mirror of
https://github.com/kyverno/kyverno.git
synced 2025-04-09 02:29:22 +00:00
PR review changes
This commit is contained in:
shivdudhani
parent
11195d9b51
commit
e938866e06
2 changed files with 5 additions and 89 deletions
|
|
@ -84,19 +84,20 @@ func (pc *PolicyController) filterResourceByRule(rule types.Rule) ([][]byte, err
|
|||
|
||||
for _, resource := range resources.Items {
|
||||
// TODO:
|
||||
rawResource, err := resource.MarshalJSON()
|
||||
//rawResource, err := json.Marshal(resource)
|
||||
// objKind := resource.GetObjectKind()
|
||||
// codecFactory := serializer.NewCodecFactory(runtime.NewScheme())
|
||||
// codecFactory.EncoderForVersion()
|
||||
|
||||
if err != nil {
|
||||
pc.logger.Printf("failed to marshal object %v", resource)
|
||||
continue
|
||||
}
|
||||
|
||||
// filter the resource by name and label
|
||||
if ok, _ := mutation.IsRuleApplicableToResource(rawResource, rule.ResourceDescription); ok {
|
||||
targetResources = append(targetResources, rawResource)
|
||||
}
|
||||
//if ok, _ := mutation.ResourceMeetsRules(rawResource, rule.ResourceDescription); ok {
|
||||
// targetResources = append(targetResources, resource)
|
||||
//}
|
||||
}
|
||||
return targetResources, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,85 +0,0 @@
|
|||
package engine
|
||||
|
||||
// import (
|
||||
// "fmt"
|
||||
// "log"
|
||||
|
||||
// types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
|
||||
// "github.com/nirmata/kube-policy/pkg/engine/mutation"
|
||||
// )
|
||||
|
||||
// // Generate should be called to process generate rules on the resource
|
||||
// func Generate(logger *log.Logger, policy types.Policy, rawResource []byte) ([]GenerateReturnData, error) {
|
||||
// patchingSets := mutation.GetPolicyPatchingSets(policy)
|
||||
// generatedList := []GenerateReturnData{}
|
||||
// for ruleIdx, rule := range policy.Spec.Rules {
|
||||
// err := rule.Validate()
|
||||
// if err != nil {
|
||||
// logger.Printf("Invalid rule detected: #%d in policy %s, err: %v\n", ruleIdx, policy.ObjectMeta.Name, err)
|
||||
// continue
|
||||
// }
|
||||
// if ok, err := mutation.IsRuleApplicableToResource(rawResource, rule.Resource); !ok {
|
||||
// logger.Printf("Rule %d of policy %s is not applicable to the request", ruleIdx, policy.Name)
|
||||
// return nil, err
|
||||
// }
|
||||
// resourceKind := mutation.ParseKindFromObject(rawResource)
|
||||
|
||||
// // configMapGenerator and secretGenerator can be applied only to namespaces
|
||||
// if resourceKind == "Namespace" {
|
||||
// generatedData, err := applyRuleGenerators(rawResource, rule)
|
||||
// if err != nil && patchingSets == mutation.PatchingSetsStopOnError {
|
||||
// return nil, fmt.Errorf("Failed to apply generators from rule #%d: %s", ruleIdx, err)
|
||||
// }
|
||||
// generatedList = append(generatedList, generatedData...)
|
||||
// }
|
||||
// }
|
||||
// return generatedList, nil
|
||||
// }
|
||||
|
||||
// // Applies "configMapGenerator" and "secretGenerator" described in PolicyRule
|
||||
// func applyRuleGenerators(rawResource []byte, rule types.PolicyRule) ([]GenerateReturnData, error) {
|
||||
// returnData := []GenerateReturnData{}
|
||||
// namespaceName := mutation.ParseNameFromObject(rawResource)
|
||||
// var generator *types.PolicyConfigGenerator
|
||||
// // Apply config map generator rule
|
||||
// generator, err := applyConfigGenerator(rule.ConfigMapGenerator, namespaceName, "ConfigMap")
|
||||
// if err != nil {
|
||||
// return returnData, err
|
||||
// }
|
||||
// returnData = append(returnData, GenerateReturnData{namespaceName, "ConfigMap", *generator})
|
||||
// // Apply secrets generator rule
|
||||
// generator, err = applyConfigGenerator(rule.SecretGenerator, namespaceName, "Secret")
|
||||
// if err != nil {
|
||||
// return returnData, err
|
||||
// }
|
||||
// returnData = append(returnData, GenerateReturnData{namespaceName, "Secret", *generator})
|
||||
|
||||
// return returnData, nil
|
||||
// }
|
||||
|
||||
// // Creates resourceKind (ConfigMap or Secret) with parameters specified in generator in cluster specified in request.
|
||||
// func applyConfigGenerator(generator *types.PolicyConfigGenerator, namespace string, configKind string) (*types.PolicyConfigGenerator, error) {
|
||||
// if generator == nil {
|
||||
// return nil, nil
|
||||
// }
|
||||
// err := generator.Validate()
|
||||
// if err != nil {
|
||||
// return nil, fmt.Errorf("Generator for '%s' is invalid: %s", configKind, err)
|
||||
// }
|
||||
// switch configKind {
|
||||
// case "ConfigMap":
|
||||
// return generator, nil
|
||||
// // err = kubeClient.GenerateConfigMap(*generator, namespace)
|
||||
// case "Secret":
|
||||
// return generator, nil
|
||||
// default:
|
||||
// return nil, fmt.Errorf("Unsupported config Kind '%s'", configKind)
|
||||
// }
|
||||
// }
|
||||
|
||||
// //GenerateReturnData holds the generator details
|
||||
// type GenerateReturnData struct {
|
||||
// Namespace string
|
||||
// ConfigKind string
|
||||
// Generator types.PolicyConfigGenerator
|
||||
// }
|
||||
Loading…
Add table
Reference in a new issue