mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-04-08 18:15:48 +00:00
Code Activity

Merge pull request #478 from nirmata/472_update_apiversion

Browse source 
472 update apiversion
This commit is contained in:
shuting 2019-11-13 15:19:27 -08:00 committed by GitHub
commit ded0183aa2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
155 changed files with 3011 additions and 268 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -4,4 +4,3 @@ Gopkg.lock
gh-pages/public
_output
coverage.txt
kyverno

6
README.md
View file

@ -27,7 +27,7 @@ Policy enforcement is captured using Kubernetes events. Kyverno also reports pol
This policy requires that all pods have CPU and memory resource requests and limits:
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: check-cpu-memory
@ -61,7 +61,7 @@ spec:
This policy sets the imagePullPolicy to Always if the image tag is latest:
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: set-image-pull-policy
@ -89,7 +89,7 @@ spec:
This policy sets the Zookeeper and Kafka connection strings for all namespaces with a label key 'kafka'.
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: "zk-kafka-address"

6
definitions/install.yaml
View file

@ -5,7 +5,7 @@ metadata:
spec:
group: kyverno.io
versions:
- name: v1alpha1
- name: v1
served: true
storage: true
scope: Cluster
@ -230,7 +230,7 @@ metadata:
spec:
group: kyverno.io
versions:
- name: v1alpha1
- name: v1
served: true
storage: true
scope: Cluster
@ -295,7 +295,7 @@ metadata:
spec:
group: kyverno.io
versions:
- name: v1alpha1
- name: v1
served: true
storage: true
scope: Namespaced

6
definitions/install_debug.yaml
View file

@ -5,7 +5,7 @@ metadata:
spec:
group: kyverno.io
versions:
- name: v1alpha1
- name: v1
served: true
storage: true
scope: Cluster
@ -230,7 +230,7 @@ metadata:
spec:
group: kyverno.io
versions:
- name: v1alpha1
- name: v1
served: true
storage: true
scope: Cluster
@ -295,7 +295,7 @@ metadata:
spec:
group: kyverno.io
versions:
- name: v1alpha1
- name: v1
served: true
storage: true
scope: Namespaced

4
documentation/writing-policies-generate.md
View file

@ -7,7 +7,7 @@
## Example 1
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: basic-policy
@ -54,7 +54,7 @@ In this example, when this policy is applied, any new namespace that satisfies t
## Example 2
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: "default"

12
documentation/writing-policies-mutate.md
View file

@ -23,7 +23,7 @@ With Kyverno, the add and replace have the same behavior i.e. both operations wi
This patch adds an init container to all deployments.
````yaml
apiVersion : kyverno.io/v1alpha1
apiVersion : kyverno.io/v1
kind : ClusterPolicy
metadata :
name : policy-v1
@ -47,7 +47,7 @@ spec :
Here is the example of a patch that removes a label from the secret:
````yaml
apiVersion : kyverno.io/v1alpha1
apiVersion : kyverno.io/v1
kind : ClusterPolicy
metadata :
name : policy-remove-label
@ -75,7 +75,7 @@ The overlay cannot be used to delete values in a resource: use **patches** for t
The following mutation overlay will add (or replace) the memory request and limit to 10Gi for every Pod with a label ```memory: high```:
````yaml
apiVersion : kyverno.io/v1alpha1
apiVersion : kyverno.io/v1
kind : ClusterPolicy
metadata :
name : policy-change-memory-limit
@ -108,7 +108,7 @@ spec :
Applying overlays to a list type is fairly straightforward: new items will be added to the list, unless they already exist. For example, the next overlay will add IP "192.168.10.172" to all addresses in all Endpoints:
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: policy-endpoints
@ -151,7 +151,7 @@ A `conditional anchor` evaluates to `true` if the anchor tag exists and if the v
For example, this overlay will add or replace the value 6443 for the port field, for all ports with a name value that starts with "secure":
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind : ClusterPolicy
metadata :
name : policy-set-port
@ -181,7 +181,7 @@ An `add anchor` is processed as part of applying the mutation. Typically, every
For example, this overlay will set the port to 6443, if a port is not already defined:
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind : ClusterPolicy
metadata :
name : policy-set-port

6
documentation/writing-policies-validate.md
View file

@ -83,7 +83,7 @@ The following rule prevents the creation of Deployment, StatefuleSet and DaemonS
````yaml
apiVersion : kyverno.io/v1alpha1
apiVersion : kyverno.io/v1
kind : ClusterPolicy
metadata :
name : validation-example
@ -120,7 +120,7 @@ A variation of an anchor, is to check that in a list of elements at least one el
For example, this pattern will check that at least one container has memory requests and limits defined and that the request is less than the limit:
````yaml
apiVersion : kyverno.io/v1alpha1
apiVersion : kyverno.io/v1
kind : ClusterPolicy
metadata :
name : validation-example2
@ -156,7 +156,7 @@ The `anyPattern` tag can be used to check if any one of the patterns in the list
<small>*Note: either one of `pattern` or `anyPattern` is allowed in a rule, they both can't be declared in the same rule.*</small>
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: check-container-security-context

2
documentation/writing-policies.md
View file

@ -5,7 +5,7 @@
A Kyverno policy contains a set of rules. Each rule matches resources by kind, name, or selectors.
````yaml
apiVersion : kyverno.io/v1alpha1
apiVersion : kyverno.io/v1
kind : ClusterPolicy
metadata :
name : policy

16
main.go
View file

@ -98,22 +98,22 @@ func main() {
configData := config.NewConfigData(kubeClient, kubeInformer.Core().V1().ConfigMaps(), filterK8Resources)
// Policy meta-data store
policyMetaStore := policystore.NewPolicyStore(pInformer.Kyverno().V1alpha1().ClusterPolicies().Lister())
policyMetaStore := policystore.NewPolicyStore(pInformer.Kyverno().V1().ClusterPolicies().Lister())
// EVENT GENERATOR
// - generate event with retry mechanism
egen := event.NewEventGenerator(client, pInformer.Kyverno().V1alpha1().ClusterPolicies())
egen := event.NewEventGenerator(client, pInformer.Kyverno().V1().ClusterPolicies())
// POLICY VIOLATION GENERATOR
// -- generate policy violation
pvgen := policyviolation.NewPVGenerator(pclient, client, pInformer.Kyverno().V1alpha1().ClusterPolicyViolations().Lister(), pInformer.Kyverno().V1alpha1().NamespacedPolicyViolations().Lister())
pvgen := policyviolation.NewPVGenerator(pclient, client, pInformer.Kyverno().V1().ClusterPolicyViolations().Lister(), pInformer.Kyverno().V1().NamespacedPolicyViolations().Lister())
// POLICY CONTROLLER
// - reconciliation policy and policy violation
// - process policy on existing resources
// - status aggregator: recieves stats when a policy is applied
// & updates the policy status
pc, err := policy.NewPolicyController(pclient, client, pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations(), pInformer.Kyverno().V1alpha1().NamespacedPolicyViolations(), egen, kubeInformer.Admissionregistration().V1beta1().MutatingWebhookConfigurations(), webhookRegistrationClient, configData, pvgen, policyMetaStore)
pc, err := policy.NewPolicyController(pclient, client, pInformer.Kyverno().V1().ClusterPolicies(), pInformer.Kyverno().V1().ClusterPolicyViolations(), pInformer.Kyverno().V1().NamespacedPolicyViolations(), egen, kubeInformer.Admissionregistration().V1beta1().MutatingWebhookConfigurations(), webhookRegistrationClient, configData, pvgen, policyMetaStore)
if err != nil {
glog.Fatalf("error creating policy controller: %v\n", err)
}
@ -121,19 +121,19 @@ func main() {
// POLICY VIOLATION CONTROLLER
// policy violation cleanup if the corresponding resource is deleted
// status: lastUpdatTime
pvc, err := policyviolation.NewPolicyViolationController(client, pclient, pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations())
pvc, err := policyviolation.NewPolicyViolationController(client, pclient, pInformer.Kyverno().V1().ClusterPolicies(), pInformer.Kyverno().V1().ClusterPolicyViolations())
if err != nil {
glog.Fatalf("error creating cluster policy violation controller: %v\n", err)
}
nspvc, err := policyviolation.NewNamespacedPolicyViolationController(client, pclient, pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().NamespacedPolicyViolations())
nspvc, err := policyviolation.NewNamespacedPolicyViolationController(client, pclient, pInformer.Kyverno().V1().ClusterPolicies(), pInformer.Kyverno().V1().NamespacedPolicyViolations())
if err != nil {
glog.Fatalf("error creating namespaced policy violation controller: %v\n", err)
}
// GENERATE CONTROLLER
// - watches for Namespace resource and generates resource based on the policy generate rule
nsc := namespace.NewNamespaceController(pclient, client, kubeInformer.Core().V1().Namespaces(), pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations(), pc.GetPolicyStatusAggregator(), egen, configData, pvgen, policyMetaStore)
nsc := namespace.NewNamespaceController(pclient, client, kubeInformer.Core().V1().Namespaces(), pInformer.Kyverno().V1().ClusterPolicies(), pInformer.Kyverno().V1().ClusterPolicyViolations(), pc.GetPolicyStatusAggregator(), egen, configData, pvgen, policyMetaStore)
// CONFIGURE CERTIFICATES
tlsPair, err := initTLSPemPair(clientConfig, client)
@ -156,7 +156,7 @@ func main() {
// -- annotations on resources with update details on mutation JSON patches
// -- generate policy violation resource
// -- generate events on policy and resource
server, err := webhooks.NewWebhookServer(pclient, client, tlsPair, pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations(), pInformer.Kyverno().V1alpha1().NamespacedPolicyViolations(),
server, err := webhooks.NewWebhookServer(pclient, client, tlsPair, pInformer.Kyverno().V1().ClusterPolicies(), pInformer.Kyverno().V1().ClusterPolicyViolations(), pInformer.Kyverno().V1().NamespacedPolicyViolations(),
kubeInformer.Rbac().V1().RoleBindings(), kubeInformer.Rbac().V1().ClusterRoleBindings(), egen, webhookRegistrationClient, pc.GetPolicyStatusAggregator(), configData, policyMetaStore, pvgen, cleanUp)
if err != nil {
glog.Fatalf("Unable to create webhook server: %v\n", err)

4
pkg/api/kyverno/v1/doc.go Normal file
View file

@ -0,0 +1,4 @@
// +k8s:deepcopy-gen=package
// +groupName=kyverno.io
package v1

45
pkg/api/kyverno/v1/register.go Normal file
View file

@ -0,0 +1,45 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"github.com/nirmata/kyverno/pkg/api/kyverno"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: kyverno.GroupName, Version: "v1"}
// Kind takes an unqualified kind and returns back a Group qualified GroupKind
func Kind(kind string) schema.GroupKind {
return SchemeGroupVersion.WithKind(kind).GroupKind()
}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
AddToScheme = SchemeBuilder.AddToScheme
)
// Adds the list of known types to Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
// &Policy{},
// &PolicyList{},
// &PolicyViolation{},
// &PolicyViolationList{},
&ClusterPolicy{},
&ClusterPolicyList{},
&ClusterPolicyViolation{},
&ClusterPolicyViolationList{},
&NamespacedPolicyViolation{},
&NamespacedPolicyViolationList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

216
pkg/api/kyverno/v1/types.go Normal file
View file

@ -0,0 +1,216 @@
package v1
import (
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterPolicy ...
type ClusterPolicy Policy
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterPolicyList ...
type ClusterPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ClusterPolicy `json:"items"`
}
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterPolicyViolation ...
type ClusterPolicyViolation PolicyViolation
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterPolicyViolationList ...
type ClusterPolicyViolationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ClusterPolicyViolation `json:"items"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// NamespacedPolicyViolation ...
type NamespacedPolicyViolation PolicyViolation
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// NamespacedPolicyViolationList ...
type NamespacedPolicyViolationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []NamespacedPolicyViolation `json:"items"`
}
// Policy contains rules to be applied to created resources
type Policy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec Spec `json:"spec"`
Status PolicyStatus `json:"status"`
}
// Spec describes policy behavior by its rules
type Spec struct {
Rules []Rule `json:"rules"`
ValidationFailureAction string `json:"validationFailureAction"`
}
// Rule is set of mutation, validation and generation actions
// for the single resource description
type Rule struct {
Name string `json:"name"`
MatchResources MatchResources `json:"match"`
ExcludeResources ExcludeResources `json:"exclude,omitempty"`
Mutation Mutation `json:"mutate"`
Validation Validation `json:"validate"`
Generation Generation `json:"generate"`
}
//MatchResources contains resource description of the resources that the rule is to apply on
type MatchResources struct {
Roles []string `json:"roles"`
ClusterRoles []string `json:"clusterRoles"`
Subjects []rbacv1.Subject `json:"subjects"`
ResourceDescription `json:"resources"`
}
//ExcludeResources container resource description of the resources that are to be excluded from the applying the policy rule
type ExcludeResources struct {
Roles []string `json:"roles"`
ClusterRoles []string `json:"clusterRoles"`
Subjects []rbacv1.Subject `json:"subjects"`
ResourceDescription `json:"resources"`
}
// ResourceDescription describes the resource to which the PolicyRule will be applied.
type ResourceDescription struct {
Kinds []string `json:"kinds"`
Name string `json:"name"`
Namespaces []string `json:"namespaces,omitempty"`
Selector *metav1.LabelSelector `json:"selector"`
}
// Mutation describes the way how Mutating Webhook will react on resource creation
type Mutation struct {
Overlay interface{} `json:"overlay"`
Patches []Patch `json:"patches"`
}
// +k8s:deepcopy-gen=false
// Patch declares patch operation for created object according to RFC 6902
type Patch struct {
Path string `json:"path"`
Operation string `json:"op"`
Value interface{} `json:"value"`
}
// Validation describes the way how Validating Webhook will check the resource on creation
type Validation struct {
Message string `json:"message"`
Pattern interface{} `json:"pattern"`
AnyPattern []interface{} `json:"anyPattern"`
}
// Generation describes which resources will be created when other resource is created
type Generation struct {
Kind string `json:"kind"`
Name string `json:"name"`
Data interface{} `json:"data"`
Clone CloneFrom `json:"clone"`
}
// CloneFrom - location of a Secret or a ConfigMap
// which will be used as source when applying 'generate'
type CloneFrom struct {
Namespace string `json:"namespace"`
Name string `json:"name"`
}
//PolicyStatus provides status for violations
type PolicyStatus struct {
ViolationCount int `json:"violationCount"`
// Count of rules that were applied
RulesAppliedCount int `json:"rulesAppliedCount"`
// Count of resources for whom update/create api requests were blocked as the resoruce did not satisfy the policy rules
ResourcesBlockedCount int `json:"resourcesBlockedCount"`
// average time required to process the policy Mutation rules on a resource
AvgExecutionTimeMutation string `json:"averageMutationRulesExecutionTime"`
// average time required to process the policy Validation rules on a resource
AvgExecutionTimeValidation string `json:"averageValidationRulesExecutionTime"`
// average time required to process the policy Validation rules on a resource
AvgExecutionTimeGeneration string `json:"averageGenerationRulesExecutionTime"`
// statistics per rule
Rules []RuleStats `json:"ruleStatus`
}
//RuleStats provides status per rule
type RuleStats struct {
// Rule name
Name string `json:"ruleName"`
// average time require to process the rule
ExecutionTime string `json:"averageExecutionTime"`
// Count of rules that were applied
AppliedCount int `json:"appliedCount"`
// Count of rules that failed
ViolationCount int `json:"violationCount"`
// Count of mutations
MutationCount int `json:"mutationsCount"`
}
// PolicyList is a list of Policy resources
// PolicyViolation stores the information regarinding the resources for which a policy failed to apply
type PolicyViolation struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec PolicyViolationSpec `json:"spec"`
Status PolicyViolationStatus `json:"status"`
}
// PolicyViolationSpec describes policy behavior by its rules
type PolicyViolationSpec struct {
Policy string `json:"policy"`
ResourceSpec `json:"resource"`
ViolatedRules []ViolatedRule `json:"rules"`
}
// ResourceSpec information to identify the resource
type ResourceSpec struct {
Kind string `json:"kind"`
Namespace string `json:"namespace,omitempty"`
Name string `json:"name"`
}
// ViolatedRule stores the information regarding the rule
type ViolatedRule struct {
Name string `json:"name"`
Type string `json:"type"`
Message string `json:"message"`
ManagedResource ManagedResourceSpec `json:"managedResource,omitempty"`
}
type ManagedResourceSpec struct {
Kind string `json:"kind,omitempty"`
Namespace string `json:"namespace,omitempty"`
CreationBlocked bool `json:"creationBlocked,omitempty"`
}
//PolicyViolationStatus provides information regarding policyviolation status
// status:
// LastUpdateTime : the time the polivy violation was updated
type PolicyViolationStatus struct {
LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"`
//TODO: having user information regarding the owner of resource can be helpful
}

74
pkg/api/kyverno/v1/utils.go Normal file
View file

@ -0,0 +1,74 @@
package v1
import "reflect"
func (p ClusterPolicy) HasMutateOrValidate() bool {
for _, rule := range p.Spec.Rules {
if rule.HasMutate() || rule.HasValidate() {
return true
}
}
return false
}
func (r Rule) HasMutate() bool {
return !reflect.DeepEqual(r.Mutation, Mutation{})
}
func (r Rule) HasValidate() bool {
return !reflect.DeepEqual(r.Validation, Validation{})
}
func (r Rule) HasGenerate() bool {
return !reflect.DeepEqual(r.Generation, Generation{})
}
// DeepCopyInto is declared because k8s:deepcopy-gen is
// not able to generate this method for interface{} member
func (in *Mutation) DeepCopyInto(out *Mutation) {
if out != nil {
*out = *in
}
}
// DeepCopyInto is declared because k8s:deepcopy-gen is
// not able to generate this method for interface{} member
func (pp *Patch) DeepCopyInto(out *Patch) {
if out != nil {
*out = *pp
}
}
// DeepCopyInto is declared because k8s:deepcopy-gen is
// not able to generate this method for interface{} member
func (in *Validation) DeepCopyInto(out *Validation) {
if out != nil {
*out = *in
}
}
// DeepCopyInto is declared because k8s:deepcopy-gen is
// not able to generate this method for interface{} member
func (gen *Generation) DeepCopyInto(out *Generation) {
if out != nil {
*out = *gen
}
}
//ToKey generates the key string used for adding label to polivy violation
func (rs ResourceSpec) ToKey() string {
if rs.Namespace == "" {
return rs.Kind + "." + rs.Name
}
return rs.Kind + "." + rs.Namespace + "." + rs.Name
}
//BuildKey builds the key
func BuildResourceKey(kind, namespace, name string) string {
resource := ResourceSpec{
Kind: kind,
Namespace: namespace,
Name: name,
}
return resource.ToKey()
}

560
pkg/api/kyverno/v1/zz_generated.deepcopy.go Normal file
View file

@ -0,0 +1,560 @@
// +build !ignore_autogenerated
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1
import (
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CloneFrom) DeepCopyInto(out *CloneFrom) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloneFrom.
func (in *CloneFrom) DeepCopy() *CloneFrom {
if in == nil {
return nil
}
out := new(CloneFrom)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterPolicy) DeepCopyInto(out *ClusterPolicy) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicy.
func (in *ClusterPolicy) DeepCopy() *ClusterPolicy {
if in == nil {
return nil
}
out := new(ClusterPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterPolicy) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterPolicyList) DeepCopyInto(out *ClusterPolicyList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]ClusterPolicy, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyList.
func (in *ClusterPolicyList) DeepCopy() *ClusterPolicyList {
if in == nil {
return nil
}
out := new(ClusterPolicyList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterPolicyList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterPolicyViolation) DeepCopyInto(out *ClusterPolicyViolation) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyViolation.
func (in *ClusterPolicyViolation) DeepCopy() *ClusterPolicyViolation {
if in == nil {
return nil
}
out := new(ClusterPolicyViolation)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterPolicyViolation) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterPolicyViolationList) DeepCopyInto(out *ClusterPolicyViolationList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]ClusterPolicyViolation, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyViolationList.
func (in *ClusterPolicyViolationList) DeepCopy() *ClusterPolicyViolationList {
if in == nil {
return nil
}
out := new(ClusterPolicyViolationList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterPolicyViolationList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ExcludeResources) DeepCopyInto(out *ExcludeResources) {
*out = *in
if in.Roles != nil {
in, out := &in.Roles, &out.Roles
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.ClusterRoles != nil {
in, out := &in.ClusterRoles, &out.ClusterRoles
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Subjects != nil {
in, out := &in.Subjects, &out.Subjects
*out = make([]rbacv1.Subject, len(*in))
copy(*out, *in)
}
in.ResourceDescription.DeepCopyInto(&out.ResourceDescription)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludeResources.
func (in *ExcludeResources) DeepCopy() *ExcludeResources {
if in == nil {
return nil
}
out := new(ExcludeResources)
in.DeepCopyInto(out)
return out
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Generation.
func (in *Generation) DeepCopy() *Generation {
if in == nil {
return nil
}
out := new(Generation)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ManagedResourceSpec) DeepCopyInto(out *ManagedResourceSpec) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedResourceSpec.
func (in *ManagedResourceSpec) DeepCopy() *ManagedResourceSpec {
if in == nil {
return nil
}
out := new(ManagedResourceSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *MatchResources) DeepCopyInto(out *MatchResources) {
*out = *in
if in.Roles != nil {
in, out := &in.Roles, &out.Roles
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.ClusterRoles != nil {
in, out := &in.ClusterRoles, &out.ClusterRoles
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Subjects != nil {
in, out := &in.Subjects, &out.Subjects
*out = make([]rbacv1.Subject, len(*in))
copy(*out, *in)
}
in.ResourceDescription.DeepCopyInto(&out.ResourceDescription)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchResources.
func (in *MatchResources) DeepCopy() *MatchResources {
if in == nil {
return nil
}
out := new(MatchResources)
in.DeepCopyInto(out)
return out
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Mutation.
func (in *Mutation) DeepCopy() *Mutation {
if in == nil {
return nil
}
out := new(Mutation)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NamespacedPolicyViolation) DeepCopyInto(out *NamespacedPolicyViolation) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespacedPolicyViolation.
func (in *NamespacedPolicyViolation) DeepCopy() *NamespacedPolicyViolation {
if in == nil {
return nil
}
out := new(NamespacedPolicyViolation)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *NamespacedPolicyViolation) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NamespacedPolicyViolationList) DeepCopyInto(out *NamespacedPolicyViolationList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]NamespacedPolicyViolation, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespacedPolicyViolationList.
func (in *NamespacedPolicyViolationList) DeepCopy() *NamespacedPolicyViolationList {
if in == nil {
return nil
}
out := new(NamespacedPolicyViolationList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *NamespacedPolicyViolationList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Policy) DeepCopyInto(out *Policy) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
func (in *Policy) DeepCopy() *Policy {
if in == nil {
return nil
}
out := new(Policy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus) {
*out = *in
if in.Rules != nil {
in, out := &in.Rules, &out.Rules
*out = make([]RuleStats, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.
func (in *PolicyStatus) DeepCopy() *PolicyStatus {
if in == nil {
return nil
}
out := new(PolicyStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyViolation) DeepCopyInto(out *PolicyViolation) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolation.
func (in *PolicyViolation) DeepCopy() *PolicyViolation {
if in == nil {
return nil
}
out := new(PolicyViolation)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyViolationSpec) DeepCopyInto(out *PolicyViolationSpec) {
*out = *in
out.ResourceSpec = in.ResourceSpec
if in.ViolatedRules != nil {
in, out := &in.ViolatedRules, &out.ViolatedRules
*out = make([]ViolatedRule, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationSpec.
func (in *PolicyViolationSpec) DeepCopy() *PolicyViolationSpec {
if in == nil {
return nil
}
out := new(PolicyViolationSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyViolationStatus) DeepCopyInto(out *PolicyViolationStatus) {
*out = *in
in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationStatus.
func (in *PolicyViolationStatus) DeepCopy() *PolicyViolationStatus {
if in == nil {
return nil
}
out := new(PolicyViolationStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ResourceDescription) DeepCopyInto(out *ResourceDescription) {
*out = *in
if in.Kinds != nil {
in, out := &in.Kinds, &out.Kinds
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Namespaces != nil {
in, out := &in.Namespaces, &out.Namespaces
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Selector != nil {
in, out := &in.Selector, &out.Selector
*out = new(metav1.LabelSelector)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceDescription.
func (in *ResourceDescription) DeepCopy() *ResourceDescription {
if in == nil {
return nil
}
out := new(ResourceDescription)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ResourceSpec) DeepCopyInto(out *ResourceSpec) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceSpec.
func (in *ResourceSpec) DeepCopy() *ResourceSpec {
if in == nil {
return nil
}
out := new(ResourceSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Rule) DeepCopyInto(out *Rule) {
*out = *in
in.MatchResources.DeepCopyInto(&out.MatchResources)
in.ExcludeResources.DeepCopyInto(&out.ExcludeResources)
in.Mutation.DeepCopyInto(&out.Mutation)
in.Validation.DeepCopyInto(&out.Validation)
in.Generation.DeepCopyInto(&out.Generation)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (in *Rule) DeepCopy() *Rule {
if in == nil {
return nil
}
out := new(Rule)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RuleStats) DeepCopyInto(out *RuleStats) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleStats.
func (in *RuleStats) DeepCopy() *RuleStats {
if in == nil {
return nil
}
out := new(RuleStats)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Spec) DeepCopyInto(out *Spec) {
*out = *in
if in.Rules != nil {
in, out := &in.Rules, &out.Rules
*out = make([]Rule, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Spec.
func (in *Spec) DeepCopy() *Spec {
if in == nil {
return nil
}
out := new(Spec)
in.DeepCopyInto(out)
return out
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validation.
func (in *Validation) DeepCopy() *Validation {
if in == nil {
return nil
}
out := new(Validation)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ViolatedRule) DeepCopyInto(out *ViolatedRule) {
*out = *in
out.ManagedResource = in.ManagedResource
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ViolatedRule.
func (in *ViolatedRule) DeepCopy() *ViolatedRule {
if in == nil {
return nil
}
out := new(ViolatedRule)
in.DeepCopyInto(out)
return out
}

2
pkg/checker/checker.go
View file

@ -5,7 +5,7 @@ import (
"time"
"github.com/golang/glog"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
dclient "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/event"
"k8s.io/apimachinery/pkg/labels"

18
pkg/client/clientset/versioned/clientset.go
View file

@ -19,7 +19,7 @@ limitations under the License.
package versioned
import (
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
kyvernov1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest"
flowcontrol "k8s.io/client-go/util/flowcontrol"
@ -27,19 +27,19 @@ import (
type Interface interface {
Discovery() discovery.DiscoveryInterface
KyvernoV1alpha1() kyvernov1alpha1.KyvernoV1alpha1Interface
KyvernoV1() kyvernov1.KyvernoV1Interface
}
// Clientset contains the clients for groups. Each group has exactly one
// version included in a Clientset.
type Clientset struct {
*discovery.DiscoveryClient
kyvernoV1alpha1 *kyvernov1alpha1.KyvernoV1alpha1Client
kyvernoV1 *kyvernov1.KyvernoV1Client
}
// KyvernoV1alpha1 retrieves the KyvernoV1alpha1Client
func (c *Clientset) KyvernoV1alpha1() kyvernov1alpha1.KyvernoV1alpha1Interface {
return c.kyvernoV1alpha1
// KyvernoV1 retrieves the KyvernoV1Client
func (c *Clientset) KyvernoV1() kyvernov1.KyvernoV1Interface {
return c.kyvernoV1
}
// Discovery retrieves the DiscoveryClient
@ -58,7 +58,7 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
}
var cs Clientset
var err error
cs.kyvernoV1alpha1, err = kyvernov1alpha1.NewForConfig(&configShallowCopy)
cs.kyvernoV1, err = kyvernov1.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
@ -74,7 +74,7 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *Clientset {
var cs Clientset
cs.kyvernoV1alpha1 = kyvernov1alpha1.NewForConfigOrDie(c)
cs.kyvernoV1 = kyvernov1.NewForConfigOrDie(c)
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
return &cs
@ -83,7 +83,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
// New creates a new Clientset for the given RESTClient.
func New(c rest.Interface) *Clientset {
var cs Clientset
cs.kyvernoV1alpha1 = kyvernov1alpha1.New(c)
cs.kyvernoV1 = kyvernov1.New(c)
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
return &cs

10
pkg/client/clientset/versioned/fake/clientset_generated.go
View file

@ -20,8 +20,8 @@ package fake
import (
clientset "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
fakekyvernov1alpha1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake"
kyvernov1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
fakekyvernov1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1/fake"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/discovery"
@ -71,7 +71,7 @@ func (c *Clientset) Discovery() discovery.DiscoveryInterface {
var _ clientset.Interface = &Clientset{}
// KyvernoV1alpha1 retrieves the KyvernoV1alpha1Client
func (c *Clientset) KyvernoV1alpha1() kyvernov1alpha1.KyvernoV1alpha1Interface {
return &fakekyvernov1alpha1.FakeKyvernoV1alpha1{Fake: &c.Fake}
// KyvernoV1 retrieves the KyvernoV1Client
func (c *Clientset) KyvernoV1() kyvernov1.KyvernoV1Interface {
return &fakekyvernov1.FakeKyvernoV1{Fake: &c.Fake}
}

4
pkg/client/clientset/versioned/fake/register.go
View file

@ -19,7 +19,7 @@ limitations under the License.
package fake
import (
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyvernov1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -31,7 +31,7 @@ var scheme = runtime.NewScheme()
var codecs = serializer.NewCodecFactory(scheme)
var parameterCodec = runtime.NewParameterCodec(scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
kyvernov1alpha1.AddToScheme,
kyvernov1.AddToScheme,
}
// AddToScheme adds all types of this clientset into the given scheme. This allows composition

4
pkg/client/clientset/versioned/scheme/register.go
View file

@ -19,7 +19,7 @@ limitations under the License.
package scheme
import (
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyvernov1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -31,7 +31,7 @@ var Scheme = runtime.NewScheme()
var Codecs = serializer.NewCodecFactory(Scheme)
var ParameterCodec = runtime.NewParameterCodec(Scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
kyvernov1alpha1.AddToScheme,
kyvernov1.AddToScheme,
}
// AddToScheme adds all types of this clientset into the given scheme. This allows composition

180
pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicy.go Normal file
View file

@ -0,0 +1,180 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1
import (
"time"
v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
scheme "github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// ClusterPoliciesGetter has a method to return a ClusterPolicyInterface.
// A group's client should implement this interface.
type ClusterPoliciesGetter interface {
ClusterPolicies() ClusterPolicyInterface
}
// ClusterPolicyInterface has methods to work with ClusterPolicy resources.
type ClusterPolicyInterface interface {
Create(*v1.ClusterPolicy) (*v1.ClusterPolicy, error)
Update(*v1.ClusterPolicy) (*v1.ClusterPolicy, error)
UpdateStatus(*v1.ClusterPolicy) (*v1.ClusterPolicy, error)
Delete(name string, options *metav1.DeleteOptions) error
DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error
Get(name string, options metav1.GetOptions) (*v1.ClusterPolicy, error)
List(opts metav1.ListOptions) (*v1.ClusterPolicyList, error)
Watch(opts metav1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.ClusterPolicy, err error)
ClusterPolicyExpansion
}
// clusterPolicies implements ClusterPolicyInterface
type clusterPolicies struct {
client rest.Interface
}
// newClusterPolicies returns a ClusterPolicies
func newClusterPolicies(c *KyvernoV1Client) *clusterPolicies {
return &clusterPolicies{
client: c.RESTClient(),
}
}
// Get takes name of the clusterPolicy, and returns the corresponding clusterPolicy object, and an error if there is any.
func (c *clusterPolicies) Get(name string, options metav1.GetOptions) (result *v1.ClusterPolicy, err error) {
result = &v1.ClusterPolicy{}
err = c.client.Get().
Resource("clusterpolicies").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of ClusterPolicies that match those selectors.
func (c *clusterPolicies) List(opts metav1.ListOptions) (result *v1.ClusterPolicyList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1.ClusterPolicyList{}
err = c.client.Get().
Resource("clusterpolicies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested clusterPolicies.
func (c *clusterPolicies) Watch(opts metav1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Resource("clusterpolicies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch()
}
// Create takes the representation of a clusterPolicy and creates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
func (c *clusterPolicies) Create(clusterPolicy *v1.ClusterPolicy) (result *v1.ClusterPolicy, err error) {
result = &v1.ClusterPolicy{}
err = c.client.Post().
Resource("clusterpolicies").
Body(clusterPolicy).
Do().
Into(result)
return
}
// Update takes the representation of a clusterPolicy and updates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
func (c *clusterPolicies) Update(clusterPolicy *v1.ClusterPolicy) (result *v1.ClusterPolicy, err error) {
result = &v1.ClusterPolicy{}
err = c.client.Put().
Resource("clusterpolicies").
Name(clusterPolicy.Name).
Body(clusterPolicy).
Do().
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *clusterPolicies) UpdateStatus(clusterPolicy *v1.ClusterPolicy) (result *v1.ClusterPolicy, err error) {
result = &v1.ClusterPolicy{}
err = c.client.Put().
Resource("clusterpolicies").
Name(clusterPolicy.Name).
SubResource("status").
Body(clusterPolicy).
Do().
Into(result)
return
}
// Delete takes name of the clusterPolicy and deletes it. Returns an error if one occurs.
func (c *clusterPolicies) Delete(name string, options *metav1.DeleteOptions) error {
return c.client.Delete().
Resource("clusterpolicies").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *clusterPolicies) DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error {
var timeout time.Duration
if listOptions.TimeoutSeconds != nil {
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("clusterpolicies").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched clusterPolicy.
func (c *clusterPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.ClusterPolicy, err error) {
result = &v1.ClusterPolicy{}
err = c.client.Patch(pt).
Resource("clusterpolicies").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

180
pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicyviolation.go Normal file
View file

@ -0,0 +1,180 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1
import (
"time"
v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
scheme "github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// ClusterPolicyViolationsGetter has a method to return a ClusterPolicyViolationInterface.
// A group's client should implement this interface.
type ClusterPolicyViolationsGetter interface {
ClusterPolicyViolations() ClusterPolicyViolationInterface
}
// ClusterPolicyViolationInterface has methods to work with ClusterPolicyViolation resources.
type ClusterPolicyViolationInterface interface {
Create(*v1.ClusterPolicyViolation) (*v1.ClusterPolicyViolation, error)
Update(*v1.ClusterPolicyViolation) (*v1.ClusterPolicyViolation, error)
UpdateStatus(*v1.ClusterPolicyViolation) (*v1.ClusterPolicyViolation, error)
Delete(name string, options *metav1.DeleteOptions) error
DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error
Get(name string, options metav1.GetOptions) (*v1.ClusterPolicyViolation, error)
List(opts metav1.ListOptions) (*v1.ClusterPolicyViolationList, error)
Watch(opts metav1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.ClusterPolicyViolation, err error)
ClusterPolicyViolationExpansion
}
// clusterPolicyViolations implements ClusterPolicyViolationInterface
type clusterPolicyViolations struct {
client rest.Interface
}
// newClusterPolicyViolations returns a ClusterPolicyViolations
func newClusterPolicyViolations(c *KyvernoV1Client) *clusterPolicyViolations {
return &clusterPolicyViolations{
client: c.RESTClient(),
}
}
// Get takes name of the clusterPolicyViolation, and returns the corresponding clusterPolicyViolation object, and an error if there is any.
func (c *clusterPolicyViolations) Get(name string, options metav1.GetOptions) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Get().
Resource("clusterpolicyviolations").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of ClusterPolicyViolations that match those selectors.
func (c *clusterPolicyViolations) List(opts metav1.ListOptions) (result *v1.ClusterPolicyViolationList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1.ClusterPolicyViolationList{}
err = c.client.Get().
Resource("clusterpolicyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested clusterPolicyViolations.
func (c *clusterPolicyViolations) Watch(opts metav1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Resource("clusterpolicyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch()
}
// Create takes the representation of a clusterPolicyViolation and creates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *clusterPolicyViolations) Create(clusterPolicyViolation *v1.ClusterPolicyViolation) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Post().
Resource("clusterpolicyviolations").
Body(clusterPolicyViolation).
Do().
Into(result)
return
}
// Update takes the representation of a clusterPolicyViolation and updates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *clusterPolicyViolations) Update(clusterPolicyViolation *v1.ClusterPolicyViolation) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Put().
Resource("clusterpolicyviolations").
Name(clusterPolicyViolation.Name).
Body(clusterPolicyViolation).
Do().
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *clusterPolicyViolations) UpdateStatus(clusterPolicyViolation *v1.ClusterPolicyViolation) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Put().
Resource("clusterpolicyviolations").
Name(clusterPolicyViolation.Name).
SubResource("status").
Body(clusterPolicyViolation).
Do().
Into(result)
return
}
// Delete takes name of the clusterPolicyViolation and deletes it. Returns an error if one occurs.
func (c *clusterPolicyViolations) Delete(name string, options *metav1.DeleteOptions) error {
return c.client.Delete().
Resource("clusterpolicyviolations").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *clusterPolicyViolations) DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error {
var timeout time.Duration
if listOptions.TimeoutSeconds != nil {
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("clusterpolicyviolations").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched clusterPolicyViolation.
func (c *clusterPolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Patch(pt).
Resource("clusterpolicyviolations").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

20
pkg/client/clientset/versioned/typed/kyverno/v1/doc.go Normal file
View file

@ -0,0 +1,20 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
package v1

20
pkg/client/clientset/versioned/typed/kyverno/v1/fake/doc.go Normal file
View file

@ -0,0 +1,20 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// Package fake has the automatically generated clients.
package fake

131
pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicy.go Normal file
View file

@ -0,0 +1,131 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
kyvernov1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeClusterPolicies implements ClusterPolicyInterface
type FakeClusterPolicies struct {
Fake *FakeKyvernoV1
}
var clusterpoliciesResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1", Resource: "clusterpolicies"}
var clusterpoliciesKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "ClusterPolicy"}
// Get takes name of the clusterPolicy, and returns the corresponding clusterPolicy object, and an error if there is any.
func (c *FakeClusterPolicies) Get(name string, options v1.GetOptions) (result *kyvernov1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(clusterpoliciesResource, name), &kyvernov1.ClusterPolicy{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicy), err
}
// List takes label and field selectors, and returns the list of ClusterPolicies that match those selectors.
func (c *FakeClusterPolicies) List(opts v1.ListOptions) (result *kyvernov1.ClusterPolicyList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(clusterpoliciesResource, clusterpoliciesKind, opts), &kyvernov1.ClusterPolicyList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &kyvernov1.ClusterPolicyList{ListMeta: obj.(*kyvernov1.ClusterPolicyList).ListMeta}
for _, item := range obj.(*kyvernov1.ClusterPolicyList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested clusterPolicies.
func (c *FakeClusterPolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(clusterpoliciesResource, opts))
}
// Create takes the representation of a clusterPolicy and creates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
func (c *FakeClusterPolicies) Create(clusterPolicy *kyvernov1.ClusterPolicy) (result *kyvernov1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(clusterpoliciesResource, clusterPolicy), &kyvernov1.ClusterPolicy{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicy), err
}
// Update takes the representation of a clusterPolicy and updates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
func (c *FakeClusterPolicies) Update(clusterPolicy *kyvernov1.ClusterPolicy) (result *kyvernov1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(clusterpoliciesResource, clusterPolicy), &kyvernov1.ClusterPolicy{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicy), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeClusterPolicies) UpdateStatus(clusterPolicy *kyvernov1.ClusterPolicy) (*kyvernov1.ClusterPolicy, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(clusterpoliciesResource, "status", clusterPolicy), &kyvernov1.ClusterPolicy{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicy), err
}
// Delete takes name of the clusterPolicy and deletes it. Returns an error if one occurs.
func (c *FakeClusterPolicies) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(clusterpoliciesResource, name), &kyvernov1.ClusterPolicy{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeClusterPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(clusterpoliciesResource, listOptions)
_, err := c.Fake.Invokes(action, &kyvernov1.ClusterPolicyList{})
return err
}
// Patch applies the patch and returns the patched clusterPolicy.
func (c *FakeClusterPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kyvernov1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(clusterpoliciesResource, name, pt, data, subresources...), &kyvernov1.ClusterPolicy{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicy), err
}

131
pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicyviolation.go Normal file
View file

@ -0,0 +1,131 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
kyvernov1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeClusterPolicyViolations implements ClusterPolicyViolationInterface
type FakeClusterPolicyViolations struct {
Fake *FakeKyvernoV1
}
var clusterpolicyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1", Resource: "clusterpolicyviolations"}
var clusterpolicyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "ClusterPolicyViolation"}
// Get takes name of the clusterPolicyViolation, and returns the corresponding clusterPolicyViolation object, and an error if there is any.
func (c *FakeClusterPolicyViolations) Get(name string, options v1.GetOptions) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(clusterpolicyviolationsResource, name), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicyViolation), err
}
// List takes label and field selectors, and returns the list of ClusterPolicyViolations that match those selectors.
func (c *FakeClusterPolicyViolations) List(opts v1.ListOptions) (result *kyvernov1.ClusterPolicyViolationList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(clusterpolicyviolationsResource, clusterpolicyviolationsKind, opts), &kyvernov1.ClusterPolicyViolationList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &kyvernov1.ClusterPolicyViolationList{ListMeta: obj.(*kyvernov1.ClusterPolicyViolationList).ListMeta}
for _, item := range obj.(*kyvernov1.ClusterPolicyViolationList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested clusterPolicyViolations.
func (c *FakeClusterPolicyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(clusterpolicyviolationsResource, opts))
}
// Create takes the representation of a clusterPolicyViolation and creates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *FakeClusterPolicyViolations) Create(clusterPolicyViolation *kyvernov1.ClusterPolicyViolation) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(clusterpolicyviolationsResource, clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicyViolation), err
}
// Update takes the representation of a clusterPolicyViolation and updates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *FakeClusterPolicyViolations) Update(clusterPolicyViolation *kyvernov1.ClusterPolicyViolation) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(clusterpolicyviolationsResource, clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicyViolation), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeClusterPolicyViolations) UpdateStatus(clusterPolicyViolation *kyvernov1.ClusterPolicyViolation) (*kyvernov1.ClusterPolicyViolation, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(clusterpolicyviolationsResource, "status", clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicyViolation), err
}
// Delete takes name of the clusterPolicyViolation and deletes it. Returns an error if one occurs.
func (c *FakeClusterPolicyViolations) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(clusterpolicyviolationsResource, name), &kyvernov1.ClusterPolicyViolation{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeClusterPolicyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(clusterpolicyviolationsResource, listOptions)
_, err := c.Fake.Invokes(action, &kyvernov1.ClusterPolicyViolationList{})
return err
}
// Patch applies the patch and returns the patched clusterPolicyViolation.
func (c *FakeClusterPolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyviolationsResource, name, pt, data, subresources...), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.ClusterPolicyViolation), err
}

48
pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_kyverno_client.go Normal file
View file

@ -0,0 +1,48 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)
type FakeKyvernoV1 struct {
*testing.Fake
}
func (c *FakeKyvernoV1) ClusterPolicies() v1.ClusterPolicyInterface {
return &FakeClusterPolicies{c}
}
func (c *FakeKyvernoV1) ClusterPolicyViolations() v1.ClusterPolicyViolationInterface {
return &FakeClusterPolicyViolations{c}
}
func (c *FakeKyvernoV1) NamespacedPolicyViolations(namespace string) v1.NamespacedPolicyViolationInterface {
return &FakeNamespacedPolicyViolations{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeKyvernoV1) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}

140
pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_namespacedpolicyviolation.go Normal file
View file

@ -0,0 +1,140 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
kyvernov1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeNamespacedPolicyViolations implements NamespacedPolicyViolationInterface
type FakeNamespacedPolicyViolations struct {
Fake *FakeKyvernoV1
ns string
}
var namespacedpolicyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1", Resource: "namespacedpolicyviolations"}
var namespacedpolicyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "NamespacedPolicyViolation"}
// Get takes name of the namespacedPolicyViolation, and returns the corresponding namespacedPolicyViolation object, and an error if there is any.
func (c *FakeNamespacedPolicyViolations) Get(name string, options v1.GetOptions) (result *kyvernov1.NamespacedPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(namespacedpolicyviolationsResource, c.ns, name), &kyvernov1.NamespacedPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.NamespacedPolicyViolation), err
}
// List takes label and field selectors, and returns the list of NamespacedPolicyViolations that match those selectors.
func (c *FakeNamespacedPolicyViolations) List(opts v1.ListOptions) (result *kyvernov1.NamespacedPolicyViolationList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(namespacedpolicyviolationsResource, namespacedpolicyviolationsKind, c.ns, opts), &kyvernov1.NamespacedPolicyViolationList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &kyvernov1.NamespacedPolicyViolationList{ListMeta: obj.(*kyvernov1.NamespacedPolicyViolationList).ListMeta}
for _, item := range obj.(*kyvernov1.NamespacedPolicyViolationList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested namespacedPolicyViolations.
func (c *FakeNamespacedPolicyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(namespacedpolicyviolationsResource, c.ns, opts))
}
// Create takes the representation of a namespacedPolicyViolation and creates it. Returns the server's representation of the namespacedPolicyViolation, and an error, if there is any.
func (c *FakeNamespacedPolicyViolations) Create(namespacedPolicyViolation *kyvernov1.NamespacedPolicyViolation) (result *kyvernov1.NamespacedPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(namespacedpolicyviolationsResource, c.ns, namespacedPolicyViolation), &kyvernov1.NamespacedPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.NamespacedPolicyViolation), err
}
// Update takes the representation of a namespacedPolicyViolation and updates it. Returns the server's representation of the namespacedPolicyViolation, and an error, if there is any.
func (c *FakeNamespacedPolicyViolations) Update(namespacedPolicyViolation *kyvernov1.NamespacedPolicyViolation) (result *kyvernov1.NamespacedPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(namespacedpolicyviolationsResource, c.ns, namespacedPolicyViolation), &kyvernov1.NamespacedPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.NamespacedPolicyViolation), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeNamespacedPolicyViolations) UpdateStatus(namespacedPolicyViolation *kyvernov1.NamespacedPolicyViolation) (*kyvernov1.NamespacedPolicyViolation, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(namespacedpolicyviolationsResource, "status", c.ns, namespacedPolicyViolation), &kyvernov1.NamespacedPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.NamespacedPolicyViolation), err
}
// Delete takes name of the namespacedPolicyViolation and deletes it. Returns an error if one occurs.
func (c *FakeNamespacedPolicyViolations) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(namespacedpolicyviolationsResource, c.ns, name), &kyvernov1.NamespacedPolicyViolation{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeNamespacedPolicyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(namespacedpolicyviolationsResource, c.ns, listOptions)
_, err := c.Fake.Invokes(action, &kyvernov1.NamespacedPolicyViolationList{})
return err
}
// Patch applies the patch and returns the patched namespacedPolicyViolation.
func (c *FakeNamespacedPolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kyvernov1.NamespacedPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(namespacedpolicyviolationsResource, c.ns, name, pt, data, subresources...), &kyvernov1.NamespacedPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*kyvernov1.NamespacedPolicyViolation), err
}

25
pkg/client/clientset/versioned/typed/kyverno/v1/generated_expansion.go Normal file
View file

@ -0,0 +1,25 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1
type ClusterPolicyExpansion interface{}
type ClusterPolicyViolationExpansion interface{}
type NamespacedPolicyViolationExpansion interface{}

100
pkg/client/clientset/versioned/typed/kyverno/v1/kyverno_client.go Normal file
View file

@ -0,0 +1,100 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1
import (
v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
serializer "k8s.io/apimachinery/pkg/runtime/serializer"
rest "k8s.io/client-go/rest"
)
type KyvernoV1Interface interface {
RESTClient() rest.Interface
ClusterPoliciesGetter
ClusterPolicyViolationsGetter
NamespacedPolicyViolationsGetter
}
// KyvernoV1Client is used to interact with features provided by the kyverno.io group.
type KyvernoV1Client struct {
restClient rest.Interface
}
func (c *KyvernoV1Client) ClusterPolicies() ClusterPolicyInterface {
return newClusterPolicies(c)
}
func (c *KyvernoV1Client) ClusterPolicyViolations() ClusterPolicyViolationInterface {
return newClusterPolicyViolations(c)
}
func (c *KyvernoV1Client) NamespacedPolicyViolations(namespace string) NamespacedPolicyViolationInterface {
return newNamespacedPolicyViolations(c, namespace)
}
// NewForConfig creates a new KyvernoV1Client for the given config.
func NewForConfig(c *rest.Config) (*KyvernoV1Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
client, err := rest.RESTClientFor(&config)
if err != nil {
return nil, err
}
return &KyvernoV1Client{client}, nil
}
// NewForConfigOrDie creates a new KyvernoV1Client for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *KyvernoV1Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
}
return client
}
// New creates a new KyvernoV1Client for the given RESTClient.
func New(c rest.Interface) *KyvernoV1Client {
return &KyvernoV1Client{c}
}
func setConfigDefaults(config *rest.Config) error {
gv := v1.SchemeGroupVersion
config.GroupVersion = &gv
config.APIPath = "/apis"
config.NegotiatedSerializer = serializer.DirectCodecFactory{CodecFactory: scheme.Codecs}
if config.UserAgent == "" {
config.UserAgent = rest.DefaultKubernetesUserAgent()
}
return nil
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *KyvernoV1Client) RESTClient() rest.Interface {
if c == nil {
return nil
}
return c.restClient
}

191
pkg/client/clientset/versioned/typed/kyverno/v1/namespacedpolicyviolation.go Normal file
View file

@ -0,0 +1,191 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1
import (
"time"
v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
scheme "github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// NamespacedPolicyViolationsGetter has a method to return a NamespacedPolicyViolationInterface.
// A group's client should implement this interface.
type NamespacedPolicyViolationsGetter interface {
NamespacedPolicyViolations(namespace string) NamespacedPolicyViolationInterface
}
// NamespacedPolicyViolationInterface has methods to work with NamespacedPolicyViolation resources.
type NamespacedPolicyViolationInterface interface {
Create(*v1.NamespacedPolicyViolation) (*v1.NamespacedPolicyViolation, error)
Update(*v1.NamespacedPolicyViolation) (*v1.NamespacedPolicyViolation, error)
UpdateStatus(*v1.NamespacedPolicyViolation) (*v1.NamespacedPolicyViolation, error)
Delete(name string, options *metav1.DeleteOptions) error
DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error
Get(name string, options metav1.GetOptions) (*v1.NamespacedPolicyViolation, error)
List(opts metav1.ListOptions) (*v1.NamespacedPolicyViolationList, error)
Watch(opts metav1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.NamespacedPolicyViolation, err error)
NamespacedPolicyViolationExpansion
}
// namespacedPolicyViolations implements NamespacedPolicyViolationInterface
type namespacedPolicyViolations struct {
client rest.Interface
ns string
}
// newNamespacedPolicyViolations returns a NamespacedPolicyViolations
func newNamespacedPolicyViolations(c *KyvernoV1Client, namespace string) *namespacedPolicyViolations {
return &namespacedPolicyViolations{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the namespacedPolicyViolation, and returns the corresponding namespacedPolicyViolation object, and an error if there is any.
func (c *namespacedPolicyViolations) Get(name string, options metav1.GetOptions) (result *v1.NamespacedPolicyViolation, err error) {
result = &v1.NamespacedPolicyViolation{}
err = c.client.Get().
Namespace(c.ns).
Resource("namespacedpolicyviolations").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of NamespacedPolicyViolations that match those selectors.
func (c *namespacedPolicyViolations) List(opts metav1.ListOptions) (result *v1.NamespacedPolicyViolationList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1.NamespacedPolicyViolationList{}
err = c.client.Get().
Namespace(c.ns).
Resource("namespacedpolicyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested namespacedPolicyViolations.
func (c *namespacedPolicyViolations) Watch(opts metav1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("namespacedpolicyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch()
}
// Create takes the representation of a namespacedPolicyViolation and creates it. Returns the server's representation of the namespacedPolicyViolation, and an error, if there is any.
func (c *namespacedPolicyViolations) Create(namespacedPolicyViolation *v1.NamespacedPolicyViolation) (result *v1.NamespacedPolicyViolation, err error) {
result = &v1.NamespacedPolicyViolation{}
err = c.client.Post().
Namespace(c.ns).
Resource("namespacedpolicyviolations").
Body(namespacedPolicyViolation).
Do().
Into(result)
return
}
// Update takes the representation of a namespacedPolicyViolation and updates it. Returns the server's representation of the namespacedPolicyViolation, and an error, if there is any.
func (c *namespacedPolicyViolations) Update(namespacedPolicyViolation *v1.NamespacedPolicyViolation) (result *v1.NamespacedPolicyViolation, err error) {
result = &v1.NamespacedPolicyViolation{}
err = c.client.Put().
Namespace(c.ns).
Resource("namespacedpolicyviolations").
Name(namespacedPolicyViolation.Name).
Body(namespacedPolicyViolation).
Do().
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *namespacedPolicyViolations) UpdateStatus(namespacedPolicyViolation *v1.NamespacedPolicyViolation) (result *v1.NamespacedPolicyViolation, err error) {
result = &v1.NamespacedPolicyViolation{}
err = c.client.Put().
Namespace(c.ns).
Resource("namespacedpolicyviolations").
Name(namespacedPolicyViolation.Name).
SubResource("status").
Body(namespacedPolicyViolation).
Do().
Into(result)
return
}
// Delete takes name of the namespacedPolicyViolation and deletes it. Returns an error if one occurs.
func (c *namespacedPolicyViolations) Delete(name string, options *metav1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("namespacedpolicyviolations").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *namespacedPolicyViolations) DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error {
var timeout time.Duration
if listOptions.TimeoutSeconds != nil {
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("namespacedpolicyviolations").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched namespacedPolicyViolation.
func (c *namespacedPolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.NamespacedPolicyViolation, err error) {
result = &v1.NamespacedPolicyViolation{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("namespacedpolicyviolations").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

16
pkg/client/informers/externalversions/generic.go
View file

@ -21,7 +21,7 @@ package externalversions
import (
"fmt"
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
schema "k8s.io/apimachinery/pkg/runtime/schema"
cache "k8s.io/client-go/tools/cache"
)
@ -52,13 +52,13 @@ func (f *genericInformer) Lister() cache.GenericLister {
// TODO extend this to unknown resources with a client pool
func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) {
switch resource {
// Group=kyverno.io, Version=v1alpha1
case v1alpha1.SchemeGroupVersion.WithResource("clusterpolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha1().ClusterPolicies().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("clusterpolicyviolations"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha1().ClusterPolicyViolations().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("namespacedpolicyviolations"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha1().NamespacedPolicyViolations().Informer()}, nil
// Group=kyverno.io, Version=v1
case v1.SchemeGroupVersion.WithResource("clusterpolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().ClusterPolicies().Informer()}, nil
case v1.SchemeGroupVersion.WithResource("clusterpolicyviolations"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().ClusterPolicyViolations().Informer()}, nil
case v1.SchemeGroupVersion.WithResource("namespacedpolicyviolations"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().NamespacedPolicyViolations().Informer()}, nil
}

12
pkg/client/informers/externalversions/kyverno/interface.go
View file

@ -20,13 +20,13 @@ package kyverno
import (
internalinterfaces "github.com/nirmata/kyverno/pkg/client/informers/externalversions/internalinterfaces"
v1alpha1 "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
v1 "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
)
// Interface provides access to each of this group's versions.
type Interface interface {
// V1alpha1 provides access to shared informers for resources in V1alpha1.
V1alpha1() v1alpha1.Interface
// V1 provides access to shared informers for resources in V1.
V1() v1.Interface
}
type group struct {
@ -40,7 +40,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// V1alpha1 returns a new v1alpha1.Interface.
func (g *group) V1alpha1() v1alpha1.Interface {
return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
// V1 returns a new v1.Interface.
func (g *group) V1() v1.Interface {
return v1.New(g.factory, g.namespace, g.tweakListOptions)
}

88
pkg/client/informers/externalversions/kyverno/v1/clusterpolicy.go Normal file
View file

@ -0,0 +1,88 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1
import (
time "time"
kyvernov1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
versioned "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/nirmata/kyverno/pkg/client/informers/externalversions/internalinterfaces"
v1 "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// ClusterPolicyInformer provides access to a shared informer and lister for
// ClusterPolicies.
type ClusterPolicyInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1.ClusterPolicyLister
}
type clusterPolicyInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// NewClusterPolicyInformer constructs a new informer for ClusterPolicy type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewClusterPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredClusterPolicyInformer(client, resyncPeriod, indexers, nil)
}
// NewFilteredClusterPolicyInformer constructs a new informer for ClusterPolicy type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredClusterPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().ClusterPolicies().List(options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().ClusterPolicies().Watch(options)
},
},
&kyvernov1.ClusterPolicy{},
resyncPeriod,
indexers,
)
}
func (f *clusterPolicyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredClusterPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *clusterPolicyInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1.ClusterPolicy{}, f.defaultInformer)
}
func (f *clusterPolicyInformer) Lister() v1.ClusterPolicyLister {
return v1.NewClusterPolicyLister(f.Informer().GetIndexer())
}

88
pkg/client/informers/externalversions/kyverno/v1/clusterpolicyviolation.go Normal file
View file

@ -0,0 +1,88 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1
import (
time "time"
kyvernov1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
versioned "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/nirmata/kyverno/pkg/client/informers/externalversions/internalinterfaces"
v1 "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// ClusterPolicyViolationInformer provides access to a shared informer and lister for
// ClusterPolicyViolations.
type ClusterPolicyViolationInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1.ClusterPolicyViolationLister
}
type clusterPolicyViolationInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// NewClusterPolicyViolationInformer constructs a new informer for ClusterPolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewClusterPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredClusterPolicyViolationInformer(client, resyncPeriod, indexers, nil)
}
// NewFilteredClusterPolicyViolationInformer constructs a new informer for ClusterPolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredClusterPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().ClusterPolicyViolations().List(options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().ClusterPolicyViolations().Watch(options)
},
},
&kyvernov1.ClusterPolicyViolation{},
resyncPeriod,
indexers,
)
}
func (f *clusterPolicyViolationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredClusterPolicyViolationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *clusterPolicyViolationInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1.ClusterPolicyViolation{}, f.defaultInformer)
}
func (f *clusterPolicyViolationInformer) Lister() v1.ClusterPolicyViolationLister {
return v1.NewClusterPolicyViolationLister(f.Informer().GetIndexer())
}

59
pkg/client/informers/externalversions/kyverno/v1/interface.go Normal file
View file

@ -0,0 +1,59 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1
import (
internalinterfaces "github.com/nirmata/kyverno/pkg/client/informers/externalversions/internalinterfaces"
)
// Interface provides access to all the informers in this group version.
type Interface interface {
// ClusterPolicies returns a ClusterPolicyInformer.
ClusterPolicies() ClusterPolicyInformer
// ClusterPolicyViolations returns a ClusterPolicyViolationInformer.
ClusterPolicyViolations() ClusterPolicyViolationInformer
// NamespacedPolicyViolations returns a NamespacedPolicyViolationInformer.
NamespacedPolicyViolations() NamespacedPolicyViolationInformer
}
type version struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// ClusterPolicies returns a ClusterPolicyInformer.
func (v *version) ClusterPolicies() ClusterPolicyInformer {
return &clusterPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
// ClusterPolicyViolations returns a ClusterPolicyViolationInformer.
func (v *version) ClusterPolicyViolations() ClusterPolicyViolationInformer {
return &clusterPolicyViolationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
// NamespacedPolicyViolations returns a NamespacedPolicyViolationInformer.
func (v *version) NamespacedPolicyViolations() NamespacedPolicyViolationInformer {
return &namespacedPolicyViolationInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

89
pkg/client/informers/externalversions/kyverno/v1/namespacedpolicyviolation.go Normal file
View file

@ -0,0 +1,89 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1
import (
time "time"
kyvernov1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
versioned "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/nirmata/kyverno/pkg/client/informers/externalversions/internalinterfaces"
v1 "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// NamespacedPolicyViolationInformer provides access to a shared informer and lister for
// NamespacedPolicyViolations.
type NamespacedPolicyViolationInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1.NamespacedPolicyViolationLister
}
type namespacedPolicyViolationInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewNamespacedPolicyViolationInformer constructs a new informer for NamespacedPolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewNamespacedPolicyViolationInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredNamespacedPolicyViolationInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredNamespacedPolicyViolationInformer constructs a new informer for NamespacedPolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredNamespacedPolicyViolationInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().NamespacedPolicyViolations(namespace).List(options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1().NamespacedPolicyViolations(namespace).Watch(options)
},
},
&kyvernov1.NamespacedPolicyViolation{},
resyncPeriod,
indexers,
)
}
func (f *namespacedPolicyViolationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredNamespacedPolicyViolationInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *namespacedPolicyViolationInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1.NamespacedPolicyViolation{}, f.defaultInformer)
}
func (f *namespacedPolicyViolationInformer) Lister() v1.NamespacedPolicyViolationLister {
return v1.NewNamespacedPolicyViolationLister(f.Informer().GetIndexer())
}

4
pkg/client/informers/externalversions/kyverno/v1alpha1/clusterpolicy.go
View file

@ -60,13 +60,13 @@ func NewFilteredClusterPolicyInformer(client versioned.Interface, resyncPeriod t
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().ClusterPolicies().List(options)
return client.KyvernoV1().ClusterPolicies().List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().ClusterPolicies().Watch(options)
return client.KyvernoV1().ClusterPolicies().Watch(options)
},
},
&kyvernov1alpha1.ClusterPolicy{},

4
pkg/client/informers/externalversions/kyverno/v1alpha1/clusterpolicyviolation.go
View file

@ -60,13 +60,13 @@ func NewFilteredClusterPolicyViolationInformer(client versioned.Interface, resyn
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().ClusterPolicyViolations().List(options)
return client.KyvernoV1().ClusterPolicyViolations().List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().ClusterPolicyViolations().Watch(options)
return client.KyvernoV1().ClusterPolicyViolations().Watch(options)
},
},
&kyvernov1alpha1.ClusterPolicyViolation{},

4
pkg/client/informers/externalversions/kyverno/v1alpha1/namespacedpolicyviolation.go
View file

@ -61,13 +61,13 @@ func NewFilteredNamespacedPolicyViolationInformer(client versioned.Interface, na
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().NamespacedPolicyViolations(namespace).List(options)
return client.KyvernoV1().NamespacedPolicyViolations(namespace).List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().NamespacedPolicyViolations(namespace).Watch(options)
return client.KyvernoV1().NamespacedPolicyViolations(namespace).Watch(options)
},
},
&kyvernov1alpha1.NamespacedPolicyViolation{},

65
pkg/client/listers/kyverno/v1/clusterpolicy.go Normal file
View file

@ -0,0 +1,65 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1
import (
v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// ClusterPolicyLister helps list ClusterPolicies.
type ClusterPolicyLister interface {
// List lists all ClusterPolicies in the indexer.
List(selector labels.Selector) (ret []*v1.ClusterPolicy, err error)
// Get retrieves the ClusterPolicy from the index for a given name.
Get(name string) (*v1.ClusterPolicy, error)
ClusterPolicyListerExpansion
}
// clusterPolicyLister implements the ClusterPolicyLister interface.
type clusterPolicyLister struct {
indexer cache.Indexer
}
// NewClusterPolicyLister returns a new ClusterPolicyLister.
func NewClusterPolicyLister(indexer cache.Indexer) ClusterPolicyLister {
return &clusterPolicyLister{indexer: indexer}
}
// List lists all ClusterPolicies in the indexer.
func (s *clusterPolicyLister) List(selector labels.Selector) (ret []*v1.ClusterPolicy, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1.ClusterPolicy))
})
return ret, err
}
// Get retrieves the ClusterPolicy from the index for a given name.
func (s *clusterPolicyLister) Get(name string) (*v1.ClusterPolicy, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1.Resource("clusterpolicy"), name)
}
return obj.(*v1.ClusterPolicy), nil
}

65
pkg/client/listers/kyverno/v1/clusterpolicyviolation.go Normal file
View file

@ -0,0 +1,65 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1
import (
v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// ClusterPolicyViolationLister helps list ClusterPolicyViolations.
type ClusterPolicyViolationLister interface {
// List lists all ClusterPolicyViolations in the indexer.
List(selector labels.Selector) (ret []*v1.ClusterPolicyViolation, err error)
// Get retrieves the ClusterPolicyViolation from the index for a given name.
Get(name string) (*v1.ClusterPolicyViolation, error)
ClusterPolicyViolationListerExpansion
}
// clusterPolicyViolationLister implements the ClusterPolicyViolationLister interface.
type clusterPolicyViolationLister struct {
indexer cache.Indexer
}
// NewClusterPolicyViolationLister returns a new ClusterPolicyViolationLister.
func NewClusterPolicyViolationLister(indexer cache.Indexer) ClusterPolicyViolationLister {
return &clusterPolicyViolationLister{indexer: indexer}
}
// List lists all ClusterPolicyViolations in the indexer.
func (s *clusterPolicyViolationLister) List(selector labels.Selector) (ret []*v1.ClusterPolicyViolation, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1.ClusterPolicyViolation))
})
return ret, err
}
// Get retrieves the ClusterPolicyViolation from the index for a given name.
func (s *clusterPolicyViolationLister) Get(name string) (*v1.ClusterPolicyViolation, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1.Resource("clusterpolicyviolation"), name)
}
return obj.(*v1.ClusterPolicyViolation), nil
}

146
pkg/client/listers/kyverno/v1/expansion_generated.go Normal file
View file

@ -0,0 +1,146 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1
import (
"fmt"
kyvernov1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
)
// ClusterPolicyListerExpansion allows custom methods to be added to
// ClusterPolicyLister.
type ClusterPolicyListerExpansion interface {
GetPolicyForPolicyViolation(pv *kyvernov1.ClusterPolicyViolation) ([]*kyvernov1.ClusterPolicy, error)
GetPolicyForNamespacedPolicyViolation(pv *kyvernov1.NamespacedPolicyViolation) ([]*kyvernov1.ClusterPolicy, error)
ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicy, err error)
}
// ClusterPolicyViolationListerExpansion allows custom methods to be added to
// ClusterPolicyViolationLister.
type ClusterPolicyViolationListerExpansion interface {
// List lists all PolicyViolations in the indexer with GVK.
ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicyViolation, err error)
}
// NamespacedPolicyViolationListerExpansion allows custom methods to be added to
// NamespacedPolicyViolationLister.
type NamespacedPolicyViolationListerExpansion interface{}
// NamespacedPolicyViolationNamespaceListerExpansion allows custom methods to be added to
// NamespacedPolicyViolationNamespaceLister.
type NamespacedPolicyViolationNamespaceListerExpansion interface{}
//ListResources is a wrapper to List and adds the resource kind information
// as the lister is specific to a gvk we can harcode the values here
func (pvl *clusterPolicyViolationLister) ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicyViolation, err error) {
policyviolations, err := pvl.List(selector)
for index := range policyviolations {
policyviolations[index].SetGroupVersionKind(kyvernov1.SchemeGroupVersion.WithKind("ClusterPolicyViolation"))
}
return policyviolations, nil
}
//ListResources is a wrapper to List and adds the resource kind information
// as the lister is specific to a gvk we can harcode the values here
func (pl *clusterPolicyLister) ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicy, err error) {
policies, err := pl.List(selector)
for index := range policies {
policies[index].SetGroupVersionKind(kyvernov1.SchemeGroupVersion.WithKind("ClusterPolicy"))
}
return policies, err
}
func (pl *clusterPolicyLister) GetPolicyForPolicyViolation(pv *kyvernov1.ClusterPolicyViolation) ([]*kyvernov1.ClusterPolicy, error) {
if len(pv.Labels) == 0 {
return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name)
}
pList, err := pl.List(labels.Everything())
if err != nil {
return nil, err
}
var policies []*kyvernov1.ClusterPolicy
for _, p := range pList {
policyLabelmap := map[string]string{"policy": p.Name}
ls := &metav1.LabelSelector{}
err = metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&policyLabelmap, ls, nil)
if err != nil {
return nil, fmt.Errorf("failed to generate label sector of Policy name %s: %v", p.Name, err)
}
selector, err := metav1.LabelSelectorAsSelector(ls)
if err != nil {
return nil, fmt.Errorf("invalid label selector: %v", err)
}
// If a policy with a nil or empty selector creeps in, it should match nothing, not everything.
if selector.Empty() || !selector.Matches(labels.Set(pv.Labels)) {
continue
}
policies = append(policies, p)
}
if len(policies) == 0 {
return nil, fmt.Errorf("could not find Policy set for PolicyViolation %s with labels: %v", pv.Name, pv.Labels)
}
return policies, nil
}
func (pl *clusterPolicyLister) GetPolicyForNamespacedPolicyViolation(pv *kyvernov1.NamespacedPolicyViolation) ([]*kyvernov1.ClusterPolicy, error) {
if len(pv.Labels) == 0 {
return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name)
}
pList, err := pl.List(labels.Everything())
if err != nil {
return nil, err
}
var policies []*kyvernov1.ClusterPolicy
for _, p := range pList {
policyLabelmap := map[string]string{"policy": p.Name}
ls := &metav1.LabelSelector{}
err = metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&policyLabelmap, ls, nil)
if err != nil {
return nil, fmt.Errorf("failed to generate label sector of Policy name %s: %v", p.Name, err)
}
selector, err := metav1.LabelSelectorAsSelector(ls)
if err != nil {
return nil, fmt.Errorf("invalid label selector: %v", err)
}
// If a policy with a nil or empty selector creeps in, it should match nothing, not everything.
if selector.Empty() || !selector.Matches(labels.Set(pv.Labels)) {
continue
}
policies = append(policies, p)
}
if len(policies) == 0 {
return nil, fmt.Errorf("could not find Policy set for Namespaced policy Violation %s with labels: %v", pv.Name, pv.Labels)
}
return policies, nil
}

94
pkg/client/listers/kyverno/v1/namespacedpolicyviolation.go Normal file
View file

@ -0,0 +1,94 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1
import (
v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// NamespacedPolicyViolationLister helps list NamespacedPolicyViolations.
type NamespacedPolicyViolationLister interface {
// List lists all NamespacedPolicyViolations in the indexer.
List(selector labels.Selector) (ret []*v1.NamespacedPolicyViolation, err error)
// NamespacedPolicyViolations returns an object that can list and get NamespacedPolicyViolations.
NamespacedPolicyViolations(namespace string) NamespacedPolicyViolationNamespaceLister
NamespacedPolicyViolationListerExpansion
}
// namespacedPolicyViolationLister implements the NamespacedPolicyViolationLister interface.
type namespacedPolicyViolationLister struct {
indexer cache.Indexer
}
// NewNamespacedPolicyViolationLister returns a new NamespacedPolicyViolationLister.
func NewNamespacedPolicyViolationLister(indexer cache.Indexer) NamespacedPolicyViolationLister {
return &namespacedPolicyViolationLister{indexer: indexer}
}
// List lists all NamespacedPolicyViolations in the indexer.
func (s *namespacedPolicyViolationLister) List(selector labels.Selector) (ret []*v1.NamespacedPolicyViolation, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1.NamespacedPolicyViolation))
})
return ret, err
}
// NamespacedPolicyViolations returns an object that can list and get NamespacedPolicyViolations.
func (s *namespacedPolicyViolationLister) NamespacedPolicyViolations(namespace string) NamespacedPolicyViolationNamespaceLister {
return namespacedPolicyViolationNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// NamespacedPolicyViolationNamespaceLister helps list and get NamespacedPolicyViolations.
type NamespacedPolicyViolationNamespaceLister interface {
// List lists all NamespacedPolicyViolations in the indexer for a given namespace.
List(selector labels.Selector) (ret []*v1.NamespacedPolicyViolation, err error)
// Get retrieves the NamespacedPolicyViolation from the indexer for a given namespace and name.
Get(name string) (*v1.NamespacedPolicyViolation, error)
NamespacedPolicyViolationNamespaceListerExpansion
}
// namespacedPolicyViolationNamespaceLister implements the NamespacedPolicyViolationNamespaceLister
// interface.
type namespacedPolicyViolationNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all NamespacedPolicyViolations in the indexer for a given namespace.
func (s namespacedPolicyViolationNamespaceLister) List(selector labels.Selector) (ret []*v1.NamespacedPolicyViolation, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1.NamespacedPolicyViolation))
})
return ret, err
}
// Get retrieves the NamespacedPolicyViolation from the indexer for a given namespace and name.
func (s namespacedPolicyViolationNamespaceLister) Get(name string) (*v1.NamespacedPolicyViolation, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1.Resource("namespacedpolicyviolation"), name)
}
return obj.(*v1.NamespacedPolicyViolation), nil
}

14
pkg/client/listers/kyverno/v1alpha1/expansion_generated.go
View file

@ -53,7 +53,6 @@ type ClusterPolicyViolationListerExpansion interface {
// NamespacedPolicyViolationListerExpansion allows custom methods to be added to
// NamespacedPolicyViolationLister.
type NamespacedPolicyViolationListerExpansion interface {
// ListResources(selector labels.Selector) (ret []*v1alpha1.NamespacedPolicyViolation, err error)
}
// NamespacedPolicyViolationNamespaceListerExpansion allows custom methods to be added to
@ -81,19 +80,6 @@ func (pl *clusterPolicyLister) ListResources(selector labels.Selector) (ret []*v
return policies, err
}
// func (namespacepvl *namespacedPolicyViolationLister) ListResources(selector labels.Selector) (ret []*kyverno.NamespacedPolicyViolation, err error) {
// namespacepvs, err := namespacepvl.List(selector)
// if err != nil {
// return nil, err
// }
// for index := range namespacepvs {
// namespacepvs[index].SetGroupVersionKind(kyverno.SchemeGroupVersion.WithKind("NamespacedPolicyViolation"))
// }
// return namespacepvs, nil
// }
func (pl *clusterPolicyLister) GetPolicyForPolicyViolation(pv *kyverno.ClusterPolicyViolation) ([]*kyverno.ClusterPolicy, error) {
if len(pv.Labels) == 0 {
return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name)

2
pkg/dclient/client.go
View file

@ -6,7 +6,7 @@ import (
"time"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/config"
apps "k8s.io/api/apps/v1"
certificates "k8s.io/api/certificates/v1beta1"

2
pkg/dclient/client_test.go
View file

@ -3,7 +3,7 @@ package client
import (
"testing"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"

2
pkg/dclient/violation.go
View file

@ -1,7 +1,7 @@
package client
import (
kyvernov "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyvernov "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
)
//CreatePolicyViolation create a Policy Violation resource

2
pkg/engine/generation.go
View file

@ -6,7 +6,7 @@ import (
"fmt"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
client "github.com/nirmata/kyverno/pkg/dclient"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"

2
pkg/engine/overlay.go
View file

@ -12,7 +12,7 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
jsonpatch "github.com/evanphx/json-patch"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine/anchor"
)

2
pkg/engine/patches.go
View file

@ -10,7 +10,7 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
jsonpatch "github.com/evanphx/json-patch"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
)
// JoinPatches joins array of serialized JSON patches to the single JSONPatch array

2
pkg/engine/patches_test.go
View file

@ -6,7 +6,7 @@ import (
"gotest.tools/assert"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
types "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
types "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
)
const endpointsDocument string = `{

2
pkg/engine/policy/validate.go
View file

@ -7,7 +7,7 @@ import (
"regexp"
"strconv"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine/anchor"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

6
pkg/engine/policy/validate_test.go
View file

@ -4,7 +4,7 @@ import (
"encoding/json"
"testing"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"gotest.tools/assert"
)
@ -673,7 +673,7 @@ func Test_Validate_Validate_Unsupported(t *testing.T) {
func Test_Validate_Policy(t *testing.T) {
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "container-security-context"
@ -978,7 +978,7 @@ func Test_Validate_Generate_HasAnchors(t *testing.T) {
func Test_Validate_ErrorFormat(t *testing.T) {
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "test-error-format"

2
pkg/engine/policyContext.go
View file

@ -1,7 +1,7 @@
package engine
import (
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
authenticationv1 "k8s.io/api/authentication/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)

2
pkg/engine/rbacValidation.go
View file

@ -3,7 +3,7 @@ package engine
import (
"reflect"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
utils "github.com/nirmata/kyverno/pkg/utils"
authenticationv1 "k8s.io/api/authentication/v1"
rbacv1 "k8s.io/api/rbac/v1"

2
pkg/engine/rbacValidation_test.go
View file

@ -4,7 +4,7 @@ import (
"flag"
"testing"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"gotest.tools/assert"
authenticationv1 "k8s.io/api/authentication/v1"
rbacv1 "k8s.io/api/rbac/v1"

2
pkg/engine/utils.go
View file

@ -10,7 +10,7 @@ import (
"github.com/golang/glog"
"github.com/minio/minio/pkg/wildcard"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine/anchor"
"github.com/nirmata/kyverno/pkg/utils"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"

2
pkg/engine/utils_test.go
View file

@ -3,7 +3,7 @@ package engine
import (
"testing"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"gotest.tools/assert"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

2
pkg/engine/validation.go
View file

@ -10,7 +10,7 @@ import (
"time"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine/anchor"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)

36
pkg/engine/validation_test.go
View file

@ -4,7 +4,7 @@ import (
"encoding/json"
"testing"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"gotest.tools/assert"
)
@ -1542,7 +1542,7 @@ func TestValidateMapElement_OneElementInArrayNotPass(t *testing.T) {
func TestValidate_ServiceTest(t *testing.T) {
rawPolicy := []byte(`{
"apiVersion":"kyverno.nirmata.io/v1alpha1",
"apiVersion":"kyverno.nirmata.io/v1",
"kind":"ClusterPolicy",
"metadata":{
"name":"policy-service"
@ -1635,7 +1635,7 @@ func TestValidate_ServiceTest(t *testing.T) {
func TestValidate_MapHasFloats(t *testing.T) {
rawPolicy := []byte(`{
"apiVersion":"kyverno.nirmata.io/v1alpha1",
"apiVersion":"kyverno.nirmata.io/v1",
"kind":"ClusterPolicy",
"metadata":{
"name":"policy-deployment-changed"
@ -1733,7 +1733,7 @@ func TestValidate_MapHasFloats(t *testing.T) {
func TestValidate_image_tag_fail(t *testing.T) {
// If image tag is latest then imagepull policy needs to be checked
rawPolicy := []byte(`{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "validate-image"
@ -1831,7 +1831,7 @@ func TestValidate_image_tag_fail(t *testing.T) {
func TestValidate_image_tag_pass(t *testing.T) {
// If image tag is latest then imagepull policy needs to be checked
rawPolicy := []byte(`{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "validate-image"
@ -1929,7 +1929,7 @@ func TestValidate_image_tag_pass(t *testing.T) {
func TestValidate_Fail_anyPattern(t *testing.T) {
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "validate-namespace"
@ -2003,7 +2003,7 @@ func TestValidate_Fail_anyPattern(t *testing.T) {
func TestValidate_host_network_port(t *testing.T) {
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "validate-host-network-port"
@ -2085,7 +2085,7 @@ func TestValidate_host_network_port(t *testing.T) {
func TestValidate_anchor_arraymap_pass(t *testing.T) {
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "validate-host-path"
@ -2174,7 +2174,7 @@ func TestValidate_anchor_arraymap_pass(t *testing.T) {
func TestValidate_anchor_arraymap_fail(t *testing.T) {
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "validate-host-path"
@ -2262,7 +2262,7 @@ func TestValidate_anchor_arraymap_fail(t *testing.T) {
func TestValidate_anchor_map_notfound(t *testing.T) {
// anchor not present in resource
rawPolicy := []byte(`{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "policy-secaas-k8s"
@ -2331,7 +2331,7 @@ func TestValidate_anchor_map_notfound(t *testing.T) {
func TestValidate_anchor_map_found_valid(t *testing.T) {
// anchor not present in resource
rawPolicy := []byte(`{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "policy-secaas-k8s"
@ -2403,7 +2403,7 @@ func TestValidate_anchor_map_found_valid(t *testing.T) {
func TestValidate_anchor_map_found_invalid(t *testing.T) {
// anchor not present in resource
rawPolicy := []byte(`{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "policy-secaas-k8s"
@ -2476,7 +2476,7 @@ func TestValidate_AnchorList_pass(t *testing.T) {
// anchor not present in resource
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "policy-secaas-k8s"
@ -2550,7 +2550,7 @@ func TestValidate_AnchorList_pass(t *testing.T) {
func TestValidate_AnchorList_fail(t *testing.T) {
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "policy-secaas-k8s"
@ -2624,7 +2624,7 @@ func TestValidate_existenceAnchor_fail(t *testing.T) {
// anchor not present in resource
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "policy-secaas-k8s"
@ -2699,7 +2699,7 @@ func TestValidate_existenceAnchor_pass(t *testing.T) {
// anchor not present in resource
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "policy-secaas-k8s"
@ -2772,7 +2772,7 @@ func TestValidate_existenceAnchor_pass(t *testing.T) {
func TestValidate_negationAnchor_deny(t *testing.T) {
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "validate-host-path"
@ -2859,7 +2859,7 @@ func TestValidate_negationAnchor_deny(t *testing.T) {
func TestValidate_negationAnchor_pass(t *testing.T) {
rawPolicy := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "validate-host-path"

7
pkg/event/controller.go
View file

@ -6,8 +6,8 @@ import (
"github.com/golang/glog"
"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
client "github.com/nirmata/kyverno/pkg/dclient"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -32,8 +32,7 @@ type Interface interface {
}
//NewEventGenerator to generate a new event controller
func NewEventGenerator(client *client.Client,
pInformer kyvernoinformer.ClusterPolicyInformer) *Generator {
func NewEventGenerator(client *client.Client, pInformer kyvernoinformer.ClusterPolicyInformer) *Generator {
gen := Generator{
client: client,

2
pkg/kyverno/apply/apply.go
View file

@ -8,7 +8,7 @@ import (
"os"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine"
"github.com/spf13/cobra"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

6
pkg/namespace/controller.go
View file

@ -6,7 +6,7 @@ import (
"k8s.io/apimachinery/pkg/util/wait"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/config"
client "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/event"
@ -16,8 +16,8 @@ import (
"k8s.io/apimachinery/pkg/api/errors"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
v1 "k8s.io/api/core/v1"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
v1Informer "k8s.io/client-go/informers/core/v1"

2
pkg/namespace/generation.go
View file

@ -5,7 +5,7 @@ import (
"time"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
client "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/engine"
policyctr "github.com/nirmata/kyverno/pkg/policy"

2
pkg/namespace/report.go
View file

@ -4,7 +4,7 @@ import (
"fmt"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine"
"github.com/nirmata/kyverno/pkg/event"
"github.com/nirmata/kyverno/pkg/policyviolation"

2
pkg/policy/apply.go
View file

@ -7,7 +7,7 @@ import (
jsonpatch "github.com/evanphx/json-patch"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine"
"github.com/nirmata/kyverno/pkg/utils"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"

4
pkg/policy/cleanup.go
View file

@ -5,8 +5,8 @@ import (
"reflect"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
dclient "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/engine"
"github.com/nirmata/kyverno/pkg/policyviolation"

18
pkg/policy/controller.go
View file

@ -8,11 +8,11 @@ import (
"time"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
"github.com/nirmata/kyverno/pkg/config"
client "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/event"
@ -501,7 +501,7 @@ func (pc *PolicyController) syncStatusOnly(p *kyverno.ClusterPolicy, pvList []*k
// update status
newPolicy := p
newPolicy.Status = newStatus
_, err := pc.kyvernoClient.KyvernoV1alpha1().ClusterPolicies().UpdateStatus(newPolicy)
_, err := pc.kyvernoClient.KyvernoV1().ClusterPolicies().UpdateStatus(newPolicy)
return err
}
@ -547,7 +547,7 @@ func (pc *PolicyController) getPolicyViolationsForPolicy(p *kyverno.ClusterPolic
}
canAdoptFunc := RecheckDeletionTimestamp(func() (metav1.Object, error) {
fresh, err := pc.kyvernoClient.KyvernoV1alpha1().ClusterPolicies().Get(p.Name, metav1.GetOptions{})
fresh, err := pc.kyvernoClient.KyvernoV1().ClusterPolicies().Get(p.Name, metav1.GetOptions{})
if err != nil {
return nil, err
}
@ -875,24 +875,24 @@ type RealPVControl struct {
//PatchPolicyViolation patches the policy violation with the provided JSON Patch
func (r RealPVControl) PatchPolicyViolation(name string, data []byte) error {
_, err := r.Client.KyvernoV1alpha1().ClusterPolicyViolations().Patch(name, types.JSONPatchType, data)
_, err := r.Client.KyvernoV1().ClusterPolicyViolations().Patch(name, types.JSONPatchType, data)
return err
}
//DeletePolicyViolation deletes the policy violation
func (r RealPVControl) DeletePolicyViolation(name string) error {
return r.Client.KyvernoV1alpha1().ClusterPolicyViolations().Delete(name, &metav1.DeleteOptions{})
return r.Client.KyvernoV1().ClusterPolicyViolations().Delete(name, &metav1.DeleteOptions{})
}
//PatchNamespacedPolicyViolation patches the namespaced policy violation with the provided JSON Patch
func (r RealPVControl) PatchNamespacedPolicyViolation(ns, name string, data []byte) error {
_, err := r.Client.KyvernoV1alpha1().NamespacedPolicyViolations(ns).Patch(name, types.JSONPatchType, data)
_, err := r.Client.KyvernoV1().NamespacedPolicyViolations(ns).Patch(name, types.JSONPatchType, data)
return err
}
//DeleteNamespacedPolicyViolation deletes the namespaced policy violation
func (r RealPVControl) DeleteNamespacedPolicyViolation(ns, name string) error {
return r.Client.KyvernoV1alpha1().NamespacedPolicyViolations(ns).Delete(name, &metav1.DeleteOptions{})
return r.Client.KyvernoV1().NamespacedPolicyViolations(ns).Delete(name, &metav1.DeleteOptions{})
}
// RecheckDeletionTimestamp returns a CanAdopt() function to recheck deletion.

2
pkg/policy/existing.go
View file

@ -7,7 +7,7 @@ import (
"github.com/golang/glog"
"github.com/minio/minio/pkg/wildcard"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/config"
client "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/engine"

2
pkg/policy/namespacedpv.go
View file

@ -4,7 +4,7 @@ import (
"reflect"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cache "k8s.io/client-go/tools/cache"
)

2
pkg/policy/report.go
View file

@ -4,7 +4,7 @@ import (
"fmt"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine"
"github.com/nirmata/kyverno/pkg/event"
"github.com/nirmata/kyverno/pkg/policyviolation"

2
pkg/policy/utils.go
View file

@ -1,6 +1,6 @@
package policy
import kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
import kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
// reEvaulatePolicy checks if the policy needs to be re-evaulated
// during re-evaulation we remove all the old policy violations and re-create new ones

2
pkg/policy/webhookregistration.go
View file

@ -2,7 +2,7 @@ package policy
import (
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"k8s.io/apimachinery/pkg/labels"
)

4
pkg/policystore/policystore.go
View file

@ -3,8 +3,8 @@ package policystore
import (
"sync"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
)
type policyMap map[string]interface{}

40
pkg/policystore/policystore_test.go
View file

@ -5,7 +5,7 @@ import (
"reflect"
"testing"
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/client/clientset/versioned/fake"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
@ -16,7 +16,7 @@ import (
func Test_Operations(t *testing.T) {
rawPolicy1 := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "test-policy1"
@ -92,7 +92,7 @@ func Test_Operations(t *testing.T) {
rawPolicy2 := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "test-policy2"
@ -152,7 +152,7 @@ func Test_Operations(t *testing.T) {
rawPolicy3 := []byte(`
{
"apiVersion": "kyverno.io/v1alpha1",
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "test-policy3"
@ -175,18 +175,18 @@ func Test_Operations(t *testing.T) {
]
}
}`)
var policy1 v1alpha1.ClusterPolicy
var policy1 kyverno.ClusterPolicy
json.Unmarshal(rawPolicy1, &policy1)
var policy2 v1alpha1.ClusterPolicy
var policy2 kyverno.ClusterPolicy
json.Unmarshal(rawPolicy2, &policy2)
var policy3 v1alpha1.ClusterPolicy
var policy3 kyverno.ClusterPolicy
json.Unmarshal(rawPolicy3, &policy3)
scheme.Scheme.AddKnownTypes(v1alpha1.SchemeGroupVersion,
&v1alpha1.ClusterPolicy{},
scheme.Scheme.AddKnownTypes(kyverno.SchemeGroupVersion,
&kyverno.ClusterPolicy{},
)
var obj runtime.Object
var err error
var retPolicies []v1alpha1.ClusterPolicy
var retPolicies []kyverno.ClusterPolicy
polices := []runtime.Object{}
// list of runtime objects
decode := scheme.Codecs.UniversalDeserializer().Decode
@ -221,7 +221,7 @@ func Test_Operations(t *testing.T) {
if err != nil {
t.Error(err)
}
if !reflect.DeepEqual(retPolicies, []v1alpha1.ClusterPolicy{policy1, policy2}) {
if !reflect.DeepEqual(retPolicies, []kyverno.ClusterPolicy{policy1, policy2}) {
t.Error("not matching")
}
@ -232,7 +232,7 @@ func Test_Operations(t *testing.T) {
t.Error(err)
}
// Lookup
if !reflect.DeepEqual(retPolicies, []v1alpha1.ClusterPolicy{policy2}) {
if !reflect.DeepEqual(retPolicies, []kyverno.ClusterPolicy{policy2}) {
t.Error("not matching")
}
// Add
@ -242,7 +242,7 @@ func Test_Operations(t *testing.T) {
t.Error(err)
}
if len(retPolicies) != len([]v1alpha1.ClusterPolicy{policy1, policy2}) {
if len(retPolicies) != len([]kyverno.ClusterPolicy{policy1, policy2}) {
// checking length as the order of polcies might be different
t.Error("not matching")
}
@ -251,7 +251,7 @@ func Test_Operations(t *testing.T) {
if err != nil {
t.Error(err)
}
if !reflect.DeepEqual(retPolicies, []v1alpha1.ClusterPolicy{policy3}) {
if !reflect.DeepEqual(retPolicies, []kyverno.ClusterPolicy{policy3}) {
t.Error("not matching")
}
@ -261,21 +261,21 @@ type FakeLister struct {
client *fake.Clientset
}
func (fk *FakeLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicy, err error) {
func (fk *FakeLister) List(selector labels.Selector) (ret []*kyverno.ClusterPolicy, err error) {
return nil, nil
}
func (fk *FakeLister) Get(name string) (*v1alpha1.ClusterPolicy, error) {
return fk.client.KyvernoV1alpha1().ClusterPolicies().Get(name, v1.GetOptions{})
func (fk *FakeLister) Get(name string) (*kyverno.ClusterPolicy, error) {
return fk.client.KyvernoV1().ClusterPolicies().Get(name, v1.GetOptions{})
}
func (fk *FakeLister) GetPolicyForPolicyViolation(pv *v1alpha1.ClusterPolicyViolation) ([]*v1alpha1.ClusterPolicy, error) {
func (fk *FakeLister) GetPolicyForPolicyViolation(pv *kyverno.ClusterPolicyViolation) ([]*kyverno.ClusterPolicy, error) {
return nil, nil
}
func (fk *FakeLister) ListResources(selector labels.Selector) (ret []*v1alpha1.ClusterPolicy, err error) {
func (fk *FakeLister) ListResources(selector labels.Selector) (ret []*kyverno.ClusterPolicy, err error) {
return nil, nil
}
func (fk *FakeLister) GetPolicyForNamespacedPolicyViolation(pv *v1alpha1.NamespacedPolicyViolation) ([]*v1alpha1.ClusterPolicy, error) {
func (fk *FakeLister) GetPolicyForNamespacedPolicyViolation(pv *kyverno.NamespacedPolicyViolation) ([]*kyverno.ClusterPolicy, error) {
return nil, nil
}

10
pkg/policyviolation/controller.go
View file

@ -7,11 +7,11 @@ import (
"time"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
client "github.com/nirmata/kyverno/pkg/dclient"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
@ -334,11 +334,11 @@ type RealPVControl struct {
//UpdateStatusPolicyViolation updates the status for policy violation
func (r RealPVControl) UpdateStatusPolicyViolation(newPv *kyverno.ClusterPolicyViolation) error {
_, err := r.Client.KyvernoV1alpha1().ClusterPolicyViolations().UpdateStatus(newPv)
_, err := r.Client.KyvernoV1().ClusterPolicyViolations().UpdateStatus(newPv)
return err
}
//RemovePolicyViolation removes the policy violation
func (r RealPVControl) RemovePolicyViolation(name string) error {
return r.Client.KyvernoV1alpha1().ClusterPolicyViolations().Delete(name, &metav1.DeleteOptions{})
return r.Client.KyvernoV1().ClusterPolicyViolations().Delete(name, &metav1.DeleteOptions{})
}

14
pkg/policyviolation/generator.go
View file

@ -8,10 +8,10 @@ import (
"time"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
kyvernov1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
client "github.com/nirmata/kyverno/pkg/dclient"
dclient "github.com/nirmata/kyverno/pkg/dclient"
unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -27,7 +27,7 @@ const workQueueRetryLimit = 3
//Generator creates PV
type Generator struct {
dclient *dclient.Client
pvInterface kyvernov1alpha1.KyvernoV1alpha1Interface
pvInterface kyvernov1.KyvernoV1Interface
pvLister kyvernolister.ClusterPolicyViolationLister
nspvLister kyvernolister.NamespacedPolicyViolationLister
queue workqueue.RateLimitingInterface
@ -97,7 +97,7 @@ func NewPVGenerator(client *kyvernoclient.Clientset, dclient *client.Client,
pvLister kyvernolister.ClusterPolicyViolationLister,
nspvLister kyvernolister.NamespacedPolicyViolationLister) *Generator {
gen := Generator{
pvInterface: client.KyvernoV1alpha1(),
pvInterface: client.KyvernoV1(),
dclient: dclient,
pvLister: pvLister,
nspvLister: nspvLister,
@ -237,7 +237,7 @@ func (gen *Generator) syncHandler(info Info) error {
return nil
}
func createPVS(dclient *client.Client, pvs []kyverno.ClusterPolicyViolation, pvLister kyvernolister.ClusterPolicyViolationLister, pvInterface kyvernov1alpha1.KyvernoV1alpha1Interface) error {
func createPVS(dclient *client.Client, pvs []kyverno.ClusterPolicyViolation, pvLister kyvernolister.ClusterPolicyViolationLister, pvInterface kyvernov1.KyvernoV1Interface) error {
for _, pv := range pvs {
if err := createPVNew(dclient, pv, pvLister, pvInterface); err != nil {
return err
@ -246,7 +246,7 @@ func createPVS(dclient *client.Client, pvs []kyverno.ClusterPolicyViolation, pvL
return nil
}
func createPVNew(dclient *client.Client, pv kyverno.ClusterPolicyViolation, pvLister kyvernolister.ClusterPolicyViolationLister, pvInterface kyvernov1alpha1.KyvernoV1alpha1Interface) error {
func createPVNew(dclient *client.Client, pv kyverno.ClusterPolicyViolation, pvLister kyvernolister.ClusterPolicyViolationLister, pvInterface kyvernov1.KyvernoV1Interface) error {
var err error
// PV already exists
ePV, err := getExistingPVIfAny(pvLister, pv)

2
pkg/policyviolation/helpers.go
View file

@ -6,7 +6,7 @@ import (
"time"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/api/apps/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"

8
pkg/policyviolation/namespacedpv.go
View file

@ -5,9 +5,9 @@ import (
"reflect"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
kyvernov1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
dclient "github.com/nirmata/kyverno/pkg/dclient"
labels "k8s.io/apimachinery/pkg/labels"
)
@ -62,7 +62,7 @@ func buildNamespacedPVWithOwner(dclient *dclient.Client, info Info) (pvs []kyver
return
}
func createNamespacedPV(dclient *dclient.Client, pvLister kyvernolister.NamespacedPolicyViolationLister, pvInterface kyvernov1alpha1.KyvernoV1alpha1Interface, pvs []kyverno.NamespacedPolicyViolation) error {
func createNamespacedPV(dclient *dclient.Client, pvLister kyvernolister.NamespacedPolicyViolationLister, pvInterface kyvernov1.KyvernoV1Interface, pvs []kyverno.NamespacedPolicyViolation) error {
for _, newPv := range pvs {
glog.V(4).Infof("creating namespaced policyViolation resource for policy %s and resource %s", newPv.Spec.Policy, newPv.Spec.ResourceSpec.ToKey())
// check if there was a previous policy voilation for policy & resource combination

10
pkg/policyviolation/namespacepvcontroller.go
View file

@ -8,11 +8,11 @@ import (
backoff "github.com/cenkalti/backoff"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
client "github.com/nirmata/kyverno/pkg/dclient"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
@ -332,13 +332,13 @@ type RealNamespacedPVControl struct {
//UpdateStatusPolicyViolation updates the status for policy violation
func (r RealNamespacedPVControl) UpdateStatusPolicyViolation(newPv *kyverno.NamespacedPolicyViolation) error {
_, err := r.Client.KyvernoV1alpha1().NamespacedPolicyViolations(newPv.Namespace).UpdateStatus(newPv)
_, err := r.Client.KyvernoV1().NamespacedPolicyViolations(newPv.Namespace).UpdateStatus(newPv)
return err
}
//RemovePolicyViolation removes the policy violation
func (r RealNamespacedPVControl) RemovePolicyViolation(ns, name string) error {
return r.Client.KyvernoV1alpha1().NamespacedPolicyViolations(ns).Delete(name, &metav1.DeleteOptions{})
return r.Client.KyvernoV1().NamespacedPolicyViolations(ns).Delete(name, &metav1.DeleteOptions{})
}
func retryGetResource(client *client.Client, rspec kyverno.ResourceSpec) error {

2
pkg/testrunner/scenario.go
View file

@ -11,7 +11,7 @@ import (
"reflect"
"testing"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
client "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/engine"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"

8
pkg/webhookconfig/policy.go
View file

@ -28,7 +28,7 @@ func (wrc *WebhookRegistrationClient) contructPolicyValidatingWebhookConfig(caDa
wrc.timeoutSeconds,
"clusterpolicies/*",
"kyverno.io",
"v1alpha1",
"v1",
[]admregapi.OperationType{admregapi.Create, admregapi.Update},
),
},
@ -52,7 +52,7 @@ func (wrc *WebhookRegistrationClient) contructDebugPolicyValidatingWebhookConfig
wrc.timeoutSeconds,
"clusterpolicies/*",
"kyverno.io",
"v1alpha1",
"v1",
[]admregapi.OperationType{admregapi.Create, admregapi.Update},
),
},
@ -76,7 +76,7 @@ func (wrc *WebhookRegistrationClient) contructPolicyMutatingWebhookConfig(caData
wrc.timeoutSeconds,
"clusterpolicies/*",
"kyverno.io",
"v1alpha1",
"v1",
[]admregapi.OperationType{admregapi.Create, admregapi.Update},
),
},
@ -99,7 +99,7 @@ func (wrc *WebhookRegistrationClient) contructDebugPolicyMutatingWebhookConfig(c
wrc.timeoutSeconds,
"clusterpolicies/*",
"kyverno.io",
"v1alpha1",
"v1",
[]admregapi.OperationType{admregapi.Create, admregapi.Update},
),
},

2
pkg/webhooks/mutation.go
View file

@ -2,7 +2,7 @@ package webhooks
import (
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
engine "github.com/nirmata/kyverno/pkg/engine"
policyctr "github.com/nirmata/kyverno/pkg/policy"
"github.com/nirmata/kyverno/pkg/utils"

2
pkg/webhooks/policymutation.go
View file

@ -6,7 +6,7 @@ import (
"strings"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/utils"
v1beta1 "k8s.io/api/admission/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

2
pkg/webhooks/policyvalidation.go
View file

@ -5,7 +5,7 @@ import (
"fmt"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
policyvalidate "github.com/nirmata/kyverno/pkg/engine/policy"
v1beta1 "k8s.io/api/admission/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

2
pkg/webhooks/report.go
View file

@ -4,7 +4,7 @@ import (
"fmt"
"strings"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine"
"github.com/nirmata/kyverno/pkg/policyviolation"

4
pkg/webhooks/server.go
View file

@ -13,8 +13,8 @@ import (
"github.com/golang/glog"
"github.com/nirmata/kyverno/pkg/checker"
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
"github.com/nirmata/kyverno/pkg/config"
client "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/event"

2
pkg/webhooks/utils.go
View file

@ -5,7 +5,7 @@ import (
"strings"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine"
"k8s.io/api/admission/v1beta1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"

2
pkg/webhooks/validation.go
View file

@ -5,7 +5,7 @@ import (
"time"
"github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
engine "github.com/nirmata/kyverno/pkg/engine"
policyctr "github.com/nirmata/kyverno/pkg/policy"
"github.com/nirmata/kyverno/pkg/utils"

2
samples/AddDefaultNetworkPolicy.md
View file

@ -9,7 +9,7 @@ A default `NetworkPolicy` should be configured for each namespace to default den
[add_network_policy.yaml](best_practices/add_network_policy.yaml)
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: add-networkpolicy

2
samples/AddNamespaceResourceQuota.md
View file

@ -11,7 +11,7 @@ To limit the number of resources like CPU and memory, as well as objects that ma
[add_ns_quota.yaml](best_practices/add_ns_quota.yaml)
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: add-ns-quota

2
samples/AddSafeToEvict.md
View file

@ -13,7 +13,7 @@ This policy matches and mutates pods with `emptyDir` and `hostPath` volumes, to
[add_safe_to_evict_annotation.yaml](best_practices/add_safe_to_evict.yaml)
````yaml
apiVersion: "kyverno.io/v1alpha1"
apiVersion: "kyverno.io/v1"
kind: "ClusterPolicy"
metadata:
name: "add-safe-to-evict"

2
samples/CheckUserGroup.md
View file

@ -7,7 +7,7 @@ All processes inside the pod can be made to run with specific user and groupID b
[policy_validate_user_group_fsgroup_id.yaml](more/policy_validate_user_group_fsgroup_id.yaml)
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: validate-userid-groupid-fsgroup

2
samples/DisallowBindMounts.md
View file

@ -7,7 +7,7 @@ The volume of type `hostPath` allows pods to use host bind mounts (i.e. director
[disallow_bind_mounts.yaml](best_practices/disallow_bind_mounts.yaml)
````yaml
apiVersion: "kyverno.io/v1alpha1"
apiVersion: "kyverno.io/v1"
kind: "ClusterPolicy"
metadata:
name: "disallow-bind-mounts"

2
samples/DisallowDefaultNamespace.md
View file

@ -7,7 +7,7 @@ Kubernetes namespaces are an optional feature that provide a way to segment and
[disallow_default_namespace.yaml](best_practices/disallow_default_namespace.yaml)
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: disallow-default-namespace

2
samples/DisallowDockerSockMount.md
View file

@ -9,7 +9,7 @@ to manage containers outside of Kubernetes, and hence should not be allowed.
[disallow_docker_sock_mount.yaml](best_practices/disallow_docker_sock_mount.yaml)
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: disallow-docker-sock-mount

2
samples/DisallowHelmTiller.md
View file

@ -7,7 +7,7 @@ Tiller has known security challenges. It requires adminstrative privileges and a
[disallow_helm_tiller.yaml](best_practices/disallow_helm_tiller.yaml)
````yaml
apiVersion : kyverno.io/v1alpha1
apiVersion : kyverno.io/v1
kind: ClusterPolicy
metadata:
name: disallow-helm-tiller

2
samples/DisallowHostNetworkPort.md
View file

@ -9,7 +9,7 @@ Using `hostPort` and `hostNetwork` allows pods to share the host networking stac
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: disallow-host-network-port

2
samples/DisallowHostPIDIPC.md
View file

@ -9,7 +9,7 @@ To avoid pod container from having visibility to host process space, validate th
[disallow_host_pid_ipc.yaml](best_practices/disallow_host_pid_ipc.yaml)
````yaml
apiVersion: kyverno.io/v1alpha1
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: disallow-host-pid-ipc

2
samples/DisallowLatestTag.md
View file

@ -8,7 +8,7 @@ The `:latest` tag is mutable and can lead to unexpected errors if the upstream i
````yaml
apiVersion : kyverno.io/v1alpha1
apiVersion : kyverno.io/v1
kind: ClusterPolicy
metadata:
name: disallow-latest-tag

Some files were not shown because too many files have changed in this diff Show more