mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-13 19:28:55 +00:00
introduce glog, remove log.logger references
This commit is contained in:
shivdudhani
parent
81ae5b0eb6
commit
c205cca38b
18 changed files with 132 additions and 152 deletions
|
|
@ -1,12 +1,20 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
goflag "flag"
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/nirmata/kyverno/pkg/config"
|
||||
kyverno "github.com/nirmata/kyverno/pkg/kyverno"
|
||||
flag "github.com/spf13/pflag"
|
||||
)
|
||||
|
||||
func init() {
|
||||
flag.CommandLine.AddGoFlagSet(goflag.CommandLine)
|
||||
config.LogDefaultFlags()
|
||||
flag.Parse()
|
||||
}
|
||||
func main() {
|
||||
cmd := kyverno.NewDefaultKyvernoCommand()
|
||||
|
||||
|
|
|
|||
17
init.go
17
init.go
|
|
@ -1,8 +1,7 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"github.com/golang/glog"
|
||||
client "github.com/nirmata/kyverno/pkg/dclient"
|
||||
tls "github.com/nirmata/kyverno/pkg/tls"
|
||||
"github.com/nirmata/kyverno/pkg/version"
|
||||
|
|
@ -12,17 +11,17 @@ import (
|
|||
|
||||
func printVersionInfo() {
|
||||
v := version.GetVersion()
|
||||
log.Printf("Kyverno version: %s\n", v.BuildVersion)
|
||||
log.Printf("Kyverno BuildHash: %s\n", v.BuildHash)
|
||||
log.Printf("Kyverno BuildTime: %s\n", v.BuildTime)
|
||||
glog.Infof("Kyverno version: %s\n", v.BuildVersion)
|
||||
glog.Infof("Kyverno BuildHash: %s\n", v.BuildHash)
|
||||
glog.Infof("Kyverno BuildTime: %s\n", v.BuildTime)
|
||||
}
|
||||
|
||||
func createClientConfig(kubeconfig string) (*rest.Config, error) {
|
||||
if kubeconfig == "" {
|
||||
log.Printf("Using in-cluster configuration")
|
||||
glog.Info("Using in-cluster configuration")
|
||||
return rest.InClusterConfig()
|
||||
}
|
||||
log.Printf("Using configuration from '%s'", kubeconfig)
|
||||
glog.Infof("Using configuration from '%s'", kubeconfig)
|
||||
return clientcmd.BuildConfigFromFlags("", kubeconfig)
|
||||
}
|
||||
|
||||
|
|
@ -36,14 +35,14 @@ func initTlsPemPair(configuration *rest.Config, client *client.Client) (*tls.Tls
|
|||
}
|
||||
tlsPair := client.ReadTlsPair(certProps)
|
||||
if tls.IsTlsPairShouldBeUpdated(tlsPair) {
|
||||
log.Printf("Generating new key/certificate pair for TLS")
|
||||
glog.Info("Generating new key/certificate pair for TLS")
|
||||
tlsPair, err = client.GenerateTlsPemPair(certProps)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = client.WriteTlsPair(certProps, tlsPair)
|
||||
if err != nil {
|
||||
log.Printf("Unable to save TLS pair to the cluster: %v", err)
|
||||
glog.Errorf("Unable to save TLS pair to the cluster: %v", err)
|
||||
}
|
||||
}
|
||||
return tlsPair, nil
|
||||
|
|
|
|||
34
main.go
34
main.go
|
|
@ -2,8 +2,9 @@ package main
|
|||
|
||||
import (
|
||||
"flag"
|
||||
"log"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/nirmata/kyverno/pkg/config"
|
||||
controller "github.com/nirmata/kyverno/pkg/controller"
|
||||
client "github.com/nirmata/kyverno/pkg/dclient"
|
||||
event "github.com/nirmata/kyverno/pkg/event"
|
||||
|
|
@ -18,45 +19,45 @@ var (
|
|||
)
|
||||
|
||||
func main() {
|
||||
printVersionInfo()
|
||||
defer glog.Flush()
|
||||
|
||||
printVersionInfo()
|
||||
clientConfig, err := createClientConfig(kubeconfig)
|
||||
if err != nil {
|
||||
log.Fatalf("Error building kubeconfig: %v\n", err)
|
||||
glog.Fatalf("Error building kubeconfig: %v\n", err)
|
||||
}
|
||||
|
||||
client, err := client.NewClient(clientConfig, nil)
|
||||
client, err := client.NewClient(clientConfig)
|
||||
if err != nil {
|
||||
log.Fatalf("Error creating client: %v\n", err)
|
||||
glog.Fatalf("Error creating client: %v\n", err)
|
||||
}
|
||||
|
||||
policyInformerFactory, err := sharedinformer.NewSharedInformerFactory(clientConfig)
|
||||
if err != nil {
|
||||
log.Fatalf("Error creating policy sharedinformer: %v\n", err)
|
||||
glog.Fatalf("Error creating policy sharedinformer: %v\n", err)
|
||||
}
|
||||
eventController := event.NewEventController(client, policyInformerFactory, nil)
|
||||
violationBuilder := violation.NewPolicyViolationBuilder(client, policyInformerFactory, eventController, nil)
|
||||
eventController := event.NewEventController(client, policyInformerFactory)
|
||||
violationBuilder := violation.NewPolicyViolationBuilder(client, policyInformerFactory, eventController)
|
||||
|
||||
policyController := controller.NewPolicyController(
|
||||
client,
|
||||
policyInformerFactory,
|
||||
violationBuilder,
|
||||
eventController,
|
||||
nil)
|
||||
eventController)
|
||||
|
||||
tlsPair, err := initTlsPemPair(clientConfig, client)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to initialize TLS key/certificate pair: %v\n", err)
|
||||
glog.Fatalf("Failed to initialize TLS key/certificate pair: %v\n", err)
|
||||
}
|
||||
|
||||
server, err := webhooks.NewWebhookServer(client, tlsPair, policyInformerFactory, nil)
|
||||
server, err := webhooks.NewWebhookServer(client, tlsPair, policyInformerFactory)
|
||||
if err != nil {
|
||||
log.Fatalf("Unable to create webhook server: %v\n", err)
|
||||
glog.Fatalf("Unable to create webhook server: %v\n", err)
|
||||
}
|
||||
|
||||
webhookRegistrationClient, err := webhooks.NewWebhookRegistrationClient(clientConfig, client)
|
||||
if err != nil {
|
||||
log.Fatalf("Unable to register admission webhooks on cluster: %v\n", err)
|
||||
glog.Fatalf("Unable to register admission webhooks on cluster: %v\n", err)
|
||||
}
|
||||
|
||||
stopCh := signals.SetupSignalHandler()
|
||||
|
|
@ -65,11 +66,11 @@ func main() {
|
|||
eventController.Run(stopCh)
|
||||
|
||||
if err = policyController.Run(stopCh); err != nil {
|
||||
log.Fatalf("Error running PolicyController: %v\n", err)
|
||||
glog.Fatalf("Error running PolicyController: %v\n", err)
|
||||
}
|
||||
|
||||
if err = webhookRegistrationClient.Register(); err != nil {
|
||||
log.Fatalf("Failed registering Admission Webhooks: %v\n", err)
|
||||
glog.Fatalf("Failed registering Admission Webhooks: %v\n", err)
|
||||
}
|
||||
|
||||
server.RunAsync()
|
||||
|
|
@ -80,5 +81,6 @@ func main() {
|
|||
|
||||
func init() {
|
||||
flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.")
|
||||
config.LogDefaultFlags()
|
||||
flag.Parse()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
package config
|
||||
|
||||
import "flag"
|
||||
|
||||
const (
|
||||
// These constants MUST be equal to the corresponding names in service definition in definitions/install.yaml
|
||||
KubePolicyNamespace = "kyverno"
|
||||
|
|
@ -47,3 +49,10 @@ var (
|
|||
"StatefulSet",
|
||||
}
|
||||
)
|
||||
|
||||
//LogDefaults sets default glog flags
|
||||
func LogDefaultFlags() {
|
||||
flag.Set("logtostderr", "true")
|
||||
flag.Set("stderrthreshold", "WARNING")
|
||||
flag.Set("v", "2")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,10 +2,9 @@ package controller
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
types "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
|
||||
lister "github.com/nirmata/kyverno/pkg/client/listers/policy/v1alpha1"
|
||||
client "github.com/nirmata/kyverno/pkg/dclient"
|
||||
|
|
@ -27,7 +26,6 @@ type PolicyController struct {
|
|||
policySynced cache.InformerSynced
|
||||
violationBuilder violation.Generator
|
||||
eventBuilder event.Generator
|
||||
logger *log.Logger
|
||||
queue workqueue.RateLimitingInterface
|
||||
}
|
||||
|
||||
|
|
@ -35,19 +33,14 @@ type PolicyController struct {
|
|||
func NewPolicyController(client *client.Client,
|
||||
policyInformer sharedinformer.PolicyInformer,
|
||||
violationBuilder violation.Generator,
|
||||
eventController event.Generator,
|
||||
logger *log.Logger) *PolicyController {
|
||||
eventController event.Generator) *PolicyController {
|
||||
|
||||
if logger == nil {
|
||||
logger = log.New(os.Stdout, "Policy Controller: ", log.LstdFlags)
|
||||
}
|
||||
controller := &PolicyController{
|
||||
client: client,
|
||||
policyLister: policyInformer.GetLister(),
|
||||
policySynced: policyInformer.GetInfomer().HasSynced,
|
||||
violationBuilder: violationBuilder,
|
||||
eventBuilder: eventController,
|
||||
logger: logger,
|
||||
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), policyWorkQueueName),
|
||||
}
|
||||
|
||||
|
|
@ -79,7 +72,7 @@ func (pc *PolicyController) deletePolicyHandler(resource interface{}) {
|
|||
utilruntime.HandleError(fmt.Errorf("error decoding object, invalid type"))
|
||||
return
|
||||
}
|
||||
pc.logger.Printf("policy deleted: %s", object.GetName())
|
||||
glog.Infof("policy deleted: %s", object.GetName())
|
||||
}
|
||||
|
||||
func (pc *PolicyController) enqueuePolicy(obj interface{}) {
|
||||
|
|
@ -104,13 +97,13 @@ func (pc *PolicyController) Run(stopCh <-chan struct{}) error {
|
|||
for i := 0; i < policyControllerWorkerCount; i++ {
|
||||
go wait.Until(pc.runWorker, time.Second, stopCh)
|
||||
}
|
||||
pc.logger.Println("started policy controller workers")
|
||||
glog.Info("started policy controller workers")
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (pc *PolicyController) Stop() {
|
||||
pc.logger.Println("shutting down policy controller workers")
|
||||
glog.Info("shutting down policy controller workers")
|
||||
}
|
||||
func (pc *PolicyController) runWorker() {
|
||||
for pc.processNextWorkItem() {
|
||||
|
|
@ -143,7 +136,7 @@ func (pc *PolicyController) handleErr(err error, key interface{}) {
|
|||
}
|
||||
// This controller retries if something goes wrong. After that, it stops trying.
|
||||
if pc.queue.NumRequeues(key) < policyWorkQueueRetryLimit {
|
||||
pc.logger.Printf("Error syncing events %v: %v", key, err)
|
||||
glog.Warningf("Error syncing events %v: %v", key, err)
|
||||
// Re-enqueue the key rate limited. Based on the rate limiter on the
|
||||
// queue and the re-enqueue history, the key will be processed later again.
|
||||
pc.queue.AddRateLimited(key)
|
||||
|
|
@ -151,7 +144,7 @@ func (pc *PolicyController) handleErr(err error, key interface{}) {
|
|||
}
|
||||
pc.queue.Forget(key)
|
||||
utilruntime.HandleError(err)
|
||||
pc.logger.Printf("Dropping the key %q out of the queue: %v", key, err)
|
||||
glog.Warning("Dropping the key %q out of the queue: %v", key, err)
|
||||
}
|
||||
|
||||
func (pc *PolicyController) syncHandler(obj interface{}) error {
|
||||
|
|
@ -179,6 +172,6 @@ func (pc *PolicyController) syncHandler(obj interface{}) error {
|
|||
// get the violations and pass to violation Builder
|
||||
// get the events and pass to event Builder
|
||||
//TODO: processPolicy
|
||||
pc.logger.Printf("process policy %s on existing resources", policy.GetName())
|
||||
glog.Infof("process policy %s on existing resources", policy.GetName())
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
"net/url"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/nirmata/kyverno/pkg/config"
|
||||
tls "github.com/nirmata/kyverno/pkg/tls"
|
||||
certificates "k8s.io/api/certificates/v1beta1"
|
||||
|
|
@ -61,7 +62,7 @@ func (c *Client) submitAndApproveCertificateRequest(req *certificates.Certificat
|
|||
if err != nil {
|
||||
return nil, errors.New(fmt.Sprintf("Unable to delete existing certificate request: %v", err))
|
||||
}
|
||||
c.logger.Printf("Old certificate request is deleted")
|
||||
glog.Info("Old certificate request is deleted")
|
||||
break
|
||||
}
|
||||
}
|
||||
|
|
@ -70,7 +71,7 @@ func (c *Client) submitAndApproveCertificateRequest(req *certificates.Certificat
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
c.logger.Printf("Certificate request %s is created", unstrRes.GetName())
|
||||
glog.Infof("Certificate request %s is created", unstrRes.GetName())
|
||||
|
||||
res, err := convertToCSR(unstrRes)
|
||||
if err != nil {
|
||||
|
|
@ -85,7 +86,7 @@ func (c *Client) submitAndApproveCertificateRequest(req *certificates.Certificat
|
|||
if err != nil {
|
||||
return nil, errors.New(fmt.Sprintf("Unable to approve certificate request: %v", err))
|
||||
}
|
||||
c.logger.Printf("Certificate request %s is approved", res.ObjectMeta.Name)
|
||||
glog.Infof("Certificate request %s is approved", res.ObjectMeta.Name)
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
|
@ -136,10 +137,10 @@ func (c *Client) ReadRootCASecret() (result []byte) {
|
|||
|
||||
result = tlsca.Data[rootCAKey]
|
||||
if len(result) == 0 {
|
||||
c.logger.Printf("root CA certificate not found in secret %s/%s", certProps.Namespace, tlsca.Name)
|
||||
glog.Warningf("root CA certificate not found in secret %s/%s", certProps.Namespace, tlsca.Name)
|
||||
return result
|
||||
}
|
||||
c.logger.Printf("using CA bundle defined in secret %s/%s to validate the webhook's server certificate", certProps.Namespace, tlsca.Name)
|
||||
glog.Infof("using CA bundle defined in secret %s/%s to validate the webhook's server certificate", certProps.Namespace, tlsca.Name)
|
||||
return result
|
||||
}
|
||||
|
||||
|
|
@ -151,7 +152,7 @@ func (c *Client) ReadTlsPair(props tls.TlsCertificateProps) *tls.TlsPemPair {
|
|||
sname := generateTLSPairSecretName(props)
|
||||
unstrSecret, err := c.GetResource(Secrets, props.Namespace, sname)
|
||||
if err != nil {
|
||||
c.logger.Printf("Unable to get secret %s/%s: %s", props.Namespace, sname, err)
|
||||
glog.Warningf("Unable to get secret %s/%s: %s", props.Namespace, sname, err)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -175,11 +176,11 @@ func (c *Client) ReadTlsPair(props tls.TlsCertificateProps) *tls.TlsPemPair {
|
|||
PrivateKey: secret.Data[v1.TLSPrivateKeyKey],
|
||||
}
|
||||
if len(pemPair.Certificate) == 0 {
|
||||
c.logger.Printf("TLS Certificate not found in secret %s/%s", props.Namespace, sname)
|
||||
glog.Warningf("TLS Certificate not found in secret %s/%s", props.Namespace, sname)
|
||||
return nil
|
||||
}
|
||||
if len(pemPair.PrivateKey) == 0 {
|
||||
c.logger.Printf("TLS PrivateKey not found in secret %s/%s", props.Namespace, sname)
|
||||
glog.Warningf("TLS PrivateKey not found in secret %s/%s", props.Namespace, sname)
|
||||
return nil
|
||||
}
|
||||
return &pemPair
|
||||
|
|
@ -209,7 +210,7 @@ func (c *Client) WriteTlsPair(props tls.TlsCertificateProps, pemPair *tls.TlsPem
|
|||
|
||||
_, err := c.CreateResource(Secrets, props.Namespace, secret)
|
||||
if err == nil {
|
||||
c.logger.Printf("Secret %s is created", name)
|
||||
glog.Infof("Secret %s is created", name)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
|
@ -225,7 +226,7 @@ func (c *Client) WriteTlsPair(props tls.TlsCertificateProps, pemPair *tls.TlsPem
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
c.logger.Printf("Secret %s is updated", name)
|
||||
glog.Infof("Secret %s is updated", name)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,10 +2,9 @@ package client
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
types "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
|
||||
"github.com/nirmata/kyverno/pkg/config"
|
||||
apps "k8s.io/api/apps/v1"
|
||||
|
|
@ -28,28 +27,22 @@ import (
|
|||
type Client struct {
|
||||
client dynamic.Interface
|
||||
cachedClient discovery.CachedDiscoveryInterface
|
||||
logger *log.Logger
|
||||
clientConfig *rest.Config
|
||||
kclient *kubernetes.Clientset
|
||||
}
|
||||
|
||||
func NewClient(config *rest.Config, logger *log.Logger) (*Client, error) {
|
||||
func NewClient(config *rest.Config) (*Client, error) {
|
||||
client, err := dynamic.NewForConfig(config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if logger == nil {
|
||||
logger = log.New(os.Stdout, "Client : ", log.LstdFlags)
|
||||
}
|
||||
|
||||
kclient, err := kubernetes.NewForConfig(config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &Client{
|
||||
logger: logger,
|
||||
client: client,
|
||||
clientConfig: config,
|
||||
kclient: kclient,
|
||||
|
|
@ -175,11 +168,11 @@ func ConvertToRuntimeObject(obj *unstructured.Unstructured) (*runtime.Object, er
|
|||
//GenerateSecret to generate secrets
|
||||
|
||||
func (c *Client) GenerateSecret(generator types.Generation, namespace string) error {
|
||||
c.logger.Printf("Preparing to create secret %s/%s", namespace, generator.Name)
|
||||
glog.Infof("Preparing to create secret %s/%s", namespace, generator.Name)
|
||||
secret := v1.Secret{}
|
||||
|
||||
if generator.CopyFrom != nil {
|
||||
c.logger.Printf("Copying data from secret %s/%s", generator.CopyFrom.Namespace, generator.CopyFrom.Name)
|
||||
glog.Infof("Copying data from secret %s/%s", generator.CopyFrom.Namespace, generator.CopyFrom.Name)
|
||||
// Get configMap resource
|
||||
unstrSecret, err := c.GetResource(Secrets, generator.CopyFrom.Namespace, generator.CopyFrom.Name)
|
||||
if err != nil {
|
||||
|
|
@ -215,11 +208,11 @@ func (c *Client) GenerateSecret(generator types.Generation, namespace string) er
|
|||
//TODO: make this generic for all resource type
|
||||
//GenerateConfigMap to generate configMap
|
||||
func (c *Client) GenerateConfigMap(generator types.Generation, namespace string) error {
|
||||
c.logger.Printf("Preparing to create configmap %s/%s", namespace, generator.Name)
|
||||
glog.Infof("Preparing to create configmap %s/%s", namespace, generator.Name)
|
||||
configMap := v1.ConfigMap{}
|
||||
|
||||
if generator.CopyFrom != nil {
|
||||
c.logger.Printf("Copying data from configmap %s/%s", generator.CopyFrom.Namespace, generator.CopyFrom.Name)
|
||||
glog.Infof("Copying data from configmap %s/%s", generator.CopyFrom.Namespace, generator.CopyFrom.Name)
|
||||
// Get configMap resource
|
||||
unstrConfigMap, err := c.GetResource(ConfigMaps, generator.CopyFrom.Namespace, generator.CopyFrom.Name)
|
||||
if err != nil {
|
||||
|
|
@ -281,7 +274,7 @@ func (c *Client) createConfigMapAfterNamespaceIsCreated(configMap v1.ConfigMap,
|
|||
_, err = c.CreateResource(ConfigMaps, namespace, configMap)
|
||||
}
|
||||
if err != nil {
|
||||
c.logger.Printf("Can't create a configmap: %s", err)
|
||||
glog.Errorf("Can't create a configmap: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -291,7 +284,7 @@ func (c *Client) createSecretAfterNamespaceIsCreated(secret v1.Secret, namespace
|
|||
_, err = c.CreateResource(Secrets, namespace, secret)
|
||||
}
|
||||
if err != nil {
|
||||
c.logger.Printf("Can't create a secret: %s", err)
|
||||
glog.Errorf("Can't create a secret: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ import (
|
|||
)
|
||||
|
||||
// As the logic to process the policies in stateless, we do not need to define struct and implement behaviors for it
|
||||
// Instead we expose them as standalone functions passing the logger and the required atrributes
|
||||
// Instead we expose them as standalone functions passing the required atrributes
|
||||
// The each function returns the changes that need to be applied on the resource
|
||||
// the caller is responsible to apply the changes to the resource
|
||||
|
||||
|
|
|
|||
|
|
@ -2,15 +2,15 @@ package engine
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
|
||||
"github.com/golang/glog"
|
||||
kubepolicy "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
|
||||
client "github.com/nirmata/kyverno/pkg/dclient"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// Generate should be called to process generate rules on the resource
|
||||
func Generate(client *client.Client, logger *log.Logger, policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) {
|
||||
func Generate(client *client.Client, policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) {
|
||||
// configMapGenerator and secretGenerator can be applied only to namespaces
|
||||
// TODO: support for any resource
|
||||
if gvk.Kind != "Namespace" {
|
||||
|
|
@ -21,13 +21,13 @@ func Generate(client *client.Client, logger *log.Logger, policy kubepolicy.Polic
|
|||
ok := ResourceMeetsDescription(rawResource, rule.ResourceDescription, gvk)
|
||||
|
||||
if !ok {
|
||||
logger.Printf("Rule is not applicable to the request: rule name = %s in policy %s \n", rule.Name, policy.ObjectMeta.Name)
|
||||
glog.Infof("Rule is not applicable to the request: rule name = %s in policy %s \n", rule.Name, policy.ObjectMeta.Name)
|
||||
continue
|
||||
}
|
||||
|
||||
err := applyRuleGenerator(client, rawResource, rule.Generation, gvk)
|
||||
if err != nil {
|
||||
logger.Printf("Failed to apply rule generator: %v", err)
|
||||
glog.Warningf("Failed to apply rule generator: %v", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -54,7 +54,6 @@ func applyRuleGenerator(client *client.Client, rawResource []byte, generator *ku
|
|||
if err != nil {
|
||||
return fmt.Errorf("Unable to apply generator for %s '%s/%s' : %v", generator.Kind, namespace, generator.Name, err)
|
||||
}
|
||||
|
||||
log.Printf("Successfully applied generator %s/%s", generator.Kind, generator.Name)
|
||||
glog.Infof("Successfully applied generator %s/%s", generator.Kind, generator.Name)
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
package engine
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"github.com/golang/glog"
|
||||
kubepolicy "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
|
@ -22,7 +21,7 @@ func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersio
|
|||
|
||||
ok := ResourceMeetsDescription(rawResource, rule.ResourceDescription, gvk)
|
||||
if !ok {
|
||||
log.Printf("Rule \"%s\" is not applicable to resource\n", rule.Name)
|
||||
glog.Infof("Rule \"%s\" is not applicable to resource\n", rule.Name)
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
@ -31,7 +30,7 @@ func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersio
|
|||
if rule.Mutation.Overlay != nil {
|
||||
overlayPatches, err := ProcessOverlay(policy, rawResource, gvk)
|
||||
if err != nil {
|
||||
log.Printf("Overlay application has failed for rule %s in policy %s, err: %v\n", rule.Name, policy.ObjectMeta.Name, err)
|
||||
glog.Warningf("Overlay application has failed for rule %s in policy %s, err: %v\n", rule.Name, policy.ObjectMeta.Name, err)
|
||||
} else {
|
||||
policyPatches = append(policyPatches, overlayPatches...)
|
||||
}
|
||||
|
|
@ -42,7 +41,7 @@ func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersio
|
|||
if rule.Mutation.Patches != nil {
|
||||
processedPatches, patchedDocument, err = ProcessPatches(rule.Mutation.Patches, patchedDocument)
|
||||
if err != nil {
|
||||
log.Printf("Patches application has failed for rule %s in policy %s, err: %v\n", rule.Name, policy.ObjectMeta.Name, err)
|
||||
glog.Warningf("Patches application has failed for rule %s in policy %s, err: %v\n", rule.Name, policy.ObjectMeta.Name, err)
|
||||
} else {
|
||||
policyPatches = append(policyPatches, processedPatches...)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@ package engine
|
|||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log"
|
||||
"reflect"
|
||||
"strconv"
|
||||
|
||||
jsonpatch "github.com/evanphx/json-patch"
|
||||
"github.com/golang/glog"
|
||||
|
||||
kubepolicy "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
|
@ -28,7 +28,7 @@ func ProcessOverlay(policy kubepolicy.Policy, rawResource []byte, gvk metav1.Gro
|
|||
|
||||
ok := ResourceMeetsDescription(rawResource, rule.ResourceDescription, gvk)
|
||||
if !ok {
|
||||
log.Printf("Rule \"%s\" is not applicable to resource\n", rule.Name)
|
||||
glog.Infof("Rule \"%s\" is not applicable to resource\n", rule.Name)
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@ package engine
|
|||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"log"
|
||||
|
||||
jsonpatch "github.com/evanphx/json-patch"
|
||||
"github.com/golang/glog"
|
||||
kubepolicy "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
|
||||
)
|
||||
|
||||
|
|
@ -32,7 +32,7 @@ func ProcessPatches(patches []kubepolicy.Patch, resource []byte) ([]PatchBytes,
|
|||
if patch.Operation == "remove" {
|
||||
continue
|
||||
}
|
||||
log.Printf("Patch failed: patch number = %d, patch Operation = %s, err: %v", i, patch.Operation, err)
|
||||
glog.Warningf("Patch failed: patch number = %d, patch Operation = %s, err: %v", i, patch.Operation, err)
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,12 +2,13 @@ package engine
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"math"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/golang/glog"
|
||||
|
||||
"github.com/minio/minio/pkg/wildcard"
|
||||
)
|
||||
|
||||
|
|
@ -35,7 +36,7 @@ func ValidateValueWithPattern(value, pattern interface{}) bool {
|
|||
case bool:
|
||||
typedValue, ok := value.(bool)
|
||||
if !ok {
|
||||
log.Printf("Expected bool, found %T", value)
|
||||
glog.Warningf("Expected bool, found %T", value)
|
||||
return false
|
||||
}
|
||||
return typedPattern == typedValue
|
||||
|
|
@ -50,10 +51,10 @@ func ValidateValueWithPattern(value, pattern interface{}) bool {
|
|||
case nil:
|
||||
return validateValueWithNilPattern(value)
|
||||
case map[string]interface{}, []interface{}:
|
||||
log.Println("Maps and arrays as patterns are not supported")
|
||||
glog.Warning("Maps and arrays as patterns are not supported")
|
||||
return false
|
||||
default:
|
||||
log.Printf("Unknown type as pattern: %T\n", pattern)
|
||||
glog.Warningf("Unknown type as pattern: %T\n", pattern)
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
|
@ -70,10 +71,10 @@ func validateValueWithIntPattern(value interface{}, pattern int64) bool {
|
|||
return int64(typedValue) == pattern
|
||||
}
|
||||
|
||||
log.Printf("Expected int, found float: %f\n", typedValue)
|
||||
glog.Warningf("Expected int, found float: %f\n", typedValue)
|
||||
return false
|
||||
default:
|
||||
log.Printf("Expected int, found: %T\n", value)
|
||||
glog.Warningf("Expected int, found: %T\n", value)
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
|
@ -86,12 +87,12 @@ func validateValueWithFloatPattern(value interface{}, pattern float64) bool {
|
|||
return int(pattern) == value
|
||||
}
|
||||
|
||||
log.Printf("Expected float, found int: %d\n", typedValue)
|
||||
glog.Warningf("Expected float, found int: %d\n", typedValue)
|
||||
return false
|
||||
case float64:
|
||||
return typedValue == pattern
|
||||
default:
|
||||
log.Printf("Expected float, found: %T\n", value)
|
||||
glog.Warningf("Expected float, found: %T\n", value)
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
|
@ -111,10 +112,10 @@ func validateValueWithNilPattern(value interface{}) bool {
|
|||
case nil:
|
||||
return true
|
||||
case map[string]interface{}, []interface{}:
|
||||
log.Println("Maps and arrays could not be checked with nil pattern")
|
||||
glog.Warningf("Maps and arrays could not be checked with nil pattern")
|
||||
return false
|
||||
default:
|
||||
log.Printf("Unknown type as value when checking for nil pattern: %T\n", value)
|
||||
glog.Warningf("Unknown type as value when checking for nil pattern: %T\n", value)
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
|
@ -147,7 +148,7 @@ func validateString(value interface{}, pattern string, operator Operator) bool {
|
|||
if NotEqual == operator || Equal == operator {
|
||||
strValue, ok := value.(string)
|
||||
if !ok {
|
||||
log.Printf("Expected string, found %T\n", value)
|
||||
glog.Warningf("Expected string, found %T\n", value)
|
||||
return false
|
||||
}
|
||||
|
||||
|
|
@ -160,7 +161,7 @@ func validateString(value interface{}, pattern string, operator Operator) bool {
|
|||
return wildcardResult
|
||||
}
|
||||
|
||||
log.Println("Operators >, >=, <, <= are not applicable to strings")
|
||||
glog.Warningf("Operators >, >=, <, <= are not applicable to strings")
|
||||
return false
|
||||
}
|
||||
|
||||
|
|
@ -168,13 +169,13 @@ func validateNumberWithStr(value interface{}, patternNumber, patternStr string,
|
|||
if "" != patternStr {
|
||||
typedValue, ok := value.(string)
|
||||
if !ok {
|
||||
log.Printf("Number must have suffix: %s", patternStr)
|
||||
glog.Warningf("Number must have suffix: %s", patternStr)
|
||||
return false
|
||||
}
|
||||
|
||||
valueNumber, valueStr := getNumberAndStringPartsFromPattern(typedValue)
|
||||
if !wildcard.Match(patternStr, valueStr) {
|
||||
log.Printf("Suffix %s has not passed wildcard check: %s", valueStr, patternStr)
|
||||
glog.Warningf("Suffix %s has not passed wildcard check: %s", valueStr, patternStr)
|
||||
return false
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@ package engine
|
|||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log"
|
||||
|
||||
"github.com/golang/glog"
|
||||
kubepolicy "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
|
@ -25,7 +25,7 @@ func Validate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVers
|
|||
|
||||
ok := ResourceMeetsDescription(rawResource, rule.ResourceDescription, gvk)
|
||||
if !ok {
|
||||
log.Printf("Rule \"%s\" is not applicable to resource\n", rule.Name)
|
||||
glog.Infof("Rule \"%s\" is not applicable to resource\n", rule.Name)
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,10 +2,9 @@ package event
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
|
||||
policyscheme "github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
|
||||
v1alpha1 "github.com/nirmata/kyverno/pkg/client/listers/policy/v1alpha1"
|
||||
|
|
@ -26,7 +25,6 @@ type controller struct {
|
|||
policyLister v1alpha1.PolicyLister
|
||||
queue workqueue.RateLimitingInterface
|
||||
recorder record.EventRecorder
|
||||
logger *log.Logger
|
||||
}
|
||||
|
||||
//Generator to generate event
|
||||
|
|
@ -43,19 +41,13 @@ type Controller interface {
|
|||
|
||||
//NewEventController to generate a new event controller
|
||||
func NewEventController(client *client.Client,
|
||||
shareInformer sharedinformer.PolicyInformer,
|
||||
logger *log.Logger) Controller {
|
||||
|
||||
if logger == nil {
|
||||
logger = log.New(os.Stdout, "Event Controller: ", log.LstdFlags)
|
||||
}
|
||||
shareInformer sharedinformer.PolicyInformer) Controller {
|
||||
|
||||
controller := &controller{
|
||||
client: client,
|
||||
policyLister: shareInformer.GetLister(),
|
||||
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), eventWorkQueueName),
|
||||
recorder: initRecorder(client),
|
||||
logger: logger,
|
||||
}
|
||||
return controller
|
||||
}
|
||||
|
|
@ -68,7 +60,7 @@ func initRecorder(client *client.Client) record.EventRecorder {
|
|||
return nil
|
||||
}
|
||||
eventBroadcaster := record.NewBroadcaster()
|
||||
eventBroadcaster.StartLogging(log.Printf)
|
||||
eventBroadcaster.StartLogging(glog.Infof)
|
||||
eventInterface, err := client.GetEventsInterface()
|
||||
if err != nil {
|
||||
utilruntime.HandleError(err) // TODO: add more specific error
|
||||
|
|
@ -94,11 +86,11 @@ func (c *controller) Run(stopCh <-chan struct{}) {
|
|||
for i := 0; i < eventWorkerThreadCount; i++ {
|
||||
go wait.Until(c.runWorker, time.Second, stopCh)
|
||||
}
|
||||
c.logger.Println("Started eventbuilder controller workers")
|
||||
glog.Info("Started eventbuilder controller workers")
|
||||
}
|
||||
|
||||
func (c *controller) Stop() {
|
||||
c.logger.Println("Shutting down eventbuilder controller workers")
|
||||
glog.Info("Shutting down eventbuilder controller workers")
|
||||
}
|
||||
func (c *controller) runWorker() {
|
||||
for c.processNextWorkItem() {
|
||||
|
|
@ -116,7 +108,7 @@ func (c *controller) processNextWorkItem() bool {
|
|||
var ok bool
|
||||
if key, ok = obj.(Info); !ok {
|
||||
c.queue.Forget(obj)
|
||||
c.logger.Printf("Expecting type info by got %v\n", obj)
|
||||
glog.Warningf("Expecting type info by got %v\n", obj)
|
||||
return nil
|
||||
}
|
||||
// Run the syncHandler, passing the resource and the policy
|
||||
|
|
@ -128,7 +120,7 @@ func (c *controller) processNextWorkItem() bool {
|
|||
}(obj)
|
||||
|
||||
if err != nil {
|
||||
c.logger.Println((err))
|
||||
glog.Warning(err)
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import (
|
|||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/golang/glog"
|
||||
kubepolicy "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
|
||||
"github.com/nirmata/kyverno/pkg/engine"
|
||||
"github.com/spf13/cobra"
|
||||
|
|
@ -29,9 +30,9 @@ func NewCmdApply(in io.Reader, out, errout io.Writer) *cobra.Command {
|
|||
Short: "Apply policy on the resource(s)",
|
||||
Example: applyExample,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
defer glog.Flush()
|
||||
var output string
|
||||
policy, resources := complete(args)
|
||||
|
||||
for _, resource := range resources {
|
||||
patchedDocument, err := applyPolicy(policy, resource.rawResource, resource.gvk)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -2,9 +2,8 @@ package violation
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
|
||||
"github.com/golang/glog"
|
||||
types "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
|
||||
v1alpha1 "github.com/nirmata/kyverno/pkg/client/listers/policy/v1alpha1"
|
||||
client "github.com/nirmata/kyverno/pkg/dclient"
|
||||
|
|
@ -23,7 +22,6 @@ type builder struct {
|
|||
client *client.Client
|
||||
policyLister v1alpha1.PolicyLister
|
||||
eventBuilder event.Generator
|
||||
logger *log.Logger
|
||||
}
|
||||
|
||||
//Builder is to build policy violations
|
||||
|
|
@ -36,18 +34,12 @@ type Builder interface {
|
|||
//NewPolicyViolationBuilder returns new violation builder
|
||||
func NewPolicyViolationBuilder(client *client.Client,
|
||||
sharedInfomer sharedinformer.PolicyInformer,
|
||||
eventController event.Generator,
|
||||
logger *log.Logger) Builder {
|
||||
|
||||
if logger == nil {
|
||||
logger = log.New(os.Stdout, "Violation Builder: ", log.LstdFlags)
|
||||
}
|
||||
eventController event.Generator) Builder {
|
||||
|
||||
builder := &builder{
|
||||
client: client,
|
||||
policyLister: sharedInfomer.GetLister(),
|
||||
eventBuilder: eventController,
|
||||
logger: logger,
|
||||
}
|
||||
return builder
|
||||
}
|
||||
|
|
@ -81,7 +73,7 @@ func (b *builder) processViolation(info Info) error {
|
|||
continue
|
||||
}
|
||||
if !ok {
|
||||
b.logger.Printf("removed violation")
|
||||
glog.Info("removed violation")
|
||||
}
|
||||
}
|
||||
// If violation already exists for this rule, we update the violation
|
||||
|
|
|
|||
|
|
@ -7,11 +7,10 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/nirmata/kyverno/pkg/client/listers/policy/v1alpha1"
|
||||
"github.com/nirmata/kyverno/pkg/config"
|
||||
client "github.com/nirmata/kyverno/pkg/dclient"
|
||||
|
|
@ -29,7 +28,6 @@ type WebhookServer struct {
|
|||
server http.Server
|
||||
client *client.Client
|
||||
policyLister v1alpha1.PolicyLister
|
||||
logger *log.Logger
|
||||
}
|
||||
|
||||
// NewWebhookServer creates new instance of WebhookServer accordingly to given configuration
|
||||
|
|
@ -37,11 +35,7 @@ type WebhookServer struct {
|
|||
func NewWebhookServer(
|
||||
client *client.Client,
|
||||
tlsPair *tlsutils.TlsPemPair,
|
||||
shareInformer sharedinformer.PolicyInformer,
|
||||
logger *log.Logger) (*WebhookServer, error) {
|
||||
if logger == nil {
|
||||
logger = log.New(os.Stdout, "Webhook Server: ", log.LstdFlags)
|
||||
}
|
||||
shareInformer sharedinformer.PolicyInformer) (*WebhookServer, error) {
|
||||
|
||||
if tlsPair == nil {
|
||||
return nil, errors.New("NewWebhookServer is not initialized properly")
|
||||
|
|
@ -57,7 +51,6 @@ func NewWebhookServer(
|
|||
ws := &WebhookServer{
|
||||
client: client,
|
||||
policyLister: shareInformer.GetLister(),
|
||||
logger: logger,
|
||||
}
|
||||
|
||||
mux := http.NewServeMux()
|
||||
|
|
@ -68,7 +61,6 @@ func NewWebhookServer(
|
|||
Addr: ":443", // Listen on port for HTTPS requests
|
||||
TLSConfig: &tlsConfig,
|
||||
Handler: mux,
|
||||
ErrorLog: logger,
|
||||
ReadTimeout: 15 * time.Second,
|
||||
WriteTimeout: 15 * time.Second,
|
||||
}
|
||||
|
|
@ -112,11 +104,10 @@ func (ws *WebhookServer) RunAsync() {
|
|||
go func(ws *WebhookServer) {
|
||||
err := ws.server.ListenAndServeTLS("", "")
|
||||
if err != nil {
|
||||
ws.logger.Fatal(err)
|
||||
glog.Fatal(err)
|
||||
}
|
||||
}(ws)
|
||||
|
||||
ws.logger.Printf("Started Webhook Server")
|
||||
glog.Info("Started Webhook Server")
|
||||
}
|
||||
|
||||
// Stop TLS server and returns control after the server is shut down
|
||||
|
|
@ -124,25 +115,26 @@ func (ws *WebhookServer) Stop() {
|
|||
err := ws.server.Shutdown(context.Background())
|
||||
if err != nil {
|
||||
// Error from closing listeners, or context timeout:
|
||||
ws.logger.Printf("Server Shutdown error: %v", err)
|
||||
glog.Info("Server Shutdown error: %v", err)
|
||||
ws.server.Close()
|
||||
}
|
||||
}
|
||||
|
||||
// HandleMutation handles mutating webhook admission request
|
||||
func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
|
||||
ws.logger.Printf("Handling mutation for Kind=%s, Namespace=%s Name=%s UID=%s patchOperation=%s",
|
||||
glog.Infof("Handling mutation for Kind=%s, Namespace=%s Name=%s UID=%s patchOperation=%s",
|
||||
request.Kind.Kind, request.Namespace, request.Name, request.UID, request.Operation)
|
||||
|
||||
policies, err := ws.policyLister.List(labels.NewSelector())
|
||||
if err != nil {
|
||||
ws.logger.Printf("%v", err)
|
||||
glog.Warning(err)
|
||||
return nil
|
||||
}
|
||||
|
||||
var allPatches []engine.PatchBytes
|
||||
for _, policy := range policies {
|
||||
ws.logger.Printf("Applying policy %s with %d rules\n", policy.ObjectMeta.Name, len(policy.Spec.Rules))
|
||||
|
||||
glog.Infof("Applying policy %s with %d rules\n", policy.ObjectMeta.Name, len(policy.Spec.Rules))
|
||||
|
||||
policyPatches, _ := engine.Mutate(*policy, request.Object.Raw, request.Kind)
|
||||
allPatches = append(allPatches, policyPatches...)
|
||||
|
|
@ -150,7 +142,7 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) *v1be
|
|||
if len(policyPatches) > 0 {
|
||||
namespace := engine.ParseNamespaceFromObject(request.Object.Raw)
|
||||
name := engine.ParseNameFromObject(request.Object.Raw)
|
||||
ws.logger.Printf("Mutation from policy %s has applied to %s %s/%s", policy.Name, request.Kind.Kind, namespace, name)
|
||||
glog.Infof("Mutation from policy %s has applied to %s %s/%s", policy.Name, request.Kind.Kind, namespace, name)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -164,22 +156,22 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) *v1be
|
|||
|
||||
// HandleValidation handles validating webhook admission request
|
||||
func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
|
||||
ws.logger.Printf("Handling validation for Kind=%s, Namespace=%s Name=%s UID=%s patchOperation=%s",
|
||||
glog.Infof("Handling validation for Kind=%s, Namespace=%s Name=%s UID=%s patchOperation=%s",
|
||||
request.Kind.Kind, request.Namespace, request.Name, request.UID, request.Operation)
|
||||
|
||||
policies, err := ws.policyLister.List(labels.NewSelector())
|
||||
if err != nil {
|
||||
ws.logger.Printf("%v", err)
|
||||
glog.Warning(err)
|
||||
return nil
|
||||
}
|
||||
|
||||
for _, policy := range policies {
|
||||
// validation
|
||||
ws.logger.Printf("Validating resource with policy %s with %d rules", policy.ObjectMeta.Name, len(policy.Spec.Rules))
|
||||
glog.Infof("Validating resource with policy %s with %d rules", policy.ObjectMeta.Name, len(policy.Spec.Rules))
|
||||
|
||||
if err := engine.Validate(*policy, request.Object.Raw, request.Kind); err != nil {
|
||||
message := fmt.Sprintf("validation has failed: %s", err.Error())
|
||||
ws.logger.Println(message)
|
||||
glog.Warning(message)
|
||||
|
||||
return &v1beta1.AdmissionResponse{
|
||||
Allowed: false,
|
||||
|
|
@ -190,10 +182,9 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1
|
|||
}
|
||||
|
||||
// generation
|
||||
engine.Generate(ws.client, ws.logger, *policy, request.Object.Raw, request.Kind)
|
||||
engine.Generate(ws.client, *policy, request.Object.Raw, request.Kind)
|
||||
}
|
||||
|
||||
ws.logger.Println("Validation is successful")
|
||||
glog.Info("Validation is successful")
|
||||
return &v1beta1.AdmissionResponse{
|
||||
Allowed: true,
|
||||
}
|
||||
|
|
@ -210,21 +201,21 @@ func (ws *WebhookServer) bodyToAdmissionReview(request *http.Request, writer htt
|
|||
}
|
||||
}
|
||||
if len(body) == 0 {
|
||||
ws.logger.Print("Error: empty body")
|
||||
glog.Error("Error: empty body")
|
||||
http.Error(writer, "empty body", http.StatusBadRequest)
|
||||
return nil
|
||||
}
|
||||
|
||||
contentType := request.Header.Get("Content-Type")
|
||||
if contentType != "application/json" {
|
||||
ws.logger.Printf("Error: invalid Content-Type: %v", contentType)
|
||||
glog.Error("Error: invalid Content-Type: %v", contentType)
|
||||
http.Error(writer, "invalid Content-Type, expect `application/json`", http.StatusUnsupportedMediaType)
|
||||
return nil
|
||||
}
|
||||
|
||||
admissionReview := &v1beta1.AdmissionReview{}
|
||||
if err := json.Unmarshal(body, &admissionReview); err != nil {
|
||||
ws.logger.Printf("Error: Can't decode body as AdmissionReview: %v", err)
|
||||
glog.Errorf("Error: Can't decode body as AdmissionReview: %v", err)
|
||||
http.Error(writer, "Can't decode body as AdmissionReview", http.StatusExpectationFailed)
|
||||
return nil
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue