Merge pull request #35 from nirmata/feature_proposal_redesign_policycontroller_eventcontroller_violationbuilder

- Resolve conflicts with PR #36. - Merge policy v2, update pkg structure

kubeclient/kubeclient.go

@@ -10,7 +10,6 @@ import (
 	types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
 	apps "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
-	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -43,7 +42,7 @@ func NewKubeClient(config *rest.Config, logger *log.Logger) (*KubeClient, error)
 	}, nil
 }
 
-func (kc *KubeClient) GetEventsInterface(namespace string) event.EventInterface {
+func (kc *KubeClient) GetEvents(namespace string) event.EventInterface {
 	return kc.client.CoreV1().Events(namespace)
 }
 
@@ -51,7 +50,7 @@ func (kc *KubeClient) GetKubePolicyDeployment() (*apps.Deployment, error) {
 	kubePolicyDeployment, err := kc.client.
 		AppsV1().
 		Deployments(config.KubePolicyNamespace).
-		Get(config.KubePolicyDeploymentName, meta.GetOptions{})
+		Get(config.KubePolicyDeploymentName, metav1.GetOptions{})
 
 	if err != nil {
 		return nil, err

main.go

@@ -5,15 +5,13 @@ import (
 	"log"
 
 	"github.com/nirmata/kube-policy/kubeclient"
-	"github.com/nirmata/kube-policy/pkg/webhooks"
-	"github.com/nirmata/kube-policy/policycontroller"
-
 	policyclientset "github.com/nirmata/kube-policy/pkg/client/clientset/versioned"
 	informers "github.com/nirmata/kube-policy/pkg/client/informers/externalversions"
-	policyengine "github.com/nirmata/kube-policy/pkg/policyengine"
-	policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation"
-
+	controller "github.com/nirmata/kube-policy/pkg/controller"
+	engine "github.com/nirmata/kube-policy/pkg/engine"
 	event "github.com/nirmata/kube-policy/pkg/event"
+	violation "github.com/nirmata/kube-policy/pkg/violation"
+	"github.com/nirmata/kube-policy/pkg/webhooks"
 	"k8s.io/sample-controller/pkg/signals"
 )
 
@@ -44,10 +42,10 @@ func main() {
 	policyInformer := policyInformerFactory.Kubepolicy().V1alpha1().Policies()
 
 	eventController := event.NewEventController(kubeclient, policyInformer.Lister(), nil)
-	violationBuilder := policyviolation.NewPolicyViolationBuilder(kubeclient, policyInformer.Lister(), policyClientset, eventController, nil)
-	policyEngine := policyengine.NewPolicyEngine(kubeclient, nil)
+	violationBuilder := violation.NewPolicyViolationBuilder(kubeclient, policyInformer.Lister(), policyClientset, eventController, nil)
+	policyEngine := engine.NewPolicyEngine(kubeclient, nil)
 
-	policyController := policycontroller.NewPolicyController(policyClientset,
+	policyController := controller.NewPolicyController(policyClientset,
 		policyInformer,
 		policyEngine,
 		violationBuilder,
@@ -64,7 +62,7 @@ func main() {
 		log.Fatalf("Failed to initialize TLS key/certificate pair: %v\n", err)
 	}
 
-	server, err := webhooks.NewWebhookServer(tlsPair, kubeclient, policyInformer.Lister(), nil)
+	server, err := webhooks.NewWebhookServer(tlsPair, kubeclient, policyInformer.Lister(), policyEngine, nil)
 	if err != nil {
 		log.Fatalf("Unable to create webhook server: %v\n", err)
 	}

pkg/controller/controller.go

@@ -1,4 +1,4 @@
-package policycontroller
+package controller
 
 import (
 	"fmt"
@@ -11,9 +11,9 @@ import (
 	policyclientset "github.com/nirmata/kube-policy/pkg/client/clientset/versioned"
 	infomertypes "github.com/nirmata/kube-policy/pkg/client/informers/externalversions/policy/v1alpha1"
 	lister "github.com/nirmata/kube-policy/pkg/client/listers/policy/v1alpha1"
+	engine "github.com/nirmata/kube-policy/pkg/engine"
 	event "github.com/nirmata/kube-policy/pkg/event"
-	policyengine "github.com/nirmata/kube-policy/pkg/policyengine"
-	policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation"
+	violation "github.com/nirmata/kube-policy/pkg/violation"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -28,8 +28,8 @@ type PolicyController struct {
 	policyLister     lister.PolicyLister
 	policyInterface  policyclientset.Interface
 	policySynced     cache.InformerSynced
-	policyEngine     policyengine.PolicyEngine
-	violationBuilder policyviolation.Generator
+	policyEngine     engine.PolicyEngine
+	violationBuilder violation.Generator
 	eventBuilder     event.Generator
 	logger           *log.Logger
 	queue            workqueue.RateLimitingInterface
@@ -38,8 +38,8 @@ type PolicyController struct {
 // NewPolicyController from cmd args
 func NewPolicyController(policyInterface policyclientset.Interface,
 	policyInformer infomertypes.PolicyInformer,
-	policyEngine policyengine.PolicyEngine,
-	violationBuilder policyviolation.Generator,
+	policyEngine engine.PolicyEngine,
+	violationBuilder violation.Generator,
 	eventController event.Generator,
 	logger *log.Logger,
 	kubeClient *kubeClient.KubeClient) *PolicyController {

pkg/controller/controller_test.go

@@ -1,4 +1,4 @@
-package policycontroller
+package controller
 
 import (
 	"testing"

pkg/controller/processPolicy.go

@@ -1,4 +1,4 @@
-package policycontroller
+package controller
 
 import (
 	"encoding/json"
@@ -6,7 +6,7 @@ import (
 
 	types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
 	event "github.com/nirmata/kube-policy/pkg/event"
-	policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation"
+	violation "github.com/nirmata/kube-policy/pkg/violation"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -41,7 +41,7 @@ func (pc *PolicyController) runForPolicy(key string) {
 
 // processPolicy process the policy to all the matched resources
 func (pc *PolicyController) processPolicy(policy types.Policy) (
-	violations []policyviolation.Info, events []event.Info, err error) {
+	violations []violation.Info, events []event.Info, err error) {
 
 	for _, rule := range policy.Spec.Rules {
 		resources, err := pc.filterResourceByRule(rule)

pkg/controller/utils.go

@@ -1,4 +1,4 @@
-package policycontroller
+package controller
 
 const policyWorkQueueName = "policyworkqueue"
 

pkg/engine/engine.go

@@ -1,4 +1,4 @@
-package policyengine
+package engine
 
 import (
 	"fmt"
@@ -6,9 +6,9 @@ import (
 
 	kubeClient "github.com/nirmata/kube-policy/kubeclient"
 	types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
+	"github.com/nirmata/kube-policy/pkg/engine/mutation"
 	event "github.com/nirmata/kube-policy/pkg/event"
-	"github.com/nirmata/kube-policy/pkg/policyengine/mutation"
-	policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation"
+	violation "github.com/nirmata/kube-policy/pkg/violation"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -26,9 +26,10 @@ type PolicyEngine interface {
 	// when there is an create / update of the policy
 	// we should process the policy on matched resources, generate violations accordingly
 	// TODO: This method should not be in PolicyEngine. Validate will do this work instead
-	ProcessExisting(policy types.Policy, rawResource []byte) ([]policyviolation.Info, []event.Info, error)
+	ProcessExisting(policy types.Policy, rawResource []byte) ([]violation.Info, []event.Info, error)
 
 	// TODO: Add Generate method
+	// Generate()
 }
 
 type policyEngine struct {
@@ -44,8 +45,8 @@ func NewPolicyEngine(kubeClient *kubeClient.KubeClient, logger *log.Logger) Poli
 	}
 }
 
-func (p *policyEngine) ProcessExisting(policy types.Policy, rawResource []byte) ([]policyviolation.Info, []event.Info, error) {
-	var violations []policyviolation.Info
+func (p *policyEngine) ProcessExisting(policy types.Policy, rawResource []byte) ([]violation.Info, []event.Info, error) {
+	var violations []violation.Info
 	var events []event.Info
 
 	for _, rule := range policy.Spec.Rules {
@@ -75,9 +76,9 @@ func (p *policyEngine) ProcessExisting(policy types.Policy, rawResource []byte)
 }
 
 func (p *policyEngine) processRuleOnResource(policyName string, rule types.Rule, rawResource []byte) (
-	policyviolation.Info, []event.Info, error) {
+	violation.Info, []event.Info, error) {
 
-	var violationInfo policyviolation.Info
+	var violationInfo violation.Info
 	var eventInfos []event.Info
 
 	resourceKind := mutation.ParseKindFromObject(rawResource)
@@ -92,7 +93,7 @@ func (p *policyEngine) processRuleOnResource(policyName string, rule types.Rule,
 	if rulePatchesProcessed != nil {
 		log.Printf("Rule %s: prepared %d patches", rule.Name, len(rulePatchesProcessed))
 
-		violationInfo = policyviolation.NewViolation(policyName, resourceKind, resourceNamespace+"/"+resourceName, rule.Name)
+		violationInfo = violation.NewViolation(policyName, resourceKind, resourceNamespace+"/"+resourceName, rule.Name)
 		// add a violation to queue
 
 		// add an event to policy

pkg/engine/generation.go

@@ -1,10 +1,10 @@
-package policyengine
+package engine
 
 import (
 	"fmt"
 
 	kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
-	"github.com/nirmata/kube-policy/pkg/policyengine/mutation"
+	"github.com/nirmata/kube-policy/pkg/engine/mutation"
 )
 
 // TODO: To be reworked due to spec policy-v2

pkg/engine/mutation.go

@@ -1,8 +1,8 @@
-package policyengine
+package engine
 
 import (
 	kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
-	"github.com/nirmata/kube-policy/pkg/policyengine/mutation"
+	"github.com/nirmata/kube-policy/pkg/engine/mutation"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 

pkg/engine/mutation/checkRules.go

@@ -0,0 +1,44 @@
+package mutation
+
+import (
+	"github.com/minio/minio/pkg/wildcard"
+	types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// kind is the type of object being manipulated
+// Checks requests kind, name and labels to fit the policy
+func IsRuleApplicableToResource(resourceRaw []byte, description types.ResourceDescription) (bool, error) {
+	kind := ParseKindFromObject(resourceRaw)
+	if description.Kind != kind {
+		return false, nil
+	}
+
+	if resourceRaw != nil {
+		meta := ParseMetadataFromObject(resourceRaw)
+		name := ParseNameFromObject(resourceRaw)
+
+		if description.Name != nil {
+
+			if !wildcard.Match(*description.Name, name) {
+				return false, nil
+			}
+		}
+
+		if description.Selector != nil {
+			selector, err := metav1.LabelSelectorAsSelector(description.Selector)
+
+			if err != nil {
+				return false, err
+			}
+
+			labelMap := ParseLabelsFromMetadata(meta)
+
+			if !selector.Matches(labelMap) {
+				return false, nil
+			}
+
+		}
+	}
+	return true, nil
+}

pkg/engine/validation.go

@@ -1,11 +1,11 @@
-package policyengine
+package engine
 
 import (
 	"encoding/json"
 	"fmt"
 
 	kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
-	"github.com/nirmata/kube-policy/pkg/policyengine/mutation"
+	"github.com/nirmata/kube-policy/pkg/engine/mutation"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 

pkg/event/controller.go

@@ -66,7 +66,7 @@ func initRecorder(kubeClient *kubeClient.KubeClient) record.EventRecorder {
 	eventBroadcaster.StartLogging(log.Printf)
 	eventBroadcaster.StartRecordingToSink(
 		&typedcorev1.EventSinkImpl{
-			Interface: kubeClient.GetEventsInterface("")})
+			Interface: kubeClient.GetEvents("")})
 	recorder := eventBroadcaster.NewRecorder(
 		scheme.Scheme,
 		v1.EventSource{Component: eventSource})

pkg/event/msgbuilder.go

@@ -19,11 +19,12 @@ func (k MsgKey) String() string {
 
 const argRegex = "%[s,d,v]"
 
+var re = regexp.MustCompile(argRegex)
+
 //GetEventMsg return the application message based on the message id and the arguments,
 // if the number of arguments passed to the message are incorrect generate an error
 func getEventMsg(key MsgKey, args ...interface{}) (string, error) {
 	// Verify the number of arguments
-	re := regexp.MustCompile(argRegex)
 	argsCount := len(re.FindAllString(key.String(), -1))
 	if argsCount != len(args) {
 		return "", fmt.Errorf("message expects %d arguments, but %d arguments passed", argsCount, len(args))

pkg/violation/builder.go

@@ -1,4 +1,4 @@
-package policyviolation
+package violation
 
 import (
 	"fmt"

pkg/violation/util.go

@@ -1,4 +1,4 @@
-package policyviolation
+package violation
 
 import policytype "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
 

pkg/webhooks/server.go

@@ -15,8 +15,8 @@ import (
 	"github.com/nirmata/kube-policy/config"
 	"github.com/nirmata/kube-policy/kubeclient"
 	policylister "github.com/nirmata/kube-policy/pkg/client/listers/policy/v1alpha1"
-	"github.com/nirmata/kube-policy/pkg/policyengine"
-	"github.com/nirmata/kube-policy/pkg/policyengine/mutation"
+	engine "github.com/nirmata/kube-policy/pkg/engine"
+	"github.com/nirmata/kube-policy/pkg/engine/mutation"
 	tlsutils "github.com/nirmata/kube-policy/pkg/tls"
 	v1beta1 "k8s.io/api/admission/v1beta1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -27,7 +27,7 @@ import (
 // MutationWebhook gets policies from policyController and takes control of the cluster with kubeclient.
 type WebhookServer struct {
 	server       http.Server
-	policyEngine policyengine.PolicyEngine
+	policyEngine engine.PolicyEngine
 	policyLister policylister.PolicyLister
 	logger       *log.Logger
 }
@@ -38,6 +38,7 @@ func NewWebhookServer(
 	tlsPair *tlsutils.TlsPemPair,
 	kubeClient *kubeclient.KubeClient,
 	policyLister policylister.PolicyLister,
+	policyEngine engine.PolicyEngine,
 	logger *log.Logger) (*WebhookServer, error) {
 	if logger == nil {
 		logger = log.New(os.Stdout, "Webhook Server:    ", log.LstdFlags)
@@ -53,7 +54,6 @@ func NewWebhookServer(
 		return nil, err
 	}
 	tlsConfig.Certificates = []tls.Certificate{pair}
-	policyEngine := policyengine.NewPolicyEngine(kubeClient, logger)
 
 	ws := &WebhookServer{
 		policyEngine: policyEngine,