mirror of
https://github.com/kyverno/kyverno.git
synced 2025-01-20 18:52:16 +00:00
made kube config optional, validates policeis on apply, added cluster flag
This commit is contained in:
parent
94f8721a6e
commit
ee21060aaa
2 changed files with 52 additions and 22 deletions
|
@ -1,7 +1,6 @@
|
|||
package variables
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
|
@ -43,7 +42,7 @@ func extractVariables(pattern interface{}) [][]string {
|
|||
case string:
|
||||
return extractValue(typedPattern)
|
||||
default:
|
||||
fmt.Printf("variable type %T", typedPattern)
|
||||
glog.V(4).Infof("variable type %T", typedPattern)
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,10 +4,15 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"path"
|
||||
|
||||
policy2 "github.com/nirmata/kyverno/pkg/policy"
|
||||
|
||||
"k8s.io/client-go/tools/clientcmd"
|
||||
"k8s.io/client-go/util/homedir"
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
||||
"github.com/nirmata/kyverno/pkg/config"
|
||||
"k8s.io/client-go/discovery"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/yaml"
|
||||
|
@ -27,7 +32,7 @@ import (
|
|||
)
|
||||
|
||||
func Command() *cobra.Command {
|
||||
var resourcePath, kubeConfig string
|
||||
var resourcePath, kubeConfig, clusterName string
|
||||
|
||||
cmd := &cobra.Command{
|
||||
Use: "apply",
|
||||
|
@ -40,8 +45,12 @@ func Command() *cobra.Command {
|
|||
}
|
||||
}()
|
||||
|
||||
if resourcePath == "" && kubeConfig == "" {
|
||||
fmt.Println("Specify path to resource file or kube config")
|
||||
if resourcePath == "" && clusterName == "" {
|
||||
fmt.Println("Specify path to resource file or cluster name")
|
||||
}
|
||||
|
||||
if kubeConfig == "" {
|
||||
kubeConfig = path.Join(homedir.HomeDir(), ".kube", "config")
|
||||
}
|
||||
|
||||
var policies []*v1.ClusterPolicy
|
||||
|
@ -51,10 +60,23 @@ func Command() *cobra.Command {
|
|||
return err
|
||||
}
|
||||
|
||||
err = policy2.Validate(*policy)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Policy %v is not valid: %v", policy.Name, err)
|
||||
}
|
||||
|
||||
policies = append(policies, policy)
|
||||
}
|
||||
|
||||
resources, err := getResources(policies, kubeConfig, resourcePath)
|
||||
var dClient *discovery.DiscoveryClient
|
||||
if clusterName != "" {
|
||||
dClient, err = getDiscoveryClient(kubeConfig, clusterName)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
resources, err := getResources(policies, resourcePath, dClient)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -78,14 +100,33 @@ func Command() *cobra.Command {
|
|||
|
||||
cmd.Flags().StringVar(&resourcePath, "resource", "", "path to resource file")
|
||||
cmd.Flags().StringVar(&kubeConfig, "kubeConfig", "", "path to .kube/config file")
|
||||
cmd.Flags().StringVar(&clusterName, "cluster", "", "Name of the kubernetes cluster to which the policy will apply to")
|
||||
return cmd
|
||||
}
|
||||
|
||||
func getResources(policies []*v1.ClusterPolicy, kubeConfig, resourcePath string) ([]*unstructured.Unstructured, error) {
|
||||
func getDiscoveryClient(kubeConfig, clusterName string) (*discovery.DiscoveryClient, error) {
|
||||
apiConfig, err := clientcmd.LoadFromFile(kubeConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if apiConfig.Clusters[clusterName] == nil {
|
||||
return nil, fmt.Errorf("Cluster does not exist in kubeConfig")
|
||||
}
|
||||
|
||||
clientConfig, err := clientcmd.BuildConfigFromFlags(apiConfig.Clusters[clusterName].Server, kubeConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return discovery.NewDiscoveryClientForConfig(clientConfig)
|
||||
}
|
||||
|
||||
func getResources(policies []*v1.ClusterPolicy, resourcePath string, dClient *discovery.DiscoveryClient) ([]*unstructured.Unstructured, error) {
|
||||
var resources []*unstructured.Unstructured
|
||||
var err error
|
||||
|
||||
if kubeConfig != "" {
|
||||
if dClient != nil {
|
||||
var resourceTypesMap = make(map[string]bool)
|
||||
var resourceTypes []string
|
||||
for _, policy := range policies {
|
||||
|
@ -100,7 +141,7 @@ func getResources(policies []*v1.ClusterPolicy, kubeConfig, resourcePath string)
|
|||
resourceTypes = append(resourceTypes, kind)
|
||||
}
|
||||
|
||||
resources, err = getResourcesOfTypeFromCluster(resourceTypes, kubeConfig)
|
||||
resources, err = getResourcesOfTypeFromCluster(resourceTypes, dClient)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -118,19 +159,9 @@ func getResources(policies []*v1.ClusterPolicy, kubeConfig, resourcePath string)
|
|||
return resources, nil
|
||||
}
|
||||
|
||||
func getResourcesOfTypeFromCluster(resourceTypes []string, kubeConfig string) ([]*unstructured.Unstructured, error) {
|
||||
func getResourcesOfTypeFromCluster(resourceTypes []string, dClient *discovery.DiscoveryClient) ([]*unstructured.Unstructured, error) {
|
||||
var resources []*unstructured.Unstructured
|
||||
|
||||
clientConfig, err := config.CreateClientConfig(kubeConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
dClient, err := discovery.NewDiscoveryClientForConfig(clientConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
for _, kind := range resourceTypes {
|
||||
endpoint, err := getListEndpointForKind(kind)
|
||||
if err != nil {
|
||||
|
@ -229,7 +260,7 @@ func getResource(path string) (*unstructured.Unstructured, error) {
|
|||
|
||||
func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured) error {
|
||||
|
||||
fmt.Printf("\n\nApplying Policy %s on Resource %s/%s/%s/%s", policy.Name, resource.GetNamespace(), resource.GetKind(), resource.GetName(), resource.GetUID())
|
||||
fmt.Printf("\n\nApplying Policy %s on Resource %s/%s/%s", policy.Name, resource.GetNamespace(), resource.GetKind(), resource.GetName())
|
||||
|
||||
mutateResponse := engine.Mutate(engine.PolicyContext{Policy: *policy, NewResource: *resource})
|
||||
if !mutateResponse.IsSuccesful() {
|
||||
|
|
Loading…
Add table
Reference in a new issue