diff --git a/pkg/policymanager/patches.go b/pkg/mutation/patches.go similarity index 99% rename from pkg/policymanager/patches.go rename to pkg/mutation/patches.go index 863873e732..83f66863dc 100644 --- a/pkg/policymanager/patches.go +++ b/pkg/mutation/patches.go @@ -1,4 +1,4 @@ -package policymanager +package mutation import ( "encoding/json" diff --git a/pkg/policymanager/patches_test.go b/pkg/mutation/patches_test.go similarity index 99% rename from pkg/policymanager/patches_test.go rename to pkg/mutation/patches_test.go index 40fcc14286..7453781c51 100644 --- a/pkg/policymanager/patches_test.go +++ b/pkg/mutation/patches_test.go @@ -1,4 +1,4 @@ -package policymanager +package mutation import ( "testing" diff --git a/pkg/policymanager/utils.go b/pkg/mutation/utils.go similarity index 98% rename from pkg/policymanager/utils.go rename to pkg/mutation/utils.go index 3455aece1d..5abc2ee03c 100644 --- a/pkg/policymanager/utils.go +++ b/pkg/mutation/utils.go @@ -1,4 +1,4 @@ -package policymanager +package mutation import ( "encoding/json" diff --git a/pkg/policymanager/utils_test.go b/pkg/mutation/utils_test.go similarity index 96% rename from pkg/policymanager/utils_test.go rename to pkg/mutation/utils_test.go index 275c8c5db6..f8473ae287 100644 --- a/pkg/policymanager/utils_test.go +++ b/pkg/mutation/utils_test.go @@ -1,4 +1,4 @@ -package policymanager +package mutation import ( "testing" diff --git a/pkg/policymanager/validate.go b/pkg/mutation/validate.go similarity index 97% rename from pkg/policymanager/validate.go rename to pkg/mutation/validate.go index ff5eeb0e72..b02c4639a9 100644 --- a/pkg/policymanager/validate.go +++ b/pkg/mutation/validate.go @@ -1,4 +1,4 @@ -package policymanager +package mutation import ( "github.com/minio/minio/pkg/wildcard" diff --git a/webhooks/admission.go b/webhooks/admission.go index aecdb3148a..91c2eb983a 100644 --- a/webhooks/admission.go +++ b/webhooks/admission.go @@ -3,7 +3,7 @@ package webhooks import ( kubeclient "github.com/nirmata/kube-policy/kubeclient" types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" - policymanager "github.com/nirmata/kube-policy/pkg/policymanager" + mutation "github.com/nirmata/kube-policy/pkg/mutation" "k8s.io/api/admission/v1beta1" ) @@ -24,5 +24,5 @@ func AdmissionIsRequired(request *v1beta1.AdmissionRequest) bool { // Checks requests kind, name and labels to fit the policy func IsRuleApplicableToRequest(policyResource types.PolicyResource, request *v1beta1.AdmissionRequest) (bool, error) { - return policymanager.IsRuleApplicableToResource(request.Kind.Kind, request.Object.Raw, policyResource) + return mutation.IsRuleApplicableToResource(request.Kind.Kind, request.Object.Raw, policyResource) } diff --git a/webhooks/mutation.go b/webhooks/mutation.go index a553cbeeaa..ef0b4c6b72 100644 --- a/webhooks/mutation.go +++ b/webhooks/mutation.go @@ -9,7 +9,7 @@ import ( controllerinterfaces "github.com/nirmata/kube-policy/controller/interfaces" kubeclient "github.com/nirmata/kube-policy/kubeclient" types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1" - policymanager "github.com/nirmata/kube-policy/pkg/policymanager" + mutation "github.com/nirmata/kube-policy/pkg/mutation" v1beta1 "k8s.io/api/admission/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -66,7 +66,7 @@ func (mw *MutationWebhook) Mutate(request *v1beta1.AdmissionRequest) *v1beta1.Ad return nil } - var allPatches []policymanager.PatchBytes + var allPatches []mutation.PatchBytes for _, policy := range policies { mw.logger.Printf("Applying policy %s with %d rules", policy.ObjectMeta.Name, len(policy.Spec.Rules)) @@ -80,8 +80,8 @@ func (mw *MutationWebhook) Mutate(request *v1beta1.AdmissionRequest) *v1beta1.Ad } if len(policyPatches) > 0 { - namespace := policymanager.ParseNamespaceFromObject(request.Object.Raw) - name := policymanager.ParseNameFromObject(request.Object.Raw) + namespace := mutation.ParseNamespaceFromObject(request.Object.Raw) + name := mutation.ParseNameFromObject(request.Object.Raw) mw.controller.LogPolicyInfo(policy.Name, fmt.Sprintf("Applied to %s %s/%s", request.Kind.Kind, namespace, name)) mw.logger.Printf("%s applied to %s %s/%s", policy.Name, request.Kind.Kind, namespace, name) @@ -92,7 +92,7 @@ func (mw *MutationWebhook) Mutate(request *v1beta1.AdmissionRequest) *v1beta1.Ad patchType := v1beta1.PatchTypeJSONPatch return &v1beta1.AdmissionResponse{ Allowed: true, - Patch: policymanager.JoinPatches(allPatches), + Patch: mutation.JoinPatches(allPatches), PatchType: &patchType, } } @@ -100,14 +100,14 @@ func (mw *MutationWebhook) Mutate(request *v1beta1.AdmissionRequest) *v1beta1.Ad // Applies all policy rules to the created object and returns list of processed JSON patches. // May return nil patches if it is not necessary to create patches for requested object. // Returns error ONLY in case when creation of resource should be denied. -func (mw *MutationWebhook) applyPolicyRules(request *v1beta1.AdmissionRequest, policy types.Policy) ([]policymanager.PatchBytes, error) { +func (mw *MutationWebhook) applyPolicyRules(request *v1beta1.AdmissionRequest, policy types.Policy) ([]mutation.PatchBytes, error) { return mw.applyPolicyRulesOnResource(request.Kind.Kind, request.Object.Raw, policy) } // kind is the type of object being manipulated -func (mw *MutationWebhook) applyPolicyRulesOnResource(kind string, rawResource []byte, policy types.Policy) ([]policymanager.PatchBytes, error) { - patchingSets := policymanager.GetPolicyPatchingSets(policy) - var policyPatches []policymanager.PatchBytes +func (mw *MutationWebhook) applyPolicyRulesOnResource(kind string, rawResource []byte, policy types.Policy) ([]mutation.PatchBytes, error) { + patchingSets := mutation.GetPolicyPatchingSets(policy) + var policyPatches []mutation.PatchBytes for ruleIdx, rule := range policy.Spec.Rules { err := rule.Validate() @@ -116,7 +116,7 @@ func (mw *MutationWebhook) applyPolicyRulesOnResource(kind string, rawResource [ continue } - if ok, err := policymanager.IsRuleApplicableToResource(kind, rawResource, rule.Resource); !ok { + if ok, err := mutation.IsRuleApplicableToResource(kind, rawResource, rule.Resource); !ok { mw.logger.Printf("Rule %d of policy %s is not applicable to the request", ruleIdx, policy.Name) return nil, err } @@ -124,12 +124,12 @@ func (mw *MutationWebhook) applyPolicyRulesOnResource(kind string, rawResource [ // configMapGenerator and secretGenerator can be applied only to namespaces if kind == "Namespace" { err = mw.applyRuleGenerators(rawResource, rule) - if err != nil && patchingSets == policymanager.PatchingSetsStopOnError { + if err != nil && patchingSets == mutation.PatchingSetsStopOnError { return nil, fmt.Errorf("Failed to apply generators from rule #%d: %s", ruleIdx, err) } } - rulePatchesProcessed, err := policymanager.ProcessPatches(rule.Patches, rawResource, patchingSets) + rulePatchesProcessed, err := mutation.ProcessPatches(rule.Patches, rawResource, patchingSets) if err != nil { return nil, fmt.Errorf("Failed to process patches from rule #%d: %s", ruleIdx, err) } @@ -152,7 +152,7 @@ func (mw *MutationWebhook) applyPolicyRulesOnResource(kind string, rawResource [ // Applies "configMapGenerator" and "secretGenerator" described in PolicyRule func (mw *MutationWebhook) applyRuleGenerators(rawResource []byte, rule types.PolicyRule) error { - namespaceName := policymanager.ParseNameFromObject(rawResource) + namespaceName := mutation.ParseNameFromObject(rawResource) err := mw.applyConfigGenerator(rule.ConfigMapGenerator, namespaceName, "ConfigMap") if err == nil {