mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

Resolve PR 27

Browse source
This commit is contained in:
shuting 2019-05-13 18:17:28 -07:00
parent 77a52f4586
commit d683340a2e
24 changed files with 52 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
kubeclient/kubeclient.go
View file

@ -10,7 +10,6 @@ import (
types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
apps "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1"
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@ -43,7 +42,7 @@ func NewKubeClient(config *rest.Config, logger *log.Logger) (*KubeClient, error)
}, nil
}
func (kc *KubeClient) GetEventsInterface(namespace string) event.EventInterface {
func (kc *KubeClient) GetEvents(namespace string) event.EventInterface {
return kc.client.CoreV1().Events(namespace)
}
@ -51,7 +50,7 @@ func (kc *KubeClient) GetKubePolicyDeployment() (*apps.Deployment, error) {
kubePolicyDeployment, err := kc.client.
AppsV1().
Deployments(config.KubePolicyNamespace).
Get(config.KubePolicyDeploymentName, meta.GetOptions{})
Get(config.KubePolicyDeploymentName, metav1.GetOptions{})
if err != nil {
return nil, err

16
main.go
View file

@ -5,15 +5,13 @@ import (
"log"
"github.com/nirmata/kube-policy/kubeclient"
"github.com/nirmata/kube-policy/pkg/webhooks"
"github.com/nirmata/kube-policy/policycontroller"
policyclientset "github.com/nirmata/kube-policy/pkg/client/clientset/versioned"
informers "github.com/nirmata/kube-policy/pkg/client/informers/externalversions"
policyengine "github.com/nirmata/kube-policy/pkg/policyengine"
policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation"
controller "github.com/nirmata/kube-policy/pkg/controller"
engine "github.com/nirmata/kube-policy/pkg/engine"
event "github.com/nirmata/kube-policy/pkg/event"
violation "github.com/nirmata/kube-policy/pkg/violation"
"github.com/nirmata/kube-policy/pkg/webhooks"
"k8s.io/sample-controller/pkg/signals"
)
@ -44,10 +42,10 @@ func main() {
policyInformer := policyInformerFactory.Kubepolicy().V1alpha1().Policies()
eventController := event.NewEventController(kubeclient, policyInformer.Lister(), nil)
violationBuilder := policyviolation.NewPolicyViolationBuilder(kubeclient, policyInformer.Lister(), policyClientset, eventController, nil)
policyEngine := policyengine.NewPolicyEngine(kubeclient, nil)
violationBuilder := violation.NewPolicyViolationBuilder(kubeclient, policyInformer.Lister(), policyClientset, eventController, nil)
policyEngine := engine.NewPolicyEngine(kubeclient, nil)
policyController := policycontroller.NewPolicyController(policyClientset,
policyController := controller.NewPolicyController(policyClientset,
policyInformer,
policyEngine,
violationBuilder,

14
policycontroller/policycontroller.go → pkg/controller/controller.go
View file

@ -1,4 +1,4 @@
package policycontroller
package controller
import (
"fmt"
@ -10,9 +10,9 @@ import (
policyclientset "github.com/nirmata/kube-policy/pkg/client/clientset/versioned"
infomertypes "github.com/nirmata/kube-policy/pkg/client/informers/externalversions/policy/v1alpha1"
lister "github.com/nirmata/kube-policy/pkg/client/listers/policy/v1alpha1"
engine "github.com/nirmata/kube-policy/pkg/engine"
event "github.com/nirmata/kube-policy/pkg/event"
policyengine "github.com/nirmata/kube-policy/pkg/policyengine"
policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation"
violation "github.com/nirmata/kube-policy/pkg/violation"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@ -27,8 +27,8 @@ type PolicyController struct {
policyLister lister.PolicyLister
policyInterface policyclientset.Interface
policySynced cache.InformerSynced
policyEngine policyengine.PolicyEngine
violationBuilder policyviolation.Generator
policyEngine engine.PolicyEngine
violationBuilder violation.Generator
eventBuilder event.Generator
logger *log.Logger
queue workqueue.RateLimitingInterface
@ -37,8 +37,8 @@ type PolicyController struct {
// NewPolicyController from cmd args
func NewPolicyController(policyInterface policyclientset.Interface,
policyInformer infomertypes.PolicyInformer,
policyEngine policyengine.PolicyEngine,
violationBuilder policyviolation.Generator,
policyEngine engine.PolicyEngine,
violationBuilder violation.Generator,
eventController event.Generator,
logger *log.Logger,
kubeClient *kubeClient.KubeClient) *PolicyController {

2
policycontroller/policycontroller_test.go → pkg/controller/controller_test.go
View file

@ -1,4 +1,4 @@
package policycontroller
package controller
import (
"testing"

8
policycontroller/processPolicy.go → pkg/controller/processPolicy.go
View file

@ -1,13 +1,13 @@
package policycontroller
package controller
import (
"encoding/json"
"fmt"
types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
"github.com/nirmata/kube-policy/pkg/engine/mutation"
event "github.com/nirmata/kube-policy/pkg/event"
"github.com/nirmata/kube-policy/pkg/policyengine/mutation"
policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation"
violation "github.com/nirmata/kube-policy/pkg/violation"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@ -42,7 +42,7 @@ func (pc *PolicyController) runForPolicy(key string) {
// processPolicy process the policy to all the matched resources
func (pc *PolicyController) processPolicy(policy types.Policy) (
violations []policyviolation.Info, events []event.Info, err error) {
violations []violation.Info, events []event.Info, err error) {
for _, rule := range policy.Spec.Rules {
resources, err := pc.filterResourceByRule(rule)

2
policycontroller/utils.go → pkg/controller/utils.go
View file

@ -1,4 +1,4 @@
package policycontroller
package controller
const policyWorkQueueName = "policyworkqueue"

22
pkg/policyengine/policyengine.go → pkg/engine/engine.go
View file

@ -1,4 +1,4 @@
package policyengine
package engine
import (
"fmt"
@ -6,9 +6,9 @@ import (
kubeClient "github.com/nirmata/kube-policy/kubeclient"
types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
"github.com/nirmata/kube-policy/pkg/engine/mutation"
event "github.com/nirmata/kube-policy/pkg/event"
"github.com/nirmata/kube-policy/pkg/policyengine/mutation"
policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation"
violation "github.com/nirmata/kube-policy/pkg/violation"
)
type PolicyEngine interface {
@ -19,16 +19,16 @@ type PolicyEngine interface {
// ProcessValidation should be called from admission contoller
// when there is an creation / update of the resource
// TODO: Change name to Validate
ProcessValidation(policy types.Policy, rawResource []byte)
Validate(policy types.Policy, rawResource []byte)
// ProcessExisting should be called from policy controller
// when there is an create / update of the policy
// we should process the policy on matched resources, generate violations accordingly
// TODO: This method should not be in PolicyEngine. Validate will do this work instead
ProcessExisting(policy types.Policy, rawResource []byte) ([]policyviolation.Info, []event.Info, error)
ProcessExisting(policy types.Policy, rawResource []byte) ([]violation.Info, []event.Info, error)
// TODO: Add Generate method
// Generate()
}
type policyEngine struct {
@ -43,8 +43,8 @@ func NewPolicyEngine(kubeClient *kubeClient.KubeClient, logger *log.Logger) Poli
}
}
func (p *policyEngine) ProcessExisting(policy types.Policy, rawResource []byte) ([]policyviolation.Info, []event.Info, error) {
var violations []policyviolation.Info
func (p *policyEngine) ProcessExisting(policy types.Policy, rawResource []byte) ([]violation.Info, []event.Info, error) {
var violations []violation.Info
var events []event.Info
for _, rule := range policy.Spec.Rules {
@ -74,9 +74,9 @@ func (p *policyEngine) ProcessExisting(policy types.Policy, rawResource []byte)
}
func (p *policyEngine) processRuleOnResource(policyName string, rule types.Rule, rawResource []byte) (
policyviolation.Info, []event.Info, error) {
violation.Info, []event.Info, error) {
var violationInfo policyviolation.Info
var violationInfo violation.Info
var eventInfos []event.Info
resourceKind := mutation.ParseKindFromObject(rawResource)
@ -91,7 +91,7 @@ func (p *policyEngine) processRuleOnResource(policyName string, rule types.Rule,
if rulePatchesProcessed != nil {
log.Printf("Rule %s: prepared %d patches", rule.Name, len(rulePatchesProcessed))
violationInfo = policyviolation.NewViolation(policyName, resourceKind, resourceNamespace+"/"+resourceName, rule.Name)
violationInfo = violation.NewViolation(policyName, resourceKind, resourceNamespace+"/"+resourceName, rule.Name)
// add a violation to queue
// add an event to policy

4
pkg/policyengine/generation.go → pkg/engine/generation.go
View file

@ -1,10 +1,10 @@
package policyengine
package engine
import (
"fmt"
kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
"github.com/nirmata/kube-policy/pkg/policyengine/mutation"
"github.com/nirmata/kube-policy/pkg/engine/mutation"
)
// TODO: To be reworked due to spec policy-v2

4
pkg/policyengine/mutation.go → pkg/engine/mutation.go
View file

@ -1,8 +1,8 @@
package policyengine
package engine
import (
kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
"github.com/nirmata/kube-policy/pkg/policyengine/mutation"
"github.com/nirmata/kube-policy/pkg/engine/mutation"
)
// Mutate performs mutation. Overlay first and then mutation patches

0
pkg/policyengine/mutation/checkRules.go → pkg/engine/mutation/checkRules.go
View file

0
pkg/policyengine/mutation/overlay.go → pkg/engine/mutation/overlay.go
View file

0
pkg/policyengine/mutation/patches.go → pkg/engine/mutation/patches.go
View file

0
pkg/policyengine/mutation/patches_test.go → pkg/engine/mutation/patches_test.go
View file

0
pkg/policyengine/mutation/utils.go → pkg/engine/mutation/utils.go
View file

0
pkg/policyengine/mutation/utils_test.go → pkg/engine/mutation/utils_test.go
View file

5
pkg/engine/validation.go Normal file
View file

@ -0,0 +1,5 @@
package engine
import types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
func (p *policyEngine) Validate(policy types.Policy, rawResource []byte) {}

0
pkg/event/eventmsgbuilder_test.go → pkg/event/builder_test.go
View file

2
pkg/event/eventcontroller.go → pkg/event/controller.go
View file

@ -59,7 +59,7 @@ func initRecorder(kubeClient *kubeClient.KubeClient) record.EventRecorder {
eventBroadcaster.StartLogging(log.Printf)
eventBroadcaster.StartRecordingToSink(
&typedcorev1.EventSinkImpl{
Interface: kubeClient.GetEventsInterface("")})
Interface: kubeClient.GetEvents("")})
recorder := eventBroadcaster.NewRecorder(
scheme.Scheme,
v1.EventSource{Component: eventSource})

3
pkg/event/eventmsgbuilder.go → pkg/event/msgbuilder.go
View file

@ -19,11 +19,12 @@ func (k MsgKey) String() string {
const argRegex = "%[s,d,v]"
var re = regexp.MustCompile(argRegex)
//GetEventMsg return the application message based on the message id and the arguments,
// if the number of arguments passed to the message are incorrect generate an error
func getEventMsg(key MsgKey, args ...interface{}) (string, error) {
// Verify the number of arguments
re := regexp.MustCompile(argRegex)
argsCount := len(re.FindAllString(key.String(), -1))
if argsCount != len(args) {
return "", fmt.Errorf("message expects %d arguments, but %d arguments passed", argsCount, len(args))

5
pkg/policyengine/validation.go
View file

@ -1,5 +0,0 @@
package policyengine
import types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
func (p *policyEngine) ProcessValidation(policy types.Policy, rawResource []byte) {}

2
pkg/policyviolation/builder.go → pkg/violation/builder.go
View file

@ -1,4 +1,4 @@
package policyviolation
package violation
import (
"fmt"

2
pkg/policyviolation/util.go → pkg/violation/util.go
View file

@ -1,4 +1,4 @@
package policyviolation
package violation
import policytype "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"

8
pkg/webhooks/server.go
View file

@ -17,8 +17,8 @@ import (
"github.com/nirmata/kube-policy/kubeclient"
kubepolicy "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
policylister "github.com/nirmata/kube-policy/pkg/client/listers/policy/v1alpha1"
"github.com/nirmata/kube-policy/pkg/policyengine"
"github.com/nirmata/kube-policy/pkg/policyengine/mutation"
engine "github.com/nirmata/kube-policy/pkg/engine"
"github.com/nirmata/kube-policy/pkg/engine/mutation"
"github.com/nirmata/kube-policy/utils"
v1beta1 "k8s.io/api/admission/v1beta1"
"k8s.io/apimachinery/pkg/labels"
@ -29,7 +29,7 @@ import (
// MutationWebhook gets policies from policyController and takes control of the cluster with kubeclient.
type WebhookServer struct {
server http.Server
policyEngine policyengine.PolicyEngine
policyEngine engine.PolicyEngine
policyLister policylister.PolicyLister
logger *log.Logger
}
@ -55,7 +55,7 @@ func NewWebhookServer(
return nil, err
}
tlsConfig.Certificates = []tls.Certificate{pair}
policyEngine := policyengine.NewPolicyEngine(kubeclient, logger)
policyEngine := engine.NewPolicyEngine(kubeclient, logger)
ws := &WebhookServer{
policyEngine: policyEngine,

2
pkg/webhooks/utils.go
View file

@ -3,7 +3,7 @@ package webhooks
import (
kubeclient "github.com/nirmata/kube-policy/kubeclient"
types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
mutation "github.com/nirmata/kube-policy/pkg/policyengine/mutation"
mutation "github.com/nirmata/kube-policy/pkg/engine/mutation"
"k8s.io/api/admission/v1beta1"
)