mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

522 revising setting of global state

Browse source
This commit is contained in:
shravan 2020-01-24 18:53:51 +05:30
parent a3bcde6f1e
commit a959c4969e
2 changed files with 47 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
pkg/policy/validation.go
View file

@ -1,13 +1,15 @@
package policy package policy
import ( import (
"compress/gzip"
"fmt" "fmt"
"io/ioutil" "net/http"
"os"
"strconv" "strconv"
"strings" "strings"
"sync" "sync"
"github.com/golang/glog"
"github.com/nirmata/kyverno/pkg/engine" "github.com/nirmata/kyverno/pkg/engine"
"github.com/nirmata/kyverno/pkg/engine/context" "github.com/nirmata/kyverno/pkg/engine/context"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -29,12 +31,17 @@ var validationGlobalState struct {
isSet bool isSet bool
} }
func init() {
err := setValidationGlobalState()
if err != nil {
panic(err)
}
}
func ValidatePolicyMutation(policy v1.ClusterPolicy) error { func ValidatePolicyMutation(policy v1.ClusterPolicy) error {
if validationGlobalState.isSet == false { if validationGlobalState.isSet == false {
err := setValidationGlobalState() glog.V(4).Info("Cannot Validate policy: Validation global state not set")
if err != nil { return nil
return err
}
} }
var kindToRules = make(map[string][]v1.Rule) var kindToRules = make(map[string][]v1.Rule)
@ -80,11 +87,10 @@ func ValidatePolicyMutation(policy v1.ClusterPolicy) error {
func ValidateResource(patchedResource interface{}, kind string) error { func ValidateResource(patchedResource interface{}, kind string) error {
if validationGlobalState.isSet == false { if validationGlobalState.isSet == false {
err := setValidationGlobalState() glog.V(4).Info("Cannot Validate resource: Validation global state not set")
if err != nil { return nil
return err
}
} }
kind = "io.k8s.api.core.v1." + kind kind = "io.k8s.api.core.v1." + kind
schema := validationGlobalState.models.LookupModel(kind) schema := validationGlobalState.models.LookupModel(kind)
@ -105,39 +111,45 @@ func ValidateResource(patchedResource interface{}, kind string) error {
} }
func setValidationGlobalState() error { func setValidationGlobalState() error {
var err error if validationGlobalState.isSet == false {
validationGlobalState.document, err = getSchemaDocument("./swagger.json") var err error
if err != nil { validationGlobalState.document, err = getSchemaDocument()
return err if err != nil {
return err
}
validationGlobalState.definitions = make(map[string]*openapi_v2.Schema)
for _, definition := range validationGlobalState.document.GetDefinitions().AdditionalProperties {
validationGlobalState.definitions[definition.GetName()] = definition.GetValue()
}
validationGlobalState.models, err = proto.NewOpenAPIData(validationGlobalState.document)
if err != nil {
return err
}
validationGlobalState.isSet = true
} }
validationGlobalState.definitions = make(map[string]*openapi_v2.Schema)
for _, definition := range validationGlobalState.document.GetDefinitions().AdditionalProperties {
validationGlobalState.definitions[definition.GetName()] = definition.GetValue()
}
validationGlobalState.models, err = proto.NewOpenAPIData(validationGlobalState.document)
if err != nil {
return err
}
validationGlobalState.isSet = true
return nil return nil
} }
func getSchemaDocument(path string) (*openapi_v2.Document, error) { func getSchemaDocument() (*openapi_v2.Document, error) {
_, err := os.Stat(path) docReq, _ := http.NewRequest("GET", "https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/swagger.json", nil)
docReq.Header.Set("accept-encoding", "gzip")
doc, err := http.DefaultClient.Do(docReq)
if err != nil {
return nil, fmt.Errorf("Could not fetch openapi document from the internet, underlying error : %v", err)
}
gzipReader, err := gzip.NewReader(doc.Body)
defer gzipReader.Close()
if err != nil { if err != nil {
return nil, err return nil, err
} }
specRaw, err := ioutil.ReadFile(path)
if err != nil {
return nil, err
}
var spec yaml.MapSlice var spec yaml.MapSlice
err = yaml.Unmarshal(specRaw, &spec) err = yaml.NewDecoder(gzipReader).Decode(&spec)
if err != nil { if err != nil {
return nil, err return nil, err
} }

1
pkg/policy/validation_test.go
View file

@ -8,6 +8,7 @@ import (
) )
func Test_ValidateMutationPolicy(t *testing.T) { func Test_ValidateMutationPolicy(t *testing.T) {
setValidationGlobalState()
tcs := []struct { tcs := []struct {
description string description string