mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-29 02:45:06 +00:00
fix: lookup GVR from GVK (#6517)
* fix: lookup GVR from GVK Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * typo Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
1efcd40d04
commit
c491c24039
5 changed files with 34 additions and 39 deletions
|
|
@ -5,6 +5,7 @@ import (
|
|||
"fmt"
|
||||
"reflect"
|
||||
|
||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||
authorizationv1 "k8s.io/api/authorization/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -13,7 +14,7 @@ import (
|
|||
|
||||
// Discovery provides interface to mange Kind and GVR mapping
|
||||
type Discovery interface {
|
||||
GetGVRFromKind(kind string) (schema.GroupVersionResource, error)
|
||||
GetGVRFromGVK(schema.GroupVersionKind) (schema.GroupVersionResource, error)
|
||||
}
|
||||
|
||||
// CanIOptions provides utility to check if user has authorization for the given operation
|
||||
|
|
@ -57,7 +58,12 @@ func NewCanI(discovery Discovery, ssarClient authorizationv1client.SelfSubjectAc
|
|||
func (o *canIOptions) RunAccessCheck(ctx context.Context) (bool, error) {
|
||||
// get GroupVersionResource from RESTMapper
|
||||
// get GVR from kind
|
||||
gvr, err := o.discovery.GetGVRFromKind(o.kind)
|
||||
apiVersion, kind := kubeutils.GetKindFromGVK(o.kind)
|
||||
gv, err := schema.ParseGroupVersion(apiVersion)
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("failed to parse group/version %s", apiVersion)
|
||||
}
|
||||
gvr, err := o.discovery.GetGVRFromGVK(gv.WithKind(kind))
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("failed to get GVR for kind %s", o.kind)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ func TestNewCanI(t *testing.T) {
|
|||
|
||||
type discovery struct{}
|
||||
|
||||
func (d *discovery) GetGVRFromKind(kind string) (schema.GroupVersionResource, error) {
|
||||
func (d *discovery) GetGVRFromGVK(schema.GroupVersionKind) (schema.GroupVersionResource, error) {
|
||||
return schema.GroupVersionResource{}, errors.New("dummy")
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -119,11 +119,20 @@ func (c *client) getResourceInterface(apiVersion string, kind string, namespace
|
|||
// Keep this a stateful as the resource list will be based on the kubernetes version we connect to
|
||||
func (c *client) getGroupVersionMapper(apiVersion string, kind string) schema.GroupVersionResource {
|
||||
if apiVersion == "" {
|
||||
gvr, _ := c.disco.GetGVRFromKind(kind)
|
||||
return gvr
|
||||
if kind == "" {
|
||||
return schema.GroupVersionResource{}
|
||||
}
|
||||
apiVersion, kind = kubeutils.GetKindFromGVK(kind)
|
||||
}
|
||||
|
||||
return c.disco.GetGVRFromAPIVersionKind(apiVersion, kind)
|
||||
gv, err := schema.ParseGroupVersion(apiVersion)
|
||||
if err != nil {
|
||||
return schema.GroupVersionResource{}
|
||||
}
|
||||
gvr, err := c.disco.GetGVRFromGVK(gv.WithKind(kind))
|
||||
if err != nil {
|
||||
return schema.GroupVersionResource{}
|
||||
}
|
||||
return gvr
|
||||
}
|
||||
|
||||
// GetResource returns the resource in unstructured/json format
|
||||
|
|
|
|||
|
|
@ -17,8 +17,8 @@ import (
|
|||
// IDiscovery provides interface to mange Kind and GVR mapping
|
||||
type IDiscovery interface {
|
||||
FindResource(groupVersion string, kind string) (apiResource, parentAPIResource *metav1.APIResource, gvr schema.GroupVersionResource, err error)
|
||||
GetGVRFromKind(kind string) (schema.GroupVersionResource, error)
|
||||
GetGVRFromAPIVersionKind(groupVersion string, kind string) schema.GroupVersionResource
|
||||
// TODO: there's no mapping from GVK to GVR, this is very error prone
|
||||
GetGVRFromGVK(schema.GroupVersionKind) (schema.GroupVersionResource, error)
|
||||
GetGVKFromGVR(schema.GroupVersionResource) (schema.GroupVersionKind, error)
|
||||
GetServerVersion() (*version.Info, error)
|
||||
OpenAPISchema() (*openapiv2.Document, error)
|
||||
|
|
@ -72,32 +72,16 @@ func (c serverResources) OpenAPISchema() (*openapiv2.Document, error) {
|
|||
return c.cachedClient.OpenAPISchema()
|
||||
}
|
||||
|
||||
// GetGVRFromKind get the Group Version Resource from kind
|
||||
func (c serverResources) GetGVRFromKind(kind string) (schema.GroupVersionResource, error) {
|
||||
if kind == "" {
|
||||
return schema.GroupVersionResource{}, nil
|
||||
}
|
||||
gv, k := kubeutils.GetKindFromGVK(kind)
|
||||
_, _, gvr, err := c.FindResource(gv, k)
|
||||
// GetGVRFromGVK get the Group Version Resource from APIVersion and kind
|
||||
func (c serverResources) GetGVRFromGVK(gvk schema.GroupVersionKind) (schema.GroupVersionResource, error) {
|
||||
_, _, gvr, err := c.FindResource(gvk.GroupVersion().String(), gvk.Kind)
|
||||
if err != nil {
|
||||
logger.Info("schema not found", "kind", k)
|
||||
logger.Error(err, "schema not found", "gvk", gvk)
|
||||
return schema.GroupVersionResource{}, err
|
||||
}
|
||||
|
||||
return gvr, nil
|
||||
}
|
||||
|
||||
// GetGVRFromAPIVersionKind get the Group Version Resource from APIVersion and kind
|
||||
func (c serverResources) GetGVRFromAPIVersionKind(apiVersion string, kind string) schema.GroupVersionResource {
|
||||
_, _, gvr, err := c.FindResource(apiVersion, kind)
|
||||
if err != nil {
|
||||
logger.Info("schema not found", "kind", kind, "apiVersion", apiVersion, "error : ", err)
|
||||
return schema.GroupVersionResource{}
|
||||
}
|
||||
|
||||
return gvr
|
||||
}
|
||||
|
||||
// GetServerVersion returns the server version of the cluster
|
||||
func (c serverResources) GetServerVersion() (*version.Info, error) {
|
||||
return c.cachedClient.ServerVersion()
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package dclient
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
|
|
@ -59,30 +60,25 @@ type fakeDiscoveryClient struct {
|
|||
registeredResources []schema.GroupVersionResource
|
||||
}
|
||||
|
||||
func (c *fakeDiscoveryClient) getGVR(resource string) schema.GroupVersionResource {
|
||||
func (c *fakeDiscoveryClient) getGVR(resource string) (schema.GroupVersionResource, error) {
|
||||
for _, gvr := range c.registeredResources {
|
||||
if gvr.Resource == resource {
|
||||
return gvr
|
||||
return gvr, nil
|
||||
}
|
||||
}
|
||||
return schema.GroupVersionResource{}
|
||||
return schema.GroupVersionResource{}, errors.New("no found")
|
||||
}
|
||||
|
||||
func (c *fakeDiscoveryClient) GetServerVersion() (*version.Info, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (c *fakeDiscoveryClient) GetGVRFromKind(kind string) (schema.GroupVersionResource, error) {
|
||||
resource := strings.ToLower(kind) + "s"
|
||||
return c.getGVR(resource), nil
|
||||
}
|
||||
|
||||
func (c *fakeDiscoveryClient) GetGVKFromGVR(schema.GroupVersionResource) (schema.GroupVersionKind, error) {
|
||||
return schema.GroupVersionKind{}, nil
|
||||
}
|
||||
|
||||
func (c *fakeDiscoveryClient) GetGVRFromAPIVersionKind(apiVersion string, kind string) schema.GroupVersionResource {
|
||||
resource := strings.ToLower(kind) + "s"
|
||||
func (c *fakeDiscoveryClient) GetGVRFromGVK(gvk schema.GroupVersionKind) (schema.GroupVersionResource, error) {
|
||||
resource := strings.ToLower(gvk.Kind) + "s"
|
||||
return c.getGVR(resource)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue