mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: raffis <raffael.sahli@doodle.com>
This commit is contained in:
shuting
GitHub
parent
8b117276cd
commit
e809755f30
4 changed files with 20 additions and 2 deletions
|
|
@ -28,6 +28,7 @@ import (
|
||||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||||
"github.com/kyverno/kyverno/pkg/config"
|
"github.com/kyverno/kyverno/pkg/config"
|
||||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||||
|
"github.com/kyverno/kyverno/pkg/registryclient"
|
||||||
gitutils "github.com/kyverno/kyverno/pkg/utils/git"
|
gitutils "github.com/kyverno/kyverno/pkg/utils/git"
|
||||||
policyvalidation "github.com/kyverno/kyverno/pkg/validation/policy"
|
policyvalidation "github.com/kyverno/kyverno/pkg/validation/policy"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
|
@ -161,6 +162,14 @@ func (c *ApplyCommandConfig) applyCommandHelper(out io.Writer) (*processor.Resul
|
||||||
policyRulesCount += len(validatingAdmissionPolicies)
|
policyRulesCount += len(validatingAdmissionPolicies)
|
||||||
fmt.Fprintf(out, "\nApplying %d policy rule(s) to %d resource(s)...\n", policyRulesCount, len(resources))
|
fmt.Fprintf(out, "\nApplying %d policy rule(s) to %d resource(s)...\n", policyRulesCount, len(resources))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var regOpts []registryclient.Option
|
||||||
|
if c.RegistryAccess {
|
||||||
|
regOpts = append(regOpts, registryclient.WithLocalKeychain())
|
||||||
|
}
|
||||||
|
|
||||||
|
rclient := registryclient.NewOrDie(regOpts...)
|
||||||
|
|
||||||
rc, resources1, responses1, err = c.applyPolicytoResource(
|
rc, resources1, responses1, err = c.applyPolicytoResource(
|
||||||
out,
|
out,
|
||||||
variables,
|
variables,
|
||||||
|
|
@ -170,6 +179,7 @@ func (c *ApplyCommandConfig) applyCommandHelper(out io.Writer) (*processor.Resul
|
||||||
dClient,
|
dClient,
|
||||||
userInfo,
|
userInfo,
|
||||||
mutateLogPathIsDir,
|
mutateLogPathIsDir,
|
||||||
|
rclient,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return rc, resources1, skipInvalidPolicies, responses1, err
|
return rc, resources1, skipInvalidPolicies, responses1, err
|
||||||
|
|
@ -226,6 +236,7 @@ func (c *ApplyCommandConfig) applyPolicytoResource(
|
||||||
dClient dclient.Interface,
|
dClient dclient.Interface,
|
||||||
userInfo *v1beta1.RequestInfo,
|
userInfo *v1beta1.RequestInfo,
|
||||||
mutateLogPathIsDir bool,
|
mutateLogPathIsDir bool,
|
||||||
|
rclient registryclient.Client,
|
||||||
) (*processor.ResultCounts, []*unstructured.Unstructured, []engineapi.EngineResponse, error) {
|
) (*processor.ResultCounts, []*unstructured.Unstructured, []engineapi.EngineResponse, error) {
|
||||||
if vars != nil {
|
if vars != nil {
|
||||||
vars.SetInStore()
|
vars.SetInStore()
|
||||||
|
|
@ -246,6 +257,7 @@ func (c *ApplyCommandConfig) applyPolicytoResource(
|
||||||
}
|
}
|
||||||
validPolicies = append(validPolicies, pol)
|
validPolicies = append(validPolicies, pol)
|
||||||
}
|
}
|
||||||
|
|
||||||
var rc processor.ResultCounts
|
var rc processor.ResultCounts
|
||||||
var responses []engineapi.EngineResponse
|
var responses []engineapi.EngineResponse
|
||||||
for _, resource := range resources {
|
for _, resource := range resources {
|
||||||
|
|
@ -265,6 +277,7 @@ func (c *ApplyCommandConfig) applyPolicytoResource(
|
||||||
AuditWarn: c.AuditWarn,
|
AuditWarn: c.AuditWarn,
|
||||||
Subresources: vars.Subresources(),
|
Subresources: vars.Subresources(),
|
||||||
Out: out,
|
Out: out,
|
||||||
|
RegistryClient: rclient,
|
||||||
}
|
}
|
||||||
ers, err := processor.ApplyPoliciesOnResource()
|
ers, err := processor.ApplyPoliciesOnResource()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ import (
|
||||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||||
"github.com/kyverno/kyverno/pkg/config"
|
"github.com/kyverno/kyverno/pkg/config"
|
||||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||||
|
"github.com/kyverno/kyverno/pkg/registryclient"
|
||||||
policyvalidation "github.com/kyverno/kyverno/pkg/validation/policy"
|
policyvalidation "github.com/kyverno/kyverno/pkg/validation/policy"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
)
|
)
|
||||||
|
|
@ -140,6 +141,7 @@ func runTest(out io.Writer, testCase test.TestCase, auditWarn bool) ([]engineapi
|
||||||
Client: dClient,
|
Client: dClient,
|
||||||
Subresources: vars.Subresources(),
|
Subresources: vars.Subresources(),
|
||||||
Out: out,
|
Out: out,
|
||||||
|
RegistryClient: registryclient.NewOrDie(),
|
||||||
}
|
}
|
||||||
ers, err := processor.ApplyPoliciesOnResource()
|
ers, err := processor.ApplyPoliciesOnResource()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,7 @@ type PolicyProcessor struct {
|
||||||
AuditWarn bool
|
AuditWarn bool
|
||||||
Subresources []v1alpha1.Subresource
|
Subresources []v1alpha1.Subresource
|
||||||
Out io.Writer
|
Out io.Writer
|
||||||
|
RegistryClient registryclient.Client
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse, error) {
|
func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse, error) {
|
||||||
|
|
@ -62,13 +63,13 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
|
||||||
if p.Client != nil {
|
if p.Client != nil {
|
||||||
client = adapters.Client(p.Client)
|
client = adapters.Client(p.Client)
|
||||||
}
|
}
|
||||||
rclient := registryclient.NewOrDie()
|
|
||||||
eng := engine.NewEngine(
|
eng := engine.NewEngine(
|
||||||
cfg,
|
cfg,
|
||||||
config.NewDefaultMetricsConfiguration(),
|
config.NewDefaultMetricsConfiguration(),
|
||||||
jmespath.New(cfg),
|
jmespath.New(cfg),
|
||||||
client,
|
client,
|
||||||
factories.DefaultRegistryClientFactory(adapters.RegistryClient(rclient), nil),
|
factories.DefaultRegistryClientFactory(adapters.RegistryClient(p.RegistryClient), nil),
|
||||||
imageverifycache.DisabledImageVerifyCache(),
|
imageverifycache.DisabledImageVerifyCache(),
|
||||||
store.ContextLoaderFactory(nil),
|
store.ContextLoaderFactory(nil),
|
||||||
nil,
|
nil,
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
||||||
|
"github.com/kyverno/kyverno/pkg/registryclient"
|
||||||
yamlutils "github.com/kyverno/kyverno/pkg/utils/yaml"
|
yamlutils "github.com/kyverno/kyverno/pkg/utils/yaml"
|
||||||
"gotest.tools/assert"
|
"gotest.tools/assert"
|
||||||
)
|
)
|
||||||
|
|
@ -114,6 +115,7 @@ func Test_NamespaceSelector(t *testing.T) {
|
||||||
NamespaceSelectorMap: tc.namespaceSelectorMap,
|
NamespaceSelectorMap: tc.namespaceSelectorMap,
|
||||||
Rc: rc,
|
Rc: rc,
|
||||||
Out: os.Stdout,
|
Out: os.Stdout,
|
||||||
|
RegistryClient: registryclient.NewOrDie(),
|
||||||
}
|
}
|
||||||
processor.ApplyPoliciesOnResource()
|
processor.ApplyPoliciesOnResource()
|
||||||
assert.Equal(t, int64(rc.Pass()), int64(tc.result.pass))
|
assert.Equal(t, int64(rc.Pass()), int64(tc.result.pass))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue