mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

feat: remove generate request CRD (#6043)

Browse source 
* feat: remove generate request CRD

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* changelog

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-01-19 12:39:05 +01:00 committed by GitHub
parent d90079d862
commit ad4c4da690
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
30 changed files with 7 additions and 2368 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
CHANGELOG.md
View file

@ -1,3 +1,9 @@
## v1.10.0
### Note
- Removed `GenerateRequest` CRD.
## v1.9.0-rc.1
### Note

118
api/kyverno/v1/generaterequest_types.go
View file

@ -1,118 +0,0 @@
package v1
import (
admissionv1 "k8s.io/api/admission/v1"
authenticationv1 "k8s.io/api/authentication/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:name="Policy",type="string",JSONPath=".spec.policy"
// +kubebuilder:printcolumn:name="ResourceKind",type="string",JSONPath=".spec.resource.kind"
// +kubebuilder:printcolumn:name="ResourceName",type="string",JSONPath=".spec.resource.name"
// +kubebuilder:printcolumn:name="ResourceNamespace",type="string",JSONPath=".spec.resource.namespace"
// +kubebuilder:printcolumn:name="status",type="string",JSONPath=".status.state"
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:resource:shortName=gr
// +kubebuilder:storageversion
// GenerateRequest is a request to process generate rule.
type GenerateRequest struct {
metav1.TypeMeta `json:",inline" yaml:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`
// Spec is the information to identify the generate request.
Spec GenerateRequestSpec `json:"spec" yaml:"spec"`
// Status contains statistics related to generate request.
// +optional
Status GenerateRequestStatus `json:"status" yaml:"status"`
}
// GenerateRequestSpec stores the request specification.
type GenerateRequestSpec struct {
// Specifies the name of the policy.
Policy string `json:"policy" yaml:"policy"`
// ResourceSpec is the information to identify the generate request.
Resource ResourceSpec `json:"resource" yaml:"resource"`
// Context ...
Context GenerateRequestContext `json:"context" yaml:"context"`
}
// GenerateRequestContext stores the context to be shared.
type GenerateRequestContext struct {
// +optional
UserRequestInfo RequestInfo `json:"userInfo,omitempty" yaml:"userInfo,omitempty"`
// +optional
AdmissionRequestInfo AdmissionRequestInfoObject `json:"admissionRequestInfo,omitempty" yaml:"admissionRequestInfo,omitempty"`
}
// AdmissionRequestInfoObject stores the admission request and operation details
type AdmissionRequestInfoObject struct {
// +optional
AdmissionRequest string `json:"admissionRequest,omitempty" yaml:"admissionRequest,omitempty"`
// +optional
Operation admissionv1.Operation `json:"operation,omitempty" yaml:"operation,omitempty"`
}
// RequestInfo contains permission info carried in an admission request.
type RequestInfo struct {
// Roles is a list of possible role send the request.
// +nullable
// +optional
Roles []string `json:"roles" yaml:"roles"`
// ClusterRoles is a list of possible clusterRoles send the request.
// +nullable
// +optional
ClusterRoles []string `json:"clusterRoles" yaml:"clusterRoles"`
// UserInfo is the userInfo carried in the admission request.
// +optional
AdmissionUserInfo authenticationv1.UserInfo `json:"userInfo" yaml:"userInfo"`
}
// GenerateRequestStatus stores the status of generated request.
type GenerateRequestStatus struct {
// State represents state of the generate request.
State GenerateRequestState `json:"state" yaml:"state"`
// Specifies request status message.
// +optional
Message string `json:"message,omitempty" yaml:"message,omitempty"`
// This will track the resources that are generated by the generate Policy.
// Will be used during clean up resources.
GeneratedResources []ResourceSpec `json:"generatedResources,omitempty" yaml:"generatedResources,omitempty"`
}
// GenerateRequestState defines the state of request.
type GenerateRequestState string
const (
// Pending - the Request is yet to be processed or resource has not been created.
Pending GenerateRequestState = "Pending"
// Failed - the Generate Request Controller failed to process the rules.
Failed GenerateRequestState = "Failed"
// Completed - the Generate Request Controller created resources defined in the policy.
Completed GenerateRequestState = "Completed"
// Skip - the Generate Request Controller skips to generate the resource.
Skip GenerateRequestState = "Skip"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// GenerateRequestList stores the list of generate requests.
type GenerateRequestList struct {
metav1.TypeMeta `json:",inline" yaml:",inline"`
metav1.ListMeta `json:"metadata" yaml:"metadata"`
Items []GenerateRequest `json:"items" yaml:"items"`
}

2
api/kyverno/v1/register.go
View file

@ -33,8 +33,6 @@ func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&ClusterPolicy{},
&ClusterPolicyList{},
&GenerateRequest{},
&GenerateRequestList{},
&Policy{},
&PolicyList{},
)

154
api/kyverno/v1/zz_generated.deepcopy.go
View file

@ -49,21 +49,6 @@ func (in *APICall) DeepCopy() *APICall {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AdmissionRequestInfoObject) DeepCopyInto(out *AdmissionRequestInfoObject) {
*out = *in
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionRequestInfoObject.
func (in *AdmissionRequestInfoObject) DeepCopy() *AdmissionRequestInfoObject {
if in == nil {
return nil
}
out := new(AdmissionRequestInfoObject)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AnyAllConditions) DeepCopyInto(out *AnyAllConditions) {
*out = *in
@ -546,119 +531,6 @@ func (in *ForEachValidation) DeepCopy() *ForEachValidation {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GenerateRequest) DeepCopyInto(out *GenerateRequest) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenerateRequest.
func (in *GenerateRequest) DeepCopy() *GenerateRequest {
if in == nil {
return nil
}
out := new(GenerateRequest)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *GenerateRequest) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GenerateRequestContext) DeepCopyInto(out *GenerateRequestContext) {
*out = *in
in.UserRequestInfo.DeepCopyInto(&out.UserRequestInfo)
out.AdmissionRequestInfo = in.AdmissionRequestInfo
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenerateRequestContext.
func (in *GenerateRequestContext) DeepCopy() *GenerateRequestContext {
if in == nil {
return nil
}
out := new(GenerateRequestContext)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GenerateRequestList) DeepCopyInto(out *GenerateRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]GenerateRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenerateRequestList.
func (in *GenerateRequestList) DeepCopy() *GenerateRequestList {
if in == nil {
return nil
}
out := new(GenerateRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *GenerateRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GenerateRequestSpec) DeepCopyInto(out *GenerateRequestSpec) {
*out = *in
out.Resource = in.Resource
in.Context.DeepCopyInto(&out.Context)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenerateRequestSpec.
func (in *GenerateRequestSpec) DeepCopy() *GenerateRequestSpec {
if in == nil {
return nil
}
out := new(GenerateRequestSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GenerateRequestStatus) DeepCopyInto(out *GenerateRequestStatus) {
*out = *in
if in.GeneratedResources != nil {
in, out := &in.GeneratedResources, &out.GeneratedResources
*out = make([]ResourceSpec, len(*in))
copy(*out, *in)
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenerateRequestStatus.
func (in *GenerateRequestStatus) DeepCopy() *GenerateRequestStatus {
if in == nil {
return nil
}
out := new(GenerateRequestStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Generation) DeepCopyInto(out *Generation) {
*out = *in
@ -1100,32 +972,6 @@ func (in *RequestData) DeepCopy() *RequestData {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RequestInfo) DeepCopyInto(out *RequestInfo) {
*out = *in
if in.Roles != nil {
in, out := &in.Roles, &out.Roles
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.ClusterRoles != nil {
in, out := &in.ClusterRoles, &out.ClusterRoles
*out = make([]string, len(*in))
copy(*out, *in)
}
in.AdmissionUserInfo.DeepCopyInto(&out.AdmissionUserInfo)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestInfo.
func (in *RequestInfo) DeepCopy() *RequestInfo {
if in == nil {
return nil
}
out := new(RequestInfo)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ResourceDescription) DeepCopyInto(out *ResourceDescription) {
*out = *in

21
charts/kyverno/templates/aggregateroles.yaml
View file

@ -69,27 +69,6 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kyverno.fullname" . }}:admin-generaterequest
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- include "kyverno.labels" . | nindent 4 }}
rules:
- apiGroups:
- kyverno.io
resources:
- generaterequests
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kyverno.fullname" . }}:admin-updaterequest
labels:

2
charts/kyverno/templates/clusterrole.yaml
View file

@ -42,8 +42,6 @@ rules:
- policies/status
- clusterpolicies
- clusterpolicies/status
- generaterequests
- generaterequests/status
- updaterequests
- updaterequests/status
- admissionreports

188
charts/kyverno/templates/crds.yaml
View file

@ -16509,194 +16509,6 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kyverno.crdLabels" . | nindent 4 }}
name: generaterequests.kyverno.io
spec:
group: kyverno.io
names:
kind: GenerateRequest
listKind: GenerateRequestList
plural: generaterequests
shortNames:
- gr
singular: generaterequest
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.policy
name: Policy
type: string
- jsonPath: .spec.resource.kind
name: ResourceKind
type: string
- jsonPath: .spec.resource.name
name: ResourceName
type: string
- jsonPath: .spec.resource.namespace
name: ResourceNamespace
type: string
- jsonPath: .status.state
name: status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: GenerateRequest is a request to process generate rule.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the information to identify the generate request.
properties:
context:
description: Context ...
properties:
admissionRequestInfo:
description: AdmissionRequestInfoObject stores the admission request
and operation details
properties:
admissionRequest:
type: string
operation:
description: Operation is the type of resource operation being
checked for admission control
type: string
type: object
userInfo:
description: RequestInfo contains permission info carried in an
admission request.
properties:
clusterRoles:
description: ClusterRoles is a list of possible clusterRoles
send the request.
items:
type: string
nullable: true
type: array
roles:
description: Roles is a list of possible role send the request.
items:
type: string
nullable: true
type: array
userInfo:
description: UserInfo is the userInfo carried in the admission
request.
properties:
extra:
additionalProperties:
description: ExtraValue masks the value so protobuf
can generate
items:
type: string
type: array
description: Any additional information provided by the
authenticator.
type: object
groups:
description: The names of groups this user is a part of.
items:
type: string
type: array
uid:
description: A unique value that identifies this user
across time. If this user is deleted and another user
by the same name is added, they will have different
UIDs.
type: string
username:
description: The name that uniquely identifies this user
among all active users.
type: string
type: object
type: object
type: object
policy:
description: Specifies the name of the policy.
type: string
resource:
description: ResourceSpec is the information to identify the generate
request.
properties:
apiVersion:
description: APIVersion specifies resource apiVersion.
type: string
kind:
description: Kind specifies resource kind.
type: string
name:
description: Name specifies the resource name.
type: string
namespace:
description: Namespace specifies resource namespace.
type: string
type: object
required:
- context
- policy
- resource
type: object
status:
description: Status contains statistics related to generate request.
properties:
generatedResources:
description: This will track the resources that are generated by the
generate Policy. Will be used during clean up resources.
items:
properties:
apiVersion:
description: APIVersion specifies resource apiVersion.
type: string
kind:
description: Kind specifies resource kind.
type: string
name:
description: Name specifies the resource name.
type: string
namespace:
description: Namespace specifies resource namespace.
type: string
type: object
type: array
message:
description: Specifies request status message.
type: string
state:
description: State represents state of the generate request.
type: string
required:
- state
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1

75
cmd/initContainer/main.go
View file

@ -5,12 +5,10 @@ package main
import (
"context"
"encoding/json"
"os"
"sync"
"time"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
"github.com/kyverno/kyverno/cmd/internal"
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
"github.com/kyverno/kyverno/pkg/clients/dclient"
@ -19,8 +17,6 @@ import (
"github.com/kyverno/kyverno/pkg/logging"
"github.com/kyverno/kyverno/pkg/tls"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"go.uber.org/multierr"
admissionv1 "k8s.io/api/admission/v1"
coordinationv1 "k8s.io/api/coordination/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -30,7 +26,6 @@ import (
const (
policyReportKind string = "PolicyReport"
clusterPolicyReportKind string = "ClusterPolicyReport"
convertGenerateRequest string = "ConvertGenerateRequest"
)
func main() {
@ -59,7 +54,6 @@ func main() {
requests := []request{
{policyReportKind},
{clusterPolicyReportKind},
{convertGenerateRequest},
}
go func() {
@ -155,11 +149,6 @@ func acquireLeader(ctx context.Context, kubeClient kubernetes.Interface) error {
}
func executeRequest(client dclient.Interface, kyvernoclient kyvernoclient.Interface, req request) error {
switch req.kind {
case convertGenerateRequest:
return convertGR(kyvernoclient)
}
return nil
}
@ -249,67 +238,3 @@ func merge(done <-chan struct{}, stopCh <-chan struct{}, processes ...<-chan err
}()
return out
}
func convertGR(pclient kyvernoclient.Interface) error {
logger := logging.WithName("convertGenerateRequest")
var errors []error
grs, err := pclient.KyvernoV1().GenerateRequests(config.KyvernoNamespace()).List(context.TODO(), metav1.ListOptions{})
if err != nil {
logger.Error(err, "failed to list update requests")
return err
}
for _, gr := range grs.Items {
cp := gr.DeepCopy()
var request *admissionv1.AdmissionRequest
if cp.Spec.Context.AdmissionRequestInfo.AdmissionRequest != "" {
var r admissionv1.AdmissionRequest
err := json.Unmarshal([]byte(cp.Spec.Context.AdmissionRequestInfo.AdmissionRequest), &r)
if err != nil {
logger.Error(err, "failed to unmarshal admission request")
errors = append(errors, err)
continue
}
}
ur := &kyvernov1beta1.UpdateRequest{
ObjectMeta: metav1.ObjectMeta{
GenerateName: "ur-",
Namespace: config.KyvernoNamespace(),
Labels: cp.GetLabels(),
},
Spec: kyvernov1beta1.UpdateRequestSpec{
Type: kyvernov1beta1.Generate,
Policy: cp.Spec.Policy,
Resource: cp.Spec.Resource,
Context: kyvernov1beta1.UpdateRequestSpecContext{
UserRequestInfo: kyvernov1beta1.RequestInfo{
Roles: cp.Spec.Context.UserRequestInfo.Roles,
ClusterRoles: cp.Spec.Context.UserRequestInfo.ClusterRoles,
AdmissionUserInfo: cp.Spec.Context.UserRequestInfo.AdmissionUserInfo,
},
AdmissionRequestInfo: kyvernov1beta1.AdmissionRequestInfoObject{
AdmissionRequest: request,
Operation: cp.Spec.Context.AdmissionRequestInfo.Operation,
},
},
},
}
_, err := pclient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Create(context.TODO(), ur, metav1.CreateOptions{})
if err != nil {
logger.Info("failed to create UpdateRequest", "GR namespace", gr.GetNamespace(), "GR name", gr.GetName(), "err", err.Error())
errors = append(errors, err)
continue
} else {
logger.Info("successfully created UpdateRequest", "GR namespace", gr.GetNamespace(), "GR name", gr.GetName())
}
if err := pclient.KyvernoV1().GenerateRequests(config.KyvernoNamespace()).Delete(context.TODO(), gr.GetName(), metav1.DeleteOptions{}); err != nil {
errors = append(errors, err)
logger.Error(err, "failed to delete GR")
}
}
err = multierr.Combine(errors...)
return err
}

184
config/crds/kyverno.io_generaterequests.yaml
View file

@ -1,184 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: generaterequests.kyverno.io
spec:
group: kyverno.io
names:
kind: GenerateRequest
listKind: GenerateRequestList
plural: generaterequests
shortNames:
- gr
singular: generaterequest
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.policy
name: Policy
type: string
- jsonPath: .spec.resource.kind
name: ResourceKind
type: string
- jsonPath: .spec.resource.name
name: ResourceName
type: string
- jsonPath: .spec.resource.namespace
name: ResourceNamespace
type: string
- jsonPath: .status.state
name: status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: GenerateRequest is a request to process generate rule.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the information to identify the generate request.
properties:
context:
description: Context ...
properties:
admissionRequestInfo:
description: AdmissionRequestInfoObject stores the admission request
and operation details
properties:
admissionRequest:
type: string
operation:
description: Operation is the type of resource operation being
checked for admission control
type: string
type: object
userInfo:
description: RequestInfo contains permission info carried in an
admission request.
properties:
clusterRoles:
description: ClusterRoles is a list of possible clusterRoles
send the request.
items:
type: string
nullable: true
type: array
roles:
description: Roles is a list of possible role send the request.
items:
type: string
nullable: true
type: array
userInfo:
description: UserInfo is the userInfo carried in the admission
request.
properties:
extra:
additionalProperties:
description: ExtraValue masks the value so protobuf
can generate
items:
type: string
type: array
description: Any additional information provided by the
authenticator.
type: object
groups:
description: The names of groups this user is a part of.
items:
type: string
type: array
uid:
description: A unique value that identifies this user
across time. If this user is deleted and another user
by the same name is added, they will have different
UIDs.
type: string
username:
description: The name that uniquely identifies this user
among all active users.
type: string
type: object
type: object
type: object
policy:
description: Specifies the name of the policy.
type: string
resource:
description: ResourceSpec is the information to identify the generate
request.
properties:
apiVersion:
description: APIVersion specifies resource apiVersion.
type: string
kind:
description: Kind specifies resource kind.
type: string
name:
description: Name specifies the resource name.
type: string
namespace:
description: Namespace specifies resource namespace.
type: string
type: object
required:
- context
- policy
- resource
type: object
status:
description: Status contains statistics related to generate request.
properties:
generatedResources:
description: This will track the resources that are generated by the
generate Policy. Will be used during clean up resources.
items:
properties:
apiVersion:
description: APIVersion specifies resource apiVersion.
type: string
kind:
description: Kind specifies resource kind.
type: string
name:
description: Name specifies the resource name.
type: string
namespace:
description: Namespace specifies resource namespace.
type: string
type: object
type: array
message:
description: Specifies request status message.
type: string
state:
description: State represents state of the generate request.
type: string
required:
- state
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

216
config/install.yaml
View file

@ -16582,195 +16582,6 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
labels:
app.kubernetes.io/component: kyverno
app: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
name: generaterequests.kyverno.io
spec:
group: kyverno.io
names:
kind: GenerateRequest
listKind: GenerateRequestList
plural: generaterequests
shortNames:
- gr
singular: generaterequest
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.policy
name: Policy
type: string
- jsonPath: .spec.resource.kind
name: ResourceKind
type: string
- jsonPath: .spec.resource.name
name: ResourceName
type: string
- jsonPath: .spec.resource.namespace
name: ResourceNamespace
type: string
- jsonPath: .status.state
name: status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: GenerateRequest is a request to process generate rule.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the information to identify the generate request.
properties:
context:
description: Context ...
properties:
admissionRequestInfo:
description: AdmissionRequestInfoObject stores the admission request
and operation details
properties:
admissionRequest:
type: string
operation:
description: Operation is the type of resource operation being
checked for admission control
type: string
type: object
userInfo:
description: RequestInfo contains permission info carried in an
admission request.
properties:
clusterRoles:
description: ClusterRoles is a list of possible clusterRoles
send the request.
items:
type: string
nullable: true
type: array
roles:
description: Roles is a list of possible role send the request.
items:
type: string
nullable: true
type: array
userInfo:
description: UserInfo is the userInfo carried in the admission
request.
properties:
extra:
additionalProperties:
description: ExtraValue masks the value so protobuf
can generate
items:
type: string
type: array
description: Any additional information provided by the
authenticator.
type: object
groups:
description: The names of groups this user is a part of.
items:
type: string
type: array
uid:
description: A unique value that identifies this user
across time. If this user is deleted and another user
by the same name is added, they will have different
UIDs.
type: string
username:
description: The name that uniquely identifies this user
among all active users.
type: string
type: object
type: object
type: object
policy:
description: Specifies the name of the policy.
type: string
resource:
description: ResourceSpec is the information to identify the generate
request.
properties:
apiVersion:
description: APIVersion specifies resource apiVersion.
type: string
kind:
description: Kind specifies resource kind.
type: string
name:
description: Name specifies the resource name.
type: string
namespace:
description: Namespace specifies resource namespace.
type: string
type: object
required:
- context
- policy
- resource
type: object
status:
description: Status contains statistics related to generate request.
properties:
generatedResources:
description: This will track the resources that are generated by the
generate Policy. Will be used during clean up resources.
items:
properties:
apiVersion:
description: APIVersion specifies resource apiVersion.
type: string
kind:
description: Kind specifies resource kind.
type: string
name:
description: Name specifies the resource name.
type: string
namespace:
description: Namespace specifies resource namespace.
type: string
type: object
type: array
message:
description: Specifies request status message.
type: string
state:
description: State represents state of the generate request.
type: string
required:
- state
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
@ -31580,31 +31391,6 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kyverno:admin-generaterequest
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
app.kubernetes.io/component: kyverno
app: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
rules:
- apiGroups:
- kyverno.io
resources:
- generaterequests
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kyverno:admin-updaterequest
labels:
@ -31766,8 +31552,6 @@ rules:
- policies/status
- clusterpolicies
- clusterpolicies/status
- generaterequests
- generaterequests/status
- updaterequests
- updaterequests/status
- admissionreports

31
data/apiResources.go
View file

@ -2322,37 +2322,6 @@ const APIResourceLists = `
"patch",
"update"
]
},
{
"name": "generaterequests",
"singularName": "generaterequest",
"namespaced": true,
"kind": "GenerateRequest",
"verbs": [
"delete",
"deletecollection",
"get",
"list",
"patch",
"create",
"update",
"watch"
],
"shortNames": [
"gr"
],
"storageVersionHash": "TeMup732PSY="
},
{
"name": "generaterequests/status",
"singularName": "",
"namespaced": true,
"kind": "GenerateRequest",
"verbs": [
"get",
"patch",
"update"
]
}
]
},

20
data/preferredResources.go
View file

@ -1224,26 +1224,6 @@ const PreferredAPIResourceLists = `
],
"storageVersionHash": "vgwy0+LsB2g="
},
{
"name": "generaterequests",
"singularName": "generaterequest",
"namespaced": true,
"kind": "GenerateRequest",
"verbs": [
"delete",
"deletecollection",
"get",
"list",
"patch",
"create",
"update",
"watch"
],
"shortNames": [
"gr"
],
"storageVersionHash": "TeMup732PSY="
},
{
"name": "clusterpolicies",
"singularName": "clusterpolicy",

392
docs/user/crd/index.html
View file

@ -42,8 +42,6 @@ Resource Types:
<ul><li>
<a href="#kyverno.io/v1.ClusterPolicy">ClusterPolicy</a>
</li><li>
<a href="#kyverno.io/v1.GenerateRequest">GenerateRequest</a>
</li><li>
<a href="#kyverno.io/v1.Policy">Policy</a>
</li></ul>
<hr />
@ -272,121 +270,6 @@ PolicyStatus
</tbody>
</table>
<hr />
<h3 id="kyverno.io/v1.GenerateRequest">GenerateRequest
</h3>
<p>
<p>GenerateRequest is a request to process generate rule.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>apiVersion</code><br/>
string</td>
<td>
<code>
kyverno.io/v1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code><br/>
string
</td>
<td><code>GenerateRequest</code></td>
</tr>
<tr>
<td>
<code>metadata</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td>
<code>spec</code><br/>
<em>
<a href="#kyverno.io/v1.GenerateRequestSpec">
GenerateRequestSpec
</a>
</em>
</td>
<td>
<p>Spec is the information to identify the generate request.</p>
<br/>
<br/>
<table class="table table-striped">
<tr>
<td>
<code>policy</code><br/>
<em>
string
</em>
</td>
<td>
<p>Specifies the name of the policy.</p>
</td>
</tr>
<tr>
<td>
<code>resource</code><br/>
<em>
<a href="#kyverno.io/v1.ResourceSpec">
ResourceSpec
</a>
</em>
</td>
<td>
<p>ResourceSpec is the information to identify the generate request.</p>
</td>
</tr>
<tr>
<td>
<code>context</code><br/>
<em>
<a href="#kyverno.io/v1.GenerateRequestContext">
GenerateRequestContext
</a>
</em>
</td>
<td>
<p>Context &hellip;</p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<code>status</code><br/>
<em>
<a href="#kyverno.io/v1.GenerateRequestStatus">
GenerateRequestStatus
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Status contains statistics related to generate request.</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="kyverno.io/v1.Policy">Policy
</h3>
<p>
@ -674,50 +557,6 @@ of deployments across all namespaces.</p>
</tbody>
</table>
<hr />
<h3 id="kyverno.io/v1.AdmissionRequestInfoObject">AdmissionRequestInfoObject
</h3>
<p>
(<em>Appears on:</em>
<a href="#kyverno.io/v1.GenerateRequestContext">GenerateRequestContext</a>)
</p>
<p>
<p>AdmissionRequestInfoObject stores the admission request and operation details</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>admissionRequest</code><br/>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
</td>
</tr>
<tr>
<td>
<code>operation</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#operation-v1-admission">
Kubernetes admission/v1.Operation
</a>
</em>
</td>
<td>
<em>(Optional)</em>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="kyverno.io/v1.AnyAllConditions">AnyAllConditions
</h3>
<p>
@ -1691,177 +1530,6 @@ Kubernetes apiextensions/v1.JSON
</tbody>
</table>
<hr />
<h3 id="kyverno.io/v1.GenerateRequestContext">GenerateRequestContext
</h3>
<p>
(<em>Appears on:</em>
<a href="#kyverno.io/v1.GenerateRequestSpec">GenerateRequestSpec</a>)
</p>
<p>
<p>GenerateRequestContext stores the context to be shared.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>userInfo</code><br/>
<em>
<a href="#kyverno.io/v1.RequestInfo">
RequestInfo
</a>
</em>
</td>
<td>
<em>(Optional)</em>
</td>
</tr>
<tr>
<td>
<code>admissionRequestInfo</code><br/>
<em>
<a href="#kyverno.io/v1.AdmissionRequestInfoObject">
AdmissionRequestInfoObject
</a>
</em>
</td>
<td>
<em>(Optional)</em>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="kyverno.io/v1.GenerateRequestSpec">GenerateRequestSpec
</h3>
<p>
(<em>Appears on:</em>
<a href="#kyverno.io/v1.GenerateRequest">GenerateRequest</a>)
</p>
<p>
<p>GenerateRequestSpec stores the request specification.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>policy</code><br/>
<em>
string
</em>
</td>
<td>
<p>Specifies the name of the policy.</p>
</td>
</tr>
<tr>
<td>
<code>resource</code><br/>
<em>
<a href="#kyverno.io/v1.ResourceSpec">
ResourceSpec
</a>
</em>
</td>
<td>
<p>ResourceSpec is the information to identify the generate request.</p>
</td>
</tr>
<tr>
<td>
<code>context</code><br/>
<em>
<a href="#kyverno.io/v1.GenerateRequestContext">
GenerateRequestContext
</a>
</em>
</td>
<td>
<p>Context &hellip;</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="kyverno.io/v1.GenerateRequestState">GenerateRequestState
(<code>string</code> alias)</p></h3>
<p>
(<em>Appears on:</em>
<a href="#kyverno.io/v1.GenerateRequestStatus">GenerateRequestStatus</a>)
</p>
<p>
<p>GenerateRequestState defines the state of request.</p>
</p>
<h3 id="kyverno.io/v1.GenerateRequestStatus">GenerateRequestStatus
</h3>
<p>
(<em>Appears on:</em>
<a href="#kyverno.io/v1.GenerateRequest">GenerateRequest</a>)
</p>
<p>
<p>GenerateRequestStatus stores the status of generated request.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>state</code><br/>
<em>
<a href="#kyverno.io/v1.GenerateRequestState">
GenerateRequestState
</a>
</em>
</td>
<td>
<p>State represents state of the generate request.</p>
</td>
</tr>
<tr>
<td>
<code>message</code><br/>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Specifies request status message.</p>
</td>
</tr>
<tr>
<td>
<code>generatedResources</code><br/>
<em>
<a href="#kyverno.io/v1.ResourceSpec">
[]ResourceSpec
</a>
</em>
</td>
<td>
<p>This will track the resources that are generated by the generate Policy.
Will be used during clean up resources.</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="kyverno.io/v1.Generation">Generation
</h3>
<p>
@ -2881,64 +2549,6 @@ Kubernetes apiextensions/v1.JSON
</tbody>
</table>
<hr />
<h3 id="kyverno.io/v1.RequestInfo">RequestInfo
</h3>
<p>
(<em>Appears on:</em>
<a href="#kyverno.io/v1.GenerateRequestContext">GenerateRequestContext</a>)
</p>
<p>
<p>RequestInfo contains permission info carried in an admission request.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>roles</code><br/>
<em>
[]string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Roles is a list of possible role send the request.</p>
</td>
</tr>
<tr>
<td>
<code>clusterRoles</code><br/>
<em>
[]string
</em>
</td>
<td>
<em>(Optional)</em>
<p>ClusterRoles is a list of possible clusterRoles send the request.</p>
</td>
</tr>
<tr>
<td>
<code>userInfo</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#userinfo-v1-authentication">
Kubernetes authentication/v1.UserInfo
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>UserInfo is the userInfo carried in the admission request.</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="kyverno.io/v1.ResourceDescription">ResourceDescription
</h3>
<p>
@ -3118,8 +2728,6 @@ ResourceDescription
</h3>
<p>
(<em>Appears on:</em>
<a href="#kyverno.io/v1.GenerateRequestSpec">GenerateRequestSpec</a>,
<a href="#kyverno.io/v1.GenerateRequestStatus">GenerateRequestStatus</a>,
<a href="#kyverno.io/v1.Generation">Generation</a>,
<a href="#kyverno.io/v1.Mutation">Mutation</a>,
<a href="#kyverno.io/v1beta1.UpdateRequestSpec">UpdateRequestSpec</a>,

142
pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_generaterequest.go
View file

@ -1,142 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"context"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeGenerateRequests implements GenerateRequestInterface
type FakeGenerateRequests struct {
Fake *FakeKyvernoV1
ns string
}
var generaterequestsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1", Resource: "generaterequests"}
var generaterequestsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "GenerateRequest"}
// Get takes name of the generateRequest, and returns the corresponding generateRequest object, and an error if there is any.
func (c *FakeGenerateRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *kyvernov1.GenerateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(generaterequestsResource, c.ns, name), &kyvernov1.GenerateRequest{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.GenerateRequest), err
}
// List takes label and field selectors, and returns the list of GenerateRequests that match those selectors.
func (c *FakeGenerateRequests) List(ctx context.Context, opts v1.ListOptions) (result *kyvernov1.GenerateRequestList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(generaterequestsResource, generaterequestsKind, c.ns, opts), &kyvernov1.GenerateRequestList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &kyvernov1.GenerateRequestList{ListMeta: obj.(*kyvernov1.GenerateRequestList).ListMeta}
for _, item := range obj.(*kyvernov1.GenerateRequestList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested generateRequests.
func (c *FakeGenerateRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(generaterequestsResource, c.ns, opts))
}
// Create takes the representation of a generateRequest and creates it. Returns the server's representation of the generateRequest, and an error, if there is any.
func (c *FakeGenerateRequests) Create(ctx context.Context, generateRequest *kyvernov1.GenerateRequest, opts v1.CreateOptions) (result *kyvernov1.GenerateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(generaterequestsResource, c.ns, generateRequest), &kyvernov1.GenerateRequest{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.GenerateRequest), err
}
// Update takes the representation of a generateRequest and updates it. Returns the server's representation of the generateRequest, and an error, if there is any.
func (c *FakeGenerateRequests) Update(ctx context.Context, generateRequest *kyvernov1.GenerateRequest, opts v1.UpdateOptions) (result *kyvernov1.GenerateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(generaterequestsResource, c.ns, generateRequest), &kyvernov1.GenerateRequest{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.GenerateRequest), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeGenerateRequests) UpdateStatus(ctx context.Context, generateRequest *kyvernov1.GenerateRequest, opts v1.UpdateOptions) (*kyvernov1.GenerateRequest, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(generaterequestsResource, "status", c.ns, generateRequest), &kyvernov1.GenerateRequest{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.GenerateRequest), err
}
// Delete takes name of the generateRequest and deletes it. Returns an error if one occurs.
func (c *FakeGenerateRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteActionWithOptions(generaterequestsResource, c.ns, name, opts), &kyvernov1.GenerateRequest{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeGenerateRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(generaterequestsResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &kyvernov1.GenerateRequestList{})
return err
}
// Patch applies the patch and returns the patched generateRequest.
func (c *FakeGenerateRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *kyvernov1.GenerateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(generaterequestsResource, c.ns, name, pt, data, subresources...), &kyvernov1.GenerateRequest{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.GenerateRequest), err
}

4
pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_kyverno_client.go
View file

@ -32,10 +32,6 @@ func (c *FakeKyvernoV1) ClusterPolicies() v1.ClusterPolicyInterface {
return &FakeClusterPolicies{c}
}
func (c *FakeKyvernoV1) GenerateRequests(namespace string) v1.GenerateRequestInterface {
return &FakeGenerateRequests{c, namespace}
}
func (c *FakeKyvernoV1) Policies(namespace string) v1.PolicyInterface {
return &FakePolicies{c, namespace}
}

2
pkg/client/clientset/versioned/typed/kyverno/v1/generated_expansion.go
View file

@ -20,6 +20,4 @@ package v1
type ClusterPolicyExpansion interface{}
type GenerateRequestExpansion interface{}
type PolicyExpansion interface{}

195
pkg/client/clientset/versioned/typed/kyverno/v1/generaterequest.go
View file

@ -1,195 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1
import (
"context"
"time"
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// GenerateRequestsGetter has a method to return a GenerateRequestInterface.
// A group's client should implement this interface.
type GenerateRequestsGetter interface {
GenerateRequests(namespace string) GenerateRequestInterface
}
// GenerateRequestInterface has methods to work with GenerateRequest resources.
type GenerateRequestInterface interface {
Create(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.CreateOptions) (*v1.GenerateRequest, error)
Update(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.UpdateOptions) (*v1.GenerateRequest, error)
UpdateStatus(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.UpdateOptions) (*v1.GenerateRequest, error)
Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.GenerateRequest, error)
List(ctx context.Context, opts metav1.ListOptions) (*v1.GenerateRequestList, error)
Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.GenerateRequest, err error)
GenerateRequestExpansion
}
// generateRequests implements GenerateRequestInterface
type generateRequests struct {
client rest.Interface
ns string
}
// newGenerateRequests returns a GenerateRequests
func newGenerateRequests(c *KyvernoV1Client, namespace string) *generateRequests {
return &generateRequests{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the generateRequest, and returns the corresponding generateRequest object, and an error if there is any.
func (c *generateRequests) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.GenerateRequest, err error) {
result = &v1.GenerateRequest{}
err = c.client.Get().
Namespace(c.ns).
Resource("generaterequests").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of GenerateRequests that match those selectors.
func (c *generateRequests) List(ctx context.Context, opts metav1.ListOptions) (result *v1.GenerateRequestList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1.GenerateRequestList{}
err = c.client.Get().
Namespace(c.ns).
Resource("generaterequests").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested generateRequests.
func (c *generateRequests) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("generaterequests").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch(ctx)
}
// Create takes the representation of a generateRequest and creates it. Returns the server's representation of the generateRequest, and an error, if there is any.
func (c *generateRequests) Create(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.CreateOptions) (result *v1.GenerateRequest, err error) {
result = &v1.GenerateRequest{}
err = c.client.Post().
Namespace(c.ns).
Resource("generaterequests").
VersionedParams(&opts, scheme.ParameterCodec).
Body(generateRequest).
Do(ctx).
Into(result)
return
}
// Update takes the representation of a generateRequest and updates it. Returns the server's representation of the generateRequest, and an error, if there is any.
func (c *generateRequests) Update(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.UpdateOptions) (result *v1.GenerateRequest, err error) {
result = &v1.GenerateRequest{}
err = c.client.Put().
Namespace(c.ns).
Resource("generaterequests").
Name(generateRequest.Name).
VersionedParams(&opts, scheme.ParameterCodec).
Body(generateRequest).
Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *generateRequests) UpdateStatus(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.UpdateOptions) (result *v1.GenerateRequest, err error) {
result = &v1.GenerateRequest{}
err = c.client.Put().
Namespace(c.ns).
Resource("generaterequests").
Name(generateRequest.Name).
SubResource("status").
VersionedParams(&opts, scheme.ParameterCodec).
Body(generateRequest).
Do(ctx).
Into(result)
return
}
// Delete takes name of the generateRequest and deletes it. Returns an error if one occurs.
func (c *generateRequests) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("generaterequests").
Name(name).
Body(&opts).
Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *generateRequests) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
var timeout time.Duration
if listOpts.TimeoutSeconds != nil {
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("generaterequests").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
Body(&opts).
Do(ctx).
Error()
}
// Patch applies the patch and returns the patched generateRequest.
func (c *generateRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.GenerateRequest, err error) {
result = &v1.GenerateRequest{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("generaterequests").
Name(name).
SubResource(subresources...).
VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}

5
pkg/client/clientset/versioned/typed/kyverno/v1/kyverno_client.go
View file

@ -29,7 +29,6 @@ import (
type KyvernoV1Interface interface {
RESTClient() rest.Interface
ClusterPoliciesGetter
GenerateRequestsGetter
PoliciesGetter
}
@ -42,10 +41,6 @@ func (c *KyvernoV1Client) ClusterPolicies() ClusterPolicyInterface {
return newClusterPolicies(c)
}
func (c *KyvernoV1Client) GenerateRequests(namespace string) GenerateRequestInterface {
return newGenerateRequests(c, namespace)
}
func (c *KyvernoV1Client) Policies(namespace string) PolicyInterface {
return newPolicies(c, namespace)
}

2
pkg/client/informers/externalversions/generic.go
View file

@ -59,8 +59,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
// Group=kyverno.io, Version=v1
case v1.SchemeGroupVersion.WithResource("clusterpolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().ClusterPolicies().Informer()}, nil
case v1.SchemeGroupVersion.WithResource("generaterequests"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().GenerateRequests().Informer()}, nil
case v1.SchemeGroupVersion.WithResource("policies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().Policies().Informer()}, nil

90
pkg/client/informers/externalversions/kyverno/v1/generaterequest.go
View file

@ -1,90 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1
import (
"context"
time "time"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
v1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// GenerateRequestInformer provides access to a shared informer and lister for
// GenerateRequests.
type GenerateRequestInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1.GenerateRequestLister
}
type generateRequestInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewGenerateRequestInformer constructs a new informer for GenerateRequest type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewGenerateRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredGenerateRequestInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredGenerateRequestInformer constructs a new informer for GenerateRequest type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredGenerateRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().GenerateRequests(namespace).List(context.TODO(), options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().GenerateRequests(namespace).Watch(context.TODO(), options)
},
},
&kyvernov1.GenerateRequest{},
resyncPeriod,
indexers,
)
}
func (f *generateRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredGenerateRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *generateRequestInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1.GenerateRequest{}, f.defaultInformer)
}
func (f *generateRequestInformer) Lister() v1.GenerateRequestLister {
return v1.NewGenerateRequestLister(f.Informer().GetIndexer())
}

7
pkg/client/informers/externalversions/kyverno/v1/interface.go
View file

@ -26,8 +26,6 @@ import (
type Interface interface {
// ClusterPolicies returns a ClusterPolicyInformer.
ClusterPolicies() ClusterPolicyInformer
// GenerateRequests returns a GenerateRequestInformer.
GenerateRequests() GenerateRequestInformer
// Policies returns a PolicyInformer.
Policies() PolicyInformer
}
@ -48,11 +46,6 @@ func (v *version) ClusterPolicies() ClusterPolicyInformer {
return &clusterPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
// GenerateRequests returns a GenerateRequestInformer.
func (v *version) GenerateRequests() GenerateRequestInformer {
return &generateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
// Policies returns a PolicyInformer.
func (v *version) Policies() PolicyInformer {
return &policyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}

8
pkg/client/listers/kyverno/v1/expansion_generated.go
View file

@ -22,14 +22,6 @@ package v1
// ClusterPolicyLister.
type ClusterPolicyListerExpansion interface{}
// GenerateRequestListerExpansion allows custom methods to be added to
// GenerateRequestLister.
type GenerateRequestListerExpansion interface{}
// GenerateRequestNamespaceListerExpansion allows custom methods to be added to
// GenerateRequestNamespaceLister.
type GenerateRequestNamespaceListerExpansion interface{}
// PolicyListerExpansion allows custom methods to be added to
// PolicyLister.
type PolicyListerExpansion interface{}

99
pkg/client/listers/kyverno/v1/generaterequest.go
View file

@ -1,99 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1
import (
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// GenerateRequestLister helps list GenerateRequests.
// All objects returned here must be treated as read-only.
type GenerateRequestLister interface {
// List lists all GenerateRequests in the indexer.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1.GenerateRequest, err error)
// GenerateRequests returns an object that can list and get GenerateRequests.
GenerateRequests(namespace string) GenerateRequestNamespaceLister
GenerateRequestListerExpansion
}
// generateRequestLister implements the GenerateRequestLister interface.
type generateRequestLister struct {
indexer cache.Indexer
}
// NewGenerateRequestLister returns a new GenerateRequestLister.
func NewGenerateRequestLister(indexer cache.Indexer) GenerateRequestLister {
return &generateRequestLister{indexer: indexer}
}
// List lists all GenerateRequests in the indexer.
func (s *generateRequestLister) List(selector labels.Selector) (ret []*v1.GenerateRequest, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1.GenerateRequest))
})
return ret, err
}
// GenerateRequests returns an object that can list and get GenerateRequests.
func (s *generateRequestLister) GenerateRequests(namespace string) GenerateRequestNamespaceLister {
return generateRequestNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// GenerateRequestNamespaceLister helps list and get GenerateRequests.
// All objects returned here must be treated as read-only.
type GenerateRequestNamespaceLister interface {
// List lists all GenerateRequests in the indexer for a given namespace.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1.GenerateRequest, err error)
// Get retrieves the GenerateRequest from the indexer for a given namespace and name.
// Objects returned here must be treated as read-only.
Get(name string) (*v1.GenerateRequest, error)
GenerateRequestNamespaceListerExpansion
}
// generateRequestNamespaceLister implements the GenerateRequestNamespaceLister
// interface.
type generateRequestNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all GenerateRequests in the indexer for a given namespace.
func (s generateRequestNamespaceLister) List(selector labels.Selector) (ret []*v1.GenerateRequest, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1.GenerateRequest))
})
return ret, err
}
// Get retrieves the GenerateRequest from the indexer for a given namespace and name.
func (s generateRequestNamespaceLister) Get(name string) (*v1.GenerateRequest, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1.Resource("generaterequest"), name)
}
return obj.(*v1.GenerateRequest), nil
}

11
pkg/clients/kyverno/kyvernov1/client.generated.go
View file

@ -4,7 +4,6 @@ import (
"github.com/go-logr/logr"
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
clusterpolicies "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1/clusterpolicies"
generaterequests "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1/generaterequests"
policies "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1/policies"
"github.com/kyverno/kyverno/pkg/metrics"
"k8s.io/client-go/rest"
@ -35,10 +34,6 @@ func (c *withMetrics) ClusterPolicies() github_com_kyverno_kyverno_pkg_client_cl
recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "ClusterPolicy", c.clientType)
return clusterpolicies.WithMetrics(c.inner.ClusterPolicies(), recorder)
}
func (c *withMetrics) GenerateRequests(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface {
recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "GenerateRequest", c.clientType)
return generaterequests.WithMetrics(c.inner.GenerateRequests(namespace), recorder)
}
func (c *withMetrics) Policies(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.PolicyInterface {
recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "Policy", c.clientType)
return policies.WithMetrics(c.inner.Policies(namespace), recorder)
@ -55,9 +50,6 @@ func (c *withTracing) RESTClient() rest.Interface {
func (c *withTracing) ClusterPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.ClusterPolicyInterface {
return clusterpolicies.WithTracing(c.inner.ClusterPolicies(), c.client, "ClusterPolicy")
}
func (c *withTracing) GenerateRequests(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface {
return generaterequests.WithTracing(c.inner.GenerateRequests(namespace), c.client, "GenerateRequest")
}
func (c *withTracing) Policies(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.PolicyInterface {
return policies.WithTracing(c.inner.Policies(namespace), c.client, "Policy")
}
@ -73,9 +65,6 @@ func (c *withLogging) RESTClient() rest.Interface {
func (c *withLogging) ClusterPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.ClusterPolicyInterface {
return clusterpolicies.WithLogging(c.inner.ClusterPolicies(), c.logger.WithValues("resource", "ClusterPolicies"))
}
func (c *withLogging) GenerateRequests(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface {
return generaterequests.WithLogging(c.inner.GenerateRequests(namespace), c.logger.WithValues("resource", "GenerateRequests").WithValues("namespace", namespace))
}
func (c *withLogging) Policies(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.PolicyInterface {
return policies.WithLogging(c.inner.Policies(namespace), c.logger.WithValues("resource", "Policies").WithValues("namespace", namespace))
}

373
pkg/clients/kyverno/kyvernov1/generaterequests/resource.generated.go
View file

@ -1,373 +0,0 @@
package resource
import (
context "context"
"fmt"
"time"
"github.com/go-logr/logr"
github_com_kyverno_kyverno_api_kyverno_v1 "github.com/kyverno/kyverno/api/kyverno/v1"
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
"github.com/kyverno/kyverno/pkg/metrics"
"github.com/kyverno/kyverno/pkg/tracing"
"go.opentelemetry.io/otel/trace"
"go.uber.org/multierr"
k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
)
func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface {
return &withLogging{inner, logger}
}
func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface {
return &withMetrics{inner, recorder}
}
func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface {
return &withTracing{inner, client, kind}
}
type withLogging struct {
inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface
logger logr.Logger
}
func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "Create")
ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "Create failed", "duration", time.Since(start))
} else {
logger.Info("Create done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
start := time.Now()
logger := c.logger.WithValues("operation", "Delete")
ret0 := c.inner.Delete(arg0, arg1, arg2)
if err := multierr.Combine(ret0); err != nil {
logger.Error(err, "Delete failed", "duration", time.Since(start))
} else {
logger.Info("Delete done", "duration", time.Since(start))
}
return ret0
}
func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
start := time.Now()
logger := c.logger.WithValues("operation", "DeleteCollection")
ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
if err := multierr.Combine(ret0); err != nil {
logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
} else {
logger.Info("DeleteCollection done", "duration", time.Since(start))
}
return ret0
}
func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "Get")
ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "Get failed", "duration", time.Since(start))
} else {
logger.Info("Get done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequestList, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "List")
ret0, ret1 := c.inner.List(arg0, arg1)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "List failed", "duration", time.Since(start))
} else {
logger.Info("List done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "Patch")
ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "Patch failed", "duration", time.Since(start))
} else {
logger.Info("Patch done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "Update")
ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "Update failed", "duration", time.Since(start))
} else {
logger.Info("Update done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "UpdateStatus")
ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "UpdateStatus failed", "duration", time.Since(start))
} else {
logger.Info("UpdateStatus done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "Watch")
ret0, ret1 := c.inner.Watch(arg0, arg1)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "Watch failed", "duration", time.Since(start))
} else {
logger.Info("Watch done", "duration", time.Since(start))
}
return ret0, ret1
}
type withMetrics struct {
inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface
recorder metrics.Recorder
}
func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
defer c.recorder.RecordWithContext(arg0, "create")
return c.inner.Create(arg0, arg1, arg2)
}
func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
defer c.recorder.RecordWithContext(arg0, "delete")
return c.inner.Delete(arg0, arg1, arg2)
}
func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
defer c.recorder.RecordWithContext(arg0, "delete_collection")
return c.inner.DeleteCollection(arg0, arg1, arg2)
}
func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
defer c.recorder.RecordWithContext(arg0, "get")
return c.inner.Get(arg0, arg1, arg2)
}
func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequestList, error) {
defer c.recorder.RecordWithContext(arg0, "list")
return c.inner.List(arg0, arg1)
}
func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
defer c.recorder.RecordWithContext(arg0, "patch")
return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
}
func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
defer c.recorder.RecordWithContext(arg0, "update")
return c.inner.Update(arg0, arg1, arg2)
}
func (c *withMetrics) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
defer c.recorder.RecordWithContext(arg0, "update_status")
return c.inner.UpdateStatus(arg0, arg1, arg2)
}
func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
defer c.recorder.RecordWithContext(arg0, "watch")
return c.inner.Watch(arg0, arg1)
}
type withTracing struct {
inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.GenerateRequestInterface
client string
kind string
}
func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Create"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Delete"),
),
)
defer span.End()
}
ret0 := c.inner.Delete(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret0)
}
return ret0
}
func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("DeleteCollection"),
),
)
defer span.End()
}
ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret0)
}
return ret0
}
func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Get"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequestList, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("List"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.List(arg0, arg1)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Patch"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Update"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1.GenerateRequest, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "UpdateStatus"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("UpdateStatus"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Watch"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.Watch(arg0, arg1)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}

2
pkg/engine/utils.go
View file

@ -257,7 +257,7 @@ func MatchesResourceDescription(subresourceGVKToAPIResource map[string]*metav1.A
func matchesResourceDescriptionMatchHelper(subresourceGVKToAPIResource map[string]*metav1.APIResource, rmr kyvernov1.ResourceFilter, admissionInfo kyvernov1beta1.RequestInfo, resource unstructured.Unstructured, dynamicConfig []string, namespaceLabels map[string]string, subresourceInAdmnReview string) []error {
var errs []error
if reflect.DeepEqual(admissionInfo, kyvernov1.RequestInfo{}) {
if reflect.DeepEqual(admissionInfo, kyvernov1beta1.RequestInfo{}) {
rmr.UserInfo = kyvernov1.UserInfo{}
}

2
pkg/webhooks/utils/exclude.go
View file

@ -16,8 +16,6 @@ func ExcludeKyvernoResources(kind string) bool {
return true
case "UpdateRequest":
return true
case "GenerateRequest":
return true
default:
return false
}

4
pkg/webhooks/utils/exclude_test.go
View file

@ -38,10 +38,6 @@ func TestExcludeKyvernoResources(t *testing.T) {
name: "BackgroundScanReport",
args: args{"BackgroundScanReport"},
want: true,
}, {
name: "GenerateRequest",
args: args{"GenerateRequest"},
want: true,
}, {
name: "ClusterAdmissionReport",
args: args{"ClusterAdmissionReport"},

1
test/conformance/kuttl/rbac/aggregate-to-admin/00-cluster-role.yaml
View file

@ -1,7 +1,6 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
assert:
- admin-generaterequest.yaml
- admin-policies.yaml
- admin-policyreport.yaml
- admin-reports.yaml

19
test/conformance/kuttl/rbac/aggregate-to-admin/admin-generaterequest.yaml
View file

@ -1,19 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-generaterequest
rules:
- apiGroups:
- kyverno.io
resources:
- generaterequests
verbs:
- create
- delete
- get
- list
- patch
- update
- watch