From 9af6bf9003a8b6174ec4a8115fe91965dbd24020 Mon Sep 17 00:00:00 2001 From: shivkumar dudhani Date: Mon, 12 Aug 2019 10:02:07 -0700 Subject: [PATCH] update testing v1 --- definitions/install_debug.yaml | 1 - .../kyverno/v1alpha1/zz_generated.deepcopy.go | 18 ++++++++++++++++++ pkg/policyviolation/controller.go | 2 +- pkg/policyviolation/helpers.go | 1 + pkg/webhooks/report.go | 17 +++++++++++++---- pkg/webhooks/server.go | 5 +++++ pkg/webhooks/validation.go | 2 +- 7 files changed, 39 insertions(+), 7 deletions(-) diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml index 9aadecd9a5..0d50728fdd 100644 --- a/definitions/install_debug.yaml +++ b/definitions/install_debug.yaml @@ -218,6 +218,5 @@ spec: required: - name - type - - status - message --- \ No newline at end of file diff --git a/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go b/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go index 72e050cb39..16fa7b7f56 100644 --- a/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go @@ -178,6 +178,7 @@ func (in *PolicyViolation) DeepCopyInto(out *PolicyViolation) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) return } @@ -254,6 +255,23 @@ func (in *PolicyViolationSpec) DeepCopy() *PolicyViolationSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyViolationStatus) DeepCopyInto(out *PolicyViolationStatus) { + *out = *in + in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationStatus. +func (in *PolicyViolationStatus) DeepCopy() *PolicyViolationStatus { + if in == nil { + return nil + } + out := new(PolicyViolationStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResourceDescription) DeepCopyInto(out *ResourceDescription) { *out = *in diff --git a/pkg/policyviolation/controller.go b/pkg/policyviolation/controller.go index 86922390c9..001e0ebe58 100644 --- a/pkg/policyviolation/controller.go +++ b/pkg/policyviolation/controller.go @@ -84,7 +84,7 @@ func NewPolicyViolationController(client *client.Client, kyvernoClient *kyvernoc pvc.pLister = pInformer.Lister() pvc.pvLister = pvInformer.Lister() pvc.pListerSynced = pInformer.Informer().HasSynced - pvc.pvListerSynced = pInformer.Informer().HasSynced + pvc.pvListerSynced = pvInformer.Informer().HasSynced return &pvc, nil } diff --git a/pkg/policyviolation/helpers.go b/pkg/policyviolation/helpers.go index ee3aa94bf2..cff6e6f0c6 100644 --- a/pkg/policyviolation/helpers.go +++ b/pkg/policyviolation/helpers.go @@ -15,5 +15,6 @@ func BuildPolicyViolation(policy string, resource kyverno.ResourceSpec, fRules [ } //TODO: check if this can be removed or use unstructured? // pv.Kind = "PolicyViolation" + pv.SetGenerateName("pv-") return pv } diff --git a/pkg/webhooks/report.go b/pkg/webhooks/report.go index 64c5484158..c81f867a03 100644 --- a/pkg/webhooks/report.go +++ b/pkg/webhooks/report.go @@ -16,6 +16,7 @@ import ( "github.com/nirmata/kyverno/pkg/event" "github.com/nirmata/kyverno/pkg/info" "github.com/nirmata/kyverno/pkg/policyviolation" + "k8s.io/client-go/tools/cache" ) //TODO: change validation from bool -> enum(validation, mutation) @@ -125,7 +126,7 @@ func buildPolicyViolationsForAPolicy(pi info.PolicyInfo) kyverno.PolicyViolation } //generatePolicyViolations generate policyViolation resources for the rules that failed -func generatePolicyViolations(pvLister lister.PolicyViolationLister, client *kyvernoclient.Clientset, policyInfos []info.PolicyInfo) { +func generatePolicyViolations(pvListerSynced cache.InformerSynced, pvLister lister.PolicyViolationLister, client *kyvernoclient.Clientset, policyInfos []info.PolicyInfo) { var pvs []kyverno.PolicyViolation for _, policyInfo := range policyInfos { if !policyInfo.IsSuccessful() { @@ -141,7 +142,7 @@ func generatePolicyViolations(pvLister lister.PolicyViolationLister, client *kyv glog.V(4).Infof("creating policyViolation resource for policy %s and resource %s/%s/%s", newPv.Spec.Policy, newPv.Spec.Kind, newPv.Spec.Namespace, newPv.Spec.Name) // check if there was a previous violation for policy & resource combination - curPv, err := getExistingPolicyViolationIfAny(pvLister, newPv) + curPv, err := getExistingPolicyViolationIfAny(pvListerSynced, pvLister, newPv) if err != nil { continue } @@ -171,9 +172,9 @@ func generatePolicyViolations(pvLister lister.PolicyViolationLister, client *kyv } //TODO: change the name -func getExistingPolicyViolationIfAny(pvLister lister.PolicyViolationLister, newPv kyverno.PolicyViolation) (*kyverno.PolicyViolation, error) { +func getExistingPolicyViolationIfAny(pvListerSynced cache.InformerSynced, pvLister lister.PolicyViolationLister, newPv kyverno.PolicyViolation) (*kyverno.PolicyViolation, error) { // TODO: check for existing ov using label selectors on resource and policy - labelMap := map[string]string{"policy": newPv.Spec.Name, "resource": newPv.Spec.ResourceSpec.ToKey()} + labelMap := map[string]string{"policy": newPv.Spec.Policy, "resource": newPv.Spec.ResourceSpec.ToKey()} ls := &metav1.LabelSelector{} err := metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&labelMap, ls, nil) if err != nil { @@ -186,6 +187,14 @@ func getExistingPolicyViolationIfAny(pvLister lister.PolicyViolationLister, newP return nil, err } + //TODO: sync the cache before reading from it ? + // check is this is needed ? + // stopCh := make(chan struct{}, 0) + // if !cache.WaitForCacheSync(stopCh, pvListerSynced) { + // //TODO: can this be handled or avoided ? + // glog.Info("unable to sync policy violation shared informer cache, might be out of sync") + // } + pvs, err := pvLister.List(policyViolationSelector) if err != nil { glog.Errorf("unable to list policy violations with label selector %v: %v", policyViolationSelector, err) diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go index cb8507bcc7..265090e977 100644 --- a/pkg/webhooks/server.go +++ b/pkg/webhooks/server.go @@ -20,6 +20,7 @@ import ( tlsutils "github.com/nirmata/kyverno/pkg/tls" "github.com/nirmata/kyverno/pkg/utils" v1beta1 "k8s.io/api/admission/v1beta1" + "k8s.io/client-go/tools/cache" ) // WebhookServer contains configured TLS server with MutationWebhook. @@ -30,6 +31,8 @@ type WebhookServer struct { kyvernoClient *kyvernoclient.Clientset pLister lister.PolicyLister pvLister lister.PolicyViolationLister + pListerSynced cache.InformerSynced + pvListerSynced cache.InformerSynced eventGen event.Interface filterK8Resources []utils.K8Resource } @@ -61,6 +64,8 @@ func NewWebhookServer( kyvernoClient: kyvernoClient, pLister: pInformer.Lister(), pvLister: pvInormer.Lister(), + pListerSynced: pInformer.Informer().HasSynced, + pvListerSynced: pInformer.Informer().HasSynced, eventGen: eventGen, filterK8Resources: utils.ParseKinds(filterK8Resources), } diff --git a/pkg/webhooks/validation.go b/pkg/webhooks/validation.go index 7a8978ef4e..34d628e82d 100644 --- a/pkg/webhooks/validation.go +++ b/pkg/webhooks/validation.go @@ -95,7 +95,7 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1 } // ADD POLICY VIOLATIONS - generatePolicyViolations(ws.pvLister, ws.kyvernoClient, policyInfos) + generatePolicyViolations(ws.pvListerSynced, ws.pvLister, ws.kyvernoClient, policyInfos) return &v1beta1.AdmissionResponse{ Allowed: true,