diff --git a/pkg/policy/apply.go b/pkg/policy/apply.go index a204e95c36..4796d5c390 100644 --- a/pkg/policy/apply.go +++ b/pkg/policy/apply.go @@ -15,6 +15,7 @@ import ( enginecontext "github.com/kyverno/kyverno/pkg/engine/context" "github.com/kyverno/kyverno/pkg/engine/context/resolvers" "github.com/kyverno/kyverno/pkg/engine/response" + "github.com/kyverno/kyverno/pkg/logging" "github.com/kyverno/kyverno/pkg/registryclient" jsonutils "github.com/kyverno/kyverno/pkg/utils/json" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -47,11 +48,14 @@ func applyPolicy( var err error ctx := enginecontext.NewContext() - err = enginecontext.AddResource(ctx, transformResource(resource)) + data, err := resource.MarshalJSON() + if err != nil { + logging.Error(err, "failed to marshal resource") + } + err = enginecontext.AddResource(ctx, data) if err != nil { logger.Error(err, "failed to add transform resource to ctx") } - err = ctx.AddNamespace(resource.GetNamespace()) if err != nil { logger.Error(err, "failed to add namespace to ctx") diff --git a/pkg/policy/common.go b/pkg/policy/common.go index 7798d0b5d9..5d655e10c0 100644 --- a/pkg/policy/common.go +++ b/pkg/policy/common.go @@ -3,12 +3,10 @@ package policy import ( "context" "reflect" - "strings" "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" "github.com/kyverno/kyverno/pkg/config" - "github.com/kyverno/kyverno/pkg/logging" "github.com/kyverno/kyverno/pkg/utils" kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" "github.com/kyverno/kyverno/pkg/utils/wildcard" @@ -17,33 +15,6 @@ import ( "k8s.io/apimachinery/pkg/labels" ) -func transformResource(resource unstructured.Unstructured) []byte { - data, err := resource.MarshalJSON() - if err != nil { - logging.Error(err, "failed to marshal resource") - return nil - } - return data -} - -func ParseNamespacedPolicy(key string) (string, string, bool) { - namespace := "" - index := strings.Index(key, "/") - if index != -1 { - namespace = key[:index] - key = key[index+1:] - return namespace, key, true - } - return namespace, key, false -} - -// MergeResources merges b into a map -func MergeResources(a, b map[string]unstructured.Unstructured) { - for k, v := range b { - a[k] = v - } -} - func (pc *PolicyController) getResourceList(kind, namespace string, labelSelector *metav1.LabelSelector, log logr.Logger) *unstructured.UnstructuredList { gv, k := kubeutils.GetKindFromGVK(kind) resourceList, err := pc.client.ListResource(context.TODO(), gv, k, namespace, labelSelector) diff --git a/pkg/policy/policy_controller.go b/pkg/policy/policy_controller.go index cee352a02a..1c8eda036f 100644 --- a/pkg/policy/policy_controller.go +++ b/pkg/policy/policy_controller.go @@ -377,11 +377,16 @@ func (pc *PolicyController) syncPolicy(key string) error { } func (pc *PolicyController) getPolicy(key string) (kyvernov1.PolicyInterface, error) { - namespace, key, isNamespacedPolicy := ParseNamespacedPolicy(key) - if !isNamespacedPolicy { - return pc.pLister.Get(key) + if ns, name, err := cache.SplitMetaNamespaceKey(key); err != nil { + pc.log.Error(err, "failed to parse policy name", "policyName", key) + return nil, err + } else { + isNamespacedPolicy := ns != "" + if !isNamespacedPolicy { + return pc.pLister.Get(name) + } + return pc.npLister.Policies(ns).Get(name) } - return pc.npLister.Policies(namespace).Get(key) } func generateTriggers(client dclient.Interface, rule kyvernov1.Rule, log logr.Logger) []*unstructured.Unstructured { diff --git a/pkg/policycache/store.go b/pkg/policycache/store.go index 9ee666a980..5baa36c8c2 100644 --- a/pkg/policycache/store.go +++ b/pkg/policycache/store.go @@ -5,9 +5,9 @@ import ( kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" "github.com/kyverno/kyverno/pkg/autogen" - "github.com/kyverno/kyverno/pkg/policy" kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" "k8s.io/apimachinery/pkg/util/sets" + kcache "k8s.io/client-go/tools/cache" ) type store interface { @@ -150,7 +150,11 @@ func (m *policyMap) get(key PolicyType, gvk, namespace string) []kyvernov1.Polic kind := computeKind(gvk) var result []kyvernov1.PolicyInterface for policyName := range m.kindType[kind][key] { - ns, _, isNamespacedPolicy := policy.ParseNamespacedPolicy(policyName) + ns, _, err := kcache.SplitMetaNamespaceKey(policyName) + if err != nil { + logger.Error(err, "failed to parse policy name", "policyName", policyName) + } + isNamespacedPolicy := ns != "" policy := m.policies[policyName] if policy == nil { logger.Info("nil policy in the cache, this should not happen")