mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

feat: bump update request api version (#10508)

Browse source 
* feat: bump update request api version

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* use v2

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2024-06-20 11:44:43 +02:00 committed by GitHub
parent 4402e314c8
commit b36a2ecdcc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
76 changed files with 316 additions and 1576 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Makefile
View file

@ -403,6 +403,7 @@ GOPATH_SHIM := ${PWD}/.gopath
PACKAGE_SHIM := $(GOPATH_SHIM)/src/$(PACKAGE)
OUT_PACKAGE := $(PACKAGE)/pkg/client
INPUT_DIRS := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/reports/v1,$(PACKAGE)/api/policyreport/v1alpha2
CLIENT_INPUT_DIRS := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/reports/v1,$(PACKAGE)/api/policyreport/v1alpha2
CLIENTSET_PACKAGE := $(OUT_PACKAGE)/clientset
LISTERS_PACKAGE := $(OUT_PACKAGE)/listers
INFORMERS_PACKAGE := $(OUT_PACKAGE)/informers
@ -432,7 +433,7 @@ codegen-client-clientset: $(PACKAGE_SHIM) $(CLIENT_GEN) ## Generate clientset
--clientset-name versioned \
--output-package $(CLIENTSET_PACKAGE) \
--input-base "" \
--input $(INPUT_DIRS)
--input $(CLIENT_INPUT_DIRS)
.PHONY: codegen-client-listers
codegen-client-listers: $(PACKAGE_SHIM) $(LISTER_GEN) ## Generate listers
@ -441,7 +442,7 @@ codegen-client-listers: $(PACKAGE_SHIM) $(LISTER_GEN) ## Generate listers
@GOPATH=$(GOPATH_SHIM) $(LISTER_GEN) \
--go-header-file ./scripts/boilerplate.go.txt \
--output-package $(LISTERS_PACKAGE) \
--input-dirs $(INPUT_DIRS)
--input-dirs $(CLIENT_INPUT_DIRS)
.PHONY: codegen-client-informers
codegen-client-informers: $(PACKAGE_SHIM) $(INFORMER_GEN) ## Generate informers
@ -450,7 +451,7 @@ codegen-client-informers: $(PACKAGE_SHIM) $(INFORMER_GEN) ## Generate informers
@GOPATH=$(GOPATH_SHIM) $(INFORMER_GEN) \
--go-header-file ./scripts/boilerplate.go.txt \
--output-package $(INFORMERS_PACKAGE) \
--input-dirs $(INPUT_DIRS) \
--input-dirs $(CLIENT_INPUT_DIRS) \
--versioned-clientset-package $(CLIENTSET_PACKAGE)/versioned \
--listers-package $(LISTERS_PACKAGE)

2
api/kyverno/v1beta1/updaterequest_types.go
View file

@ -45,7 +45,6 @@ type UpdateRequestStatus struct {
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:object:root=true
// +kubebuilder:storageversion
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:name="Policy",type="string",JSONPath=".spec.policy"
// +kubebuilder:printcolumn:name="Rule",type="string",JSONPath=".spec.rule"
@ -56,6 +55,7 @@ type UpdateRequestStatus struct {
// +kubebuilder:printcolumn:name="status",type="string",JSONPath=".status.state"
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:resource:shortName=ur,categories=kyverno
// +kubebuilder:deprecatedversion
// UpdateRequest is a request to process mutate and generate rules in background.
type UpdateRequest struct {

18
api/kyverno/v2/constants.go Normal file
View file

@ -0,0 +1,18 @@
package v2
const (
// URMutatePolicyLabel adds the policy name to URs for mutate policies
URMutatePolicyLabel = "mutate.updaterequest.kyverno.io/policy-name"
URMutateTriggerNameLabel = "mutate.updaterequest.kyverno.io/trigger-name"
URMutateTriggerNSLabel = "mutate.updaterequest.kyverno.io/trigger-namespace"
URMutateTriggerKindLabel = "mutate.updaterequest.kyverno.io/trigger-kind"
URMutateTriggerAPIVersionLabel = "mutate.updaterequest.kyverno.io/trigger-apiversion"
// URGeneratePolicyLabel adds the policy name to URs for generate policies
URGeneratePolicyLabel = "generate.kyverno.io/policy-name"
URGenerateResourceNameLabel = "generate.kyverno.io/resource-name"
URGenerateResourceUIDLabel = "generate.kyverno.io/resource-uid"
URGenerateResourceNSLabel = "generate.kyverno.io/resource-namespace"
URGenerateResourceKindLabel = "generate.kyverno.io/resource-kind"
URGenerateRetryCountAnnotation = "generate.kyverno.io/retry-count"
)

1
api/kyverno/v2/updaterequest_types.go
View file

@ -51,6 +51,7 @@ type UpdateRequestStatus struct {
// +kubebuilder:printcolumn:name="status",type="string",JSONPath=".status.state"
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:resource:shortName=ur,categories=kyverno
// +kubebuilder:storageversion
// UpdateRequest is a request to process mutate and generate rules in background.
type UpdateRequest struct {

5
charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_updaterequests.yaml
View file

@ -49,6 +49,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
deprecated: true
name: v1beta1
schema:
openAPIV3Schema:
@ -406,7 +407,7 @@ spec:
type: object
type: object
served: true
storage: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
@ -785,7 +786,7 @@ spec:
type: object
type: object
served: true
storage: false
storage: true
subresources:
status: {}
{{- end }}

4
cmd/background-controller/main.go
View file

@ -61,7 +61,7 @@ func createrLeaderControllers(
eng,
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
kyvernoInformer.Kyverno().V1().Policies(),
kyvernoInformer.Kyverno().V1beta1().UpdateRequests(),
kyvernoInformer.Kyverno().V2().UpdateRequests(),
configuration,
eventGenerator,
kubeInformer.Core().V1().Namespaces(),
@ -80,7 +80,7 @@ func createrLeaderControllers(
eng,
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
kyvernoInformer.Kyverno().V1().Policies(),
kyvernoInformer.Kyverno().V1beta1().UpdateRequests(),
kyvernoInformer.Kyverno().V2().UpdateRequests(),
kubeInformer.Core().V1().Namespaces(),
eventGenerator,
configuration,

4
cmd/cli/kubectl-kyverno/apis/v1alpha1/user_info.go
View file

@ -1,7 +1,7 @@
package v1alpha1
import (
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
@ -15,5 +15,5 @@ type UserInfo struct {
metav1.ObjectMeta `json:"metadata,omitempty"`
// RequestInfo declares user infos
kyvernov1beta1.RequestInfo `json:",inline"`
kyvernov2.RequestInfo `json:",inline"`
}

6
cmd/cli/kubectl-kyverno/commands/apply/command.go
View file

@ -12,7 +12,7 @@ import (
"github.com/go-git/go-billy/v5/memfs"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/deprecations"
@ -141,7 +141,7 @@ func (c *ApplyCommandConfig) applyCommandHelper(out io.Writer) (*processor.Resul
if err != nil {
return rc, resources1, skipInvalidPolicies, responses1, err
}
var userInfo *v1beta1.RequestInfo
var userInfo *kyvernov2.RequestInfo
if c.UserInfoPath != "" {
info, err := userinfo.Load(nil, c.UserInfoPath, "")
if err != nil {
@ -263,7 +263,7 @@ func (c *ApplyCommandConfig) applyPolicytoResource(
exceptions []*kyvernov2beta1.PolicyException,
skipInvalidPolicies *SkippedInvalidPolicies,
dClient dclient.Interface,
userInfo *v1beta1.RequestInfo,
userInfo *kyvernov2.RequestInfo,
mutateLogPathIsDir bool,
) (*processor.ResultCounts, []*unstructured.Unstructured, []engineapi.EngineResponse, error) {
if vars != nil {

4
cmd/cli/kubectl-kyverno/commands/create/user-info/command.go
View file

@ -4,7 +4,7 @@ import (
"os"
"text/template"
"github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/commands/create/templates"
"github.com/spf13/cobra"
@ -36,7 +36,7 @@ func Command() *cobra.Command {
defer file.Close()
output = file
}
values := v1beta1.RequestInfo{
values := kyvernov2.RequestInfo{
Roles: roles,
ClusterRoles: clusterRoles,
AdmissionUserInfo: authenticationv1.UserInfo{

4
cmd/cli/kubectl-kyverno/commands/test/test.go
View file

@ -5,7 +5,7 @@ import (
"io"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/deprecations"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/exception"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
@ -45,7 +45,7 @@ func runTest(out io.Writer, testCase test.TestCase, registryAccess bool) ([]engi
return nil, err
}
// user info
var userInfo *v1beta1.RequestInfo
var userInfo *kyvernov2.RequestInfo
if testCase.Test.UserInfo != "" {
fmt.Fprintln(out, " Loading user infos", "...")
info, err := userinfo.Load(testCase.Fs, testCase.Test.UserInfo, testDir)

8
cmd/cli/kubectl-kyverno/processor/generate.go
View file

@ -6,7 +6,7 @@ import (
"strings"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store"
@ -80,9 +80,9 @@ func handleGeneratePolicy(out io.Writer, store *store.Store, generateResponse *e
return nil, err
}
gr := kyvernov1beta1.UpdateRequest{
Spec: kyvernov1beta1.UpdateRequestSpec{
Type: kyvernov1beta1.Generate,
gr := kyvernov2.UpdateRequest{
Spec: kyvernov2.UpdateRequestSpec{
Type: kyvernov2.Generate,
Policy: generateResponse.Policy().GetName(),
Resource: kyvernov1.ResourceSpec{
Kind: generateResponse.Resource.GetKind(),

4
cmd/cli/kubectl-kyverno/processor/policy_processor.go
View file

@ -10,7 +10,7 @@ import (
json_patch "github.com/evanphx/json-patch/v5"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
@ -44,7 +44,7 @@ type PolicyProcessor struct {
MutateLogPath string
MutateLogPathIsDir bool
Variables *variables.Variables
UserInfo *kyvernov1beta1.RequestInfo
UserInfo *kyvernov2.RequestInfo
PolicyReport bool
NamespaceSelectorMap map[string]map[string]string
Stdin bool

6
cmd/cli/kubectl-kyverno/userinfo/userinfo_test.go
View file

@ -7,7 +7,7 @@ import (
"github.com/go-git/go-billy/v5"
"github.com/go-git/go-billy/v5/memfs"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
authenticationv1 "k8s.io/api/authentication/v1"
)
@ -57,7 +57,7 @@ func TestLoad(t *testing.T) {
path: "../_testdata/user-infos/valid.yaml",
resourcePath: "",
want: &v1alpha1.UserInfo{
RequestInfo: kyvernov1beta1.RequestInfo{
RequestInfo: kyvernov2.RequestInfo{
ClusterRoles: []string{"cluster-admin"},
AdmissionUserInfo: authenticationv1.UserInfo{
Username: "molybdenum@somecorp.com",
@ -85,7 +85,7 @@ func TestLoad(t *testing.T) {
path: "valid.yaml",
resourcePath: "",
want: &v1alpha1.UserInfo{
RequestInfo: kyvernov1beta1.RequestInfo{
RequestInfo: kyvernov2.RequestInfo{
ClusterRoles: []string{"cluster-admin"},
AdmissionUserInfo: authenticationv1.UserInfo{
Username: "molybdenum@somecorp.com",

4
cmd/kyverno/main.go
View file

@ -507,7 +507,7 @@ func main() {
// create webhooks server
urgen := webhookgenerate.NewGenerator(
setup.KyvernoClient,
kyvernoInformer.Kyverno().V1beta1().UpdateRequests(),
kyvernoInformer.Kyverno().V2().UpdateRequests(),
urGenerator,
)
policyHandlers := webhookspolicy.NewHandlers(
@ -523,7 +523,7 @@ func main() {
setup.MetricsManager,
policyCache,
kubeInformer.Core().V1().Namespaces().Lister(),
kyvernoInformer.Kyverno().V1beta1().UpdateRequests().Lister().UpdateRequests(config.KyvernoNamespace()),
kyvernoInformer.Kyverno().V2().UpdateRequests().Lister().UpdateRequests(config.KyvernoNamespace()),
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
kyvernoInformer.Kyverno().V1().Policies(),
urgen,

5
config/crds/kyverno/kyverno.io_updaterequests.yaml
View file

@ -43,6 +43,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
deprecated: true
name: v1beta1
schema:
openAPIV3Schema:
@ -400,7 +401,7 @@ spec:
type: object
type: object
served: true
storage: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
@ -779,6 +780,6 @@ spec:
type: object
type: object
served: true
storage: false
storage: true
subresources:
status: {}

5
config/install-latest-testing.yaml
View file

@ -40657,6 +40657,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
deprecated: true
name: v1beta1
schema:
openAPIV3Schema:
@ -41014,7 +41015,7 @@ spec:
type: object
type: object
served: true
storage: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
@ -41393,7 +41394,7 @@ spec:
type: object
type: object
served: true
storage: false
storage: true
subresources:
status: {}
---

2
docs/user/cli/crd/index.html
View file

@ -233,7 +233,7 @@ Refer to the Kubernetes API documentation for the fields of the
<td>
<code>RequestInfo</code><br/>
<em>
github.com/kyverno/kyverno/api/kyverno/v1beta1.RequestInfo
github.com/kyverno/kyverno/api/kyverno/v2.RequestInfo
</em>
</td>
<td>

2
docs/user/cli/crd/kyverno_kubectl.v1alpha1.html
View file

@ -458,7 +458,7 @@ This field is deprecated, use <code>metadata.name</code> instead</p>
<span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno/v1beta1.RequestInfo</span>
<span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno/v2.RequestInfo</span>
</td>

4
pkg/background/common/context.go
View file

@ -5,7 +5,7 @@ import (
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine"
@ -17,7 +17,7 @@ import (
func NewBackgroundContext(
logger logr.Logger,
dclient dclient.Interface,
ur *kyvernov1beta1.UpdateRequest,
ur *kyvernov2.UpdateRequest,
policy kyvernov1.PolicyInterface,
trigger *unstructured.Unstructured,
cfg config.Configuration,

20
pkg/background/common/labels.go
View file

@ -7,7 +7,7 @@ import (
"github.com/kyverno/kyverno/api/kyverno"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/logging"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
pkglabels "k8s.io/apimachinery/pkg/labels"
@ -39,15 +39,15 @@ func MutateLabelsSet(policyKey string, trigger Object) pkglabels.Set {
_, policyName, _ := cache.SplitMetaNamespaceKey(policyKey)
set := pkglabels.Set{
kyvernov1beta1.URMutatePolicyLabel: policyName,
kyvernov2.URMutatePolicyLabel: policyName,
}
isNil := trigger == nil || (reflect.ValueOf(trigger).Kind() == reflect.Ptr && reflect.ValueOf(trigger).IsNil())
if !isNil {
set[kyvernov1beta1.URMutateTriggerNameLabel] = trimByLength(trigger.GetName(), 63)
set[kyvernov1beta1.URMutateTriggerNSLabel] = trigger.GetNamespace()
set[kyvernov1beta1.URMutateTriggerKindLabel] = trigger.GetKind()
set[kyvernov2.URMutateTriggerNameLabel] = trimByLength(trigger.GetName(), 63)
set[kyvernov2.URMutateTriggerNSLabel] = trigger.GetNamespace()
set[kyvernov2.URMutateTriggerKindLabel] = trigger.GetKind()
if trigger.GetAPIVersion() != "" {
set[kyvernov1beta1.URMutateTriggerAPIVersionLabel] = strings.ReplaceAll(trigger.GetAPIVersion(), "/", "-")
set[kyvernov2.URMutateTriggerAPIVersionLabel] = strings.ReplaceAll(trigger.GetAPIVersion(), "/", "-")
}
}
return set
@ -57,13 +57,13 @@ func GenerateLabelsSet(policyKey string, trigger Object) pkglabels.Set {
_, policyName, _ := cache.SplitMetaNamespaceKey(policyKey)
set := pkglabels.Set{
kyvernov1beta1.URGeneratePolicyLabel: policyName,
kyvernov2.URGeneratePolicyLabel: policyName,
}
isNil := trigger == nil || (reflect.ValueOf(trigger).Kind() == reflect.Ptr && reflect.ValueOf(trigger).IsNil())
if !isNil {
set[kyvernov1beta1.URGenerateResourceUIDLabel] = string(trigger.GetUID())
set[kyvernov1beta1.URGenerateResourceNSLabel] = trigger.GetNamespace()
set[kyvernov1beta1.URGenerateResourceKindLabel] = trigger.GetKind()
set[kyvernov2.URGenerateResourceUIDLabel] = string(trigger.GetUID())
set[kyvernov2.URGenerateResourceNSLabel] = trigger.GetNamespace()
set[kyvernov2.URGenerateResourceKindLabel] = trigger.GetKind()
}
return set
}

6
pkg/background/common/resource.go
View file

@ -5,7 +5,7 @@ import (
"fmt"
"github.com/go-logr/logr"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/clients/dclient"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
admissionv1 "k8s.io/api/admission/v1"
@ -13,7 +13,7 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSpec, log logr.Logger) (resource *unstructured.Unstructured, err error) {
func GetResource(client dclient.Interface, urSpec kyvernov2.UpdateRequestSpec, log logr.Logger) (resource *unstructured.Unstructured, err error) {
resourceSpec := urSpec.GetResource()
if urSpec.GetResource().GetUID() != "" {
@ -33,7 +33,7 @@ func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSp
}
resource, err := client.GetResource(context.TODO(), resourceSpec.APIVersion, resourceSpec.Kind, resourceSpec.Namespace, resourceSpec.Name)
if err != nil {
if urSpec.GetRequestType() == kyvernov1beta1.Mutate && errors.IsNotFound(err) && urSpec.Context.AdmissionRequestInfo.Operation == admissionv1.Delete {
if urSpec.GetRequestType() == kyvernov2.Mutate && errors.IsNotFound(err) && urSpec.Context.AdmissionRequestInfo.Operation == admissionv1.Delete {
log.V(4).Info("trigger resource does not exist for mutateExisting rule", "operation", urSpec.Context.AdmissionRequestInfo.Operation)
return nil, nil
}

26
pkg/background/common/status.go
View file

@ -2,25 +2,25 @@ package common
import (
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2"
)
// StatusControlInterface provides interface to update status subresource
type StatusControlInterface interface {
Failed(name string, message string, genResources []kyvernov1.ResourceSpec) (*kyvernov1beta1.UpdateRequest, error)
Success(name string, genResources []kyvernov1.ResourceSpec) (*kyvernov1beta1.UpdateRequest, error)
Skip(name string, genResources []kyvernov1.ResourceSpec) (*kyvernov1beta1.UpdateRequest, error)
Failed(name string, message string, genResources []kyvernov1.ResourceSpec) (*kyvernov2.UpdateRequest, error)
Success(name string, genResources []kyvernov1.ResourceSpec) (*kyvernov2.UpdateRequest, error)
Skip(name string, genResources []kyvernov1.ResourceSpec) (*kyvernov2.UpdateRequest, error)
}
// statusControl is default implementaation of GRStatusControlInterface
type statusControl struct {
client versioned.Interface
urLister kyvernov1beta1listers.UpdateRequestNamespaceLister
urLister kyvernov2listers.UpdateRequestNamespaceLister
}
func NewStatusControl(client versioned.Interface, urLister kyvernov1beta1listers.UpdateRequestNamespaceLister) StatusControlInterface {
func NewStatusControl(client versioned.Interface, urLister kyvernov2listers.UpdateRequestNamespaceLister) StatusControlInterface {
return &statusControl{
client: client,
urLister: urLister,
@ -28,16 +28,16 @@ func NewStatusControl(client versioned.Interface, urLister kyvernov1beta1listers
}
// Failed sets ur status.state to failed with message
func (sc *statusControl) Failed(name, message string, genResources []kyvernov1.ResourceSpec) (*kyvernov1beta1.UpdateRequest, error) {
return UpdateStatus(sc.client, sc.urLister, name, kyvernov1beta1.Failed, message, genResources)
func (sc *statusControl) Failed(name, message string, genResources []kyvernov1.ResourceSpec) (*kyvernov2.UpdateRequest, error) {
return UpdateStatus(sc.client, sc.urLister, name, kyvernov2.Failed, message, genResources)
}
// Success sets the ur status.state to completed and clears message
func (sc *statusControl) Success(name string, genResources []kyvernov1.ResourceSpec) (*kyvernov1beta1.UpdateRequest, error) {
return UpdateStatus(sc.client, sc.urLister, name, kyvernov1beta1.Completed, "", genResources)
func (sc *statusControl) Success(name string, genResources []kyvernov1.ResourceSpec) (*kyvernov2.UpdateRequest, error) {
return UpdateStatus(sc.client, sc.urLister, name, kyvernov2.Completed, "", genResources)
}
// Success sets the ur status.state to completed and clears message
func (sc *statusControl) Skip(name string, genResources []kyvernov1.ResourceSpec) (*kyvernov1beta1.UpdateRequest, error) {
return UpdateStatus(sc.client, sc.urLister, name, kyvernov1beta1.Skip, "", genResources)
func (sc *statusControl) Skip(name string, genResources []kyvernov1.ResourceSpec) (*kyvernov2.UpdateRequest, error) {
return UpdateStatus(sc.client, sc.urLister, name, kyvernov2.Skip, "", genResources)
}

18
pkg/background/common/util.go
View file

@ -4,9 +4,9 @@ import (
"context"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2"
"github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/logging"
@ -15,9 +15,9 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
func UpdateStatus(client versioned.Interface, urLister kyvernov1beta1listers.UpdateRequestNamespaceLister, name string, state kyvernov1beta1.UpdateRequestState, message string, genResources []kyvernov1.ResourceSpec) (*kyvernov1beta1.UpdateRequest, error) {
var latest *kyvernov1beta1.UpdateRequest
ur, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Get(context.TODO(), name, metav1.GetOptions{})
func UpdateStatus(client versioned.Interface, urLister kyvernov2listers.UpdateRequestNamespaceLister, name string, state kyvernov2.UpdateRequestState, message string, genResources []kyvernov1.ResourceSpec) (*kyvernov2.UpdateRequest, error) {
var latest *kyvernov2.UpdateRequest
ur, err := client.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).Get(context.TODO(), name, metav1.GetOptions{})
if err != nil {
return ur, errors.Wrapf(err, "failed to fetch update request")
}
@ -28,12 +28,12 @@ func UpdateStatus(client versioned.Interface, urLister kyvernov1beta1listers.Upd
latest.Status.GeneratedResources = genResources
}
if state == kyvernov1beta1.Failed {
if state == kyvernov2.Failed {
if latest, err = retryOrDeleteOnFailure(client, latest, 3); err != nil {
return nil, err
}
}
new, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), latest, metav1.UpdateOptions{})
new, err := client.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), latest, metav1.UpdateOptions{})
if err != nil {
return ur, errors.Wrapf(err, "failed to update ur status to %s", string(state))
}
@ -59,9 +59,9 @@ func ResourceSpecFromUnstructured(obj unstructured.Unstructured) kyvernov1.Resou
}
}
func retryOrDeleteOnFailure(kyvernoClient versioned.Interface, ur *kyvernov1beta1.UpdateRequest, limit int) (latest *kyvernov1beta1.UpdateRequest, err error) {
func retryOrDeleteOnFailure(kyvernoClient versioned.Interface, ur *kyvernov2.UpdateRequest, limit int) (latest *kyvernov2.UpdateRequest, err error) {
if ur.Status.RetryCount > limit {
err = kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), ur.GetName(), metav1.DeleteOptions{})
err = kyvernoClient.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), ur.GetName(), metav1.DeleteOptions{})
if err != nil {
return nil, errors.Wrapf(err, "exceeds retry limit, failed to delete the UR: %s, retry: %v, resourceVersion: %s", ur.Name, ur.Status.RetryCount, ur.GetResourceVersion())
}

8
pkg/background/generate/cleanup.go
View file

@ -6,7 +6,7 @@ import (
"github.com/kyverno/kyverno/api/kyverno"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/background/common"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"go.uber.org/multierr"
@ -14,7 +14,7 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
func (c *GenerateController) deleteDownstream(policy kyvernov1.PolicyInterface, ur *kyvernov1beta1.UpdateRequest) (err error) {
func (c *GenerateController) deleteDownstream(policy kyvernov1.PolicyInterface, ur *kyvernov2.UpdateRequest) (err error) {
if !ur.Spec.DeleteDownstream {
return nil
}
@ -49,7 +49,7 @@ func (c *GenerateController) deleteDownstream(policy kyvernov1.PolicyInterface,
return c.handleNonPolicyChanges(policy, ur)
}
func (c *GenerateController) handleNonPolicyChanges(policy kyvernov1.PolicyInterface, ur *kyvernov1beta1.UpdateRequest) error {
func (c *GenerateController) handleNonPolicyChanges(policy kyvernov1.PolicyInterface, ur *kyvernov2.UpdateRequest) error {
if !ur.Spec.DeleteDownstream {
return nil
}
@ -95,7 +95,7 @@ func (c *GenerateController) handleNonPolicyChanges(policy kyvernov1.PolicyInter
return nil
}
func (c *GenerateController) getDownstreams(rule kyvernov1.Rule, selector map[string]string, ur *kyvernov1beta1.UpdateRequest) (*unstructured.UnstructuredList, error) {
func (c *GenerateController) getDownstreams(rule kyvernov1.Rule, selector map[string]string, ur *kyvernov2.UpdateRequest) (*unstructured.UnstructuredList, error) {
gv, err := ur.Spec.GetResource().GetGroupVersion()
if err != nil {
return nil, err

6
pkg/background/generate/clone.go
View file

@ -6,7 +6,7 @@ import (
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/clients/dclient"
datautils "github.com/kyverno/kyverno/pkg/utils/data"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
@ -14,7 +14,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func manageClone(log logr.Logger, target, sourceSpec kyvernov1.ResourceSpec, policy kyvernov1.PolicyInterface, ur kyvernov1beta1.UpdateRequest, rule kyvernov1.Rule, client dclient.Interface) generateResponse {
func manageClone(log logr.Logger, target, sourceSpec kyvernov1.ResourceSpec, policy kyvernov1.PolicyInterface, ur kyvernov2.UpdateRequest, rule kyvernov1.Rule, client dclient.Interface) generateResponse {
source := sourceSpec
clone := rule.Generation
if clone.Clone.Name != "" {
@ -88,7 +88,7 @@ func manageClone(log logr.Logger, target, sourceSpec kyvernov1.ResourceSpec, pol
return newCreateGenerateResponse(sourceObjCopy.UnstructuredContent(), target, nil)
}
func manageCloneList(log logr.Logger, targetNamespace string, ur kyvernov1beta1.UpdateRequest, policy kyvernov1.PolicyInterface, rule kyvernov1.Rule, client dclient.Interface) []generateResponse {
func manageCloneList(log logr.Logger, targetNamespace string, ur kyvernov2.UpdateRequest, policy kyvernov1.PolicyInterface, rule kyvernov1.Rule, client dclient.Interface) []generateResponse {
var responses []generateResponse
cloneList := rule.Generation.CloneList
sourceNamespace := cloneList.Namespace

4
pkg/background/generate/data.go
View file

@ -6,14 +6,14 @@ import (
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/clients/dclient"
datautils "github.com/kyverno/kyverno/pkg/utils/data"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
func manageData(log logr.Logger, target kyvernov1.ResourceSpec, data interface{}, synchronize bool, ur kyvernov1beta1.UpdateRequest, client dclient.Interface) generateResponse {
func manageData(log logr.Logger, target kyvernov1.ResourceSpec, data interface{}, synchronize bool, ur kyvernov2.UpdateRequest, client dclient.Interface) generateResponse {
if data == nil {
log.V(4).Info("data is nil - skipping update")
return newSkipGenerateResponse(nil, target, nil)

42
pkg/background/generate/generate.go
View file

@ -10,12 +10,12 @@ import (
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/autogen"
"github.com/kyverno/kyverno/pkg/background/common"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2"
"github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine"
@ -50,7 +50,7 @@ type GenerateController struct {
engine engineapi.Engine
// listers
urLister kyvernov1beta1listers.UpdateRequestNamespaceLister
urLister kyvernov2listers.UpdateRequestNamespaceLister
nsLister corev1listers.NamespaceLister
policyLister kyvernov1listers.ClusterPolicyLister
npolicyLister kyvernov1listers.PolicyLister
@ -70,7 +70,7 @@ func NewGenerateController(
engine engineapi.Engine,
policyLister kyvernov1listers.ClusterPolicyLister,
npolicyLister kyvernov1listers.PolicyLister,
urLister kyvernov1beta1listers.UpdateRequestNamespaceLister,
urLister kyvernov2listers.UpdateRequestNamespaceLister,
nsLister corev1listers.NamespaceLister,
dynamicConfig config.Configuration,
eventGen event.Interface,
@ -94,7 +94,7 @@ func NewGenerateController(
return &c
}
func (c *GenerateController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {
func (c *GenerateController) ProcessUR(ur *kyvernov2.UpdateRequest) error {
logger := c.log.WithValues("name", ur.GetName(), "policy", ur.Spec.GetPolicyKey(), "resource", ur.Spec.GetResource().String())
var err error
var genResources []kyvernov1.ResourceSpec
@ -113,9 +113,9 @@ func (c *GenerateController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {
genResources, err = c.applyGenerate(*trigger, *ur, namespaceLabels)
if err != nil {
if strings.Contains(err.Error(), doesNotApply) {
ur.Status.State = kyvernov1beta1.Completed
ur.Status.State = kyvernov2.Completed
logger.V(4).Info(fmt.Sprintf("%s, updating UR status to Completed", err.Error()))
_, err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), ur, metav1.UpdateOptions{})
_, err := c.kyvernoClient.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), ur, metav1.UpdateOptions{})
return err
}
@ -137,7 +137,7 @@ func (c *GenerateController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {
const doesNotApply = "policy does not apply to resource"
func (c *GenerateController) getTrigger(spec kyvernov1beta1.UpdateRequestSpec) (*unstructured.Unstructured, error) {
func (c *GenerateController) getTrigger(spec kyvernov2.UpdateRequestSpec) (*unstructured.Unstructured, error) {
admissionRequest := spec.Context.AdmissionRequestInfo.AdmissionRequest
if admissionRequest == nil {
return common.GetResource(c.client, spec, c.log)
@ -163,7 +163,7 @@ func (c *GenerateController) getTrigger(spec kyvernov1beta1.UpdateRequestSpec) (
}
}
func (c *GenerateController) getTriggerForDeleteOperation(spec kyvernov1beta1.UpdateRequestSpec) (*unstructured.Unstructured, error) {
func (c *GenerateController) getTriggerForDeleteOperation(spec kyvernov2.UpdateRequestSpec) (*unstructured.Unstructured, error) {
request := spec.Context.AdmissionRequestInfo.AdmissionRequest
_, oldResource, err := admissionutils.ExtractResources(nil, *request)
if err != nil {
@ -178,7 +178,7 @@ func (c *GenerateController) getTriggerForDeleteOperation(spec kyvernov1beta1.Up
return &oldResource, nil
}
func (c *GenerateController) getTriggerForCreateOperation(spec kyvernov1beta1.UpdateRequestSpec) (*unstructured.Unstructured, error) {
func (c *GenerateController) getTriggerForCreateOperation(spec kyvernov2.UpdateRequestSpec) (*unstructured.Unstructured, error) {
admissionRequest := spec.Context.AdmissionRequestInfo.AdmissionRequest
trigger, err := common.GetResource(c.client, spec, c.log)
if err != nil || trigger == nil {
@ -197,7 +197,7 @@ func (c *GenerateController) getTriggerForCreateOperation(spec kyvernov1beta1.Up
return trigger, err
}
func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, ur kyvernov1beta1.UpdateRequest, namespaceLabels map[string]string) ([]kyvernov1.ResourceSpec, error) {
func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, ur kyvernov2.UpdateRequest, namespaceLabels map[string]string) ([]kyvernov1.ResourceSpec, error) {
logger := c.log.WithValues("name", ur.GetName(), "policy", ur.Spec.GetPolicyKey(), "resource", ur.Spec.GetResource().String())
logger.V(3).Info("applying generate policy rule")
@ -240,12 +240,12 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
if r.Status() != engineapi.RuleStatusPass {
logger.V(4).Info("querying all update requests")
selector := labels.SelectorFromSet(labels.Set(map[string]string{
kyvernov1beta1.URGeneratePolicyLabel: engineResponse.Policy().GetName(),
kyvernov1beta1.URGenerateResourceKindLabel: engineResponse.Resource.GetKind(),
kyvernov1beta1.URGenerateResourceNSLabel: engineResponse.Resource.GetNamespace(),
kyvernov2.URGeneratePolicyLabel: engineResponse.Policy().GetName(),
kyvernov2.URGenerateResourceKindLabel: engineResponse.Resource.GetKind(),
kyvernov2.URGenerateResourceNSLabel: engineResponse.Resource.GetNamespace(),
}))
// get update requests that have the resource UID label
requirement, err := labels.NewRequirement(kyvernov1beta1.URGenerateResourceUIDLabel, selection.Equals, []string{string(engineResponse.Resource.GetUID())})
requirement, err := labels.NewRequirement(kyvernov2.URGenerateResourceUIDLabel, selection.Equals, []string{string(engineResponse.Resource.GetUID())})
if err != nil {
logger.Error(err, "failed to add the resource UID label")
}
@ -258,7 +258,7 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
if len(urList) == 0 {
// get update requests that have the resource name label
requirement, err = labels.NewRequirement(kyvernov1beta1.URGenerateResourceNameLabel, selection.Equals, []string{engineResponse.Resource.GetName()})
requirement, err = labels.NewRequirement(kyvernov2.URGenerateResourceNameLabel, selection.Equals, []string{engineResponse.Resource.GetName()})
if err != nil {
logger.Error(err, "failed to add the resource name label")
continue
@ -272,7 +272,7 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
}
for _, v := range urList {
err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), v.GetName(), metav1.DeleteOptions{})
err := c.kyvernoClient.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), v.GetName(), metav1.DeleteOptions{})
if err != nil {
logger.Error(err, "failed to delete update request")
}
@ -298,7 +298,7 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
}
// getPolicySpec gets the policy spec from the ClusterPolicy/Policy
func (c *GenerateController) getPolicySpec(ur kyvernov1beta1.UpdateRequest) (kyvernov1.PolicyInterface, error) {
func (c *GenerateController) getPolicySpec(ur kyvernov2.UpdateRequest) (kyvernov1.PolicyInterface, error) {
pNamespace, pName, err := cache.SplitMetaNamespaceKey(ur.Spec.Policy)
if err != nil {
return nil, err
@ -318,7 +318,7 @@ func (c *GenerateController) getPolicySpec(ur kyvernov1beta1.UpdateRequest) (kyv
return npolicyObj, nil
}
func updateStatus(statusControl common.StatusControlInterface, ur kyvernov1beta1.UpdateRequest, err error, genResources []kyvernov1.ResourceSpec) error {
func updateStatus(statusControl common.StatusControlInterface, ur kyvernov2.UpdateRequest, err error, genResources []kyvernov1.ResourceSpec) error {
if err != nil {
if _, err := statusControl.Failed(ur.GetName(), err.Error(), genResources); err != nil {
return err
@ -331,7 +331,7 @@ func updateStatus(statusControl common.StatusControlInterface, ur kyvernov1beta1
return nil
}
func (c *GenerateController) ApplyGeneratePolicy(log logr.Logger, policyContext *engine.PolicyContext, ur kyvernov1beta1.UpdateRequest, applicableRules []string) (genResources []kyvernov1.ResourceSpec, err error) {
func (c *GenerateController) ApplyGeneratePolicy(log logr.Logger, policyContext *engine.PolicyContext, ur kyvernov2.UpdateRequest, applicableRules []string) (genResources []kyvernov1.ResourceSpec, err error) {
// Get the response as the actions to be performed on the resource
// - - substitute values
policy := policyContext.Policy()
@ -398,7 +398,7 @@ func (c *GenerateController) ApplyGeneratePolicy(log logr.Logger, policyContext
return genResources, nil
}
func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, trigger unstructured.Unstructured, ctx enginecontext.EvalInterface, policy kyvernov1.PolicyInterface, ur kyvernov1beta1.UpdateRequest) ([]kyvernov1.ResourceSpec, error) {
func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, trigger unstructured.Unstructured, ctx enginecontext.EvalInterface, policy kyvernov1.PolicyInterface, ur kyvernov2.UpdateRequest) ([]kyvernov1.ResourceSpec, error) {
responses := []generateResponse{}
var err error
var newGenResources []kyvernov1.ResourceSpec

6
pkg/background/mutate.go
View file

@ -3,17 +3,17 @@ package background
import (
"context"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
common "github.com/kyverno/kyverno/pkg/background/common"
"github.com/kyverno/kyverno/pkg/config"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func (c *controller) handleMutatePolicyAbsence(ur *kyvernov1beta1.UpdateRequest) error {
func (c *controller) handleMutatePolicyAbsence(ur *kyvernov2.UpdateRequest) error {
selector := &metav1.LabelSelector{
MatchLabels: common.MutateLabelsSet(ur.Spec.Policy, nil),
}
return c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).DeleteCollection(
return c.kyvernoClient.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).DeleteCollection(
context.TODO(),
metav1.DeleteOptions{},
metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(selector)},

8
pkg/background/mutate/mutate.go
View file

@ -6,7 +6,7 @@ import (
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/background/common"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
@ -76,7 +76,7 @@ func NewMutateExistingController(
return &c
}
func (c *mutateExistingController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {
func (c *mutateExistingController) ProcessUR(ur *kyvernov2.UpdateRequest) error {
logger := c.log.WithValues("name", ur.GetName(), "policy", ur.Spec.GetPolicyKey(), "resource", ur.Spec.GetResource().String())
var errs []error
@ -211,7 +211,7 @@ func (c *mutateExistingController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) e
return updateURStatus(c.statusControl, *ur, err)
}
func (c *mutateExistingController) getPolicy(ur *kyvernov1beta1.UpdateRequest) (policy kyvernov1.PolicyInterface, err error) {
func (c *mutateExistingController) getPolicy(ur *kyvernov2.UpdateRequest) (policy kyvernov1.PolicyInterface, err error) {
pNamespace, pName, err := cache.SplitMetaNamespaceKey(ur.Spec.Policy)
if err != nil {
return nil, err
@ -243,7 +243,7 @@ func (c *mutateExistingController) report(err error, policy kyvernov1.PolicyInte
c.eventGen.Add(events...)
}
func updateURStatus(statusControl common.StatusControlInterface, ur kyvernov1beta1.UpdateRequest, err error) error {
func updateURStatus(statusControl common.StatusControlInterface, ur kyvernov2.UpdateRequest, err error) error {
if err != nil {
if _, err := statusControl.Failed(ur.GetName(), err.Error(), nil); err != nil {
return err

40
pkg/background/update_request_controller.go
View file

@ -6,15 +6,15 @@ import (
"time"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
common "github.com/kyverno/kyverno/pkg/background/common"
"github.com/kyverno/kyverno/pkg/background/generate"
"github.com/kyverno/kyverno/pkg/background/mutate"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernov1beta1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1beta1"
kyvernov2informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2"
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2"
"github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/config"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
@ -49,7 +49,7 @@ type controller struct {
// listers
cpolLister kyvernov1listers.ClusterPolicyLister
polLister kyvernov1listers.PolicyLister
urLister kyvernov1beta1listers.UpdateRequestNamespaceLister
urLister kyvernov2listers.UpdateRequestNamespaceLister
nsLister corev1listers.NamespaceLister
informersSynced []cache.InformerSynced
@ -69,7 +69,7 @@ func NewController(
engine engineapi.Engine,
cpolInformer kyvernov1informers.ClusterPolicyInformer,
polInformer kyvernov1informers.PolicyInformer,
urInformer kyvernov1beta1informers.UpdateRequestInformer,
urInformer kyvernov2informers.UpdateRequestInformer,
namespaceInformer corev1informers.NamespaceInformer,
eventGen event.Interface,
configuration config.Configuration,
@ -173,12 +173,12 @@ func (c *controller) syncUpdateRequest(key string) error {
// Deep-copy otherwise we are mutating our cache.
ur = ur.DeepCopy()
if _, err := c.getPolicy(ur.Spec.Policy); err != nil && apierrors.IsNotFound(err) {
if ur.Spec.GetRequestType() == kyvernov1beta1.Mutate {
if ur.Spec.GetRequestType() == kyvernov2.Mutate {
return c.handleMutatePolicyAbsence(ur)
}
}
if ur.Status.State == kyvernov1beta1.Pending {
if ur.Status.State == kyvernov2.Pending {
if err := c.processUR(ur); err != nil {
return fmt.Errorf("failed to process UR %s: %v", key, err)
}
@ -204,33 +204,33 @@ func (c *controller) enqueueUpdateRequest(obj interface{}) {
}
func (c *controller) addUR(obj interface{}) {
ur := obj.(*kyvernov1beta1.UpdateRequest)
ur := obj.(*kyvernov2.UpdateRequest)
c.enqueueUpdateRequest(ur)
}
func (c *controller) updateUR(_, cur interface{}) {
curUr := cur.(*kyvernov1beta1.UpdateRequest)
if curUr.Status.State == kyvernov1beta1.Skip || curUr.Status.State == kyvernov1beta1.Completed {
curUr := cur.(*kyvernov2.UpdateRequest)
if curUr.Status.State == kyvernov2.Skip || curUr.Status.State == kyvernov2.Completed {
return
}
c.enqueueUpdateRequest(curUr)
}
func (c *controller) processUR(ur *kyvernov1beta1.UpdateRequest) error {
func (c *controller) processUR(ur *kyvernov2.UpdateRequest) error {
statusControl := common.NewStatusControl(c.kyvernoClient, c.urLister)
switch ur.Spec.GetRequestType() {
case kyvernov1beta1.Mutate:
case kyvernov2.Mutate:
ctrl := mutate.NewMutateExistingController(c.client, c.kyvernoClient, statusControl, c.engine, c.cpolLister, c.polLister, c.nsLister, c.configuration, c.eventGen, logger, c.jp)
return ctrl.ProcessUR(ur)
case kyvernov1beta1.Generate:
case kyvernov2.Generate:
ctrl := generate.NewGenerateController(c.client, c.kyvernoClient, statusControl, c.engine, c.cpolLister, c.polLister, c.urLister, c.nsLister, c.configuration, c.eventGen, logger, c.jp)
return ctrl.ProcessUR(ur)
}
return nil
}
func (c *controller) reconcileURStatus(ur *kyvernov1beta1.UpdateRequest) (kyvernov1beta1.UpdateRequestState, error) {
new, err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Get(context.TODO(), ur.GetName(), metav1.GetOptions{})
func (c *controller) reconcileURStatus(ur *kyvernov2.UpdateRequest) (kyvernov2.UpdateRequestState, error) {
new, err := c.kyvernoClient.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).Get(context.TODO(), ur.GetName(), metav1.GetOptions{})
if err != nil {
logger.V(2).Info("cannot fetch latest UR, fallback to the existing one", "reason", err.Error())
new = ur
@ -238,11 +238,11 @@ func (c *controller) reconcileURStatus(ur *kyvernov1beta1.UpdateRequest) (kyvern
var errUpdate error
switch new.Status.State {
case kyvernov1beta1.Completed:
errUpdate = c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), ur.GetName(), metav1.DeleteOptions{})
case kyvernov1beta1.Failed:
new.Status.State = kyvernov1beta1.Pending
_, errUpdate = c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{})
case kyvernov2.Completed:
errUpdate = c.kyvernoClient.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), ur.GetName(), metav1.DeleteOptions{})
case kyvernov2.Failed:
new.Status.State = kyvernov2.Pending
_, errUpdate = c.kyvernoClient.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{})
}
return new.Status.State, errUpdate
}

13
pkg/client/clientset/versioned/clientset.go
View file

@ -23,7 +23,6 @@ import (
"net/http"
kyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2"
kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1"
kyvernov2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1"
@ -37,7 +36,6 @@ import (
type Interface interface {
Discovery() discovery.DiscoveryInterface
KyvernoV1() kyvernov1.KyvernoV1Interface
KyvernoV1beta1() kyvernov1beta1.KyvernoV1beta1Interface
KyvernoV2() kyvernov2.KyvernoV2Interface
KyvernoV2beta1() kyvernov2beta1.KyvernoV2beta1Interface
KyvernoV2alpha1() kyvernov2alpha1.KyvernoV2alpha1Interface
@ -49,7 +47,6 @@ type Interface interface {
type Clientset struct {
*discovery.DiscoveryClient
kyvernoV1 *kyvernov1.KyvernoV1Client
kyvernoV1beta1 *kyvernov1beta1.KyvernoV1beta1Client
kyvernoV2 *kyvernov2.KyvernoV2Client
kyvernoV2beta1 *kyvernov2beta1.KyvernoV2beta1Client
kyvernoV2alpha1 *kyvernov2alpha1.KyvernoV2alpha1Client
@ -62,11 +59,6 @@ func (c *Clientset) KyvernoV1() kyvernov1.KyvernoV1Interface {
return c.kyvernoV1
}
// KyvernoV1beta1 retrieves the KyvernoV1beta1Client
func (c *Clientset) KyvernoV1beta1() kyvernov1beta1.KyvernoV1beta1Interface {
return c.kyvernoV1beta1
}
// KyvernoV2 retrieves the KyvernoV2Client
func (c *Clientset) KyvernoV2() kyvernov2.KyvernoV2Interface {
return c.kyvernoV2
@ -140,10 +132,6 @@ func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset,
if err != nil {
return nil, err
}
cs.kyvernoV1beta1, err = kyvernov1beta1.NewForConfigAndClient(&configShallowCopy, httpClient)
if err != nil {
return nil, err
}
cs.kyvernoV2, err = kyvernov2.NewForConfigAndClient(&configShallowCopy, httpClient)
if err != nil {
return nil, err
@ -186,7 +174,6 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
func New(c rest.Interface) *Clientset {
var cs Clientset
cs.kyvernoV1 = kyvernov1.New(c)
cs.kyvernoV1beta1 = kyvernov1beta1.New(c)
cs.kyvernoV2 = kyvernov2.New(c)
cs.kyvernoV2beta1 = kyvernov2beta1.New(c)
cs.kyvernoV2alpha1 = kyvernov2alpha1.New(c)

7
pkg/client/clientset/versioned/fake/clientset_generated.go
View file

@ -22,8 +22,6 @@ import (
clientset "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
fakekyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1/fake"
kyvernov1beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1beta1"
fakekyvernov1beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1beta1/fake"
kyvernov2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2"
fakekyvernov2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2/fake"
kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1"
@ -96,11 +94,6 @@ func (c *Clientset) KyvernoV1() kyvernov1.KyvernoV1Interface {
return &fakekyvernov1.FakeKyvernoV1{Fake: &c.Fake}
}
// KyvernoV1beta1 retrieves the KyvernoV1beta1Client
func (c *Clientset) KyvernoV1beta1() kyvernov1beta1.KyvernoV1beta1Interface {
return &fakekyvernov1beta1.FakeKyvernoV1beta1{Fake: &c.Fake}
}
// KyvernoV2 retrieves the KyvernoV2Client
func (c *Clientset) KyvernoV2() kyvernov2.KyvernoV2Interface {
return &fakekyvernov2.FakeKyvernoV2{Fake: &c.Fake}

2
pkg/client/clientset/versioned/fake/register.go
View file

@ -20,7 +20,6 @@ package fake
import (
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
@ -38,7 +37,6 @@ var codecs = serializer.NewCodecFactory(scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
kyvernov1.AddToScheme,
kyvernov1beta1.AddToScheme,
kyvernov2.AddToScheme,
kyvernov2beta1.AddToScheme,
kyvernov2alpha1.AddToScheme,

2
pkg/client/clientset/versioned/scheme/register.go
View file

@ -20,7 +20,6 @@ package scheme
import (
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
@ -38,7 +37,6 @@ var Codecs = serializer.NewCodecFactory(Scheme)
var ParameterCodec = runtime.NewParameterCodec(Scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
kyvernov1.AddToScheme,
kyvernov1beta1.AddToScheme,
kyvernov2.AddToScheme,
kyvernov2beta1.AddToScheme,
kyvernov2alpha1.AddToScheme,

20
pkg/client/clientset/versioned/typed/kyverno/v1beta1/doc.go
View file

@ -1,20 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
package v1beta1

20
pkg/client/clientset/versioned/typed/kyverno/v1beta1/fake/doc.go
View file

@ -1,20 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// Package fake has the automatically generated clients.
package fake

40
pkg/client/clientset/versioned/typed/kyverno/v1beta1/fake/fake_kyverno_client.go
View file

@ -1,40 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1beta1"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)
type FakeKyvernoV1beta1 struct {
*testing.Fake
}
func (c *FakeKyvernoV1beta1) UpdateRequests(namespace string) v1beta1.UpdateRequestInterface {
return &FakeUpdateRequests{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeKyvernoV1beta1) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}

141
pkg/client/clientset/versioned/typed/kyverno/v1beta1/fake/fake_updaterequest.go
View file

@ -1,141 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"context"
v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeUpdateRequests implements UpdateRequestInterface
type FakeUpdateRequests struct {
Fake *FakeKyvernoV1beta1
ns string
}
var updaterequestsResource = v1beta1.SchemeGroupVersion.WithResource("updaterequests")
var updaterequestsKind = v1beta1.SchemeGroupVersion.WithKind("UpdateRequest")
// Get takes name of the updateRequest, and returns the corresponding updateRequest object, and an error if there is any.
func (c *FakeUpdateRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.UpdateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(updaterequestsResource, c.ns, name), &v1beta1.UpdateRequest{})
if obj == nil {
return nil, err
}
return obj.(*v1beta1.UpdateRequest), err
}
// List takes label and field selectors, and returns the list of UpdateRequests that match those selectors.
func (c *FakeUpdateRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.UpdateRequestList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(updaterequestsResource, updaterequestsKind, c.ns, opts), &v1beta1.UpdateRequestList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1beta1.UpdateRequestList{ListMeta: obj.(*v1beta1.UpdateRequestList).ListMeta}
for _, item := range obj.(*v1beta1.UpdateRequestList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested updateRequests.
func (c *FakeUpdateRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(updaterequestsResource, c.ns, opts))
}
// Create takes the representation of a updateRequest and creates it. Returns the server's representation of the updateRequest, and an error, if there is any.
func (c *FakeUpdateRequests) Create(ctx context.Context, updateRequest *v1beta1.UpdateRequest, opts v1.CreateOptions) (result *v1beta1.UpdateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(updaterequestsResource, c.ns, updateRequest), &v1beta1.UpdateRequest{})
if obj == nil {
return nil, err
}
return obj.(*v1beta1.UpdateRequest), err
}
// Update takes the representation of a updateRequest and updates it. Returns the server's representation of the updateRequest, and an error, if there is any.
func (c *FakeUpdateRequests) Update(ctx context.Context, updateRequest *v1beta1.UpdateRequest, opts v1.UpdateOptions) (result *v1beta1.UpdateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(updaterequestsResource, c.ns, updateRequest), &v1beta1.UpdateRequest{})
if obj == nil {
return nil, err
}
return obj.(*v1beta1.UpdateRequest), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeUpdateRequests) UpdateStatus(ctx context.Context, updateRequest *v1beta1.UpdateRequest, opts v1.UpdateOptions) (*v1beta1.UpdateRequest, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(updaterequestsResource, "status", c.ns, updateRequest), &v1beta1.UpdateRequest{})
if obj == nil {
return nil, err
}
return obj.(*v1beta1.UpdateRequest), err
}
// Delete takes name of the updateRequest and deletes it. Returns an error if one occurs.
func (c *FakeUpdateRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteActionWithOptions(updaterequestsResource, c.ns, name, opts), &v1beta1.UpdateRequest{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeUpdateRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(updaterequestsResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &v1beta1.UpdateRequestList{})
return err
}
// Patch applies the patch and returns the patched updateRequest.
func (c *FakeUpdateRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.UpdateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(updaterequestsResource, c.ns, name, pt, data, subresources...), &v1beta1.UpdateRequest{})
if obj == nil {
return nil, err
}
return obj.(*v1beta1.UpdateRequest), err
}

21
pkg/client/clientset/versioned/typed/kyverno/v1beta1/generated_expansion.go
View file

@ -1,21 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1beta1
type UpdateRequestExpansion interface{}

107
pkg/client/clientset/versioned/typed/kyverno/v1beta1/kyverno_client.go
View file

@ -1,107 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1beta1
import (
"net/http"
v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
rest "k8s.io/client-go/rest"
)
type KyvernoV1beta1Interface interface {
RESTClient() rest.Interface
UpdateRequestsGetter
}
// KyvernoV1beta1Client is used to interact with features provided by the kyverno.io group.
type KyvernoV1beta1Client struct {
restClient rest.Interface
}
func (c *KyvernoV1beta1Client) UpdateRequests(namespace string) UpdateRequestInterface {
return newUpdateRequests(c, namespace)
}
// NewForConfig creates a new KyvernoV1beta1Client for the given config.
// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
// where httpClient was generated with rest.HTTPClientFor(c).
func NewForConfig(c *rest.Config) (*KyvernoV1beta1Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
httpClient, err := rest.HTTPClientFor(&config)
if err != nil {
return nil, err
}
return NewForConfigAndClient(&config, httpClient)
}
// NewForConfigAndClient creates a new KyvernoV1beta1Client for the given config and http client.
// Note the http client provided takes precedence over the configured transport values.
func NewForConfigAndClient(c *rest.Config, h *http.Client) (*KyvernoV1beta1Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
client, err := rest.RESTClientForConfigAndClient(&config, h)
if err != nil {
return nil, err
}
return &KyvernoV1beta1Client{client}, nil
}
// NewForConfigOrDie creates a new KyvernoV1beta1Client for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *KyvernoV1beta1Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
}
return client
}
// New creates a new KyvernoV1beta1Client for the given RESTClient.
func New(c rest.Interface) *KyvernoV1beta1Client {
return &KyvernoV1beta1Client{c}
}
func setConfigDefaults(config *rest.Config) error {
gv := v1beta1.SchemeGroupVersion
config.GroupVersion = &gv
config.APIPath = "/apis"
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
if config.UserAgent == "" {
config.UserAgent = rest.DefaultKubernetesUserAgent()
}
return nil
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *KyvernoV1beta1Client) RESTClient() rest.Interface {
if c == nil {
return nil
}
return c.restClient
}

195
pkg/client/clientset/versioned/typed/kyverno/v1beta1/updaterequest.go
View file

@ -1,195 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1beta1
import (
"context"
"time"
v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// UpdateRequestsGetter has a method to return a UpdateRequestInterface.
// A group's client should implement this interface.
type UpdateRequestsGetter interface {
UpdateRequests(namespace string) UpdateRequestInterface
}
// UpdateRequestInterface has methods to work with UpdateRequest resources.
type UpdateRequestInterface interface {
Create(ctx context.Context, updateRequest *v1beta1.UpdateRequest, opts v1.CreateOptions) (*v1beta1.UpdateRequest, error)
Update(ctx context.Context, updateRequest *v1beta1.UpdateRequest, opts v1.UpdateOptions) (*v1beta1.UpdateRequest, error)
UpdateStatus(ctx context.Context, updateRequest *v1beta1.UpdateRequest, opts v1.UpdateOptions) (*v1beta1.UpdateRequest, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.UpdateRequest, error)
List(ctx context.Context, opts v1.ListOptions) (*v1beta1.UpdateRequestList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.UpdateRequest, err error)
UpdateRequestExpansion
}
// updateRequests implements UpdateRequestInterface
type updateRequests struct {
client rest.Interface
ns string
}
// newUpdateRequests returns a UpdateRequests
func newUpdateRequests(c *KyvernoV1beta1Client, namespace string) *updateRequests {
return &updateRequests{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the updateRequest, and returns the corresponding updateRequest object, and an error if there is any.
func (c *updateRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.UpdateRequest, err error) {
result = &v1beta1.UpdateRequest{}
err = c.client.Get().
Namespace(c.ns).
Resource("updaterequests").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of UpdateRequests that match those selectors.
func (c *updateRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.UpdateRequestList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1beta1.UpdateRequestList{}
err = c.client.Get().
Namespace(c.ns).
Resource("updaterequests").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested updateRequests.
func (c *updateRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("updaterequests").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch(ctx)
}
// Create takes the representation of a updateRequest and creates it. Returns the server's representation of the updateRequest, and an error, if there is any.
func (c *updateRequests) Create(ctx context.Context, updateRequest *v1beta1.UpdateRequest, opts v1.CreateOptions) (result *v1beta1.UpdateRequest, err error) {
result = &v1beta1.UpdateRequest{}
err = c.client.Post().
Namespace(c.ns).
Resource("updaterequests").
VersionedParams(&opts, scheme.ParameterCodec).
Body(updateRequest).
Do(ctx).
Into(result)
return
}
// Update takes the representation of a updateRequest and updates it. Returns the server's representation of the updateRequest, and an error, if there is any.
func (c *updateRequests) Update(ctx context.Context, updateRequest *v1beta1.UpdateRequest, opts v1.UpdateOptions) (result *v1beta1.UpdateRequest, err error) {
result = &v1beta1.UpdateRequest{}
err = c.client.Put().
Namespace(c.ns).
Resource("updaterequests").
Name(updateRequest.Name).
VersionedParams(&opts, scheme.ParameterCodec).
Body(updateRequest).
Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *updateRequests) UpdateStatus(ctx context.Context, updateRequest *v1beta1.UpdateRequest, opts v1.UpdateOptions) (result *v1beta1.UpdateRequest, err error) {
result = &v1beta1.UpdateRequest{}
err = c.client.Put().
Namespace(c.ns).
Resource("updaterequests").
Name(updateRequest.Name).
SubResource("status").
VersionedParams(&opts, scheme.ParameterCodec).
Body(updateRequest).
Do(ctx).
Into(result)
return
}
// Delete takes name of the updateRequest and deletes it. Returns an error if one occurs.
func (c *updateRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("updaterequests").
Name(name).
Body(&opts).
Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *updateRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
var timeout time.Duration
if listOpts.TimeoutSeconds != nil {
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("updaterequests").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
Body(&opts).
Do(ctx).
Error()
}
// Patch applies the patch and returns the patched updateRequest.
func (c *updateRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.UpdateRequest, err error) {
result = &v1beta1.UpdateRequest{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("updaterequests").
Name(name).
SubResource(subresources...).
VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}

5
pkg/client/informers/externalversions/generic.go
View file

@ -22,7 +22,6 @@ import (
"fmt"
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
v2 "github.com/kyverno/kyverno/api/kyverno/v2"
v2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
@ -64,10 +63,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
case v1.SchemeGroupVersion.WithResource("policies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().Policies().Informer()}, nil
// Group=kyverno.io, Version=v1beta1
case v1beta1.SchemeGroupVersion.WithResource("updaterequests"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1beta1().UpdateRequests().Informer()}, nil
// Group=kyverno.io, Version=v2
case v2.SchemeGroupVersion.WithResource("cleanuppolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2().CleanupPolicies().Informer()}, nil

8
pkg/client/informers/externalversions/kyverno/interface.go
View file

@ -21,7 +21,6 @@ package kyverno
import (
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
v1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
v1beta1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1beta1"
v2 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2"
v2alpha1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2alpha1"
v2beta1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2beta1"
@ -31,8 +30,6 @@ import (
type Interface interface {
// V1 provides access to shared informers for resources in V1.
V1() v1.Interface
// V1beta1 provides access to shared informers for resources in V1beta1.
V1beta1() v1beta1.Interface
// V2 provides access to shared informers for resources in V2.
V2() v2.Interface
// V2beta1 provides access to shared informers for resources in V2beta1.
@ -57,11 +54,6 @@ func (g *group) V1() v1.Interface {
return v1.New(g.factory, g.namespace, g.tweakListOptions)
}
// V1beta1 returns a new v1beta1.Interface.
func (g *group) V1beta1() v1beta1.Interface {
return v1beta1.New(g.factory, g.namespace, g.tweakListOptions)
}
// V2 returns a new v2.Interface.
func (g *group) V2() v2.Interface {
return v2.New(g.factory, g.namespace, g.tweakListOptions)

45
pkg/client/informers/externalversions/kyverno/v1beta1/interface.go
View file

@ -1,45 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1beta1
import (
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
)
// Interface provides access to all the informers in this group version.
type Interface interface {
// UpdateRequests returns a UpdateRequestInformer.
UpdateRequests() UpdateRequestInformer
}
type version struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// UpdateRequests returns a UpdateRequestInformer.
func (v *version) UpdateRequests() UpdateRequestInformer {
return &updateRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

90
pkg/client/informers/externalversions/kyverno/v1beta1/updaterequest.go
View file

@ -1,90 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1beta1
import (
"context"
time "time"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
v1beta1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// UpdateRequestInformer provides access to a shared informer and lister for
// UpdateRequests.
type UpdateRequestInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1beta1.UpdateRequestLister
}
type updateRequestInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewUpdateRequestInformer constructs a new informer for UpdateRequest type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewUpdateRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredUpdateRequestInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredUpdateRequestInformer constructs a new informer for UpdateRequest type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredUpdateRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1beta1().UpdateRequests(namespace).List(context.TODO(), options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1beta1().UpdateRequests(namespace).Watch(context.TODO(), options)
},
},
&kyvernov1beta1.UpdateRequest{},
resyncPeriod,
indexers,
)
}
func (f *updateRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredUpdateRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *updateRequestInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1beta1.UpdateRequest{}, f.defaultInformer)
}
func (f *updateRequestInformer) Lister() v1beta1.UpdateRequestLister {
return v1beta1.NewUpdateRequestLister(f.Informer().GetIndexer())
}

27
pkg/client/listers/kyverno/v1beta1/expansion_generated.go
View file

@ -1,27 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1beta1
// UpdateRequestListerExpansion allows custom methods to be added to
// UpdateRequestLister.
type UpdateRequestListerExpansion interface{}
// UpdateRequestNamespaceListerExpansion allows custom methods to be added to
// UpdateRequestNamespaceLister.
type UpdateRequestNamespaceListerExpansion interface{}

99
pkg/client/listers/kyverno/v1beta1/updaterequest.go
View file

@ -1,99 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1beta1
import (
v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// UpdateRequestLister helps list UpdateRequests.
// All objects returned here must be treated as read-only.
type UpdateRequestLister interface {
// List lists all UpdateRequests in the indexer.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1beta1.UpdateRequest, err error)
// UpdateRequests returns an object that can list and get UpdateRequests.
UpdateRequests(namespace string) UpdateRequestNamespaceLister
UpdateRequestListerExpansion
}
// updateRequestLister implements the UpdateRequestLister interface.
type updateRequestLister struct {
indexer cache.Indexer
}
// NewUpdateRequestLister returns a new UpdateRequestLister.
func NewUpdateRequestLister(indexer cache.Indexer) UpdateRequestLister {
return &updateRequestLister{indexer: indexer}
}
// List lists all UpdateRequests in the indexer.
func (s *updateRequestLister) List(selector labels.Selector) (ret []*v1beta1.UpdateRequest, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1beta1.UpdateRequest))
})
return ret, err
}
// UpdateRequests returns an object that can list and get UpdateRequests.
func (s *updateRequestLister) UpdateRequests(namespace string) UpdateRequestNamespaceLister {
return updateRequestNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// UpdateRequestNamespaceLister helps list and get UpdateRequests.
// All objects returned here must be treated as read-only.
type UpdateRequestNamespaceLister interface {
// List lists all UpdateRequests in the indexer for a given namespace.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1beta1.UpdateRequest, err error)
// Get retrieves the UpdateRequest from the indexer for a given namespace and name.
// Objects returned here must be treated as read-only.
Get(name string) (*v1beta1.UpdateRequest, error)
UpdateRequestNamespaceListerExpansion
}
// updateRequestNamespaceLister implements the UpdateRequestNamespaceLister
// interface.
type updateRequestNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all UpdateRequests in the indexer for a given namespace.
func (s updateRequestNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.UpdateRequest, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1beta1.UpdateRequest))
})
return ret, err
}
// Get retrieves the UpdateRequest from the indexer for a given namespace and name.
func (s updateRequestNamespaceLister) Get(name string) (*v1beta1.UpdateRequest, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1beta1.Resource("updaterequest"), name)
}
return obj.(*v1beta1.UpdateRequest), nil
}

9
pkg/clients/kyverno/clientset.generated.go
View file

@ -4,7 +4,6 @@ import (
"github.com/go-logr/logr"
github_com_kyverno_kyverno_pkg_client_clientset_versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1beta1"
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2"
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1"
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1"
@ -12,7 +11,6 @@ import (
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
discovery "github.com/kyverno/kyverno/pkg/clients/kyverno/discovery"
kyvernov1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1"
kyvernov1beta1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1beta1"
kyvernov2 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2"
kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1"
kyvernov2beta1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2beta1"
@ -25,7 +23,6 @@ import (
type clientset struct {
discovery k8s_io_client_go_discovery.DiscoveryInterface
kyvernov1 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.KyvernoV1Interface
kyvernov1beta1 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.KyvernoV1beta1Interface
kyvernov2 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2.KyvernoV2Interface
kyvernov2alpha1 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.KyvernoV2alpha1Interface
kyvernov2beta1 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.KyvernoV2beta1Interface
@ -39,9 +36,6 @@ func (c *clientset) Discovery() k8s_io_client_go_discovery.DiscoveryInterface {
func (c *clientset) KyvernoV1() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1.KyvernoV1Interface {
return c.kyvernov1
}
func (c *clientset) KyvernoV1beta1() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.KyvernoV1beta1Interface {
return c.kyvernov1beta1
}
func (c *clientset) KyvernoV2() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2.KyvernoV2Interface {
return c.kyvernov2
}
@ -62,7 +56,6 @@ func WrapWithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versi
return &clientset{
discovery: discovery.WithMetrics(inner.Discovery(), metrics.ClusteredClientQueryRecorder(m, "Discovery", clientType)),
kyvernov1: kyvernov1.WithMetrics(inner.KyvernoV1(), m, clientType),
kyvernov1beta1: kyvernov1beta1.WithMetrics(inner.KyvernoV1beta1(), m, clientType),
kyvernov2: kyvernov2.WithMetrics(inner.KyvernoV2(), m, clientType),
kyvernov2alpha1: kyvernov2alpha1.WithMetrics(inner.KyvernoV2alpha1(), m, clientType),
kyvernov2beta1: kyvernov2beta1.WithMetrics(inner.KyvernoV2beta1(), m, clientType),
@ -75,7 +68,6 @@ func WrapWithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versi
return &clientset{
discovery: discovery.WithTracing(inner.Discovery(), "Discovery", ""),
kyvernov1: kyvernov1.WithTracing(inner.KyvernoV1(), "KyvernoV1"),
kyvernov1beta1: kyvernov1beta1.WithTracing(inner.KyvernoV1beta1(), "KyvernoV1beta1"),
kyvernov2: kyvernov2.WithTracing(inner.KyvernoV2(), "KyvernoV2"),
kyvernov2alpha1: kyvernov2alpha1.WithTracing(inner.KyvernoV2alpha1(), "KyvernoV2alpha1"),
kyvernov2beta1: kyvernov2beta1.WithTracing(inner.KyvernoV2beta1(), "KyvernoV2beta1"),
@ -88,7 +80,6 @@ func WrapWithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versi
return &clientset{
discovery: discovery.WithLogging(inner.Discovery(), logger.WithValues("group", "Discovery")),
kyvernov1: kyvernov1.WithLogging(inner.KyvernoV1(), logger.WithValues("group", "KyvernoV1")),
kyvernov1beta1: kyvernov1beta1.WithLogging(inner.KyvernoV1beta1(), logger.WithValues("group", "KyvernoV1beta1")),
kyvernov2: kyvernov2.WithLogging(inner.KyvernoV2(), logger.WithValues("group", "KyvernoV2")),
kyvernov2alpha1: kyvernov2alpha1.WithLogging(inner.KyvernoV2alpha1(), logger.WithValues("group", "KyvernoV2alpha1")),
kyvernov2beta1: kyvernov2beta1.WithLogging(inner.KyvernoV2beta1(), logger.WithValues("group", "KyvernoV2beta1")),

59
pkg/clients/kyverno/kyvernov1beta1/client.generated.go
View file

@ -1,59 +0,0 @@
package client
import (
"github.com/go-logr/logr"
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1beta1"
updaterequests "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1beta1/updaterequests"
"github.com/kyverno/kyverno/pkg/metrics"
"k8s.io/client-go/rest"
)
func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.KyvernoV1beta1Interface, metrics metrics.MetricsConfigManager, clientType metrics.ClientType) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.KyvernoV1beta1Interface {
return &withMetrics{inner, metrics, clientType}
}
func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.KyvernoV1beta1Interface, client string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.KyvernoV1beta1Interface {
return &withTracing{inner, client}
}
func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.KyvernoV1beta1Interface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.KyvernoV1beta1Interface {
return &withLogging{inner, logger}
}
type withMetrics struct {
inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.KyvernoV1beta1Interface
metrics metrics.MetricsConfigManager
clientType metrics.ClientType
}
func (c *withMetrics) RESTClient() rest.Interface {
return c.inner.RESTClient()
}
func (c *withMetrics) UpdateRequests(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface {
recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "UpdateRequest", c.clientType)
return updaterequests.WithMetrics(c.inner.UpdateRequests(namespace), recorder)
}
type withTracing struct {
inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.KyvernoV1beta1Interface
client string
}
func (c *withTracing) RESTClient() rest.Interface {
return c.inner.RESTClient()
}
func (c *withTracing) UpdateRequests(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface {
return updaterequests.WithTracing(c.inner.UpdateRequests(namespace), c.client, "UpdateRequest")
}
type withLogging struct {
inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.KyvernoV1beta1Interface
logger logr.Logger
}
func (c *withLogging) RESTClient() rest.Interface {
return c.inner.RESTClient()
}
func (c *withLogging) UpdateRequests(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface {
return updaterequests.WithLogging(c.inner.UpdateRequests(namespace), c.logger.WithValues("resource", "UpdateRequests").WithValues("namespace", namespace))
}

373
pkg/clients/kyverno/kyvernov1beta1/updaterequests/resource.generated.go
View file

@ -1,373 +0,0 @@
package resource
import (
context "context"
"fmt"
"time"
"github.com/go-logr/logr"
github_com_kyverno_kyverno_api_kyverno_v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1beta1"
"github.com/kyverno/kyverno/pkg/metrics"
"github.com/kyverno/kyverno/pkg/tracing"
"go.opentelemetry.io/otel/trace"
"go.uber.org/multierr"
k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
)
func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface {
return &withLogging{inner, logger}
}
func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface {
return &withMetrics{inner, recorder}
}
func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface {
return &withTracing{inner, client, kind}
}
type withLogging struct {
inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface
logger logr.Logger
}
func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "Create")
ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "Create failed", "duration", time.Since(start))
} else {
logger.Info("Create done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
start := time.Now()
logger := c.logger.WithValues("operation", "Delete")
ret0 := c.inner.Delete(arg0, arg1, arg2)
if err := multierr.Combine(ret0); err != nil {
logger.Error(err, "Delete failed", "duration", time.Since(start))
} else {
logger.Info("Delete done", "duration", time.Since(start))
}
return ret0
}
func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
start := time.Now()
logger := c.logger.WithValues("operation", "DeleteCollection")
ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
if err := multierr.Combine(ret0); err != nil {
logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
} else {
logger.Info("DeleteCollection done", "duration", time.Since(start))
}
return ret0
}
func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "Get")
ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "Get failed", "duration", time.Since(start))
} else {
logger.Info("Get done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequestList, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "List")
ret0, ret1 := c.inner.List(arg0, arg1)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "List failed", "duration", time.Since(start))
} else {
logger.Info("List done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "Patch")
ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "Patch failed", "duration", time.Since(start))
} else {
logger.Info("Patch done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "Update")
ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "Update failed", "duration", time.Since(start))
} else {
logger.Info("Update done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "UpdateStatus")
ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "UpdateStatus failed", "duration", time.Since(start))
} else {
logger.Info("UpdateStatus done", "duration", time.Since(start))
}
return ret0, ret1
}
func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
start := time.Now()
logger := c.logger.WithValues("operation", "Watch")
ret0, ret1 := c.inner.Watch(arg0, arg1)
if err := multierr.Combine(ret1); err != nil {
logger.Error(err, "Watch failed", "duration", time.Since(start))
} else {
logger.Info("Watch done", "duration", time.Since(start))
}
return ret0, ret1
}
type withMetrics struct {
inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface
recorder metrics.Recorder
}
func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
defer c.recorder.RecordWithContext(arg0, "create")
return c.inner.Create(arg0, arg1, arg2)
}
func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
defer c.recorder.RecordWithContext(arg0, "delete")
return c.inner.Delete(arg0, arg1, arg2)
}
func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
defer c.recorder.RecordWithContext(arg0, "delete_collection")
return c.inner.DeleteCollection(arg0, arg1, arg2)
}
func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
defer c.recorder.RecordWithContext(arg0, "get")
return c.inner.Get(arg0, arg1, arg2)
}
func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequestList, error) {
defer c.recorder.RecordWithContext(arg0, "list")
return c.inner.List(arg0, arg1)
}
func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
defer c.recorder.RecordWithContext(arg0, "patch")
return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
}
func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
defer c.recorder.RecordWithContext(arg0, "update")
return c.inner.Update(arg0, arg1, arg2)
}
func (c *withMetrics) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
defer c.recorder.RecordWithContext(arg0, "update_status")
return c.inner.UpdateStatus(arg0, arg1, arg2)
}
func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
defer c.recorder.RecordWithContext(arg0, "watch")
return c.inner.Watch(arg0, arg1)
}
type withTracing struct {
inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v1beta1.UpdateRequestInterface
client string
kind string
}
func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Create"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Delete"),
),
)
defer span.End()
}
ret0 := c.inner.Delete(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret0)
}
return ret0
}
func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("DeleteCollection"),
),
)
defer span.End()
}
ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret0)
}
return ret0
}
func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Get"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequestList, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("List"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.List(arg0, arg1)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Patch"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Update"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v1beta1.UpdateRequest, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "UpdateStatus"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("UpdateStatus"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}
func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
var span trace.Span
if tracing.IsInSpan(arg0) {
arg0, span = tracing.StartChildSpan(
arg0,
"",
fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
trace.WithAttributes(
tracing.KubeClientGroupKey.String(c.client),
tracing.KubeClientKindKey.String(c.kind),
tracing.KubeClientOperationKey.String("Watch"),
),
)
defer span.End()
}
ret0, ret1 := c.inner.Watch(arg0, arg1)
if span != nil {
tracing.SetSpanStatus(span, ret1)
}
return ret0, ret1
}

8
pkg/controllers/cleanup/controller.go
View file

@ -6,7 +6,7 @@ import (
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov2beta1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2beta1"
@ -245,7 +245,7 @@ func (c *controller) cleanup(ctx context.Context, logger logr.Logger, policy kyv
nsLabels,
// TODO(eddycharly): we don't have user info here, we should check that
// we don't have user conditions in the policy rule
kyvernov1beta1.RequestInfo{},
kyvernov2.RequestInfo{},
resource.GroupVersionKind(),
"",
)
@ -260,7 +260,7 @@ func (c *controller) cleanup(ctx context.Context, logger logr.Logger, policy kyv
nsLabels,
// TODO(eddycharly): we don't have user info here, we should check that
// we don't have user conditions in the policy rule
kyvernov1beta1.RequestInfo{},
kyvernov2.RequestInfo{},
resource.GroupVersionKind(),
"",
)
@ -286,7 +286,7 @@ func (c *controller) cleanup(ctx context.Context, logger logr.Logger, policy kyv
nsLabels,
// TODO(eddycharly): we don't have user info here, we should check that
// we don't have user conditions in the policy rule
kyvernov1beta1.RequestInfo{},
kyvernov2.RequestInfo{},
resource.GroupVersionKind(),
"",
)

4
pkg/engine/api/policycontext.go
View file

@ -2,7 +2,7 @@ package api
import (
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -17,7 +17,7 @@ type PolicyContext interface {
NewResource() unstructured.Unstructured
OldResource() unstructured.Unstructured
SetResources(oldResource, newResource unstructured.Unstructured) error
AdmissionInfo() kyvernov1beta1.RequestInfo
AdmissionInfo() kyvernov2.RequestInfo
Operation() kyvernov1.AdmissionOperation
NamespaceLabels() map[string]string
RequestResource() metav1.GroupVersionResource

6
pkg/engine/context/context.go
View file

@ -8,7 +8,7 @@ import (
jsoniter "github.com/json-iterator/go"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine/jmespath"
"github.com/kyverno/kyverno/pkg/engine/jsonutils"
@ -71,7 +71,7 @@ type Interface interface {
AddOperation(data string) error
// AddUserInfo merges userInfo json under kyverno.userInfo
AddUserInfo(userInfo kyvernov1beta1.RequestInfo) error
AddUserInfo(userInfo kyvernov2.RequestInfo) error
// AddServiceAccount merges ServiceAccount types
AddServiceAccount(userName string) error
@ -236,7 +236,7 @@ func (ctx *context) AddOperation(data string) error {
}
// AddUserInfo adds userInfo at path request.userInfo
func (ctx *context) AddUserInfo(userRequestInfo kyvernov1beta1.RequestInfo) error {
func (ctx *context) AddUserInfo(userRequestInfo kyvernov2.RequestInfo) error {
if data, err := toUnstructured(&userRequestInfo); err == nil {
return addToContext(ctx, data, "request")
} else {

2
pkg/engine/context/context_test.go
View file

@ -4,7 +4,7 @@ import (
"reflect"
"testing"
urkyverno "github.com/kyverno/kyverno/api/kyverno/v1beta1"
urkyverno "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine/jmespath"
"github.com/stretchr/testify/assert"

14
pkg/engine/policycontext/policy_context.go
View file

@ -4,7 +4,7 @@ import (
"fmt"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/config"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
enginectx "github.com/kyverno/kyverno/pkg/engine/context"
@ -32,7 +32,7 @@ type PolicyContext struct {
element unstructured.Unstructured
// admissionInfo contains the admission request information
admissionInfo kyvernov1beta1.RequestInfo
admissionInfo kyvernov2.RequestInfo
// operation contains the admission operatipn
operation kyvernov1.AdmissionOperation
@ -98,7 +98,7 @@ func (c *PolicyContext) ResourceKind() (schema.GroupVersionKind, string) {
return c.gvk, c.subresource
}
func (c *PolicyContext) AdmissionInfo() kyvernov1beta1.RequestInfo {
func (c *PolicyContext) AdmissionInfo() kyvernov2.RequestInfo {
return c.admissionInfo
}
@ -142,7 +142,7 @@ func (c PolicyContext) WithNamespaceLabels(namespaceLabels map[string]string) *P
return &c
}
func (c PolicyContext) WithAdmissionInfo(admissionInfo kyvernov1beta1.RequestInfo) *PolicyContext {
func (c PolicyContext) WithAdmissionInfo(admissionInfo kyvernov2.RequestInfo) *PolicyContext {
c.admissionInfo = admissionInfo
return &c
}
@ -190,7 +190,7 @@ func NewPolicyContext(
jp jmespath.Interface,
resource unstructured.Unstructured,
operation kyvernov1.AdmissionOperation,
admissionInfo *kyvernov1beta1.RequestInfo,
admissionInfo *kyvernov2.RequestInfo,
configuration config.Configuration,
) (*PolicyContext, error) {
enginectx := enginectx.NewContext(jp)
@ -237,7 +237,7 @@ func NewPolicyContext(
func NewPolicyContextFromAdmissionRequest(
jp jmespath.Interface,
request admissionv1.AdmissionRequest,
admissionInfo kyvernov1beta1.RequestInfo,
admissionInfo kyvernov2.RequestInfo,
gvk schema.GroupVersionKind,
configuration config.Configuration,
) (*PolicyContext, error) {
@ -266,7 +266,7 @@ func NewPolicyContextFromAdmissionRequest(
func newJsonContext(
jp jmespath.Interface,
request admissionv1.AdmissionRequest,
userRequestInfo *kyvernov1beta1.RequestInfo,
userRequestInfo *kyvernov2.RequestInfo,
) (enginectx.Interface, error) {
engineCtx := enginectx.NewContext(jp)
if err := engineCtx.AddRequest(request); err != nil {

8
pkg/engine/utils/exceptions.go
View file

@ -3,7 +3,7 @@ package utils
import (
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
"github.com/kyverno/kyverno/pkg/utils/conditions"
@ -50,7 +50,7 @@ func checkMatchesResources(
resource unstructured.Unstructured,
statement kyvernov2beta1.MatchResources,
namespaceLabels map[string]string,
admissionInfo kyvernov1beta1.RequestInfo,
admissionInfo kyvernov2.RequestInfo,
gvk schema.GroupVersionKind,
subresource string,
) bool {
@ -76,7 +76,7 @@ func checkResourceFilter(
statement kyvernov1.ResourceFilter,
resource unstructured.Unstructured,
namespaceLabels map[string]string,
admissionInfo kyvernov1beta1.RequestInfo,
admissionInfo kyvernov2.RequestInfo,
gvk schema.GroupVersionKind,
subresource string,
) bool {
@ -156,7 +156,7 @@ func checkResourceDescription(
return true
}
func checkUserInfo(userInfo kyvernov1.UserInfo, admissionInfo kyvernov1beta1.RequestInfo) bool {
func checkUserInfo(userInfo kyvernov1.UserInfo, admissionInfo kyvernov2.RequestInfo) bool {
if len(userInfo.Roles) > 0 {
if !datautils.SliceContains(userInfo.Roles, admissionInfo.Roles...) {
return false

12
pkg/engine/utils/match.go
View file

@ -5,7 +5,7 @@ import (
"slices"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/ext/wildcard"
datautils "github.com/kyverno/kyverno/pkg/utils/data"
matchutils "github.com/kyverno/kyverno/pkg/utils/match"
@ -52,7 +52,7 @@ func checkNameSpace(namespaces []string, resource unstructured.Unstructured) boo
func doesResourceMatchConditionBlock(
conditionBlock kyvernov1.ResourceDescription,
userInfo kyvernov1.UserInfo,
admissionInfo kyvernov1beta1.RequestInfo,
admissionInfo kyvernov2.RequestInfo,
resource unstructured.Unstructured,
namespaceLabels map[string]string,
gvk schema.GroupVersionKind,
@ -168,7 +168,7 @@ func matchSubjects(ruleSubjects []rbacv1.Subject, userInfo authenticationv1.User
func MatchesResourceDescription(
resource unstructured.Unstructured,
rule kyvernov1.Rule,
admissionInfo kyvernov1beta1.RequestInfo,
admissionInfo kyvernov2.RequestInfo,
namespaceLabels map[string]string,
policyNamespace string,
gvk schema.GroupVersionKind,
@ -252,7 +252,7 @@ func MatchesResourceDescription(
func matchesResourceDescriptionMatchHelper(
rmr kyvernov1.ResourceFilter,
admissionInfo kyvernov1beta1.RequestInfo,
admissionInfo kyvernov2.RequestInfo,
resource unstructured.Unstructured,
namespaceLabels map[string]string,
gvk schema.GroupVersionKind,
@ -260,7 +260,7 @@ func matchesResourceDescriptionMatchHelper(
operation kyvernov1.AdmissionOperation,
) []error {
var errs []error
if datautils.DeepEqual(admissionInfo, kyvernov1beta1.RequestInfo{}) {
if datautils.DeepEqual(admissionInfo, kyvernov2.RequestInfo{}) {
rmr.UserInfo = kyvernov1.UserInfo{}
}
@ -277,7 +277,7 @@ func matchesResourceDescriptionMatchHelper(
func matchesResourceDescriptionExcludeHelper(
rer kyvernov1.ResourceFilter,
admissionInfo kyvernov1beta1.RequestInfo,
admissionInfo kyvernov2.RequestInfo,
resource unstructured.Unstructured,
namespaceLabels map[string]string,
gvk schema.GroupVersionKind,

104
pkg/engine/utils/utils_test.go
View file

@ -8,7 +8,7 @@ import (
rbacv1 "k8s.io/api/rbac/v1"
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
"github.com/kyverno/kyverno/api/kyverno/v1beta1"
v2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/autogen"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -17,14 +17,14 @@ import (
func TestMatchesResourceDescription(t *testing.T) {
tcs := []struct {
Description string
AdmissionInfo v1beta1.RequestInfo
AdmissionInfo v2.RequestInfo
Resource []byte
Policy []byte
areErrorsExpected bool
}{
{
Description: "Match Any matches the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -109,7 +109,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Match Any does not match the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -194,7 +194,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Match All matches the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -279,7 +279,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Match All does not match the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -364,7 +364,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Exclude Any excludes the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -464,7 +464,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Exclude Any does not exclude the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -564,7 +564,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Exclude All excludes the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -664,7 +664,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Exclude All does not exclude the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -764,7 +764,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Should match pod and not exclude it",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"hello-world","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -773,7 +773,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Should exclude resource since it matches the exclude block",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"system:node"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"hello-world","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -794,7 +794,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Should pass since resource matches a name in the names field",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"system:node"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"hello-world","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -815,7 +815,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Should fail since resource does not match policy",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Service","metadata":{"name":"hello-world","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -824,7 +824,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Should not fail since resource does not match exclude block",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"system:node"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"hello-world2","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -833,7 +833,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Should pass since group, version, kind match",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "apiVersion": "apps/v1", "kind": "Deployment", "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "name": "qos-demo", "labels": { "test": "qos" } }, "spec": { "replicas": 1, "selector": { "matchLabels": { "app": "nginx" } }, "template": { "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "labels": { "app": "nginx" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx:latest", "resources": { "limits": { "cpu": "50m" } } } ]}}}}`),
@ -842,7 +842,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Should pass since version and kind match",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "apiVersion": "v1", "kind": "Pod", "metadata": { "name": "myapp-pod2", "labels": { "app": "myapp2" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx" } ] } }`),
@ -851,7 +851,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Should fail since resource does not match ",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Service","metadata":{"name":"hello-world","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -860,7 +860,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Should fail since version not match",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "apiVersion": "apps/v1beta1", "kind": "Deployment", "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "name": "qos-demo", "labels": { "test": "qos" } }, "spec": { "replicas": 1, "selector": { "matchLabels": { "app": "nginx" } }, "template": { "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "labels": { "app": "nginx" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx:latest", "resources": { "limits": { "cpu": "50m" } } } ]}}}}`),
@ -869,7 +869,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Should fail since cluster role version not match",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "kind": "ClusterRole", "apiVersion": "rbac.authorization.k8s.io/v1", "metadata": { "name": "secret-reader-demo", "namespace": "default" }, "rules": [ { "apiGroups": [ "" ], "resources": [ "secrets" ], "verbs": [ "get", "watch", "list" ] } ] }`),
@ -878,7 +878,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Test for GVK case sensitive",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "apiVersion": "v1", "kind": "Pod", "metadata": { "name": "myapp-pod2", "labels": { "app": "myapp2" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx" } ] } }`),
@ -887,7 +887,7 @@ func TestMatchesResourceDescription(t *testing.T) {
},
{
Description: "Test should fail for GVK case sensitive",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "apiVersion": "apps/v1", "kind": "Deployment", "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "name": "qos-demo", "labels": { "test": "qos" } }, "spec": { "replicas": 1, "selector": { "matchLabels": { "app": "nginx" } }, "template": { "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "labels": { "app": "nginx" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx:latest", "resources": { "limits": { "cpu": "50m" } } } ]}}}}`),
@ -922,14 +922,14 @@ func TestMatchesResourceDescription(t *testing.T) {
func TestMatchesResourceDescription_GenerateName(t *testing.T) {
tcs := []struct {
Description string
AdmissionInfo v1beta1.RequestInfo
AdmissionInfo v2.RequestInfo
Resource []byte
Policy []byte
areErrorsExpected bool
}{
{
Description: "Match Any matches the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -1014,7 +1014,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Match Any does not match the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -1099,7 +1099,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Match All matches the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -1184,7 +1184,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Match All does not match the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -1269,7 +1269,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Exclude Any excludes the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -1369,7 +1369,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Exclude Any does not exclude the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -1469,7 +1469,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Exclude All excludes the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -1569,7 +1569,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Exclude All does not exclude the Pod",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{
@ -1669,7 +1669,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Should match pod and not exclude it",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"generateName":"hello-world","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -1678,7 +1678,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Should exclude resource since it matches the exclude block",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"system:node"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"generateName":"hello-world","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -1699,7 +1699,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Should pass since resource matches a name in the names field",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"system:node"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"generateName":"hello-world","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -1720,7 +1720,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Should fail since resource does not match policy",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Service","metadata":{"generateName":"hello-world","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -1729,7 +1729,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Should not fail since resource does not match exclude block",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"system:node"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"generateName":"hello-world2","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -1738,7 +1738,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Should pass since group, version, kind match",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "apiVersion": "apps/v1", "kind": "Deployment", "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "generateName": "qos-demo", "labels": { "test": "qos" } }, "spec": { "replicas": 1, "selector": { "matchLabels": { "app": "nginx" } }, "template": { "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "labels": { "app": "nginx" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx:latest", "resources": { "limits": { "cpu": "50m" } } } ]}}}}`),
@ -1747,7 +1747,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Should pass since version and kind match",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "apiVersion": "v1", "kind": "Pod", "metadata": { "generateName": "myapp-pod2", "labels": { "app": "myapp2" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx" } ] } }`),
@ -1756,7 +1756,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Should fail since resource does not match ",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{"apiVersion":"v1","kind":"Service","metadata":{"generateName":"hello-world","labels":{"name":"hello-world"}},"spec":{"containers":[{"name":"hello-world","image":"hello-world","ports":[{"containerPort":81}],"resources":{"limits":{"memory":"30Mi","cpu":"0.2"},"requests":{"memory":"20Mi","cpu":"0.1"}}}]}}`),
@ -1765,7 +1765,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Should fail since version not match",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "apiVersion": "apps/v1beta1", "kind": "Deployment", "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "generateName": "qos-demo", "labels": { "test": "qos" } }, "spec": { "replicas": 1, "selector": { "matchLabels": { "app": "nginx" } }, "template": { "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "labels": { "app": "nginx" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx:latest", "resources": { "limits": { "cpu": "50m" } } } ]}}}}`),
@ -1774,7 +1774,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Should fail since cluster role version not match",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "kind": "ClusterRole", "apiVersion": "rbac.authorization.k8s.io/v1", "metadata": { "generateName": "secret-reader-demo", "namespace": "default" }, "rules": [ { "apiGroups": [ "" ], "resources": [ "secrets" ], "verbs": [ "get", "watch", "list" ] } ] }`),
@ -1783,7 +1783,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Test for GVK case sensitive",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "apiVersion": "v1", "kind": "Pod", "metadata": { "generateName": "myapp-pod2", "labels": { "app": "myapp2" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx" } ] } }`),
@ -1792,7 +1792,7 @@ func TestMatchesResourceDescription_GenerateName(t *testing.T) {
},
{
Description: "Test should fail for GVK case sensitive",
AdmissionInfo: v1beta1.RequestInfo{
AdmissionInfo: v2.RequestInfo{
ClusterRoles: []string{"admin"},
},
Resource: []byte(`{ "apiVersion": "apps/v1", "kind": "Deployment", "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "generateName": "qos-demo", "labels": { "test": "qos" } }, "spec": { "replicas": 1, "selector": { "matchLabels": { "app": "nginx" } }, "template": { "metadata": { "creationTimestamp": "2020-09-21T12:56:35Z", "labels": { "app": "nginx" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx:latest", "resources": { "limits": { "cpu": "50m" } } } ]}}}}`),
@ -1877,7 +1877,7 @@ func TestResourceDescriptionMatch_MultipleKind(t *testing.T) {
}
rule := v1.Rule{MatchResources: v1.MatchResources{ResourceDescription: resourceDescription}}
if err := MatchesResourceDescription(*resource, rule, v1beta1.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
if err := MatchesResourceDescription(*resource, rule, v2.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
t.Errorf("Testcase has failed due to the following:%v", err)
}
}
@ -1967,7 +1967,7 @@ func TestResourceDescriptionMatch_ExcludeDefaultGroups(t *testing.T) {
}
// this is the request info that was also passed with the mocked pod
requestInfo := v1beta1.RequestInfo{
requestInfo := v2.RequestInfo{
AdmissionUserInfo: authenticationv1.UserInfo{
Username: "system:serviceaccount:kube-system:replicaset-controller",
UID: "8f36cad4-eb68-4931-bea8-8a42dd1fee4c",
@ -2073,7 +2073,7 @@ func TestResourceDescriptionMatch_Name(t *testing.T) {
}
rule := v1.Rule{MatchResources: v1.MatchResources{ResourceDescription: resourceDescription}}
if err := MatchesResourceDescription(*resource, rule, v1beta1.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
if err := MatchesResourceDescription(*resource, rule, v2.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
t.Errorf("Testcase has failed due to the following:%v", err)
}
}
@ -2131,7 +2131,7 @@ func TestResourceDescriptionMatch_GenerateName(t *testing.T) {
}
rule := v1.Rule{MatchResources: v1.MatchResources{ResourceDescription: resourceDescription}}
if err := MatchesResourceDescription(*resource, rule, v1beta1.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
if err := MatchesResourceDescription(*resource, rule, v2.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
t.Errorf("Testcase has failed due to the following:%v", err)
}
}
@ -2190,7 +2190,7 @@ func TestResourceDescriptionMatch_Name_Regex(t *testing.T) {
}
rule := v1.Rule{MatchResources: v1.MatchResources{ResourceDescription: resourceDescription}}
if err := MatchesResourceDescription(*resource, rule, v1beta1.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
if err := MatchesResourceDescription(*resource, rule, v2.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
t.Errorf("Testcase has failed due to the following:%v", err)
}
}
@ -2248,7 +2248,7 @@ func TestResourceDescriptionMatch_GenerateName_Regex(t *testing.T) {
}
rule := v1.Rule{MatchResources: v1.MatchResources{ResourceDescription: resourceDescription}}
if err := MatchesResourceDescription(*resource, rule, v1beta1.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
if err := MatchesResourceDescription(*resource, rule, v2.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
t.Errorf("Testcase has failed due to the following:%v", err)
}
}
@ -2315,7 +2315,7 @@ func TestResourceDescriptionMatch_Label_Expression_NotMatch(t *testing.T) {
}
rule := v1.Rule{MatchResources: v1.MatchResources{ResourceDescription: resourceDescription}}
if err := MatchesResourceDescription(*resource, rule, v1beta1.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
if err := MatchesResourceDescription(*resource, rule, v2.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
t.Errorf("Testcase has failed due to the following:%v", err)
}
}
@ -2383,7 +2383,7 @@ func TestResourceDescriptionMatch_Label_Expression_Match(t *testing.T) {
}
rule := v1.Rule{MatchResources: v1.MatchResources{ResourceDescription: resourceDescription}}
if err := MatchesResourceDescription(*resource, rule, v1beta1.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
if err := MatchesResourceDescription(*resource, rule, v2.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err != nil {
t.Errorf("Testcase has failed due to the following:%v", err)
}
}
@ -2464,7 +2464,7 @@ func TestResourceDescriptionExclude_Label_Expression_Match(t *testing.T) {
ExcludeResources: v1.MatchResources{ResourceDescription: resourceDescriptionExclude},
}
if err := MatchesResourceDescription(*resource, rule, v1beta1.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err == nil {
if err := MatchesResourceDescription(*resource, rule, v2.RequestInfo{}, nil, "", resource.GroupVersionKind(), "", "CREATE"); err == nil {
t.Errorf("Testcase has failed due to the following:\n Function has returned no error, even though it was supposed to fail")
}
}

6
pkg/engine/validation_test.go
View file

@ -7,7 +7,7 @@ import (
"testing"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine/adapters"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
@ -52,7 +52,7 @@ func newPolicyContext(
t *testing.T,
resource unstructured.Unstructured,
operation kyvernov1.AdmissionOperation,
admissionInfo *kyvernov1beta1.RequestInfo,
admissionInfo *kyvernov2.RequestInfo,
) *PolicyContext {
t.Helper()
p, err := NewPolicyContext(jp, resource, operation, admissionInfo, cfg)
@ -2219,7 +2219,7 @@ func executeTest(t *testing.T, test testCase) {
t.Fatal(err)
}
var userInfo kyvernov1beta1.RequestInfo
var userInfo kyvernov2.RequestInfo
err = json.Unmarshal(test.userInfo, &userInfo)
if err != nil {
t.Fatal(err)

2
pkg/engine/variables/variables_test.go
View file

@ -5,7 +5,7 @@ import (
"testing"
"github.com/go-logr/logr"
urkyverno "github.com/kyverno/kyverno/api/kyverno/v1beta1"
urkyverno "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine/context"
"github.com/kyverno/kyverno/pkg/engine/jmespath"

10
pkg/policy/generate.go
View file

@ -6,7 +6,7 @@ import (
"github.com/kyverno/kyverno/api/kyverno"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/autogen"
"github.com/kyverno/kyverno/pkg/background/common"
generateutils "github.com/kyverno/kyverno/pkg/background/generate"
@ -40,7 +40,7 @@ func (pc *policyController) handleGenerate(policyKey string, policy kyvernov1.Po
func (pc *policyController) handleGenerateForExisting(policy kyvernov1.PolicyInterface) error {
var errors []error
var triggers []*unstructured.Unstructured
ruleType := kyvernov1beta1.Generate
ruleType := kyvernov2.Generate
policyNew := policy.CreateDeepCopy()
policyNew.GetSpec().Rules = nil
@ -117,15 +117,15 @@ func (pc *policyController) syncDataRulechanges(policy kyvernov1.PolicyInterface
for _, downstream := range downstreams.Items {
labels := downstream.GetLabels()
trigger := generateutils.TriggerFromLabels(labels)
ur := newUR(policy, trigger, rule.Name, kyvernov1beta1.Generate, deleteDownstream)
created, err := pc.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Create(context.TODO(), ur, metav1.CreateOptions{})
ur := newUR(policy, trigger, rule.Name, kyvernov2.Generate, deleteDownstream)
created, err := pc.kyvernoClient.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).Create(context.TODO(), ur, metav1.CreateOptions{})
if err != nil {
errorList = append(errorList, err)
continue
}
updated := created.DeepCopy()
updated.Status = newURStatus(downstream)
_, err = pc.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), updated, metav1.UpdateOptions{})
_, err = pc.kyvernoClient.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), updated, metav1.UpdateOptions{})
if err != nil {
errorList = append(errorList, err)
continue

6
pkg/policy/mutate.go
View file

@ -4,7 +4,7 @@ import (
"fmt"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
backgroundcommon "github.com/kyverno/kyverno/pkg/background/common"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/labels"
@ -14,7 +14,7 @@ func (pc *policyController) handleMutate(policyKey string, policy kyvernov1.Poli
logger := pc.log.WithName("handleMutate").WithName(policyKey)
logger.Info("update URs on policy event")
ruleType := kyvernov1beta1.Mutate
ruleType := kyvernov2.Mutate
policyNew := policy.CreateDeepCopy()
policyNew.GetSpec().Rules = nil
@ -50,7 +50,7 @@ func (pc *policyController) handleMutate(policyKey string, policy kyvernov1.Poli
return nil
}
func (pc *policyController) listMutateURs(policyKey string, trigger *unstructured.Unstructured) []*kyvernov1beta1.UpdateRequest {
func (pc *policyController) listMutateURs(policyKey string, trigger *unstructured.Unstructured) []*kyvernov2.UpdateRequest {
mutateURs, err := pc.urLister.List(labels.SelectorFromSet(backgroundcommon.MutateLabelsSet(policyKey, trigger)))
if err != nil {
pc.log.Error(err, "failed to list update request for mutate policy")

16
pkg/policy/policy_controller.go
View file

@ -8,14 +8,14 @@ import (
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
backgroundcommon "github.com/kyverno/kyverno/pkg/background/common"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernov1beta1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1beta1"
kyvernov2informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2"
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2"
"github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/config"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
@ -72,7 +72,7 @@ type policyController struct {
npLister kyvernov1listers.PolicyLister
// urLister can list/get update request from the shared informer's store
urLister kyvernov1beta1listers.UpdateRequestLister
urLister kyvernov2listers.UpdateRequestLister
// nsLister can list/get namespaces from the shared informer's store
nsLister corev1listers.NamespaceLister
@ -100,7 +100,7 @@ func NewPolicyController(
engine engineapi.Engine,
pInformer kyvernov1informers.ClusterPolicyInformer,
npInformer kyvernov1informers.PolicyInformer,
urInformer kyvernov1beta1informers.UpdateRequestInformer,
urInformer kyvernov2informers.UpdateRequestInformer,
configuration config.Configuration,
eventGen event.Interface,
namespaces corev1informers.NamespaceInformer,
@ -396,7 +396,7 @@ func (pc *policyController) requeuePolicies() {
}
}
func (pc *policyController) handleUpdateRequest(ur *kyvernov1beta1.UpdateRequest, triggerResource *unstructured.Unstructured, ruleName string, policy kyvernov1.PolicyInterface) (skip bool, err error) {
func (pc *policyController) handleUpdateRequest(ur *kyvernov2.UpdateRequest, triggerResource *unstructured.Unstructured, ruleName string, policy kyvernov1.PolicyInterface) (skip bool, err error) {
namespaceLabels := engineutils.GetNamespaceSelectorsFromNamespaceLister(triggerResource.GetKind(), triggerResource.GetNamespace(), pc.nsLister, pc.log)
policyContext, err := backgroundcommon.NewBackgroundContext(pc.log, pc.client, ur, policy, triggerResource, pc.configuration, pc.jp, namespaceLabels)
if err != nil {
@ -427,8 +427,8 @@ func (pc *policyController) handleUpdateRequest(ur *kyvernov1beta1.UpdateRequest
continue
}
updated := created.DeepCopy()
updated.Status.State = kyvernov1beta1.Pending
_, err = pc.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), updated, metav1.UpdateOptions{})
updated.Status.State = kyvernov2.Pending
_, err = pc.kyvernoClient.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), updated, metav1.UpdateOptions{})
if err != nil {
return false, err
}

18
pkg/policy/updaterequest.go
View file

@ -2,7 +2,7 @@ package policy
import (
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
common "github.com/kyverno/kyverno/pkg/background/common"
"github.com/kyverno/kyverno/pkg/config"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -10,7 +10,7 @@ import (
"k8s.io/apimachinery/pkg/labels"
)
func newUR(policy kyvernov1.PolicyInterface, trigger kyvernov1.ResourceSpec, ruleName string, ruleType kyvernov1beta1.RequestType, deleteDownstream bool) *kyvernov1beta1.UpdateRequest {
func newUR(policy kyvernov1.PolicyInterface, trigger kyvernov1.ResourceSpec, ruleName string, ruleType kyvernov2.RequestType, deleteDownstream bool) *kyvernov2.UpdateRequest {
var policyNameNamespaceKey string
if policy.IsNamespaced() {
@ -20,15 +20,15 @@ func newUR(policy kyvernov1.PolicyInterface, trigger kyvernov1.ResourceSpec, rul
}
var label labels.Set
if ruleType == kyvernov1beta1.Mutate {
if ruleType == kyvernov2.Mutate {
label = common.MutateLabelsSet(policyNameNamespaceKey, trigger)
} else {
label = common.GenerateLabelsSet(policyNameNamespaceKey, trigger)
}
return &kyvernov1beta1.UpdateRequest{
return &kyvernov2.UpdateRequest{
TypeMeta: metav1.TypeMeta{
APIVersion: kyvernov1beta1.SchemeGroupVersion.String(),
APIVersion: kyvernov2.SchemeGroupVersion.String(),
Kind: "UpdateRequest",
},
ObjectMeta: metav1.ObjectMeta{
@ -36,7 +36,7 @@ func newUR(policy kyvernov1.PolicyInterface, trigger kyvernov1.ResourceSpec, rul
Namespace: config.KyvernoNamespace(),
Labels: label,
},
Spec: kyvernov1beta1.UpdateRequestSpec{
Spec: kyvernov2.UpdateRequestSpec{
Type: ruleType,
Policy: policyNameNamespaceKey,
Rule: ruleName,
@ -52,9 +52,9 @@ func newUR(policy kyvernov1.PolicyInterface, trigger kyvernov1.ResourceSpec, rul
}
}
func newURStatus(downstream unstructured.Unstructured) kyvernov1beta1.UpdateRequestStatus {
return kyvernov1beta1.UpdateRequestStatus{
State: kyvernov1beta1.Pending,
func newURStatus(downstream unstructured.Unstructured) kyvernov2.UpdateRequestStatus {
return kyvernov2.UpdateRequestStatus{
State: kyvernov2.Pending,
GeneratedResources: []kyvernov1.ResourceSpec{
{
APIVersion: downstream.GetAPIVersion(),

10
pkg/utils/generator/updaterequests.go
View file

@ -5,7 +5,7 @@ import (
"errors"
"github.com/go-logr/logr"
"github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
configutils "github.com/kyverno/kyverno/pkg/config"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -13,7 +13,7 @@ import (
"k8s.io/client-go/metadata"
)
type UpdateRequestGenerator = Generator[*v1beta1.UpdateRequest]
type UpdateRequestGenerator = Generator[*kyvernov2.UpdateRequest]
type updaterequestsgenerator struct {
config configutils.Configuration
@ -27,11 +27,11 @@ func NewUpdateRequestGenerator(config configutils.Configuration, metaClient meta
}
}
func (g *updaterequestsgenerator) Generate(ctx context.Context, client versioned.Interface, resource *v1beta1.UpdateRequest, log logr.Logger) (*v1beta1.UpdateRequest, error) {
func (g *updaterequestsgenerator) Generate(ctx context.Context, client versioned.Interface, resource *kyvernov2.UpdateRequest, log logr.Logger) (*kyvernov2.UpdateRequest, error) {
objects, err := g.metaClient.Resource(
schema.GroupVersionResource{
Group: "kyverno.io",
Version: "v1beta1",
Version: "v2",
Resource: "updaterequests",
},
).List(ctx, metav1.ListOptions{})
@ -48,6 +48,6 @@ func (g *updaterequestsgenerator) Generate(ctx context.Context, client versioned
return nil, nil
}
created, err := client.KyvernoV1beta1().UpdateRequests(configutils.KyvernoNamespace()).Create(ctx, resource, metav1.CreateOptions{})
created, err := client.KyvernoV2().UpdateRequests(configutils.KyvernoNamespace()).Create(ctx, resource, metav1.CreateOptions{})
return created, err
}

8
pkg/utils/match/match.go
View file

@ -4,7 +4,7 @@ import (
"fmt"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
"github.com/kyverno/kyverno/ext/wildcard"
datautils "github.com/kyverno/kyverno/pkg/utils/data"
@ -27,7 +27,7 @@ func CheckMatchesResources(
resource unstructured.Unstructured,
statement kyvernov2beta1.MatchResources,
namespaceLabels map[string]string,
admissionInfo kyvernov1beta1.RequestInfo,
admissionInfo kyvernov2.RequestInfo,
gvk schema.GroupVersionKind,
subresource string,
) error {
@ -76,7 +76,7 @@ func checkResourceFilter(
statement kyvernov1.ResourceFilter,
resource unstructured.Unstructured,
namespaceLabels map[string]string,
admissionInfo kyvernov1beta1.RequestInfo,
admissionInfo kyvernov2.RequestInfo,
gvk schema.GroupVersionKind,
subresource string,
) []error {
@ -104,7 +104,7 @@ func checkResourceFilter(
func checkUserInfo(
userInfo kyvernov1.UserInfo,
admissionInfo kyvernov1beta1.RequestInfo,
admissionInfo kyvernov2.RequestInfo,
) []error {
var errs []error
if len(userInfo.Roles) > 0 {

2
pkg/webhooks/resource/fake.go
View file

@ -39,7 +39,7 @@ func NewFakeHandlers(ctx context.Context, policyCache policycache.Cache) *resour
dclient := dclient.NewEmptyFakeClient()
configuration := config.NewDefaultConfiguration(false)
urLister := kyvernoInformers.Kyverno().V1beta1().UpdateRequests().Lister().UpdateRequests(config.KyvernoNamespace())
urLister := kyvernoInformers.Kyverno().V2().UpdateRequests().Lister().UpdateRequests(config.KyvernoNamespace())
peLister := kyvernoInformers.Kyverno().V2beta1().PolicyExceptions().Lister()
jp := jmespath.New(configuration)
rclient := registryclient.NewOrDie()

16
pkg/webhooks/resource/generation/handler.go
View file

@ -7,12 +7,12 @@ import (
"github.com/go-logr/logr"
"github.com/kyverno/kyverno/api/kyverno"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/background/common"
generateutils "github.com/kyverno/kyverno/pkg/background/generate"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2"
"github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/engine"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
@ -36,7 +36,7 @@ func NewGenerationHandler(
client dclient.Interface,
kyvernoClient versioned.Interface,
nsLister corev1listers.NamespaceLister,
urLister kyvernov1beta1listers.UpdateRequestNamespaceLister,
urLister kyvernov2listers.UpdateRequestNamespaceLister,
cpolLister kyvernov1listers.ClusterPolicyLister,
polLister kyvernov1listers.PolicyLister,
urGenerator webhookgenerate.Generator,
@ -66,7 +66,7 @@ type generationHandler struct {
client dclient.Interface
kyvernoClient versioned.Interface
nsLister corev1listers.NamespaceLister
urLister kyvernov1beta1listers.UpdateRequestNamespaceLister
urLister kyvernov2listers.UpdateRequestNamespaceLister
cpolLister kyvernov1listers.ClusterPolicyLister
polLister kyvernov1listers.PolicyLister
urGenerator webhookgenerate.Generator
@ -173,7 +173,7 @@ func (h *generationHandler) applyGeneration(
rules := getAppliedRules(policy, appliedRules)
for _, rule := range rules {
h.log.V(4).Info("creating the UR to generate downstream on trigger's operation", "operation", request.Operation, "rule", rule.Name)
urSpec := buildURSpec(kyvernov1beta1.Generate, pKey, rule.Name, triggerSpec, false)
urSpec := buildURSpec(kyvernov2.Generate, pKey, rule.Name, triggerSpec, false)
urSpec.Context = buildURContext(request, policyContext)
if err := h.urGenerator.Apply(ctx, urSpec); err != nil {
h.log.Error(err, "failed to create the UR to create downstream on trigger's operation", "operation", request.Operation, "rule", rule.Name)
@ -212,7 +212,7 @@ func (h *generationHandler) syncTriggerAction(
// fire generation on trigger deletion
if (request.Operation == admissionv1.Delete) && webhookutils.MatchDeleteOperation(rule) {
h.log.V(4).Info("creating the UR to generate downstream on trigger's deletion", "operation", request.Operation, "rule", rule.Name)
ur := buildURSpec(kyvernov1beta1.Generate, pKey, rule.Name, urSpec, false)
ur := buildURSpec(kyvernov2.Generate, pKey, rule.Name, urSpec, false)
ur.Context = buildURContext(request, policyContext)
if err := h.urGenerator.Apply(ctx, ur); err != nil {
h.log.Error(err, "failed to create the UR to generate downstream on trigger's deletion", "operation", request.Operation, "rule", rule.Name)
@ -226,7 +226,7 @@ func (h *generationHandler) syncTriggerAction(
// delete downstream on trigger deletion
if rule.Generation.Synchronize {
h.log.V(4).Info("creating the UR to delete downstream on trigger's event", "operation", request.Operation, "rule", rule.Name)
ur := buildURSpec(kyvernov1beta1.Generate, pKey, rule.Name, urSpec, true)
ur := buildURSpec(kyvernov2.Generate, pKey, rule.Name, urSpec, true)
ur.Context = buildURContext(request, policyContext)
if err := h.urGenerator.Apply(ctx, ur); err != nil {
h.log.Error(err, "failed to create the UR to delete downstream on trigger's event", "operation", request.Operation, "rule", rule.Name)
@ -327,7 +327,7 @@ func (h *generationHandler) processRequest(ctx context.Context, policyContext *e
continue
}
ur := buildURSpec(kyvernov1beta1.Generate, pKey, rule.Name, generateutils.TriggerFromLabels(labels), deleteDownstream)
ur := buildURSpec(kyvernov2.Generate, pKey, rule.Name, generateutils.TriggerFromLabels(labels), deleteDownstream)
if err := h.urGenerator.Apply(ctx, ur); err != nil {
e := event.NewBackgroundFailedEvent(err, policy, pRuleName, event.GeneratePolicyController,
kyvernov1.ResourceSpec{Kind: new.GetKind(), Namespace: new.GetNamespace(), Name: new.GetName()})

12
pkg/webhooks/resource/generation/utils.go
View file

@ -2,13 +2,13 @@ package generation
import (
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/engine"
admissionv1 "k8s.io/api/admission/v1"
)
func buildURSpec(requestType kyvernov1beta1.RequestType, policyKey, ruleName string, resource kyvernov1.ResourceSpec, deleteDownstream bool) kyvernov1beta1.UpdateRequestSpec {
return kyvernov1beta1.UpdateRequestSpec{
func buildURSpec(requestType kyvernov2.RequestType, policyKey, ruleName string, resource kyvernov1.ResourceSpec, deleteDownstream bool) kyvernov2.UpdateRequestSpec {
return kyvernov2.UpdateRequestSpec{
Type: requestType,
Policy: policyKey,
Rule: ruleName,
@ -17,10 +17,10 @@ func buildURSpec(requestType kyvernov1beta1.RequestType, policyKey, ruleName str
}
}
func buildURContext(request admissionv1.AdmissionRequest, policyContext *engine.PolicyContext) kyvernov1beta1.UpdateRequestSpecContext {
return kyvernov1beta1.UpdateRequestSpecContext{
func buildURContext(request admissionv1.AdmissionRequest, policyContext *engine.PolicyContext) kyvernov2.UpdateRequestSpecContext {
return kyvernov2.UpdateRequestSpecContext{
UserRequestInfo: policyContext.AdmissionInfo(),
AdmissionRequestInfo: kyvernov1beta1.AdmissionRequestInfoObject{
AdmissionRequestInfo: kyvernov2.AdmissionRequestInfoObject{
AdmissionRequest: &request,
Operation: request.Operation,
},

6
pkg/webhooks/resource/handlers.go
View file

@ -14,7 +14,7 @@ import (
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2"
"github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/config"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
@ -52,7 +52,7 @@ type resourceHandlers struct {
// listers
nsLister corev1listers.NamespaceLister
urLister kyvernov1beta1listers.UpdateRequestNamespaceLister
urLister kyvernov2listers.UpdateRequestNamespaceLister
cpolLister kyvernov1listers.ClusterPolicyLister
polLister kyvernov1listers.PolicyLister
@ -73,7 +73,7 @@ func NewHandlers(
metricsConfig metrics.MetricsConfigManager,
pCache policycache.Cache,
nsLister corev1listers.NamespaceLister,
urLister kyvernov1beta1listers.UpdateRequestNamespaceLister,
urLister kyvernov2listers.UpdateRequestNamespaceLister,
cpolInformer kyvernov1informers.ClusterPolicyInformer,
polInformer kyvernov1informers.PolicyInformer,
urGenerator webhookgenerate.Generator,

4
pkg/webhooks/resource/handlers_test.go
View file

@ -9,7 +9,7 @@ import (
"time"
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine"
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
@ -652,7 +652,7 @@ func (b *mockPolicyContextBuilder) Build(request admissionv1.AdmissionRequest, r
b.Lock()
defer b.Unlock()
userRequestInfo := kyvernov1beta1.RequestInfo{
userRequestInfo := kyvernov2.RequestInfo{
AdmissionUserInfo: *request.UserInfo.DeepCopy(),
Roles: roles,
ClusterRoles: clusterRoles,

4
pkg/webhooks/resource/updaterequest.go
View file

@ -8,7 +8,7 @@ import (
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/autogen"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
"github.com/kyverno/kyverno/pkg/event"
@ -76,7 +76,7 @@ func (h *resourceHandlers) handleMutateExisting(ctx context.Context, logger logr
}
}
if failedResponse := applyUpdateRequest(ctx, request.AdmissionRequest, kyvernov1beta1.Mutate, h.urGenerator, policyContext.AdmissionInfo(), request.Operation, engineResponses...); failedResponse != nil {
if failedResponse := applyUpdateRequest(ctx, request.AdmissionRequest, kyvernov2.Mutate, h.urGenerator, policyContext.AdmissionInfo(), request.Operation, engineResponses...); failedResponse != nil {
for _, failedUR := range failedResponse {
err := fmt.Errorf("failed to create update request: %v", failedUR.err)

16
pkg/webhooks/resource/utils.go
View file

@ -6,7 +6,7 @@ import (
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
@ -16,7 +16,7 @@ import (
)
type updateRequestResponse struct {
ur kyvernov1beta1.UpdateRequestSpec
ur kyvernov2.UpdateRequestSpec
err error
}
@ -47,13 +47,13 @@ func processResourceWithPatches(patch []byte, resource []byte, log logr.Logger)
func applyUpdateRequest(
ctx context.Context,
request admissionv1.AdmissionRequest,
ruleType kyvernov1beta1.RequestType,
ruleType kyvernov2.RequestType,
urGenerator updaterequest.Generator,
userRequestInfo kyvernov1beta1.RequestInfo,
userRequestInfo kyvernov2.RequestInfo,
action admissionv1.Operation,
engineResponses ...*engineapi.EngineResponse,
) (failedUpdateRequest []updateRequestResponse) {
admissionRequestInfo := kyvernov1beta1.AdmissionRequestInfoObject{
admissionRequestInfo := kyvernov2.AdmissionRequestInfoObject{
AdmissionRequest: &request,
Operation: action,
}
@ -70,7 +70,7 @@ func applyUpdateRequest(
return
}
func transform(admissionRequestInfo kyvernov1beta1.AdmissionRequestInfoObject, userRequestInfo kyvernov1beta1.RequestInfo, er *engineapi.EngineResponse, ruleType kyvernov1beta1.RequestType) (urs []kyvernov1beta1.UpdateRequestSpec) {
func transform(admissionRequestInfo kyvernov2.AdmissionRequestInfoObject, userRequestInfo kyvernov2.RequestInfo, er *engineapi.EngineResponse, ruleType kyvernov2.RequestType) (urs []kyvernov2.UpdateRequestSpec) {
var PolicyNameNamespaceKey string
if er.Policy().GetNamespace() != "" {
PolicyNameNamespaceKey = er.Policy().GetNamespace() + "/" + er.Policy().GetName()
@ -79,7 +79,7 @@ func transform(admissionRequestInfo kyvernov1beta1.AdmissionRequestInfoObject, u
}
for _, rule := range er.PolicyResponse.Rules {
ur := kyvernov1beta1.UpdateRequestSpec{
ur := kyvernov2.UpdateRequestSpec{
Type: ruleType,
Policy: PolicyNameNamespaceKey,
Rule: rule.Name(),
@ -90,7 +90,7 @@ func transform(admissionRequestInfo kyvernov1beta1.AdmissionRequestInfoObject, u
APIVersion: er.Resource.GetAPIVersion(),
UID: er.Resource.GetUID(),
},
Context: kyvernov1beta1.UpdateRequestSpecContext{
Context: kyvernov2.UpdateRequestSpecContext{
UserRequestInfo: userRequestInfo,
AdmissionRequestInfo: admissionRequestInfo,
},

4
pkg/webhooks/updaterequest/fake.go
View file

@ -3,7 +3,7 @@ package updaterequest
import (
"context"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
)
func NewFake() Generator {
@ -12,6 +12,6 @@ func NewFake() Generator {
type fakeGenerator struct{}
func (f *fakeGenerator) Apply(ctx context.Context, gr kyvernov1beta1.UpdateRequestSpec) error {
func (f *fakeGenerator) Apply(ctx context.Context, gr kyvernov2.UpdateRequestSpec) error {
return nil
}

28
pkg/webhooks/updaterequest/generator.go
View file

@ -5,11 +5,11 @@ import (
"time"
backoff "github.com/cenkalti/backoff"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/background/common"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1beta1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1beta1"
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
kyvernov2informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2"
kyvernov2listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2"
"github.com/kyverno/kyverno/pkg/config"
generatorutils "github.com/kyverno/kyverno/pkg/utils/generator"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -18,7 +18,7 @@ import (
// Generator provides interface to manage update requests
type Generator interface {
Apply(context.Context, kyvernov1beta1.UpdateRequestSpec) error
Apply(context.Context, kyvernov2.UpdateRequestSpec) error
}
// generator defines the implementation to manage update request resource
@ -27,13 +27,13 @@ type generator struct {
client versioned.Interface
// listers
urLister kyvernov1beta1listers.UpdateRequestNamespaceLister
urLister kyvernov2listers.UpdateRequestNamespaceLister
urGenerator generatorutils.UpdateRequestGenerator
}
// NewGenerator returns a new instance of UpdateRequest resource generator
func NewGenerator(client versioned.Interface, urInformer kyvernov1beta1informers.UpdateRequestInformer, urGenerator generatorutils.UpdateRequestGenerator) Generator {
func NewGenerator(client versioned.Interface, urInformer kyvernov2informers.UpdateRequestInformer, urGenerator generatorutils.UpdateRequestGenerator) Generator {
return &generator{
client: client,
urLister: urInformer.Lister().UpdateRequests(config.KyvernoNamespace()),
@ -42,13 +42,13 @@ func NewGenerator(client versioned.Interface, urInformer kyvernov1beta1informers
}
// Apply creates update request resource
func (g *generator) Apply(ctx context.Context, ur kyvernov1beta1.UpdateRequestSpec) error {
func (g *generator) Apply(ctx context.Context, ur kyvernov2.UpdateRequestSpec) error {
logger.V(4).Info("apply Update Request", "request", ur)
go g.applyResource(context.TODO(), ur)
return nil
}
func (g *generator) applyResource(ctx context.Context, urSpec kyvernov1beta1.UpdateRequestSpec) {
func (g *generator) applyResource(ctx context.Context, urSpec kyvernov2.UpdateRequestSpec) {
exbackoff := &backoff.ExponentialBackOff{
InitialInterval: 500 * time.Millisecond,
RandomizationFactor: 0.5,
@ -63,18 +63,18 @@ func (g *generator) applyResource(ctx context.Context, urSpec kyvernov1beta1.Upd
}
}
func (g *generator) tryApplyResource(ctx context.Context, urSpec kyvernov1beta1.UpdateRequestSpec) error {
func (g *generator) tryApplyResource(ctx context.Context, urSpec kyvernov2.UpdateRequestSpec) error {
l := logger.WithValues("ruleType", urSpec.GetRequestType(), "resource", urSpec.GetResource().String())
var queryLabels labels.Set
if urSpec.GetRequestType() == kyvernov1beta1.Mutate {
if urSpec.GetRequestType() == kyvernov2.Mutate {
queryLabels = common.MutateLabelsSet(urSpec.Policy, urSpec.GetResource())
} else if urSpec.GetRequestType() == kyvernov1beta1.Generate {
} else if urSpec.GetRequestType() == kyvernov2.Generate {
queryLabels = common.GenerateLabelsSet(urSpec.Policy, urSpec.GetResource())
}
l.V(4).Info("creating new UpdateRequest")
ur := kyvernov1beta1.UpdateRequest{
ur := kyvernov2.UpdateRequest{
ObjectMeta: metav1.ObjectMeta{
Namespace: config.KyvernoNamespace(),
GenerateName: "ur-",
@ -90,8 +90,8 @@ func (g *generator) tryApplyResource(ctx context.Context, urSpec kyvernov1beta1.
return nil
}
updated := created.DeepCopy()
updated.Status.State = kyvernov1beta1.Pending
_, err = g.client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), updated, metav1.UpdateOptions{})
updated.Status.State = kyvernov2.Pending
_, err = g.client.KyvernoV2().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), updated, metav1.UpdateOptions{})
if err != nil {
return err
}

4
pkg/webhooks/utils/policy_context_builder.go
View file

@ -1,7 +1,7 @@
package utils
import (
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine"
"github.com/kyverno/kyverno/pkg/engine/jmespath"
@ -29,7 +29,7 @@ func NewPolicyContextBuilder(
}
func (b *policyContextBuilder) Build(request admissionv1.AdmissionRequest, roles, clusterRoles []string, gvk schema.GroupVersionKind) (*engine.PolicyContext, error) {
userRequestInfo := kyvernov1beta1.RequestInfo{
userRequestInfo := kyvernov2.RequestInfo{
AdmissionUserInfo: *request.UserInfo.DeepCopy(),
Roles: roles,
ClusterRoles: clusterRoles,