From d683340a2eaf0b32106c5dad1cb5174a2a3ae44f Mon Sep 17 00:00:00 2001 From: shuting Date: Mon, 13 May 2019 18:17:28 -0700 Subject: [PATCH] Resolve PR 27 --- kubeclient/kubeclient.go | 5 ++--- main.go | 16 ++++++-------- .../controller/controller.go | 14 ++++++------ .../controller/controller_test.go | 2 +- .../controller}/processPolicy.go | 8 +++---- {policycontroller => pkg/controller}/utils.go | 2 +- .../policyengine.go => engine/engine.go} | 22 +++++++++---------- pkg/{policyengine => engine}/generation.go | 4 ++-- pkg/{policyengine => engine}/mutation.go | 4 ++-- .../mutation/checkRules.go | 0 .../mutation/overlay.go | 0 .../mutation/patches.go | 0 .../mutation/patches_test.go | 0 .../mutation/utils.go | 0 .../mutation/utils_test.go | 0 pkg/engine/validation.go | 5 +++++ ...ventmsgbuilder_test.go => builder_test.go} | 0 .../{eventcontroller.go => controller.go} | 2 +- .../{eventmsgbuilder.go => msgbuilder.go} | 3 ++- pkg/policyengine/validation.go | 5 ----- pkg/{policyviolation => violation}/builder.go | 2 +- pkg/{policyviolation => violation}/util.go | 2 +- pkg/webhooks/server.go | 8 +++---- pkg/webhooks/utils.go | 2 +- 24 files changed, 52 insertions(+), 54 deletions(-) rename policycontroller/policycontroller.go => pkg/controller/controller.go (94%) rename policycontroller/policycontroller_test.go => pkg/controller/controller_test.go (99%) rename {policycontroller => pkg/controller}/processPolicy.go (93%) rename {policycontroller => pkg/controller}/utils.go (83%) rename pkg/{policyengine/policyengine.go => engine/engine.go} (83%) rename pkg/{policyengine => engine}/generation.go (94%) rename pkg/{policyengine => engine}/mutation.go (96%) rename pkg/{policyengine => engine}/mutation/checkRules.go (100%) rename pkg/{policyengine => engine}/mutation/overlay.go (100%) rename pkg/{policyengine => engine}/mutation/patches.go (100%) rename pkg/{policyengine => engine}/mutation/patches_test.go (100%) rename pkg/{policyengine => engine}/mutation/utils.go (100%) rename pkg/{policyengine => engine}/mutation/utils_test.go (100%) create mode 100644 pkg/engine/validation.go rename pkg/event/{eventmsgbuilder_test.go => builder_test.go} (100%) rename pkg/event/{eventcontroller.go => controller.go} (98%) rename pkg/event/{eventmsgbuilder.go => msgbuilder.go} (96%) delete mode 100644 pkg/policyengine/validation.go rename pkg/{policyviolation => violation}/builder.go (99%) rename pkg/{policyviolation => violation}/util.go (94%) diff --git a/kubeclient/kubeclient.go b/kubeclient/kubeclient.go index eca5f406b6..1f9703e8e4 100644 --- a/kubeclient/kubeclient.go +++ b/kubeclient/kubeclient.go @@ -10,7 +10,6 @@ import ( types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" apps "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" - meta "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -43,7 +42,7 @@ func NewKubeClient(config *rest.Config, logger *log.Logger) (*KubeClient, error) }, nil } -func (kc *KubeClient) GetEventsInterface(namespace string) event.EventInterface { +func (kc *KubeClient) GetEvents(namespace string) event.EventInterface { return kc.client.CoreV1().Events(namespace) } @@ -51,7 +50,7 @@ func (kc *KubeClient) GetKubePolicyDeployment() (*apps.Deployment, error) { kubePolicyDeployment, err := kc.client. AppsV1(). Deployments(config.KubePolicyNamespace). - Get(config.KubePolicyDeploymentName, meta.GetOptions{}) + Get(config.KubePolicyDeploymentName, metav1.GetOptions{}) if err != nil { return nil, err diff --git a/main.go b/main.go index 8eac1b64f1..df638fe689 100644 --- a/main.go +++ b/main.go @@ -5,15 +5,13 @@ import ( "log" "github.com/nirmata/kube-policy/kubeclient" - "github.com/nirmata/kube-policy/pkg/webhooks" - "github.com/nirmata/kube-policy/policycontroller" - policyclientset "github.com/nirmata/kube-policy/pkg/client/clientset/versioned" informers "github.com/nirmata/kube-policy/pkg/client/informers/externalversions" - policyengine "github.com/nirmata/kube-policy/pkg/policyengine" - policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation" - + controller "github.com/nirmata/kube-policy/pkg/controller" + engine "github.com/nirmata/kube-policy/pkg/engine" event "github.com/nirmata/kube-policy/pkg/event" + violation "github.com/nirmata/kube-policy/pkg/violation" + "github.com/nirmata/kube-policy/pkg/webhooks" "k8s.io/sample-controller/pkg/signals" ) @@ -44,10 +42,10 @@ func main() { policyInformer := policyInformerFactory.Kubepolicy().V1alpha1().Policies() eventController := event.NewEventController(kubeclient, policyInformer.Lister(), nil) - violationBuilder := policyviolation.NewPolicyViolationBuilder(kubeclient, policyInformer.Lister(), policyClientset, eventController, nil) - policyEngine := policyengine.NewPolicyEngine(kubeclient, nil) + violationBuilder := violation.NewPolicyViolationBuilder(kubeclient, policyInformer.Lister(), policyClientset, eventController, nil) + policyEngine := engine.NewPolicyEngine(kubeclient, nil) - policyController := policycontroller.NewPolicyController(policyClientset, + policyController := controller.NewPolicyController(policyClientset, policyInformer, policyEngine, violationBuilder, diff --git a/policycontroller/policycontroller.go b/pkg/controller/controller.go similarity index 94% rename from policycontroller/policycontroller.go rename to pkg/controller/controller.go index e4df2c7d08..1b952db03a 100644 --- a/policycontroller/policycontroller.go +++ b/pkg/controller/controller.go @@ -1,4 +1,4 @@ -package policycontroller +package controller import ( "fmt" @@ -10,9 +10,9 @@ import ( policyclientset "github.com/nirmata/kube-policy/pkg/client/clientset/versioned" infomertypes "github.com/nirmata/kube-policy/pkg/client/informers/externalversions/policy/v1alpha1" lister "github.com/nirmata/kube-policy/pkg/client/listers/policy/v1alpha1" + engine "github.com/nirmata/kube-policy/pkg/engine" event "github.com/nirmata/kube-policy/pkg/event" - policyengine "github.com/nirmata/kube-policy/pkg/policyengine" - policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation" + violation "github.com/nirmata/kube-policy/pkg/violation" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -27,8 +27,8 @@ type PolicyController struct { policyLister lister.PolicyLister policyInterface policyclientset.Interface policySynced cache.InformerSynced - policyEngine policyengine.PolicyEngine - violationBuilder policyviolation.Generator + policyEngine engine.PolicyEngine + violationBuilder violation.Generator eventBuilder event.Generator logger *log.Logger queue workqueue.RateLimitingInterface @@ -37,8 +37,8 @@ type PolicyController struct { // NewPolicyController from cmd args func NewPolicyController(policyInterface policyclientset.Interface, policyInformer infomertypes.PolicyInformer, - policyEngine policyengine.PolicyEngine, - violationBuilder policyviolation.Generator, + policyEngine engine.PolicyEngine, + violationBuilder violation.Generator, eventController event.Generator, logger *log.Logger, kubeClient *kubeClient.KubeClient) *PolicyController { diff --git a/policycontroller/policycontroller_test.go b/pkg/controller/controller_test.go similarity index 99% rename from policycontroller/policycontroller_test.go rename to pkg/controller/controller_test.go index b4f513bc87..2ea38a3b74 100644 --- a/policycontroller/policycontroller_test.go +++ b/pkg/controller/controller_test.go @@ -1,4 +1,4 @@ -package policycontroller +package controller import ( "testing" diff --git a/policycontroller/processPolicy.go b/pkg/controller/processPolicy.go similarity index 93% rename from policycontroller/processPolicy.go rename to pkg/controller/processPolicy.go index a707f7325d..84bdf6dbfb 100644 --- a/policycontroller/processPolicy.go +++ b/pkg/controller/processPolicy.go @@ -1,13 +1,13 @@ -package policycontroller +package controller import ( "encoding/json" "fmt" types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" + "github.com/nirmata/kube-policy/pkg/engine/mutation" event "github.com/nirmata/kube-policy/pkg/event" - "github.com/nirmata/kube-policy/pkg/policyengine/mutation" - policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation" + violation "github.com/nirmata/kube-policy/pkg/violation" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -42,7 +42,7 @@ func (pc *PolicyController) runForPolicy(key string) { // processPolicy process the policy to all the matched resources func (pc *PolicyController) processPolicy(policy types.Policy) ( - violations []policyviolation.Info, events []event.Info, err error) { + violations []violation.Info, events []event.Info, err error) { for _, rule := range policy.Spec.Rules { resources, err := pc.filterResourceByRule(rule) diff --git a/policycontroller/utils.go b/pkg/controller/utils.go similarity index 83% rename from policycontroller/utils.go rename to pkg/controller/utils.go index 22f11696a1..b5eb6de4d6 100644 --- a/policycontroller/utils.go +++ b/pkg/controller/utils.go @@ -1,4 +1,4 @@ -package policycontroller +package controller const policyWorkQueueName = "policyworkqueue" diff --git a/pkg/policyengine/policyengine.go b/pkg/engine/engine.go similarity index 83% rename from pkg/policyengine/policyengine.go rename to pkg/engine/engine.go index cbe8367d78..7101b73222 100644 --- a/pkg/policyengine/policyengine.go +++ b/pkg/engine/engine.go @@ -1,4 +1,4 @@ -package policyengine +package engine import ( "fmt" @@ -6,9 +6,9 @@ import ( kubeClient "github.com/nirmata/kube-policy/kubeclient" types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" + "github.com/nirmata/kube-policy/pkg/engine/mutation" event "github.com/nirmata/kube-policy/pkg/event" - "github.com/nirmata/kube-policy/pkg/policyengine/mutation" - policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation" + violation "github.com/nirmata/kube-policy/pkg/violation" ) type PolicyEngine interface { @@ -19,16 +19,16 @@ type PolicyEngine interface { // ProcessValidation should be called from admission contoller // when there is an creation / update of the resource - // TODO: Change name to Validate - ProcessValidation(policy types.Policy, rawResource []byte) + Validate(policy types.Policy, rawResource []byte) // ProcessExisting should be called from policy controller // when there is an create / update of the policy // we should process the policy on matched resources, generate violations accordingly // TODO: This method should not be in PolicyEngine. Validate will do this work instead - ProcessExisting(policy types.Policy, rawResource []byte) ([]policyviolation.Info, []event.Info, error) + ProcessExisting(policy types.Policy, rawResource []byte) ([]violation.Info, []event.Info, error) // TODO: Add Generate method + // Generate() } type policyEngine struct { @@ -43,8 +43,8 @@ func NewPolicyEngine(kubeClient *kubeClient.KubeClient, logger *log.Logger) Poli } } -func (p *policyEngine) ProcessExisting(policy types.Policy, rawResource []byte) ([]policyviolation.Info, []event.Info, error) { - var violations []policyviolation.Info +func (p *policyEngine) ProcessExisting(policy types.Policy, rawResource []byte) ([]violation.Info, []event.Info, error) { + var violations []violation.Info var events []event.Info for _, rule := range policy.Spec.Rules { @@ -74,9 +74,9 @@ func (p *policyEngine) ProcessExisting(policy types.Policy, rawResource []byte) } func (p *policyEngine) processRuleOnResource(policyName string, rule types.Rule, rawResource []byte) ( - policyviolation.Info, []event.Info, error) { + violation.Info, []event.Info, error) { - var violationInfo policyviolation.Info + var violationInfo violation.Info var eventInfos []event.Info resourceKind := mutation.ParseKindFromObject(rawResource) @@ -91,7 +91,7 @@ func (p *policyEngine) processRuleOnResource(policyName string, rule types.Rule, if rulePatchesProcessed != nil { log.Printf("Rule %s: prepared %d patches", rule.Name, len(rulePatchesProcessed)) - violationInfo = policyviolation.NewViolation(policyName, resourceKind, resourceNamespace+"/"+resourceName, rule.Name) + violationInfo = violation.NewViolation(policyName, resourceKind, resourceNamespace+"/"+resourceName, rule.Name) // add a violation to queue // add an event to policy diff --git a/pkg/policyengine/generation.go b/pkg/engine/generation.go similarity index 94% rename from pkg/policyengine/generation.go rename to pkg/engine/generation.go index 86ce884419..dc8f7cb231 100644 --- a/pkg/policyengine/generation.go +++ b/pkg/engine/generation.go @@ -1,10 +1,10 @@ -package policyengine +package engine import ( "fmt" kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" - "github.com/nirmata/kube-policy/pkg/policyengine/mutation" + "github.com/nirmata/kube-policy/pkg/engine/mutation" ) // TODO: To be reworked due to spec policy-v2 diff --git a/pkg/policyengine/mutation.go b/pkg/engine/mutation.go similarity index 96% rename from pkg/policyengine/mutation.go rename to pkg/engine/mutation.go index 75f20193b3..cb45603ca6 100644 --- a/pkg/policyengine/mutation.go +++ b/pkg/engine/mutation.go @@ -1,8 +1,8 @@ -package policyengine +package engine import ( kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" - "github.com/nirmata/kube-policy/pkg/policyengine/mutation" + "github.com/nirmata/kube-policy/pkg/engine/mutation" ) // Mutate performs mutation. Overlay first and then mutation patches diff --git a/pkg/policyengine/mutation/checkRules.go b/pkg/engine/mutation/checkRules.go similarity index 100% rename from pkg/policyengine/mutation/checkRules.go rename to pkg/engine/mutation/checkRules.go diff --git a/pkg/policyengine/mutation/overlay.go b/pkg/engine/mutation/overlay.go similarity index 100% rename from pkg/policyengine/mutation/overlay.go rename to pkg/engine/mutation/overlay.go diff --git a/pkg/policyengine/mutation/patches.go b/pkg/engine/mutation/patches.go similarity index 100% rename from pkg/policyengine/mutation/patches.go rename to pkg/engine/mutation/patches.go diff --git a/pkg/policyengine/mutation/patches_test.go b/pkg/engine/mutation/patches_test.go similarity index 100% rename from pkg/policyengine/mutation/patches_test.go rename to pkg/engine/mutation/patches_test.go diff --git a/pkg/policyengine/mutation/utils.go b/pkg/engine/mutation/utils.go similarity index 100% rename from pkg/policyengine/mutation/utils.go rename to pkg/engine/mutation/utils.go diff --git a/pkg/policyengine/mutation/utils_test.go b/pkg/engine/mutation/utils_test.go similarity index 100% rename from pkg/policyengine/mutation/utils_test.go rename to pkg/engine/mutation/utils_test.go diff --git a/pkg/engine/validation.go b/pkg/engine/validation.go new file mode 100644 index 0000000000..1014c3b529 --- /dev/null +++ b/pkg/engine/validation.go @@ -0,0 +1,5 @@ +package engine + +import types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" + +func (p *policyEngine) Validate(policy types.Policy, rawResource []byte) {} diff --git a/pkg/event/eventmsgbuilder_test.go b/pkg/event/builder_test.go similarity index 100% rename from pkg/event/eventmsgbuilder_test.go rename to pkg/event/builder_test.go diff --git a/pkg/event/eventcontroller.go b/pkg/event/controller.go similarity index 98% rename from pkg/event/eventcontroller.go rename to pkg/event/controller.go index af517ccad6..8b0492bfcb 100644 --- a/pkg/event/eventcontroller.go +++ b/pkg/event/controller.go @@ -59,7 +59,7 @@ func initRecorder(kubeClient *kubeClient.KubeClient) record.EventRecorder { eventBroadcaster.StartLogging(log.Printf) eventBroadcaster.StartRecordingToSink( &typedcorev1.EventSinkImpl{ - Interface: kubeClient.GetEventsInterface("")}) + Interface: kubeClient.GetEvents("")}) recorder := eventBroadcaster.NewRecorder( scheme.Scheme, v1.EventSource{Component: eventSource}) diff --git a/pkg/event/eventmsgbuilder.go b/pkg/event/msgbuilder.go similarity index 96% rename from pkg/event/eventmsgbuilder.go rename to pkg/event/msgbuilder.go index 1e06c3c5a4..b38d9327ac 100644 --- a/pkg/event/eventmsgbuilder.go +++ b/pkg/event/msgbuilder.go @@ -19,11 +19,12 @@ func (k MsgKey) String() string { const argRegex = "%[s,d,v]" +var re = regexp.MustCompile(argRegex) + //GetEventMsg return the application message based on the message id and the arguments, // if the number of arguments passed to the message are incorrect generate an error func getEventMsg(key MsgKey, args ...interface{}) (string, error) { // Verify the number of arguments - re := regexp.MustCompile(argRegex) argsCount := len(re.FindAllString(key.String(), -1)) if argsCount != len(args) { return "", fmt.Errorf("message expects %d arguments, but %d arguments passed", argsCount, len(args)) diff --git a/pkg/policyengine/validation.go b/pkg/policyengine/validation.go deleted file mode 100644 index 282a4496a4..0000000000 --- a/pkg/policyengine/validation.go +++ /dev/null @@ -1,5 +0,0 @@ -package policyengine - -import types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" - -func (p *policyEngine) ProcessValidation(policy types.Policy, rawResource []byte) {} diff --git a/pkg/policyviolation/builder.go b/pkg/violation/builder.go similarity index 99% rename from pkg/policyviolation/builder.go rename to pkg/violation/builder.go index 69e0b1e56f..ab66e2fc09 100644 --- a/pkg/policyviolation/builder.go +++ b/pkg/violation/builder.go @@ -1,4 +1,4 @@ -package policyviolation +package violation import ( "fmt" diff --git a/pkg/policyviolation/util.go b/pkg/violation/util.go similarity index 94% rename from pkg/policyviolation/util.go rename to pkg/violation/util.go index 7fa1ebd333..e8eb73baff 100644 --- a/pkg/policyviolation/util.go +++ b/pkg/violation/util.go @@ -1,4 +1,4 @@ -package policyviolation +package violation import policytype "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go index 6a91b69ef6..310bb097a4 100644 --- a/pkg/webhooks/server.go +++ b/pkg/webhooks/server.go @@ -17,8 +17,8 @@ import ( "github.com/nirmata/kube-policy/kubeclient" kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" policylister "github.com/nirmata/kube-policy/pkg/client/listers/policy/v1alpha1" - "github.com/nirmata/kube-policy/pkg/policyengine" - "github.com/nirmata/kube-policy/pkg/policyengine/mutation" + engine "github.com/nirmata/kube-policy/pkg/engine" + "github.com/nirmata/kube-policy/pkg/engine/mutation" "github.com/nirmata/kube-policy/utils" v1beta1 "k8s.io/api/admission/v1beta1" "k8s.io/apimachinery/pkg/labels" @@ -29,7 +29,7 @@ import ( // MutationWebhook gets policies from policyController and takes control of the cluster with kubeclient. type WebhookServer struct { server http.Server - policyEngine policyengine.PolicyEngine + policyEngine engine.PolicyEngine policyLister policylister.PolicyLister logger *log.Logger } @@ -55,7 +55,7 @@ func NewWebhookServer( return nil, err } tlsConfig.Certificates = []tls.Certificate{pair} - policyEngine := policyengine.NewPolicyEngine(kubeclient, logger) + policyEngine := engine.NewPolicyEngine(kubeclient, logger) ws := &WebhookServer{ policyEngine: policyEngine, diff --git a/pkg/webhooks/utils.go b/pkg/webhooks/utils.go index a3323ff917..f831bec180 100644 --- a/pkg/webhooks/utils.go +++ b/pkg/webhooks/utils.go @@ -3,7 +3,7 @@ package webhooks import ( kubeclient "github.com/nirmata/kube-policy/kubeclient" types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" - mutation "github.com/nirmata/kube-policy/pkg/policyengine/mutation" + mutation "github.com/nirmata/kube-policy/pkg/engine/mutation" "k8s.io/api/admission/v1beta1" )