mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 07:26:55 +00:00
Code Activity

NK-23: Improved comments, commited crd with status subresource.

Browse source
This commit is contained in:
belyshevdenis 2019-03-07 17:57:43 +02:00
parent 0a939e44dc
commit 898652b9a2
6 changed files with 41 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
controller/controller.go
View file

@ -85,15 +85,19 @@ func (c *PolicyController) GetPolicies() []types.Policy {
return policies
}
// Writes error message to the policy logs in status section
func (c *PolicyController) LogPolicyError(name, text string) {
c.addPolicyLog(name, "[ERROR] "+text)
}
// Writes info message to the policy logs in status section
func (c *PolicyController) LogPolicyInfo(name, text string) {
c.addPolicyLog(name, "[ INFO] "+text)
}
const policyLogMaxRecords int = 10
// This is the maximum number of records that can be written to the log object of the policy.
// If this number is exceeded, the older entries will be deleted.
const policyLogMaxRecords int = 50
// Appends given log text to the status/logs array.
func (c *PolicyController) addPolicyLog(name, text string) {
@ -125,7 +129,6 @@ func (c *PolicyController) addPolicyLog(name, text string) {
func (c *PolicyController) createPolicyHandler(resource interface{}) {
key := c.getResourceKey(resource)
c.logger.Printf("Policy created: %s", key)
c.addPolicyLog(key, "Added")
}
func (c *PolicyController) updatePolicyHandler(oldResource, newResource interface{}) {
@ -133,7 +136,6 @@ func (c *PolicyController) updatePolicyHandler(oldResource, newResource interfac
newKey := c.getResourceKey(newResource)
c.logger.Printf("Policy %s updated to %s", oldKey, newKey)
c.addPolicyLog(newKey, "Updated")
}
func (c *PolicyController) deletePolicyHandler(resource interface{}) {

3
crd/crd.yaml
View file

@ -13,3 +13,6 @@ spec:
kind: Policy
plural: policies
singular: policy
subresources:
status: {}

6
kubeclient/kubeclient.go
View file

@ -13,11 +13,13 @@ import (
"k8s.io/client-go/rest"
)
// KubeClient is the api-client for core Kubernetes objects
type KubeClient struct {
logger *log.Logger
client *kubernetes.Clientset
}
// Checks parameters and creates new instance of KubeClient
func NewKubeClient(config *rest.Config, logger *log.Logger) (*KubeClient, error) {
if logger == nil {
logger = log.New(os.Stdout, "Policy Controller: ", log.LstdFlags|log.Lshortfile)
@ -34,6 +36,8 @@ func NewKubeClient(config *rest.Config, logger *log.Logger) (*KubeClient, error)
}, nil
}
// Generates new ConfigMap in given namespace. If the namespace does not exists yet,
// waits until it is created for maximum namespaceCreationMaxWaitTime (see below)
func (kc *KubeClient) GenerateConfigMap(generator types.PolicyConfigGenerator, namespace string) error {
kc.logger.Printf("Preparing to create configmap %s/%s", namespace, generator.Name)
configMap := &v1.ConfigMap{}
@ -67,6 +71,8 @@ func (kc *KubeClient) GenerateConfigMap(generator types.PolicyConfigGenerator, n
return nil
}
// Generates new Secret in given namespace. If the namespace does not exists yet,
// waits until it is created for maximum namespaceCreationMaxWaitTime (see below)
func (kc *KubeClient) GenerateSecret(generator types.PolicyConfigGenerator, namespace string) error {
kc.logger.Printf("Preparing to create secret %s/%s", namespace, generator.Name)
secret := &v1.Secret{}

6
server/server.go
View file

@ -79,6 +79,7 @@ func NewWebhookServer(config WebhookServerConfig, logger *log.Logger) (*WebhookS
return ws, nil
}
// Main server endpoint for all requests
func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/mutate" {
admissionReview := ws.parseAdmissionReview(r, w)
@ -148,8 +149,7 @@ func (ws *WebhookServer) parseAdmissionReview(request *http.Request, writer http
}
}
// RunAsync runs TLS server in separate
// thread and returns control immediately
// Runs TLS server in separate thread and returns control immediately
func (ws *WebhookServer) RunAsync() {
go func(ws *WebhookServer) {
err := ws.server.ListenAndServeTLS("", "")
@ -159,7 +159,7 @@ func (ws *WebhookServer) RunAsync() {
}(ws)
}
// Stop stops TLS server
// Stops TLS server and returns control after the server is shut down
func (ws *WebhookServer) Stop() {
err := ws.server.Shutdown(context.Background())
if err != nil {

10
webhooks/mutation.go
View file

@ -66,7 +66,7 @@ func (mw *MutationWebhook) Mutate(request *v1beta1.AdmissionRequest) *v1beta1.Ad
if stopOnError {
mw.logger.Printf("/!\\ Denying the request according to FailurePolicy spec /!\\")
}
return errorToResponse(err, !stopOnError)
return errorToAdmissionResponse(err, !stopOnError)
}
if rulePatches != nil {
allPatches = append(allPatches, rulePatches...)
@ -78,7 +78,7 @@ func (mw *MutationWebhook) Mutate(request *v1beta1.AdmissionRequest) *v1beta1.Ad
patchesBytes, err := SerializePatches(allPatches)
if err != nil {
mw.logger.Printf("Error occerred while serializing JSONPathch: %v", err)
return errorToResponse(err, true)
return errorToAdmissionResponse(err, true)
}
return &v1beta1.AdmissionResponse{
@ -108,12 +108,14 @@ func (mw *MutationWebhook) applyRule(request *v1beta1.AdmissionRequest, rule typ
return rulePatches, err
}
// Gets patches from "patch" section in PolicyRule
func (mw *MutationWebhook) applyRulePatches(request *v1beta1.AdmissionRequest, rule types.PolicyRule) ([]types.PolicyPatch, error) {
var patches []types.PolicyPatch
patches = append(patches, rule.Patches...)
return patches, nil
}
// Applies "configMapGenerator" and "secretGenerator" described in PolicyRule
func (mw *MutationWebhook) applyRuleGenerators(request *v1beta1.AdmissionRequest, rule types.PolicyRule) error {
// configMapGenerator and secretGenerator can be applied only to namespaces
if request.Kind.Kind == "Namespace" {
@ -156,7 +158,7 @@ func (mw *MutationWebhook) applyConfigGenerator(generator *types.PolicyConfigGen
return nil
}
// SerializePatches converts JSON patches to byte array
// Converts JSON patches to byte array
func SerializePatches(patches []types.PolicyPatch) ([]byte, error) {
var result []byte
if len(patches) == 0 {
@ -183,7 +185,7 @@ func SerializePatches(patches []types.PolicyPatch) ([]byte, error) {
return result, nil
}
func errorToResponse(err error, allowed bool) *v1beta1.AdmissionResponse {
func errorToAdmissionResponse(err error, allowed bool) *v1beta1.AdmissionResponse {
return &v1beta1.AdmissionResponse{
Result: &metav1.Status{
Message: err.Error(),

36
webhooks/utils_test.go
View file

@ -1,38 +1,38 @@
package webhooks_test
import (
"testing"
"testing"
)
func assertEq(t *testing.T, expected interface{}, actual interface{}) {
if expected != actual {
t.Errorf("%s != %s", expected, actual)
}
if expected != actual {
t.Errorf("%s != %s", expected, actual)
}
}
func assertNe(t *testing.T, expected interface{}, actual interface{}) {
if expected == actual {
t.Errorf("%s != %s", expected, actual)
}
if expected == actual {
t.Errorf("%s != %s", expected, actual)
}
}
func assertEqDataImpl(t *testing.T, expected, actual []byte, formatModifier string) {
if len(expected) != len(actual) {
t.Errorf("len(expected) != len(actual): %d != %d\n1:"+formatModifier+"\n2:"+formatModifier, len(expected), len(actual), expected, actual)
return
}
if len(expected) != len(actual) {
t.Errorf("len(expected) != len(actual): %d != %d\n1:"+formatModifier+"\n2:"+formatModifier, len(expected), len(actual), expected, actual)
return
}
for idx, val := range actual {
if val != expected[idx] {
t.Errorf("Slices not equal at index %d:\n1:"+formatModifier+"\n2:"+formatModifier, idx, expected, actual)
}
}
for idx, val := range actual {
if val != expected[idx] {
t.Errorf("Slices not equal at index %d:\n1:"+formatModifier+"\n2:"+formatModifier, idx, expected, actual)
}
}
}
func assertEqData(t *testing.T, expected, actual []byte) {
assertEqDataImpl(t, expected, actual, "%x")
assertEqDataImpl(t, expected, actual, "%x")
}
func assertEqStringAndData(t *testing.T, str string, data []byte) {
assertEqDataImpl(t, []byte(str), data, "%s")
assertEqDataImpl(t, []byte(str), data, "%s")
}