From 9f702093616c278bd38c708aecb05700a6d5afa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Tue, 11 Mar 2025 18:21:30 +0100 Subject: [PATCH] feat: mock list resources in context (#12380) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .../kubectl-kyverno/apis/v1alpha1/context.go | 14 + .../config/crds/cli.kyverno.io_contexts.yaml | 34 ++ .../data/crds/cli.kyverno.io_contexts.yaml | 34 ++ docs/user/cli/crd/index.html | 133 +++++++ .../cli/crd/kyverno_kubectl.v1alpha1.html | 347 ++++++++++++++++++ pkg/cel/policy/context.go | 31 +- pkg/cel/policy/fake_context.go | 17 +- 7 files changed, 589 insertions(+), 21 deletions(-) diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/context.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/context.go index 59af21eb27..19acd3942b 100644 --- a/cmd/cli/kubectl-kyverno/apis/v1alpha1/context.go +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/context.go @@ -1,6 +1,7 @@ package v1alpha1 import ( + "github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" ) @@ -19,4 +20,17 @@ type Context struct { type ContextSpec struct { Resources []unstructured.Unstructured `json:"resources,omitempty"` + Images []ImageData `json:"images,omitempty"` +} + +type ImageData struct { + Image string `json:"image"` + ResolvedImage string `json:"resolvedImage"` + Registry string `json:"registry"` + Repository string `json:"repository"` + Tag string `json:"tag,omitempty"` + Digest string `json:"digest,omitempty"` + ImageIndex v1alpha1.Any `json:"imageIndex,omitempty"` + Manifest v1alpha1.Any `json:"manifest,omitempty"` + ConfigData v1alpha1.Any `json:"config,omitempty"` } diff --git a/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_contexts.yaml b/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_contexts.yaml index 3695c6d08f..736e2b1af7 100644 --- a/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_contexts.yaml +++ b/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_contexts.yaml @@ -38,6 +38,40 @@ spec: type: object spec: properties: + images: + items: + properties: + config: + description: Any can be any type. + type: object + x-kubernetes-preserve-unknown-fields: true + digest: + type: string + image: + type: string + imageIndex: + description: Any can be any type. + type: object + x-kubernetes-preserve-unknown-fields: true + manifest: + description: Any can be any type. + type: object + x-kubernetes-preserve-unknown-fields: true + registry: + type: string + repository: + type: string + resolvedImage: + type: string + tag: + type: string + required: + - image + - registry + - repository + - resolvedImage + type: object + type: array resources: items: type: object diff --git a/cmd/cli/kubectl-kyverno/data/crds/cli.kyverno.io_contexts.yaml b/cmd/cli/kubectl-kyverno/data/crds/cli.kyverno.io_contexts.yaml index 3695c6d08f..736e2b1af7 100644 --- a/cmd/cli/kubectl-kyverno/data/crds/cli.kyverno.io_contexts.yaml +++ b/cmd/cli/kubectl-kyverno/data/crds/cli.kyverno.io_contexts.yaml @@ -38,6 +38,40 @@ spec: type: object spec: properties: + images: + items: + properties: + config: + description: Any can be any type. + type: object + x-kubernetes-preserve-unknown-fields: true + digest: + type: string + image: + type: string + imageIndex: + description: Any can be any type. + type: object + x-kubernetes-preserve-unknown-fields: true + manifest: + description: Any can be any type. + type: object + x-kubernetes-preserve-unknown-fields: true + registry: + type: string + repository: + type: string + resolvedImage: + type: string + tag: + type: string + required: + - image + - registry + - repository + - resolvedImage + type: object + type: array resources: items: type: object diff --git a/docs/user/cli/crd/index.html b/docs/user/cli/crd/index.html index a8d60a307d..74fb176795 100644 --- a/docs/user/cli/crd/index.html +++ b/docs/user/cli/crd/index.html @@ -103,6 +103,18 @@ ContextSpec + + +images
+ + +[]ImageData + + + + + + @@ -531,6 +543,127 @@ github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any + + +images
+ + +[]ImageData + + + + + + + + +
+

ImageData +

+

+(Appears on: +ContextSpec) +

+

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+image
+ +string + +		 +
+resolvedImage
+ +string + +		 +
+registry
+ +string + +		 +
+repository
+ +string + +		 +
+tag
+ +string + +		 +
+digest
+ +string + +		 +
+imageIndex
+ +github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any + +		 +
+manifest
+ +github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any + +		 +
+config
+ +github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any + +		 +
diff --git a/docs/user/cli/crd/kyverno_kubectl.v1alpha1.html b/docs/user/cli/crd/kyverno_kubectl.v1alpha1.html index 71513918fa..c782629c64 100644 --- a/docs/user/cli/crd/kyverno_kubectl.v1alpha1.html +++ b/docs/user/cli/crd/kyverno_kubectl.v1alpha1.html @@ -162,6 +162,36 @@ + + + + + + + + images + + * + +
+ + + + + + []ImageData + + + + + + + + + + + + @@ -1064,6 +1094,323 @@ This field is deprecated, use metadata.name instead

+ + + + + + + + images + + * + +
+ + + + + + []ImageData + + + + + + + + + + + + + + + + + + + + + + +

ImageData +

+ + +

+ (Appears in: + ContextSpec) +

+ + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/pkg/cel/policy/context.go b/pkg/cel/policy/context.go index ebf7e2e442..22fb3e716a 100644 --- a/pkg/cel/policy/context.go +++ b/pkg/cel/policy/context.go @@ -119,16 +119,7 @@ func (cp *contextProvider) ListResources(apiVersion, resource, namespace string) if err != nil { return nil, err } - - var resourceInteface dynamic.ResourceInterface - - client := cp.dclient.Resource(groupVersion.WithResource(resource)) - if namespace != "" { - resourceInteface = client.Namespace(namespace) - } else { - resourceInteface = client - } - + resourceInteface := cp.getResourceClient(groupVersion, resource, namespace) return resourceInteface.List(context.TODO(), metav1.ListOptions{}) } @@ -137,19 +128,19 @@ func (cp *contextProvider) GetResource(apiVersion, resource, namespace, name str if err != nil { return nil, err } - - var resourceInteface dynamic.ResourceInterface - - client := cp.dclient.Resource(groupVersion.WithResource(resource)) - if namespace != "" { - resourceInteface = client.Namespace(namespace) - } else { - resourceInteface = client - } - + resourceInteface := cp.getResourceClient(groupVersion, resource, namespace) return resourceInteface.Get(context.TODO(), name, metav1.GetOptions{}) } func (cp *contextProvider) ParseImageReference(image string) (imagedataloader.ImageReference, error) { return imagedataloader.ParseImageReference(image) } + +func (cp *contextProvider) getResourceClient(groupVersion schema.GroupVersion, resource string, namespace string) dynamic.ResourceInterface { + client := cp.dclient.Resource(groupVersion.WithResource(resource)) + if namespace != "" { + return client.Namespace(namespace) + } else { + return client + } +} diff --git a/pkg/cel/policy/fake_context.go b/pkg/cel/policy/fake_context.go index b2ed82abac..ad6b7a7ebe 100644 --- a/pkg/cel/policy/fake_context.go +++ b/pkg/cel/policy/fake_context.go @@ -1,6 +1,8 @@ package policy import ( + "fmt" + "github.com/kyverno/kyverno/pkg/imageverification/imagedataloader" kerrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -55,7 +57,20 @@ func (cp *FakeContextProvider) ParseImageReference(image string) (imagedataloade } func (cp *FakeContextProvider) ListResources(apiVersion, resource, namespace string) (*unstructured.UnstructuredList, error) { - panic("not implemented") + gv, err := schema.ParseGroupVersion(apiVersion) + if err != nil { + return nil, err + } + gvr := gv.WithResource(resource) + resources := cp.resources[gvr.String()] + if resources == nil { + return nil, kerrors.NewBadRequest(fmt.Sprintf("%s resource not found", gvr.GroupResource())) + } + var out unstructured.UnstructuredList + for _, obj := range resources[namespace] { + out.Items = append(out.Items, *obj) + } + return &out, nil } func (cp *FakeContextProvider) GetResource(apiVersion, resource, namespace, name string) (*unstructured.Unstructured, error) {
FieldDescription
image + + * + +
+ + + + + string + + + 		+ + + + + + + +
resolvedImage + + * + +
+ + + + + string + + + 		+ + + + + + + +
registry + + * + +
+ + + + + string + + + 		+ + + + + + + +
repository + + * + +
+ + + + + string + + + 		+ + + + + + + +
tag + + * + +
+ + + + + string + + + 		+ + + + + + + +
digest + + * + +
+ + + + + string + + + 		+ + + + + + + +
imageIndex + + * + +
+ + + + + github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any + + + 		+ + + + + + + +
manifest + + * + +
+ + + + + github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any + + + 		+ + + + + + + +
config + + * + +
+ + + + + github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1.Any + + + 		+ + + + + + +