Adding support for applying git raw by kyverno cli (#1554)

Signed-off-by: Raj Das <mail.rajdas@gmail.com>
2025-04-08 10:04:25 +00:00 · 2021-02-08 23:38:06 +05:30 · 2021-02-08 23:38:06 +05:30 · 72eb5e3503
commit 72eb5e3503
parent d141f74015
2 changed files with 79 additions and 14 deletions
--- a/pkg/kyverno/common/common.go
+++ b/pkg/kyverno/common/common.go
@ -7,6 +7,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
@ -50,17 +51,30 @@ func GetPolicies(paths []string) (policies []*v1.ClusterPolicy, errors []error)
 	for _, path := range paths {
 		log.Log.V(5).Info("reading policies", "path", path)

-		path = filepath.Clean(path)
-		fileDesc, err := os.Stat(path)
-		if err != nil {
-			errors = append(errors, err)
-			continue
+		var (
+			fileDesc os.FileInfo
+			err      error
+		)
+
+		isHttpPath := strings.Contains(path, "http")
+
+		// path clean and retrieving file info can be possible if it's not an HTTP URL
+		if !isHttpPath {
+			path = filepath.Clean(path)
+			fileDesc, err = os.Stat(path)
+			if err != nil {
+				err := fmt.Errorf("failed to process %v: %v", path, err.Error())
+				errors = append(errors, err)
+				continue
+			}
 		}

-		if fileDesc.IsDir() {
+		// apply file from a directory is possible only if the path is not HTTP URL
+		if !isHttpPath && fileDesc.IsDir() {
 			files, err := ioutil.ReadDir(path)
 			if err != nil {
-				errors = append(errors, fmt.Errorf("failed to read %v: %v", path, err.Error()))
+				err := fmt.Errorf("failed to process %v: %v", path, err.Error())
+				errors = append(errors, err)
 				continue
 			}

@ -77,10 +91,35 @@ func GetPolicies(paths []string) (policies []*v1.ClusterPolicy, errors []error)
 			policies = append(policies, policiesFromDir...)

 		} else {
-			fileBytes, err := ioutil.ReadFile(path)
-			if err != nil {
-				errors = append(errors, fmt.Errorf("failed to read %v: %v", path, err.Error()))
-				continue
+			var fileBytes []byte
+			if isHttpPath {
+				resp, err := http.Get(path)
+				if err != nil {
+					err := fmt.Errorf("failed to process %v: %v", path, err.Error())
+					errors = append(errors, err)
+					continue
+				}
+				defer resp.Body.Close()
+
+				if resp.StatusCode != http.StatusOK {
+					err := fmt.Errorf("failed to process %v: %v", path, err.Error())
+					errors = append(errors, err)
+					continue
+				}
+
+				fileBytes, err = ioutil.ReadAll(resp.Body)
+				if err != nil {
+					err := fmt.Errorf("failed to process %v: %v", path, err.Error())
+					errors = append(errors, err)
+					continue
+				}
+			} else {
+				fileBytes, err = ioutil.ReadFile(path)
+				if err != nil {
+					err := fmt.Errorf("failed to process %v: %v", path, err.Error())
+					errors = append(errors, err)
+					continue
+				}
 			}

 			policiesFromFile, errFromFile := utils.GetPolicy(fileBytes)
--- a/pkg/kyverno/common/fetch.go
+++ b/pkg/kyverno/common/fetch.go
@ -5,6 +5,8 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
+	"net/http"
+	"strings"

 	"github.com/go-git/go-billy/v5"
 	v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@ -197,10 +199,34 @@ func getResourcesOfTypeFromCluster(resourceTypes []string, dClient *client.Clien
 }

 func getFileBytes(path string) ([]byte, error) {
-	file, err := ioutil.ReadFile(path)
-	if err != nil {
-		return nil, err
+
+	var (
+		file []byte
+		err  error
+	)
+
+	if strings.Contains(path, "http") {
+		resp, err := http.Get(path)
+		if err != nil {
+			return nil, err
+		}
+		defer resp.Body.Close()
+
+		if resp.StatusCode != http.StatusOK {
+			return nil, err
+		}
+
+		file, err = ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		file, err = ioutil.ReadFile(path)
+		if err != nil {
+			return nil, err
+		}
 	}
+
 	return file, err
 }