From 94d9bbe73fd4788f93c45106b76089351b1d6ef5 Mon Sep 17 00:00:00 2001 From: Mariam Fahmy Date: Mon, 24 Jun 2024 23:36:55 +0700 Subject: [PATCH] chore: use v2 clients for policy exceptions (#10530) Signed-off-by: Mariam Fahmy --- api/kyverno/v2/policy_exception_types.go | 5 ++++ .../kubectl-kyverno/commands/apply/command.go | 5 ++-- cmd/cli/kubectl-kyverno/exception/load.go | 16 ++++++------- .../kubectl-kyverno/processor/exceptions.go | 8 +++---- .../processor/policy_processor.go | 3 +-- cmd/internal/engine.go | 2 +- cmd/kyverno/main.go | 2 +- cmd/reports-controller/main.go | 4 ++-- pkg/controllers/exceptions/controller.go | 24 +++++++++---------- .../report/background/controller.go | 20 ++++++++-------- pkg/controllers/report/utils/utils.go | 8 +++---- .../controller.go | 20 ++++++++-------- pkg/engine/api/ruleresponse.go | 8 +++---- pkg/engine/api/selector.go | 4 ++-- pkg/engine/exceptions.go | 4 ++-- pkg/engine/handlers/handler.go | 4 ++-- .../handlers/mutation/mutate_existing.go | 4 ++-- pkg/engine/handlers/mutation/mutate_image.go | 4 ++-- .../handlers/mutation/mutate_resource.go | 4 ++-- .../handlers/validation/validate_cel.go | 4 ++-- .../handlers/validation/validate_image.go | 4 ++-- .../handlers/validation/validate_manifest.go | 4 ++-- .../handlers/validation/validate_pss.go | 4 ++-- .../handlers/validation/validate_resource.go | 4 ++-- pkg/engine/utils/exceptions.go | 2 +- pkg/exceptions/selector.go | 8 +++---- pkg/utils/admission/exception.go | 10 ++++---- pkg/utils/admission/exception_test.go | 6 ++--- pkg/utils/report/metadata.go | 6 ++--- pkg/validation/exception/validate.go | 4 ++-- pkg/webhooks/resource/fake.go | 2 +- 31 files changed, 105 insertions(+), 102 deletions(-) diff --git a/api/kyverno/v2/policy_exception_types.go b/api/kyverno/v2/policy_exception_types.go index d18372a979..c659dc8b14 100644 --- a/api/kyverno/v2/policy_exception_types.go +++ b/api/kyverno/v2/policy_exception_types.go @@ -101,6 +101,11 @@ func (p *PolicyExceptionSpec) Validate(path *field.Path) (errs field.ErrorList) for i, e := range p.Exceptions { errs = append(errs, e.Validate(exceptionsPath.Index(i))...) } + + podSecuityPath := path.Child("podSecurity") + for i, p := range p.PodSecurity { + errs = append(errs, p.Validate(podSecuityPath.Index(i))...) + } return errs } diff --git a/cmd/cli/kubectl-kyverno/commands/apply/command.go b/cmd/cli/kubectl-kyverno/commands/apply/command.go index 240f161a57..97c9ea3baa 100644 --- a/cmd/cli/kubectl-kyverno/commands/apply/command.go +++ b/cmd/cli/kubectl-kyverno/commands/apply/command.go @@ -13,7 +13,6 @@ import ( "github.com/go-git/go-billy/v5/memfs" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/deprecations" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/exception" @@ -167,7 +166,7 @@ func (c *ApplyCommandConfig) applyCommandHelper(out io.Writer) (*processor.Resul if err != nil { return rc, resources1, skipInvalidPolicies, responses1, err } - var exceptions []*kyvernov2beta1.PolicyException + var exceptions []*kyvernov2.PolicyException if c.inlineExceptions { exceptions = exception.SelectFrom(resources) } else { @@ -260,7 +259,7 @@ func (c *ApplyCommandConfig) applyPolicytoResource( vars *variables.Variables, policies []kyvernov1.PolicyInterface, resources []*unstructured.Unstructured, - exceptions []*kyvernov2beta1.PolicyException, + exceptions []*kyvernov2.PolicyException, skipInvalidPolicies *SkippedInvalidPolicies, dClient dclient.Interface, userInfo *kyvernov2.RequestInfo, diff --git a/cmd/cli/kubectl-kyverno/exception/load.go b/cmd/cli/kubectl-kyverno/exception/load.go index 8b62cf8206..d5deaaeb39 100644 --- a/cmd/cli/kubectl-kyverno/exception/load.go +++ b/cmd/cli/kubectl-kyverno/exception/load.go @@ -21,8 +21,8 @@ var ( exceptionV2 = schema.GroupVersion(kyvernov2.GroupVersion).WithKind("PolicyException") ) -func Load(paths ...string) ([]*kyvernov2beta1.PolicyException, error) { - var out []*kyvernov2beta1.PolicyException +func Load(paths ...string) ([]*kyvernov2.PolicyException, error) { + var out []*kyvernov2.PolicyException for _, path := range paths { bytes, err := os.ReadFile(filepath.Clean(path)) if err != nil { @@ -37,12 +37,12 @@ func Load(paths ...string) ([]*kyvernov2beta1.PolicyException, error) { return out, nil } -func load(content []byte) ([]*kyvernov2beta1.PolicyException, error) { +func load(content []byte) ([]*kyvernov2.PolicyException, error) { documents, err := yamlutils.SplitDocuments(content) if err != nil { return nil, err } - var exceptions []*kyvernov2beta1.PolicyException + var exceptions []*kyvernov2.PolicyException crds, err := data.Crds() if err != nil { return nil, err @@ -60,7 +60,7 @@ func load(content []byte) ([]*kyvernov2beta1.PolicyException, error) { } switch gvk { case exceptionV2beta1, exceptionV2: - exception, err := convert.To[kyvernov2beta1.PolicyException](untyped) + exception, err := convert.To[kyvernov2.PolicyException](untyped) if err != nil { return nil, err } @@ -72,12 +72,12 @@ func load(content []byte) ([]*kyvernov2beta1.PolicyException, error) { return exceptions, nil } -func SelectFrom(resources []*unstructured.Unstructured) []*kyvernov2beta1.PolicyException { - var exceptions []*kyvernov2beta1.PolicyException +func SelectFrom(resources []*unstructured.Unstructured) []*kyvernov2.PolicyException { + var exceptions []*kyvernov2.PolicyException for _, resource := range resources { switch resource.GroupVersionKind() { case exceptionV2beta1, exceptionV2: - exception, err := convert.To[kyvernov2beta1.PolicyException](*resource) + exception, err := convert.To[kyvernov2.PolicyException](*resource) if err == nil { exceptions = append(exceptions, exception) } diff --git a/cmd/cli/kubectl-kyverno/processor/exceptions.go b/cmd/cli/kubectl-kyverno/processor/exceptions.go index bf6cb2b4c7..528a2daa5c 100644 --- a/cmd/cli/kubectl-kyverno/processor/exceptions.go +++ b/cmd/cli/kubectl-kyverno/processor/exceptions.go @@ -1,16 +1,16 @@ package processor import ( - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" "k8s.io/apimachinery/pkg/labels" ) type policyExceptionLister struct { - exceptions []*kyvernov2beta1.PolicyException + exceptions []*kyvernov2.PolicyException } -func (l *policyExceptionLister) List(selector labels.Selector) ([]*kyvernov2beta1.PolicyException, error) { - var out []*kyvernov2beta1.PolicyException +func (l *policyExceptionLister) List(selector labels.Selector) ([]*kyvernov2.PolicyException, error) { + var out []*kyvernov2.PolicyException for _, exception := range l.exceptions { exceptionLabels := labels.Set(exception.GetLabels()) if selector.Matches(exceptionLabels) { diff --git a/cmd/cli/kubectl-kyverno/processor/policy_processor.go b/cmd/cli/kubectl-kyverno/processor/policy_processor.go index 17992af185..415191dfed 100644 --- a/cmd/cli/kubectl-kyverno/processor/policy_processor.go +++ b/cmd/cli/kubectl-kyverno/processor/policy_processor.go @@ -11,7 +11,6 @@ import ( json_patch "github.com/evanphx/json-patch/v5" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store" @@ -40,7 +39,7 @@ type PolicyProcessor struct { Store *store.Store Policies []kyvernov1.PolicyInterface Resource unstructured.Unstructured - PolicyExceptions []*kyvernov2beta1.PolicyException + PolicyExceptions []*kyvernov2.PolicyException MutateLogPath string MutateLogPathIsDir bool Variables *variables.Variables diff --git a/cmd/internal/engine.go b/cmd/internal/engine.go index b5178dddf2..670050ce29 100644 --- a/cmd/internal/engine.go +++ b/cmd/internal/engine.go @@ -68,7 +68,7 @@ func NewExceptionSelector( polexCache := exceptioncontroller.NewController( kyvernoInformer.Kyverno().V1().ClusterPolicies(), kyvernoInformer.Kyverno().V1().Policies(), - kyvernoInformer.Kyverno().V2beta1().PolicyExceptions(), + kyvernoInformer.Kyverno().V2().PolicyExceptions(), exceptionNamespace, ) polexController := NewController( diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index ee037c9f2f..1c4831b6f9 100644 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -221,7 +221,7 @@ func createrLeaderControllers( kyvernoClient, dynamicClient.Discovery(), kyvernoInformer.Kyverno().V1().ClusterPolicies(), - kyvernoInformer.Kyverno().V2beta1().PolicyExceptions(), + kyvernoInformer.Kyverno().V2().PolicyExceptions(), kubeInformer.Admissionregistration().V1alpha1().ValidatingAdmissionPolicies(), kubeInformer.Admissionregistration().V1alpha1().ValidatingAdmissionPolicyBindings(), eventGenerator, diff --git a/cmd/reports-controller/main.go b/cmd/reports-controller/main.go index 450f329506..d292eb0857 100644 --- a/cmd/reports-controller/main.go +++ b/cmd/reports-controller/main.go @@ -76,7 +76,7 @@ func createReportControllers( vapBindingInformer = kubeInformer.Admissionregistration().V1alpha1().ValidatingAdmissionPolicyBindings() } kyvernoV1 := kyvernoInformer.Kyverno().V1() - kyvernoV2beta1 := kyvernoInformer.Kyverno().V2beta1() + kyvernoV2 := kyvernoInformer.Kyverno().V2() if backgroundScan || admissionReports { resourceReportController := resourcereportcontroller.NewController( client, @@ -114,7 +114,7 @@ func createReportControllers( metadataFactory, kyvernoV1.Policies(), kyvernoV1.ClusterPolicies(), - kyvernoV2beta1.PolicyExceptions(), + kyvernoV2.PolicyExceptions(), vapInformer, vapBindingInformer, kubeInformer.Core().V1().Namespaces(), diff --git a/pkg/controllers/exceptions/controller.go b/pkg/controllers/exceptions/controller.go index 5ac7141150..17beda5dcd 100644 --- a/pkg/controllers/exceptions/controller.go +++ b/pkg/controllers/exceptions/controller.go @@ -9,12 +9,12 @@ import ( "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" "github.com/kyverno/kyverno/pkg/autogen" kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1" - kyvernov2beta1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2beta1" + kyvernov2informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2" kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" - kyvernov2beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2beta1" + kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2" controllerutils "github.com/kyverno/kyverno/pkg/utils/controller" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" @@ -22,7 +22,7 @@ import ( "k8s.io/client-go/util/workqueue" ) -type ruleIndex = map[string][]*kyvernov2beta1.PolicyException +type ruleIndex = map[string][]*kyvernov2.PolicyException type policyIndex = map[string]ruleIndex @@ -30,7 +30,7 @@ type controller struct { // listers cpolLister kyvernov1listers.ClusterPolicyLister polLister kyvernov1listers.PolicyLister - polexLister kyvernov2beta1listers.PolicyExceptionLister + polexLister kyvernov2listers.PolicyExceptionLister // queue queue workqueue.RateLimitingInterface @@ -50,7 +50,7 @@ const ( func NewController( cpolInformer kyvernov1informers.ClusterPolicyInformer, polInformer kyvernov1informers.PolicyInformer, - polexInformer kyvernov2beta1informers.PolicyExceptionInformer, + polexInformer kyvernov2informers.PolicyExceptionInformer, namespace string, ) *controller { queue := workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName) @@ -78,13 +78,13 @@ func (c *controller) Run(ctx context.Context, workers int) { controllerutils.Run(ctx, logger.V(3), ControllerName, time.Second, c.queue, workers, maxRetries, c.reconcile) } -func (c *controller) Find(policyName string, ruleName string) ([]*kyvernov2beta1.PolicyException, error) { +func (c *controller) Find(policyName string, ruleName string) ([]*kyvernov2.PolicyException, error) { c.lock.RLock() defer c.lock.RUnlock() return c.index[policyName][ruleName], nil } -func (c *controller) addPolex(polex *kyvernov2beta1.PolicyException) { +func (c *controller) addPolex(polex *kyvernov2.PolicyException) { names := sets.New[string]() for _, ex := range polex.Spec.Exceptions { names.Insert(ex.PolicyName) @@ -94,7 +94,7 @@ func (c *controller) addPolex(polex *kyvernov2beta1.PolicyException) { } } -func (c *controller) updatePolex(old *kyvernov2beta1.PolicyException, new *kyvernov2beta1.PolicyException) { +func (c *controller) updatePolex(old *kyvernov2.PolicyException, new *kyvernov2.PolicyException) { names := sets.New[string]() for _, ex := range old.Spec.Exceptions { names.Insert(ex.PolicyName) @@ -107,7 +107,7 @@ func (c *controller) updatePolex(old *kyvernov2beta1.PolicyException, new *kyver } } -func (c *controller) deletePolex(polex *kyvernov2beta1.PolicyException) { +func (c *controller) deletePolex(polex *kyvernov2.PolicyException) { names := sets.New[string]() for _, ex := range polex.Spec.Exceptions { names.Insert(ex.PolicyName) @@ -133,7 +133,7 @@ func (c *controller) getPolicy(namespace, name string) (kyvernov1.PolicyInterfac } } -func (c *controller) listExceptions() ([]*kyvernov2beta1.PolicyException, error) { +func (c *controller) listExceptions() ([]*kyvernov2.PolicyException, error) { if c.namespace == "" { return c.polexLister.List(labels.Everything()) } @@ -145,7 +145,7 @@ func (c *controller) buildRuleIndex(key string, policy kyvernov1.PolicyInterface if err != nil { return nil, err } - slices.SortFunc(polexList, func(a, b *kyvernov2beta1.PolicyException) int { + slices.SortFunc(polexList, func(a, b *kyvernov2.PolicyException) int { if cmp := cmp.Compare(a.Namespace, b.Namespace); cmp != 0 { return cmp } diff --git a/pkg/controllers/report/background/controller.go b/pkg/controllers/report/background/controller.go index ff3d56c4d5..ca03bb91ac 100644 --- a/pkg/controllers/report/background/controller.go +++ b/pkg/controllers/report/background/controller.go @@ -6,14 +6,14 @@ import ( "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" reportsv1 "github.com/kyverno/kyverno/api/reports/v1" "github.com/kyverno/kyverno/pkg/client/clientset/versioned" kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1" - kyvernov2beta1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2beta1" + kyvernov2informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2" kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" - kyvernov2beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2beta1" + kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2" "github.com/kyverno/kyverno/pkg/clients/dclient" "github.com/kyverno/kyverno/pkg/config" "github.com/kyverno/kyverno/pkg/controllers" @@ -57,7 +57,7 @@ type controller struct { // listers polLister kyvernov1listers.PolicyLister cpolLister kyvernov1listers.ClusterPolicyLister - polexLister kyvernov2beta1listers.PolicyExceptionLister + polexLister kyvernov2listers.PolicyExceptionLister vapLister admissionregistrationv1alpha1listers.ValidatingAdmissionPolicyLister vapBindingLister admissionregistrationv1alpha1listers.ValidatingAdmissionPolicyBindingLister bgscanrLister cache.GenericLister @@ -85,7 +85,7 @@ func NewController( metadataFactory metadatainformers.SharedInformerFactory, polInformer kyvernov1informers.PolicyInformer, cpolInformer kyvernov1informers.ClusterPolicyInformer, - polexInformer kyvernov2beta1informers.PolicyExceptionInformer, + polexInformer kyvernov2informers.PolicyExceptionInformer, vapInformer admissionregistrationv1alpha1informers.ValidatingAdmissionPolicyInformer, vapBindingInformer admissionregistrationv1alpha1informers.ValidatingAdmissionPolicyBindingInformer, nsInformer corev1informers.NamespaceInformer, @@ -171,17 +171,17 @@ func (c *controller) deletePolicy(obj kyvernov1.PolicyInterface) { c.enqueueResources() } -func (c *controller) addException(obj *kyvernov2beta1.PolicyException) { +func (c *controller) addException(obj *kyvernov2.PolicyException) { c.enqueueResources() } -func (c *controller) updateException(old, obj *kyvernov2beta1.PolicyException) { +func (c *controller) updateException(old, obj *kyvernov2.PolicyException) { if old.GetResourceVersion() != obj.GetResourceVersion() { c.enqueueResources() } } -func (c *controller) deleteException(obj *kyvernov2beta1.PolicyException) { +func (c *controller) deleteException(obj *kyvernov2.PolicyException) { c.enqueueResources() } @@ -243,7 +243,7 @@ func (c *controller) getMeta(namespace, name string) (metav1.Object, error) { } } -func (c *controller) needsReconcile(namespace, name, hash string, exceptions []kyvernov2beta1.PolicyException, bindings []admissionregistrationv1alpha1.ValidatingAdmissionPolicyBinding, policies ...engineapi.GenericPolicy) (bool, bool, error) { +func (c *controller) needsReconcile(namespace, name, hash string, exceptions []kyvernov2.PolicyException, bindings []admissionregistrationv1alpha1.ValidatingAdmissionPolicyBinding, policies ...engineapi.GenericPolicy) (bool, bool, error) { // if the reportMetadata does not exist, we need a full reconcile reportMetadata, err := c.getMeta(namespace, name) if err != nil { @@ -302,7 +302,7 @@ func (c *controller) reconcileReport( uid types.UID, gvk schema.GroupVersionKind, resource resource.Resource, - exceptions []kyvernov2beta1.PolicyException, + exceptions []kyvernov2.PolicyException, bindings []admissionregistrationv1alpha1.ValidatingAdmissionPolicyBinding, policies ...engineapi.GenericPolicy, ) error { diff --git a/pkg/controllers/report/utils/utils.go b/pkg/controllers/report/utils/utils.go index 5d76f53b17..133257b233 100644 --- a/pkg/controllers/report/utils/utils.go +++ b/pkg/controllers/report/utils/utils.go @@ -3,11 +3,11 @@ package utils import ( "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" reportsv1 "github.com/kyverno/kyverno/api/reports/v1" "github.com/kyverno/kyverno/pkg/autogen" kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" - kyvernov2beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2beta1" + kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2" datautils "github.com/kyverno/kyverno/pkg/utils/data" policyvalidation "github.com/kyverno/kyverno/pkg/validation/policy" admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" @@ -111,8 +111,8 @@ func FetchPolicies(polLister kyvernov1listers.PolicyLister, namespace string) ([ return policies, nil } -func FetchPolicyExceptions(polexLister kyvernov2beta1listers.PolicyExceptionLister, namespace string) ([]kyvernov2beta1.PolicyException, error) { - var exceptions []kyvernov2beta1.PolicyException +func FetchPolicyExceptions(polexLister kyvernov2listers.PolicyExceptionLister, namespace string) ([]kyvernov2.PolicyException, error) { + var exceptions []kyvernov2.PolicyException if polexs, err := polexLister.PolicyExceptions(namespace).List(labels.Everything()); err != nil { return nil, err } else { diff --git a/pkg/controllers/validatingadmissionpolicy-generate/controller.go b/pkg/controllers/validatingadmissionpolicy-generate/controller.go index 3a8a6a1d9d..d330c4a997 100644 --- a/pkg/controllers/validatingadmissionpolicy-generate/controller.go +++ b/pkg/controllers/validatingadmissionpolicy-generate/controller.go @@ -7,13 +7,13 @@ import ( "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" "github.com/kyverno/kyverno/pkg/auth/checker" "github.com/kyverno/kyverno/pkg/client/clientset/versioned" kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1" - kyvernov2beta1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2beta1" + kyvernov2informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2" kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" - kyvernov2beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2beta1" + kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2" "github.com/kyverno/kyverno/pkg/clients/dclient" "github.com/kyverno/kyverno/pkg/controllers" "github.com/kyverno/kyverno/pkg/event" @@ -48,7 +48,7 @@ type controller struct { // listers cpolLister kyvernov1listers.ClusterPolicyLister - polexLister kyvernov2beta1listers.PolicyExceptionLister + polexLister kyvernov2listers.PolicyExceptionLister vapLister admissionregistrationv1alpha1listers.ValidatingAdmissionPolicyLister vapbindingLister admissionregistrationv1alpha1listers.ValidatingAdmissionPolicyBindingLister @@ -64,7 +64,7 @@ func NewController( kyvernoClient versioned.Interface, discoveryClient dclient.IDiscovery, cpolInformer kyvernov1informers.ClusterPolicyInformer, - polexInformer kyvernov2beta1informers.PolicyExceptionInformer, + polexInformer kyvernov2informers.PolicyExceptionInformer, vapInformer admissionregistrationv1alpha1informers.ValidatingAdmissionPolicyInformer, vapbindingInformer admissionregistrationv1alpha1informers.ValidatingAdmissionPolicyBindingInformer, eventGen event.Interface, @@ -148,12 +148,12 @@ func (c *controller) enqueuePolicy(obj kyvernov1.PolicyInterface) { c.queue.Add(key) } -func (c *controller) addException(obj *kyvernov2beta1.PolicyException) { +func (c *controller) addException(obj *kyvernov2.PolicyException) { logger.Info("policy exception created", "uid", obj.GetUID(), "kind", obj.GetKind(), "name", obj.GetName()) c.enqueueException(obj) } -func (c *controller) updateException(old, obj *kyvernov2beta1.PolicyException) { +func (c *controller) updateException(old, obj *kyvernov2.PolicyException) { if datautils.DeepEqual(old.Spec, obj.Spec) { return } @@ -161,14 +161,14 @@ func (c *controller) updateException(old, obj *kyvernov2beta1.PolicyException) { c.enqueueException(obj) } -func (c *controller) deleteException(obj *kyvernov2beta1.PolicyException) { - polex := kubeutils.GetObjectWithTombstone(obj).(*kyvernov2beta1.PolicyException) +func (c *controller) deleteException(obj *kyvernov2.PolicyException) { + polex := kubeutils.GetObjectWithTombstone(obj).(*kyvernov2.PolicyException) logger.Info("policy exception deleted", "uid", polex.GetUID(), "kind", polex.GetKind(), "name", polex.GetName()) c.enqueueException(obj) } -func (c *controller) enqueueException(obj *kyvernov2beta1.PolicyException) { +func (c *controller) enqueueException(obj *kyvernov2.PolicyException) { for _, exception := range obj.Spec.Exceptions { // skip adding namespaced policies in the queue. // skip adding policies with multiple rules in the queue. diff --git a/pkg/engine/api/ruleresponse.go b/pkg/engine/api/ruleresponse.go index b0726439da..c45f6a6494 100644 --- a/pkg/engine/api/ruleresponse.go +++ b/pkg/engine/api/ruleresponse.go @@ -3,7 +3,7 @@ package api import ( "fmt" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" pssutils "github.com/kyverno/kyverno/pkg/pss/utils" "k8s.io/api/admissionregistration/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -44,7 +44,7 @@ type RuleResponse struct { // podSecurityChecks contains pod security checks (only if this is a pod security rule) podSecurityChecks *PodSecurityChecks // exception is the exception applied (if any) - exception *kyvernov2beta1.PolicyException + exception *kyvernov2.PolicyException // binding is the validatingadmissionpolicybinding (if any) binding *v1alpha1.ValidatingAdmissionPolicyBinding // emitWarning enable passing rule message as warning to api server warning header @@ -88,7 +88,7 @@ func RuleFail(name string, ruleType RuleType, msg string) *RuleResponse { return NewRuleResponse(name, ruleType, msg, RuleStatusFail) } -func (r RuleResponse) WithException(exception *kyvernov2beta1.PolicyException) *RuleResponse { +func (r RuleResponse) WithException(exception *kyvernov2.PolicyException) *RuleResponse { r.exception = exception return &r } @@ -129,7 +129,7 @@ func (r *RuleResponse) Stats() ExecutionStats { return r.stats } -func (r *RuleResponse) Exception() *kyvernov2beta1.PolicyException { +func (r *RuleResponse) Exception() *kyvernov2.PolicyException { return r.exception } diff --git a/pkg/engine/api/selector.go b/pkg/engine/api/selector.go index 2727b06d75..353a78b4a9 100644 --- a/pkg/engine/api/selector.go +++ b/pkg/engine/api/selector.go @@ -1,12 +1,12 @@ package api import ( - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" ) // PolicyExceptionSelector is an abstract interface used to resolve poliicy exceptions type PolicyExceptionSelector interface { // Find returns policy exceptions matching a given policy name and rule name. // Objects returned here must be treated as read-only. - Find(string, string) ([]*kyvernov2beta1.PolicyException, error) + Find(string, string) ([]*kyvernov2.PolicyException, error) } diff --git a/pkg/engine/exceptions.go b/pkg/engine/exceptions.go index d25c01029b..8afeff2bf8 100644 --- a/pkg/engine/exceptions.go +++ b/pkg/engine/exceptions.go @@ -2,7 +2,7 @@ package engine import ( kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" "k8s.io/client-go/tools/cache" ) @@ -10,7 +10,7 @@ import ( func (e *engine) GetPolicyExceptions( policy kyvernov1.PolicyInterface, rule string, -) ([]*kyvernov2beta1.PolicyException, error) { +) ([]*kyvernov2.PolicyException, error) { if e.exceptionSelector == nil { return nil, nil } diff --git a/pkg/engine/handlers/handler.go b/pkg/engine/handlers/handler.go index 3bc29e2b0d..0f5b035c2e 100644 --- a/pkg/engine/handlers/handler.go +++ b/pkg/engine/handlers/handler.go @@ -5,7 +5,7 @@ import ( "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" engineapi "github.com/kyverno/kyverno/pkg/engine/api" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" ) @@ -18,7 +18,7 @@ type Handler interface { unstructured.Unstructured, kyvernov1.Rule, engineapi.EngineContextLoader, - []*kyvernov2beta1.PolicyException, + []*kyvernov2.PolicyException, ) (unstructured.Unstructured, []engineapi.RuleResponse) } diff --git a/pkg/engine/handlers/mutation/mutate_existing.go b/pkg/engine/handlers/mutation/mutate_existing.go index d3362b610f..3607434de0 100644 --- a/pkg/engine/handlers/mutation/mutate_existing.go +++ b/pkg/engine/handlers/mutation/mutate_existing.go @@ -5,7 +5,7 @@ import ( "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" engineapi "github.com/kyverno/kyverno/pkg/engine/api" "github.com/kyverno/kyverno/pkg/engine/handlers" "github.com/kyverno/kyverno/pkg/engine/internal" @@ -35,7 +35,7 @@ func (h mutateExistingHandler) Process( resource unstructured.Unstructured, rule kyvernov1.Rule, contextLoader engineapi.EngineContextLoader, - exceptions []*kyvernov2beta1.PolicyException, + exceptions []*kyvernov2.PolicyException, ) (unstructured.Unstructured, []engineapi.RuleResponse) { // check if there is a policy exception matches the incoming resource exception := engineutils.MatchesException(exceptions, policyContext, logger) diff --git a/pkg/engine/handlers/mutation/mutate_image.go b/pkg/engine/handlers/mutation/mutate_image.go index 4af18a38d9..8775c4531b 100644 --- a/pkg/engine/handlers/mutation/mutate_image.go +++ b/pkg/engine/handlers/mutation/mutate_image.go @@ -6,7 +6,7 @@ import ( json_patch "github.com/evanphx/json-patch/v5" "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" "github.com/kyverno/kyverno/pkg/config" engineapi "github.com/kyverno/kyverno/pkg/engine/api" enginecontext "github.com/kyverno/kyverno/pkg/engine/context" @@ -66,7 +66,7 @@ func (h mutateImageHandler) Process( resource unstructured.Unstructured, rule kyvernov1.Rule, contextLoader engineapi.EngineContextLoader, - exceptions []*kyvernov2beta1.PolicyException, + exceptions []*kyvernov2.PolicyException, ) (unstructured.Unstructured, []engineapi.RuleResponse) { // check if there is a policy exception matches the incoming resource exception := engineutils.MatchesException(exceptions, policyContext, logger) diff --git a/pkg/engine/handlers/mutation/mutate_resource.go b/pkg/engine/handlers/mutation/mutate_resource.go index 5be61a5655..af182612ed 100644 --- a/pkg/engine/handlers/mutation/mutate_resource.go +++ b/pkg/engine/handlers/mutation/mutate_resource.go @@ -5,7 +5,7 @@ import ( "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" engineapi "github.com/kyverno/kyverno/pkg/engine/api" "github.com/kyverno/kyverno/pkg/engine/handlers" "github.com/kyverno/kyverno/pkg/engine/mutate" @@ -28,7 +28,7 @@ func (h mutateResourceHandler) Process( resource unstructured.Unstructured, rule kyvernov1.Rule, contextLoader engineapi.EngineContextLoader, - exceptions []*kyvernov2beta1.PolicyException, + exceptions []*kyvernov2.PolicyException, ) (unstructured.Unstructured, []engineapi.RuleResponse) { // check if there is a policy exception matches the incoming resource exception := engineutils.MatchesException(exceptions, policyContext, logger) diff --git a/pkg/engine/handlers/validation/validate_cel.go b/pkg/engine/handlers/validation/validate_cel.go index aba0e5f3bd..e1f01bb6f6 100644 --- a/pkg/engine/handlers/validation/validate_cel.go +++ b/pkg/engine/handlers/validation/validate_cel.go @@ -6,7 +6,7 @@ import ( "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" engineapi "github.com/kyverno/kyverno/pkg/engine/api" "github.com/kyverno/kyverno/pkg/engine/handlers" "github.com/kyverno/kyverno/pkg/engine/internal" @@ -45,7 +45,7 @@ func (h validateCELHandler) Process( resource unstructured.Unstructured, rule kyvernov1.Rule, _ engineapi.EngineContextLoader, - exceptions []*kyvernov2beta1.PolicyException, + exceptions []*kyvernov2.PolicyException, ) (unstructured.Unstructured, []engineapi.RuleResponse) { if engineutils.IsDeleteRequest(policyContext) { logger.V(3).Info("skipping CEL validation on deleted resource") diff --git a/pkg/engine/handlers/validation/validate_image.go b/pkg/engine/handlers/validation/validate_image.go index 6115f987b1..15952c46b4 100644 --- a/pkg/engine/handlers/validation/validate_image.go +++ b/pkg/engine/handlers/validation/validate_image.go @@ -7,7 +7,7 @@ import ( "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" "github.com/kyverno/kyverno/pkg/config" engineapi "github.com/kyverno/kyverno/pkg/engine/api" "github.com/kyverno/kyverno/pkg/engine/handlers" @@ -45,7 +45,7 @@ func (h validateImageHandler) Process( resource unstructured.Unstructured, rule kyvernov1.Rule, _ engineapi.EngineContextLoader, - exceptions []*kyvernov2beta1.PolicyException, + exceptions []*kyvernov2.PolicyException, ) (unstructured.Unstructured, []engineapi.RuleResponse) { // check if there is a policy exception matches the incoming resource exception := engineutils.MatchesException(exceptions, policyContext, logger) diff --git a/pkg/engine/handlers/validation/validate_manifest.go b/pkg/engine/handlers/validation/validate_manifest.go index 5cf06eb3ef..0548967878 100644 --- a/pkg/engine/handlers/validation/validate_manifest.go +++ b/pkg/engine/handlers/validation/validate_manifest.go @@ -15,7 +15,7 @@ import ( "github.com/ghodss/yaml" "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" "github.com/kyverno/kyverno/pkg/config" engineapi "github.com/kyverno/kyverno/pkg/engine/api" "github.com/kyverno/kyverno/pkg/engine/handlers" @@ -57,7 +57,7 @@ func (h validateManifestHandler) Process( resource unstructured.Unstructured, rule kyvernov1.Rule, _ engineapi.EngineContextLoader, - exceptions []*kyvernov2beta1.PolicyException, + exceptions []*kyvernov2.PolicyException, ) (unstructured.Unstructured, []engineapi.RuleResponse) { // check if there is a policy exception matches the incoming resource exception := engineutils.MatchesException(exceptions, policyContext, logger) diff --git a/pkg/engine/handlers/validation/validate_pss.go b/pkg/engine/handlers/validation/validate_pss.go index 991f07ff2f..b6ae451960 100644 --- a/pkg/engine/handlers/validation/validate_pss.go +++ b/pkg/engine/handlers/validation/validate_pss.go @@ -9,7 +9,7 @@ import ( "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" engineapi "github.com/kyverno/kyverno/pkg/engine/api" "github.com/kyverno/kyverno/pkg/engine/handlers" engineutils "github.com/kyverno/kyverno/pkg/engine/utils" @@ -37,7 +37,7 @@ func (h validatePssHandler) Process( resource unstructured.Unstructured, rule kyvernov1.Rule, _ engineapi.EngineContextLoader, - exceptions []*kyvernov2beta1.PolicyException, + exceptions []*kyvernov2.PolicyException, ) (unstructured.Unstructured, []engineapi.RuleResponse) { if engineutils.IsDeleteRequest(policyContext) { logger.V(3).Info("skipping PSS validation on deleted resource") diff --git a/pkg/engine/handlers/validation/validate_resource.go b/pkg/engine/handlers/validation/validate_resource.go index ead88dd1d7..2d2089c6ad 100644 --- a/pkg/engine/handlers/validation/validate_resource.go +++ b/pkg/engine/handlers/validation/validate_resource.go @@ -9,7 +9,7 @@ import ( "github.com/go-logr/logr" gojmespath "github.com/kyverno/go-jmespath" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" engineapi "github.com/kyverno/kyverno/pkg/engine/api" "github.com/kyverno/kyverno/pkg/engine/handlers" "github.com/kyverno/kyverno/pkg/engine/internal" @@ -38,7 +38,7 @@ func (h validateResourceHandler) Process( resource unstructured.Unstructured, rule kyvernov1.Rule, contextLoader engineapi.EngineContextLoader, - exceptions []*kyvernov2beta1.PolicyException, + exceptions []*kyvernov2.PolicyException, ) (unstructured.Unstructured, []engineapi.RuleResponse) { // check if there is a policy exception matches the incoming resource exception := engineutils.MatchesException(exceptions, policyContext, logger) diff --git a/pkg/engine/utils/exceptions.go b/pkg/engine/utils/exceptions.go index bf87c3c84b..18c2a62bf7 100644 --- a/pkg/engine/utils/exceptions.go +++ b/pkg/engine/utils/exceptions.go @@ -15,7 +15,7 @@ import ( // MatchesException takes a list of exceptions and checks if there is an exception applies to the incoming resource. // It returns the matched policy exception. -func MatchesException(polexs []*kyvernov2beta1.PolicyException, policyContext engineapi.PolicyContext, logger logr.Logger) *kyvernov2beta1.PolicyException { +func MatchesException(polexs []*kyvernov2.PolicyException, policyContext engineapi.PolicyContext, logger logr.Logger) *kyvernov2.PolicyException { gvk, subresource := policyContext.ResourceKind() resource := policyContext.NewResource() if resource.Object == nil { diff --git a/pkg/exceptions/selector.go b/pkg/exceptions/selector.go index 486e69691b..430fb8cb20 100644 --- a/pkg/exceptions/selector.go +++ b/pkg/exceptions/selector.go @@ -1,12 +1,12 @@ package exceptions import ( - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" "k8s.io/apimachinery/pkg/labels" ) type Lister interface { - List(labels.Selector) ([]*kyvernov2beta1.PolicyException, error) + List(labels.Selector) ([]*kyvernov2.PolicyException, error) } type selector struct { @@ -19,12 +19,12 @@ func New(lister Lister) selector { } } -func (s selector) Find(policyName string, ruleName string) ([]*kyvernov2beta1.PolicyException, error) { +func (s selector) Find(policyName string, ruleName string) ([]*kyvernov2.PolicyException, error) { polexs, err := s.lister.List(labels.Everything()) if err != nil { return nil, err } - var results []*kyvernov2beta1.PolicyException + var results []*kyvernov2.PolicyException for _, polex := range polexs { if polex.Contains(policyName, ruleName) { results = append(results, polex) diff --git a/pkg/utils/admission/exception.go b/pkg/utils/admission/exception.go index cab279ac14..c1f3e7a02c 100644 --- a/pkg/utils/admission/exception.go +++ b/pkg/utils/admission/exception.go @@ -1,21 +1,21 @@ package admission import ( - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" admissionv1 "k8s.io/api/admission/v1" "k8s.io/apimachinery/pkg/util/json" ) -func UnmarshalPolicyException(raw []byte) (*kyvernov2beta1.PolicyException, error) { - var exception *kyvernov2beta1.PolicyException +func UnmarshalPolicyException(raw []byte) (*kyvernov2.PolicyException, error) { + var exception *kyvernov2.PolicyException if err := json.Unmarshal(raw, &exception); err != nil { return nil, err } return exception, nil } -func GetPolicyExceptions(request admissionv1.AdmissionRequest) (*kyvernov2beta1.PolicyException, *kyvernov2beta1.PolicyException, error) { - var empty *kyvernov2beta1.PolicyException +func GetPolicyExceptions(request admissionv1.AdmissionRequest) (*kyvernov2.PolicyException, *kyvernov2.PolicyException, error) { + var empty *kyvernov2.PolicyException exception, err := UnmarshalPolicyException(request.Object.Raw) if err != nil { return exception, empty, err diff --git a/pkg/utils/admission/exception_test.go b/pkg/utils/admission/exception_test.go index 6ede188faa..2d179013d4 100644 --- a/pkg/utils/admission/exception_test.go +++ b/pkg/utils/admission/exception_test.go @@ -6,7 +6,7 @@ import ( "k8s.io/apimachinery/pkg/util/json" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" admissionv1 "k8s.io/api/admission/v1" "k8s.io/apimachinery/pkg/runtime" ) @@ -56,7 +56,7 @@ func TestUnmarshalPolicyException(t *testing.T) { if err != nil { t.Errorf("Unexpected error: %v", err) } - var exception *kyvernov2beta1.PolicyException + var exception *kyvernov2.PolicyException json.Unmarshal(test.raw, &exception) if !reflect.DeepEqual(result, exception) { t.Errorf("Expected %+v, got %+v", exception, result) @@ -155,7 +155,7 @@ func TestGetPolicyExceptions(t *testing.T) { for _, test := range testCases { t.Run(test.name, func(t *testing.T) { p1, p2, _ := GetPolicyExceptions(test.args.request) - var empty *kyvernov2beta1.PolicyException + var empty *kyvernov2.PolicyException expectedP1, err := UnmarshalPolicyException(test.args.request.Object.Raw) if err != nil { expectedP2 := empty diff --git a/pkg/utils/report/metadata.go b/pkg/utils/report/metadata.go index 0f4fba7c28..9b4aa159a6 100644 --- a/pkg/utils/report/metadata.go +++ b/pkg/utils/report/metadata.go @@ -9,7 +9,7 @@ import ( "github.com/kyverno/kyverno/api/kyverno" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" reportsv1 "github.com/kyverno/kyverno/api/reports/v1" engineapi "github.com/kyverno/kyverno/pkg/engine/api" controllerutils "github.com/kyverno/kyverno/pkg/utils/controller" @@ -85,7 +85,7 @@ func PolicyLabel(policy engineapi.GenericPolicy) string { return PolicyLabelPrefix(policy) + policy.GetName() } -func PolicyExceptionLabel(exception kyvernov2beta1.PolicyException) string { +func PolicyExceptionLabel(exception kyvernov2.PolicyException) string { return LabelPrefixPolicyException + exception.GetName() } @@ -164,7 +164,7 @@ func SetPolicyLabel(report reportsv1.ReportInterface, policy engineapi.GenericPo controllerutils.SetLabel(report, PolicyLabel(policy), policy.GetResourceVersion()) } -func SetPolicyExceptionLabel(report reportsv1.ReportInterface, exception kyvernov2beta1.PolicyException) { +func SetPolicyExceptionLabel(report reportsv1.ReportInterface, exception kyvernov2.PolicyException) { controllerutils.SetLabel(report, PolicyExceptionLabel(exception), exception.GetResourceVersion()) } diff --git a/pkg/validation/exception/validate.go b/pkg/validation/exception/validate.go index 17462e584e..f077774995 100644 --- a/pkg/validation/exception/validate.go +++ b/pkg/validation/exception/validate.go @@ -4,7 +4,7 @@ import ( "context" "github.com/go-logr/logr" - kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" ) const ( @@ -18,7 +18,7 @@ type ValidationOptions struct { } // Validate checks policy exception is valid -func Validate(ctx context.Context, logger logr.Logger, polex *kyvernov2beta1.PolicyException, opts ValidationOptions) ([]string, error) { +func Validate(ctx context.Context, logger logr.Logger, polex *kyvernov2.PolicyException, opts ValidationOptions) ([]string, error) { var warnings []string if !opts.Enabled { warnings = append(warnings, disabledPolex) diff --git a/pkg/webhooks/resource/fake.go b/pkg/webhooks/resource/fake.go index 2c93df6c01..8dd04bdc61 100644 --- a/pkg/webhooks/resource/fake.go +++ b/pkg/webhooks/resource/fake.go @@ -40,7 +40,7 @@ func NewFakeHandlers(ctx context.Context, policyCache policycache.Cache) *resour dclient := dclient.NewEmptyFakeClient() configuration := config.NewDefaultConfiguration(false) urLister := kyvernoInformers.Kyverno().V2().UpdateRequests().Lister().UpdateRequests(config.KyvernoNamespace()) - peLister := kyvernoInformers.Kyverno().V2beta1().PolicyExceptions().Lister() + peLister := kyvernoInformers.Kyverno().V2().PolicyExceptions().Lister() jp := jmespath.New(configuration) rclient := registryclient.NewOrDie()