diff --git a/pkg/policyreport/builder.go b/pkg/policyreport/builder.go index bd665ef1d7..e8f53986a8 100644 --- a/pkg/policyreport/builder.go +++ b/pkg/policyreport/builder.go @@ -3,7 +3,6 @@ package policyreport import ( "encoding/json" "fmt" - "reflect" "time" "github.com/go-logr/logr" @@ -233,7 +232,7 @@ func set(obj *unstructured.Unstructured, info Info) { func setRequestDeletionLabels(req *unstructured.Unstructured, info Info) bool { switch { - case isResourceDeletion(info): + case info.isResourceDeletion(): req.SetAnnotations(map[string]string{ deletedAnnotationResourceName: info.Results[0].Resource.Name, deletedAnnotationResourceKind: info.Results[0].Resource.Kind, @@ -244,7 +243,7 @@ func setRequestDeletionLabels(req *unstructured.Unstructured, info Info) bool { req.SetLabels(labels) return true - case isPolicyDeletion(info): + case info.isPolicyDeletion(): req.SetKind("ReportChangeRequest") req.SetGenerateName("rcr-") @@ -253,7 +252,7 @@ func setRequestDeletionLabels(req *unstructured.Unstructured, info Info) bool { req.SetLabels(labels) return true - case isRuleDeletion(info): + case info.isRuleDeletion(): req.SetKind("ReportChangeRequest") req.SetGenerateName("rcr-") @@ -395,21 +394,3 @@ func (builder *requestBuilder) fetchAnnotations(policy, ns string) map[string]st return make(map[string]string) } - -func isResourceDeletion(info Info) bool { - return info.PolicyName == "" && len(info.Results) == 1 && info.GetRuleLength() == 0 -} - -func isPolicyDeletion(info Info) bool { - return info.PolicyName != "" && len(info.Results) == 0 -} - -func isRuleDeletion(info Info) bool { - if info.PolicyName != "" && len(info.Results) == 1 { - result := info.Results[0] - if len(result.Rules) == 1 && reflect.DeepEqual(result.Resource, response.ResourceSpec{}) { - return true - } - } - return false -} diff --git a/pkg/policyreport/changerequestcreator.go b/pkg/policyreport/changerequestcreator.go index 8331b1d6be..420e44cb3e 100644 --- a/pkg/policyreport/changerequestcreator.go +++ b/pkg/policyreport/changerequestcreator.go @@ -29,9 +29,9 @@ type changeRequestCreator struct { client versioned.Interface // addCache preserves requests that are to be added to report - RCRCache *cache.Cache + rcr_cache *cache.Cache - CRCRCache *cache.Cache + crcr_cache *cache.Cache // removeCache preserves requests that are to be removed from report // removeCache *cache.Cache mutex sync.RWMutex @@ -45,8 +45,8 @@ type changeRequestCreator struct { func newChangeRequestCreator(client versioned.Interface, tickerInterval time.Duration, log logr.Logger) creator { return &changeRequestCreator{ client: client, - RCRCache: cache.New(0, 24*time.Hour), - CRCRCache: cache.New(0, 24*time.Hour), + rcr_cache: cache.New(0, 24*time.Hour), + crcr_cache: cache.New(0, 24*time.Hour), queue: []string{}, tickerInterval: tickerInterval, log: log, @@ -59,19 +59,19 @@ func (c *changeRequestCreator) add(request *unstructured.Unstructured) { switch request.GetKind() { case "ClusterReportChangeRequest": - err = c.CRCRCache.Add(uid.String(), request, cache.NoExpiration) + err = c.crcr_cache.Add(uid.String(), request, cache.NoExpiration) if err != nil { - c.log.Error(err, "failed to add ClusterReportChangeRequest to cache, replacing", "cache length", c.CRCRCache.ItemCount()) - if err = c.CRCRCache.Replace(uid.String(), request, cache.NoExpiration); err != nil { + c.log.Error(err, "failed to add ClusterReportChangeRequest to cache, replacing", "cache length", c.crcr_cache.ItemCount()) + if err = c.crcr_cache.Replace(uid.String(), request, cache.NoExpiration); err != nil { c.log.Error(err, "failed to replace CRCR") return } } case "ReportChangeRequest": - err = c.RCRCache.Add(uid.String(), request, cache.NoExpiration) + err = c.rcr_cache.Add(uid.String(), request, cache.NoExpiration) if err != nil { - c.log.Error(err, "failed to add ReportChangeRequest to cache, replacing", "cache length", c.RCRCache.ItemCount()) - if err = c.RCRCache.Replace(uid.String(), request, cache.NoExpiration); err != nil { + c.log.Error(err, "failed to add ReportChangeRequest to cache, replacing", "cache length", c.rcr_cache.ItemCount()) + if err = c.rcr_cache.Replace(uid.String(), request, cache.NoExpiration); err != nil { c.log.Error(err, "failed to replace RCR") return } @@ -147,8 +147,8 @@ func (c *changeRequestCreator) cleanupQueue(size int) { for i := 0; i < size; i++ { uid := c.queue[i] - c.CRCRCache.Delete(uid) - c.RCRCache.Delete(uid) + c.crcr_cache.Delete(uid) + c.rcr_cache.Delete(uid) } c.queue = c.queue[size:] @@ -165,7 +165,7 @@ func (c *changeRequestCreator) mergeRequests() (results []*unstructured.Unstruct size = len(c.queue) for _, uid := range c.queue { - if unstr, ok := c.CRCRCache.Get(uid); ok { + if unstr, ok := c.crcr_cache.Get(uid); ok { if crcr, ok := unstr.(*unstructured.Unstructured); ok { if isDeleteRequest(crcr) { if !reflect.DeepEqual(mergedCRCR, &unstructured.Unstructured{}) { @@ -189,7 +189,7 @@ func (c *changeRequestCreator) mergeRequests() (results []*unstructured.Unstruct continue } - if unstr, ok := c.RCRCache.Get(uid); ok { + if unstr, ok := c.rcr_cache.Get(uid); ok { if rcr, ok := unstr.(*unstructured.Unstructured); ok { resourceNS := rcr.GetLabels()[ResourceLabelNamespace] mergedNamespacedRCR, ok := mergedRCR[resourceNS] @@ -244,7 +244,7 @@ func (c *changeRequestCreator) mergeRequestsPerPolicy() (results []*unstructured size = len(c.queue) for _, uid := range c.queue { - if unstr, ok := c.CRCRCache.Get(uid); ok { + if unstr, ok := c.crcr_cache.Get(uid); ok { if crcr, ok := unstr.(*unstructured.Unstructured); ok { policyName := crcr.GetLabels()[policyLabel] mergedPolicyCRCR, ok := mergedCRCR[policyName] @@ -276,7 +276,7 @@ func (c *changeRequestCreator) mergeRequestsPerPolicy() (results []*unstructured continue } - if unstr, ok := c.RCRCache.Get(uid); ok { + if unstr, ok := c.rcr_cache.Get(uid); ok { if rcr, ok := unstr.(*unstructured.Unstructured); ok { policyName := rcr.GetLabels()[policyLabel] resourceNS := rcr.GetLabels()[ResourceLabelNamespace] diff --git a/pkg/policyreport/info.go b/pkg/policyreport/info.go new file mode 100644 index 0000000000..3e33caef4b --- /dev/null +++ b/pkg/policyreport/info.go @@ -0,0 +1,62 @@ +package policyreport + +import ( + "reflect" + "strconv" + "strings" + + kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" + "github.com/kyverno/kyverno/pkg/engine/response" +) + +// Info stores the policy application results for all matched resources +// Namespace is set to empty "" if resource is cluster wide resource +type Info struct { + PolicyName string + Namespace string + Results []EngineResponseResult +} + +type EngineResponseResult struct { + Resource response.ResourceSpec + Rules []kyvernov1.ViolatedRule +} + +func (i Info) ToKey() string { + keys := []string{ + i.PolicyName, + i.Namespace, + strconv.Itoa(len(i.Results)), + } + + for _, result := range i.Results { + keys = append(keys, result.Resource.GetKey()) + } + return strings.Join(keys, "/") +} + +func (i Info) GetRuleLength() int { + l := 0 + for _, res := range i.Results { + l += len(res.Rules) + } + return l +} + +func (info Info) isResourceDeletion() bool { + return info.PolicyName == "" && len(info.Results) == 1 && info.GetRuleLength() == 0 +} + +func (info Info) isPolicyDeletion() bool { + return info.PolicyName != "" && len(info.Results) == 0 +} + +func (info Info) isRuleDeletion() bool { + if info.PolicyName != "" && len(info.Results) == 1 { + result := info.Results[0] + if len(result.Rules) == 1 && reflect.DeepEqual(result.Resource, response.ResourceSpec{}) { + return true + } + } + return false +} diff --git a/pkg/policyreport/reportrequest.go b/pkg/policyreport/reportrequest.go index 0dc57444b9..6d79049f01 100644 --- a/pkg/policyreport/reportrequest.go +++ b/pkg/policyreport/reportrequest.go @@ -3,19 +3,16 @@ package policyreport import ( "fmt" "reflect" - "strconv" "strings" "sync" "time" "github.com/go-logr/logr" - kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" "github.com/kyverno/kyverno/pkg/client/clientset/versioned" kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1" kyvernov1alpha2informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha2" kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" kyvernov1alpha2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha2" - "github.com/kyverno/kyverno/pkg/engine/response" cmap "github.com/orcaman/concurrent-map" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/wait" @@ -123,40 +120,6 @@ func (ds *dataStore) delete(keyHash string) { delete(ds.data, keyHash) } -// Info stores the policy application results for all matched resources -// Namespace is set to empty "" if resource is cluster wide resource -type Info struct { - PolicyName string - Namespace string - Results []EngineResponseResult -} - -type EngineResponseResult struct { - Resource response.ResourceSpec - Rules []kyvernov1.ViolatedRule -} - -func (i Info) ToKey() string { - keys := []string{ - i.PolicyName, - i.Namespace, - strconv.Itoa(len(i.Results)), - } - - for _, result := range i.Results { - keys = append(keys, result.Resource.GetKey()) - } - return strings.Join(keys, "/") -} - -func (i Info) GetRuleLength() int { - l := 0 - for _, res := range i.Results { - l += len(res.Rules) - } - return l -} - func parseKeyHash(keyHash string) (policyName, ns string) { keys := strings.Split(keyHash, "/") return keys[0], keys[1]