mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
generate reportRequest in kyverno namespace
This commit is contained in:
Shuting Zhao
parent
f499c1ebb7
commit
ca3704eb7d
3 changed files with 24 additions and 18 deletions
|
|
@ -9,6 +9,7 @@ import (
|
|||
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
|
||||
report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
|
||||
"github.com/kyverno/kyverno/pkg/common"
|
||||
"github.com/kyverno/kyverno/pkg/config"
|
||||
"github.com/kyverno/kyverno/pkg/engine/response"
|
||||
"github.com/kyverno/kyverno/pkg/engine/utils"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
|
|
@ -98,7 +99,7 @@ func (pvb *requestBuilder) build(info Info) (req *unstructured.Unstructured, err
|
|||
}
|
||||
|
||||
req = &unstructured.Unstructured{Object: obj}
|
||||
set(req, fmt.Sprintf("reportrequest-%s-%s", info.PolicyName, info.Resource.GetName()), info)
|
||||
set(req, fmt.Sprintf("reportrequest-%s-%s-%s", info.PolicyName, info.Resource.GetNamespace(), info.Resource.GetName()), info)
|
||||
} else {
|
||||
rr := &report.ClusterReportRequest{
|
||||
Summary: calculateSummary(results),
|
||||
|
|
@ -115,7 +116,8 @@ func (pvb *requestBuilder) build(info Info) (req *unstructured.Unstructured, err
|
|||
|
||||
if len(info.Rules) == 0 && info.PolicyName == "" {
|
||||
req.SetLabels(map[string]string{
|
||||
"delete": generatedDeletedResourceLabel(info.Resource.GetKind(), info.Resource.GetNamespace(), info.Resource.GetName())})
|
||||
"namespace": info.Resource.GetNamespace(),
|
||||
"delete": generatedDeletedResourceLabel(info.Resource.GetKind(), info.Resource.GetNamespace(), info.Resource.GetName())})
|
||||
}
|
||||
return req, nil
|
||||
}
|
||||
|
|
@ -123,7 +125,7 @@ func (pvb *requestBuilder) build(info Info) (req *unstructured.Unstructured, err
|
|||
func set(obj *unstructured.Unstructured, name string, info Info) {
|
||||
resource := info.Resource
|
||||
obj.SetName(name)
|
||||
obj.SetNamespace(resource.GetNamespace())
|
||||
obj.SetNamespace(config.KubePolicyNamespace)
|
||||
obj.SetAPIVersion("policy.kubernetes.io/v1alpha1")
|
||||
if resource.GetNamespace() == "" {
|
||||
obj.SetKind("ClusterReportRequest")
|
||||
|
|
@ -132,8 +134,9 @@ func set(obj *unstructured.Unstructured, name string, info Info) {
|
|||
}
|
||||
|
||||
obj.SetLabels(map[string]string{
|
||||
"policy": info.PolicyName,
|
||||
"resource": resource.GetKind() + "-" + resource.GetName(),
|
||||
"namespace": resource.GetNamespace(),
|
||||
"policy": info.PolicyName,
|
||||
"resource": resource.GetKind() + "-" + resource.GetNamespace() + "-" + resource.GetName(),
|
||||
})
|
||||
|
||||
if info.FromSync {
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import (
|
|||
report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
|
||||
policyreportinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport/v1alpha1"
|
||||
policyreport "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha1"
|
||||
"github.com/kyverno/kyverno/pkg/config"
|
||||
"github.com/kyverno/kyverno/pkg/constant"
|
||||
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
|
|
@ -99,7 +100,7 @@ func NewReportGenerator(
|
|||
|
||||
func (g *ReportGenerator) addReportRequest(obj interface{}) {
|
||||
r := obj.(*report.ReportRequest)
|
||||
ns := r.GetNamespace()
|
||||
ns := r.GetLabels()["namespace"]
|
||||
if ns == "" {
|
||||
ns = "default"
|
||||
}
|
||||
|
|
@ -114,7 +115,7 @@ func (g *ReportGenerator) updateReportRequest(old interface{}, cur interface{})
|
|||
return
|
||||
}
|
||||
|
||||
ns := curReq.GetNamespace()
|
||||
ns := curReq.GetLabels()["namespace"]
|
||||
if ns == "" {
|
||||
ns = "default"
|
||||
}
|
||||
|
|
@ -270,7 +271,8 @@ func (g *ReportGenerator) aggregateReports(namespace string) (
|
|||
return nil, nil, fmt.Errorf("unable to get namespace %s: %v", ns.GetName(), err)
|
||||
}
|
||||
|
||||
requests, err := g.reportRequestLister.ReportRequests(ns.GetName()).List(labels.Everything())
|
||||
selector := labels.SelectorFromSet(labels.Set(map[string]string{"namespace": namespace}))
|
||||
requests, err := g.reportRequestLister.ReportRequests(config.KubePolicyNamespace).List(selector)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("unable to list reportRequests within namespace %s: %v", ns, err)
|
||||
}
|
||||
|
|
@ -425,7 +427,7 @@ func (g *ReportGenerator) cleanupReportRequets(requestsGeneral interface{}) {
|
|||
defer g.log.V(5).Info("successfully cleaned up report requests")
|
||||
if requests, ok := requestsGeneral.([]*report.ReportRequest); ok {
|
||||
for _, request := range requests {
|
||||
if err := g.dclient.DeleteResource(request.APIVersion, "ReportRequest", request.Namespace, request.Name, false); err != nil {
|
||||
if err := g.dclient.DeleteResource(request.APIVersion, "ReportRequest", config.KubePolicyNamespace, request.Name, false); err != nil {
|
||||
if !apierrors.IsNotFound(err) {
|
||||
g.log.Error(err, "failed to delete report request")
|
||||
}
|
||||
|
|
@ -435,7 +437,7 @@ func (g *ReportGenerator) cleanupReportRequets(requestsGeneral interface{}) {
|
|||
|
||||
if requests, ok := requestsGeneral.([]*report.ClusterReportRequest); ok {
|
||||
for _, request := range requests {
|
||||
if err := g.dclient.DeleteResource(request.APIVersion, "ClusterReportRequest", request.Namespace, request.Name, false); err != nil {
|
||||
if err := g.dclient.DeleteResource(request.APIVersion, "ClusterReportRequest", "", request.Name, false); err != nil {
|
||||
if !apierrors.IsNotFound(err) {
|
||||
g.log.Error(err, "failed to delete clusterReportRequest")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ import (
|
|||
reportrequest "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha1"
|
||||
policyreportinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport/v1alpha1"
|
||||
policyreport "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha1"
|
||||
"github.com/kyverno/kyverno/pkg/config"
|
||||
"github.com/kyverno/kyverno/pkg/constant"
|
||||
client "github.com/kyverno/kyverno/pkg/dclient"
|
||||
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
||||
|
|
@ -254,11 +255,11 @@ func (gen *Generator) sync(reportReq *unstructured.Unstructured, info Info) erro
|
|||
old, err := gen.clusterReportRequestLister.Get(reportReq.GetName())
|
||||
if err != nil {
|
||||
if apierrors.IsNotFound(err) {
|
||||
if _, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), reportReq.GetNamespace(), reportReq, false); err != nil {
|
||||
if _, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), "", reportReq, false); err != nil {
|
||||
return fmt.Errorf("failed to create clusterReportRequest: %v", err)
|
||||
}
|
||||
|
||||
logger.V(3).Info("successfully created clusterReportRequest", "namespace", reportReq.GetNamespace(), "name", reportReq.GetName())
|
||||
logger.V(3).Info("successfully created clusterReportRequest", "name", reportReq.GetName())
|
||||
return nil
|
||||
}
|
||||
return fmt.Errorf("unable to get %s: %v", reportReq.GetKind(), err)
|
||||
|
|
@ -267,14 +268,14 @@ func (gen *Generator) sync(reportReq *unstructured.Unstructured, info Info) erro
|
|||
return updateReportRequest(gen.dclient, old, reportReq, logger)
|
||||
}
|
||||
|
||||
old, err := gen.reportRequestLister.ReportRequests(reportReq.GetNamespace()).Get(reportReq.GetName())
|
||||
old, err := gen.reportRequestLister.ReportRequests(config.KubePolicyNamespace).Get(reportReq.GetName())
|
||||
if err != nil {
|
||||
if apierrors.IsNotFound(err) {
|
||||
if _, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), reportReq.GetNamespace(), reportReq, false); err != nil {
|
||||
if _, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), config.KubePolicyNamespace, reportReq, false); err != nil {
|
||||
return fmt.Errorf("failed to create %s: %v", reportReq.GetKind(), err)
|
||||
}
|
||||
|
||||
logger.V(3).Info("successfully created reportRequest", "namespace", reportReq.GetNamespace, "name", reportReq.GetName())
|
||||
logger.V(3).Info("successfully created reportRequest", "name", reportReq.GetName())
|
||||
return nil
|
||||
}
|
||||
return fmt.Errorf("unable to get existing reportRequest %v", err)
|
||||
|
|
@ -301,15 +302,15 @@ func updateReportRequest(dClient *client.Client, old interface{}, new *unstructu
|
|||
}
|
||||
|
||||
if !hasResultsChanged(oldUnstructed, new.UnstructuredContent()) {
|
||||
log.V(4).Info("unchanged report request", "namespace", new.GetNamespace(), "name", new.GetName())
|
||||
log.V(4).Info("unchanged report request", "name", new.GetName())
|
||||
return nil
|
||||
}
|
||||
// TODO(shuting): set annotation / label
|
||||
if _, err = dClient.UpdateResource(new.GetAPIVersion(), new.GetKind(), new.GetNamespace(), new, false); err != nil {
|
||||
if _, err = dClient.UpdateResource(new.GetAPIVersion(), new.GetKind(), config.KubePolicyNamespace, new, false); err != nil {
|
||||
return fmt.Errorf("failed to update report request: %v", err)
|
||||
}
|
||||
|
||||
log.V(4).Info("successfully updated report request", "kind", new.GetKind(), "namespace", new.GetNamespace(), "name", new.GetName())
|
||||
log.V(4).Info("successfully updated report request", "kind", new.GetKind(), "name", new.GetName())
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue