Wrote additional comments

2025-03-31 03:45:17 +00:00 · 2019-06-12 12:21:52 +03:00 · 2019-06-12 12:21:52 +03:00 · f89168f77a
commit f89168f77a
parent 804d610fc7
3 changed files with 135 additions and 12 deletions
--- a/pkg/engine/overlay.go
+++ b/pkg/engine/overlay.go
@ -34,15 +34,9 @@ func ProcessOverlay(rule kubepolicy.Rule, rawResource []byte, gvk metav1.GroupVe
 	return appliedPatches, overlayApplicationResult
 }

-// OverlayProcessor stores context for overlay mutation process
-type OverlayProcessor struct {
-	appliedPatches []PatchBytes
-	result         result.RuleApplicationResult
-}
-
 // mutateResourceWithOverlay is a start of overlaying process
-// It assumes that mutation is started from root, so "/" is passed
 func mutateResourceWithOverlay(resource, pattern interface{}) ([]PatchBytes, result.RuleApplicationResult) {
+	// It assumes that mutation is started from root, so "/" is passed
 	return applyOverlay(resource, pattern, "/")
 }

@ -155,6 +149,7 @@ func applyOverlayToArray(resource, overlay []interface{}, path string) ([]PatchB
 	}

 	if 0 == len(resource) {
+		// If array resource is empty, insert part from overlay
 		patch, res := insertSubtree(overlay, path)
 		overlayResult.MergeWith(&res)

@ -173,6 +168,7 @@ func applyOverlayToArray(resource, overlay []interface{}, path string) ([]PatchB
 	return applyOverlayToArrayOfSameTypes(resource, overlay, path)
 }

+// applyOverlayToArrayOfSameTypes applies overlay to array elements if they (resource and overlay elements) have same type
 func applyOverlayToArrayOfSameTypes(resource, overlay []interface{}, path string) ([]PatchBytes, result.RuleApplicationResult) {
 	var appliedPatches []PatchBytes
 	overlayResult := result.NewRuleApplicationResult("")
@ -186,6 +182,7 @@ func applyOverlayToArrayOfSameTypes(resource, overlay []interface{}, path string
 		// Add elements to the end
 		for i, value := range overlay {
 			currentPath := path + strconv.Itoa(lastElementIdx+i) + "/"
+			// currentPath example: /spec/template/spec/containers/3/
 			patch, res := insertSubtree(value, currentPath)
 			overlayResult.MergeWith(&res)

@ -198,6 +195,7 @@ func applyOverlayToArrayOfSameTypes(resource, overlay []interface{}, path string
 	return appliedPatches, overlayResult
 }

+//
 func applyOverlayToArrayOfMaps(resource, overlay []interface{}, path string) ([]PatchBytes, result.RuleApplicationResult) {
 	var appliedPatches []PatchBytes
 	overlayResult := result.NewRuleApplicationResult("")
@ -219,6 +217,7 @@ func applyOverlayToArrayOfMaps(resource, overlay []interface{}, path string) ([]
 			// If we have anchors on the lower level - continue traversing overlay and resource trees
 			for j, resourceElement := range resource {
 				currentPath := path + strconv.Itoa(j) + "/"
+				// currentPath example: /spec/template/spec/containers/3/
 				patches, res := applyOverlay(resourceElement, overlayElement, currentPath)
 				overlayResult.MergeWith(&res)

@ -229,6 +228,7 @@ func applyOverlayToArrayOfMaps(resource, overlay []interface{}, path string) ([]
 		} else {
 			// Overlay subtree has no anchors - insert new element
 			currentPath := path + strconv.Itoa(lastElementIdx+i) + "/"
+			// currentPath example: /spec/template/spec/containers/3/
 			patch, res := insertSubtree(overlayElement, currentPath)
 			overlayResult.MergeWith(&res)

@ -249,6 +249,7 @@ func applyOverlayWithAnchors(resource []interface{}, overlay interface{}, anchor
 		typedResource := resourceElement.(map[string]interface{})

 		currentPath := path + strconv.Itoa(i) + "/"
+		// currentPath example: /spec/template/spec/containers/3/
 		if !skipArrayObject(typedResource, anchors) {
 			patches, res := applyOverlay(resourceElement, overlay, currentPath)
 			overlayResult.MergeWith(&res)
@ -305,7 +306,7 @@ func prepareJSONValue(overlay interface{}) string {
 }

 // Anchor has pattern value, so resource shouldn't be mutated with it
-// If entire subtree has only anchor keys - we
+// If entire subtree has only anchor keys - we should skip inserting it
 func hasOnlyAnchors(overlay interface{}) bool {
 	switch typed := overlay.(type) {
 	case map[string]interface{}:
--- a/pkg/engine/overlay_test.go
+++ b/pkg/engine/overlay_test.go
@ -78,7 +78,34 @@ func TestApplyOverlay_NestedListWithAnchor(t *testing.T) {
 	assert.NilError(t, err)
 	assert.Assert(t, patched != nil)

-	expectedResult := []byte(`{"apiVersion":"v1","kind":"Endpoints","metadata":{"name":"test-endpoint","labels":{"label":"test"}},"subsets":[{"addresses":[{"ip":"192.168.10.171"}],"ports":[{"name":"secure-connection","port":444.000000,"protocol":"UDP"}]}]}`)
+	expectedResult := []byte(`
+	 {  
+		"apiVersion":"v1",
+		"kind":"Endpoints",
+		"metadata":{  
+		   "name":"test-endpoint",
+		   "labels":{  
+			  "label":"test"
+		   }
+		},
+		"subsets":[  
+		   {  
+			  "addresses":[  
+				 {  
+					"ip":"192.168.10.171"
+				 }
+			  ],
+			  "ports":[  
+				 {  
+					"name":"secure-connection",
+					"port":444.000000,
+					"protocol":"UDP"
+				 }
+			  ]
+		   }
+		]
+	 }`)
+
 	compareJsonAsMap(t, expectedResult, patched)
 }

@ -152,7 +179,50 @@ func TestApplyOverlay_InsertIntoArray(t *testing.T) {
 	assert.NilError(t, err)
 	assert.Assert(t, patched != nil)

-	expectedResult := []byte(`{ "apiVersion":"v1", "kind":"Endpoints", "metadata":{ "name":"test-endpoint", "labels":{ "label":"test" } }, "subsets":[ { "addresses":[ { "ip":"192.168.10.171" } ], "ports":[ { "name":"secure-connection", "port":443, "protocol":"TCP" } ] }, { "addresses":[ { "ip":"192.168.10.172" }, { "ip":"192.168.10.173" } ], "ports":[ { "name":"insecure-connection", "port":80, "protocol":"UDP" } ] } ] }`)
+	expectedResult := []byte(`{  
+		"apiVersion":"v1",
+		"kind":"Endpoints",
+		"metadata":{  
+		   "name":"test-endpoint",
+		   "labels":{  
+			  "label":"test"
+		   }
+		},
+		"subsets":[  
+		   {  
+			  "addresses":[  
+				 {  
+					"ip":"192.168.10.171"
+				 }
+			  ],
+			  "ports":[  
+				 {  
+					"name":"secure-connection",
+					"port":443,
+					"protocol":"TCP"
+				 }
+			  ]
+		   },
+		   {  
+			  "addresses":[  
+				 {  
+					"ip":"192.168.10.172"
+				 },
+				 {  
+					"ip":"192.168.10.173"
+				 }
+			  ],
+			  "ports":[  
+				 {  
+					"name":"insecure-connection",
+					"port":80,
+					"protocol":"UDP"
+				 }
+			  ]
+		   }
+		]
+	 }`)
+
 	compareJsonAsMap(t, expectedResult, patched)
 }

@ -305,6 +375,58 @@ func TestApplyOverlay_ImagePullPolicy(t *testing.T) {

 	doc, err := ApplyPatches(resourceRaw, patches)
 	assert.NilError(t, err)
-	expectedResult := []byte(`{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"name":"nginx-deployment","labels":{"app":"nginx"}},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"nginx"}},"template":{"metadata":{"labels":{"app":"nginx"}},"spec":{"containers":[{"image":"nginx:latest","imagePullPolicy":"IfNotPresent","name":"nginx","ports":[{"containerPort":80},{"containerPort":8080}]},{"image":"ghost:latest","imagePullPolicy":"IfNotPresent","name":"ghost","ports":[{"containerPort":8080}]}]}}}}`)
+	expectedResult := []byte(`{  
+		"apiVersion":"apps/v1",
+		"kind":"Deployment",
+		"metadata":{  
+		   "name":"nginx-deployment",
+		   "labels":{  
+			  "app":"nginx"
+		   }
+		},
+		"spec":{  
+		   "replicas":1,
+		   "selector":{  
+			  "matchLabels":{  
+				 "app":"nginx"
+			  }
+		   },
+		   "template":{  
+			  "metadata":{  
+				 "labels":{  
+					"app":"nginx"
+				 }
+			  },
+			  "spec":{  
+				 "containers":[  
+					{  
+					   "image":"nginx:latest",
+					   "imagePullPolicy":"IfNotPresent",
+					   "name":"nginx",
+					   "ports":[  
+						  {  
+							 "containerPort":80
+						  },
+						  {  
+							 "containerPort":8080
+						  }
+					   ]
+					},
+					{  
+					   "image":"ghost:latest",
+					   "imagePullPolicy":"IfNotPresent",
+					   "name":"ghost",
+					   "ports":[  
+						  {  
+							 "containerPort":8080
+						  }
+					   ]
+					}
+				 ]
+			  }
+		   }
+		}
+	 }`)
+
 	compareJsonAsMap(t, expectedResult, doc)
 }
--- a/pkg/engine/validation.go
+++ b/pkg/engine/validation.go
@ -91,7 +91,7 @@ func validateResourceElement(resourceElement, patternElement interface{}, path s
 }

 // If validateResourceElement detects map element inside resource and pattern trees, it goes to validateMap
-// For each element of the map we must detect the type again, so we pass this elements to validateResourceElement
+// For each element of the map we must detect the type again, so we pass these elements to validateResourceElement
 func validateMap(resourceMap, patternMap map[string]interface{}, path string) result.RuleApplicationResult {
 	res := result.NewRuleApplicationResult("")