mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
cleanup
This commit is contained in:
parent
15918ec0d8
commit
bbed451039
4 changed files with 0 additions and 221 deletions
|
@ -88,7 +88,6 @@ func (p *Policy) updatePolicy(obj *Policy, ruleType pinfo.RuleType) bool {
|
|||
updates = true
|
||||
}
|
||||
}
|
||||
p.Status = obj.Status
|
||||
// check if any rules failed
|
||||
p.Status = p.getOverAllStatus()
|
||||
// If there are any updates then the annotation can be updated, can skip
|
||||
|
|
|
@ -1,12 +1,9 @@
|
|||
package client
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/nirmata/kyverno/pkg/info"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
@ -113,215 +110,3 @@ func retry(attempts int, sleep time.Duration, fn func() error) error {
|
|||
type stop struct {
|
||||
error
|
||||
}
|
||||
|
||||
func GetAnnotations(obj *unstructured.Unstructured) map[string]interface{} {
|
||||
var annotationsMaps map[string]interface{}
|
||||
unstr := obj.UnstructuredContent()
|
||||
metadata, ok := unstr["metadata"]
|
||||
if ok {
|
||||
metadataMap, ok := metadata.(map[string]interface{})
|
||||
if !ok {
|
||||
glog.Info("type mismatch")
|
||||
return nil
|
||||
}
|
||||
annotations, ok := metadataMap["annotations"]
|
||||
if !ok {
|
||||
glog.Info("annotations not present")
|
||||
return nil
|
||||
}
|
||||
annotationsMaps, ok = annotations.(map[string]interface{})
|
||||
if !ok {
|
||||
glog.Info("type mismatch")
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return annotationsMaps
|
||||
}
|
||||
|
||||
func SetAnnotations(obj *unstructured.Unstructured, annotations map[string]interface{}) error {
|
||||
unstr := obj.UnstructuredContent()
|
||||
metadata, ok := unstr["metadata"]
|
||||
if ok {
|
||||
metadataMap, ok := metadata.(map[string]interface{})
|
||||
if !ok {
|
||||
return errors.New("type mismatch")
|
||||
}
|
||||
metadataMap["annotations"] = annotations
|
||||
unstr["metadata"] = metadataMap
|
||||
obj.SetUnstructuredContent(unstr)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
type AnnotationPolicies struct {
|
||||
// map[policy_name]
|
||||
Policies map[string]AnnotationPolicy `json:"policies"`
|
||||
}
|
||||
|
||||
type AnnotationPolicy struct {
|
||||
Status string `json:"status"`
|
||||
Rules []AnnotationRule `json:"rules,omitempty"`
|
||||
}
|
||||
|
||||
type AnnotationRule struct {
|
||||
Name string `json:"name"`
|
||||
Status string `json:"status"`
|
||||
Type string `json:"type"`
|
||||
Changes string `json:"changes"`
|
||||
}
|
||||
|
||||
func getStatus(status bool) string {
|
||||
if status {
|
||||
return "Success"
|
||||
}
|
||||
return "Failure"
|
||||
}
|
||||
|
||||
func getRules(rules []*info.RuleInfo) []AnnotationRule {
|
||||
var annrules []AnnotationRule
|
||||
for _, r := range rules {
|
||||
annrule := AnnotationRule{Name: r.Name,
|
||||
Status: getStatus(r.IsSuccessful())}
|
||||
//TODO: add mutation changes in policyInfo and in annotation
|
||||
annrules = append(annrules, annrule)
|
||||
}
|
||||
return annrules
|
||||
}
|
||||
|
||||
// input rules can be mutation or validation
|
||||
func (ap AnnotationPolicy) updateRules(rules interface{}, validation bool) (error, interface{}) {
|
||||
ruleList, ok := rules.([]interface{})
|
||||
updated := false
|
||||
if !ok {
|
||||
return errors.New("type mismatch"), false
|
||||
}
|
||||
|
||||
// for mutation rule check if the rules are same
|
||||
// var mode string
|
||||
// if validation {
|
||||
// mode = "Validation"
|
||||
// } else {
|
||||
// mode = "Mutation"
|
||||
// }
|
||||
// // if lengths are differrent then update
|
||||
// if len(ruleList) != len(ap.Rules) {
|
||||
// return nil, ap.updateRules
|
||||
// }
|
||||
// check if there is any update in the rules
|
||||
// order of rules is assumed same while comparison
|
||||
for i, r := range ruleList {
|
||||
rule, ok := r.(map[string]interface{})
|
||||
if !ok {
|
||||
return errors.New("type mismatch"), nil
|
||||
}
|
||||
// Name
|
||||
name, ok := rule["name"].(string)
|
||||
if !ok {
|
||||
return errors.New("type mismatch"), nil
|
||||
}
|
||||
if name != ap.Rules[i].Name {
|
||||
updated = true
|
||||
break
|
||||
}
|
||||
// Status
|
||||
status, ok := rule["status"].(string)
|
||||
if !ok {
|
||||
return errors.New("type mismatch"), nil
|
||||
}
|
||||
if status != ap.Rules[i].Status {
|
||||
updated = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if updated {
|
||||
return nil, ap.Rules
|
||||
}
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func newAnnotationPolicy(pi *info.PolicyInfo) AnnotationPolicy {
|
||||
status := getStatus(pi.IsSuccessful())
|
||||
rules := getRules(pi.Rules)
|
||||
return AnnotationPolicy{Status: status,
|
||||
Rules: rules}
|
||||
}
|
||||
|
||||
//func GetPolicies(policies interface{}) map[string]
|
||||
func AddPolicy(pi *info.PolicyInfo, ann map[string]interface{}, validation bool) (error, map[string]interface{}) {
|
||||
// Lets build the policy annotation struct from policyInfo
|
||||
annpolicy := newAnnotationPolicy(pi)
|
||||
// Add policy to annotations
|
||||
// If policy does not exist -> Add
|
||||
// If already exists then update the status and rules
|
||||
policies, ok := ann["policies"]
|
||||
if ok {
|
||||
policiesMap, ok := policies.(map[string]interface{})
|
||||
if !ok {
|
||||
glog.Info("type mismatch")
|
||||
return errors.New("type mismatch"), nil
|
||||
}
|
||||
// check if policy record is present
|
||||
policy, ok := policiesMap[pi.Name]
|
||||
if !ok {
|
||||
// not present then we add
|
||||
policiesMap[pi.Name] = annpolicy
|
||||
ann["policies"] = policiesMap
|
||||
return nil, ann
|
||||
}
|
||||
policyMap, ok := policy.(map[string]interface{})
|
||||
if !ok {
|
||||
return errors.New("type mismatch"), nil
|
||||
}
|
||||
// We just update the annotations
|
||||
// status
|
||||
status := policyMap["status"]
|
||||
statusStr, ok := status.(string)
|
||||
if !ok {
|
||||
return errors.New("type mismatch"), nil
|
||||
}
|
||||
if statusStr != annpolicy.Status {
|
||||
policyMap["status"] = annpolicy.Status
|
||||
}
|
||||
// check rules
|
||||
rules, ok := policyMap["rules"]
|
||||
if !ok {
|
||||
return errors.New("no rules"), nil
|
||||
}
|
||||
err, newRules := annpolicy.updateRules(rules, validation)
|
||||
if err != nil {
|
||||
return err, nil
|
||||
}
|
||||
if newRules == nil {
|
||||
//nothing to update
|
||||
return nil, nil
|
||||
}
|
||||
// update the new rule
|
||||
policyMap["rules"] = newRules
|
||||
// update policies map
|
||||
policiesMap[pi.Name] = policyMap
|
||||
ann["policies"] = policiesMap
|
||||
return nil, ann
|
||||
}
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// RemovePolicy
|
||||
func RemovePolicy(pi *info.PolicyInfo, ann map[string]interface{}) (error, map[string]interface{}) {
|
||||
policies, ok := ann["policies"]
|
||||
if ok {
|
||||
policiesMap, ok := policies.(map[string]interface{})
|
||||
if !ok {
|
||||
glog.Info("type mismatch")
|
||||
return errors.New("type mismatch"), nil
|
||||
}
|
||||
// check if policy record is present
|
||||
_, ok = policiesMap[pi.Name]
|
||||
if ok {
|
||||
// delete the pair
|
||||
delete(policiesMap, pi.Name)
|
||||
ann["policies"] = policiesMap
|
||||
return nil, ann
|
||||
}
|
||||
}
|
||||
return nil, nil
|
||||
}
|
||||
|
|
|
@ -52,7 +52,6 @@ func ProcessExisting(client *client.Client, policy *types.Policy) []*info.Policy
|
|||
ri := &resourceInfo{resource: &res, gvk: &metav1.GroupVersionKind{Group: gvk.Group,
|
||||
Version: gvk.Version,
|
||||
Kind: gvk.Kind}}
|
||||
// resources = append(resources, ri)
|
||||
|
||||
resourceMap[string(res.GetUID())] = ri
|
||||
|
||||
|
|
|
@ -32,8 +32,6 @@ func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersio
|
|||
ri.Addf("overlay application has failed, err %v.", err)
|
||||
} else {
|
||||
ri.Addf("Rule %s: Overlay succesfully applied.", rule.Name)
|
||||
//TODO: patchbytes -> string
|
||||
//glog.V(3).Info(" Overlay succesfully applied. Patch %s", string(overlayPatches))
|
||||
allPatches = append(allPatches, overlayPatches...)
|
||||
}
|
||||
}
|
||||
|
@ -48,8 +46,6 @@ func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersio
|
|||
}
|
||||
} else {
|
||||
ri.Addf("Rule %s: Patches succesfully applied.", rule.Name)
|
||||
//TODO: patchbytes -> string
|
||||
//glog.V(3).Info("Patches succesfully applied. Patch %s", string(overlayPatches))
|
||||
allPatches = append(allPatches, rulePatches...)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue