From c2e388a71c1f9d903e8d925bb74f27502405e924 Mon Sep 17 00:00:00 2001 From: Vishal Choudhary Date: Fri, 5 Jan 2024 11:56:25 +0530 Subject: [PATCH] fix: update CLI to use store for fetching regclient (#9315) * fix: use docker keychain as default in 1.11 Signed-off-by: Vishal Choudhary * feat: use store to get registry client Signed-off-by: Vishal Choudhary * fix: use kyverno as username Signed-off-by: Vishal Choudhary * fix: missed cli-test Signed-off-by: Vishal Choudhary * feat: changed location Signed-off-by: Vishal Choudhary * fix: undo test Signed-off-by: Vishal Choudhary --------- Signed-off-by: Vishal Choudhary Co-authored-by: Jim Bugwadia Co-authored-by: shuting --- cmd/cli/kubectl-kyverno/commands/apply/command.go | 11 ----------- cmd/cli/kubectl-kyverno/commands/test/test.go | 2 -- cmd/cli/kubectl-kyverno/processor/policy_processor.go | 7 +++++-- .../processor/policy_processor_test.go | 2 -- 4 files changed, 5 insertions(+), 17 deletions(-) diff --git a/cmd/cli/kubectl-kyverno/commands/apply/command.go b/cmd/cli/kubectl-kyverno/commands/apply/command.go index e8d98bc61f..5b2fbbea10 100644 --- a/cmd/cli/kubectl-kyverno/commands/apply/command.go +++ b/cmd/cli/kubectl-kyverno/commands/apply/command.go @@ -29,7 +29,6 @@ import ( "github.com/kyverno/kyverno/pkg/clients/dclient" "github.com/kyverno/kyverno/pkg/config" engineapi "github.com/kyverno/kyverno/pkg/engine/api" - "github.com/kyverno/kyverno/pkg/registryclient" gitutils "github.com/kyverno/kyverno/pkg/utils/git" policyvalidation "github.com/kyverno/kyverno/pkg/validation/policy" "github.com/spf13/cobra" @@ -166,13 +165,6 @@ func (c *ApplyCommandConfig) applyCommandHelper(out io.Writer) (*processor.Resul fmt.Fprintf(out, "\nApplying %d policy rule(s) to %d resource(s)...\n", policyRulesCount, len(resources)) } - var regOpts []registryclient.Option - if c.RegistryAccess { - regOpts = append(regOpts, registryclient.WithLocalKeychain()) - } - - rclient := registryclient.NewOrDie(regOpts...) - rc, resources1, responses1, err = c.applyPolicytoResource( out, &store, @@ -183,7 +175,6 @@ func (c *ApplyCommandConfig) applyCommandHelper(out io.Writer) (*processor.Resul dClient, userInfo, mutateLogPathIsDir, - rclient, ) if err != nil { return rc, resources1, skipInvalidPolicies, responses1, err @@ -241,7 +232,6 @@ func (c *ApplyCommandConfig) applyPolicytoResource( dClient dclient.Interface, userInfo *v1beta1.RequestInfo, mutateLogPathIsDir bool, - rclient registryclient.Client, ) (*processor.ResultCounts, []*unstructured.Unstructured, []engineapi.EngineResponse, error) { if vars != nil { vars.SetInStore(store) @@ -283,7 +273,6 @@ func (c *ApplyCommandConfig) applyPolicytoResource( AuditWarn: c.AuditWarn, Subresources: vars.Subresources(), Out: out, - RegistryClient: rclient, } ers, err := processor.ApplyPoliciesOnResource() if err != nil { diff --git a/cmd/cli/kubectl-kyverno/commands/test/test.go b/cmd/cli/kubectl-kyverno/commands/test/test.go index ef5b345bd8..44f3454dfb 100644 --- a/cmd/cli/kubectl-kyverno/commands/test/test.go +++ b/cmd/cli/kubectl-kyverno/commands/test/test.go @@ -23,7 +23,6 @@ import ( "github.com/kyverno/kyverno/pkg/clients/dclient" "github.com/kyverno/kyverno/pkg/config" engineapi "github.com/kyverno/kyverno/pkg/engine/api" - "github.com/kyverno/kyverno/pkg/registryclient" policyvalidation "github.com/kyverno/kyverno/pkg/validation/policy" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" ) @@ -154,7 +153,6 @@ func runTest(out io.Writer, testCase test.TestCase, registryAccess bool, auditWa Client: dClient, Subresources: vars.Subresources(), Out: out, - RegistryClient: registryclient.NewOrDie(), } ers, err := processor.ApplyPoliciesOnResource() if err != nil { diff --git a/cmd/cli/kubectl-kyverno/processor/policy_processor.go b/cmd/cli/kubectl-kyverno/processor/policy_processor.go index 689c285330..e95356fad5 100644 --- a/cmd/cli/kubectl-kyverno/processor/policy_processor.go +++ b/cmd/cli/kubectl-kyverno/processor/policy_processor.go @@ -52,7 +52,6 @@ type PolicyProcessor struct { AuditWarn bool Subresources []v1alpha1.Subresource Out io.Writer - RegistryClient registryclient.Client } func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse, error) { @@ -65,12 +64,16 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse, client = adapters.Client(p.Client) } + rclient := p.Store.GetRegistryClient() + if rclient == nil { + rclient = registryclient.NewOrDie() + } eng := engine.NewEngine( cfg, config.NewDefaultMetricsConfiguration(), jmespath.New(cfg), client, - factories.DefaultRegistryClientFactory(adapters.RegistryClient(p.RegistryClient), nil), + factories.DefaultRegistryClientFactory(adapters.RegistryClient(rclient), nil), imageverifycache.DisabledImageVerifyCache(), store.ContextLoaderFactory(p.Store, nil), nil, diff --git a/cmd/cli/kubectl-kyverno/processor/policy_processor_test.go b/cmd/cli/kubectl-kyverno/processor/policy_processor_test.go index c30e75e573..bf65fc4f66 100644 --- a/cmd/cli/kubectl-kyverno/processor/policy_processor_test.go +++ b/cmd/cli/kubectl-kyverno/processor/policy_processor_test.go @@ -6,7 +6,6 @@ import ( "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store" - "github.com/kyverno/kyverno/pkg/registryclient" yamlutils "github.com/kyverno/kyverno/pkg/utils/yaml" "gotest.tools/assert" ) @@ -117,7 +116,6 @@ func Test_NamespaceSelector(t *testing.T) { NamespaceSelectorMap: tc.namespaceSelectorMap, Rc: rc, Out: os.Stdout, - RegistryClient: registryclient.NewOrDie(), } processor.ApplyPoliciesOnResource() assert.Equal(t, int64(rc.Pass()), int64(tc.result.pass))