From d38bf5c16e8d38eb8eb20c312ac4c2d380147d1a Mon Sep 17 00:00:00 2001 From: shravan Date: Wed, 5 Feb 2020 15:55:37 +0530 Subject: [PATCH] 658 prototype changes without policy lookup update --- definitions/install.yaml | 3 +-- definitions/install_debug.yaml | 3 +-- pkg/engine/utils.go | 6 ++++-- pkg/policystore/policystore.go | 17 +++++++++++++++++ pkg/webhooks/server.go | 2 +- 5 files changed, 24 insertions(+), 7 deletions(-) diff --git a/definitions/install.yaml b/definitions/install.yaml index ed7f70d9bd..1fb0d61762 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -71,8 +71,7 @@ spec: type: string resources: type: object - required: - - kinds + minProperties: 1 properties: kinds: type: array diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml index 8bbebcf6d9..cba8662c40 100644 --- a/definitions/install_debug.yaml +++ b/definitions/install_debug.yaml @@ -71,8 +71,7 @@ spec: type: string resources: type: object - required: - - kinds + minProperties: 1 properties: kinds: type: array diff --git a/pkg/engine/utils.go b/pkg/engine/utils.go index 3d7384c846..42a4bcc2ec 100644 --- a/pkg/engine/utils.go +++ b/pkg/engine/utils.go @@ -31,8 +31,10 @@ func MatchesResourceDescription(resource unstructured.Unstructured, rule kyverno matches := rule.MatchResources.ResourceDescription exclude := rule.ExcludeResources.ResourceDescription - if !findKind(matches.Kinds, resource.GetKind()) { - return false + if len(matches.Kinds) > 0 { + if !findKind(matches.Kinds, resource.GetKind()) { + return false + } } name := resource.GetName() diff --git a/pkg/policystore/policystore.go b/pkg/policystore/policystore.go index a5b2f82cdf..925fc51238 100644 --- a/pkg/policystore/policystore.go +++ b/pkg/policystore/policystore.go @@ -3,6 +3,8 @@ package policystore import ( "sync" + "k8s.io/apimachinery/pkg/labels" + "github.com/golang/glog" kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1" kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1" @@ -36,6 +38,7 @@ type UpdateInterface interface { type LookupInterface interface { // Lookup based on kind and namespaces LookUp(kind, namespace string) ([]kyverno.ClusterPolicy, error) + GetAll() ([]kyverno.ClusterPolicy, error) } // NewPolicyStore returns a new policy store @@ -96,6 +99,20 @@ func (ps *PolicyStore) LookUp(kind, namespace string) ([]kyverno.ClusterPolicy, return ret, nil } +func (ps *PolicyStore) GetAll() ([]kyverno.ClusterPolicy, error) { + policyPointers, err := ps.pLister.List(labels.NewSelector()) + if err != nil { + return nil, err + } + + var policies = make([]kyverno.ClusterPolicy, 0, len(policyPointers)) + for _, policy := range policyPointers { + policies = append(policies, *policy) + } + + return policies, nil +} + //UnRegister Remove policy information func (ps *PolicyStore) UnRegister(policy kyverno.ClusterPolicy) error { ps.mu.Lock() diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go index d6dd330e99..8f145cf79b 100644 --- a/pkg/webhooks/server.go +++ b/pkg/webhooks/server.go @@ -190,7 +190,7 @@ func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) { } func (ws *WebhookServer) handleAdmissionRequest(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse { - policies, err := ws.pMetaStore.LookUp(request.Kind.Kind, request.Namespace) + policies, err := ws.pMetaStore.GetAll() if err != nil { // Unable to connect to policy Lister to access policies glog.Errorf("Unable to connect to policy controller to access policies. Policies are NOT being applied: %v", err)