mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

658 prototype changes without policy lookup update

Browse source
This commit is contained in:
shravan 2020-02-05 15:55:37 +05:30
parent 1da17a58f5
commit d38bf5c16e
5 changed files with 24 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
definitions/install.yaml
View file

@ -71,8 +71,7 @@ spec:
type: string type: string
resources: resources:
type: object type: object
required: minProperties: 1
- kinds
properties: properties:
kinds: kinds:
type: array type: array

3
definitions/install_debug.yaml
View file

@ -71,8 +71,7 @@ spec:
type: string type: string
resources: resources:
type: object type: object
required: minProperties: 1
- kinds
properties: properties:
kinds: kinds:
type: array type: array

6
pkg/engine/utils.go
View file

@ -31,8 +31,10 @@ func MatchesResourceDescription(resource unstructured.Unstructured, rule kyverno
matches := rule.MatchResources.ResourceDescription matches := rule.MatchResources.ResourceDescription
exclude := rule.ExcludeResources.ResourceDescription exclude := rule.ExcludeResources.ResourceDescription
if !findKind(matches.Kinds, resource.GetKind()) { if len(matches.Kinds) > 0 {
return false if !findKind(matches.Kinds, resource.GetKind()) {
return false
}
} }
name := resource.GetName() name := resource.GetName()

17
pkg/policystore/policystore.go
View file

@ -3,6 +3,8 @@ package policystore
import ( import (
"sync" "sync"
"k8s.io/apimachinery/pkg/labels"
"github.com/golang/glog" "github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1" kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1" kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
@ -36,6 +38,7 @@ type UpdateInterface interface {
type LookupInterface interface { type LookupInterface interface {
// Lookup based on kind and namespaces // Lookup based on kind and namespaces
LookUp(kind, namespace string) ([]kyverno.ClusterPolicy, error) LookUp(kind, namespace string) ([]kyverno.ClusterPolicy, error)
GetAll() ([]kyverno.ClusterPolicy, error)
} }
// NewPolicyStore returns a new policy store // NewPolicyStore returns a new policy store
@ -96,6 +99,20 @@ func (ps *PolicyStore) LookUp(kind, namespace string) ([]kyverno.ClusterPolicy,
return ret, nil return ret, nil
} }
func (ps *PolicyStore) GetAll() ([]kyverno.ClusterPolicy, error) {
policyPointers, err := ps.pLister.List(labels.NewSelector())
if err != nil {
return nil, err
}
var policies = make([]kyverno.ClusterPolicy, 0, len(policyPointers))
for _, policy := range policyPointers {
policies = append(policies, *policy)
}
return policies, nil
}
//UnRegister Remove policy information //UnRegister Remove policy information
func (ps *PolicyStore) UnRegister(policy kyverno.ClusterPolicy) error { func (ps *PolicyStore) UnRegister(policy kyverno.ClusterPolicy) error {
ps.mu.Lock() ps.mu.Lock()

2
pkg/webhooks/server.go
View file

@ -190,7 +190,7 @@ func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) {
} }
func (ws *WebhookServer) handleAdmissionRequest(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse { func (ws *WebhookServer) handleAdmissionRequest(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
policies, err := ws.pMetaStore.LookUp(request.Kind.Kind, request.Namespace) policies, err := ws.pMetaStore.GetAll()
if err != nil { if err != nil {
// Unable to connect to policy Lister to access policies // Unable to connect to policy Lister to access policies
glog.Errorf("Unable to connect to policy controller to access policies. Policies are NOT being applied: %v", err) glog.Errorf("Unable to connect to policy controller to access policies. Policies are NOT being applied: %v", err)