mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-04-08 10:04:25 +00:00
Code Activity

fixed generate flow (#1948)

Browse source 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
This commit is contained in:
Pooja Singh 2021-06-03 00:39:48 +05:30 committed by GitHub
parent 605d182ee3
commit d9ad564989
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
pkg/webhooks/generation.go
View file

@ -40,10 +40,7 @@ func (ws *WebhookServer) HandleGenerate(request *v1beta1.AdmissionRequest, polic
logger := ws.log.WithValues("action", "generation", "uid", request.UID, "kind", request.Kind, "namespace", request.Namespace, "name", request.Name, "operation", request.Operation, "gvk", request.Kind.String())
logger.V(4).Info("incoming request")
var engineResponses []*response.EngineResponse
if request.Operation == v1beta1.Create || request.Operation == v1beta1.Update {
if len(policies) == 0 {
return
}
if (request.Operation == v1beta1.Create || request.Operation == v1beta1.Update) && len(policies) != 0 {
// convert RAW to unstructured
new, old, err := kyvernoutils.ExtractResources(nil, request)
if err != nil {
@ -179,37 +176,39 @@ func (ws *WebhookServer) handleUpdateTargetResource(request *v1beta1.AdmissionRe
targetSourceName := newRes.GetName()
targetSourceKind := newRes.GetKind()
for _, policy := range policies {
if policy.GetName() == policyName {
for _, rule := range policy.Spec.Rules {
if rule.Generation.Kind == targetSourceKind && rule.Generation.Name == targetSourceName {
updatedRule, err := getGeneratedByResource(newRes, resLabels, ws.client, rule, logger)
policy, err := ws.kyvernoClient.KyvernoV1().ClusterPolicies().Get(contextdefault.TODO(), policyName, metav1.GetOptions{})
if err != nil {
logger.Error(err, "failed to get policy from kyverno client.", "policy name", policyName)
return
}
for _, rule := range policy.Spec.Rules {
if rule.Generation.Kind == targetSourceKind && rule.Generation.Name == targetSourceName {
updatedRule, err := getGeneratedByResource(newRes, resLabels, ws.client, rule, logger)
if err != nil {
logger.V(4).Info("skipping generate policy and resource pattern validaton", "error", err)
} else {
data := updatedRule.Generation.DeepCopy().Data
if data != nil {
if _, err := gen.ValidateResourceWithPattern(logger, newRes.Object, data); err != nil {
enqueueBool = true
break
}
}
cloneName := updatedRule.Generation.Clone.Name
if cloneName != "" {
obj, err := ws.client.GetResource("", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name)
if err != nil {
logger.V(4).Info("skipping generate policy and resource pattern validaton", "error", err)
} else {
data := updatedRule.Generation.DeepCopy().Data
if data != nil {
if _, err := gen.ValidateResourceWithPattern(logger, newRes.Object, data); err != nil {
enqueueBool = true
break
}
}
logger.Error(err, fmt.Sprintf("source resource %s/%s/%s not found.", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name))
continue
}
cloneName := updatedRule.Generation.Clone.Name
if cloneName != "" {
obj, err := ws.client.GetResource("", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name)
if err != nil {
logger.Error(err, fmt.Sprintf("source resource %s/%s/%s not found.", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name))
continue
}
sourceObj, newResObj := stripNonPolicyFields(obj.Object, newRes.Object, logger)
sourceObj, newResObj := stripNonPolicyFields(obj.Object, newRes.Object, logger)
if _, err := gen.ValidateResourceWithPattern(logger, newResObj, sourceObj); err != nil {
enqueueBool = true
break
}
}
if _, err := gen.ValidateResourceWithPattern(logger, newResObj, sourceObj); err != nil {
enqueueBool = true
break
}
}
}