mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-23 00:01:55 +00:00
Code Activity

feat: mock list resources in context (#12380)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2025-03-11 18:21:30 +01:00 committed by GitHub
parent 4dc9296eb1
commit 9f70209361
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 589 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
cmd/cli/kubectl-kyverno/apis/v1alpha1/context.go
View file

@ -1,6 +1,7 @@
package v1alpha1
import (
"github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
@ -19,4 +20,17 @@ type Context struct {
type ContextSpec struct {
Resources []unstructured.Unstructured `json:"resources,omitempty"`
Images []ImageData `json:"images,omitempty"`
}
type ImageData struct {
Image string `json:"image"`
ResolvedImage string `json:"resolvedImage"`
Registry string `json:"registry"`
Repository string `json:"repository"`
Tag string `json:"tag,omitempty"`
Digest string `json:"digest,omitempty"`
ImageIndex v1alpha1.Any `json:"imageIndex,omitempty"`
Manifest v1alpha1.Any `json:"manifest,omitempty"`
ConfigData v1alpha1.Any `json:"config,omitempty"`
}

34
cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_contexts.yaml
View file

@ -38,6 +38,40 @@ spec:
type: object
spec:
properties:
images:
items:
properties:
config:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
digest:
type: string
image:
type: string
imageIndex:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
manifest:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
registry:
type: string
repository:
type: string
resolvedImage:
type: string
tag:
type: string
required:
- image
- registry
- repository
- resolvedImage
type: object
type: array
resources:
items:
type: object

34
cmd/cli/kubectl-kyverno/data/crds/cli.kyverno.io_contexts.yaml
View file

@ -38,6 +38,40 @@ spec:
type: object
spec:
properties:
images:
items:
properties:
config:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
digest:
type: string
image:
type: string
imageIndex:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
manifest:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
registry:
type: string
repository:
type: string
resolvedImage:
type: string
tag:
type: string
required:
- image
- registry
- repository
- resolvedImage
type: object
type: array
resources:
items:
type: object

133
docs/user/cli/crd/index.html
View file

@ -103,6 +103,18 @@ ContextSpec
<td>
</td>
</tr>
<tr>
<td>
<code>images</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.ImageData">
[]ImageData
</a>
</em>
</td>
<td>
</td>
</tr>
</table>
</td>
</tr>
@ -531,6 +543,127 @@ github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any
<td>
</td>
</tr>
<tr>
<td>
<code>images</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.ImageData">
[]ImageData
</a>
</em>
</td>
<td>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.ImageData">ImageData
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.ContextSpec">ContextSpec</a>)
</p>
<p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>image</code><br/>
<em>
string
</em>
</td>
<td>
</td>
</tr>
<tr>
<td>
<code>resolvedImage</code><br/>
<em>
string
</em>
</td>
<td>
</td>
</tr>
<tr>
<td>
<code>registry</code><br/>
<em>
string
</em>
</td>
<td>
</td>
</tr>
<tr>
<td>
<code>repository</code><br/>
<em>
string
</em>
</td>
<td>
</td>
</tr>
<tr>
<td>
<code>tag</code><br/>
<em>
string
</em>
</td>
<td>
</td>
</tr>
<tr>
<td>
<code>digest</code><br/>
<em>
string
</em>
</td>
<td>
</td>
</tr>
<tr>
<td>
<code>imageIndex</code><br/>
<em>
github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any
</em>
</td>
<td>
</td>
</tr>
<tr>
<td>
<code>manifest</code><br/>
<em>
github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any
</em>
</td>
<td>
</td>
</tr>
<tr>
<td>
<code>config</code><br/>
<em>
github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any
</em>
</td>
<td>
</td>
</tr>
</tbody>
</table>
<hr />

347
docs/user/cli/crd/kyverno_kubectl.v1alpha1.html
View file

@ -162,6 +162,36 @@
</td>
</tr>
<tr>
<td><code>images</code>
<span style="color:blue;"> *</span>
</br>
<a href="#cli-kyverno-io-v1alpha1-ImageData">
<span style="font-family: monospace">[]ImageData</span>
</a>
</td>
<td>
</td>
</tr>
@ -1064,6 +1094,323 @@ This field is deprecated, use <code>metadata.name</code> instead</p>
</td>
</tr>
<tr>
<td><code>images</code>
<span style="color:blue;"> *</span>
</br>
<a href="#cli-kyverno-io-v1alpha1-ImageData">
<span style="font-family: monospace">[]ImageData</span>
</a>
</td>
<td>
</td>
</tr>
</tbody>
</table>
<H3 id="cli-kyverno-io-v1alpha1-ImageData">ImageData
</H3>
<p>
(<em>Appears in:</em>
<a href="#cli-kyverno-io-v1alpha1-ContextSpec">ContextSpec</a>)
</p>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>image</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>resolvedImage</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>registry</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>repository</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>tag</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>digest</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>imageIndex</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>manifest</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>config</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any</span>
</td>
<td>
</td>
</tr>

31
pkg/cel/policy/context.go
View file

@ -119,16 +119,7 @@ func (cp *contextProvider) ListResources(apiVersion, resource, namespace string)
if err != nil {
return nil, err
}
var resourceInteface dynamic.ResourceInterface
client := cp.dclient.Resource(groupVersion.WithResource(resource))
if namespace != "" {
resourceInteface = client.Namespace(namespace)
} else {
resourceInteface = client
}
resourceInteface := cp.getResourceClient(groupVersion, resource, namespace)
return resourceInteface.List(context.TODO(), metav1.ListOptions{})
}
@ -137,19 +128,19 @@ func (cp *contextProvider) GetResource(apiVersion, resource, namespace, name str
if err != nil {
return nil, err
}
var resourceInteface dynamic.ResourceInterface
client := cp.dclient.Resource(groupVersion.WithResource(resource))
if namespace != "" {
resourceInteface = client.Namespace(namespace)
} else {
resourceInteface = client
}
resourceInteface := cp.getResourceClient(groupVersion, resource, namespace)
return resourceInteface.Get(context.TODO(), name, metav1.GetOptions{})
}
func (cp *contextProvider) ParseImageReference(image string) (imagedataloader.ImageReference, error) {
return imagedataloader.ParseImageReference(image)
}
func (cp *contextProvider) getResourceClient(groupVersion schema.GroupVersion, resource string, namespace string) dynamic.ResourceInterface {
client := cp.dclient.Resource(groupVersion.WithResource(resource))
if namespace != "" {
return client.Namespace(namespace)
} else {
return client
}
}

17
pkg/cel/policy/fake_context.go
View file

@ -1,6 +1,8 @@
package policy
import (
"fmt"
"github.com/kyverno/kyverno/pkg/imageverification/imagedataloader"
kerrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -55,7 +57,20 @@ func (cp *FakeContextProvider) ParseImageReference(image string) (imagedataloade
}
func (cp *FakeContextProvider) ListResources(apiVersion, resource, namespace string) (*unstructured.UnstructuredList, error) {
panic("not implemented")
gv, err := schema.ParseGroupVersion(apiVersion)
if err != nil {
return nil, err
}
gvr := gv.WithResource(resource)
resources := cp.resources[gvr.String()]
if resources == nil {
return nil, kerrors.NewBadRequest(fmt.Sprintf("%s resource not found", gvr.GroupResource()))
}
var out unstructured.UnstructuredList
for _, obj := range resources[namespace] {
out.Items = append(out.Items, *obj)
}
return &out, nil
}
func (cp *FakeContextProvider) GetResource(apiVersion, resource, namespace, name string) (*unstructured.Unstructured, error) {