mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity

fix: don't sort cel policies (#12028)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2025-01-29 16:00:46 +01:00 committed by GitHub
parent bff9590ebc
commit a36f8c857c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 8 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
pkg/cel/engine/provider.go
View file

@ -1,10 +1,8 @@
package engine package engine
import ( import (
"cmp"
"context" "context"
"fmt" "fmt"
"slices"
"sync" "sync"
kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1" kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
@ -59,38 +57,25 @@ func NewKubeProvider(compiler policy.Compiler, mgr ctrl.Manager) (Provider, erro
type policyReconciler struct { type policyReconciler struct {
client client.Client client client.Client
compiler policy.Compiler compiler policy.Compiler
lock *sync.Mutex lock *sync.RWMutex
policies map[string]CompiledPolicy policies map[string]CompiledPolicy
sortPolicies func() []CompiledPolicy
} }
func newPolicyReconciler(compiler policy.Compiler, client client.Client) *policyReconciler { func newPolicyReconciler(compiler policy.Compiler, client client.Client) *policyReconciler {
return &policyReconciler{ return &policyReconciler{
client: client, client: client,
compiler: compiler, compiler: compiler,
lock: &sync.Mutex{}, lock: &sync.RWMutex{},
policies: map[string]CompiledPolicy{}, policies: map[string]CompiledPolicy{},
sortPolicies: func() []CompiledPolicy {
return nil
},
} }
} }
func (r *policyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { func (r *policyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
var policy kyvernov2alpha1.ValidatingPolicy var policy kyvernov2alpha1.ValidatingPolicy
// Reset the sorted func on every reconcile so the policies get resorted in next call
resetSortPolicies := func() {
r.sortPolicies = sync.OnceValue(func() []CompiledPolicy {
r.lock.Lock()
defer r.lock.Unlock()
return mapToSortedSlice(r.policies)
})
}
err := r.client.Get(ctx, req.NamespacedName, &policy) err := r.client.Get(ctx, req.NamespacedName, &policy)
if errors.IsNotFound(err) { if errors.IsNotFound(err) {
r.lock.Lock() r.lock.Lock()
defer r.lock.Unlock() defer r.lock.Unlock()
defer resetSortPolicies()
delete(r.policies, req.NamespacedName.String()) delete(r.policies, req.NamespacedName.String())
return ctrl.Result{}, nil return ctrl.Result{}, nil
} }
@ -109,23 +94,11 @@ func (r *policyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
Policy: policy, Policy: policy,
CompiledPolicy: compiled, CompiledPolicy: compiled,
} }
resetSortPolicies()
return ctrl.Result{}, nil return ctrl.Result{}, nil
} }
func (r *policyReconciler) CompiledPolicies(ctx context.Context) ([]CompiledPolicy, error) { func (r *policyReconciler) CompiledPolicies(ctx context.Context) ([]CompiledPolicy, error) {
return slices.Clone(r.sortPolicies()), nil r.lock.RLock()
} defer r.lock.RUnlock()
return maps.Values(r.policies), nil
func mapToSortedSlice[K cmp.Ordered, V any](in map[K]V) []V {
if in == nil {
return nil
}
out := make([]V, 0, len(in))
keys := maps.Keys(in)
slices.Sort(keys)
for _, key := range keys {
out = append(out, in[key])
}
return out
} }