mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-15 12:17:56 +00:00
refactor: separate kube utils package (#3527)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
This commit is contained in:
parent
fe0ad3c68f
commit
857cd1209c
13 changed files with 73 additions and 71 deletions
|
@ -10,6 +10,7 @@ import (
|
||||||
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
"github.com/kyverno/kyverno/pkg/engine/variables"
|
"github.com/kyverno/kyverno/pkg/engine/variables"
|
||||||
"github.com/kyverno/kyverno/pkg/utils"
|
"github.com/kyverno/kyverno/pkg/utils"
|
||||||
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -77,8 +78,8 @@ func generateRuleForControllers(rule kyverno.Rule, controllers string, log logr.
|
||||||
matchResourceDescriptionsKinds := rule.MatchKinds()
|
matchResourceDescriptionsKinds := rule.MatchKinds()
|
||||||
excludeResourceDescriptionsKinds := rule.ExcludeKinds()
|
excludeResourceDescriptionsKinds := rule.ExcludeKinds()
|
||||||
|
|
||||||
if !utils.ContainsKind(matchResourceDescriptionsKinds, "Pod") ||
|
if !kubeutils.ContainsKind(matchResourceDescriptionsKinds, "Pod") ||
|
||||||
(len(excludeResourceDescriptionsKinds) != 0 && !utils.ContainsKind(excludeResourceDescriptionsKinds, "Pod")) {
|
(len(excludeResourceDescriptionsKinds) != 0 && !kubeutils.ContainsKind(excludeResourceDescriptionsKinds, "Pod")) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,11 +4,11 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
"github.com/kyverno/kyverno/pkg/utils"
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
)
|
)
|
||||||
|
|
||||||
func isKindOtherthanPod(kinds []string) bool {
|
func isKindOtherthanPod(kinds []string) bool {
|
||||||
if len(kinds) > 1 && utils.ContainsKind(kinds, "Pod") {
|
if len(kinds) > 1 && kubeutils.ContainsKind(kinds, "Pod") {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
|
@ -39,7 +39,7 @@ func validateAnyPattern(anyPatterns []interface{}) []interface{} {
|
||||||
func getAnyAllAutogenRule(v kyverno.ResourceFilters, controllers string) kyverno.ResourceFilters {
|
func getAnyAllAutogenRule(v kyverno.ResourceFilters, controllers string) kyverno.ResourceFilters {
|
||||||
anyKind := v.DeepCopy()
|
anyKind := v.DeepCopy()
|
||||||
for i, value := range v {
|
for i, value := range v {
|
||||||
if utils.ContainsKind(value.Kinds, "Pod") {
|
if kubeutils.ContainsKind(value.Kinds, "Pod") {
|
||||||
anyKind[i].Kinds = strings.Split(controllers, ",")
|
anyKind[i].Kinds = strings.Split(controllers, ",")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -65,7 +65,7 @@ func stripCronJob(controllers string) string {
|
||||||
func cronJobAnyAllAutogenRule(v kyverno.ResourceFilters) kyverno.ResourceFilters {
|
func cronJobAnyAllAutogenRule(v kyverno.ResourceFilters) kyverno.ResourceFilters {
|
||||||
anyKind := v.DeepCopy()
|
anyKind := v.DeepCopy()
|
||||||
for i, value := range v {
|
for i, value := range v {
|
||||||
if utils.ContainsKind(value.Kinds, "Job") {
|
if kubeutils.ContainsKind(value.Kinds, "Job") {
|
||||||
anyKind[i].Kinds = []string{PodControllerCronJob}
|
anyKind[i].Kinds = []string{PodControllerCronJob}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -70,21 +70,6 @@ func GetNamespaceLabels(namespaceObj *v1.Namespace, logger logr.Logger) map[stri
|
||||||
return namespaceUnstructured.GetLabels()
|
return namespaceUnstructured.GetLabels()
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetKindFromGVK - get kind and APIVersion from GVK
|
|
||||||
func GetKindFromGVK(str string) (apiVersion string, kind string) {
|
|
||||||
if strings.Count(str, "/") == 0 {
|
|
||||||
return "", str
|
|
||||||
}
|
|
||||||
splitString := strings.Split(str, "/")
|
|
||||||
if strings.Count(str, "/") == 1 {
|
|
||||||
return splitString[0], splitString[1]
|
|
||||||
}
|
|
||||||
if splitString[1] == "*" {
|
|
||||||
return "", splitString[2]
|
|
||||||
}
|
|
||||||
return splitString[0] + "/" + splitString[1], splitString[2]
|
|
||||||
}
|
|
||||||
|
|
||||||
func VariableToJSON(key, value string) []byte {
|
func VariableToJSON(key, value string) []byte {
|
||||||
var subString string
|
var subString string
|
||||||
splitBySlash := strings.Split(key, "\"")
|
splitBySlash := strings.Split(key, "\"")
|
||||||
|
@ -203,14 +188,3 @@ func removePolicyFromLabels(pName string, labels map[string]string) (bool, map[s
|
||||||
|
|
||||||
return false, labels
|
return false, labels
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetFormatedKind(str string) (kind string) {
|
|
||||||
if strings.Count(str, "/") == 0 {
|
|
||||||
return strings.Title(str)
|
|
||||||
}
|
|
||||||
splitString := strings.Split(str, "/")
|
|
||||||
if strings.Count(str, "/") == 1 {
|
|
||||||
return splitString[0] + "/" + strings.Title(splitString[1])
|
|
||||||
}
|
|
||||||
return splitString[0] + "/" + splitString[1] + "/" + strings.Title(splitString[2])
|
|
||||||
}
|
|
||||||
|
|
|
@ -7,17 +7,16 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
|
||||||
|
|
||||||
"github.com/googleapis/gnostic/compiler"
|
"github.com/googleapis/gnostic/compiler"
|
||||||
openapiv2 "github.com/googleapis/gnostic/openapiv2"
|
openapiv2 "github.com/googleapis/gnostic/openapiv2"
|
||||||
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
"github.com/kyverno/kyverno/data"
|
"github.com/kyverno/kyverno/data"
|
||||||
"github.com/kyverno/kyverno/pkg/autogen"
|
"github.com/kyverno/kyverno/pkg/autogen"
|
||||||
"github.com/kyverno/kyverno/pkg/common"
|
|
||||||
"github.com/kyverno/kyverno/pkg/engine"
|
"github.com/kyverno/kyverno/pkg/engine"
|
||||||
"github.com/kyverno/kyverno/pkg/utils"
|
"github.com/kyverno/kyverno/pkg/utils"
|
||||||
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
cmap "github.com/orcaman/concurrent-map"
|
cmap "github.com/orcaman/concurrent-map"
|
||||||
|
"github.com/pkg/errors"
|
||||||
"gopkg.in/yaml.v3"
|
"gopkg.in/yaml.v3"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
|
@ -142,7 +141,7 @@ func (o *Controller) ValidatePolicyMutation(policy v1.PolicyInterface) error {
|
||||||
for _, rule := range autogen.ComputeRules(policy) {
|
for _, rule := range autogen.ComputeRules(policy) {
|
||||||
if rule.HasMutate() {
|
if rule.HasMutate() {
|
||||||
for _, kind := range rule.MatchResources.Kinds {
|
for _, kind := range rule.MatchResources.Kinds {
|
||||||
kindToRules[kind] = append(kindToRules[common.GetFormatedKind(kind)], rule)
|
kindToRules[kind] = append(kindToRules[kubeutils.GetFormatedKind(kind)], rule)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,6 +15,7 @@ import (
|
||||||
"github.com/kyverno/kyverno/pkg/metrics"
|
"github.com/kyverno/kyverno/pkg/metrics"
|
||||||
policyExecutionDuration "github.com/kyverno/kyverno/pkg/metrics/policyexecutionduration"
|
policyExecutionDuration "github.com/kyverno/kyverno/pkg/metrics/policyexecutionduration"
|
||||||
policyResults "github.com/kyverno/kyverno/pkg/metrics/policyresults"
|
policyResults "github.com/kyverno/kyverno/pkg/metrics/policyresults"
|
||||||
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -207,7 +208,7 @@ func (pc *PolicyController) processExistingKinds(kinds []string, policy kyverno.
|
||||||
logger = logger.WithValues("rule", rule.Name, "kind", kind)
|
logger = logger.WithValues("rule", rule.Name, "kind", kind)
|
||||||
_, err := pc.rm.GetScope(kind)
|
_, err := pc.rm.GetScope(kind)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
gv, k := common.GetKindFromGVK(kind)
|
gv, k := kubeutils.GetKindFromGVK(kind)
|
||||||
if !strings.Contains(k, "*") {
|
if !strings.Contains(k, "*") {
|
||||||
resourceSchema, _, err := pc.client.DiscoveryClient.FindResource(gv, k)
|
resourceSchema, _, err := pc.client.DiscoveryClient.FindResource(gv, k)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -9,19 +9,18 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/distribution/distribution/reference"
|
"github.com/distribution/distribution/reference"
|
||||||
"github.com/kyverno/kyverno/pkg/autogen"
|
|
||||||
"github.com/kyverno/kyverno/pkg/engine/context"
|
|
||||||
|
|
||||||
jsonpatch "github.com/evanphx/json-patch/v5"
|
jsonpatch "github.com/evanphx/json-patch/v5"
|
||||||
"github.com/jmespath/go-jmespath"
|
"github.com/jmespath/go-jmespath"
|
||||||
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
comn "github.com/kyverno/kyverno/pkg/common"
|
"github.com/kyverno/kyverno/pkg/autogen"
|
||||||
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
||||||
"github.com/kyverno/kyverno/pkg/engine"
|
"github.com/kyverno/kyverno/pkg/engine"
|
||||||
|
"github.com/kyverno/kyverno/pkg/engine/context"
|
||||||
"github.com/kyverno/kyverno/pkg/engine/variables"
|
"github.com/kyverno/kyverno/pkg/engine/variables"
|
||||||
"github.com/kyverno/kyverno/pkg/kyverno/common"
|
"github.com/kyverno/kyverno/pkg/kyverno/common"
|
||||||
"github.com/kyverno/kyverno/pkg/openapi"
|
"github.com/kyverno/kyverno/pkg/openapi"
|
||||||
"github.com/kyverno/kyverno/pkg/utils"
|
"github.com/kyverno/kyverno/pkg/utils"
|
||||||
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
v1beta1 "k8s.io/api/admission/v1beta1"
|
v1beta1 "k8s.io/api/admission/v1beta1"
|
||||||
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
|
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
|
||||||
|
@ -1021,12 +1020,12 @@ func podControllerAutoGenExclusion(policy kyverno.PolicyInterface) bool {
|
||||||
// and found in the cache, returns error if not found
|
// and found in the cache, returns error if not found
|
||||||
func validateKinds(kinds []string, mock bool, client *dclient.Client, p kyverno.PolicyInterface) error {
|
func validateKinds(kinds []string, mock bool, client *dclient.Client, p kyverno.PolicyInterface) error {
|
||||||
for _, kind := range kinds {
|
for _, kind := range kinds {
|
||||||
gv, k := comn.GetKindFromGVK(kind)
|
gv, k := kubeutils.GetKindFromGVK(kind)
|
||||||
if k == p.GetKind() {
|
if k == p.GetKind() {
|
||||||
return fmt.Errorf("kind and match resource kind should not be the same")
|
return fmt.Errorf("kind and match resource kind should not be the same")
|
||||||
}
|
}
|
||||||
|
|
||||||
if !mock && !utils.SkipSubResources(k) && !strings.Contains(kind, "*") {
|
if !mock && !kubeutils.SkipSubResources(k) && !strings.Contains(kind, "*") {
|
||||||
_, _, err := client.DiscoveryClient.FindResource(gv, k)
|
_, _, err := client.DiscoveryClient.FindResource(gv, k)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to convert GVK to GVR, %s, err: %s", kinds, err)
|
return fmt.Errorf("unable to convert GVK to GVR, %s, err: %s", kinds, err)
|
||||||
|
|
|
@ -4,8 +4,8 @@ import (
|
||||||
"github.com/go-logr/logr"
|
"github.com/go-logr/logr"
|
||||||
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
||||||
"github.com/kyverno/kyverno/pkg/common"
|
|
||||||
"github.com/kyverno/kyverno/pkg/policy"
|
"github.com/kyverno/kyverno/pkg/policy"
|
||||||
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Interface ...
|
// Interface ...
|
||||||
|
@ -84,7 +84,7 @@ func (pc *policyCache) remove(p kyverno.PolicyInterface) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pc *policyCache) getPolicyObject(key PolicyType, gvk string, nspace string) (policyObject []kyverno.PolicyInterface) {
|
func (pc *policyCache) getPolicyObject(key PolicyType, gvk string, nspace string) (policyObject []kyverno.PolicyInterface) {
|
||||||
_, kind := common.GetKindFromGVK(gvk)
|
_, kind := kubeutils.GetKindFromGVK(gvk)
|
||||||
policyNames := pc.pMap.get(key, kind, nspace)
|
policyNames := pc.pMap.get(key, kind, nspace)
|
||||||
wildcardPolicies := pc.pMap.get(key, "*", nspace)
|
wildcardPolicies := pc.pMap.get(key, "*", nspace)
|
||||||
policyNames = append(policyNames, wildcardPolicies...)
|
policyNames = append(policyNames, wildcardPolicies...)
|
||||||
|
|
|
@ -6,8 +6,8 @@ import (
|
||||||
|
|
||||||
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
"github.com/kyverno/kyverno/pkg/autogen"
|
"github.com/kyverno/kyverno/pkg/autogen"
|
||||||
"github.com/kyverno/kyverno/pkg/common"
|
|
||||||
"github.com/kyverno/kyverno/pkg/policy"
|
"github.com/kyverno/kyverno/pkg/policy"
|
||||||
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
)
|
)
|
||||||
|
|
||||||
type pMap struct {
|
type pMap struct {
|
||||||
|
@ -74,7 +74,7 @@ func (m *pMap) add(policy kyverno.PolicyInterface) {
|
||||||
func (m *pMap) get(key PolicyType, gvk, namespace string) (names []string) {
|
func (m *pMap) get(key PolicyType, gvk, namespace string) (names []string) {
|
||||||
m.lock.RLock()
|
m.lock.RLock()
|
||||||
defer m.lock.RUnlock()
|
defer m.lock.RUnlock()
|
||||||
_, kind := common.GetKindFromGVK(gvk)
|
_, kind := kubeutils.GetKindFromGVK(gvk)
|
||||||
for _, policyName := range m.kindDataMap[kind][key] {
|
for _, policyName := range m.kindDataMap[kind][key] {
|
||||||
ns, key, isNamespacedPolicy := policy.ParseNamespacedPolicy(policyName)
|
ns, key, isNamespacedPolicy := policy.ParseNamespacedPolicy(policyName)
|
||||||
if !isNamespacedPolicy && namespace == "" {
|
if !isNamespacedPolicy && namespace == "" {
|
||||||
|
@ -115,7 +115,7 @@ func (m *pMap) remove(policy kyverno.PolicyInterface) {
|
||||||
|
|
||||||
func addCacheHelper(rmr kyverno.ResourceFilter, m *pMap, rule kyverno.Rule, mutateMap map[string]bool, pName string, enforcePolicy bool, validateEnforceMap map[string]bool, validateAuditMap map[string]bool, generateMap map[string]bool, imageVerifyMap map[string]bool) {
|
func addCacheHelper(rmr kyverno.ResourceFilter, m *pMap, rule kyverno.Rule, mutateMap map[string]bool, pName string, enforcePolicy bool, validateEnforceMap map[string]bool, validateAuditMap map[string]bool, generateMap map[string]bool, imageVerifyMap map[string]bool) {
|
||||||
for _, gvk := range rmr.Kinds {
|
for _, gvk := range rmr.Kinds {
|
||||||
_, k := common.GetKindFromGVK(gvk)
|
_, k := kubeutils.GetKindFromGVK(gvk)
|
||||||
kind := strings.Title(k)
|
kind := strings.Title(k)
|
||||||
_, ok := m.kindDataMap[kind]
|
_, ok := m.kindDataMap[kind]
|
||||||
if !ok {
|
if !ok {
|
||||||
|
@ -172,7 +172,7 @@ func addCacheHelper(rmr kyverno.ResourceFilter, m *pMap, rule kyverno.Rule, muta
|
||||||
|
|
||||||
func removeCacheHelper(rmr kyverno.ResourceFilter, m *pMap, pName string) {
|
func removeCacheHelper(rmr kyverno.ResourceFilter, m *pMap, pName string) {
|
||||||
for _, gvk := range rmr.Kinds {
|
for _, gvk := range rmr.Kinds {
|
||||||
_, kind := common.GetKindFromGVK(gvk)
|
_, kind := kubeutils.GetKindFromGVK(gvk)
|
||||||
dataMap := m.kindDataMap[kind]
|
dataMap := m.kindDataMap[kind]
|
||||||
for policyType, policies := range dataMap {
|
for policyType, policies := range dataMap {
|
||||||
var newPolicies []string
|
var newPolicies []string
|
||||||
|
|
|
@ -8,9 +8,9 @@ import (
|
||||||
"github.com/go-logr/logr"
|
"github.com/go-logr/logr"
|
||||||
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
"github.com/kyverno/kyverno/pkg/autogen"
|
"github.com/kyverno/kyverno/pkg/autogen"
|
||||||
"github.com/kyverno/kyverno/pkg/common"
|
|
||||||
"github.com/kyverno/kyverno/pkg/toggle"
|
"github.com/kyverno/kyverno/pkg/toggle"
|
||||||
jsonutils "github.com/kyverno/kyverno/pkg/utils/json"
|
jsonutils "github.com/kyverno/kyverno/pkg/utils/json"
|
||||||
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
)
|
)
|
||||||
|
|
||||||
// GenerateJSONPatchesForDefaults generates default JSON patches for
|
// GenerateJSONPatchesForDefaults generates default JSON patches for
|
||||||
|
@ -121,7 +121,7 @@ func checkForGVKFormatPatch(policy kyverno.PolicyInterface, log logr.Logger) (pa
|
||||||
func convertGVKForKinds(path string, kinds []string, log logr.Logger) ([]byte, error) {
|
func convertGVKForKinds(path string, kinds []string, log logr.Logger) ([]byte, error) {
|
||||||
kindList := []string{}
|
kindList := []string{}
|
||||||
for _, k := range kinds {
|
for _, k := range kinds {
|
||||||
gvk := common.GetFormatedKind(k)
|
gvk := kubeutils.GetFormatedKind(k)
|
||||||
if gvk == k {
|
if gvk == k {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@ package resourcecache
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/kyverno/kyverno/pkg/common"
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
)
|
)
|
||||||
|
|
||||||
// CreateInformers ...
|
// CreateInformers ...
|
||||||
|
@ -44,7 +44,7 @@ func (resc *resourceCache) CreateGVKInformer(gvk string) (GenericCache, error) {
|
||||||
if ok {
|
if ok {
|
||||||
return gc, nil
|
return gc, nil
|
||||||
}
|
}
|
||||||
gv, k := common.GetKindFromGVK(gvk)
|
gv, k := kubeutils.GetKindFromGVK(gvk)
|
||||||
apiResource, gvr, err := resc.dclient.DiscoveryClient.FindResource(gv, k)
|
apiResource, gvr, err := resc.dclient.DiscoveryClient.FindResource(gv, k)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("cannot find API resource %s", gvk)
|
return nil, fmt.Errorf("cannot find API resource %s", gvk)
|
||||||
|
|
44
pkg/utils/kube/kind.go
Normal file
44
pkg/utils/kube/kind.go
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
package kube
|
||||||
|
|
||||||
|
import "strings"
|
||||||
|
|
||||||
|
// GetKindFromGVK - get kind and APIVersion from GVK
|
||||||
|
func GetKindFromGVK(str string) (apiVersion string, kind string) {
|
||||||
|
if strings.Count(str, "/") == 0 {
|
||||||
|
return "", str
|
||||||
|
}
|
||||||
|
splitString := strings.Split(str, "/")
|
||||||
|
if strings.Count(str, "/") == 1 {
|
||||||
|
return splitString[0], splitString[1]
|
||||||
|
}
|
||||||
|
if splitString[1] == "*" {
|
||||||
|
return "", splitString[2]
|
||||||
|
}
|
||||||
|
return splitString[0] + "/" + splitString[1], splitString[2]
|
||||||
|
}
|
||||||
|
|
||||||
|
func ContainsKind(list []string, kind string) bool {
|
||||||
|
for _, e := range list {
|
||||||
|
if _, k := GetKindFromGVK(e); k == kind {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// SkipSubResources check to skip list of resources which don't have group.
|
||||||
|
func SkipSubResources(kind string) bool {
|
||||||
|
s := []string{"PodExecOptions", "PodAttachOptions", "PodProxyOptions", "ServiceProxyOptions", "NodeProxyOptions"}
|
||||||
|
return ContainsKind(s, kind)
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetFormatedKind(str string) (kind string) {
|
||||||
|
if strings.Count(str, "/") == 0 {
|
||||||
|
return strings.Title(str)
|
||||||
|
}
|
||||||
|
splitString := strings.Split(str, "/")
|
||||||
|
if strings.Count(str, "/") == 1 {
|
||||||
|
return splitString[0] + "/" + strings.Title(splitString[1])
|
||||||
|
}
|
||||||
|
return splitString[0] + "/" + splitString[1] + "/" + strings.Title(splitString[2])
|
||||||
|
}
|
|
@ -12,7 +12,6 @@ import (
|
||||||
|
|
||||||
"github.com/go-logr/logr"
|
"github.com/go-logr/logr"
|
||||||
wildcard "github.com/kyverno/go-wildcard"
|
wildcard "github.com/kyverno/go-wildcard"
|
||||||
common "github.com/kyverno/kyverno/pkg/common"
|
|
||||||
client "github.com/kyverno/kyverno/pkg/dclient"
|
client "github.com/kyverno/kyverno/pkg/dclient"
|
||||||
engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
|
engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
|
||||||
"k8s.io/api/admission/v1beta1"
|
"k8s.io/api/admission/v1beta1"
|
||||||
|
@ -36,22 +35,6 @@ func contains(list []string, element string, fn func(string, string) bool) bool
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func ContainsKind(list []string, element string) bool {
|
|
||||||
for _, e := range list {
|
|
||||||
_, k := common.GetKindFromGVK(e)
|
|
||||||
if k == element {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
// SkipSubResources check to skip list of resources which don't have group.
|
|
||||||
func SkipSubResources(kind string) bool {
|
|
||||||
s := []string{"PodExecOptions", "PodAttachOptions", "PodProxyOptions", "ServiceProxyOptions", "NodeProxyOptions"}
|
|
||||||
return ContainsKind(s, kind)
|
|
||||||
}
|
|
||||||
|
|
||||||
// ContainsNamepace check if namespace satisfies any list of pattern(regex)
|
// ContainsNamepace check if namespace satisfies any list of pattern(regex)
|
||||||
func ContainsNamepace(patterns []string, ns string) bool {
|
func ContainsNamepace(patterns []string, ns string) bool {
|
||||||
return contains(patterns, ns, compareNamespaces)
|
return contains(patterns, ns, compareNamespaces)
|
||||||
|
|
|
@ -20,6 +20,7 @@ import (
|
||||||
client "github.com/kyverno/kyverno/pkg/dclient"
|
client "github.com/kyverno/kyverno/pkg/dclient"
|
||||||
"github.com/kyverno/kyverno/pkg/resourcecache"
|
"github.com/kyverno/kyverno/pkg/resourcecache"
|
||||||
"github.com/kyverno/kyverno/pkg/utils"
|
"github.com/kyverno/kyverno/pkg/utils"
|
||||||
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
admregapi "k8s.io/api/admissionregistration/v1"
|
admregapi "k8s.io/api/admissionregistration/v1"
|
||||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
|
@ -752,7 +753,7 @@ func (m *webhookConfigManager) mergeWebhook(dst *webhook, policy kyverno.PolicyI
|
||||||
gvkMap[gvk] = 1
|
gvkMap[gvk] = 1
|
||||||
|
|
||||||
// note: webhook stores GVR in its rules while policy stores GVK in its rules definition
|
// note: webhook stores GVR in its rules while policy stores GVK in its rules definition
|
||||||
gv, k := common.GetKindFromGVK(gvk)
|
gv, k := kubeutils.GetKindFromGVK(gvk)
|
||||||
switch k {
|
switch k {
|
||||||
case "Binding":
|
case "Binding":
|
||||||
gvrList = append(gvrList, schema.GroupVersionResource{Group: "", Version: "v1", Resource: "pods/binding"})
|
gvrList = append(gvrList, schema.GroupVersionResource{Group: "", Version: "v1", Resource: "pods/binding"})
|
||||||
|
|
Loading…
Add table
Reference in a new issue