1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-13 19:28:55 +00:00

feat: propagate context to dynamic client (#5495)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-11-29 14:59:40 +01:00 committed by GitHub
parent c6faee2559
commit c3be9e36a5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 154 additions and 136 deletions

View file

@ -8,6 +8,7 @@ import (
"github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/engine/variables"
"github.com/kyverno/kyverno/pkg/policy/generate"
"golang.org/x/net/context"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/client-go/discovery"
@ -35,12 +36,12 @@ func NewCleanup(client dclient.Interface, cleanup kyvernov1alpha1.CleanupPolicyS
}
// canIDelete returns a error if kyverno cannot perform operations
func (c *Cleanup) CanIDelete(kind, namespace string) error {
func (c *Cleanup) CanIDelete(ctx context.Context, kind, namespace string) error {
// Skip if there is variable defined
authCheck := c.authCheck
if !variables.IsVariable(kind) && !variables.IsVariable(namespace) {
// DELETE
ok, err := authCheck.CanIDelete(kind, namespace)
ok, err := authCheck.CanIDelete(ctx, kind, namespace)
if err != nil {
// machinery error
return err

View file

@ -193,7 +193,7 @@ func getResourcesOfTypeFromCluster(resourceTypes []string, dClient dclient.Inter
r := make(map[string]*unstructured.Unstructured)
for _, kind := range resourceTypes {
resourceList, err := dClient.ListResource("", kind, namespace, nil)
resourceList, err := dClient.ListResource(context.TODO(), "", kind, namespace, nil)
if err != nil {
continue
}

View file

@ -1,6 +1,7 @@
package auth
import (
"context"
"fmt"
"reflect"
@ -18,7 +19,7 @@ type CanIOptions interface {
// - group version resource is determined from the kind using the discovery client REST mapper
// - If disallowed, the reason and evaluationError is available in the logs
// - each can generates a SelfSubjectAccessReview resource and response is evaluated for permissions
RunAccessCheck() (bool, error)
RunAccessCheck(context.Context) (bool, error)
}
type canIOptions struct {
@ -44,7 +45,7 @@ func NewCanI(client dclient.Interface, kind, namespace, verb string) CanIOptions
// - group version resource is determined from the kind using the discovery client REST mapper
// - If disallowed, the reason and evaluationError is available in the logs
// - each can generates a SelfSubjectAccessReview resource and response is evaluated for permissions
func (o *canIOptions) RunAccessCheck() (bool, error) {
func (o *canIOptions) RunAccessCheck(ctx context.Context) (bool, error) {
// get GroupVersionResource from RESTMapper
// get GVR from kind
gvr, err := o.client.Discovery().GetGVRFromKind(o.kind)
@ -75,7 +76,7 @@ func (o *canIOptions) RunAccessCheck() (bool, error) {
logger := logger.WithValues("kind", sar.Kind, "namespace", sar.Namespace, "name", sar.Name)
// Create the Resource
resp, err := o.client.CreateResource("", "SelfSubjectAccessReview", "", sar, false)
resp, err := o.client.CreateResource(ctx, "", "SelfSubjectAccessReview", "", sar, false)
if err != nil {
logger.Error(err, "failed to create resource")
return false, err

View file

@ -1,6 +1,7 @@
package auth
import (
"context"
"testing"
"github.com/kyverno/kyverno/pkg/clients/dclient"
@ -80,7 +81,7 @@ func TestCanIOptions_RunAccessCheck(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
o := NewCanI(tt.fields.client, tt.fields.kind, tt.fields.namespace, tt.fields.verb)
got, err := o.RunAccessCheck()
got, err := o.RunAccessCheck(context.TODO())
if tt.wantErr {
assert.Error(t, err)
} else {

View file

@ -1,6 +1,7 @@
package common
import (
"context"
"fmt"
"time"
@ -20,7 +21,7 @@ func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSp
if resourceSpec.Kind == "Namespace" {
resourceSpec.Namespace = ""
}
resource, err := client.GetResource(resourceSpec.APIVersion, resourceSpec.Kind, resourceSpec.Namespace, resourceSpec.Name)
resource, err := client.GetResource(context.TODO(), resourceSpec.APIVersion, resourceSpec.Kind, resourceSpec.Namespace, resourceSpec.Name)
if err != nil {
if urSpec.Type == kyvernov1beta1.Mutate && errors.IsNotFound(err) && urSpec.Context.AdmissionRequestInfo.Operation == admissionv1.Delete {
log.V(4).Info("trigger resource does not exist for mutateExisting rule", "operation", urSpec.Context.AdmissionRequestInfo.Operation)

View file

@ -1,7 +1,7 @@
package generate
import (
contextdefault "context"
"context"
"encoding/json"
"errors"
"fmt"
@ -22,7 +22,7 @@ import (
pkgcommon "github.com/kyverno/kyverno/pkg/common"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine"
"github.com/kyverno/kyverno/pkg/engine/context"
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
"github.com/kyverno/kyverno/pkg/engine/response"
"github.com/kyverno/kyverno/pkg/engine/utils"
"github.com/kyverno/kyverno/pkg/engine/variables"
@ -121,7 +121,7 @@ func (c *GenerateController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {
// - trigger-resource is deleted
// - generated-resources are deleted
// - > Now delete the UpdateRequest CR
return c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(contextdefault.TODO(), ur.Name, metav1.DeleteOptions{})
return c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), ur.Name, metav1.DeleteOptions{})
} else {
time.Sleep(time.Second * time.Duration(sleepCountInt))
incrementedCountString := strconv.Itoa(sleepCountInt)
@ -134,7 +134,7 @@ func (c *GenerateController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {
}
ur.SetAnnotations(urAnnotations)
_, err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Update(contextdefault.TODO(), ur, metav1.UpdateOptions{})
_, err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Update(context.TODO(), ur, metav1.UpdateOptions{})
if err != nil {
logger.Error(err, "failed to update annotation in update request for the resource", "update request", ur.Name, "resourceVersion", ur.GetResourceVersion())
return err
@ -219,7 +219,7 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
}
for _, v := range urList {
err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(contextdefault.TODO(), v.GetName(), metav1.DeleteOptions{})
err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), v.GetName(), metav1.DeleteOptions{})
if err != nil {
logger.Error(err, "failed to delete update request")
}
@ -235,7 +235,7 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
// cleanupClonedResource deletes cloned resource if sync is not enabled for the clone policy
func (c *GenerateController) cleanupClonedResource(targetSpec kyvernov1.ResourceSpec) error {
target, err := c.client.GetResource(targetSpec.APIVersion, targetSpec.Kind, targetSpec.Namespace, targetSpec.Name)
target, err := c.client.GetResource(context.TODO(), targetSpec.APIVersion, targetSpec.Kind, targetSpec.Namespace, targetSpec.Name)
if err != nil {
if !apierrors.IsNotFound(err) {
return fmt.Errorf("failed to find generated resource %s/%s: %v", targetSpec.Namespace, targetSpec.Name, err)
@ -251,7 +251,7 @@ func (c *GenerateController) cleanupClonedResource(targetSpec kyvernov1.Resource
clone := labels["generate.kyverno.io/clone-policy-name"] != ""
if syncEnabled && !clone {
if err := c.client.DeleteResource(target.GetAPIVersion(), target.GetKind(), target.GetNamespace(), target.GetName(), false); err != nil {
if err := c.client.DeleteResource(context.TODO(), target.GetAPIVersion(), target.GetKind(), target.GetNamespace(), target.GetName(), false); err != nil {
return fmt.Errorf("cloned resource is not deleted %s/%s: %v", targetSpec.Namespace, targetSpec.Name, err)
}
}
@ -407,7 +407,7 @@ func getResourceInfoForDataAndClone(rule kyvernov1.Rule) (kind, name, namespace,
return
}
func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, resource unstructured.Unstructured, ctx context.EvalInterface, policy kyvernov1.PolicyInterface, ur kyvernov1beta1.UpdateRequest) ([]kyvernov1.ResourceSpec, error) {
func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, resource unstructured.Unstructured, ctx enginecontext.EvalInterface, policy kyvernov1.PolicyInterface, ur kyvernov1beta1.UpdateRequest) ([]kyvernov1.ResourceSpec, error) {
rdatas := []GenerateResponse{}
var cresp, dresp map[string]interface{}
var err error
@ -507,7 +507,7 @@ func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, r
newResource.SetLabels(label)
// Create the resource
_, err = client.CreateResource(rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, newResource, false)
_, err = client.CreateResource(context.TODO(), rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, newResource, false)
if err != nil {
if !apierrors.IsAlreadyExists(err) {
newGenResources = append(newGenResources, noGenResource)
@ -517,11 +517,11 @@ func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, r
logger.V(2).Info("created generate target resource")
newGenResources = append(newGenResources, newGenResource(rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, rdata.GenName))
} else if rdata.Action == Update {
generatedObj, err := client.GetResource(rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, rdata.GenName)
generatedObj, err := client.GetResource(context.TODO(), rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, rdata.GenName)
if err != nil {
logger.Error(err, fmt.Sprintf("generated resource not found name:%v namespace:%v kind:%v", genName, genNamespace, genKind))
logger.V(2).Info(fmt.Sprintf("creating generate resource name:name:%v namespace:%v kind:%v", genName, genNamespace, genKind))
_, err = client.CreateResource(rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, newResource, false)
_, err = client.CreateResource(context.TODO(), rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, newResource, false)
if err != nil {
newGenResources = append(newGenResources, noGenResource)
return newGenResources, err
@ -543,7 +543,7 @@ func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, r
}
if _, err := ValidateResourceWithPattern(logger, generatedObj.Object, newResource.Object); err != nil {
_, err = client.UpdateResource(rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, newResource, false)
_, err = client.UpdateResource(context.TODO(), rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, newResource, false)
if err != nil {
logger.Error(err, "failed to update resource")
newGenResources = append(newGenResources, noGenResource)
@ -561,7 +561,7 @@ func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, r
currentGeneratedResourcelabel["policy.kyverno.io/synchronize"] = "disable"
generatedObj.SetLabels(currentGeneratedResourcelabel)
_, err = client.UpdateResource(rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, generatedObj, false)
_, err = client.UpdateResource(context.TODO(), rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, generatedObj, false)
if err != nil {
logger.Error(err, "failed to update label in existing resource")
newGenResources = append(newGenResources, noGenResource)
@ -593,7 +593,7 @@ func manageData(log logr.Logger, apiVersion, kind, namespace, name string, data
return nil, Skip, err
}
obj, err := client.GetResource(apiVersion, kind, namespace, name)
obj, err := client.GetResource(context.TODO(), apiVersion, kind, namespace, name)
if err != nil {
if apierrors.IsNotFound(err) && len(ur.Status.GeneratedResources) != 0 && !synchronize {
log.V(4).Info("synchronize is disable - skip re-create", "resource", obj)
@ -637,13 +637,13 @@ func manageClone(log logr.Logger, apiVersion, kind, namespace, name, policy stri
}
// check if the resource as reference in clone exists?
obj, err := client.GetResource(apiVersion, kind, rNamespace, rName)
obj, err := client.GetResource(context.TODO(), apiVersion, kind, rNamespace, rName)
if err != nil {
return nil, Skip, fmt.Errorf("source resource %s %s/%s/%s not found. %v", apiVersion, kind, rNamespace, rName, err)
}
// check if cloned resource exists
cobj, err := client.GetResource(apiVersion, kind, namespace, name)
cobj, err := client.GetResource(context.TODO(), apiVersion, kind, namespace, name)
if err != nil {
if apierrors.IsNotFound(err) && len(ur.Status.GeneratedResources) != 0 && !clone.Synchronize {
log.V(4).Info("synchronization is disabled, recreation will be skipped", "resource", cobj)
@ -657,7 +657,7 @@ func manageClone(log logr.Logger, apiVersion, kind, namespace, name, policy stri
}
// check if resource to be generated exists
newResource, err := client.GetResource(apiVersion, kind, namespace, name)
newResource, err := client.GetResource(context.TODO(), apiVersion, kind, namespace, name)
if err == nil {
obj.SetUID(newResource.GetUID())
obj.SetSelfLink(newResource.GetSelfLink())
@ -693,7 +693,7 @@ func manageCloneList(log logr.Logger, namespace, policy string, ur kyvernov1beta
for _, kind := range kinds {
apiVersion, kind := kubeutils.GetKindFromGVK(kind)
resources, err := client.ListResource(apiVersion, kind, rNamespace, clone.CloneList.Selector)
resources, err := client.ListResource(context.TODO(), apiVersion, kind, rNamespace, clone.CloneList.Selector)
if err != nil {
response = append(response, GenerateResponse{
Data: nil,
@ -713,7 +713,7 @@ func manageCloneList(log logr.Logger, namespace, policy string, ur kyvernov1beta
}
// check if the resource as reference in clone exists?
obj, err := client.GetResource(apiVersion, kind, rNamespace, rName.GetName())
obj, err := client.GetResource(context.TODO(), apiVersion, kind, rNamespace, rName.GetName())
if err != nil {
log.Error(err, "failed to get resoruce", apiVersion, "apiVersion", kind, "kind", rNamespace, "rNamespace", rName.GetName(), "name")
response = append(response, GenerateResponse{
@ -725,7 +725,7 @@ func manageCloneList(log logr.Logger, namespace, policy string, ur kyvernov1beta
}
// check if cloned resource exists
cobj, err := client.GetResource(apiVersion, kind, namespace, rName.GetName())
cobj, err := client.GetResource(context.TODO(), apiVersion, kind, namespace, rName.GetName())
if apierrors.IsNotFound(err) && len(ur.Status.GeneratedResources) != 0 && !clone.Synchronize {
log.V(4).Info("synchronization is disabled, recreation will be skipped", "resource", cobj)
response = append(response, GenerateResponse{
@ -741,7 +741,7 @@ func manageCloneList(log logr.Logger, namespace, policy string, ur kyvernov1beta
}
// check if resource to be generated exists
newResource, err := client.GetResource(apiVersion, kind, namespace, rName.GetName())
newResource, err := client.GetResource(context.TODO(), apiVersion, kind, namespace, rName.GetName())
if err == nil && newResource != nil {
obj.SetUID(newResource.GetUID())
obj.SetSelfLink(newResource.GetSelfLink())
@ -815,7 +815,7 @@ func (c *GenerateController) ApplyResource(resource *unstructured.Unstructured)
return err
}
_, err = c.client.CreateResource(apiVersion, kind, namespace, resource, false)
_, err = c.client.CreateResource(context.TODO(), apiVersion, kind, namespace, resource, false)
if err != nil {
return err
}
@ -833,7 +833,7 @@ func NewGenerateControllerWithOnlyClient(client dclient.Interface) *GenerateCont
// GetUnstrResource converts ResourceSpec object to type Unstructured
func (c *GenerateController) GetUnstrResource(genResourceSpec kyvernov1.ResourceSpec) (*unstructured.Unstructured, error) {
resource, err := c.client.GetResource(genResourceSpec.APIVersion, genResourceSpec.Kind, genResourceSpec.Namespace, genResourceSpec.Name)
resource, err := c.client.GetResource(context.TODO(), genResourceSpec.APIVersion, genResourceSpec.Kind, genResourceSpec.Namespace, genResourceSpec.Name)
if err != nil {
return nil, err
}
@ -842,7 +842,7 @@ func (c *GenerateController) GetUnstrResource(genResourceSpec kyvernov1.Resource
func deleteGeneratedResources(log logr.Logger, client dclient.Interface, ur kyvernov1beta1.UpdateRequest) error {
for _, genResource := range ur.Status.GeneratedResources {
err := client.DeleteResource("", genResource.Kind, genResource.Namespace, genResource.Name, false)
err := client.DeleteResource(context.TODO(), "", genResource.Kind, genResource.Namespace, genResource.Name, false)
if err != nil && !apierrors.IsNotFound(err) {
return err
}

View file

@ -1,6 +1,7 @@
package mutate
import (
"context"
"encoding/json"
"fmt"
@ -119,7 +120,7 @@ func (c *MutateExistingController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) e
if r.Status == response.RuleStatusPass {
patchedNew.SetResourceVersion("")
_, updateErr := c.client.UpdateResource(patchedNew.GetAPIVersion(), patchedNew.GetKind(), patchedNew.GetNamespace(), patchedNew.Object, false)
_, updateErr := c.client.UpdateResource(context.TODO(), patchedNew.GetAPIVersion(), patchedNew.GetKind(), patchedNew.GetNamespace(), patchedNew.Object, false)
if updateErr != nil {
errs = append(errs, updateErr)
logger.WithName(rule.Name).Error(updateErr, "failed to update target resource", "namespace", patchedNew.GetNamespace(), "name", patchedNew.GetName())

View file

@ -275,7 +275,7 @@ func (c *controller) checkIfCleanupRequired(ur *kyvernov1beta1.UpdateRequest) er
// cleanupDataResource deletes resource if sync is enabled for data policy
func (c *controller) cleanupDataResource(targetSpec kyvernov1.ResourceSpec) error {
target, err := c.client.GetResource(targetSpec.APIVersion, targetSpec.Kind, targetSpec.Namespace, targetSpec.Name)
target, err := c.client.GetResource(context.TODO(), targetSpec.APIVersion, targetSpec.Kind, targetSpec.Namespace, targetSpec.Name)
if err != nil {
if !apierrors.IsNotFound(err) {
return fmt.Errorf("failed to find generated resource %s/%s: %v", targetSpec.Namespace, targetSpec.Name, err)
@ -291,7 +291,7 @@ func (c *controller) cleanupDataResource(targetSpec kyvernov1.ResourceSpec) erro
clone := labels["generate.kyverno.io/clone-policy-name"] != ""
if syncEnabled && !clone {
if err := c.client.DeleteResource(target.GetAPIVersion(), target.GetKind(), target.GetNamespace(), target.GetName(), false); err != nil {
if err := c.client.DeleteResource(context.TODO(), target.GetAPIVersion(), target.GetKind(), target.GetNamespace(), target.GetName(), false); err != nil {
return fmt.Errorf("failed to delete data resource %s/%s: %v", targetSpec.Namespace, targetSpec.Name, err)
}
}

View file

@ -29,22 +29,22 @@ type Interface interface {
// SetDiscovery sets the discovery client implementation
SetDiscovery(discoveryClient IDiscovery)
// RawAbsPath performs a raw call to the kubernetes API
RawAbsPath(path string) ([]byte, error)
RawAbsPath(ctx context.Context, path string) ([]byte, error)
// GetResource returns the resource in unstructured/json format
GetResource(apiVersion string, kind string, namespace string, name string, subresources ...string) (*unstructured.Unstructured, error)
GetResource(ctx context.Context, apiVersion string, kind string, namespace string, name string, subresources ...string) (*unstructured.Unstructured, error)
// PatchResource patches the resource
PatchResource(apiVersion string, kind string, namespace string, name string, patch []byte) (*unstructured.Unstructured, error)
PatchResource(ctx context.Context, apiVersion string, kind string, namespace string, name string, patch []byte) (*unstructured.Unstructured, error)
// ListResource returns the list of resources in unstructured/json format
// Access items using []Items
ListResource(apiVersion string, kind string, namespace string, lselector *metav1.LabelSelector) (*unstructured.UnstructuredList, error)
ListResource(ctx context.Context, apiVersion string, kind string, namespace string, lselector *metav1.LabelSelector) (*unstructured.UnstructuredList, error)
// DeleteResource deletes the specified resource
DeleteResource(apiVersion string, kind string, namespace string, name string, dryRun bool) error
DeleteResource(ctx context.Context, apiVersion string, kind string, namespace string, name string, dryRun bool) error
// CreateResource creates object for the specified resource/namespace
CreateResource(apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error)
CreateResource(ctx context.Context, apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error)
// UpdateResource updates object for the specified resource/namespace
UpdateResource(apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error)
UpdateResource(ctx context.Context, apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error)
// UpdateStatusResource updates the resource "status" subresource
UpdateStatusResource(apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error)
UpdateStatusResource(ctx context.Context, apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error)
}
// Client enables interaction with k8 resource
@ -120,21 +120,21 @@ func (c *client) getGroupVersionMapper(apiVersion string, kind string) schema.Gr
}
// GetResource returns the resource in unstructured/json format
func (c *client) GetResource(apiVersion string, kind string, namespace string, name string, subresources ...string) (*unstructured.Unstructured, error) {
return c.getResourceInterface(apiVersion, kind, namespace).Get(context.TODO(), name, metav1.GetOptions{}, subresources...)
func (c *client) GetResource(ctx context.Context, apiVersion string, kind string, namespace string, name string, subresources ...string) (*unstructured.Unstructured, error) {
return c.getResourceInterface(apiVersion, kind, namespace).Get(ctx, name, metav1.GetOptions{}, subresources...)
}
// RawAbsPath performs a raw call to the kubernetes API
func (c *client) RawAbsPath(path string) ([]byte, error) {
func (c *client) RawAbsPath(ctx context.Context, path string) ([]byte, error) {
if c.rest == nil {
return nil, errors.New("rest client not supported")
}
return c.rest.Get().RequestURI(path).DoRaw(context.TODO())
return c.rest.Get().RequestURI(path).DoRaw(ctx)
}
// PatchResource patches the resource
func (c *client) PatchResource(apiVersion string, kind string, namespace string, name string, patch []byte) (*unstructured.Unstructured, error) {
return c.getResourceInterface(apiVersion, kind, namespace).Patch(context.TODO(), name, types.JSONPatchType, patch, metav1.PatchOptions{})
func (c *client) PatchResource(ctx context.Context, apiVersion string, kind string, namespace string, name string, patch []byte) (*unstructured.Unstructured, error) {
return c.getResourceInterface(apiVersion, kind, namespace).Patch(ctx, name, types.JSONPatchType, patch, metav1.PatchOptions{})
}
// GetDynamicInterface fetches underlying dynamic interface
@ -144,58 +144,58 @@ func (c *client) GetDynamicInterface() dynamic.Interface {
// ListResource returns the list of resources in unstructured/json format
// Access items using []Items
func (c *client) ListResource(apiVersion string, kind string, namespace string, lselector *metav1.LabelSelector) (*unstructured.UnstructuredList, error) {
func (c *client) ListResource(ctx context.Context, apiVersion string, kind string, namespace string, lselector *metav1.LabelSelector) (*unstructured.UnstructuredList, error) {
options := metav1.ListOptions{}
if lselector != nil {
options = metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(lselector)}
}
return c.getResourceInterface(apiVersion, kind, namespace).List(context.TODO(), options)
return c.getResourceInterface(apiVersion, kind, namespace).List(ctx, options)
}
// DeleteResource deletes the specified resource
func (c *client) DeleteResource(apiVersion string, kind string, namespace string, name string, dryRun bool) error {
func (c *client) DeleteResource(ctx context.Context, apiVersion string, kind string, namespace string, name string, dryRun bool) error {
options := metav1.DeleteOptions{}
if dryRun {
options = metav1.DeleteOptions{DryRun: []string{metav1.DryRunAll}}
}
return c.getResourceInterface(apiVersion, kind, namespace).Delete(context.TODO(), name, options)
return c.getResourceInterface(apiVersion, kind, namespace).Delete(ctx, name, options)
}
// CreateResource creates object for the specified resource/namespace
func (c *client) CreateResource(apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error) {
func (c *client) CreateResource(ctx context.Context, apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error) {
options := metav1.CreateOptions{}
if dryRun {
options = metav1.CreateOptions{DryRun: []string{metav1.DryRunAll}}
}
// convert typed to unstructured obj
if unstructuredObj, err := kubeutils.ConvertToUnstructured(obj); err == nil && unstructuredObj != nil {
return c.getResourceInterface(apiVersion, kind, namespace).Create(context.TODO(), unstructuredObj, options)
return c.getResourceInterface(apiVersion, kind, namespace).Create(ctx, unstructuredObj, options)
}
return nil, fmt.Errorf("unable to create resource ")
}
// UpdateResource updates object for the specified resource/namespace
func (c *client) UpdateResource(apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error) {
func (c *client) UpdateResource(ctx context.Context, apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error) {
options := metav1.UpdateOptions{}
if dryRun {
options = metav1.UpdateOptions{DryRun: []string{metav1.DryRunAll}}
}
// convert typed to unstructured obj
if unstructuredObj, err := kubeutils.ConvertToUnstructured(obj); err == nil && unstructuredObj != nil {
return c.getResourceInterface(apiVersion, kind, namespace).Update(context.TODO(), unstructuredObj, options)
return c.getResourceInterface(apiVersion, kind, namespace).Update(ctx, unstructuredObj, options)
}
return nil, fmt.Errorf("unable to update resource ")
}
// UpdateStatusResource updates the resource "status" subresource
func (c *client) UpdateStatusResource(apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error) {
func (c *client) UpdateStatusResource(ctx context.Context, apiVersion string, kind string, namespace string, obj interface{}, dryRun bool) (*unstructured.Unstructured, error) {
options := metav1.UpdateOptions{}
if dryRun {
options = metav1.UpdateOptions{DryRun: []string{metav1.DryRunAll}}
}
// convert typed to unstructured obj
if unstructuredObj, err := kubeutils.ConvertToUnstructured(obj); err == nil && unstructuredObj != nil {
return c.getResourceInterface(apiVersion, kind, namespace).UpdateStatus(context.TODO(), unstructuredObj, options)
return c.getResourceInterface(apiVersion, kind, namespace).UpdateStatus(ctx, unstructuredObj, options)
}
return nil, fmt.Errorf("unable to update resource ")
}

View file

@ -74,32 +74,32 @@ func newFixture(t *testing.T) *fixture {
func TestCRUDResource(t *testing.T) {
f := newFixture(t)
// Get Resource
_, err := f.client.GetResource("", "thekind", "ns-foo", "name-foo")
_, err := f.client.GetResource(context.TODO(), "", "thekind", "ns-foo", "name-foo")
if err != nil {
t.Errorf("GetResource not working: %s", err)
}
// List Resources
_, err = f.client.ListResource("", "thekind", "ns-foo", nil)
_, err = f.client.ListResource(context.TODO(), "", "thekind", "ns-foo", nil)
if err != nil {
t.Errorf("ListResource not working: %s", err)
}
// DeleteResouce
err = f.client.DeleteResource("", "thekind", "ns-foo", "name-bar", false)
err = f.client.DeleteResource(context.TODO(), "", "thekind", "ns-foo", "name-bar", false)
if err != nil {
t.Errorf("DeleteResouce not working: %s", err)
}
// CreateResource
_, err = f.client.CreateResource("", "thekind", "ns-foo", kubeutils.NewUnstructured("group/version", "TheKind", "ns-foo", "name-foo1"), false)
_, err = f.client.CreateResource(context.TODO(), "", "thekind", "ns-foo", kubeutils.NewUnstructured("group/version", "TheKind", "ns-foo", "name-foo1"), false)
if err != nil {
t.Errorf("CreateResource not working: %s", err)
}
// UpdateResource
_, err = f.client.UpdateResource("", "thekind", "ns-foo", kubeutils.NewUnstructuredWithSpec("group/version", "TheKind", "ns-foo", "name-foo1", map[string]interface{}{"foo": "bar"}), false)
_, err = f.client.UpdateResource(context.TODO(), "", "thekind", "ns-foo", kubeutils.NewUnstructuredWithSpec("group/version", "TheKind", "ns-foo", "name-foo1", map[string]interface{}{"foo": "bar"}), false)
if err != nil {
t.Errorf("UpdateResource not working: %s", err)
}
// UpdateStatusResource
_, err = f.client.UpdateStatusResource("", "thekind", "ns-foo", kubeutils.NewUnstructuredWithSpec("group/version", "TheKind", "ns-foo", "name-foo1", map[string]interface{}{"foo": "status"}), false)
_, err = f.client.UpdateStatusResource(context.TODO(), "", "thekind", "ns-foo", kubeutils.NewUnstructuredWithSpec("group/version", "TheKind", "ns-foo", "name-foo1", map[string]interface{}{"foo": "status"}), false)
if err != nil {
t.Errorf("UpdateStatusResource not working: %s", err)
}

View file

@ -1,6 +1,7 @@
package common
import (
"context"
"encoding/json"
"strings"
"time"
@ -109,7 +110,7 @@ func ProcessDeletePolicyForCloneGenerateRule(policy kyvernov1.PolicyInterface, c
}
func updateSourceResource(pName string, rule kyvernov1.Rule, client dclient.Interface, log logr.Logger) error {
obj, err := client.GetResource("", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name)
obj, err := client.GetResource(context.TODO(), "", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name)
if err != nil {
return errors.Wrapf(err, "source resource %s/%s/%s not found", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name)
}
@ -122,7 +123,7 @@ func updateSourceResource(pName string, rule kyvernov1.Rule, client dclient.Inte
}
obj.SetLabels(labels)
_, err = client.UpdateResource(obj.GetAPIVersion(), rule.Generation.Kind, rule.Generation.Clone.Namespace, obj, false)
_, err = client.UpdateResource(context.TODO(), obj.GetAPIVersion(), rule.Generation.Kind, rule.Generation.Clone.Namespace, obj, false)
return err
}

View file

@ -220,7 +220,7 @@ func (c *controller) updateReport(ctx context.Context, meta metav1.Object, gvk s
return nil
}
report := reportutils.DeepCopy(before)
resource, err := c.client.GetResource(gvk.GroupVersion().String(), gvk.Kind, resource.Namespace, resource.Name)
resource, err := c.client.GetResource(ctx, gvk.GroupVersion().String(), gvk.Kind, resource.Namespace, resource.Name)
if err != nil {
return err
}
@ -301,7 +301,7 @@ func (c *controller) updateReport(ctx context.Context, meta metav1.Object, gvk s
// creations
if len(toCreate) > 0 {
scanner := utils.NewScanner(logger, c.client)
resource, err := c.client.GetResource(gvk.GroupVersion().String(), gvk.Kind, resource.Namespace, resource.Name)
resource, err := c.client.GetResource(ctx, gvk.GroupVersion().String(), gvk.Kind, resource.Namespace, resource.Name)
if err != nil {
return err
}

View file

@ -1,6 +1,7 @@
package engine
import (
"context"
"encoding/json"
"fmt"
@ -316,7 +317,7 @@ func fetchAPIData(log logr.Logger, entry kyvernov1.ContextEntry, ctx *PolicyCont
}
func getResource(ctx *PolicyContext, p string) ([]byte, error) {
return ctx.Client.RawAbsPath(p)
return ctx.Client.RawAbsPath(context.TODO(), p)
}
func loadConfigMap(logger logr.Logger, entry kyvernov1.ContextEntry, ctx *PolicyContext) error {
@ -350,7 +351,7 @@ func fetchConfigMap(logger logr.Logger, entry kyvernov1.ContextEntry, ctx *Polic
namespace = "default"
}
obj, err := ctx.Client.GetResource("v1", "ConfigMap", namespace.(string), name.(string))
obj, err := ctx.Client.GetResource(context.TODO(), "v1", "ConfigMap", namespace.(string), name.(string))
if err != nil {
return nil, fmt.Errorf("failed to get configmap %s/%s : %v", namespace, name, err)
}

View file

@ -1,6 +1,7 @@
package engine
import (
"context"
"crypto/rand"
"crypto/x509"
_ "embed"
@ -399,7 +400,7 @@ func checkManifestAnnotations(mnfstAnnotations map[string]string, annotations ma
func checkDryRunPermission(dclient dclient.Interface, kind, namespace string) (bool, error) {
canI := auth.NewCanI(dclient, kind, namespace, "create")
ok, err := canI.RunAccessCheck()
ok, err := canI.RunAccessCheck(context.TODO())
if err != nil {
return false, err
}

View file

@ -1,6 +1,7 @@
package engine
import (
"context"
"fmt"
"github.com/go-logr/logr"
@ -75,7 +76,7 @@ func getTargets(target kyvernov1.ResourceSpec, ctx *PolicyContext, logger logr.L
if namespace != "" && name != "" &&
!wildcard.ContainsWildcard(namespace) && !wildcard.ContainsWildcard(name) {
obj, err := ctx.Client.GetResource(target.APIVersion, target.Kind, namespace, name)
obj, err := ctx.Client.GetResource(context.TODO(), target.APIVersion, target.Kind, namespace, name)
if err != nil {
return nil, fmt.Errorf("failed to get target %s/%s %s/%s : %v", target.APIVersion, target.Kind, namespace, name, err)
}
@ -84,7 +85,7 @@ func getTargets(target kyvernov1.ResourceSpec, ctx *PolicyContext, logger logr.L
}
// list all targets if wildcard is specified
objList, err := ctx.Client.ListResource(target.APIVersion, target.Kind, "", nil)
objList, err := ctx.Client.ListResource(context.TODO(), target.APIVersion, target.Kind, "", nil)
if err != nil {
return nil, err
}

View file

@ -1,6 +1,7 @@
package engine
import (
"context"
"encoding/json"
"reflect"
"strings"
@ -9,7 +10,7 @@ import (
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/store"
client "github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/engine/context"
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
"github.com/kyverno/kyverno/pkg/engine/response"
"github.com/kyverno/kyverno/pkg/engine/utils"
"gotest.tools/assert"
@ -77,8 +78,8 @@ func Test_VariableSubstitutionPatchStrategicMerge(t *testing.T) {
}
resourceUnstructured, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
err = context.AddResource(ctx, resourceRaw)
ctx := enginecontext.NewContext()
err = enginecontext.AddResource(ctx, resourceRaw)
if err != nil {
t.Error(err)
}
@ -157,8 +158,8 @@ func Test_variableSubstitutionPathNotExist(t *testing.T) {
resourceUnstructured, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
err = context.AddResource(ctx, resourceRaw)
ctx := enginecontext.NewContext()
err = enginecontext.AddResource(ctx, resourceRaw)
assert.NilError(t, err)
policyContext := &PolicyContext{
@ -252,8 +253,8 @@ func Test_variableSubstitutionCLI(t *testing.T) {
resourceUnstructured, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
err = context.AddResource(ctx, resourceRaw)
ctx := enginecontext.NewContext()
err = enginecontext.AddResource(ctx, resourceRaw)
assert.NilError(t, err)
policyContext := &PolicyContext{
@ -355,7 +356,7 @@ func Test_chained_rules(t *testing.T) {
resource, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
ctx := enginecontext.NewContext()
err = ctx.AddResource(resource.Object)
assert.NilError(t, err)
@ -368,7 +369,7 @@ func Test_chained_rules(t *testing.T) {
err = ctx.AddImageInfos(resource)
assert.NilError(t, err)
err = context.MutateResourceWithImageInfo(resourceRaw, ctx)
err = enginecontext.MutateResourceWithImageInfo(resourceRaw, ctx)
assert.NilError(t, err)
er := Mutate(policyContext)
@ -449,8 +450,8 @@ func Test_precondition(t *testing.T) {
resourceUnstructured, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
err = context.AddResource(ctx, resourceRaw)
ctx := enginecontext.NewContext()
err = enginecontext.AddResource(ctx, resourceRaw)
assert.NilError(t, err)
policyContext := &PolicyContext{
@ -546,8 +547,8 @@ func Test_nonZeroIndexNumberPatchesJson6902(t *testing.T) {
resourceUnstructured, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
err = context.AddResource(ctx, resourceRaw)
ctx := enginecontext.NewContext()
err = enginecontext.AddResource(ctx, resourceRaw)
assert.NilError(t, err)
policyContext := &PolicyContext{
@ -634,7 +635,7 @@ func Test_foreach(t *testing.T) {
resource, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
ctx := enginecontext.NewContext()
err = ctx.AddResource(resource.Object)
assert.NilError(t, err)
@ -647,7 +648,7 @@ func Test_foreach(t *testing.T) {
err = ctx.AddImageInfos(resource)
assert.NilError(t, err)
err = context.MutateResourceWithImageInfo(resourceRaw, ctx)
err = enginecontext.MutateResourceWithImageInfo(resourceRaw, ctx)
assert.NilError(t, err)
er := Mutate(policyContext)
@ -741,7 +742,7 @@ func Test_foreach_element_mutation(t *testing.T) {
resource, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
ctx := enginecontext.NewContext()
err = ctx.AddResource(resource.Object)
assert.NilError(t, err)
@ -754,7 +755,7 @@ func Test_foreach_element_mutation(t *testing.T) {
err = ctx.AddImageInfos(resource)
assert.NilError(t, err)
err = context.MutateResourceWithImageInfo(resourceRaw, ctx)
err = enginecontext.MutateResourceWithImageInfo(resourceRaw, ctx)
assert.NilError(t, err)
er := Mutate(policyContext)
@ -867,7 +868,7 @@ func Test_Container_InitContainer_foreach(t *testing.T) {
resource, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
ctx := enginecontext.NewContext()
err = ctx.AddResource(resource.Object)
assert.NilError(t, err)
@ -880,7 +881,7 @@ func Test_Container_InitContainer_foreach(t *testing.T) {
err = ctx.AddImageInfos(resource)
assert.NilError(t, err)
err = context.MutateResourceWithImageInfo(resourceRaw, ctx)
err = enginecontext.MutateResourceWithImageInfo(resourceRaw, ctx)
assert.NilError(t, err)
er := Mutate(policyContext)
@ -994,7 +995,7 @@ func Test_foreach_order_mutation_(t *testing.T) {
resource, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
ctx := enginecontext.NewContext()
err = ctx.AddResource(resource.Object)
assert.NilError(t, err)
@ -1007,7 +1008,7 @@ func Test_foreach_order_mutation_(t *testing.T) {
err = ctx.AddImageInfos(resource)
assert.NilError(t, err)
err = context.MutateResourceWithImageInfo(resourceRaw, ctx)
err = enginecontext.MutateResourceWithImageInfo(resourceRaw, ctx)
assert.NilError(t, err)
er := Mutate(policyContext)
@ -1432,7 +1433,7 @@ func Test_mutate_existing_resources(t *testing.T) {
target, err := utils.ConvertToUnstructured(target)
assert.NilError(t, err)
ctx := context.NewContext()
ctx := enginecontext.NewContext()
err = ctx.AddResource(trigger.Object)
assert.NilError(t, err)
@ -1446,7 +1447,7 @@ func Test_mutate_existing_resources(t *testing.T) {
assert.NilError(t, err)
dclient.SetDiscovery(client.NewFakeDiscoveryClient(nil))
_, err = dclient.GetResource(target.GetAPIVersion(), target.GetKind(), target.GetNamespace(), target.GetName())
_, err = dclient.GetResource(context.TODO(), target.GetAPIVersion(), target.GetKind(), target.GetNamespace(), target.GetName())
assert.NilError(t, err)
policyContext = &PolicyContext{
@ -1549,8 +1550,8 @@ func Test_RuleSelectorMutate(t *testing.T) {
resourceUnstructured, err := utils.ConvertToUnstructured(resourceRaw)
assert.NilError(t, err)
ctx := context.NewContext()
err = context.AddResource(ctx, resourceRaw)
ctx := enginecontext.NewContext()
err = enginecontext.AddResource(ctx, resourceRaw)
if err != nil {
t.Error(err)
}
@ -1932,7 +1933,7 @@ func Test_SpecialCharacters(t *testing.T) {
}
// Create JSON context and add the resource.
ctx := context.NewContext()
ctx := enginecontext.NewContext()
err = ctx.AddResource(resource.Object)
if err != nil {
t.Fatalf("ctx.AddResource() error = %v", err)

View file

@ -189,7 +189,7 @@ func (gen *Generator) syncHandler(key Info) error {
return err
}
default:
robj, err = gen.client.GetResource("", key.Kind, key.Namespace, key.Name)
robj, err = gen.client.GetResource(context.TODO(), "", key.Kind, key.Namespace, key.Name)
if err != nil {
if !errors.IsNotFound(err) {
logger.Error(err, "failed to get resource", "kind", key.Kind, "name", key.Name, "namespace", key.Namespace)

View file

@ -1,6 +1,7 @@
package policy
import (
"context"
"reflect"
"strings"
@ -45,7 +46,7 @@ func MergeResources(a, b map[string]unstructured.Unstructured) {
func (pc *PolicyController) getResourceList(kind, namespace string, labelSelector *metav1.LabelSelector, log logr.Logger) *unstructured.UnstructuredList {
gv, k := kubeutils.GetKindFromGVK(kind)
resourceList, err := pc.client.ListResource(gv, k, namespace, labelSelector)
resourceList, err := pc.client.ListResource(context.TODO(), gv, k, namespace, labelSelector)
if err != nil {
log.Error(err, "failed to list resources", "kind", k, "namespace", namespace)
return nil

View file

@ -1,6 +1,8 @@
package generate
import (
"context"
"github.com/go-logr/logr"
"github.com/kyverno/kyverno/pkg/auth"
"github.com/kyverno/kyverno/pkg/clients/dclient"
@ -9,13 +11,13 @@ import (
// Operations provides methods to performing operations on resource
type Operations interface {
// CanICreate returns 'true' if self can 'create' resource
CanICreate(kind, namespace string) (bool, error)
CanICreate(ctx context.Context, kind, namespace string) (bool, error)
// CanIUpdate returns 'true' if self can 'update' resource
CanIUpdate(kind, namespace string) (bool, error)
CanIUpdate(ctx context.Context, kind, namespace string) (bool, error)
// CanIDelete returns 'true' if self can 'delete' resource
CanIDelete(kind, namespace string) (bool, error)
CanIDelete(ctx context.Context, kind, namespace string) (bool, error)
// CanIGet returns 'true' if self can 'get' resource
CanIGet(kind, namespace string) (bool, error)
CanIGet(ctx context.Context, kind, namespace string) (bool, error)
}
// Auth provides implementation to check if caller/self/kyverno has access to perofrm operations
@ -34,9 +36,9 @@ func NewAuth(client dclient.Interface, log logr.Logger) *Auth {
}
// CanICreate returns 'true' if self can 'create' resource
func (a *Auth) CanICreate(kind, namespace string) (bool, error) {
func (a *Auth) CanICreate(ctx context.Context, kind, namespace string) (bool, error) {
canI := auth.NewCanI(a.client, kind, namespace, "create")
ok, err := canI.RunAccessCheck()
ok, err := canI.RunAccessCheck(ctx)
if err != nil {
return false, err
}
@ -44,9 +46,9 @@ func (a *Auth) CanICreate(kind, namespace string) (bool, error) {
}
// CanIUpdate returns 'true' if self can 'update' resource
func (a *Auth) CanIUpdate(kind, namespace string) (bool, error) {
func (a *Auth) CanIUpdate(ctx context.Context, kind, namespace string) (bool, error) {
canI := auth.NewCanI(a.client, kind, namespace, "update")
ok, err := canI.RunAccessCheck()
ok, err := canI.RunAccessCheck(ctx)
if err != nil {
return false, err
}
@ -54,9 +56,9 @@ func (a *Auth) CanIUpdate(kind, namespace string) (bool, error) {
}
// CanIDelete returns 'true' if self can 'delete' resource
func (a *Auth) CanIDelete(kind, namespace string) (bool, error) {
func (a *Auth) CanIDelete(ctx context.Context, kind, namespace string) (bool, error) {
canI := auth.NewCanI(a.client, kind, namespace, "delete")
ok, err := canI.RunAccessCheck()
ok, err := canI.RunAccessCheck(ctx)
if err != nil {
return false, err
}
@ -64,9 +66,9 @@ func (a *Auth) CanIDelete(kind, namespace string) (bool, error) {
}
// CanIGet returns 'true' if self can 'get' resource
func (a *Auth) CanIGet(kind, namespace string) (bool, error) {
func (a *Auth) CanIGet(ctx context.Context, kind, namespace string) (bool, error) {
canI := auth.NewCanI(a.client, kind, namespace, "get")
ok, err := canI.RunAccessCheck()
ok, err := canI.RunAccessCheck(ctx)
if err != nil {
return false, err
}

View file

@ -1,5 +1,7 @@
package fake
import "context"
// FakeAuth providers implementation for testing, retuning true for all operations
type FakeAuth struct{}
@ -10,21 +12,21 @@ func NewFakeAuth() *FakeAuth {
}
// CanICreate returns 'true'
func (a *FakeAuth) CanICreate(kind, namespace string) (bool, error) {
func (a *FakeAuth) CanICreate(_ context.Context, kind, namespace string) (bool, error) {
return true, nil
}
// CanIUpdate returns 'true'
func (a *FakeAuth) CanIUpdate(kind, namespace string) (bool, error) {
func (a *FakeAuth) CanIUpdate(_ context.Context, kind, namespace string) (bool, error) {
return true, nil
}
// CanIDelete returns 'true'
func (a *FakeAuth) CanIDelete(kind, namespace string) (bool, error) {
func (a *FakeAuth) CanIDelete(_ context.Context, kind, namespace string) (bool, error) {
return true, nil
}
// CanIGet returns 'true'
func (a *FakeAuth) CanIGet(kind, namespace string) (bool, error) {
func (a *FakeAuth) CanIGet(_ context.Context, kind, namespace string) (bool, error) {
return true, nil
}

View file

@ -1,6 +1,7 @@
package generate
import (
"context"
"fmt"
"reflect"
@ -114,7 +115,7 @@ func (g *Generate) validateClone(c kyvernov1.CloneFrom, cl kyvernov1.CloneList,
// Skip if there is variable defined
if !variables.IsVariable(kind) && !variables.IsVariable(namespace) {
// GET
ok, err := g.authCheck.CanIGet(kind, namespace)
ok, err := g.authCheck.CanIGet(context.TODO(), kind, namespace)
if err != nil {
return "", err
}
@ -133,7 +134,7 @@ func (g *Generate) canIGenerate(kind, namespace string) error {
authCheck := g.authCheck
if !variables.IsVariable(kind) && !variables.IsVariable(namespace) {
// CREATE
ok, err := authCheck.CanICreate(kind, namespace)
ok, err := authCheck.CanICreate(context.TODO(), kind, namespace)
if err != nil {
// machinery error
return err
@ -142,7 +143,7 @@ func (g *Generate) canIGenerate(kind, namespace string) error {
return fmt.Errorf("kyverno does not have permissions to 'create' resource %s/%s. Update permissions in ClusterRole 'kyverno:generate'", kind, namespace)
}
// UPDATE
ok, err = authCheck.CanIUpdate(kind, namespace)
ok, err = authCheck.CanIUpdate(context.TODO(), kind, namespace)
if err != nil {
// machinery error
return err
@ -151,7 +152,7 @@ func (g *Generate) canIGenerate(kind, namespace string) error {
return fmt.Errorf("kyverno does not have permissions to 'update' resource %s/%s. Update permissions in ClusterRole 'kyverno:generate'", kind, namespace)
}
// GET
ok, err = authCheck.CanIGet(kind, namespace)
ok, err = authCheck.CanIGet(context.TODO(), kind, namespace)
if err != nil {
// machinery error
return err
@ -161,7 +162,7 @@ func (g *Generate) canIGenerate(kind, namespace string) error {
}
// DELETE
ok, err = authCheck.CanIDelete(kind, namespace)
ok, err = authCheck.CanIDelete(context.TODO(), kind, namespace)
if err != nil {
// machinery error
return err

View file

@ -380,7 +380,7 @@ func generateTriggers(client dclient.Interface, rule kyvernov1.Rule, log logr.Lo
kinds := fetchUniqueKinds(rule)
for _, kind := range kinds {
mlist, err := client.ListResource("", kind, "", rule.MatchResources.Selector)
mlist, err := client.ListResource(context.TODO(), "", kind, "", rule.MatchResources.Selector)
if err != nil {
log.Error(err, "failed to list matched resource")
continue

View file

@ -349,7 +349,7 @@ func Validate(policy kyvernov1.PolicyInterface, client dclient.Interface, mock b
// add label to source mentioned in policy
if !mock && rule.Generation.Clone.Name != "" {
obj, err := client.GetResource("", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name)
obj, err := client.GetResource(context.TODO(), "", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name)
if err != nil {
logging.Error(err, fmt.Sprintf("source resource %s/%s/%s not found.", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name))
continue
@ -364,13 +364,13 @@ func Validate(policy kyvernov1.PolicyInterface, client dclient.Interface, mock b
if !mock && len(rule.Generation.CloneList.Kinds) != 0 {
for _, kind := range rule.Generation.CloneList.Kinds {
apiVersion, kind := kubeutils.GetKindFromGVK(kind)
resources, err := client.ListResource(apiVersion, kind, rule.Generation.CloneList.Namespace, rule.Generation.CloneList.Selector)
resources, err := client.ListResource(context.TODO(), apiVersion, kind, rule.Generation.CloneList.Namespace, rule.Generation.CloneList.Selector)
if err != nil {
logging.Error(err, fmt.Sprintf("failed to list resources %s/%s.", kind, rule.Generation.CloneList.Namespace))
continue
}
for _, rName := range resources.Items {
obj, err := client.GetResource(apiVersion, kind, rule.Generation.CloneList.Namespace, rName.GetName())
obj, err := client.GetResource(context.TODO(), apiVersion, kind, rule.Generation.CloneList.Namespace, rName.GetName())
if err != nil {
logging.Error(err, fmt.Sprintf("source resource %s/%s/%s not found.", kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name))
continue
@ -418,7 +418,7 @@ func UpdateSourceResource(client dclient.Interface, kind, namespace string, poli
obj.SetLabels(label)
obj.SetResourceVersion("")
_, err := client.UpdateResource(obj.GetAPIVersion(), kind, namespace, obj, false)
_, err := client.UpdateResource(context.TODO(), obj.GetAPIVersion(), kind, namespace, obj, false)
if err != nil {
logging.Error(err, "failed to update source", "kind", obj.GetKind(), "name", obj.GetName(), "namespace", obj.GetNamespace())
return err

View file

@ -2,6 +2,7 @@ package testrunner
import (
"bytes"
"context"
"encoding/json"
"os"
ospath "path"
@ -13,7 +14,7 @@ import (
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/engine"
"github.com/kyverno/kyverno/pkg/engine/context"
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
"github.com/kyverno/kyverno/pkg/engine/response"
"github.com/stretchr/testify/assert"
"gopkg.in/yaml.v3"
@ -147,7 +148,7 @@ func runTestCase(t *testing.T, tc TestCase) bool {
Policy: policy,
NewResource: *resource,
ExcludeGroupRole: []string{},
JSONContext: context.NewContext(),
JSONContext: enginecontext.NewContext(),
}
er := engine.Mutate(ctx)
@ -164,7 +165,7 @@ func runTestCase(t *testing.T, tc TestCase) bool {
Policy: policy,
NewResource: *resource,
ExcludeGroupRole: []string{},
JSONContext: context.NewContext(),
JSONContext: enginecontext.NewContext(),
}
er = engine.Validate(ctx)
@ -189,7 +190,7 @@ func runTestCase(t *testing.T, tc TestCase) bool {
ExcludeResourceFunc: func(s1, s2, s3 string) bool {
return false
},
JSONContext: context.NewContext(),
JSONContext: enginecontext.NewContext(),
}
er = engine.ApplyBackgroundChecks(policyContext)
@ -203,7 +204,7 @@ func runTestCase(t *testing.T, tc TestCase) bool {
}
func createNamespace(client dclient.Interface, ns *unstructured.Unstructured) error {
_, err := client.CreateResource("", "Namespace", "", ns, false)
_, err := client.CreateResource(context.TODO(), "", "Namespace", "", ns, false)
return err
}
@ -212,7 +213,7 @@ func validateGeneratedResources(t *testing.T, client dclient.Interface, policy k
t.Log("--validate if resources are generated---")
// list of expected generated resources
for _, resource := range expected {
if _, err := client.GetResource("", resource.Kind, namespace, resource.Name); err != nil {
if _, err := client.GetResource(context.TODO(), "", resource.Kind, namespace, resource.Name); err != nil {
t.Errorf("generated resource %s/%s/%s not found. %v", resource.Kind, namespace, resource.Name, err)
}
}

View file

@ -213,7 +213,7 @@ func (h *generationHandler) handleUpdateGenerateTargetResource(request *admissio
cloneName := updatedRule.Generation.Clone.Name
if cloneName != "" {
obj, err := h.client.GetResource("", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name)
obj, err := h.client.GetResource(context.TODO(), "", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name)
if err != nil {
h.log.Error(err, fmt.Sprintf("source resource %s/%s/%s not found.", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name))
continue

View file

@ -1,6 +1,7 @@
package generation
import (
"context"
"encoding/json"
"strings"
@ -24,7 +25,7 @@ func getGeneratedByResource(newRes *unstructured.Unstructured, resLabels map[str
if kind != "Namespace" {
namespace = resLabels["kyverno.io/generated-by-namespace"]
}
obj, err := client.GetResource(apiVersion, kind, namespace, name)
obj, err := client.GetResource(context.TODO(), apiVersion, kind, namespace, name)
if err != nil {
logger.Error(err, "source resource not found.")
return rule, err