From e8c4050d49a83bc987114ea6e72c0641492696ae Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Fri, 12 Jun 2020 15:48:19 +0530 Subject: [PATCH] Added In and NotIn Operators --- charts/kyverno/crds/crds.yaml | 2 + definitions/crds/crds.yaml | 2 + definitions/install.yaml | 2 + definitions/install_debug.yaml | 2 + pkg/engine/variables/operator/in.go | 157 ++++++++++++++++++++++ pkg/engine/variables/operator/notin.go | 155 +++++++++++++++++++++ pkg/engine/variables/operator/operator.go | 4 + 7 files changed, 324 insertions(+) create mode 100644 pkg/engine/variables/operator/in.go create mode 100644 pkg/engine/variables/operator/notin.go diff --git a/charts/kyverno/crds/crds.yaml b/charts/kyverno/crds/crds.yaml index e654adc720..1537465fb7 100644 --- a/charts/kyverno/crds/crds.yaml +++ b/charts/kyverno/crds/crds.yaml @@ -226,6 +226,8 @@ spec: - Equals - NotEqual - NotEquals + - In + - NotIn type: string value: type: string diff --git a/definitions/crds/crds.yaml b/definitions/crds/crds.yaml index f48642d951..5348a11804 100644 --- a/definitions/crds/crds.yaml +++ b/definitions/crds/crds.yaml @@ -228,6 +228,8 @@ spec: - Equals - NotEqual - NotEquals + - In + - NotIn key: type: string value: diff --git a/definitions/install.yaml b/definitions/install.yaml index f36fb837e5..39e84d76e2 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -231,6 +231,8 @@ spec: - Equals - NotEqual - NotEquals + - In + - NotIn type: string value: type: string diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml index 3c1a111f18..9269d940af 100644 --- a/definitions/install_debug.yaml +++ b/definitions/install_debug.yaml @@ -231,6 +231,8 @@ spec: - Equals - NotEqual - NotEquals + - In + - NotIn type: string value: type: string diff --git a/pkg/engine/variables/operator/in.go b/pkg/engine/variables/operator/in.go new file mode 100644 index 0000000000..dd874914da --- /dev/null +++ b/pkg/engine/variables/operator/in.go @@ -0,0 +1,157 @@ +package operator + +import ( + "fmt" + "math" + "reflect" + "strconv" + + "github.com/go-logr/logr" + "github.com/nirmata/kyverno/pkg/engine/context" +) + +//NewInHandler returns handler to manage In operations +func NewInHandler(log logr.Logger, ctx context.EvalInterface, subHandler VariableSubstitutionHandler) OperatorHandler { + return InHandler{ + ctx: ctx, + subHandler: subHandler, + log: log, + } +} + +//InHandler provides implementation to handle NotIn oerator +type InHandler struct { + ctx context.EvalInterface + subHandler VariableSubstitutionHandler + log logr.Logger +} + +//Evaluate evaluates expression with In Operator +func (eh InHandler) Evaluate(key, value interface{}) bool { + var err error + //TODO: decouple variables from evaluation + // substitute the variables + if key, err = eh.subHandler(eh.log, eh.ctx, key); err != nil { + // Failed to resolve the variable + eh.log.Error(err, "Failed to resolve variable", "variable", key) + return false + } + if value, err = eh.subHandler(eh.log, eh.ctx, value); err != nil { + // Failed to resolve the variable + eh.log.Error(err, "Failed to resolve variable", "variable", value) + return false + } + + // key and value need to be of same type + switch typedKey := key.(type) { + case bool: + return eh.validateValuewithBoolPattern(typedKey, value) + case int: + return eh.validateValuewithIntPattern(int64(typedKey), value) + case int64: + return eh.validateValuewithIntPattern(typedKey, value) + case float64: + return eh.validateValuewithFloatPattern(typedKey, value) + case string: + return eh.validateValuewithStringPattern(typedKey, value) + case map[string]interface{}: + return eh.validateValueWithMapPattern(typedKey, value) + case []interface{}: + return eh.validateValueWithSlicePattern(typedKey, value) + default: + eh.log.Info("Unsupported type", "value", typedKey, "type", fmt.Sprintf("%T", typedKey)) + return false + } +} + +func (eh InHandler) validateValueWithSlicePattern(key []interface{}, value interface{}) bool { + if val, ok := value.([]interface{}); ok { + return reflect.DeepEqual(key, val) + } + eh.log.Info("Expected type []interface{}", "value", value, "type", fmt.Sprintf("%T", value)) + return false +} + +func (eh InHandler) validateValueWithMapPattern(key map[string]interface{}, value interface{}) bool { + if val, ok := value.(map[string]interface{}); ok { + return reflect.DeepEqual(key, val) + } + eh.log.Info("Expected type map[string]interface{}", "value", value, "type", fmt.Sprintf("%T", value)) + return false +} + +func (eh InHandler) validateValuewithStringPattern(key string, value interface{}) bool { + if val, ok := value.(string); ok { + return key == val + } + + eh.log.Info("Expected type string", "value", value, "type", fmt.Sprintf("%T", value)) + return false +} + +func (eh InHandler) validateValuewithFloatPattern(key float64, value interface{}) bool { + switch typedValue := value.(type) { + case int: + // check that float has not fraction + if key == math.Trunc(key) { + return int(key) == typedValue + } + eh.log.Info("Expected type float, found int", "typedValue", typedValue) + case int64: + // check that float has not fraction + if key == math.Trunc(key) { + return int64(key) == typedValue + } + eh.log.Info("Expected type float, found int", "typedValue", typedValue) + case float64: + return typedValue == key + case string: + // extract float from string + float64Num, err := strconv.ParseFloat(typedValue, 64) + if err != nil { + eh.log.Error(err, "Failed to parse float64 from string") + return false + } + return float64Num == key + default: + eh.log.Info("Expected type float", "value", value, "type", fmt.Sprintf("%T", value)) + return false + } + return false +} + +func (eh InHandler) validateValuewithBoolPattern(key bool, value interface{}) bool { + typedValue, ok := value.(bool) + if !ok { + eh.log.Info("Expected type bool", "value", value, "type", fmt.Sprintf("%T", value)) + return false + } + return key == typedValue +} + +func (eh InHandler) validateValuewithIntPattern(key int64, value interface{}) bool { + switch typedValue := value.(type) { + case int: + return int64(typedValue) == key + case int64: + return typedValue == key + case float64: + // check that float has no fraction + if typedValue == math.Trunc(typedValue) { + return int64(typedValue) == key + } + eh.log.Info("Expected type int, found float", "value", typedValue, "type", fmt.Sprintf("%T", typedValue)) + return false + case string: + // extract in64 from string + int64Num, err := strconv.ParseInt(typedValue, 10, 64) + if err != nil { + eh.log.Error(err, "Failed to parse int64 from string") + return false + } + return int64Num == key + default: + eh.log.Info("Expected type int", "value", value, "type", fmt.Sprintf("%T", value)) + return false + } +} diff --git a/pkg/engine/variables/operator/notin.go b/pkg/engine/variables/operator/notin.go new file mode 100644 index 0000000000..c0057dec60 --- /dev/null +++ b/pkg/engine/variables/operator/notin.go @@ -0,0 +1,155 @@ +package operator + +import ( + "fmt" + "math" + "reflect" + "strconv" + + "github.com/go-logr/logr" + "github.com/nirmata/kyverno/pkg/engine/context" +) + +//NewNotInHandler returns handler to manage NotIn operations +func NewNotInHandler(log logr.Logger, ctx context.EvalInterface, subHandler VariableSubstitutionHandler) OperatorHandler { + return NotInHandler{ + ctx: ctx, + subHandler: subHandler, + log: log, + } +} + +//NotInHandler provides implementation to handle NotIn Operator +type NotInHandler struct { + ctx context.EvalInterface + subHandler VariableSubstitutionHandler + log logr.Logger +} + +//Evaluate evaluates expression with NotIn Operator +func (neh NotInHandler) Evaluate(key, value interface{}) bool { + var err error + //TODO: decouple variables from evaluation + // substitute the variables + if key, err = neh.subHandler(neh.log, neh.ctx, key); err != nil { + // Failed to resolve the variable + neh.log.Error(err, "Failed to resolve variable", "variable", key) + return false + } + if value, err = neh.subHandler(neh.log, neh.ctx, value); err != nil { + // Failed to resolve the variable + neh.log.Error(err, "Failed to resolve variable", "variable", value) + return false + } + // key and value need to be of same type + switch typedKey := key.(type) { + case bool: + return neh.validateValuewithBoolPattern(typedKey, value) + case int: + return neh.validateValuewithIntPattern(int64(typedKey), value) + case int64: + return neh.validateValuewithIntPattern(typedKey, value) + case float64: + return neh.validateValuewithFloatPattern(typedKey, value) + case string: + return neh.validateValuewithStringPattern(typedKey, value) + case map[string]interface{}: + return neh.validateValueWithMapPattern(typedKey, value) + case []interface{}: + return neh.validateValueWithSlicePattern(typedKey, value) + default: + neh.log.Info("Unsupported type", "value", typedKey, "type", fmt.Sprintf("%T", typedKey)) + return false + } +} + +func (neh NotInHandler) validateValueWithSlicePattern(key []interface{}, value interface{}) bool { + if val, ok := value.([]interface{}); ok { + return !reflect.DeepEqual(key, val) + } + neh.log.Info("Expected type []interface{}", "value", value, "type", fmt.Sprintf("%T", value)) + return false +} + +func (neh NotInHandler) validateValueWithMapPattern(key map[string]interface{}, value interface{}) bool { + if val, ok := value.(map[string]interface{}); ok { + return !reflect.DeepEqual(key, val) + } + neh.log.Info("Expected type map[string]interface{}", "value", value, "type", fmt.Sprintf("%T", value)) + return false +} + +func (neh NotInHandler) validateValuewithStringPattern(key string, value interface{}) bool { + if val, ok := value.(string); ok { + return key != val + } + neh.log.Info("Expected type string", "value", value, "type", fmt.Sprintf("%T", value)) + return false +} + +func (neh NotInHandler) validateValuewithFloatPattern(key float64, value interface{}) bool { + switch typedValue := value.(type) { + case int: + // check that float has not fraction + if key == math.Trunc(key) { + return int(key) != typedValue + } + neh.log.Info("Expected type float, found int", "typedValue", typedValue) + case int64: + // check that float has not fraction + if key == math.Trunc(key) { + return int64(key) != typedValue + } + neh.log.Info("Expected type float, found int", "typedValue", typedValue) + case float64: + return typedValue != key + case string: + // extract float from string + float64Num, err := strconv.ParseFloat(typedValue, 64) + if err != nil { + neh.log.Error(err, "Failed to parse float64 from string") + return false + } + return float64Num != key + default: + neh.log.Info("Expected type float", "value", value, "type", fmt.Sprintf("%T", value)) + return false + } + return false +} + +func (neh NotInHandler) validateValuewithBoolPattern(key bool, value interface{}) bool { + typedValue, ok := value.(bool) + if !ok { + neh.log.Info("Expected type bool", "value", value, "type", fmt.Sprintf("%T", value)) + return false + } + return key != typedValue +} + +func (neh NotInHandler) validateValuewithIntPattern(key int64, value interface{}) bool { + switch typedValue := value.(type) { + case int: + return int64(typedValue) != key + case int64: + return typedValue != key + case float64: + // check that float has no fraction + if typedValue == math.Trunc(typedValue) { + return int64(typedValue) != key + } + neh.log.Info("Expected type int, found float", "value", typedValue, "type", fmt.Sprintf("%T", typedValue)) + return false + case string: + // extract in64 from string + int64Num, err := strconv.ParseInt(typedValue, 10, 64) + if err != nil { + neh.log.Error(err, "Failed to parse int64 from string") + return false + } + return int64Num != key + default: + neh.log.Info("Expected type int", "value", value, "type", fmt.Sprintf("%T", value)) + return false + } +} diff --git a/pkg/engine/variables/operator/operator.go b/pkg/engine/variables/operator/operator.go index 8dbc6cf0bc..ef2976c4d1 100644 --- a/pkg/engine/variables/operator/operator.go +++ b/pkg/engine/variables/operator/operator.go @@ -30,6 +30,10 @@ func CreateOperatorHandler(log logr.Logger, ctx context.EvalInterface, op kyvern return NewEqualHandler(log, ctx, subHandler) case kyverno.NotEquals: return NewNotEqualHandler(log, ctx, subHandler) + case kyverno.In: + return NewInHandler(log, ctx, subHandler) + case kyverno.NotIn: + return NewNotInHandler(log, ctx, subHandler) default: log.Info("operator not supported", "operator", string(op)) }