remove exlude kind checks

pkg/namespace/utils.go

@@ -4,52 +4,4 @@ const (
 	wqNamespace  string = "namespace"
 	workerCount  int    = 1
 	wqRetryLimit int    = 5
-	policyKind   string = "Policy"
 )
-
-// func namespaceMeetsRuleDescription(ns *corev1.Namespace, resourceDescription v1alpha1.ResourceDescription) bool {
-// 	//REWORK Not needed but verify the 'Namespace' is defined in the list of supported kinds
-// 	if !findKind(resourceDescription.Kinds, "Namespace") {
-// 		return false
-// 	}
-// 	if resourceDescription.Name != nil {
-// 		if !wildcard.Match(*resourceDescription.Name, ns.Name) {
-// 			return false
-// 		}
-// 	}
-
-// 	if resourceDescription.Selector != nil {
-// 		selector, err := metav1.LabelSelectorAsSelector(resourceDescription.Selector)
-// 		if err != nil {
-// 			return false
-// 		}
-
-// 		labelSet := convertLabelsToLabelSet(ns.Labels)
-// 		// labels
-// 		if !selector.Matches(labelSet) {
-// 			return false
-// 		}
-// 	}
-// 	return true
-// }
-
-// func convertLabelsToLabelSet(labelMap map[string]string) labels.Set {
-// 	labelSet := make(labels.Set, len(labelMap))
-// 	// REWORK: check if the below works
-// 	// if x, ok := labelMap.(labels.Set); !ok {
-
-// 	// }
-// 	for k, v := range labelMap {
-// 		labelSet[k] = v
-// 	}
-// 	return labelSet
-// }
-
-// func findKind(kinds []string, kindGVK string) bool {
-// 	for _, kind := range kinds {
-// 		if kind == kindGVK {
-// 			return true
-// 		}
-// 	}
-// 	return false
-// }

pkg/webhooks/report.go

@@ -94,47 +94,3 @@ func generateEvents(engineResponses []engine.EngineResponseNew, onUpdate bool) [
 	}
 	return events
 }
-
-// //TODO: change validation from bool -> enum(validation, mutation)
-// func newEventInfoFromPolicyInfo(policyInfoList []info.PolicyInfo, onUpdate bool, ruleType info.RuleType) []*event.Info {
-// 	var eventsInfo []*event.Info
-// 	ok, msg := isAdmSuccesful(policyInfoList)
-// 	// Some policies failed to apply succesfully
-// 	if !ok {
-// 		for _, pi := range policyInfoList {
-// 			if pi.IsSuccessful() {
-// 				continue
-// 			}
-// 			rules := pi.FailedRules()
-// 			ruleNames := strings.Join(rules, ";")
-// 			if !onUpdate {
-// 				// CREATE
-// 				eventsInfo = append(eventsInfo,
-// 					event.NewEvent(policyKind, "", pi.Name, event.RequestBlocked, event.FPolicyApplyBlockCreate, pi.RNamespace+"/"+pi.RName, ruleNames))
-
-// 				glog.V(3).Infof("Rule(s) %s of policy %s blocked resource creation, error: %s\n", ruleNames, pi.Name, msg)
-// 			} else {
-// 				// UPDATE
-// 				eventsInfo = append(eventsInfo,
-// 					event.NewEvent(pi.RKind, pi.RNamespace, pi.RName, event.RequestBlocked, event.FPolicyApplyBlockUpdate, ruleNames, pi.Name))
-// 				eventsInfo = append(eventsInfo,
-// 					event.NewEvent(policyKind, "", pi.Name, event.RequestBlocked, event.FPolicyBlockResourceUpdate, pi.RNamespace+"/"+pi.RName, ruleNames))
-// 				glog.V(3).Infof("Request blocked events info has prepared for %s/%s and %s/%s\n", policyKind, pi.Name, pi.RKind, pi.RName)
-// 			}
-// 		}
-// 	} else {
-// 		if !onUpdate {
-// 			// All policies were applied succesfully
-// 			// CREATE
-// 			for _, pi := range policyInfoList {
-// 				rules := pi.SuccessfulRules()
-// 				ruleNames := strings.Join(rules, ";")
-// 				eventsInfo = append(eventsInfo,
-// 					event.NewEvent(pi.RKind, pi.RNamespace, pi.RName, event.PolicyApplied, event.SRulesApply, ruleNames, pi.Name))
-
-// 				glog.V(3).Infof("Success event info has prepared for %s/%s\n", pi.RKind, pi.RName)
-// 			}
-// 		}
-// 	}
-// 	return eventsInfo
-// }

pkg/webhooks/utils.go

@@ -9,23 +9,6 @@ import (
 	"github.com/nirmata/kyverno/pkg/engine"
 )
 
-const policyKind = "Policy"
-
-// func isAdmSuccesful(policyInfos []info.PolicyInfo) (bool, string) {
-// 	var admSuccess = true
-// 	var errMsgs []string
-// 	for _, pi := range policyInfos {
-// 		if !pi.IsSuccessful() {
-// 			admSuccess = false
-// 			errMsgs = append(errMsgs, fmt.Sprintf("\nPolicy %s failed with following rules", pi.Name))
-// 			// Get the error rules
-// 			errorRules := pi.ErrorRules()
-// 			errMsgs = append(errMsgs, errorRules)
-// 		}
-// 	}
-// 	return admSuccess, strings.Join(errMsgs, ";")
-// }
-
 func isResponseSuccesful(engineReponses []engine.EngineResponseNew) bool {
 	for _, er := range engineReponses {
 		if !er.IsSuccesful() {
@@ -82,26 +65,13 @@ func (i *ArrayFlags) Set(value string) error {
 
 // extract the kinds that the policy rules apply to
 func getApplicableKindsForPolicy(p *kyverno.ClusterPolicy) []string {
-	kindsMap := map[string]interface{}{}
 	kinds := []string{}
 	// iterate over the rules an identify all kinds
 	// Matching
 	for _, rule := range p.Spec.Rules {
 		for _, k := range rule.MatchResources.Kinds {
-			kindsMap[k] = nil
+			kinds = append(kinds, k)
 		}
-		// remove excluded ones
-		for _, k := range rule.ExcludeResources.Kinds {
-			if _, ok := kindsMap[k]; ok {
-				// delete kind
-				delete(kindsMap, k)
-			}
-		}
-	}
-
-	// get the kinds
-	for k := range kindsMap {
-		kinds = append(kinds, k)
 	}
 	return kinds
 }
@@ -112,19 +82,6 @@ const (
 	ReportViolation = "audit"
 )
 
-// // returns true -> if there is even one policy that blocks resource requst
-// // returns false -> if all the policies are meant to report only, we dont block resource request
-// func toBlock(pis []info.PolicyInfo) bool {
-// 	for _, pi := range pis {
-// 		if pi.ValidationFailureAction != ReportViolation {
-// 			glog.V(3).Infoln("ValidationFailureAction set to enforce, blocking resource ceation")
-// 			return true
-// 		}
-// 	}
-// 	glog.V(3).Infoln("ValidationFailureAction set to audit, allowing resource creation, reporting with violation")
-// 	return false
-// }
-
 func processResourceWithPatches(patch []byte, resource []byte) []byte {
 	if patch == nil {
 		return nil