1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00

fix annotation patch in mutate rule

This commit is contained in:
Shuting Zhao 2019-11-13 17:56:56 -08:00
parent 18fc8d691d
commit a1ce6e4297
4 changed files with 24 additions and 11 deletions

View file

@ -4,7 +4,6 @@ import (
"time"
"github.com/golang/glog"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
// Mutate performs mutation. Overlay first and then mutation patches
@ -34,7 +33,7 @@ func Mutate(policyContext PolicyContext) (response EngineResponse) {
response.PolicyResponse.RulesAppliedCount++
}
var patchedResource unstructured.Unstructured
patchedResource := policyContext.NewResource
for _, rule := range policy.Spec.Rules {
//TODO: to be checked before calling the resources as well
@ -61,13 +60,15 @@ func Mutate(policyContext PolicyContext) (response EngineResponse) {
// Process Overlay
if rule.Mutation.Overlay != nil {
var ruleResponse RuleResponse
ruleResponse, patchedResource = processOverlay(rule, resource)
ruleResponse, patchedResource = processOverlay(rule, patchedResource)
if ruleResponse.Success == true && ruleResponse.Patches == nil {
// overlay pattern does not match the resource conditions
glog.V(4).Infof(ruleResponse.Message)
continue
} else if ruleResponse.Success == true {
glog.Infof("Mutate overlay in rule '%s' successfully applied on %s/%s/%s", rule.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName())
}
glog.Infof("Mutate overlay in rule '%s' successfully applied on %s/%s/%s", rule.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName())
response.PolicyResponse.Rules = append(response.PolicyResponse.Rules, ruleResponse)
incrementAppliedRuleCount()
}
@ -75,7 +76,7 @@ func Mutate(policyContext PolicyContext) (response EngineResponse) {
// Process Patches
if rule.Mutation.Patches != nil {
var ruleResponse RuleResponse
ruleResponse, patchedResource = processPatches(rule, resource)
ruleResponse, patchedResource = processPatches(rule, patchedResource)
glog.Infof("Mutate patches in rule '%s' successfully applied on %s/%s/%s", rule.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName())
response.PolicyResponse.Rules = append(response.PolicyResponse.Rules, ruleResponse)
incrementAppliedRuleCount()

View file

@ -53,6 +53,11 @@ func processOverlay(rule kyverno.Rule, resource unstructured.Unstructured) (resp
}
}
if len(patches) == 0 {
response.Success = true
return response, resource
}
// convert to RAW
resourceRaw, err := resource.MarshalJSON()
if err != nil {
@ -65,11 +70,13 @@ func processOverlay(rule kyverno.Rule, resource unstructured.Unstructured) (resp
var patchResource []byte
patchResource, err = ApplyPatches(resourceRaw, patches)
if err != nil {
glog.Info("failed to apply patch")
msg := fmt.Sprintf("failed to apply JSON patches: %v", err)
glog.V(2).Info(msg)
response.Success = false
response.Message = fmt.Sprintf("failed to apply JSON patches: %v", err)
response.Message = msg
return response, resource
}
err = patchedResource.UnmarshalJSON(patchResource)
if err != nil {
glog.Infof("failed to unmarshall resource to undstructured: %v", err)

View file

@ -31,8 +31,12 @@ type response struct {
func generateAnnotationPatches(engineResponses []engine.EngineResponse) []byte {
var annotations map[string]string
if len(engineResponses) > 0 {
annotations = engineResponses[0].PatchedResource.GetAnnotations()
for _, er := range engineResponses {
if ann := er.PatchedResource.GetAnnotations(); ann != nil {
annotations = ann
break
}
}
if annotations == nil {
@ -104,7 +108,7 @@ func annotationFromEngineResponses(engineResponses []engine.EngineResponse) []by
// return nil if there's no patches
// otherwise result = null, len(result) = 4
if policyPatches == nil {
if len(policyPatches) == 0 {
return nil
}

View file

@ -59,6 +59,7 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, polic
// if not then set it from the api request
resource.SetGroupVersionKind(schema.GroupVersionKind{Group: request.Kind.Group, Version: request.Kind.Version, Kind: request.Kind.Kind})
resource.SetNamespace(request.Namespace)
var engineResponses []engine.EngineResponse
policyContext := engine.PolicyContext{
NewResource: *resource,
@ -103,6 +104,6 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, polic
}
sendStat(true)
glog.Errorf("Failed to mutate the resource\n")
glog.Errorf("Failed to mutate the resource, %s\n", getErrorMsg(engineResponses))
return false, nil, getErrorMsg(engineResponses)
}