mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
775 working prototype
This commit is contained in:
shravan
parent
c22e003a40
commit
ed45dc12c0
1 changed files with 29 additions and 9 deletions
|
|
@ -1,6 +1,7 @@
|
||||||
package engine
|
package engine
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/json"
|
||||||
"reflect"
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
@ -101,18 +102,19 @@ func Mutate(policyContext PolicyContext) (resp response.EngineResponse) {
|
||||||
if reflect.DeepEqual(policyContext.AdmissionInfo, kyverno.RequestInfo{}) {
|
if reflect.DeepEqual(policyContext.AdmissionInfo, kyverno.RequestInfo{}) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if strings.Contains(PodControllers, resource.GetKind()) {
|
if strings.Contains(PodControllers, resource.GetKind()) {
|
||||||
|
if !patchedResourceHasPodControllerAnnotation(patchedResource) {
|
||||||
var ruleResponse response.RuleResponse
|
var ruleResponse response.RuleResponse
|
||||||
ruleResponse, patchedResource = mutate.ProcessOverlay(logger, rule.Name, podTemplateRule, patchedResource)
|
ruleResponse, patchedResource = mutate.ProcessOverlay(logger, "podControllerAnnotation", podTemplateRule.Mutation.Overlay, patchedResource)
|
||||||
if !ruleResponse.Success {
|
if !ruleResponse.Success {
|
||||||
logger.Info("failed to insert annotation for podTemplate", "error", ruleResponse.Message)
|
logger.Info("failed to insert annotation for podTemplate", "error", ruleResponse.Message)
|
||||||
continue
|
} else {
|
||||||
}
|
if ruleResponse.Success && ruleResponse.Patches != nil {
|
||||||
|
logger.V(2).Info("inserted annotation for podTemplate")
|
||||||
if ruleResponse.Success && ruleResponse.Patches != nil {
|
resp.PolicyResponse.Rules = append(resp.PolicyResponse.Rules, ruleResponse)
|
||||||
logger.V(2).Info("inserted annotation for podTemplate")
|
}
|
||||||
resp.PolicyResponse.Rules = append(resp.PolicyResponse.Rules, ruleResponse)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -120,6 +122,24 @@ func Mutate(policyContext PolicyContext) (resp response.EngineResponse) {
|
||||||
resp.PatchedResource = patchedResource
|
resp.PatchedResource = patchedResource
|
||||||
return resp
|
return resp
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func patchedResourceHasPodControllerAnnotation(resource unstructured.Unstructured) bool {
|
||||||
|
var podController struct {
|
||||||
|
Spec struct {
|
||||||
|
Template struct {
|
||||||
|
Metadata struct {
|
||||||
|
Annotations map[string]interface{} `json:"annotations"`
|
||||||
|
} `json:"metadata"`
|
||||||
|
} `json:"template"`
|
||||||
|
} `json:"spec"`
|
||||||
|
}
|
||||||
|
|
||||||
|
resourceRaw, _ := json.Marshal(resource.Object)
|
||||||
|
json.Unmarshal(resourceRaw, &podController)
|
||||||
|
|
||||||
|
_, ok := podController.Spec.Template.Metadata.Annotations[PodTemplateAnnotation]
|
||||||
|
return ok
|
||||||
|
}
|
||||||
func incrementAppliedRuleCount(resp *response.EngineResponse) {
|
func incrementAppliedRuleCount(resp *response.EngineResponse) {
|
||||||
resp.PolicyResponse.RulesAppliedCount++
|
resp.PolicyResponse.RulesAppliedCount++
|
||||||
}
|
}
|
||||||
|
|
@ -150,7 +170,7 @@ var podTemplateRule = kyverno.Rule{
|
||||||
"template": map[string]interface{}{
|
"template": map[string]interface{}{
|
||||||
"metadata": map[string]interface{}{
|
"metadata": map[string]interface{}{
|
||||||
"annotations": map[string]interface{}{
|
"annotations": map[string]interface{}{
|
||||||
"+(pod-policies.kyverno.io/autogen-applied)": "true",
|
"+(" + PodTemplateAnnotation + ")": "true",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue