mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity

add request.namespace in the background process

Browse source 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
This commit is contained in:
Shuting Zhao 2021-02-22 17:22:23 -08:00
parent 17c72c1578
commit d770d6680b
3 changed files with 31 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
pkg/engine/context/context.go
View file

@ -28,6 +28,9 @@ type Interface interface {
// AddServiceAccount merges ServiceAccount types // AddServiceAccount merges ServiceAccount types
AddServiceAccount(userName string) error AddServiceAccount(userName string) error
// AddNamespace merges resource json under request.namespace
AddNamespace(namespace string) error
EvalInterface EvalInterface
} }
@ -190,6 +193,27 @@ func (ctx *Context) AddServiceAccount(userName string) error {
return nil return nil
} }
// AddNamespace merges resource json under request.namespace
func (ctx *Context) AddNamespace(namespace string) error {
modifiedResource := struct {
Request interface{} `json:"request"`
}{
Request: struct {
Namespace string `json:"namespace"`
}{
Namespace: namespace,
},
}
objRaw, err := json.Marshal(modifiedResource)
if err != nil {
ctx.log.Error(err, "failed to marshal the resource")
return err
}
return ctx.AddJSON(objRaw)
}
// Checkpoint creates a copy of the internal state. // Checkpoint creates a copy of the internal state.
// Prior checkpoints will be overridden. // Prior checkpoints will be overridden.
func (ctx *Context) Checkpoint() { func (ctx *Context) Checkpoint() {

7
pkg/policy/apply.go
View file

@ -42,7 +42,12 @@ func applyPolicy(policy kyverno.ClusterPolicy, resource unstructured.Unstructure
ctx := context.NewContext() ctx := context.NewContext()
err = ctx.AddResource(transformResource(resource)) err = ctx.AddResource(transformResource(resource))
if err != nil { if err != nil {
logger.Error(err, "enable to add transform resource to ctx") logger.Error(err, "failed to add transform resource to ctx")
}
err = ctx.AddNamespace(resource.GetNamespace())
if err != nil {
logger.Error(err, "failed to add namespace to ctx")
} }
engineResponseMutation, err = mutation(policy, resource, logger, resCache, ctx, namespaceLabels) engineResponseMutation, err = mutation(policy, resource, logger, resCache, ctx, namespaceLabels)

2
pkg/policy/background.go
View file

@ -21,7 +21,7 @@ func ContainsVariablesOtherThanObject(policy kyverno.ClusterPolicy) error {
return fmt.Errorf("invalid variable used at path: spec/rules[%d]/exclude/%s", idx, path) return fmt.Errorf("invalid variable used at path: spec/rules[%d]/exclude/%s", idx, path)
} }
filterVars := []string{"request.object"} filterVars := []string{"request.object", "request.namespace"}
ctx := context.NewContext(filterVars...) ctx := context.NewContext(filterVars...)
for contextIdx, contextEntry := range rule.Context { for contextIdx, contextEntry := range rule.Context {