mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 02:45:06 +00:00
Code Activity

fix: remove a couple DeepEqual and fix deletion check bug (#6640)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-03-22 05:46:35 +01:00 committed by GitHub
parent cdc01c56e1
commit aadaec09e1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 19 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pkg/auth/auth.go
View file

@ -3,7 +3,6 @@ package auth
import (
"context"
"fmt"
"reflect"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
authorizationv1 "k8s.io/api/authorization/v1"
@ -68,7 +67,7 @@ func (o *canIOptions) RunAccessCheck(ctx context.Context) (bool, error) {
return false, fmt.Errorf("failed to get GVR for kind %s", o.kind)
}
if reflect.DeepEqual(gvr, schema.GroupVersionResource{}) {
if gvr.Empty() {
// cannot find GVR
return false, fmt.Errorf("failed to get the Group Version Resource for kind %s", o.kind)
}

3
pkg/background/common/context.go
View file

@ -2,7 +2,6 @@ package common
import (
"fmt"
"reflect"
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
@ -36,7 +35,7 @@ func NewBackgroundContext(dclient dclient.Interface, ur *kyvernov1beta1.UpdateRe
return nil, fmt.Errorf("failed to load request in context: %w", err)
}
if !reflect.DeepEqual(new, unstructured.Unstructured{}) {
if new.Object != nil {
if !check(&new, trigger) {
err := fmt.Errorf("resources don't match")
return nil, fmt.Errorf("resource %v: %w", ur.Spec.GetResource().String(), err)

5
pkg/engine/imageVerifyValidate.go
View file

@ -3,7 +3,6 @@ package engine
import (
"context"
"fmt"
"reflect"
"github.com/go-logr/logr"
gojmespath "github.com/jmespath/go-jmespath"
@ -86,7 +85,7 @@ func validateImage(ctx engineapi.PolicyContext, imageVerify *kyvernov1.ImageVeri
return fmt.Errorf("missing digest for %s", image)
}
newResource := ctx.NewResource()
if imageVerify.Required && !reflect.DeepEqual(newResource, unstructured.Unstructured{}) {
if imageVerify.Required && newResource.Object != nil {
verified, err := isImageVerified(newResource, image, log)
if err != nil {
return err
@ -99,7 +98,7 @@ func validateImage(ctx engineapi.PolicyContext, imageVerify *kyvernov1.ImageVeri
}
func isImageVerified(resource unstructured.Unstructured, image string, log logr.Logger) (bool, error) {
if reflect.DeepEqual(resource, unstructured.Unstructured{}) {
if resource.Object == nil {
return false, fmt.Errorf("nil resource")
}
if annotations := resource.GetAnnotations(); len(annotations) == 0 {

6
pkg/engine/internal/imageverifier.go
View file

@ -6,7 +6,6 @@ import (
"errors"
"fmt"
"net"
"reflect"
"strings"
"github.com/go-logr/logr"
@ -53,8 +52,7 @@ func NewImageVerifier(
func HasImageVerifiedAnnotationChanged(ctx engineapi.PolicyContext, log logr.Logger) bool {
newResource := ctx.NewResource()
oldResource := ctx.OldResource()
if reflect.DeepEqual(newResource, unstructured.Unstructured{}) ||
reflect.DeepEqual(oldResource, unstructured.Unstructured{}) {
if newResource.Object == nil || oldResource.Object == nil {
return false
}
newValue := newResource.GetAnnotations()[engineapi.ImageVerifyAnnotationKey]
@ -76,7 +74,7 @@ func matchImageReferences(imageReferences []string, image string) bool {
}
func isImageVerified(resource unstructured.Unstructured, image string, log logr.Logger) (bool, error) {
if reflect.DeepEqual(resource, unstructured.Unstructured{}) {
if resource.Object == nil {
return false, fmt.Errorf("nil resource")
}
annotations := resource.GetAnnotations()

4
pkg/engine/internal/logging.go
View file

@ -1,8 +1,6 @@
package internal
import (
"reflect"
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
@ -25,7 +23,7 @@ func LoggerWithPolicy(logger logr.Logger, policy kyvernov1.PolicyInterface) logr
}
func LoggerWithResource(logger logr.Logger, prefix string, resource unstructured.Unstructured) logr.Logger {
if reflect.DeepEqual(resource, unstructured.Unstructured{}) {
if resource.Object == nil {
return logger
}
return logger.WithValues(

6
pkg/engine/internal/response.go
View file

@ -2,12 +2,10 @@ package internal
import (
"fmt"
"reflect"
"time"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
func RuleError(rule *kyvernov1.Rule, ruleType engineapi.RuleType, msg string, err error) *engineapi.RuleResponse {
@ -44,10 +42,10 @@ func AddRuleResponse(resp *engineapi.PolicyResponse, ruleResp *engineapi.RuleRes
}
func BuildResponse(ctx engineapi.PolicyContext, resp *engineapi.EngineResponse, startTime time.Time) *engineapi.EngineResponse {
if reflect.DeepEqual(resp.PatchedResource, unstructured.Unstructured{}) {
if resp.PatchedResource.Object == nil {
// for delete requests patched resource will be oldResource since newResource is empty
resource := ctx.NewResource()
if reflect.DeepEqual(resource, unstructured.Unstructured{}) {
if resource.Object == nil {
resource = ctx.OldResource()
}
resp.PatchedResource = resource

5
pkg/engine/mutation.go
View file

@ -3,7 +3,6 @@ package engine
import (
"context"
"fmt"
"reflect"
"time"
"github.com/go-logr/logr"
@ -108,7 +107,7 @@ func (e *engine) mutate(
}
for _, patchedResource := range patchedResources {
if reflect.DeepEqual(patchedResource, unstructured.Unstructured{}) {
if patchedResource.unstructured.Object == nil {
continue
}
@ -327,7 +326,7 @@ func buildRuleResponse(rule *kyvernov1.Rule, mutateResp *mutate.Response, info r
}
func buildSuccessMessage(r unstructured.Unstructured) string {
if reflect.DeepEqual(unstructured.Unstructured{}, r) {
if r.Object == nil {
return "mutated resource"
}

5
pkg/engine/validation.go
View file

@ -4,7 +4,6 @@ import (
"context"
"encoding/json"
"fmt"
"reflect"
"strings"
"time"
@ -498,11 +497,9 @@ func isEmptyUnstructured(u *unstructured.Unstructured) bool {
if u == nil {
return true
}
if reflect.DeepEqual(*u, unstructured.Unstructured{}) {
if u.Object == nil {
return true
}
return false
}

4
pkg/webhooks/resource/generation/handler.go
View file

@ -3,7 +3,6 @@ package generation
import (
"context"
"fmt"
"reflect"
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
@ -22,7 +21,6 @@ import (
webhookgenerate "github.com/kyverno/kyverno/pkg/webhooks/updaterequest"
webhookutils "github.com/kyverno/kyverno/pkg/webhooks/utils"
admissionv1 "k8s.io/api/admission/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
corev1listers "k8s.io/client-go/listers/core/v1"
)
@ -249,7 +247,7 @@ func (h *generationHandler) createUR(ctx context.Context, policyContext *engine.
managedBy := oldLabels[kyvernov1.LabelAppManagedBy] == kyvernov1.ValueKyvernoApp
deleteDownstream := false
if reflect.DeepEqual(new, unstructured.Unstructured{}) {
if new.Object == nil {
labels = oldLabels
if !managedBy {
deleteDownstream = true

7
pkg/webhooks/resource/imageverification/handler.go
View file

@ -4,7 +4,6 @@ import (
"context"
"errors"
"fmt"
"reflect"
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
@ -135,11 +134,9 @@ func hasAnnotations(context *engine.PolicyContext) bool {
func isResourceDeleted(policyContext *engine.PolicyContext) bool {
var deletionTimeStamp *metav1.Time
if reflect.DeepEqual(policyContext.NewResource, unstructured.Unstructured{}) {
resource := policyContext.NewResource()
if resource := policyContext.NewResource(); resource.Object != nil {
deletionTimeStamp = resource.GetDeletionTimestamp()
} else {
resource := policyContext.OldResource()
} else if resource := policyContext.OldResource(); resource.Object != nil {
deletionTimeStamp = resource.GetDeletionTimestamp()
}
return deletionTimeStamp != nil

8
pkg/webhooks/resource/mutation/mutation.go
View file

@ -3,7 +3,6 @@ package mutation
import (
"context"
"fmt"
"reflect"
"time"
"github.com/go-logr/logr"
@ -21,7 +20,6 @@ import (
"go.opentelemetry.io/otel/trace"
admissionv1 "k8s.io/api/admission/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
corev1listers "k8s.io/client-go/listers/core/v1"
)
@ -186,11 +184,9 @@ func logMutationResponse(patches [][]byte, engineResponses []*engineapi.EngineRe
func isResourceDeleted(policyContext *engine.PolicyContext) bool {
var deletionTimeStamp *metav1.Time
if reflect.DeepEqual(policyContext.NewResource, unstructured.Unstructured{}) {
resource := policyContext.NewResource()
if resource := policyContext.NewResource(); resource.Object != nil {
deletionTimeStamp = resource.GetDeletionTimestamp()
} else {
resource := policyContext.OldResource()
} else if resource := policyContext.OldResource(); resource.Object != nil {
deletionTimeStamp = resource.GetDeletionTimestamp()
}
return deletionTimeStamp != nil

7
pkg/webhooks/resource/validation/validation.go
View file

@ -3,7 +3,6 @@ package validation
import (
"context"
"fmt"
"reflect"
"time"
"github.com/go-logr/logr"
@ -80,11 +79,9 @@ func (v *validationHandler) HandleValidation(
logger := v.log.WithValues("action", "validate", "resource", resourceName, "operation", request.Operation, "gvk", request.Kind)
var deletionTimeStamp *metav1.Time
if reflect.DeepEqual(policyContext.NewResource(), unstructured.Unstructured{}) {
resource := policyContext.NewResource()
if resource := policyContext.NewResource(); resource.Object != nil {
deletionTimeStamp = resource.GetDeletionTimestamp()
} else {
resource := policyContext.OldResource()
} else if resource := policyContext.OldResource(); resource.Object != nil {
deletionTimeStamp = resource.GetDeletionTimestamp()
}