diff --git a/.golangci.yml b/.golangci.yml index f3d1ddec5d..07c95c6297 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,14 +1,14 @@ linters: enable: - - gosec + - deadcode - errcheck + - gosec - gosimple - bodyclose - staticcheck + - unused disable: - ineffassign - - deadcode - - unused - structcheck run: diff --git a/pkg/engine/utils.go b/pkg/engine/utils.go index a496c90a57..3459e779e7 100644 --- a/pkg/engine/utils.go +++ b/pkg/engine/utils.go @@ -377,43 +377,6 @@ func matchesResourceDescriptionExcludeHelper(rer kyverno.ResourceFilter, admissi return errs } -func copyAnyAllConditions(original kyverno.AnyAllConditions) kyverno.AnyAllConditions { - if reflect.DeepEqual(original, kyverno.AnyAllConditions{}) { - return kyverno.AnyAllConditions{} - } - return *original.DeepCopy() -} - -// backwards compatibility -func copyOldConditions(original []kyverno.Condition) []kyverno.Condition { - if len(original) == 0 { - return []kyverno.Condition{} - } - - var copies []kyverno.Condition - for _, condition := range original { - copies = append(copies, *condition.DeepCopy()) - } - - return copies -} - -func transformConditions(original apiextensions.JSON) (interface{}, error) { - // conditions are currently in the form of []interface{} - kyvernoOriginalConditions, err := utils.ApiextensionsJsonToKyvernoConditions(original) - if err != nil { - return nil, err - } - switch typedValue := kyvernoOriginalConditions.(type) { - case kyverno.AnyAllConditions: - return copyAnyAllConditions(typedValue), nil - case []kyverno.Condition: // backwards compatibility - return copyOldConditions(typedValue), nil - } - - return nil, fmt.Errorf("invalid preconditions") -} - // excludeResource checks if the resource has ownerRef set func excludeResource(podControllers string, resource unstructured.Unstructured) bool { kind := resource.GetKind() diff --git a/pkg/policy/metrics.go b/pkg/policy/metrics.go index c7ecac669a..b13b8fff82 100644 --- a/pkg/policy/metrics.go +++ b/pkg/policy/metrics.go @@ -68,10 +68,3 @@ func (pc *PolicyController) registerPolicyChangesMetricDeletePolicy(logger logr. logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's deletion", "name", p.GetName()) } } - -func (pc *PolicyController) registerPolicyRuleInfoMetricDeleteNsPolicy(logger logr.Logger, p *kyverno.Policy) { - err := policyRuleInfoMetric.RemovePolicy(pc.promConfig, p) - if err != nil { - logger.Error(err, "error occurred while registering kyverno_policy_rule_info_total metrics for the above policy's deletion", "name", p.Name) - } -} diff --git a/pkg/testrunner/utils.go b/pkg/testrunner/utils.go index a6824f2268..6ab1910094 100644 --- a/pkg/testrunner/utils.go +++ b/pkg/testrunner/utils.go @@ -46,10 +46,3 @@ func ConvertToUnstructured(data []byte) (*unstructured.Unstructured, error) { } return resource, nil } - -func envOr(name, def string) string { - if v, ok := os.LookupEnv(name); ok { - return v - } - return def -} diff --git a/pkg/webhooks/annotations.go b/pkg/webhooks/annotations.go deleted file mode 100644 index cf514ae184..0000000000 --- a/pkg/webhooks/annotations.go +++ /dev/null @@ -1,141 +0,0 @@ -package webhooks - -import ( - "encoding/json" - "strings" - - "github.com/go-logr/logr" - "github.com/kyverno/kyverno/pkg/engine/response" - jsonutils "github.com/kyverno/kyverno/pkg/utils/json" - yamlv2 "gopkg.in/yaml.v2" -) - -const ( - policyAnnotation = "policies.kyverno.io~1last-applied-patches" - oldAnnotation = "policies.kyverno.io~1patches" -) - -type rulePatch struct { - RuleName string `json:"rulename"` - Op string `json:"op"` - Path string `json:"path"` -} - -var operationToPastTense = map[string]string{ - "add": "added", - "remove": "removed", - "replace": "replaced", - "move": "moved", - "copy": "copied", - "test": "tested", -} - -func generateAnnotationPatches(engineResponses []*response.EngineResponse, log logr.Logger) [][]byte { - var annotations map[string]string - var patchBytes [][]byte - for _, er := range engineResponses { - if ann := er.PatchedResource.GetAnnotations(); ann != nil { - annotations = ann - break - } - } - if annotations == nil { - annotations = make(map[string]string) - } - var patchResponse jsonutils.Patch - value := annotationFromEngineResponses(engineResponses, log) - if value == nil { - // no patches or error while processing patches - return nil - } - if _, ok := annotations[strings.ReplaceAll(policyAnnotation, "~1", "/")]; ok { - // create update patch string - if _, ok := annotations["policies.kyverno.io/patches"]; ok { - patchResponse = jsonutils.NewPatch("/metadata/annotations/"+oldAnnotation, "remove", nil) - delete(annotations, "policies.kyverno.io/patches") - patchByte, _ := json.Marshal(patchResponse) - patchBytes = append(patchBytes, patchByte) - } - patchResponse = jsonutils.NewPatch("/metadata/annotations/"+policyAnnotation, "replace", string(value)) - patchByte, _ := json.Marshal(patchResponse) - patchBytes = append(patchBytes, patchByte) - } else { - // mutate rule has annotation patches - if len(annotations) > 0 { - if _, ok := annotations["policies.kyverno.io/patches"]; ok { - patchResponse = jsonutils.NewPatch("/metadata/annotations/"+oldAnnotation, "remove", nil) - delete(annotations, "policies.kyverno.io/patches") - patchByte, _ := json.Marshal(patchResponse) - patchBytes = append(patchBytes, patchByte) - } - patchResponse = jsonutils.NewPatch("/metadata/annotations/"+policyAnnotation, "add", string(value)) - patchByte, _ := json.Marshal(patchResponse) - patchBytes = append(patchBytes, patchByte) - } else { - // insert 'policies.kyverno.patches' entry in annotation map - annotations[strings.ReplaceAll(policyAnnotation, "~1", "/")] = string(value) - patchResponse = jsonutils.NewPatch("/metadata/annotations", "add", annotations) - patchByte, _ := json.Marshal(patchResponse) - patchBytes = append(patchBytes, patchByte) - } - } - for _, patchByte := range patchBytes { - err := jsonutils.CheckPatch(patchByte) - if err != nil { - log.Error(err, "failed to build JSON patch for annotation", "patch", string(patchByte)) - } - } - return patchBytes -} - -func annotationFromEngineResponses(engineResponses []*response.EngineResponse, log logr.Logger) []byte { - var annotationContent = make(map[string]string) - for _, engineResponse := range engineResponses { - if !engineResponse.IsSuccessful() { - log.V(3).Info("skip building annotation; policy failed to apply", "policy", engineResponse.PolicyResponse.Policy.Name) - continue - } - rulePatches := annotationFromPolicyResponse(engineResponse.PolicyResponse, log) - if rulePatches == nil { - continue - } - policyName := engineResponse.PolicyResponse.Policy.Name - for _, rulePatch := range rulePatches { - annotationContent[rulePatch.RuleName+"."+policyName+".kyverno.io"] = operationToPastTense[rulePatch.Op] + " " + rulePatch.Path - } - } - - // return nil if there's no patches - // otherwise result = null, len(result) = 4 - if len(annotationContent) == 0 { - return nil - } - - result, _ := yamlv2.Marshal(annotationContent) - - return result -} - -func annotationFromPolicyResponse(policyResponse response.PolicyResponse, log logr.Logger) []rulePatch { - var rulePatches []rulePatch - for _, ruleInfo := range policyResponse.Rules { - for _, patch := range ruleInfo.Patches { - var patchmap map[string]interface{} - if err := json.Unmarshal(patch, &patchmap); err != nil { - log.Error(err, "Failed to parse JSON patch bytes") - continue - } - rp := rulePatch{ - RuleName: ruleInfo.Name, - Op: patchmap["op"].(string), - Path: patchmap["path"].(string), - } - rulePatches = append(rulePatches, rp) - log.V(4).Info("annotation value prepared", "patches", rulePatches) - } - } - if len(rulePatches) == 0 { - return nil - } - return rulePatches -}