From 7fca0266788a1d06ee24d857f7bfb758f21555c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Fri, 29 Apr 2022 01:14:48 +0200 Subject: [PATCH] fix: remove supported from autogen status (#3714) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- api/kyverno/v1/common_types.go | 65 -------------------- api/kyverno/v1/policy_status.go | 67 +++++++++++++++++++++ api/kyverno/v1/zz_generated.deepcopy.go | 5 -- charts/kyverno/templates/crds.yaml | 10 --- config/crds/kyverno.io_clusterpolicies.yaml | 5 -- config/crds/kyverno.io_policies.yaml | 5 -- config/install.yaml | 10 --- config/install_debug.yaml | 10 --- docs/crd/v1/index.html | 13 +--- pkg/webhookconfig/configmanager.go | 3 +- 10 files changed, 69 insertions(+), 124 deletions(-) create mode 100644 api/kyverno/v1/policy_status.go diff --git a/api/kyverno/v1/common_types.go b/api/kyverno/v1/common_types.go index 6339faa7b8..5dd5479a56 100755 --- a/api/kyverno/v1/common_types.go +++ b/api/kyverno/v1/common_types.go @@ -5,8 +5,6 @@ import ( "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled. @@ -467,69 +465,6 @@ type CloneFrom struct { Name string `json:"name,omitempty" yaml:"name,omitempty"` } -const ( - // Ready means that the policy is ready - PolicyConditionReady = "Ready" -) - -const ( - // PolicyReasonSucceeded is the reason set when the policy is ready - PolicyReasonSucceeded = "Succeeded" - // PolicyReasonSucceeded is the reason set when the policy is not ready - PolicyReasonFailed = "Failed" -) - -// PolicyStatus mostly contains runtime information related to policy execution. -// Deprecated. Policy metrics are now available via the "/metrics" endpoint. -// See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/ -type PolicyStatus struct { - // Ready indicates if the policy is ready to serve the admission request. - // Deprecated in favor of Conditions - Ready bool `json:"ready" yaml:"ready"` - // Conditions is a list of conditions that apply to the policy - // +optional - Conditions []metav1.Condition `json:"conditions,omitempty"` - // Autogen contains autogen status information - // +optional - Autogen AutogenStatus `json:"autogen" yaml:"autogen"` - // Rules is a list of Rule instances. It contains original rules defined in the spec - // auto generated rules added for pod controllers - Rules []Rule `json:"rules,omitempty" yaml:"rules,omitempty"` -} - -func (status *PolicyStatus) SetReady(ready bool) { - condition := metav1.Condition{ - Type: PolicyConditionReady, - } - if ready { - condition.Status = metav1.ConditionTrue - condition.Reason = PolicyReasonSucceeded - } else { - condition.Status = metav1.ConditionFalse - condition.Reason = PolicyReasonFailed - } - status.Ready = ready - meta.SetStatusCondition(&status.Conditions, condition) -} - -// IsReady indicates if the policy is ready to serve the admission request -func (status *PolicyStatus) IsReady() bool { - condition := meta.FindStatusCondition(status.Conditions, PolicyConditionReady) - return condition != nil && condition.Status == metav1.ConditionTrue -} - -// AutogenStatus contains autogen status information. -// It indicates requested, supported and effective autogen controllers used when -// automatically generating rules. -type AutogenStatus struct { - // Requested indicates the autogen requested controllers - Requested []string `json:"requested,omitempty" yaml:"requested,omitempty"` - // Supported indicates the autogen supported controllers - Supported []string `json:"supported,omitempty" yaml:"supported,omitempty"` - // Activated indicates the autogen activated controllers - Activated []string `json:"activated,omitempty" yaml:"activated,omitempty"` -} - // ResourceSpec contains information to identify a resource. type ResourceSpec struct { // APIVersion specifies resource apiVersion. diff --git a/api/kyverno/v1/policy_status.go b/api/kyverno/v1/policy_status.go new file mode 100644 index 0000000000..6c73b5a008 --- /dev/null +++ b/api/kyverno/v1/policy_status.go @@ -0,0 +1,67 @@ +package v1 + +import ( + "k8s.io/apimachinery/pkg/api/meta" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +const ( + // Ready means that the policy is ready + PolicyConditionReady = "Ready" +) + +const ( + // PolicyReasonSucceeded is the reason set when the policy is ready + PolicyReasonSucceeded = "Succeeded" + // PolicyReasonSucceeded is the reason set when the policy is not ready + PolicyReasonFailed = "Failed" +) + +// PolicyStatus mostly contains runtime information related to policy execution. +// Deprecated. Policy metrics are now available via the "/metrics" endpoint. +// See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/ +type PolicyStatus struct { + // Ready indicates if the policy is ready to serve the admission request. + // Deprecated in favor of Conditions + Ready bool `json:"ready" yaml:"ready"` + // Conditions is a list of conditions that apply to the policy + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` + // Autogen contains autogen status information + // +optional + Autogen AutogenStatus `json:"autogen" yaml:"autogen"` + // Rules is a list of Rule instances. It contains original rules defined in the spec + // auto generated rules added for pod controllers + Rules []Rule `json:"rules,omitempty" yaml:"rules,omitempty"` +} + +func (status *PolicyStatus) SetReady(ready bool) { + condition := metav1.Condition{ + Type: PolicyConditionReady, + } + if ready { + condition.Status = metav1.ConditionTrue + condition.Reason = PolicyReasonSucceeded + } else { + condition.Status = metav1.ConditionFalse + condition.Reason = PolicyReasonFailed + } + status.Ready = ready + meta.SetStatusCondition(&status.Conditions, condition) +} + +// IsReady indicates if the policy is ready to serve the admission request +func (status *PolicyStatus) IsReady() bool { + condition := meta.FindStatusCondition(status.Conditions, PolicyConditionReady) + return condition != nil && condition.Status == metav1.ConditionTrue +} + +// AutogenStatus contains autogen status information. +// It indicates requested and effective autogen controllers used when +// automatically generating rules. +type AutogenStatus struct { + // Requested indicates the autogen requested controllers + Requested []string `json:"requested,omitempty" yaml:"requested,omitempty"` + // Activated indicates the autogen activated controllers + Activated []string `json:"activated,omitempty" yaml:"activated,omitempty"` +} diff --git a/api/kyverno/v1/zz_generated.deepcopy.go b/api/kyverno/v1/zz_generated.deepcopy.go index 0e9e2d308e..03f1252d2c 100755 --- a/api/kyverno/v1/zz_generated.deepcopy.go +++ b/api/kyverno/v1/zz_generated.deepcopy.go @@ -180,11 +180,6 @@ func (in *AutogenStatus) DeepCopyInto(out *AutogenStatus) { *out = make([]string, len(*in)) copy(*out, *in) } - if in.Supported != nil { - in, out := &in.Supported, &out.Supported - *out = make([]string, len(*in)) - copy(*out, *in) - } if in.Activated != nil { in, out := &in.Activated, &out.Activated *out = make([]string, len(*in)) diff --git a/charts/kyverno/templates/crds.yaml b/charts/kyverno/templates/crds.yaml index 680391083f..13939bede8 100644 --- a/charts/kyverno/templates/crds.yaml +++ b/charts/kyverno/templates/crds.yaml @@ -1548,11 +1548,6 @@ spec: items: type: string type: array - supported: - description: Supported indicates the autogen supported controllers - items: - type: string - type: array type: object conditions: description: Conditions is a list of conditions that apply to the policy @@ -5333,11 +5328,6 @@ spec: items: type: string type: array - supported: - description: Supported indicates the autogen supported controllers - items: - type: string - type: array type: object conditions: description: Conditions is a list of conditions that apply to the policy diff --git a/config/crds/kyverno.io_clusterpolicies.yaml b/config/crds/kyverno.io_clusterpolicies.yaml index c2cfdce3bd..84f492edd7 100644 --- a/config/crds/kyverno.io_clusterpolicies.yaml +++ b/config/crds/kyverno.io_clusterpolicies.yaml @@ -2465,11 +2465,6 @@ spec: items: type: string type: array - supported: - description: Supported indicates the autogen supported controllers - items: - type: string - type: array type: object conditions: description: Conditions is a list of conditions that apply to the diff --git a/config/crds/kyverno.io_policies.yaml b/config/crds/kyverno.io_policies.yaml index 21cf364e19..f1a9d741b3 100644 --- a/config/crds/kyverno.io_policies.yaml +++ b/config/crds/kyverno.io_policies.yaml @@ -2467,11 +2467,6 @@ spec: items: type: string type: array - supported: - description: Supported indicates the autogen supported controllers - items: - type: string - type: array type: object conditions: description: Conditions is a list of conditions that apply to the diff --git a/config/install.yaml b/config/install.yaml index f5d5afb328..19b633f022 100644 --- a/config/install.yaml +++ b/config/install.yaml @@ -2482,11 +2482,6 @@ spec: items: type: string type: array - supported: - description: Supported indicates the autogen supported controllers - items: - type: string - type: array type: object conditions: description: Conditions is a list of conditions that apply to the @@ -8327,11 +8322,6 @@ spec: items: type: string type: array - supported: - description: Supported indicates the autogen supported controllers - items: - type: string - type: array type: object conditions: description: Conditions is a list of conditions that apply to the diff --git a/config/install_debug.yaml b/config/install_debug.yaml index 76ce7dedc2..91f6861abd 100755 --- a/config/install_debug.yaml +++ b/config/install_debug.yaml @@ -2471,11 +2471,6 @@ spec: items: type: string type: array - supported: - description: Supported indicates the autogen supported controllers - items: - type: string - type: array type: object conditions: description: Conditions is a list of conditions that apply to the @@ -8292,11 +8287,6 @@ spec: items: type: string type: array - supported: - description: Supported indicates the autogen supported controllers - items: - type: string - type: array type: object conditions: description: Conditions is a list of conditions that apply to the diff --git a/docs/crd/v1/index.html b/docs/crd/v1/index.html index 1d99087396..8580cd8895 100644 --- a/docs/crd/v1/index.html +++ b/docs/crd/v1/index.html @@ -730,7 +730,7 @@ attributes for keyless verification, or a nested attestor declaration.

AutogenStatus contains autogen status information. -It indicates requested, supported and effective autogen controllers used when +It indicates requested and effective autogen controllers used when automatically generating rules.

@@ -754,17 +754,6 @@ automatically generating rules.

- - - -
-supported
- -[]string - -		 -

Supported indicates the autogen supported controllers

-
activated
[]string diff --git a/pkg/webhookconfig/configmanager.go b/pkg/webhookconfig/configmanager.go index 8890b5c500..68d3b799c7 100644 --- a/pkg/webhookconfig/configmanager.go +++ b/pkg/webhookconfig/configmanager.go @@ -705,10 +705,9 @@ func (m *webhookConfigManager) compareAndUpdateWebhook(webhookKind, webhookName func (m *webhookConfigManager) updateStatus(namespace, name string, ready bool) error { update := func(meta *metav1.ObjectMeta, spec *kyverno.Spec, status *kyverno.PolicyStatus) bool { copy := status.DeepCopy() - requested, supported, activated := autogen.GetControllers(meta, spec, m.log) + requested, _, activated := autogen.GetControllers(meta, spec, m.log) status.SetReady(ready) status.Autogen.Requested = requested - status.Autogen.Supported = supported status.Autogen.Activated = activated status.Rules = spec.Rules return !reflect.DeepEqual(status, copy)