the label in already generated resource,
+ // without comparing it with the generate policy data
+ generatedObj, err := client.GetResource(genAPIVersion, genKind, genNamespace, genName)
+ if err != nil {
+ logger.Error(err, fmt.Sprintf("generated resource not found name:%v namespace:%v kind:%v", genName, genNamespace, genKind))
+ return newGenResource, err
+ }
+
+ currentGeneratedResourcelabel := generatedObj.GetLabels()
+ currentSynclabel := currentGeneratedResourcelabel["policy.kyverno.io/synchronize"]
+
+ // update only if the labels mismatches
+ if (!rule.Generation.Synchronize && currentSynclabel == "enable") ||
+ (rule.Generation.Synchronize && currentSynclabel == "disable") {
+ logger.V(4).Info("updating label in existing resource")
+ currentGeneratedResourcelabel["policy.kyverno.io/synchronize"] = "disable"
+ generatedObj.SetLabels(currentGeneratedResourcelabel)
+
+ _, err = client.UpdateResource(genAPIVersion, genKind, genNamespace, generatedObj, false)
+ if err != nil {
+ logger.Error(err, "failed to update label in existing resource")
+ return noGenResource, err
+ }
+ }
+
}
- logger.V(4).Info("updating label in existing resource")
- newResource.SetLabels(label)
- _, err := client.UpdateResource(genAPIVersion, genKind, genNamespace, newResource, false)
- if err != nil {
- logger.Error(err, "failed to update resource")
- return noGenResource, err
- }
logger.V(2).Info("updated generate target resource")
}
@@ -422,6 +447,10 @@ func manageClone(log logr.Logger, apiVersion, kind, namespace, name, policy stri
if err != nil {
return nil, Skip, fmt.Errorf("source resource %s %s/%s/%s not found. %v", apiVersion, kind, rNamespace, rName, err)
}
+ // remove ownerReferences when cloning resources to other namespace
+ if rNamespace != namespace && obj.GetOwnerReferences() != nil {
+ obj.SetOwnerReferences(nil)
+ }
// check if resource to be generated exists
newResource, err := client.GetResource(apiVersion, kind, namespace, name)
diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go
index 8ee1b2a08e..b81332f5b6 100644
--- a/pkg/kyverno/apply/apply_command.go
+++ b/pkg/kyverno/apply/apply_command.go
@@ -75,25 +75,34 @@ To apply policy with variables:
policies:
- name: <policy1 name>
+ rules:
+ - name: <rule1 name>
+ values:
+ <context variable1 in policy1 rule1>: <value>
+ <context variable2 in policy1 rule1>: <value>
+ - name: <rule2 name>
+ values:
+ <context variable1 in policy1 rule2>: <value>
+ <context variable2 in policy1 rule2>: <value>
resources:
- name: <resource1 name>
values:
- <variable1 in policy1>: <value>
- <variable2 in policy1>: <value>
+ <variable1 in policy1>: <value>
+ <variable2 in policy1>: <value>
- name: <resource2 name>
values:
- <variable1 in policy1>: <value>
- <variable2 in policy1>: <value>
+ <variable1 in policy1>: <value>
+ <variable2 in policy1>: <value>
- name: <policy2 name>
resources:
- name: <resource1 name>
values:
- <variable1 in policy2>: <value>
- <variable2 in policy2>: <value>
+ <variable1 in policy2>: <value>
+ <variable2 in policy2>: <value>
- name: <resource2 name>
values:
- <variable1 in policy2>: <value>
- <variable2 in policy2>: <value>
+ <variable1 in policy2>: <value>
+ <variable2 in policy2>: <value>
namespaceSelector:
- name: <namespace1 name>
labels:
@@ -282,7 +291,7 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool,
Variable: variable,
}
skippedPolicies = append(skippedPolicies, skipPolicy)
- log.Log.V(3).Info(fmt.Sprintf("skipping policy %s", policy.Name), "error", fmt.Sprintf("policy have variable - %s", variable))
+ log.Log.V(3).Info(fmt.Sprintf("skipping policy %s as non of the variable values are not passed", policy.Name), "error", fmt.Sprintf("policy have variable - %s", variable))
continue
}
diff --git a/pkg/kyverno/apply/apply_command_test.go b/pkg/kyverno/apply/apply_command_test.go
index 3b59a181df..dfd6d9e489 100644
--- a/pkg/kyverno/apply/apply_command_test.go
+++ b/pkg/kyverno/apply/apply_command_test.go
@@ -3,7 +3,7 @@ package apply
import (
"testing"
- preport "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ preport "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
"gotest.tools/assert"
)
diff --git a/pkg/kyverno/apply/generate.go b/pkg/kyverno/apply/generate.go
index 62baf94474..3769f9bd8b 100644
--- a/pkg/kyverno/apply/generate.go
+++ b/pkg/kyverno/apply/generate.go
@@ -3,7 +3,7 @@ package apply
import (
"reflect"
- report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
client "github.com/kyverno/kyverno/pkg/dclient"
sanitizederror "github.com/kyverno/kyverno/pkg/kyverno/sanitizedError"
apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -132,7 +132,7 @@ func updateSummary(results []interface{}) map[string]interface{} {
continue
}
- switch typedResult["status"].(string) {
+ switch typedResult["result"].(string) {
case report.StatusPass:
pass, _ := summary[report.StatusPass].(int64)
pass++
diff --git a/pkg/kyverno/apply/generate_test.go b/pkg/kyverno/apply/generate_test.go
index aad4cb96e6..56c2b9ad7a 100644
--- a/pkg/kyverno/apply/generate_test.go
+++ b/pkg/kyverno/apply/generate_test.go
@@ -4,7 +4,7 @@ import (
"reflect"
"testing"
- report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
"gotest.tools/assert"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
@@ -22,7 +22,7 @@ func Test_mergeClusterReport(t *testing.T) {
"results": []interface{}{
map[string]interface{}{
"policy": "ns-polr-1",
- "status": report.StatusPass,
+ "result": report.StatusPass,
"resources": make([]interface{}, 10),
},
},
@@ -38,7 +38,7 @@ func Test_mergeClusterReport(t *testing.T) {
"results": []interface{}{
map[string]interface{}{
"policy": "ns-polr-2",
- "status": report.StatusPass,
+ "result": report.StatusPass,
"resources": make([]interface{}, 5),
},
},
@@ -52,7 +52,7 @@ func Test_mergeClusterReport(t *testing.T) {
"results": []interface{}{
map[string]interface{}{
"policy": "polr-3",
- "status": report.StatusPass,
+ "result": report.StatusPass,
"resources": make([]interface{}, 1),
},
},
@@ -68,7 +68,7 @@ func Test_mergeClusterReport(t *testing.T) {
"results": []interface{}{
map[string]interface{}{
"policy": "cpolr-4",
- "status": report.StatusFail,
+ "result": report.StatusFail,
},
},
},
@@ -83,7 +83,7 @@ func Test_mergeClusterReport(t *testing.T) {
"results": []interface{}{
map[string]interface{}{
"policy": "cpolr-5",
- "status": report.StatusFail,
+ "result": report.StatusFail,
},
},
},
@@ -93,21 +93,21 @@ func Test_mergeClusterReport(t *testing.T) {
expectedResults := []interface{}{
map[string]interface{}{
"policy": "ns-polr-2",
- "status": report.StatusPass,
+ "result": report.StatusPass,
"resources": make([]interface{}, 5),
},
map[string]interface{}{
"policy": "polr-3",
- "status": report.StatusPass,
+ "result": report.StatusPass,
"resources": make([]interface{}, 1),
},
map[string]interface{}{
"policy": "cpolr-4",
- "status": report.StatusFail,
+ "result": report.StatusFail,
},
map[string]interface{}{
"policy": "cpolr-5",
- "status": report.StatusFail,
+ "result": report.StatusFail,
},
}
@@ -131,17 +131,17 @@ func Test_mergeClusterReport(t *testing.T) {
func Test_updateSummary(t *testing.T) {
results := []interface{}{
map[string]interface{}{
- "status": report.StatusPass,
+ "result": report.StatusPass,
"resources": make([]interface{}, 5),
},
map[string]interface{}{
- "status": report.StatusFail,
+ "result": report.StatusFail,
},
map[string]interface{}{
- "status": report.StatusFail,
+ "result": report.StatusFail,
},
map[string]interface{}{
- "status": report.StatusFail,
+ "result": report.StatusFail,
},
}
diff --git a/pkg/kyverno/apply/report.go b/pkg/kyverno/apply/report.go
index 23b04ff35f..630cc4ff90 100644
--- a/pkg/kyverno/apply/report.go
+++ b/pkg/kyverno/apply/report.go
@@ -4,8 +4,9 @@ import (
"encoding/json"
"fmt"
"strings"
+ "time"
- report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
"github.com/kyverno/kyverno/pkg/engine/response"
"github.com/kyverno/kyverno/pkg/engine/utils"
engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
@@ -31,7 +32,7 @@ func buildPolicyReports(resps []*response.EngineResponse, skippedPolicies []Skip
Message: fmt.Sprintln("skipped policy with variables -", sp.Variable),
Policy: sp.Name,
Rule: r.Name,
- Status: "skip",
+ Result: "skip",
},
}
@@ -110,6 +111,7 @@ func buildPolicyReports(resps []*response.EngineResponse, skippedPolicies []Skip
func buildPolicyResults(resps []*response.EngineResponse) map[string][]*report.PolicyReportResult {
results := make(map[string][]*report.PolicyReportResult)
infos := policyreport.GeneratePRsFromEngineResponse(resps, log.Log)
+ now := metav1.Timestamp{Seconds: time.Now().Unix()}
for _, info := range infos {
var appname string
@@ -142,7 +144,9 @@ func buildPolicyResults(resps []*response.EngineResponse) map[string][]*report.P
result.Rule = rule.Name
result.Message = rule.Message
- result.Status = report.PolicyStatus(rule.Check)
+ result.Result = report.PolicyResult(rule.Check)
+ result.Source = policyreport.SourceValue
+ result.Timestamp = now
results[appname] = append(results[appname], &result)
}
}
@@ -158,7 +162,7 @@ func mergeSucceededResults(results map[string][]*report.PolicyReportResult) map[
resourcesMap := make(map[string]*report.PolicyReportResult)
for _, result := range scopedResults {
- if result.Status != report.PolicyStatus("pass") {
+ if result.Result != report.PolicyResult("pass") {
resultsNew[scope] = append(resultsNew[scope], result)
continue
}
@@ -183,7 +187,7 @@ func mergeSucceededResults(results map[string][]*report.PolicyReportResult) map[
Policy: names[0],
Rule: names[1],
Resources: v.Resources,
- Status: report.PolicyStatus(v.Status),
+ Result: report.PolicyResult(v.Result),
}
resultsNew[scope] = append(resultsNew[scope], r)
@@ -194,7 +198,7 @@ func mergeSucceededResults(results map[string][]*report.PolicyReportResult) map[
func calculateSummary(results []*report.PolicyReportResult) (summary report.PolicyReportSummary) {
for _, res := range results {
- switch string(res.Status) {
+ switch string(res.Result) {
case report.StatusPass:
summary.Pass++
case report.StatusFail:
diff --git a/pkg/kyverno/apply/report_test.go b/pkg/kyverno/apply/report_test.go
index 5424897edc..dc5c1e0f36 100644
--- a/pkg/kyverno/apply/report_test.go
+++ b/pkg/kyverno/apply/report_test.go
@@ -4,8 +4,8 @@ import (
"os"
"testing"
- preport "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
- report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ preport "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
"github.com/kyverno/kyverno/pkg/common"
"github.com/kyverno/kyverno/pkg/engine/response"
"github.com/kyverno/kyverno/pkg/engine/utils"
@@ -106,9 +106,9 @@ func Test_buildPolicyResults(t *testing.T) {
for _, r := range result {
switch r.Rule {
case "policy1-rule1", "clusterpolicy2-rule1":
- assert.Assert(t, r.Status == report.PolicyStatus(preport.StatusPass))
+ assert.Assert(t, r.Result == report.PolicyResult(preport.StatusPass))
case "policy1-rule2", "clusterpolicy2-rule2":
- assert.Assert(t, r.Status == report.PolicyStatus(preport.StatusFail))
+ assert.Assert(t, r.Result == report.PolicyResult(preport.StatusFail))
}
}
}
@@ -118,17 +118,17 @@ func Test_calculateSummary(t *testing.T) {
results := []*report.PolicyReportResult{
{
Resources: make([]*v1.ObjectReference, 5),
- Status: report.PolicyStatus(preport.StatusPass),
+ Result: report.PolicyResult(preport.StatusPass),
},
- {Status: report.PolicyStatus(preport.StatusFail)},
- {Status: report.PolicyStatus(preport.StatusFail)},
- {Status: report.PolicyStatus(preport.StatusFail)},
+ {Result: report.PolicyResult(preport.StatusFail)},
+ {Result: report.PolicyResult(preport.StatusFail)},
+ {Result: report.PolicyResult(preport.StatusFail)},
{
Resources: make([]*v1.ObjectReference, 1),
- Status: report.PolicyStatus(preport.StatusPass)},
+ Result: report.PolicyResult(preport.StatusPass)},
{
Resources: make([]*v1.ObjectReference, 4),
- Status: report.PolicyStatus(preport.StatusPass),
+ Result: report.PolicyResult(preport.StatusPass),
},
}
diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go
index aa8a3666dc..848f8aec61 100644
--- a/pkg/kyverno/test/test_command.go
+++ b/pkg/kyverno/test/test_command.go
@@ -10,13 +10,14 @@ import (
"reflect"
"sort"
"strings"
+ "time"
"github.com/fatih/color"
"github.com/go-git/go-billy/v5"
"github.com/go-git/go-billy/v5/memfs"
"github.com/kataras/tablewriter"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
client "github.com/kyverno/kyverno/pkg/dclient"
"github.com/kyverno/kyverno/pkg/engine/response"
"github.com/kyverno/kyverno/pkg/engine/utils"
@@ -30,6 +31,7 @@ import (
"github.com/lensesio/tableprinter"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/yaml"
log "sigs.k8s.io/controller-runtime/pkg/log"
)
@@ -79,7 +81,8 @@ type SkippedPolicy struct {
type TestResults struct {
Policy string `json:"policy"`
Rule string `json:"rule"`
- Status report.PolicyStatus `json:"status"`
+ Result report.PolicyResult `json:"result"`
+ Status report.PolicyResult `json:"status"`
Resource string `json:"resource"`
}
@@ -224,6 +227,7 @@ func getLocalDirTestFiles(fs billy.Filesystem, path, fileName, valuesFile string
func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResults) map[string]report.PolicyReportResult {
results := make(map[string]report.PolicyReportResult)
infos := policyreport.GeneratePRsFromEngineResponse(resps, log.Log)
+ now := metav1.Timestamp{Seconds: time.Now().Unix()}
for _, resp := range resps {
policyName := resp.PolicyResponse.Policy.Name
resourceName := resp.PolicyResponse.Resource.Name
@@ -243,7 +247,7 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu
for _, test := range testResults {
if test.Policy == policyName && test.Resource == resourceName {
if !util.ContainsString(rules, test.Rule) {
- result.Status = report.StatusSkip
+ result.Result = report.StatusSkip
}
resultsKey := fmt.Sprintf("%s-%s-%s", test.Policy, test.Rule, test.Resource)
if _, ok := results[resultsKey]; !ok {
@@ -270,7 +274,9 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu
continue
}
result.Rule = ruleName
- result.Status = report.PolicyStatus(rule.Check)
+ result.Result = report.PolicyResult(rule.Check)
+ result.Source = policyreport.SourceValue
+ result.Timestamp = now
results[resultsKey] = result
}
}
@@ -424,8 +430,11 @@ func printTestResult(resps map[string]report.PolicyReportResult, testResults []T
table = append(table, res)
continue
}
- if testRes.Status == v.Status {
- if testRes.Status == report.StatusSkip {
+ if v.Result == "" && v.Status != "" {
+ v.Result = v.Status
+ }
+ if testRes.Result == v.Result {
+ if testRes.Result == report.StatusSkip {
res.Result = boldGreen.Sprintf("Pass")
rc.skip++
} else {
diff --git a/pkg/metrics/admissionrequests/admissionRequests.go b/pkg/metrics/admissionrequests/admissionRequests.go
index d9ad22afa6..bd114065ba 100644
--- a/pkg/metrics/admissionrequests/admissionRequests.go
+++ b/pkg/metrics/admissionrequests/admissionRequests.go
@@ -7,11 +7,10 @@ import (
)
func (pm PromMetrics) registerAdmissionRequestsMetric(
- resourceName, resourceKind, resourceNamespace string,
+ resourceKind, resourceNamespace string,
resourceRequestOperation metrics.ResourceRequestOperation,
) error {
pm.AdmissionRequests.With(prom.Labels{
- "resource_name": resourceName,
"resource_kind": resourceKind,
"resource_namespace": resourceNamespace,
"resource_request_operation": string(resourceRequestOperation),
@@ -23,7 +22,7 @@ func (pm PromMetrics) ProcessEngineResponses(engineResponses []*response.EngineR
if len(engineResponses) == 0 {
return nil
}
- resourceName, resourceNamespace, resourceKind := engineResponses[0].PolicyResponse.Resource.Name, engineResponses[0].PolicyResponse.Resource.Namespace, engineResponses[0].PolicyResponse.Resource.Kind
+ resourceNamespace, resourceKind := engineResponses[0].PolicyResponse.Resource.Namespace, engineResponses[0].PolicyResponse.Resource.Kind
totalValidateRulesCount, totalMutateRulesCount, totalGenerateRulesCount := 0, 0, 0
for _, e := range engineResponses {
validateRulesCount, mutateRulesCount, generateRulesCount := 0, 0, 0
@@ -49,5 +48,5 @@ func (pm PromMetrics) ProcessEngineResponses(engineResponses []*response.EngineR
if totalValidateRulesCount+totalMutateRulesCount+totalGenerateRulesCount == 0 {
return nil
}
- return pm.registerAdmissionRequestsMetric(resourceName, resourceKind, resourceNamespace, resourceRequestOperation)
+ return pm.registerAdmissionRequestsMetric(resourceKind, resourceNamespace, resourceRequestOperation)
}
diff --git a/pkg/metrics/admissionreviewduration/admissionReviewDuration.go b/pkg/metrics/admissionreviewduration/admissionReviewDuration.go
index 92d0a232c0..5cab35b9df 100644
--- a/pkg/metrics/admissionreviewduration/admissionReviewDuration.go
+++ b/pkg/metrics/admissionreviewduration/admissionReviewDuration.go
@@ -7,12 +7,11 @@ import (
)
func (pm PromMetrics) registerAdmissionReviewDurationMetric(
- resourceName, resourceKind, resourceNamespace string,
+ resourceKind, resourceNamespace string,
resourceRequestOperation metrics.ResourceRequestOperation,
admissionRequestLatency float64,
) error {
pm.AdmissionReviewDuration.With(prom.Labels{
- "resource_name": resourceName,
"resource_kind": resourceKind,
"resource_namespace": resourceNamespace,
"resource_request_operation": string(resourceRequestOperation),
@@ -24,7 +23,7 @@ func (pm PromMetrics) ProcessEngineResponses(engineResponses []*response.EngineR
if len(engineResponses) == 0 {
return nil
}
- resourceName, resourceNamespace, resourceKind := engineResponses[0].PolicyResponse.Resource.Name, engineResponses[0].PolicyResponse.Resource.Namespace, engineResponses[0].PolicyResponse.Resource.Kind
+ resourceNamespace, resourceKind := engineResponses[0].PolicyResponse.Resource.Namespace, engineResponses[0].PolicyResponse.Resource.Kind
totalValidateRulesCount, totalMutateRulesCount, totalGenerateRulesCount := 0, 0, 0
for _, e := range engineResponses {
validateRulesCount, mutateRulesCount, generateRulesCount := 0, 0, 0
@@ -51,5 +50,5 @@ func (pm PromMetrics) ProcessEngineResponses(engineResponses []*response.EngineR
return nil
}
admissionReviewLatencyDurationInSeconds := float64(admissionReviewLatencyDuration) / float64(1000*1000*1000)
- return pm.registerAdmissionReviewDurationMetric(resourceName, resourceKind, resourceNamespace, resourceRequestOperation, admissionReviewLatencyDurationInSeconds)
+ return pm.registerAdmissionReviewDurationMetric(resourceKind, resourceNamespace, resourceRequestOperation, admissionReviewLatencyDurationInSeconds)
}
diff --git a/pkg/metrics/metrics.go b/pkg/metrics/metrics.go
index 7e88d76cd5..e300932222 100644
--- a/pkg/metrics/metrics.go
+++ b/pkg/metrics/metrics.go
@@ -25,7 +25,7 @@ func NewPromConfig() *PromConfig {
policyResultsLabels := []string{
"policy_validation_mode", "policy_type", "policy_background_mode", "policy_name", "policy_namespace",
- "resource_name", "resource_kind", "resource_namespace", "resource_request_operation",
+ "resource_kind", "resource_namespace", "resource_request_operation",
"rule_name", "rule_result", "rule_type", "rule_execution_cause",
}
policyResultsMetric := prom.NewCounterVec(
@@ -60,7 +60,7 @@ func NewPromConfig() *PromConfig {
policyExecutionDurationLabels := []string{
"policy_validation_mode", "policy_type", "policy_background_mode", "policy_name", "policy_namespace",
- "resource_name", "resource_kind", "resource_namespace", "resource_request_operation",
+ "resource_kind", "resource_namespace", "resource_request_operation",
"rule_name", "rule_result", "rule_type", "rule_execution_cause", "generate_rule_latency_type",
}
policyExecutionDurationMetric := prom.NewHistogramVec(
@@ -72,7 +72,7 @@ func NewPromConfig() *PromConfig {
)
admissionReviewDurationLabels := []string{
- "resource_name", "resource_kind", "resource_namespace", "resource_request_operation",
+ "resource_kind", "resource_namespace", "resource_request_operation",
}
admissionReviewDurationMetric := prom.NewHistogramVec(
prom.HistogramOpts{
@@ -83,7 +83,7 @@ func NewPromConfig() *PromConfig {
)
admissionRequestsLabels := []string{
- "resource_name", "resource_kind", "resource_namespace", "resource_request_operation",
+ "resource_kind", "resource_namespace", "resource_request_operation",
}
admissionRequestsMetric := prom.NewCounterVec(
prom.CounterOpts{
diff --git a/pkg/metrics/policyexecutionduration/policyExecutionDuration.go b/pkg/metrics/policyexecutionduration/policyExecutionDuration.go
index 0b88c8761c..c690ef7fc9 100644
--- a/pkg/metrics/policyexecutionduration/policyExecutionDuration.go
+++ b/pkg/metrics/policyexecutionduration/policyExecutionDuration.go
@@ -12,7 +12,7 @@ func (pm PromMetrics) registerPolicyExecutionDurationMetric(
policyType metrics.PolicyType,
policyBackgroundMode metrics.PolicyBackgroundMode,
policyNamespace, policyName string,
- resourceName, resourceKind, resourceNamespace string,
+ resourceKind, resourceNamespace string,
resourceRequestOperation metrics.ResourceRequestOperation,
ruleName string,
ruleResult metrics.RuleResult,
@@ -33,7 +33,6 @@ func (pm PromMetrics) registerPolicyExecutionDurationMetric(
"policy_background_mode": string(policyBackgroundMode),
"policy_namespace": policyNamespace,
"policy_name": policyName,
- "resource_name": resourceName,
"resource_kind": resourceKind,
"resource_namespace": resourceNamespace,
"resource_request_operation": string(resourceRequestOperation),
@@ -65,7 +64,6 @@ func (pm PromMetrics) ProcessEngineResponse(policy kyverno.ClusterPolicy, engine
resourceSpec := engineResponse.PolicyResponse.Resource
- resourceName := resourceSpec.Name
resourceKind := resourceSpec.Kind
resourceNamespace := resourceSpec.Namespace
@@ -86,7 +84,7 @@ func (pm PromMetrics) ProcessEngineResponse(policy kyverno.ClusterPolicy, engine
policyType,
policyBackgroundMode,
policyNamespace, policyName,
- resourceName, resourceKind, resourceNamespace,
+ resourceKind, resourceNamespace,
resourceRequestOperation,
ruleName,
ruleResult,
diff --git a/pkg/metrics/policyresults/policyResults.go b/pkg/metrics/policyresults/policyResults.go
index c0a2440002..82e0266534 100644
--- a/pkg/metrics/policyresults/policyResults.go
+++ b/pkg/metrics/policyresults/policyResults.go
@@ -12,7 +12,7 @@ func (pm PromMetrics) registerPolicyResultsMetric(
policyType metrics.PolicyType,
policyBackgroundMode metrics.PolicyBackgroundMode,
policyNamespace, policyName string,
- resourceName, resourceKind, resourceNamespace string,
+ resourceKind, resourceNamespace string,
resourceRequestOperation metrics.ResourceRequestOperation,
ruleName string,
ruleResult metrics.RuleResult,
@@ -28,7 +28,6 @@ func (pm PromMetrics) registerPolicyResultsMetric(
"policy_background_mode": string(policyBackgroundMode),
"policy_namespace": policyNamespace,
"policy_name": policyName,
- "resource_name": resourceName,
"resource_kind": resourceKind,
"resource_namespace": resourceNamespace,
"resource_request_operation": string(resourceRequestOperation),
@@ -59,7 +58,6 @@ func (pm PromMetrics) ProcessEngineResponse(policy kyverno.ClusterPolicy, engine
resourceSpec := engineResponse.PolicyResponse.Resource
- resourceName := resourceSpec.Name
resourceKind := resourceSpec.Kind
resourceNamespace := resourceSpec.Namespace
@@ -78,7 +76,7 @@ func (pm PromMetrics) ProcessEngineResponse(policy kyverno.ClusterPolicy, engine
policyType,
policyBackgroundMode,
policyNamespace, policyName,
- resourceName, resourceKind, resourceNamespace,
+ resourceKind, resourceNamespace,
resourceRequestOperation,
ruleName,
ruleResult,
diff --git a/pkg/policy/actions.go b/pkg/policy/actions.go
index 8a1f6c8bac..bfd449d1e0 100644
--- a/pkg/policy/actions.go
+++ b/pkg/policy/actions.go
@@ -8,6 +8,7 @@ import (
"github.com/kyverno/kyverno/pkg/policy/generate"
"github.com/kyverno/kyverno/pkg/policy/mutate"
"github.com/kyverno/kyverno/pkg/policy/validate"
+ "github.com/kyverno/kyverno/pkg/utils"
"sigs.k8s.io/controller-runtime/pkg/log"
)
@@ -55,6 +56,10 @@ func validateActions(idx int, rule kyverno.Rule, client *dclient.Client, mock bo
return fmt.Errorf("path: spec.rules[%d].generate.%s.: %v", idx, path, err)
}
}
+
+ if utils.ContainsString(rule.MatchResources.Kinds, rule.Generation.Kind) {
+ return fmt.Errorf("generation kind and match resource kind should not be the same.")
+ }
}
return nil
diff --git a/pkg/policy/report.go b/pkg/policy/report.go
index 78aeb3d9c8..98a046c794 100644
--- a/pkg/policy/report.go
+++ b/pkg/policy/report.go
@@ -7,10 +7,10 @@ import (
"time"
"github.com/go-logr/logr"
- v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ v1alpha2 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
- changerequestlister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha1"
- policyreportlister "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha1"
+ changerequestlister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha2"
+ policyreportlister "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha2"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine/response"
"github.com/kyverno/kyverno/pkg/event"
@@ -82,12 +82,12 @@ func cleanupReportChangeRequests(pclient *kyvernoclient.Clientset, rcrLister cha
var gracePeriod int64 = 0
deleteOptions := metav1.DeleteOptions{GracePeriodSeconds: &gracePeriod}
- err := pclient.KyvernoV1alpha1().ClusterReportChangeRequests().DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{})
+ err := pclient.KyvernoV1alpha2().ClusterReportChangeRequests().DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{})
if err != nil {
errors = append(errors, err.Error())
}
- err = pclient.KyvernoV1alpha1().ReportChangeRequests(config.KyvernoNamespace).DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{})
+ err = pclient.KyvernoV1alpha2().ReportChangeRequests(config.KyvernoNamespace).DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{})
if err != nil {
errors = append(errors, err.Error())
}
@@ -106,9 +106,9 @@ func eraseResultsEntries(pclient *kyvernoclient.Clientset, reportLister policyre
errors = append(errors, err.Error())
} else {
for _, polr := range polrs {
- polr.Results = []*v1alpha1.PolicyReportResult{}
- polr.Summary = v1alpha1.PolicyReportSummary{}
- if _, err = pclient.Wgpolicyk8sV1alpha1().PolicyReports(polr.GetNamespace()).Update(context.TODO(), polr, metav1.UpdateOptions{}); err != nil {
+ polr.Results = []*v1alpha2.PolicyReportResult{}
+ polr.Summary = v1alpha2.PolicyReportSummary{}
+ if _, err = pclient.Wgpolicyk8sV1alpha2().PolicyReports(polr.GetNamespace()).Update(context.TODO(), polr, metav1.UpdateOptions{}); err != nil {
errors = append(errors, fmt.Sprintf("%s/%s/%s: %v", polr.Kind, polr.Namespace, polr.Name, err))
}
}
@@ -118,9 +118,9 @@ func eraseResultsEntries(pclient *kyvernoclient.Clientset, reportLister policyre
errors = append(errors, err.Error())
} else {
for _, cpolr := range cpolrs {
- cpolr.Results = []*v1alpha1.PolicyReportResult{}
- cpolr.Summary = v1alpha1.PolicyReportSummary{}
- if _, err = pclient.Wgpolicyk8sV1alpha1().ClusterPolicyReports().Update(context.TODO(), cpolr, metav1.UpdateOptions{}); err != nil {
+ cpolr.Results = []*v1alpha2.PolicyReportResult{}
+ cpolr.Summary = v1alpha2.PolicyReportSummary{}
+ if _, err = pclient.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(context.TODO(), cpolr, metav1.UpdateOptions{}); err != nil {
errors = append(errors, fmt.Sprintf("%s/%s: %v", cpolr.Kind, cpolr.Name, err))
}
}
diff --git a/pkg/policy/validate.go b/pkg/policy/validate.go
index d14d14a3d2..4c4f9530df 100644
--- a/pkg/policy/validate.go
+++ b/pkg/policy/validate.go
@@ -8,6 +8,7 @@ import (
"strings"
"github.com/jmespath/go-jmespath"
+ c "github.com/kyverno/kyverno/pkg/common"
"github.com/kyverno/kyverno/pkg/engine"
"github.com/kyverno/kyverno/pkg/engine/variables"
"github.com/kyverno/kyverno/pkg/kyverno/common"
@@ -133,6 +134,14 @@ func Validate(policy *kyverno.ClusterPolicy, client *dclient.Client, mock bool,
return fmt.Errorf("wildcards (*) are currently not supported in the match.resources.kinds field. at least one resource kind must be specified in a kind block.")
}
+ // Validate Kind with match resource kinds
+ for _, kind := range rule.MatchResources.Kinds {
+ _, k := c.GetKindFromGVK(kind)
+ if k == p.Kind {
+ return fmt.Errorf("kind and match resource kind should not be the same.")
+ }
+ }
+
// Validate string values in labels
if !isLabelAndAnnotationsString(rule) {
return fmt.Errorf("labels and annotations supports only string values, \"use double quotes around the non string values\"")
@@ -745,10 +754,13 @@ func validateRuleContext(rule kyverno.Rule) error {
return nil
}
+ contextNames := make([]string, 0)
+
for _, entry := range rule.Context {
if entry.Name == "" {
return fmt.Errorf("a name is required for context entries")
}
+ contextNames = append(contextNames, entry.Name)
var err error
if entry.ConfigMap != nil {
@@ -764,6 +776,14 @@ func validateRuleContext(rule kyverno.Rule) error {
}
}
+ ruleBytes, _ := json.Marshal(rule)
+ ruleString := strings.ReplaceAll(string(ruleBytes), " ", "")
+ for _, contextName := range contextNames {
+ if !strings.Contains(ruleString, fmt.Sprintf("{{"+contextName)) {
+ return fmt.Errorf("context variable `%s` is not used in the policy", contextName)
+ }
+ }
+
return nil
}
diff --git a/pkg/policyreport/builder.go b/pkg/policyreport/builder.go
index d447db7ca0..aff8c5bcf7 100755
--- a/pkg/policyreport/builder.go
+++ b/pkg/policyreport/builder.go
@@ -3,11 +3,12 @@ package policyreport
import (
"fmt"
"reflect"
+ "time"
"github.com/go-logr/logr"
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- request "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
- report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ request "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine/response"
@@ -29,6 +30,9 @@ const (
// there would be a problem if use labels as the value could exceed 63 chars
deletedAnnotationResourceName string = "kyverno.io/delete.resource.name"
deletedAnnotationResourceKind string = "kyverno.io/delete.resource.kind"
+
+ // static value for PolicyReportResult.Source
+ SourceValue = "Kyverno"
)
func generatePolicyReportName(ns string) string {
@@ -152,9 +156,13 @@ func (builder *requestBuilder) buildRCRResult(policy string, resource response.R
result.Rule = rule.Name
result.Message = rule.Message
- result.Status = report.PolicyStatus(rule.Check)
- if result.Status == "fail" && !av.scored {
- result.Status = "warn"
+ result.Result = report.PolicyResult(rule.Check)
+ if result.Result == "fail" && !av.scored {
+ result.Result = "warn"
+ }
+ result.Source = SourceValue
+ result.Timestamp = metav1.Timestamp{
+ Seconds: time.Now().Unix(),
}
return result
}
@@ -212,7 +220,7 @@ func setRequestLabels(req *unstructured.Unstructured, info Info) bool {
func calculateSummary(results []*report.PolicyReportResult) (summary report.PolicyReportSummary) {
for _, res := range results {
- switch string(res.Status) {
+ switch string(res.Result) {
case report.StatusPass:
summary.Pass++
case report.StatusFail:
diff --git a/pkg/policyreport/policyreport.go b/pkg/policyreport/policyreport.go
index 8dc0df1c7f..dddb6ed5fb 100644
--- a/pkg/policyreport/policyreport.go
+++ b/pkg/policyreport/policyreport.go
@@ -6,11 +6,11 @@ import (
"strings"
"github.com/cornelk/hashmap"
- changerequest "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
- report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ changerequest "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
- changerequestlister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha1"
- policyreportlister "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha1"
+ changerequestlister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha2"
+ policyreportlister "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha2"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
@@ -181,7 +181,7 @@ func updateSummary(results []interface{}) map[string]interface{} {
continue
}
- switch typedResult["status"].(string) {
+ switch typedResult["result"].(string) {
case report.StatusPass:
pass, _ := summary[report.StatusPass].(int64)
summary[report.StatusPass] = pass + 1
diff --git a/pkg/policyreport/reportcontroller.go b/pkg/policyreport/reportcontroller.go
index 3d58ab0eab..f4c67d3d80 100644
--- a/pkg/policyreport/reportcontroller.go
+++ b/pkg/policyreport/reportcontroller.go
@@ -22,13 +22,13 @@ import (
"k8s.io/client-go/tools/cache"
"k8s.io/client-go/util/workqueue"
- changerequest "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
- report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ changerequest "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2"
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
- requestinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
- policyreportinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport/v1alpha1"
- requestlister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha1"
- policyreport "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha1"
+ requestinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha2"
+ policyreportinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport/v1alpha2"
+ requestlister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha2"
+ policyreport "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha2"
"github.com/kyverno/kyverno/pkg/config"
dclient "github.com/kyverno/kyverno/pkg/dclient"
)
diff --git a/pkg/policyreport/reportrequest.go b/pkg/policyreport/reportrequest.go
index 4e4185fbae..46fe72ffbf 100755
--- a/pkg/policyreport/reportrequest.go
+++ b/pkg/policyreport/reportrequest.go
@@ -12,9 +12,9 @@ import (
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
policyreportclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
- requestinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
+ requestinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha2"
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
- requestlister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha1"
+ requestlister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha2"
dclient "github.com/kyverno/kyverno/pkg/dclient"
"github.com/kyverno/kyverno/pkg/engine/response"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
diff --git a/pkg/webhookconfig/common.go b/pkg/webhookconfig/common.go
index d1c4616d13..611dff97c9 100644
--- a/pkg/webhookconfig/common.go
+++ b/pkg/webhookconfig/common.go
@@ -7,6 +7,7 @@ import (
"github.com/kyverno/kyverno/pkg/tls"
admregapi "k8s.io/api/admissionregistration/v1beta1"
apps "k8s.io/api/apps/v1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
rest "k8s.io/client-go/rest"
@@ -52,6 +53,32 @@ func extractCA(config *rest.Config) (result []byte) {
return config.TLSClientConfig.CAData
}
+func (wrc *Register) constructOwner() v1.OwnerReference {
+ logger := wrc.log
+
+ kubeNamespace, err := wrc.GetKubePolicyNamespace()
+ if err != nil {
+ logger.Error(err, "failed to construct OwnerReference")
+ return v1.OwnerReference{}
+ }
+
+ return v1.OwnerReference{
+ APIVersion: config.NamespaceAPIVersion,
+ Kind: config.NamespaceKind,
+ Name: config.KyvernoNamespace,
+ UID: kubeNamespace.GetUID(),
+ }
+}
+
+func (wrc *Register) GetKubePolicyNamespace() (*unstructured.Unstructured, error) {
+ kubeNamespace, err := wrc.client.GetResource(config.NamespaceAPIVersion, config.NamespaceKind, "", config.KyvernoNamespace)
+ if err != nil {
+ return nil, err
+ }
+
+ return kubeNamespace, nil
+}
+
// GetKubePolicyDeployment gets Kyverno deployment using the resource cache
// it does not initialize any client call
func (wrc *Register) GetKubePolicyDeployment() (*apps.Deployment, *unstructured.Unstructured, error) {
diff --git a/pkg/webhookconfig/policy.go b/pkg/webhookconfig/policy.go
index 0c8bee9812..0010270f1e 100644
--- a/pkg/webhookconfig/policy.go
+++ b/pkg/webhookconfig/policy.go
@@ -13,6 +13,9 @@ func (wrc *Register) contructPolicyValidatingWebhookConfig(caData []byte) *admre
return &admregapi.ValidatingWebhookConfiguration{
ObjectMeta: v1.ObjectMeta{
Name: config.PolicyValidatingWebhookConfigurationName,
+ OwnerReferences: []v1.OwnerReference{
+ wrc.constructOwner(),
+ },
},
Webhooks: []admregapi.ValidatingWebhook{
generateValidatingWebhook(
@@ -59,6 +62,9 @@ func (wrc *Register) contructPolicyMutatingWebhookConfig(caData []byte) *admrega
return &admregapi.MutatingWebhookConfiguration{
ObjectMeta: v1.ObjectMeta{
Name: config.PolicyMutatingWebhookConfigurationName,
+ OwnerReferences: []v1.OwnerReference{
+ wrc.constructOwner(),
+ },
},
Webhooks: []admregapi.MutatingWebhook{
generateMutatingWebhook(
diff --git a/pkg/webhookconfig/registration.go b/pkg/webhookconfig/registration.go
index 7baba183a8..593a2925ce 100644
--- a/pkg/webhookconfig/registration.go
+++ b/pkg/webhookconfig/registration.go
@@ -464,6 +464,9 @@ func (wrc *Register) constructVerifyMutatingWebhookConfig(caData []byte) *admreg
return &admregapi.MutatingWebhookConfiguration{
ObjectMeta: v1.ObjectMeta{
Name: config.VerifyMutatingWebhookConfigurationName,
+ OwnerReferences: []v1.OwnerReference{
+ wrc.constructOwner(),
+ },
},
Webhooks: []admregapi.MutatingWebhook{
generateMutatingWebhook(
diff --git a/pkg/webhookconfig/resource.go b/pkg/webhookconfig/resource.go
index 9d4f43809b..45aa28b7bc 100644
--- a/pkg/webhookconfig/resource.go
+++ b/pkg/webhookconfig/resource.go
@@ -50,6 +50,9 @@ func (wrc *Register) constructDefaultMutatingWebhookConfig(caData []byte) *admre
return &admregapi.MutatingWebhookConfiguration{
ObjectMeta: v1.ObjectMeta{
Name: config.MutatingWebhookConfigurationName,
+ OwnerReferences: []v1.OwnerReference{
+ wrc.constructOwner(),
+ },
},
Webhooks: []admregapi.MutatingWebhook{webhookCfg},
}
@@ -118,6 +121,9 @@ func (wrc *Register) constructDefaultValidatingWebhookConfig(caData []byte) *adm
return &admregapi.ValidatingWebhookConfiguration{
ObjectMeta: v1.ObjectMeta{
Name: config.ValidatingWebhookConfigurationName,
+ OwnerReferences: []v1.OwnerReference{
+ wrc.constructOwner(),
+ },
},
Webhooks: []admregapi.ValidatingWebhook{
generateValidatingWebhook(
diff --git a/pkg/webhooks/common.go b/pkg/webhooks/common.go
index c2cbc40b69..7f0a86ff10 100644
--- a/pkg/webhooks/common.go
+++ b/pkg/webhooks/common.go
@@ -170,10 +170,6 @@ func convertResource(raw []byte, group, version, kind, namespace string) (unstru
func excludeKyvernoResources(kind string) bool {
switch kind {
- case "ClusterPolicy":
- return true
- case "Policy":
- return true
case "ClusterPolicyReport":
return true
case "PolicyReport":
diff --git a/pkg/webhooks/report.go b/pkg/webhooks/report.go
index 508f29827c..1ec7d21672 100644
--- a/pkg/webhooks/report.go
+++ b/pkg/webhooks/report.go
@@ -1,11 +1,12 @@
package webhooks
import (
- "github.com/go-logr/logr"
- kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
- "github.com/kyverno/kyverno/pkg/engine/response"
"strings"
+ "github.com/go-logr/logr"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha2"
+ "github.com/kyverno/kyverno/pkg/engine/response"
+
"github.com/kyverno/kyverno/pkg/event"
)
@@ -35,7 +36,7 @@ func generateEvents(engineResponses []*response.EngineResponse, blocked, onUpdat
pe := event.NewEvent(
log,
kind,
- kyvernov1alpha1.SchemeGroupVersion.String(),
+ kyvernov1alpha2.SchemeGroupVersion.String(),
er.PolicyResponse.Policy.Namespace,
er.PolicyResponse.Policy.Name,
event.PolicyViolation.String(),
@@ -73,7 +74,7 @@ func generateEvents(engineResponses []*response.EngineResponse, blocked, onUpdat
e := event.NewEvent(
log,
kind,
- kyvernov1alpha1.SchemeGroupVersion.String(),
+ kyvernov1alpha2.SchemeGroupVersion.String(),
er.PolicyResponse.Policy.Namespace,
er.PolicyResponse.Policy.Name,
event.PolicyApplied.String(),
diff --git a/scripts/update-codegen.sh b/scripts/update-codegen.sh
index d5166860c5..86dd046357 100755
--- a/scripts/update-codegen.sh
+++ b/scripts/update-codegen.sh
@@ -26,4 +26,4 @@ ${CODEGEN_PKG}/generate-groups.sh \
"deepcopy,client,informer,lister" \
${NIRMATA_PKG}/pkg/client \
${NIRMATA_PKG}/pkg/api \
- "kyverno:v1 policyreport:v1alpha1 kyverno:v1alpha1"
+ "kyverno:v1 policyreport:v1alpha2 kyverno:v1alpha2"
diff --git a/test/cli/test-fail/missing-policy/test.yaml b/test/cli/test-fail/missing-policy/test.yaml
index d82323c736..f177943769 100644
--- a/test/cli/test-fail/missing-policy/test.yaml
+++ b/test/cli/test-fail/missing-policy/test.yaml
@@ -7,4 +7,4 @@ results:
- policy: missing
rule: validate-image-tag
resource: test
- status: pass
+ result: pass
diff --git a/test/cli/test-fail/missing-resource/test.yaml b/test/cli/test-fail/missing-resource/test.yaml
index 162b00a5db..5a3d42ede7 100644
--- a/test/cli/test-fail/missing-resource/test.yaml
+++ b/test/cli/test-fail/missing-resource/test.yaml
@@ -7,4 +7,4 @@ results:
- policy: disallow-latest-tag
rule: validate-image-tag
resource: missing
- status: pass
+ result: pass
diff --git a/test/cli/test/autogen/test.yaml b/test/cli/test/autogen/test.yaml
index abb7c0b054..d6bef7195f 100644
--- a/test/cli/test/autogen/test.yaml
+++ b/test/cli/test/autogen/test.yaml
@@ -6,47 +6,47 @@ results:
# TEST: Pod with Labels Should Pass
- policy: require-common-labels
rule: check-for-labels
- status: pass
+ result: pass
resource: pod-with-labels
# TEST: Pod Missing Labels Should Fail
- policy: require-common-labels
rule: check-for-labels
- status: fail
+ result: fail
resource: pod-missing-labels
# TEST: Deployment with Labels Should Pass
- policy: require-common-labels
rule: check-for-labels
- status: pass
+ result: pass
resource: deployment-with-labels
# TEST: Deployment with Labels Should Fail
- policy: require-common-labels
rule: check-for-labels
- status: fail
+ result: fail
resource: deployment-missing-labels
# TEST: StatefulSet with Labels Should Pass
- policy: require-common-labels
rule: check-for-labels
- status: pass
+ result: pass
resource: StatefulSet-with-labels
# TEST: StatefulSet with Labels Should fail
- policy: require-common-labels
rule: check-for-labels
- status: fail
+ result: fail
resource: StatefulSet-without-labels
# TEST: Cronjob with Labels Should pass
- policy: require-common-labels
rule: check-for-labels
- status: pass
+ result: pass
resource: cronjob-with-labels
# TEST: Cronjob without Labels Should fail
- policy: require-common-labels
rule: check-for-labels
- status: fail
+ result: fail
resource: cronjob-without-labels
diff --git a/test/cli/test/variables/test.yaml b/test/cli/test/variables/test.yaml
index 4473d21506..7842f953e7 100644
--- a/test/cli/test/variables/test.yaml
+++ b/test/cli/test/variables/test.yaml
@@ -9,16 +9,16 @@ results:
- policy: cm-variable-example
rule: example-configmap-lookup
resource: test-env-test
- status: pass
+ result: pass
- policy: cm-variable-example
rule: example-configmap-lookup
resource: test-env-dev
- status: fail
+ result: fail
- policy: cm-array-example
rule: validate-role-annotation
resource: test-web
- status: fail
+ result: fail
- policy: cm-array-example
rule: validate-role-annotation
resource: test-app
- status: pass
+ result: pass
diff --git a/test/e2e/validate/config.go b/test/e2e/validate/config.go
index d96c86c9f9..f43d4b6f9a 100644
--- a/test/e2e/validate/config.go
+++ b/test/e2e/validate/config.go
@@ -4,14 +4,27 @@ package validate
var ValidateTests = []struct {
//TestName - Name of the Test
TestName string
- // Data - The Yaml file of the ClusterPolicy
- Data []byte
+ // PolicyRaw - The Yaml file of the ClusterPolicy
+ PolicyRaw []byte
+ // ResourceRaw - The Yaml file of the ClusterPolicy
+ ResourceRaw []byte
// ResourceNamespace - Namespace of the Resource
ResourceNamespace string
+ // MustSucceed declares if test case must fail on validation
+ MustSucceed bool
}{
{
- TestName: "test-validate-with-flux-and-variable-substitution",
- Data: kyverno_2043_policy,
+ TestName: "test-validate-with-flux-and-variable-substitution-2043",
+ PolicyRaw: kyverno_2043_policy,
+ ResourceRaw: kyverno_2043_FluxKustomization,
ResourceNamespace: "test-validate",
+ MustSucceed: false,
+ },
+ {
+ TestName: "test-validate-with-flux-and-variable-substitution-2241",
+ PolicyRaw: kyverno_2241_policy,
+ ResourceRaw: kyverno_2241_FluxKustomization,
+ ResourceNamespace: "test-validate",
+ MustSucceed: true,
},
}
diff --git a/test/e2e/validate/resources.go b/test/e2e/validate/resources.go
index 0b4e3e94fb..b4056e2cee 100644
--- a/test/e2e/validate/resources.go
+++ b/test/e2e/validate/resources.go
@@ -52,6 +52,53 @@ spec:
value: "{{request.object.metadata.namespace}}"
`)
+var kyverno_2241_policy = []byte(`
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+ name: flux-multi-tenancy
+spec:
+ validationFailureAction: enforce
+ rules:
+ - name: serviceAccountName
+ exclude:
+ resources:
+ namespaces:
+ - flux-system
+ match:
+ resources:
+ kinds:
+ - Kustomization
+ - HelmRelease
+ validate:
+ message: ".spec.serviceAccountName is required"
+ pattern:
+ spec:
+ serviceAccountName: "?*"
+ - name: sourceRefNamespace
+ exclude:
+ resources:
+ namespaces:
+ - flux-system
+ match:
+ resources:
+ kinds:
+ - Kustomization
+ - HelmRelease
+ preconditions:
+ any:
+ - key: "{{request.object.spec.sourceRef.namespace}}"
+ operator: NotEquals
+ value: ""
+ validate:
+ message: "spec.sourceRef.namespace must be the same as metadata.namespace"
+ deny:
+ conditions:
+ - key: "{{request.object.spec.sourceRef.namespace}}"
+ operator: NotEquals
+ value: "{{request.object.metadata.namespace}}"
+`)
+
var kyverno_2043_FluxCRD = []byte(`
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -497,3 +544,20 @@ spec:
prune: true
validation: client
`)
+
+var kyverno_2241_FluxKustomization = []byte(`
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+ name: tenants
+ namespace: test-validate
+spec:
+ serviceAccountName: dev-team
+ interval: 5m
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
+ path: ./tenants/production
+ prune: true
+ validation: client
+`)
diff --git a/test/e2e/validate/validate_test.go b/test/e2e/validate/validate_test.go
index 3ea6611f97..424d335fa2 100644
--- a/test/e2e/validate/validate_test.go
+++ b/test/e2e/validate/validate_test.go
@@ -69,7 +69,7 @@ func Test_Validate_Sets(t *testing.T) {
// Create policy
By(fmt.Sprintf("Creating policy in \"%s\"", clPolNS))
- _, err = e2eClient.CreateNamespacedResourceYaml(clPolGVR, clPolNS, test.Data)
+ _, err = e2eClient.CreateNamespacedResourceYaml(clPolGVR, clPolNS, test.PolicyRaw)
Expect(err).NotTo(HaveOccurred())
// Create Flux CRD
@@ -92,8 +92,13 @@ func Test_Validate_Sets(t *testing.T) {
// Create Kustomize resource
kustomizeGVR := e2e.GetGVR("kustomize.toolkit.fluxcd.io", "v1beta1", "kustomizations")
By(fmt.Sprintf("Creating Kustomize resource in \"%s\"", nspace))
- _, err = e2eClient.CreateNamespacedResourceYaml(kustomizeGVR, nspace, kyverno_2043_FluxKustomization)
- Expect(err).NotTo(HaveOccurred())
+ _, err = e2eClient.CreateNamespacedResourceYaml(kustomizeGVR, nspace, test.ResourceRaw)
+
+ if test.MustSucceed {
+ Expect(err).NotTo(HaveOccurred())
+ } else {
+ Expect(err).To(HaveOccurred())
+ }
//CleanUp Resources
e2eClient.CleanClusterPolicies(clPolGVR)