mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

fix: polex mem footprint (#9954)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2024-03-28 10:31:40 +01:00 committed by GitHub
parent baa9eb2fd3
commit 76bd67739a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 14 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
pkg/engine/exceptions.go
View file

@ -10,18 +10,9 @@ import (
func (e *engine) GetPolicyExceptions(
policy kyvernov1.PolicyInterface,
rule string,
) ([]kyvernov2beta1.PolicyException, error) {
var exceptions []kyvernov2beta1.PolicyException
) ([]*kyvernov2beta1.PolicyException, error) {
if e.exceptionSelector == nil {
return exceptions, nil
return nil, nil
}
policyName := cache.MetaObjectToName(policy).String()
polexs, err := e.exceptionSelector.Find(policyName, rule)
if err != nil {
return exceptions, err
}
for _, polex := range polexs {
exceptions = append(exceptions, *polex)
}
return exceptions, nil
return e.exceptionSelector.Find(cache.MetaObjectToName(policy).String(), rule)
}

2
pkg/engine/handlers/handler.go
View file

@ -18,7 +18,7 @@ type Handler interface {
unstructured.Unstructured,
kyvernov1.Rule,
engineapi.EngineContextLoader,
[]kyvernov2beta1.PolicyException,
[]*kyvernov2beta1.PolicyException,
) (unstructured.Unstructured, []engineapi.RuleResponse)
}

2
pkg/engine/handlers/mutation/mutate_existing.go
View file

@ -35,7 +35,7 @@ func (h mutateExistingHandler) Process(
resource unstructured.Unstructured,
rule kyvernov1.Rule,
contextLoader engineapi.EngineContextLoader,
exceptions []kyvernov2beta1.PolicyException,
exceptions []*kyvernov2beta1.PolicyException,
) (unstructured.Unstructured, []engineapi.RuleResponse) {
// check if there is a policy exception matches the incoming resource
exception := engineutils.MatchesException(exceptions, policyContext, logger)

2
pkg/engine/handlers/mutation/mutate_image.go
View file

@ -66,7 +66,7 @@ func (h mutateImageHandler) Process(
resource unstructured.Unstructured,
rule kyvernov1.Rule,
contextLoader engineapi.EngineContextLoader,
exceptions []kyvernov2beta1.PolicyException,
exceptions []*kyvernov2beta1.PolicyException,
) (unstructured.Unstructured, []engineapi.RuleResponse) {
// check if there is a policy exception matches the incoming resource
exception := engineutils.MatchesException(exceptions, policyContext, logger)

2
pkg/engine/handlers/mutation/mutate_resource.go
View file

@ -28,7 +28,7 @@ func (h mutateResourceHandler) Process(
resource unstructured.Unstructured,
rule kyvernov1.Rule,
contextLoader engineapi.EngineContextLoader,
exceptions []kyvernov2beta1.PolicyException,
exceptions []*kyvernov2beta1.PolicyException,
) (unstructured.Unstructured, []engineapi.RuleResponse) {
// check if there is a policy exception matches the incoming resource
exception := engineutils.MatchesException(exceptions, policyContext, logger)

2
pkg/engine/handlers/validation/validate_cel.go
View file

@ -44,7 +44,7 @@ func (h validateCELHandler) Process(
resource unstructured.Unstructured,
rule kyvernov1.Rule,
_ engineapi.EngineContextLoader,
exceptions []kyvernov2beta1.PolicyException,
exceptions []*kyvernov2beta1.PolicyException,
) (unstructured.Unstructured, []engineapi.RuleResponse) {
if engineutils.IsDeleteRequest(policyContext) {
logger.V(3).Info("skipping CEL validation on deleted resource")

2
pkg/engine/handlers/validation/validate_image.go
View file

@ -45,7 +45,7 @@ func (h validateImageHandler) Process(
resource unstructured.Unstructured,
rule kyvernov1.Rule,
_ engineapi.EngineContextLoader,
exceptions []kyvernov2beta1.PolicyException,
exceptions []*kyvernov2beta1.PolicyException,
) (unstructured.Unstructured, []engineapi.RuleResponse) {
// check if there is a policy exception matches the incoming resource
exception := engineutils.MatchesException(exceptions, policyContext, logger)

2
pkg/engine/handlers/validation/validate_manifest.go
View file

@ -57,7 +57,7 @@ func (h validateManifestHandler) Process(
resource unstructured.Unstructured,
rule kyvernov1.Rule,
_ engineapi.EngineContextLoader,
exceptions []kyvernov2beta1.PolicyException,
exceptions []*kyvernov2beta1.PolicyException,
) (unstructured.Unstructured, []engineapi.RuleResponse) {
// check if there is a policy exception matches the incoming resource
exception := engineutils.MatchesException(exceptions, policyContext, logger)

2
pkg/engine/handlers/validation/validate_pss.go
View file

@ -37,7 +37,7 @@ func (h validatePssHandler) Process(
resource unstructured.Unstructured,
rule kyvernov1.Rule,
_ engineapi.EngineContextLoader,
exceptions []kyvernov2beta1.PolicyException,
exceptions []*kyvernov2beta1.PolicyException,
) (unstructured.Unstructured, []engineapi.RuleResponse) {
if engineutils.IsDeleteRequest(policyContext) {
logger.V(3).Info("skipping PSS validation on deleted resource")

2
pkg/engine/handlers/validation/validate_resource.go
View file

@ -38,7 +38,7 @@ func (h validateResourceHandler) Process(
resource unstructured.Unstructured,
rule kyvernov1.Rule,
contextLoader engineapi.EngineContextLoader,
exceptions []kyvernov2beta1.PolicyException,
exceptions []*kyvernov2beta1.PolicyException,
) (unstructured.Unstructured, []engineapi.RuleResponse) {
// check if there is a policy exception matches the incoming resource
exception := engineutils.MatchesException(exceptions, policyContext, logger)

4
pkg/engine/utils/exceptions.go
View file

@ -11,7 +11,7 @@ import (
// MatchesException takes a list of exceptions and checks if there is an exception applies to the incoming resource.
// It returns the matched policy exception.
func MatchesException(
polexs []kyvernov2beta1.PolicyException,
polexs []*kyvernov2beta1.PolicyException,
policyContext engineapi.PolicyContext,
logger logr.Logger,
) *kyvernov2beta1.PolicyException {
@ -40,7 +40,7 @@ func MatchesException(
return nil
}
}
return &polex
return polex
}
}
return nil