mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
go fmt
This commit is contained in:
Yuvraj
parent
e43154ea1c
commit
e59425dfcd
10 changed files with 33 additions and 43 deletions
|
|
@ -148,8 +148,6 @@ func main() {
|
|||
log.Log.WithName("ResourceWebhookRegister"),
|
||||
)
|
||||
|
||||
|
||||
|
||||
// KYVERNO CRD INFORMER
|
||||
// watches CRD resources:
|
||||
// - Policy
|
||||
|
|
@ -186,7 +184,6 @@ func main() {
|
|||
// - Create Jobs for report
|
||||
jobController := jobs.NewJobsJob(client, log.Log.WithName("jobController"))
|
||||
|
||||
|
||||
// POLICY VIOLATION GENERATOR
|
||||
// -- generate policy violation
|
||||
pvgen := policyviolation.NewPVGenerator(pclient,
|
||||
|
|
@ -348,7 +345,7 @@ func main() {
|
|||
go statusSync.Run(1, stopCh)
|
||||
go pCacheController.Run(1, stopCh)
|
||||
go auditHandler.Run(10, stopCh)
|
||||
go jobController.Run(1,stopCh)
|
||||
go jobController.Run(1, stopCh)
|
||||
openAPISync.Run(1, stopCh)
|
||||
|
||||
// verifies if the admission control is enabled and active
|
||||
|
|
|
|||
|
|
@ -172,14 +172,14 @@ func (c *Controller) deleteGR(obj interface{}) {
|
|||
return
|
||||
}
|
||||
}
|
||||
for _,resource := range gr.Status.GeneratedResources {
|
||||
r,err := c.client.GetResource(resource.APIVersion,resource.Kind,resource.Namespace,resource.Name)
|
||||
for _, resource := range gr.Status.GeneratedResources {
|
||||
r, err := c.client.GetResource(resource.APIVersion, resource.Kind, resource.Namespace, resource.Name)
|
||||
if err != nil {
|
||||
logger.Error(err, "Generated resource is not deleted", "Resource", r.GetName())
|
||||
}
|
||||
labels := r.GetLabels()
|
||||
if labels["policy.kyverno.io/synchronize"] == "enable" {
|
||||
if err := c.client.DeleteResource(r.GetAPIVersion(), r.GetKind(),r.GetNamespace(), r.GetName(), false); err != nil {
|
||||
if err := c.client.DeleteResource(r.GetAPIVersion(), r.GetKind(), r.GetNamespace(), r.GetName(), false); err != nil {
|
||||
logger.Error(err, "Generated resource is not deleted", "Resource", r.GetName())
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -201,14 +201,14 @@ func (c *Controller) deleteGR(obj interface{}) {
|
|||
return
|
||||
}
|
||||
}
|
||||
for _,resource := range gr.Status.GeneratedResources {
|
||||
r,err := c.client.GetResource(resource.APIVersion,resource.Kind,resource.Namespace,resource.Name)
|
||||
for _, resource := range gr.Status.GeneratedResources {
|
||||
r, err := c.client.GetResource(resource.APIVersion, resource.Kind, resource.Namespace, resource.Name)
|
||||
if err != nil {
|
||||
logger.Error(err, "Generated resource is not deleted", "Resource", r.GetName())
|
||||
}
|
||||
labels := r.GetLabels()
|
||||
if labels["policy.kyverno.io/synchronize"] == "enable" {
|
||||
if err := c.client.DeleteResource(r.GetAPIVersion(), r.GetKind(),r.GetNamespace(), r.GetName(), false); err != nil {
|
||||
if err := c.client.DeleteResource(r.GetAPIVersion(), r.GetKind(), r.GetNamespace(), r.GetName(), false); err != nil {
|
||||
logger.Error(err, "Generated resource is not deleted", "Resource", r.GetName())
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -116,8 +116,8 @@ func (c *Controller) applyGenerate(resource unstructured.Unstructured, gr kyvern
|
|||
continue
|
||||
}
|
||||
for _, v := range grList.Items {
|
||||
if engineResponse.PolicyResponse.Policy == v.Spec.Policy && engineResponse.PolicyResponse.Resource.Name == v.Spec.Resource.Name && engineResponse.PolicyResponse.Resource.Kind == v.Spec.Resource.Kind && engineResponse.PolicyResponse.Resource.Namespace == v.Spec.Resource.Namespace{
|
||||
err :=c.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(v.GetName(),&metav1.DeleteOptions{})
|
||||
if engineResponse.PolicyResponse.Policy == v.Spec.Policy && engineResponse.PolicyResponse.Resource.Name == v.Spec.Resource.Name && engineResponse.PolicyResponse.Resource.Kind == v.Spec.Resource.Kind && engineResponse.PolicyResponse.Resource.Namespace == v.Spec.Resource.Namespace {
|
||||
err := c.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(v.GetName(), &metav1.DeleteOptions{})
|
||||
if err != nil {
|
||||
logger.Error(err, " failed to delete generate request")
|
||||
}
|
||||
|
|
@ -126,7 +126,7 @@ func (c *Controller) applyGenerate(resource unstructured.Unstructured, gr kyvern
|
|||
if len(engineResponse.PolicyResponse.Rules) > 1 {
|
||||
engineResponse.PolicyResponse.Rules = append(engineResponse.PolicyResponse.Rules[:i], engineResponse.PolicyResponse.Rules[i+1:]...)
|
||||
continue
|
||||
}else if len(engineResponse.PolicyResponse.Rules) == 1 {
|
||||
} else if len(engineResponse.PolicyResponse.Rules) == 1 {
|
||||
engineResponse.PolicyResponse.Rules = []response.RuleResponse{}
|
||||
}
|
||||
}
|
||||
|
|
@ -160,7 +160,7 @@ func (c *Controller) applyGeneratePolicy(log logr.Logger, policyContext engine.P
|
|||
continue
|
||||
}
|
||||
startTime := time.Now()
|
||||
genResource, err := applyRule(log, c.client, rule, resource, ctx, policy.Name,gr)
|
||||
genResource, err := applyRule(log, c.client, rule, resource, ctx, policy.Name, gr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -217,7 +217,7 @@ func updateGenerateExecutionTime(newTime time.Duration, oldAverageTimeString str
|
|||
return time.Duration(newAverageTimeInNanoSeconds) * time.Nanosecond
|
||||
}
|
||||
|
||||
func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resource unstructured.Unstructured, ctx context.EvalInterface, policy string,gr kyverno.GenerateRequest) (kyverno.ResourceSpec, error) {
|
||||
func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resource unstructured.Unstructured, ctx context.EvalInterface, policy string, gr kyverno.GenerateRequest) (kyverno.ResourceSpec, error) {
|
||||
var rdata map[string]interface{}
|
||||
var err error
|
||||
var mode ResourceMode
|
||||
|
|
@ -287,10 +287,8 @@ func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resou
|
|||
return newGenResource, nil
|
||||
}
|
||||
|
||||
|
||||
logger := log.WithValues("genKind", genKind, "genAPIVersion", genAPIVersion, "genNamespace", genNamespace, "genName", genName)
|
||||
|
||||
|
||||
// build the resource template
|
||||
newResource := &unstructured.Unstructured{}
|
||||
newResource.SetUnstructuredContent(rdata)
|
||||
|
|
|
|||
|
|
@ -280,7 +280,7 @@ func (j *Job) syncNamespace(wg *sync.WaitGroup, jobType, scope, policy string) {
|
|||
}
|
||||
}
|
||||
if failure {
|
||||
err := j.dclient.DeleteResource("", "Job", config.KubePolicyNamespace, job.GetName(),false)
|
||||
err := j.dclient.DeleteResource("", "Job", config.KubePolicyNamespace, job.GetName(), false)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
|
@ -299,11 +299,10 @@ func CreateJob(args []string, jobType, scope string) *v1.Job {
|
|||
Spec: apiv1.PodSpec{
|
||||
Containers: []apiv1.Container{
|
||||
{
|
||||
Name: strings.ToLower(fmt.Sprintf("%s-%s", jobType, scope)),
|
||||
Image: "evalsocket/kyverno-cli:latest",
|
||||
Name: strings.ToLower(fmt.Sprintf("%s-%s", jobType, scope)),
|
||||
Image: "evalsocket/kyverno-cli:latest",
|
||||
ImagePullPolicy: "Always",
|
||||
Args: args,
|
||||
|
||||
Args: args,
|
||||
},
|
||||
},
|
||||
RestartPolicy: "OnFailure",
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@ package policy
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"reflect"
|
||||
"os"
|
||||
"reflect"
|
||||
|
||||
"github.com/go-logr/logr"
|
||||
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
|
||||
|
|
|
|||
|
|
@ -1,11 +1,7 @@
|
|||
package policy
|
||||
|
||||
import (
|
||||
"github.com/nirmata/kyverno/pkg/jobs"
|
||||
informers "k8s.io/client-go/informers/core/v1"
|
||||
"os"
|
||||
"context"
|
||||
"time"
|
||||
"github.com/go-logr/logr"
|
||||
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
|
||||
kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
|
||||
|
|
@ -16,6 +12,7 @@ import (
|
|||
"github.com/nirmata/kyverno/pkg/constant"
|
||||
client "github.com/nirmata/kyverno/pkg/dclient"
|
||||
"github.com/nirmata/kyverno/pkg/event"
|
||||
"github.com/nirmata/kyverno/pkg/jobs"
|
||||
"github.com/nirmata/kyverno/pkg/policyviolation"
|
||||
"github.com/nirmata/kyverno/pkg/webhookconfig"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
|
|
@ -23,11 +20,14 @@ import (
|
|||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
informers "k8s.io/client-go/informers/core/v1"
|
||||
typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
listerv1 "k8s.io/client-go/listers/core/v1"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
"k8s.io/client-go/tools/record"
|
||||
"k8s.io/client-go/util/workqueue"
|
||||
"os"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -131,7 +131,7 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset,
|
|||
configHandler: configHandler,
|
||||
pvGenerator: pvGenerator,
|
||||
resourceWebhookWatcher: resourceWebhookWatcher,
|
||||
job : job,
|
||||
job: job,
|
||||
log: log,
|
||||
}
|
||||
|
||||
|
|
@ -166,11 +166,9 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset,
|
|||
DeleteFunc: pc.deleteNsPolicy,
|
||||
})
|
||||
|
||||
|
||||
pc.pLister = pInformer.Lister()
|
||||
pc.npLister = npInformer.Lister()
|
||||
|
||||
|
||||
pc.nsLister = namespaces.Lister()
|
||||
|
||||
pc.pListerSynced = pInformer.Informer().HasSynced
|
||||
|
|
@ -318,29 +316,28 @@ func (pc *PolicyController) Run(workers int, stopCh <-chan struct{}) {
|
|||
defer logger.Info("shutting down")
|
||||
|
||||
if os.Getenv("POLICY-TYPE") == "POLICYREPORT" {
|
||||
if !cache.WaitForCacheSync(stopCh, pc.pListerSynced, pc.nsListerSynced) {
|
||||
if !cache.WaitForCacheSync(stopCh, pc.pListerSynced, pc.nsListerSynced) {
|
||||
logger.Info("failed to sync informer cache")
|
||||
return
|
||||
}
|
||||
|
||||
}else{
|
||||
} else {
|
||||
if !cache.WaitForCacheSync(stopCh, pc.pListerSynced, pc.cpvListerSynced, pc.nspvListerSynced, pc.nsListerSynced) {
|
||||
logger.Info("failed to sync informer cache")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
for i := 0; i < workers; i++ {
|
||||
go wait.Until(pc.worker, constant.PolicyControllerResync, stopCh)
|
||||
}
|
||||
ctx := context.Background()
|
||||
ctx := context.Background()
|
||||
ticker := time.NewTicker(100 * time.Second)
|
||||
for {
|
||||
select {
|
||||
case <-ticker.C:
|
||||
pc.job.Add(jobs.JobInfo{
|
||||
Policy: "enabled",
|
||||
Policy: "enabled",
|
||||
})
|
||||
case <-ctx.Done():
|
||||
break
|
||||
|
|
@ -435,8 +432,7 @@ func (pc *PolicyController) syncPolicy(key string) error {
|
|||
|
||||
engineResponses := pc.processExistingResources(policy)
|
||||
|
||||
pc.cleanupAndReport(engineResponses)
|
||||
|
||||
pc.cleanupAndReport(engineResponses)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ type Generator struct {
|
|||
configmap *v1.ConfigMap
|
||||
inMemoryConfigMap *PVEvent
|
||||
mux sync.Mutex
|
||||
job *jobs.Job
|
||||
job *jobs.Job
|
||||
}
|
||||
|
||||
//NewDataStore returns an instance of data store
|
||||
|
|
@ -149,7 +149,7 @@ func NewPRGenerator(client *policyreportclient.Clientset,
|
|||
Namespace: make(map[string][]Info),
|
||||
Cluster: make(map[string][]Info),
|
||||
},
|
||||
job : job,
|
||||
job: job,
|
||||
}
|
||||
|
||||
return &gen
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ type Generator struct {
|
|||
dataStore *dataStore
|
||||
policyStatusListener policystatus.Listener
|
||||
prgen *policyreport.Generator
|
||||
job *jobs.Job
|
||||
job *jobs.Job
|
||||
}
|
||||
|
||||
//NewDataStore returns an instance of data store
|
||||
|
|
@ -130,7 +130,7 @@ func NewPVGenerator(client *kyvernoclient.Clientset,
|
|||
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), workQueueName),
|
||||
dataStore: newDataStore(),
|
||||
log: log,
|
||||
job : job,
|
||||
job: job,
|
||||
policyStatusListener: policyStatus,
|
||||
}
|
||||
if os.Getenv("POLICY-TYPE") == "POLICYREPORT" {
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ func (ws *WebhookServer) HandleGenerate(request *v1beta1.AdmissionRequest, polic
|
|||
}
|
||||
for _, v := range grList.Items {
|
||||
if engineResponse.PolicyResponse.Policy == v.Spec.Policy && engineResponse.PolicyResponse.Resource.Name == v.Spec.Resource.Name && engineResponse.PolicyResponse.Resource.Kind == v.Spec.Resource.Kind && engineResponse.PolicyResponse.Resource.Namespace == v.Spec.Resource.Namespace {
|
||||
err := ws.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(v.GetName(),&metav1.DeleteOptions{})
|
||||
err := ws.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(v.GetName(), &metav1.DeleteOptions{})
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to update gr")
|
||||
}
|
||||
|
|
@ -67,7 +67,7 @@ func (ws *WebhookServer) HandleGenerate(request *v1beta1.AdmissionRequest, polic
|
|||
if len(engineResponse.PolicyResponse.Rules) > 1 {
|
||||
engineResponse.PolicyResponse.Rules = append(engineResponse.PolicyResponse.Rules[:i], engineResponse.PolicyResponse.Rules[i+1:]...)
|
||||
continue
|
||||
}else if len(engineResponse.PolicyResponse.Rules) == 1 {
|
||||
} else if len(engineResponse.PolicyResponse.Rules) == 1 {
|
||||
engineResponse.PolicyResponse.Rules = []response.RuleResponse{}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue