mirror of
https://github.com/kyverno/kyverno.git
synced 2025-01-20 18:52:16 +00:00
remove exlude kind checks
This commit is contained in:
parent
5a6814a588
commit
b66c1b7f0c
3 changed files with 1 additions and 136 deletions
|
@ -4,52 +4,4 @@ const (
|
|||
wqNamespace string = "namespace"
|
||||
workerCount int = 1
|
||||
wqRetryLimit int = 5
|
||||
policyKind string = "Policy"
|
||||
)
|
||||
|
||||
// func namespaceMeetsRuleDescription(ns *corev1.Namespace, resourceDescription v1alpha1.ResourceDescription) bool {
|
||||
// //REWORK Not needed but verify the 'Namespace' is defined in the list of supported kinds
|
||||
// if !findKind(resourceDescription.Kinds, "Namespace") {
|
||||
// return false
|
||||
// }
|
||||
// if resourceDescription.Name != nil {
|
||||
// if !wildcard.Match(*resourceDescription.Name, ns.Name) {
|
||||
// return false
|
||||
// }
|
||||
// }
|
||||
|
||||
// if resourceDescription.Selector != nil {
|
||||
// selector, err := metav1.LabelSelectorAsSelector(resourceDescription.Selector)
|
||||
// if err != nil {
|
||||
// return false
|
||||
// }
|
||||
|
||||
// labelSet := convertLabelsToLabelSet(ns.Labels)
|
||||
// // labels
|
||||
// if !selector.Matches(labelSet) {
|
||||
// return false
|
||||
// }
|
||||
// }
|
||||
// return true
|
||||
// }
|
||||
|
||||
// func convertLabelsToLabelSet(labelMap map[string]string) labels.Set {
|
||||
// labelSet := make(labels.Set, len(labelMap))
|
||||
// // REWORK: check if the below works
|
||||
// // if x, ok := labelMap.(labels.Set); !ok {
|
||||
|
||||
// // }
|
||||
// for k, v := range labelMap {
|
||||
// labelSet[k] = v
|
||||
// }
|
||||
// return labelSet
|
||||
// }
|
||||
|
||||
// func findKind(kinds []string, kindGVK string) bool {
|
||||
// for _, kind := range kinds {
|
||||
// if kind == kindGVK {
|
||||
// return true
|
||||
// }
|
||||
// }
|
||||
// return false
|
||||
// }
|
||||
|
|
|
@ -94,47 +94,3 @@ func generateEvents(engineResponses []engine.EngineResponseNew, onUpdate bool) [
|
|||
}
|
||||
return events
|
||||
}
|
||||
|
||||
// //TODO: change validation from bool -> enum(validation, mutation)
|
||||
// func newEventInfoFromPolicyInfo(policyInfoList []info.PolicyInfo, onUpdate bool, ruleType info.RuleType) []*event.Info {
|
||||
// var eventsInfo []*event.Info
|
||||
// ok, msg := isAdmSuccesful(policyInfoList)
|
||||
// // Some policies failed to apply succesfully
|
||||
// if !ok {
|
||||
// for _, pi := range policyInfoList {
|
||||
// if pi.IsSuccessful() {
|
||||
// continue
|
||||
// }
|
||||
// rules := pi.FailedRules()
|
||||
// ruleNames := strings.Join(rules, ";")
|
||||
// if !onUpdate {
|
||||
// // CREATE
|
||||
// eventsInfo = append(eventsInfo,
|
||||
// event.NewEvent(policyKind, "", pi.Name, event.RequestBlocked, event.FPolicyApplyBlockCreate, pi.RNamespace+"/"+pi.RName, ruleNames))
|
||||
|
||||
// glog.V(3).Infof("Rule(s) %s of policy %s blocked resource creation, error: %s\n", ruleNames, pi.Name, msg)
|
||||
// } else {
|
||||
// // UPDATE
|
||||
// eventsInfo = append(eventsInfo,
|
||||
// event.NewEvent(pi.RKind, pi.RNamespace, pi.RName, event.RequestBlocked, event.FPolicyApplyBlockUpdate, ruleNames, pi.Name))
|
||||
// eventsInfo = append(eventsInfo,
|
||||
// event.NewEvent(policyKind, "", pi.Name, event.RequestBlocked, event.FPolicyBlockResourceUpdate, pi.RNamespace+"/"+pi.RName, ruleNames))
|
||||
// glog.V(3).Infof("Request blocked events info has prepared for %s/%s and %s/%s\n", policyKind, pi.Name, pi.RKind, pi.RName)
|
||||
// }
|
||||
// }
|
||||
// } else {
|
||||
// if !onUpdate {
|
||||
// // All policies were applied succesfully
|
||||
// // CREATE
|
||||
// for _, pi := range policyInfoList {
|
||||
// rules := pi.SuccessfulRules()
|
||||
// ruleNames := strings.Join(rules, ";")
|
||||
// eventsInfo = append(eventsInfo,
|
||||
// event.NewEvent(pi.RKind, pi.RNamespace, pi.RName, event.PolicyApplied, event.SRulesApply, ruleNames, pi.Name))
|
||||
|
||||
// glog.V(3).Infof("Success event info has prepared for %s/%s\n", pi.RKind, pi.RName)
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
// return eventsInfo
|
||||
// }
|
||||
|
|
|
@ -9,23 +9,6 @@ import (
|
|||
"github.com/nirmata/kyverno/pkg/engine"
|
||||
)
|
||||
|
||||
const policyKind = "Policy"
|
||||
|
||||
// func isAdmSuccesful(policyInfos []info.PolicyInfo) (bool, string) {
|
||||
// var admSuccess = true
|
||||
// var errMsgs []string
|
||||
// for _, pi := range policyInfos {
|
||||
// if !pi.IsSuccessful() {
|
||||
// admSuccess = false
|
||||
// errMsgs = append(errMsgs, fmt.Sprintf("\nPolicy %s failed with following rules", pi.Name))
|
||||
// // Get the error rules
|
||||
// errorRules := pi.ErrorRules()
|
||||
// errMsgs = append(errMsgs, errorRules)
|
||||
// }
|
||||
// }
|
||||
// return admSuccess, strings.Join(errMsgs, ";")
|
||||
// }
|
||||
|
||||
func isResponseSuccesful(engineReponses []engine.EngineResponseNew) bool {
|
||||
for _, er := range engineReponses {
|
||||
if !er.IsSuccesful() {
|
||||
|
@ -82,27 +65,14 @@ func (i *ArrayFlags) Set(value string) error {
|
|||
|
||||
// extract the kinds that the policy rules apply to
|
||||
func getApplicableKindsForPolicy(p *kyverno.ClusterPolicy) []string {
|
||||
kindsMap := map[string]interface{}{}
|
||||
kinds := []string{}
|
||||
// iterate over the rules an identify all kinds
|
||||
// Matching
|
||||
for _, rule := range p.Spec.Rules {
|
||||
for _, k := range rule.MatchResources.Kinds {
|
||||
kindsMap[k] = nil
|
||||
}
|
||||
// remove excluded ones
|
||||
for _, k := range rule.ExcludeResources.Kinds {
|
||||
if _, ok := kindsMap[k]; ok {
|
||||
// delete kind
|
||||
delete(kindsMap, k)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// get the kinds
|
||||
for k := range kindsMap {
|
||||
kinds = append(kinds, k)
|
||||
}
|
||||
}
|
||||
return kinds
|
||||
}
|
||||
|
||||
|
@ -112,19 +82,6 @@ const (
|
|||
ReportViolation = "audit"
|
||||
)
|
||||
|
||||
// // returns true -> if there is even one policy that blocks resource requst
|
||||
// // returns false -> if all the policies are meant to report only, we dont block resource request
|
||||
// func toBlock(pis []info.PolicyInfo) bool {
|
||||
// for _, pi := range pis {
|
||||
// if pi.ValidationFailureAction != ReportViolation {
|
||||
// glog.V(3).Infoln("ValidationFailureAction set to enforce, blocking resource ceation")
|
||||
// return true
|
||||
// }
|
||||
// }
|
||||
// glog.V(3).Infoln("ValidationFailureAction set to audit, allowing resource creation, reporting with violation")
|
||||
// return false
|
||||
// }
|
||||
|
||||
func processResourceWithPatches(patch []byte, resource []byte) []byte {
|
||||
if patch == nil {
|
||||
return nil
|
||||
|
|
Loading…
Add table
Reference in a new issue