mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
added policyreport to cli
This commit is contained in:
NoSkillGirl
parent
3d2bb58395
commit
80aa6eb9f5
6 changed files with 164 additions and 37 deletions
3
Makefile
3
Makefile
|
|
@ -92,7 +92,8 @@ CLI_PATH := cmd/cli/kubectl-kyverno
|
|||
KYVERNO_CLI_IMAGE := kyverno-cli
|
||||
|
||||
cli:
|
||||
GOOS=$(GOOS) go build -o $(PWD)/$(CLI_PATH)/kyverno -ldflags=$(LD_FLAGS) $(PWD)/$(CLI_PATH)/main.go
|
||||
go build -o $(PWD)/$(CLI_PATH)/kyverno -ldflags=$(LD_FLAGS) $(PWD)/$(CLI_PATH)/main.go
|
||||
# GOOS=$(GOOS) go build -o $(PWD)/$(CLI_PATH)/kyverno -ldflags=$(LD_FLAGS) $(PWD)/$(CLI_PATH)/main.go
|
||||
|
||||
docker-publish-cli: docker-build-cli docker-tag-repo-cli docker-push-cli
|
||||
|
||||
|
|
|
|||
9
go.sum
9
go.sum
|
|
@ -88,6 +88,7 @@ github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NR
|
|||
github.com/benlaurie/objecthash v0.0.0-20180202135721-d1e3d6079fc1/go.mod h1:jvdWlw8vowVGnZqSDC7yhPd7AifQeQbRDkZcQXV2nRg=
|
||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
|
||||
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
|
||||
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
|
||||
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
|
||||
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
|
||||
|
|
@ -341,6 +342,7 @@ github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSN
|
|||
github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
|
||||
github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
|
||||
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
||||
github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
|
||||
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
||||
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
|
||||
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
|
||||
|
|
@ -612,6 +614,7 @@ github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4
|
|||
github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
|
||||
github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
|
||||
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
|
||||
github.com/prometheus/client_golang v1.1.0 h1:BQ53HtBmfOitExawJ6LokA4x8ov/z0SYYb0+HxJfRI8=
|
||||
github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
|
||||
github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
|
||||
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
|
|
@ -619,6 +622,7 @@ github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:
|
|||
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
|
||||
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
|
||||
github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
|
||||
|
|
@ -626,6 +630,7 @@ github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8
|
|||
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
|
||||
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
|
||||
github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
|
||||
github.com/prometheus/common v0.7.0 h1:L+1lyG48J1zAQXA3RBX/nG/B3gjlHq0zTt2tlbJLyCY=
|
||||
github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
|
||||
github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
|
||||
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
|
|
@ -634,6 +639,7 @@ github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R
|
|||
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
|
||||
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
|
||||
github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
|
||||
github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
|
||||
github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
|
||||
github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
|
||||
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
|
||||
|
|
@ -992,6 +998,7 @@ google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac
|
|||
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
|
||||
google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
|
||||
google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
|
||||
google.golang.org/grpc v1.26.0 h1:2dTRdpdFEEhJYQD8EMLB61nnrzSCTbG38PhqdhvOltg=
|
||||
google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
|
||||
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
|
||||
|
|
@ -1114,6 +1121,7 @@ k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3
|
|||
k8s.io/utils v0.0.0-20190801114015-581e00157fb1/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
|
||||
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo=
|
||||
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
|
||||
k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89 h1:d4vVOjXm687F1iLSP2q3lyPPuyvTUt3aVoBpi2DqRsU=
|
||||
k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
|
||||
mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
|
||||
mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
|
||||
|
|
@ -1137,6 +1145,7 @@ sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1
|
|||
sigs.k8s.io/structured-merge-diff v1.0.1 h1:LOs1LZWMsz1xs77Phr/pkB4LFaavH7IVq/3+WTN9XTA=
|
||||
sigs.k8s.io/structured-merge-diff v1.0.1/go.mod h1:IIgPezJWb76P0hotTxzDbWsMYB8APh18qZnxkomBpxA=
|
||||
sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
|
||||
sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E=
|
||||
sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
|
||||
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
|
||||
sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
|
||||
|
|
|
|||
|
|
@ -39,8 +39,8 @@ type resultCounts struct {
|
|||
func Command() *cobra.Command {
|
||||
var cmd *cobra.Command
|
||||
var resourcePaths []string
|
||||
var cluster bool
|
||||
var mutateLogPath, variablesString, valuesFile string
|
||||
var cluster, policy_report bool
|
||||
var mutateLogPath, variablesString, valuesFile, scope string
|
||||
variables := make(map[string]string)
|
||||
|
||||
type Resource struct {
|
||||
|
|
@ -75,10 +75,25 @@ func Command() *cobra.Command {
|
|||
}
|
||||
}()
|
||||
|
||||
fmt.Println("+++++++++++++++++++++++++++ 1")
|
||||
|
||||
// base validations
|
||||
if valuesFile != "" && variablesString != "" {
|
||||
return sanitizedError.NewWithError("pass the values either using set flag or values_file flag", err)
|
||||
}
|
||||
|
||||
fmt.Println("+++++++++++++++++++++++++++ 2")
|
||||
// get the variables from (-s) param
|
||||
if variablesString != "" {
|
||||
kvpairs := strings.Split(strings.Trim(variablesString, " "), ",")
|
||||
for _, kvpair := range kvpairs {
|
||||
kvs := strings.Split(strings.Trim(kvpair, " "), "=")
|
||||
variables[strings.Trim(kvs[0], " ")] = strings.Trim(kvs[1], " ")
|
||||
}
|
||||
}
|
||||
|
||||
fmt.Println("+++++++++++++++++++++++++++ 3")
|
||||
// get the variable values from valuesFile (-f)
|
||||
if valuesFile != "" {
|
||||
yamlFile, err := ioutil.ReadFile(valuesFile)
|
||||
if err != nil {
|
||||
|
|
@ -104,14 +119,39 @@ func Command() *cobra.Command {
|
|||
}
|
||||
}
|
||||
|
||||
if variablesString != "" {
|
||||
kvpairs := strings.Split(strings.Trim(variablesString, " "), ",")
|
||||
for _, kvpair := range kvpairs {
|
||||
kvs := strings.Split(strings.Trim(kvpair, " "), "=")
|
||||
variables[strings.Trim(kvs[0], " ")] = strings.Trim(kvs[1], " ")
|
||||
fmt.Println("+++++++++++++++++++++++++++ 4")
|
||||
|
||||
openAPIController, err := openapi.NewOpenAPIController()
|
||||
if err != nil {
|
||||
return sanitizedError.NewWithError("failed to initialize openAPIController", err)
|
||||
}
|
||||
|
||||
var dClient *client.Client
|
||||
if cluster {
|
||||
restConfig, err := kubernetesConfig.ToRESTConfig()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
dClient, err = client.NewClient(restConfig, 5*time.Minute, make(chan struct{}), log.Log)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
fmt.Println("+++++++++++++++++++++++++++ 5")
|
||||
|
||||
policies, err := common.ValidateAndGetPolicies(policyPaths, cluster, dClient)
|
||||
if err != nil {
|
||||
if !sanitizedError.IsErrorSanitized(err) {
|
||||
return sanitizedError.NewWithError("failed to mutate policies.", err)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
fmt.Println("+++++++++++++++++++++++++++ 6")
|
||||
|
||||
|
||||
|
||||
if len(resourcePaths) == 0 && !cluster {
|
||||
return sanitizedError.NewWithError(fmt.Sprintf("resource file(s) or cluster required"), err)
|
||||
}
|
||||
|
|
@ -135,30 +175,8 @@ func Command() *cobra.Command {
|
|||
}
|
||||
}
|
||||
|
||||
policies, err := common.GetPoliciesValidation(policyPaths)
|
||||
if err != nil {
|
||||
if !sanitizedError.IsErrorSanitized(err) {
|
||||
return sanitizedError.NewWithError("failed to mutate policies.", err)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
openAPIController, err := openapi.NewOpenAPIController()
|
||||
if err != nil {
|
||||
return sanitizedError.NewWithError("failed to initialize openAPIController", err)
|
||||
}
|
||||
|
||||
var dClient *client.Client
|
||||
if cluster {
|
||||
restConfig, err := kubernetesConfig.ToRESTConfig()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
dClient, err = client.NewClient(restConfig, 5*time.Minute, make(chan struct{}), log.Log)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
var resources []*unstructured.Unstructured
|
||||
if len(resourcePaths) > 0 && resourcePaths[0] == "-" {
|
||||
|
|
@ -257,6 +275,8 @@ func Command() *cobra.Command {
|
|||
cmd.Flags().StringVarP(&mutateLogPath, "output", "o", "", "Prints the mutated resources in provided file/directory")
|
||||
cmd.Flags().StringVarP(&variablesString, "set", "s", "", "Variables that are required")
|
||||
cmd.Flags().StringVarP(&valuesFile, "values_file", "f", "", "File containing values for policy variables")
|
||||
cmd.Flags().BoolVarP(&policy_report, "policy_report", "", false, "Generates policy report when passed (default policyviolation r")
|
||||
cmd.Flags().StringVarP(&scope, "scope", "", "", "Optional parameter passed with cluster flag")
|
||||
return cmd
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,38 +19,60 @@ import (
|
|||
"github.com/kyverno/kyverno/pkg/kyverno/sanitizedError"
|
||||
"github.com/kyverno/kyverno/pkg/policymutation"
|
||||
"github.com/kyverno/kyverno/pkg/utils"
|
||||
client "github.com/kyverno/kyverno/pkg/dclient"
|
||||
)
|
||||
|
||||
// GetPolicies - Extracting the policies from multiple YAML
|
||||
func GetPolicies(paths []string) (policies []*v1.ClusterPolicy, error error) {
|
||||
func GetPolicies(paths []string,cluster bool, dClient *client.Client) (policies []*v1.ClusterPolicy, error error) {
|
||||
for _, path := range paths {
|
||||
|
||||
fmt.Println("------------------ -3 ")
|
||||
|
||||
path = filepath.Clean(path)
|
||||
fmt.Println("------------------ -2 ")
|
||||
|
||||
fileDesc, err := os.Stat(path)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
p, err := getPolicyFromCluster(path, cluster, dClient)
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
policies = append(policies, p)
|
||||
continue
|
||||
}
|
||||
fmt.Println("------------------ -1 ")
|
||||
|
||||
if fileDesc.IsDir() {
|
||||
fmt.Println("------------------ 0 ")
|
||||
files, err := ioutil.ReadDir(path)
|
||||
if err != nil {
|
||||
fmt.Println("------------------1")
|
||||
return nil, sanitizedError.NewWithError(fmt.Sprintf("failed to parse %v", path), err)
|
||||
}
|
||||
|
||||
fmt.Println("------------------2")
|
||||
listOfFiles := make([]string, 0)
|
||||
for _, file := range files {
|
||||
listOfFiles = append(listOfFiles, filepath.Join(path, file.Name()))
|
||||
}
|
||||
|
||||
policiesFromDir, err := GetPolicies(listOfFiles)
|
||||
fmt.Println("------------------3")
|
||||
policiesFromDir, err := GetPolicies(listOfFiles, cluster, dClient)
|
||||
if err != nil {
|
||||
return nil, sanitizedError.NewWithError(fmt.Sprintf("failed to extract policies from %v", listOfFiles), err)
|
||||
}
|
||||
fmt.Println("------------------4")
|
||||
|
||||
policies = append(policies, policiesFromDir...)
|
||||
} else {
|
||||
fmt.Println("------------------5")
|
||||
file, err := ioutil.ReadFile(path)
|
||||
if err != nil {
|
||||
fmt.Println("------------------6")
|
||||
// check if cluster flag is passed and get the policy from cluster
|
||||
getPolicyFromCluster(path, cluster, dClient)
|
||||
return nil, sanitizedError.NewWithError(fmt.Sprintf("failed to load file %v", path), err)
|
||||
}
|
||||
getPolicies, getErrors := utils.GetPolicy(file)
|
||||
|
|
@ -73,9 +95,61 @@ func GetPolicies(paths []string) (policies []*v1.ClusterPolicy, error error) {
|
|||
return policies, nil
|
||||
}
|
||||
|
||||
//GetPoliciesValidation - validating policies
|
||||
func GetPoliciesValidation(policyPaths []string) ([]*v1.ClusterPolicy, error) {
|
||||
policies, err := GetPolicies(policyPaths)
|
||||
func getPolicyFromCluster(policyName string,cluster bool, dClient *client.Client) (*v1.ClusterPolicy, error){
|
||||
fmt.Println("getPolicyFromCluster:", policyName, cluster, dClient)
|
||||
|
||||
if !cluster {
|
||||
return &v1.ClusterPolicy{}, nil
|
||||
}
|
||||
//var policy []*unstructured.Unstructured
|
||||
policy, err := dClient.GetResource("", "ClusterPolicy", "", policyName, "")
|
||||
|
||||
fmt.Println("********************* 1")
|
||||
fmt.Println(policy)
|
||||
|
||||
policyBytes, err := json.Marshal(policy.Object)
|
||||
if err != nil {
|
||||
fmt.Println("********************* 2")
|
||||
fmt.Println(err)
|
||||
return &v1.ClusterPolicy{}, err
|
||||
}
|
||||
|
||||
var p v1.ClusterPolicy
|
||||
err = json.Unmarshal(policyBytes, &p)
|
||||
|
||||
if err != nil {
|
||||
fmt.Println("********************* 3")
|
||||
fmt.Println(err)
|
||||
return &v1.ClusterPolicy{}, err
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
fmt.Println("Error Occurred while fetching policy from cluster ", err)
|
||||
}
|
||||
|
||||
//for _, kind := range resourceTypes {
|
||||
// resourceList, err := dClient.ListResource("", kind, "", nil)
|
||||
// if err != nil {
|
||||
// return nil, err
|
||||
// }
|
||||
//
|
||||
// version := resourceList.GetAPIVersion()
|
||||
// for _, resource := range resourceList.Items {
|
||||
// resource.SetGroupVersionKind(schema.GroupVersionKind{
|
||||
// Group: "",
|
||||
// Version: version,
|
||||
// Kind: kind,
|
||||
// })
|
||||
// resources = append(resources, resource.DeepCopy())
|
||||
// }
|
||||
//}
|
||||
|
||||
return &p, nil
|
||||
}
|
||||
|
||||
//ValidateAndGetPolicies - validating policies
|
||||
func ValidateAndGetPolicies(policyPaths []string, cluster bool, dClient *client.Client) ([]*v1.ClusterPolicy, error) {
|
||||
policies, err := GetPolicies(policyPaths, cluster, dClient)
|
||||
if err != nil {
|
||||
if !sanitizedError.IsErrorSanitized(err) {
|
||||
return nil, sanitizedError.NewWithError((fmt.Sprintf("failed to parse %v path/s.", policyPaths)), err)
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import (
|
|||
"encoding/json"
|
||||
"errors"
|
||||
"io/ioutil"
|
||||
"fmt"
|
||||
|
||||
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
|
||||
"github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
|
||||
|
|
@ -40,6 +41,7 @@ func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient
|
|||
|
||||
resources, err = getResourcesOfTypeFromCluster(resourceTypes, dClient)
|
||||
if err != nil {
|
||||
fmt.Println("$$$$$$$$$$$$$$$$$$$$$$$$")
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
|
@ -47,10 +49,12 @@ func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient
|
|||
for _, resourcePath := range resourcePaths {
|
||||
resourceBytes, err := getFileBytes(resourcePath)
|
||||
if err != nil {
|
||||
fmt.Println("######################## 1")
|
||||
return nil, err
|
||||
}
|
||||
getResources, err := GetResource(resourceBytes)
|
||||
if err != nil {
|
||||
fmt.Println("######################## 2")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
@ -64,17 +68,20 @@ func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient
|
|||
|
||||
// GetResource converts raw bytes to unstructured object
|
||||
func GetResource(resourceBytes []byte) ([]*unstructured.Unstructured, error) {
|
||||
fmt.Println("@@@@@@@@@@@@@@@@@@@@@@ 1")
|
||||
resources := make([]*unstructured.Unstructured, 0)
|
||||
var getErrString string
|
||||
|
||||
files, splitDocError := utils.SplitYAMLDocuments(resourceBytes)
|
||||
if splitDocError != nil {
|
||||
fmt.Println("@@@@@@@@@@@@@@@@@@@@@@ 2")
|
||||
return nil, splitDocError
|
||||
}
|
||||
|
||||
for _, resourceYaml := range files {
|
||||
resource, err := convertResourceToUnstructured(resourceYaml)
|
||||
if err != nil {
|
||||
fmt.Println("@@@@@@@@@@@@@@@@@@@@@@ 3")
|
||||
getErrString = getErrString + err.Error() + "\n"
|
||||
}
|
||||
|
||||
|
|
@ -82,6 +89,7 @@ func GetResource(resourceBytes []byte) ([]*unstructured.Unstructured, error) {
|
|||
}
|
||||
|
||||
if getErrString != "" {
|
||||
fmt.Println("@@@@@@@@@@@@@@@@@@@@@@ 4")
|
||||
return nil, errors.New(getErrString)
|
||||
}
|
||||
|
||||
|
|
@ -89,11 +97,18 @@ func GetResource(resourceBytes []byte) ([]*unstructured.Unstructured, error) {
|
|||
}
|
||||
|
||||
func getResourcesOfTypeFromCluster(resourceTypes []string, dClient *client.Client) ([]*unstructured.Unstructured, error) {
|
||||
|
||||
fmt.Println("^^^^^^^^^^^^^^^^^^^ 1")
|
||||
|
||||
var resources []*unstructured.Unstructured
|
||||
|
||||
for _, kind := range resourceTypes {
|
||||
fmt.Println("kind:", kind)
|
||||
|
||||
resourceList, err := dClient.ListResource("", kind, "", nil)
|
||||
if err != nil {
|
||||
fmt.Println("^^^^^^^^^^^^^^^^^^^ 2")
|
||||
fmt.Println(err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
@ -107,6 +122,7 @@ func getResourcesOfTypeFromCluster(resourceTypes []string, dClient *client.Clien
|
|||
resources = append(resources, resource.DeepCopy())
|
||||
}
|
||||
}
|
||||
fmt.Println("^^^^^^^^^^^^^^^^^^^ 3")
|
||||
|
||||
return resources, nil
|
||||
}
|
||||
|
|
@ -123,21 +139,25 @@ func convertResourceToUnstructured(resourceYaml []byte) (*unstructured.Unstructu
|
|||
decode := scheme.Codecs.UniversalDeserializer().Decode
|
||||
resourceObject, metaData, err := decode(resourceYaml, nil, nil)
|
||||
if err != nil {
|
||||
fmt.Println("!!!!!!!!!!!!!!!!! 1")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
resourceUnstructured, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&resourceObject)
|
||||
if err != nil {
|
||||
fmt.Println("!!!!!!!!!!!!!!!!! 2")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
resourceJSON, err := json.Marshal(resourceUnstructured)
|
||||
if err != nil {
|
||||
fmt.Println("!!!!!!!!!!!!!!!!! 3")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
resource, err := engineutils.ConvertToUnstructured(resourceJSON)
|
||||
if err != nil {
|
||||
fmt.Println("!!!!!!!!!!!!!!!!! 4")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import (
|
|||
|
||||
log "sigs.k8s.io/controller-runtime/pkg/log"
|
||||
yaml "sigs.k8s.io/yaml"
|
||||
client "github.com/kyverno/kyverno/pkg/dclient"
|
||||
)
|
||||
|
||||
func Command() *cobra.Command {
|
||||
|
|
@ -76,7 +77,9 @@ func Command() *cobra.Command {
|
|||
}
|
||||
}
|
||||
} else {
|
||||
policies, err = common.GetPoliciesValidation(policyPaths)
|
||||
cluster := false
|
||||
var dClient *client.Client
|
||||
policies, err = common.ValidateAndGetPolicies(policyPaths, cluster, dClient)
|
||||
if err != nil {
|
||||
if !sanitizedError.IsErrorSanitized(err) {
|
||||
return sanitizedError.NewWithError("failed to mutate policies.", err)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue