mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-04-08 10:04:25 +00:00
Code Activity

allow list with policies in test (#5227)

Browse source 
Signed-off-by: bakito <github@bakito.ch>

Signed-off-by: bakito <github@bakito.ch>
Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
Marc Brugger 2022-11-11 16:18:17 +01:00 committed by GitHub
parent 97a2b9a9a3
commit 79d18d1ed6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 112 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
pkg/utils/yaml/loadpolicy.go
View file

@ -6,6 +6,8 @@ import (
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
log "github.com/kyverno/kyverno/pkg/logging"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/yaml"
)
@ -20,25 +22,54 @@ func GetPolicy(bytes []byte) (policies []kyvernov1.PolicyInterface, err error) {
if err != nil {
return nil, fmt.Errorf("failed to convert to JSON: %v", err)
}
policy := &kyvernov1.ClusterPolicy{}
if err := json.Unmarshal(policyBytes, policy); err != nil {
us := &unstructured.Unstructured{}
if err := json.Unmarshal(policyBytes, us); err != nil {
return nil, fmt.Errorf("failed to decode policy: %v", err)
}
if policy.TypeMeta.Kind == "" {
log.V(3).Info("skipping file as policy.TypeMeta.Kind not found")
continue
}
if policy.TypeMeta.Kind != "ClusterPolicy" && policy.TypeMeta.Kind != "Policy" {
return nil, fmt.Errorf("resource %s/%s is not a Policy or a ClusterPolicy", policy.Kind, policy.Name)
}
if policy.Kind == "Policy" {
if policy.Namespace == "" {
policy.Namespace = "default"
if us.IsList() {
list, err := us.ToList()
if err != nil {
return nil, fmt.Errorf("failed to decode policy list: %v", err)
}
for i := range list.Items {
item := list.Items[i]
if policies, err = addPolicy(policies, &item); err != nil {
return nil, err
}
}
} else {
policy.Namespace = ""
if policies, err = addPolicy(policies, us); err != nil {
return nil, err
}
}
policies = append(policies, policy)
}
return policies, nil
}
func addPolicy(policies []kyvernov1.PolicyInterface, us *unstructured.Unstructured) ([]kyvernov1.PolicyInterface, error) {
policy := &kyvernov1.ClusterPolicy{}
if err := runtime.DefaultUnstructuredConverter.FromUnstructured(us.Object, policy); err != nil {
return nil, fmt.Errorf("failed to decode policy: %v", err)
}
if policy.TypeMeta.Kind == "" {
log.V(3).Info("skipping file as policy.TypeMeta.Kind not found")
return policies, nil
}
if policy.TypeMeta.Kind != "ClusterPolicy" && policy.TypeMeta.Kind != "Policy" {
return nil, fmt.Errorf("resource %s/%s is not a Policy or a ClusterPolicy", policy.Kind, policy.Name)
}
if policy.Kind == "Policy" {
if policy.Namespace == "" {
policy.Namespace = "default"
}
} else {
policy.Namespace = ""
}
policies = append(policies, policy)
return policies, nil
}

67
pkg/utils/yaml/loadpolicy_test.go
View file

@ -223,6 +223,73 @@ spec:
clone:
namespace: default
name: game-demo
`),
},
wantPolicies: []policy{
{"Policy", "ns-1"},
{"ClusterPolicy", ""},
},
wantErr: false,
}, {
name: "policy and cluster policy in list",
args: args{
[]byte(`
apiVersion: v1
kind: List
items:
- apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: generate-policy
namespace: ns-1
spec:
rules:
- name: copy-game-demo
match:
resources:
kinds:
- Namespace
exclude:
resources:
namespaces:
- kube-system
- default
- kube-public
- kyverno
generate:
kind: ConfigMap
name: game-demo
namespace: "{{request.object.metadata.name}}"
synchronize: true
clone:
namespace: default
name: game-demo
- apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: generate-policy
spec:
rules:
- name: copy-game-demo
match:
resources:
kinds:
- Namespace
exclude:
resources:
namespaces:
- kube-system
- default
- kube-public
- kyverno
generate:
kind: ConfigMap
name: game-demo
namespace: "{{request.object.metadata.name}}"
synchronize: true
clone:
namespace: default
name: game-demo
`),
},
wantPolicies: []policy{