522 revising setting of global state

2025-03-29 10:55:05 +00:00 · 2020-01-24 18:53:51 +05:30 · 2020-01-24 18:53:51 +05:30 · a959c4969e
commit a959c4969e
parent a3bcde6f1e
2 changed files with 47 additions and 34 deletions
--- a/pkg/policy/validation.go
+++ b/pkg/policy/validation.go
@ -1,13 +1,15 @@
 package policy

 import (
+	"compress/gzip"
 	"fmt"
-	"io/ioutil"
-	"os"
+	"net/http"
 	"strconv"
 	"strings"
 	"sync"

+	"github.com/golang/glog"
+
 	"github.com/nirmata/kyverno/pkg/engine"
 	"github.com/nirmata/kyverno/pkg/engine/context"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -29,12 +31,17 @@ var validationGlobalState struct {
 	isSet       bool
 }

+func init() {
+	err := setValidationGlobalState()
+	if err != nil {
+		panic(err)
+	}
+}
+
 func ValidatePolicyMutation(policy v1.ClusterPolicy) error {
 	if validationGlobalState.isSet == false {
-		err := setValidationGlobalState()
-		if err != nil {
-			return err
-		}
+		glog.V(4).Info("Cannot Validate policy: Validation global state not set")
+		return nil
 	}

 	var kindToRules = make(map[string][]v1.Rule)
@ -80,11 +87,10 @@ func ValidatePolicyMutation(policy v1.ClusterPolicy) error {

 func ValidateResource(patchedResource interface{}, kind string) error {
 	if validationGlobalState.isSet == false {
-		err := setValidationGlobalState()
-		if err != nil {
-			return err
-		}
+		glog.V(4).Info("Cannot Validate resource: Validation global state not set")
+		return nil
 	}
+
 	kind = "io.k8s.api.core.v1." + kind

 	schema := validationGlobalState.models.LookupModel(kind)
@ -105,39 +111,45 @@ func ValidateResource(patchedResource interface{}, kind string) error {
 }

 func setValidationGlobalState() error {
-	var err error
-	validationGlobalState.document, err = getSchemaDocument("./swagger.json")
-	if err != nil {
-		return err
+	if validationGlobalState.isSet == false {
+		var err error
+		validationGlobalState.document, err = getSchemaDocument()
+		if err != nil {
+			return err
+		}
+
+		validationGlobalState.definitions = make(map[string]*openapi_v2.Schema)
+
+		for _, definition := range validationGlobalState.document.GetDefinitions().AdditionalProperties {
+			validationGlobalState.definitions[definition.GetName()] = definition.GetValue()
+		}
+
+		validationGlobalState.models, err = proto.NewOpenAPIData(validationGlobalState.document)
+		if err != nil {
+			return err
+		}
+
+		validationGlobalState.isSet = true
 	}
-
-	validationGlobalState.definitions = make(map[string]*openapi_v2.Schema)
-
-	for _, definition := range validationGlobalState.document.GetDefinitions().AdditionalProperties {
-		validationGlobalState.definitions[definition.GetName()] = definition.GetValue()
-	}
-
-	validationGlobalState.models, err = proto.NewOpenAPIData(validationGlobalState.document)
-	if err != nil {
-		return err
-	}
-
-	validationGlobalState.isSet = true
 	return nil
 }

-func getSchemaDocument(path string) (*openapi_v2.Document, error) {
-	_, err := os.Stat(path)
+func getSchemaDocument() (*openapi_v2.Document, error) {
+	docReq, _ := http.NewRequest("GET", "https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/swagger.json", nil)
+	docReq.Header.Set("accept-encoding", "gzip")
+	doc, err := http.DefaultClient.Do(docReq)
+	if err != nil {
+		return nil, fmt.Errorf("Could not fetch openapi document from the internet, underlying error : %v", err)
+	}
+
+	gzipReader, err := gzip.NewReader(doc.Body)
+	defer gzipReader.Close()
 	if err != nil {
 		return nil, err
 	}

-	specRaw, err := ioutil.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
 	var spec yaml.MapSlice
-	err = yaml.Unmarshal(specRaw, &spec)
+	err = yaml.NewDecoder(gzipReader).Decode(&spec)
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/policy/validation_test.go
+++ b/pkg/policy/validation_test.go
@ -8,6 +8,7 @@ import (
 )

 func Test_ValidateMutationPolicy(t *testing.T) {
+	setValidationGlobalState()

 	tcs := []struct {
 		description string