1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00

made kube config optional, validates policeis on apply, added cluster flag

This commit is contained in:
shravan 2020-01-26 10:47:58 +05:30
parent 94f8721a6e
commit ee21060aaa
2 changed files with 52 additions and 22 deletions

View file

@ -1,7 +1,6 @@
package variables
import (
"fmt"
"regexp"
"strings"
@ -43,7 +42,7 @@ func extractVariables(pattern interface{}) [][]string {
case string:
return extractValue(typedPattern)
default:
fmt.Printf("variable type %T", typedPattern)
glog.V(4).Infof("variable type %T", typedPattern)
return nil
}
}

View file

@ -4,10 +4,15 @@ import (
"encoding/json"
"fmt"
"io/ioutil"
"path"
policy2 "github.com/nirmata/kyverno/pkg/policy"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/util/homedir"
"k8s.io/apimachinery/pkg/runtime/schema"
"github.com/nirmata/kyverno/pkg/config"
"k8s.io/client-go/discovery"
"k8s.io/apimachinery/pkg/util/yaml"
@ -27,7 +32,7 @@ import (
)
func Command() *cobra.Command {
var resourcePath, kubeConfig string
var resourcePath, kubeConfig, clusterName string
cmd := &cobra.Command{
Use: "apply",
@ -40,8 +45,12 @@ func Command() *cobra.Command {
}
}()
if resourcePath == "" && kubeConfig == "" {
fmt.Println("Specify path to resource file or kube config")
if resourcePath == "" && clusterName == "" {
fmt.Println("Specify path to resource file or cluster name")
}
if kubeConfig == "" {
kubeConfig = path.Join(homedir.HomeDir(), ".kube", "config")
}
var policies []*v1.ClusterPolicy
@ -51,10 +60,23 @@ func Command() *cobra.Command {
return err
}
err = policy2.Validate(*policy)
if err != nil {
return fmt.Errorf("Policy %v is not valid: %v", policy.Name, err)
}
policies = append(policies, policy)
}
resources, err := getResources(policies, kubeConfig, resourcePath)
var dClient *discovery.DiscoveryClient
if clusterName != "" {
dClient, err = getDiscoveryClient(kubeConfig, clusterName)
if err != nil {
return err
}
}
resources, err := getResources(policies, resourcePath, dClient)
if err != nil {
return err
}
@ -78,14 +100,33 @@ func Command() *cobra.Command {
cmd.Flags().StringVar(&resourcePath, "resource", "", "path to resource file")
cmd.Flags().StringVar(&kubeConfig, "kubeConfig", "", "path to .kube/config file")
cmd.Flags().StringVar(&clusterName, "cluster", "", "Name of the kubernetes cluster to which the policy will apply to")
return cmd
}
func getResources(policies []*v1.ClusterPolicy, kubeConfig, resourcePath string) ([]*unstructured.Unstructured, error) {
func getDiscoveryClient(kubeConfig, clusterName string) (*discovery.DiscoveryClient, error) {
apiConfig, err := clientcmd.LoadFromFile(kubeConfig)
if err != nil {
return nil, err
}
if apiConfig.Clusters[clusterName] == nil {
return nil, fmt.Errorf("Cluster does not exist in kubeConfig")
}
clientConfig, err := clientcmd.BuildConfigFromFlags(apiConfig.Clusters[clusterName].Server, kubeConfig)
if err != nil {
return nil, err
}
return discovery.NewDiscoveryClientForConfig(clientConfig)
}
func getResources(policies []*v1.ClusterPolicy, resourcePath string, dClient *discovery.DiscoveryClient) ([]*unstructured.Unstructured, error) {
var resources []*unstructured.Unstructured
var err error
if kubeConfig != "" {
if dClient != nil {
var resourceTypesMap = make(map[string]bool)
var resourceTypes []string
for _, policy := range policies {
@ -100,7 +141,7 @@ func getResources(policies []*v1.ClusterPolicy, kubeConfig, resourcePath string)
resourceTypes = append(resourceTypes, kind)
}
resources, err = getResourcesOfTypeFromCluster(resourceTypes, kubeConfig)
resources, err = getResourcesOfTypeFromCluster(resourceTypes, dClient)
if err != nil {
return nil, err
}
@ -118,19 +159,9 @@ func getResources(policies []*v1.ClusterPolicy, kubeConfig, resourcePath string)
return resources, nil
}
func getResourcesOfTypeFromCluster(resourceTypes []string, kubeConfig string) ([]*unstructured.Unstructured, error) {
func getResourcesOfTypeFromCluster(resourceTypes []string, dClient *discovery.DiscoveryClient) ([]*unstructured.Unstructured, error) {
var resources []*unstructured.Unstructured
clientConfig, err := config.CreateClientConfig(kubeConfig)
if err != nil {
return nil, err
}
dClient, err := discovery.NewDiscoveryClientForConfig(clientConfig)
if err != nil {
return nil, err
}
for _, kind := range resourceTypes {
endpoint, err := getListEndpointForKind(kind)
if err != nil {
@ -229,7 +260,7 @@ func getResource(path string) (*unstructured.Unstructured, error) {
func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured) error {
fmt.Printf("\n\nApplying Policy %s on Resource %s/%s/%s/%s", policy.Name, resource.GetNamespace(), resource.GetKind(), resource.GetName(), resource.GetUID())
fmt.Printf("\n\nApplying Policy %s on Resource %s/%s/%s", policy.Name, resource.GetNamespace(), resource.GetKind(), resource.GetName())
mutateResponse := engine.Mutate(engine.PolicyContext{Policy: *policy, NewResource: *resource})
if !mutateResponse.IsSuccesful() {