mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

Add default image registry to patched resource (#2166)

Browse source
This commit is contained in:
shuting 2021-07-20 21:20:37 -07:00 committed by GitHub
parent c73a14eba2
commit b2515fa9eb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
cmd/kyverno/main.go
View file

@ -4,13 +4,14 @@ import (
"context" "context"
"flag" "flag"
"fmt" "fmt"
"github.com/kyverno/kyverno/pkg/cosign"
"net/http" "net/http"
_ "net/http/pprof" _ "net/http/pprof"
"os" "os"
"strings" "strings"
"time" "time"
"github.com/kyverno/kyverno/pkg/cosign"
"github.com/prometheus/client_golang/prometheus/promhttp" "github.com/prometheus/client_golang/prometheus/promhttp"
kubeinformers "k8s.io/client-go/informers" kubeinformers "k8s.io/client-go/informers"
"k8s.io/klog/v2" "k8s.io/klog/v2"

36
pkg/webhooks/server.go
View file

@ -9,8 +9,6 @@ import (
"net/http" "net/http"
"time" "time"
"github.com/kyverno/kyverno/pkg/engine"
"github.com/go-logr/logr" "github.com/go-logr/logr"
"github.com/julienschmidt/httprouter" "github.com/julienschmidt/httprouter"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@ -20,8 +18,10 @@ import (
"github.com/kyverno/kyverno/pkg/common" "github.com/kyverno/kyverno/pkg/common"
"github.com/kyverno/kyverno/pkg/config" "github.com/kyverno/kyverno/pkg/config"
client "github.com/kyverno/kyverno/pkg/dclient" client "github.com/kyverno/kyverno/pkg/dclient"
"github.com/kyverno/kyverno/pkg/engine"
enginectx "github.com/kyverno/kyverno/pkg/engine/context" enginectx "github.com/kyverno/kyverno/pkg/engine/context"
"github.com/kyverno/kyverno/pkg/engine/response" "github.com/kyverno/kyverno/pkg/engine/response"
engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
"github.com/kyverno/kyverno/pkg/event" "github.com/kyverno/kyverno/pkg/event"
"github.com/kyverno/kyverno/pkg/generate" "github.com/kyverno/kyverno/pkg/generate"
"github.com/kyverno/kyverno/pkg/metrics" "github.com/kyverno/kyverno/pkg/metrics"
@ -373,6 +373,10 @@ func (ws *WebhookServer) buildPolicyContext(request *v1beta1.AdmissionRequest, a
return nil, errors.Wrap(err, "failed to add image information to the policy rule context") return nil, errors.Wrap(err, "failed to add image information to the policy rule context")
} }
if err := mutateResourceWithImageInfo(request.Object.Raw, ctx); err != nil {
ws.log.Error(err, "failed to patch images info to resource, policies that mutate images may be impacted")
}
policyContext := &engine.PolicyContext{ policyContext := &engine.PolicyContext{
NewResource: resource, NewResource: resource,
AdmissionInfo: userRequestInfo, AdmissionInfo: userRequestInfo,
@ -623,3 +627,31 @@ func newVariablesContext(request *v1beta1.AdmissionRequest, userRequestInfo *v1.
return ctx, nil return ctx, nil
} }
func mutateResourceWithImageInfo(raw []byte, ctx *enginectx.Context) error {
images := ctx.ImageInfo()
if images == nil {
return nil
}
var patches [][]byte
for _, info := range images.Containers {
patches = append(patches, buildJSONPatch("replace", info.JSONPath, info.String()))
}
for _, info := range images.InitContainers {
patches = append(patches, buildJSONPatch("replace", info.JSONPath, info.String()))
}
patchedResource, err := engineutils.ApplyPatches(raw, patches)
if err != nil {
return err
}
return ctx.AddResource(patchedResource)
}
func buildJSONPatch(op, path, value string) []byte {
p := fmt.Sprintf(`{ "op": "%s", "path": "%s", "value":"%s" }`, op, path, value)
return []byte(p)
}