mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
refactor: introduce autogen interface (#11418)
* refactor: introduce autogen interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
9a8e35d787
commit
a5e082303d
31 changed files with 147 additions and 74 deletions
|
|
@ -25,7 +25,7 @@ import (
|
|||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/userinfo"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/variables"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
"github.com/kyverno/kyverno/pkg/config"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
|
|
@ -213,7 +213,7 @@ func (c *ApplyCommandConfig) applyCommandHelper(out io.Writer) (*processor.Resul
|
|||
if !c.Stdin && !c.PolicyReport && !c.GenerateExceptions {
|
||||
var policyRulesCount int
|
||||
for _, policy := range policies {
|
||||
policyRulesCount += len(autogenv1.ComputeRules(policy, ""))
|
||||
policyRulesCount += len(autogen.Default.ComputeRules(policy, ""))
|
||||
}
|
||||
policyRulesCount += len(vaps)
|
||||
if len(exceptions) > 0 {
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ import (
|
|||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/variables"
|
||||
"github.com/kyverno/kyverno/ext/output/pluralize"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/background/generate"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
"github.com/kyverno/kyverno/pkg/config"
|
||||
|
|
@ -109,7 +109,7 @@ func runTest(out io.Writer, testCase test.TestCase, registryAccess bool) ([]engi
|
|||
// TODO document the code below
|
||||
ruleToCloneSourceResource := map[string]string{}
|
||||
for _, policy := range results.Policies {
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, res := range testCase.Test.Results {
|
||||
if res.IsValidatingAdmissionPolicy {
|
||||
continue
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import (
|
|||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/background/generate"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
"github.com/kyverno/kyverno/pkg/config"
|
||||
|
|
@ -47,7 +47,7 @@ func handleGeneratePolicy(out io.Writer, store *store.Store, generateResponse *e
|
|||
listKinds := map[schema.GroupVersionResource]string{}
|
||||
|
||||
// Collect items in a potential cloneList to provide list kinds to the fake dynamic client.
|
||||
for _, rule := range autogenv1.ComputeRules(policyContext.Policy(), "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policyContext.Policy(), "") {
|
||||
if !rule.HasGenerate() || len(rule.Generation.CloneList.Kinds) == 0 {
|
||||
continue
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ package processor
|
|||
|
||||
import (
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/policy/annotations"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
)
|
||||
|
||||
|
|
@ -32,7 +32,7 @@ func (rc *ResultCounts) addEngineResponse(auditWarn bool, response engineapi.Eng
|
|||
}
|
||||
policy := genericPolicy.AsKyvernoPolicy()
|
||||
scored := annotations.Scored(policy.GetAnnotations())
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
if rule.HasValidate() || rule.HasVerifyImageChecks() || rule.HasVerifyImages() {
|
||||
for _, valResponseRule := range response.PolicyResponse.Rules {
|
||||
if rule.Name == valResponseRule.Name() {
|
||||
|
|
@ -69,7 +69,7 @@ func (rc *ResultCounts) addGenerateResponse(response engineapi.EngineResponse) {
|
|||
return
|
||||
}
|
||||
policy := genericPolicy.AsKyvernoPolicy()
|
||||
for _, policyRule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, policyRule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, ruleResponse := range response.PolicyResponse.Rules {
|
||||
if policyRule.Name == ruleResponse.Name() {
|
||||
if ruleResponse.Status() == engineapi.RuleStatusPass {
|
||||
|
|
@ -90,7 +90,7 @@ func (rc *ResultCounts) addMutateResponse(response engineapi.EngineResponse) boo
|
|||
}
|
||||
policy := genericPolicy.AsKyvernoPolicy()
|
||||
var policyHasMutate bool
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
if rule.HasMutate() {
|
||||
policyHasMutate = true
|
||||
}
|
||||
|
|
@ -99,7 +99,7 @@ func (rc *ResultCounts) addMutateResponse(response engineapi.EngineResponse) boo
|
|||
return false
|
||||
}
|
||||
printMutatedRes := false
|
||||
for _, policyRule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, policyRule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, mutateResponseRule := range response.PolicyResponse.Rules {
|
||||
if policyRule.Name == mutateResponseRule.Name() {
|
||||
if mutateResponseRule.Status() == engineapi.RuleStatusPass {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ import (
|
|||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/source"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||
admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
|
||||
|
|
@ -89,7 +89,7 @@ func GetResourceAccordingToResourcePath(
|
|||
|
||||
func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subresources []v1alpha1.Subresource, dClient dclient.Interface) sets.Set[string] {
|
||||
knownkinds := sets.New[string]()
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, kind := range rule.MatchResources.ResourceDescription.Kinds {
|
||||
k, err := getKind(kind, subresources, dClient)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ import (
|
|||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||
"github.com/kyverno/kyverno/pkg/validatingadmissionpolicy"
|
||||
|
|
@ -130,7 +130,7 @@ func GetResourcesWithTest(out io.Writer, fs billy.Filesystem, policies []kyverno
|
|||
resources := make([]*unstructured.Unstructured, 0)
|
||||
resourceTypesMap := make(map[string]bool)
|
||||
for _, policy := range policies {
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
resourceTypesMap[kind] = true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ import (
|
|||
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -23,7 +23,7 @@ func (r *KyvernoResources) FetchResourcesFromPolicy(out io.Writer, resourcePaths
|
|||
var subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource
|
||||
|
||||
for _, policy := range r.policies {
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
var resourceTypesInRule map[schema.GroupVersionKind]bool
|
||||
resourceTypesInRule, subresourceMap = GetKindsFromRule(rule, dClient)
|
||||
for resourceKind := range resourceTypesInRule {
|
||||
|
|
|
|||
19
pkg/autogen/autogen.go
Normal file
19
pkg/autogen/autogen.go
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
package autogen
|
||||
|
||||
import (
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
autogenv2 "github.com/kyverno/kyverno/pkg/autogen/v2"
|
||||
)
|
||||
|
||||
type Autogen interface {
|
||||
GetAutogenRuleNames(kyvernov1.PolicyInterface) []string
|
||||
GetAutogenKinds(kyvernov1.PolicyInterface) []string
|
||||
ComputeRules(kyvernov1.PolicyInterface, string) []kyvernov1.Rule
|
||||
}
|
||||
|
||||
var (
|
||||
V1 Autogen = autogenv1.New()
|
||||
V2 Autogen = autogenv2.New()
|
||||
Default Autogen = V1
|
||||
)
|
||||
31
pkg/autogen/v1/v1.go
Normal file
31
pkg/autogen/v1/v1.go
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
package v1
|
||||
|
||||
import (
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
)
|
||||
|
||||
type v1 struct{}
|
||||
|
||||
func New() v1 {
|
||||
return v1{}
|
||||
}
|
||||
|
||||
func (a v1) GetAutogenRuleNames(p kyvernov1.PolicyInterface) []string {
|
||||
var out []string //nolint:prealloc
|
||||
for _, rule := range a.ComputeRules(p, "") {
|
||||
out = append(out, rule.Name)
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
func (a v1) GetAutogenKinds(p kyvernov1.PolicyInterface) []string {
|
||||
var out []string
|
||||
for _, rule := range a.ComputeRules(p, "") {
|
||||
out = append(out, rule.MatchResources.GetKinds()...)
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
func (a v1) ComputeRules(p kyvernov1.PolicyInterface, kind string) []kyvernov1.Rule {
|
||||
return ComputeRules(p, kind)
|
||||
}
|
||||
|
|
@ -246,7 +246,7 @@ func GetAutogenRuleNames(p kyvernov1.PolicyInterface) []string {
|
|||
return out
|
||||
}
|
||||
|
||||
// GetRelevantKinds extracts the resource kinds from the match.resources field of the rules.
|
||||
// GetAutogenKinds extracts the resource kinds from the match.resources field of the rules.
|
||||
func GetAutogenKinds(p kyvernov1.PolicyInterface) []string {
|
||||
spec := p.GetSpec()
|
||||
applyAutoGen, desiredControllers := CanAutoGen(spec)
|
||||
|
|
|
|||
24
pkg/autogen/v2/v2.go
Normal file
24
pkg/autogen/v2/v2.go
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
package v2
|
||||
|
||||
import (
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
v1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
)
|
||||
|
||||
type v2 struct{}
|
||||
|
||||
func New() v2 {
|
||||
return v2{}
|
||||
}
|
||||
|
||||
func (a v2) GetAutogenRuleNames(p kyvernov1.PolicyInterface) []string {
|
||||
return GetAutogenRuleNames(p)
|
||||
}
|
||||
|
||||
func (a v2) GetAutogenKinds(p kyvernov1.PolicyInterface) []string {
|
||||
return GetAutogenKinds(p)
|
||||
}
|
||||
|
||||
func (a v2) ComputeRules(p kyvernov1.PolicyInterface, kind string) []kyvernov1.Rule {
|
||||
return v1.ComputeRules(p, kind)
|
||||
}
|
||||
|
|
@ -10,7 +10,7 @@ import (
|
|||
"github.com/go-logr/logr"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
|
||||
autogenv2 "github.com/kyverno/kyverno/pkg/autogen/v2"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
|
||||
kyvernov2informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2"
|
||||
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
||||
|
|
@ -155,7 +155,7 @@ func (c *controller) buildRuleIndex(key string, policy kyvernov1.PolicyInterface
|
|||
return 0
|
||||
})
|
||||
index := ruleIndex{}
|
||||
for _, name := range autogenv2.GetAutogenRuleNames(policy) {
|
||||
for _, name := range autogen.Default.GetAutogenRuleNames(policy) {
|
||||
for _, polex := range polexList {
|
||||
if polex.Contains(key, name) {
|
||||
index[name] = append(index[name], polex)
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ import (
|
|||
"sync"
|
||||
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
|
||||
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
||||
"github.com/kyverno/kyverno/pkg/metrics"
|
||||
|
|
@ -111,7 +111,7 @@ func (c *controller) reportPolicy(ctx context.Context, policy kyvernov1.PolicyIn
|
|||
attribute.String("policy_type", string(policyType)),
|
||||
attribute.String("policy_background_mode", string(backgroundMode)),
|
||||
}
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
ruleType := metrics.ParseRuleType(rule)
|
||||
ruleAttributes := []attribute.KeyValue{
|
||||
attribute.String("rule_name", rule.Name),
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import (
|
|||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
|
||||
reportsv1 "github.com/kyverno/kyverno/api/reports/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
|
||||
kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
|
||||
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
||||
|
|
@ -164,7 +164,7 @@ func (c *controller) createPolicyMap() (map[string]policyMapEntry, error) {
|
|||
policy: cpol,
|
||||
rules: sets.New[string](),
|
||||
}
|
||||
for _, rule := range autogenv1.ComputeRules(cpol, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(cpol, "") {
|
||||
results[key].rules.Insert(rule.Name)
|
||||
}
|
||||
}
|
||||
|
|
@ -181,7 +181,7 @@ func (c *controller) createPolicyMap() (map[string]policyMapEntry, error) {
|
|||
policy: pol,
|
||||
rules: sets.New[string](),
|
||||
}
|
||||
for _, rule := range autogenv1.ComputeRules(pol, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(pol, "") {
|
||||
results[key].rules.Insert(rule.Name)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ import (
|
|||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
|
||||
reportsv1 "github.com/kyverno/kyverno/api/reports/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
||||
kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2"
|
||||
datautils "github.com/kyverno/kyverno/pkg/utils/data"
|
||||
|
|
@ -33,7 +33,7 @@ func CanBackgroundProcess(p kyvernov1.PolicyInterface) bool {
|
|||
func BuildKindSet(logger logr.Logger, policies ...kyvernov1.PolicyInterface) sets.Set[string] {
|
||||
kinds := sets.New[string]()
|
||||
for _, policy := range policies {
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
if rule.HasValidate() || rule.HasVerifyImages() {
|
||||
kinds.Insert(rule.MatchResources.GetKinds()...)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,8 +12,7 @@ import (
|
|||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
|
||||
"github.com/kyverno/kyverno/ext/wildcard"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
autogenv2 "github.com/kyverno/kyverno/pkg/autogen/v2"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
|
||||
kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
|
||||
kyvernov2alpha1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2alpha1"
|
||||
|
|
@ -569,7 +568,7 @@ func (c *controller) updatePolicyStatuses(ctx context.Context) error {
|
|||
status := policy.GetStatus()
|
||||
status.SetReady(ready, message)
|
||||
status.Autogen.Rules = nil
|
||||
rules := autogenv1.ComputeRules(policy, "")
|
||||
rules := autogen.Default.ComputeRules(policy, "")
|
||||
setRuleCount(rules, status)
|
||||
for _, rule := range rules {
|
||||
if strings.HasPrefix(rule.Name, "autogen-") {
|
||||
|
|
@ -1129,7 +1128,7 @@ func (gvs GroupVersionResourceScope) String() string {
|
|||
// mergeWebhook merges the matching kinds of the policy to webhook.rule
|
||||
func (c *controller) mergeWebhook(dst *webhook, policy kyvernov1.PolicyInterface, updateValidate bool) {
|
||||
var matchedGVK []string
|
||||
matchedGVK = append(matchedGVK, autogenv2.GetAutogenKinds(policy)...)
|
||||
matchedGVK = append(matchedGVK, autogen.Default.GetAutogenKinds(policy)...)
|
||||
for _, rule := range policy.GetSpec().Rules {
|
||||
// matching kinds in generate policies need to be added to both webhook
|
||||
if rule.HasGenerate() {
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ import (
|
|||
"testing"
|
||||
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"gotest.tools/assert"
|
||||
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
|
|
@ -157,7 +157,7 @@ func Test_RuleCount(t *testing.T) {
|
|||
err := json.Unmarshal([]byte(policy), &cpol)
|
||||
assert.NilError(t, err)
|
||||
status := cpol.GetStatus()
|
||||
rules := autogenv1.ComputeRules(&cpol, "")
|
||||
rules := autogen.Default.ComputeRules(&cpol, "")
|
||||
setRuleCount(rules, status)
|
||||
assert.Equal(t, status.RuleCount.Validate, 0)
|
||||
assert.Equal(t, status.RuleCount.Generate, 0)
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
|
||||
"github.com/go-logr/logr"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
"github.com/kyverno/kyverno/pkg/engine/internal"
|
||||
engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
|
||||
|
|
@ -33,7 +33,7 @@ func (e *engine) filterRules(
|
|||
policy := policyContext.Policy()
|
||||
resp := engineapi.NewPolicyResponse()
|
||||
applyRules := policy.GetSpec().GetApplyRules()
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
logger := internal.LoggerWithRule(logger, rule)
|
||||
if ruleResp := e.filterRule(rule, logger, policyContext); ruleResp != nil {
|
||||
resp.Rules = append(resp.Rules, *ruleResp)
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ import (
|
|||
fuzz "github.com/AdaLogics/go-fuzz-headers"
|
||||
|
||||
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/config"
|
||||
"github.com/kyverno/kyverno/pkg/engine/adapters"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
|
|
@ -55,7 +55,7 @@ func buildFuzzContext(ff *fuzz.ConsumeFuzzer) (*PolicyContext, error) {
|
|||
cpol := &kyverno.ClusterPolicy{}
|
||||
cpol.Spec = cpSpec
|
||||
|
||||
if len(autogenv1.ComputeRules(cpol, "")) == 0 {
|
||||
if len(autogen.Default.ComputeRules(cpol, "")) == 0 {
|
||||
return nil, fmt.Errorf("No rules created")
|
||||
}
|
||||
|
||||
|
|
@ -145,7 +145,7 @@ func FuzzEngineValidateTest(f *testing.F) {
|
|||
policy := &kyverno.ClusterPolicy{}
|
||||
policy.Spec = cpSpec
|
||||
|
||||
if len(autogenv1.ComputeRules(policy, "")) == 0 {
|
||||
if len(autogen.Default.ComputeRules(policy, "")) == 0 {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -241,7 +241,7 @@ func FuzzMutateTest(f *testing.F) {
|
|||
policy := &kyverno.ClusterPolicy{}
|
||||
policy.Spec = cpSpec
|
||||
|
||||
if len(autogenv1.ComputeRules(policy, "")) == 0 {
|
||||
if len(autogen.Default.ComputeRules(policy, "")) == 0 {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ package engine
|
|||
|
||||
import (
|
||||
"github.com/go-logr/logr"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
"github.com/kyverno/kyverno/pkg/engine/internal"
|
||||
)
|
||||
|
|
@ -13,7 +13,7 @@ func (e *engine) generateResponse(
|
|||
policyContext engineapi.PolicyContext,
|
||||
) engineapi.PolicyResponse {
|
||||
resp := engineapi.NewPolicyResponse()
|
||||
for _, rule := range autogenv1.ComputeRules(policyContext.Policy(), "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policyContext.Policy(), "") {
|
||||
logger := internal.LoggerWithRule(logger, rule)
|
||||
if ruleResp := e.filterRule(rule, logger, policyContext); ruleResp != nil {
|
||||
resp.Rules = append(resp.Rules, *ruleResp)
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
|
||||
"github.com/go-logr/logr"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
"github.com/kyverno/kyverno/pkg/engine/handlers"
|
||||
"github.com/kyverno/kyverno/pkg/engine/handlers/mutation"
|
||||
|
|
@ -28,7 +28,7 @@ func (e *engine) verifyAndPatchImages(
|
|||
policyContext.JSONContext().Checkpoint()
|
||||
defer policyContext.JSONContext().Restore()
|
||||
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
startTime := time.Now()
|
||||
logger := internal.LoggerWithRule(logger, rule)
|
||||
handlerFactory := func() (handlers.Handler, error) {
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
|
||||
"github.com/go-logr/logr"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
assertnew "github.com/stretchr/testify/assert"
|
||||
"gotest.tools/assert"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
|
|
@ -244,7 +244,7 @@ func Test_PolicyDeserilize(t *testing.T) {
|
|||
err := json.Unmarshal(rawPolicy, &policy)
|
||||
assert.NilError(t, err)
|
||||
|
||||
overlayPatches := autogenv1.ComputeRules(&policy, "")[0].Mutation.GetPatchStrategicMerge()
|
||||
overlayPatches := autogen.Default.ComputeRules(&policy, "")[0].Mutation.GetPatchStrategicMerge()
|
||||
patchString, err := json.Marshal(overlayPatches)
|
||||
assert.NilError(t, err)
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ import (
|
|||
|
||||
"github.com/go-logr/logr"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
"github.com/kyverno/kyverno/pkg/engine/handlers"
|
||||
"github.com/kyverno/kyverno/pkg/engine/handlers/mutation"
|
||||
|
|
@ -29,7 +29,7 @@ func (e *engine) mutate(
|
|||
policyContext.JSONContext().Checkpoint()
|
||||
defer policyContext.JSONContext().Restore()
|
||||
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
startTime := time.Now()
|
||||
logger := internal.LoggerWithRule(logger, rule)
|
||||
handlerFactory := func() (handlers.Handler, error) {
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import (
|
|||
|
||||
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
v2 "github.com/kyverno/kyverno/api/kyverno/v2"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
|
@ -904,7 +904,7 @@ func TestMatchesResourceDescription(t *testing.T) {
|
|||
}
|
||||
resource, _ := kubeutils.BytesToUnstructured(tc.Resource)
|
||||
|
||||
for _, rule := range autogenv1.ComputeRules(&policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(&policy, "") {
|
||||
err := MatchesResourceDescription(*resource, rule, tc.AdmissionInfo, nil, "", resource.GroupVersionKind(), "", "CREATE")
|
||||
if err != nil {
|
||||
if !tc.areErrorsExpected {
|
||||
|
|
@ -1809,7 +1809,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
|
|||
}
|
||||
resource, _ := kubeutils.BytesToUnstructured(tc.Resource)
|
||||
|
||||
for _, rule := range autogenv1.ComputeRules(&policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(&policy, "") {
|
||||
err := MatchesResourceDescription(*resource, rule, tc.AdmissionInfo, nil, "", resource.GroupVersionKind(), "", "CREATE")
|
||||
if err != nil {
|
||||
if !tc.areErrorsExpected {
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
|
||||
"github.com/go-logr/logr"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
"github.com/kyverno/kyverno/pkg/engine/handlers"
|
||||
"github.com/kyverno/kyverno/pkg/engine/handlers/validation"
|
||||
|
|
@ -27,7 +27,7 @@ func (e *engine) validate(
|
|||
defer policyContext.JSONContext().Restore()
|
||||
|
||||
gvk, _ := policyContext.ResourceKind()
|
||||
for _, rule := range autogenv1.ComputeRules(policy, gvk.Kind) {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, gvk.Kind) {
|
||||
startTime := time.Now()
|
||||
logger := internal.LoggerWithRule(logger, rule)
|
||||
handlerFactory := func() (handlers.Handler, error) {
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ import (
|
|||
"github.com/kyverno/kyverno/api/kyverno"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/background/common"
|
||||
backgroundcommon "github.com/kyverno/kyverno/pkg/background/common"
|
||||
generateutils "github.com/kyverno/kyverno/pkg/background/generate"
|
||||
|
|
@ -146,7 +146,7 @@ func (pc *policyController) handleGenerateForExisting(policy kyvernov1.PolicyInt
|
|||
func (pc *policyController) createURForDownstreamDeletion(policy kyvernov1.PolicyInterface) error {
|
||||
var errs []error
|
||||
var err error
|
||||
rules := autogenv1.ComputeRules(policy, "")
|
||||
rules := autogen.Default.ComputeRules(policy, "")
|
||||
ur := newGenerateUR(policy)
|
||||
for _, r := range rules {
|
||||
if !r.HasGenerate() {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ import (
|
|||
"testing"
|
||||
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||
"gotest.tools/assert"
|
||||
kubecache "k8s.io/client-go/tools/cache"
|
||||
|
|
@ -28,7 +28,7 @@ func Test_All(t *testing.T) {
|
|||
finder := TestResourceFinder{}
|
||||
//add
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
gvrs, err := finder.FindResources(group, version, kind, subresource)
|
||||
|
|
@ -64,7 +64,7 @@ func Test_Add_Duplicate_Policy(t *testing.T) {
|
|||
setPolicy(t, pCache, policy, finder)
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
gvrs, err := finder.FindResources(group, version, kind, subresource)
|
||||
|
|
@ -97,7 +97,7 @@ func Test_Add_Validate_Audit(t *testing.T) {
|
|||
policy.Spec.ValidationFailureAction = "audit"
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
gvrs, err := finder.FindResources(group, version, kind, subresource)
|
||||
|
|
@ -894,7 +894,7 @@ func Test_Ns_All(t *testing.T) {
|
|||
//add
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
nspace := policy.GetNamespace()
|
||||
rules := autogenv1.ComputeRules(policy, "")
|
||||
rules := autogen.Default.ComputeRules(policy, "")
|
||||
for _, rule := range rules {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
|
|
@ -931,7 +931,7 @@ func Test_Ns_Add_Duplicate_Policy(t *testing.T) {
|
|||
setPolicy(t, pCache, policy, finder)
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
nspace := policy.GetNamespace()
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
gvrs, err := finder.FindResources(group, version, kind, subresource)
|
||||
|
|
@ -964,7 +964,7 @@ func Test_Ns_Add_Validate_Audit(t *testing.T) {
|
|||
policy.GetSpec().ValidationFailureAction = "audit"
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
gvrs, err := finder.FindResources(group, version, kind, subresource)
|
||||
|
|
@ -1007,7 +1007,7 @@ func Test_GVk_Cache(t *testing.T) {
|
|||
finder := TestResourceFinder{}
|
||||
//add
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
gvrs, err := finder.FindResources(group, version, kind, subresource)
|
||||
|
|
@ -1045,7 +1045,7 @@ func Test_Add_Validate_Enforce(t *testing.T) {
|
|||
finder := TestResourceFinder{}
|
||||
//add
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
gvrs, err := finder.FindResources(group, version, kind, subresource)
|
||||
|
|
@ -1086,7 +1086,7 @@ func Test_Mutate_Policy(t *testing.T) {
|
|||
setPolicy(t, pCache, policy, finder)
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
gvrs, err := finder.FindResources(group, version, kind, subresource)
|
||||
|
|
@ -1108,7 +1108,7 @@ func Test_Generate_Policy(t *testing.T) {
|
|||
finder := TestResourceFinder{}
|
||||
//add
|
||||
setPolicy(t, pCache, policy, finder)
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
gvrs, err := finder.FindResources(group, version, kind, subresource)
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import (
|
|||
"sync"
|
||||
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||
"go.uber.org/multierr"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -111,7 +111,7 @@ func (m *policyMap) set(key string, policy kyvernov1.PolicyInterface, client Res
|
|||
hasMutate, hasValidate, hasGenerate, hasVerifyImages, hasImagesValidationChecks bool
|
||||
}
|
||||
kindStates := map[policyKey]state{}
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
if rule.HasValidate() {
|
||||
action := rule.Validation.FailureAction
|
||||
if action != nil && action.Enforce() {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ import (
|
|||
"regexp"
|
||||
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
)
|
||||
|
||||
var ForbiddenUserVariables = []*regexp.Regexp{
|
||||
|
|
@ -18,7 +18,7 @@ var ForbiddenUserVariables = []*regexp.Regexp{
|
|||
|
||||
// containsUserVariables returns error if variable that does not start from request.object
|
||||
func containsUserVariables(policy kyvernov1.PolicyInterface, vars [][]string) error {
|
||||
rules := autogenv1.ComputeRules(policy, "")
|
||||
rules := autogen.Default.ComputeRules(policy, "")
|
||||
for idx := range rules {
|
||||
if err := hasUserMatchExclude(idx, &rules[idx]); err != nil {
|
||||
return err
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ import (
|
|||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
|
||||
"github.com/kyverno/kyverno/ext/wildcard"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
|
||||
|
|
@ -232,7 +232,7 @@ func Validate(policy, oldPolicy kyvernov1.PolicyInterface, client dclient.Interf
|
|||
return warnings, err
|
||||
}
|
||||
|
||||
rules := autogenv1.ComputeRules(policy, "")
|
||||
rules := autogen.Default.ComputeRules(policy, "")
|
||||
rulesPath := specPath.Child("rules")
|
||||
|
||||
for i, rule := range rules {
|
||||
|
|
@ -549,7 +549,7 @@ func ValidateVariables(p kyvernov1.PolicyInterface, backgroundMode bool) error {
|
|||
|
||||
// hasInvalidVariables - checks for unexpected variables in the policy
|
||||
func hasInvalidVariables(policy kyvernov1.PolicyInterface, background bool) error {
|
||||
for _, r := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, r := range autogen.Default.ComputeRules(policy, "") {
|
||||
ruleCopy := r.DeepCopy()
|
||||
|
||||
if err := ruleForbiddenSectionsHaveVariables(ruleCopy); err != nil {
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import (
|
|||
"github.com/go-logr/logr"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
|
||||
autogenv1 "github.com/kyverno/kyverno/pkg/autogen/v1"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
"github.com/kyverno/kyverno/pkg/event"
|
||||
datautils "github.com/kyverno/kyverno/pkg/utils/data"
|
||||
|
|
@ -54,7 +54,7 @@ func (h *resourceHandlers) handleMutateExisting(ctx context.Context, logger logr
|
|||
|
||||
// skip rules that don't specify the DELETE operation in case the admission request is of type DELETE
|
||||
var skipped []string
|
||||
for _, rule := range autogenv1.ComputeRules(policy, "") {
|
||||
for _, rule := range autogen.Default.ComputeRules(policy, "") {
|
||||
if request.AdmissionRequest.Operation == admissionv1.Delete && !webhookutils.MatchDeleteOperation(rule) {
|
||||
skipped = append(skipped, rule.Name)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue