658 prototype changes without policy lookup update

2025-03-29 10:55:05 +00:00 · 2020-02-05 15:55:37 +05:30 · 2020-02-05 15:55:37 +05:30 · d38bf5c16e
commit d38bf5c16e
parent 1da17a58f5
5 changed files with 24 additions and 7 deletions
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@ -71,8 +71,7 @@ spec:
                              type: string
                      resources:
                        type: object
-                        required:
-                        - kinds
+                        minProperties: 1
                        properties:
                          kinds:
                            type: array
--- a/definitions/install_debug.yaml
+++ b/definitions/install_debug.yaml
@ -71,8 +71,7 @@ spec:
                              type: string
                      resources:
                        type: object
-                        required:
-                        - kinds
+                        minProperties: 1
                        properties:
                          kinds:
                            type: array
--- a/pkg/engine/utils.go
+++ b/pkg/engine/utils.go
@ -31,8 +31,10 @@ func MatchesResourceDescription(resource unstructured.Unstructured, rule kyverno
 	matches := rule.MatchResources.ResourceDescription
 	exclude := rule.ExcludeResources.ResourceDescription

-	if !findKind(matches.Kinds, resource.GetKind()) {
-		return false
+	if len(matches.Kinds) > 0 {
+		if !findKind(matches.Kinds, resource.GetKind()) {
+			return false
+		}
 	}

 	name := resource.GetName()
--- a/pkg/policystore/policystore.go
+++ b/pkg/policystore/policystore.go
@ -3,6 +3,8 @@ package policystore
 import (
 	"sync"

+	"k8s.io/apimachinery/pkg/labels"
+
 	"github.com/golang/glog"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
@ -36,6 +38,7 @@ type UpdateInterface interface {
 type LookupInterface interface {
 	// Lookup based on kind and namespaces
 	LookUp(kind, namespace string) ([]kyverno.ClusterPolicy, error)
+	GetAll() ([]kyverno.ClusterPolicy, error)
 }

 // NewPolicyStore returns a new policy store
@ -96,6 +99,20 @@ func (ps *PolicyStore) LookUp(kind, namespace string) ([]kyverno.ClusterPolicy,
 	return ret, nil
 }

+func (ps *PolicyStore) GetAll() ([]kyverno.ClusterPolicy, error) {
+	policyPointers, err := ps.pLister.List(labels.NewSelector())
+	if err != nil {
+		return nil, err
+	}
+
+	var policies = make([]kyverno.ClusterPolicy, 0, len(policyPointers))
+	for _, policy := range policyPointers {
+		policies = append(policies, *policy)
+	}
+
+	return policies, nil
+}
+
 //UnRegister Remove policy information
 func (ps *PolicyStore) UnRegister(policy kyverno.ClusterPolicy) error {
 	ps.mu.Lock()
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@ -190,7 +190,7 @@ func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) {
 }

 func (ws *WebhookServer) handleAdmissionRequest(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
-	policies, err := ws.pMetaStore.LookUp(request.Kind.Kind, request.Namespace)
+	policies, err := ws.pMetaStore.GetAll()
 	if err != nil {
 		// Unable to connect to policy Lister to access policies
 		glog.Errorf("Unable to connect to policy controller to access policies. Policies are NOT being applied: %v", err)