mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

change CRD Name to ClusterPolicy & ClusterPolicyViolations

Browse source
This commit is contained in:
shivkumar dudhani 2019-09-03 14:51:51 -07:00
parent d128418986
commit fa53519e2a
103 changed files with 1197 additions and 1139 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
definitions/install.yaml
View file

@ -1,7 +1,7 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: policies.kyverno.io
name: clusterpolicies.kyverno.io
spec:
group: kyverno.io
versions:
@ -10,9 +10,9 @@ spec:
storage: true
scope: Cluster
names:
kind: Policy
plural: policies
singular: policy
kind: ClusterPolicy
plural: clusterpolicies
singular: clusterpolicy
subresources:
status: {}
validation:
@ -178,7 +178,7 @@ spec:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: policyviolations.kyverno.io
name: clusterpolicyviolations.kyverno.io
spec:
group: kyverno.io
versions:
@ -187,9 +187,9 @@ spec:
storage: true
scope: Cluster
names:
kind: PolicyViolation
plural: policyviolations
singular: policyviolation
kind: ClusterPolicyViolation
plural: clusterpolicyviolations
singular: clusterpolicyviolation
subresources:
status: {}
validation:

8
definitions/install_custom_args.yaml
View file

@ -1,7 +1,7 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: policies.kyverno.io
name: clusterpolicies.kyverno.io
spec:
group: kyverno.io
versions:
@ -10,9 +10,9 @@ spec:
storage: true
scope: Cluster
names:
kind: Policy
plural: policies
singular: policy
kind: ClusterPolicy
plural: clusterpolicies
singular: clusterpolicy
subresources:
status: {}
validation:

16
definitions/install_debug.yaml
View file

@ -1,7 +1,7 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: policies.kyverno.io
name: clusterpolicies.kyverno.io
spec:
group: kyverno.io
versions:
@ -10,9 +10,9 @@ spec:
storage: true
scope: Cluster
names:
kind: Policy
plural: policies
singular: policy
kind: ClusterPolicy
plural: clusterpolicies
singular: clusterpolicy
subresources:
status: {}
validation:
@ -178,7 +178,7 @@ spec:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: policyviolations.kyverno.io
name: clusterpolicyviolations.kyverno.io
spec:
group: kyverno.io
versions:
@ -187,9 +187,9 @@ spec:
storage: true
scope: Cluster
names:
kind: PolicyViolation
plural: policyviolations
singular: policyviolation
kind: ClusterPolicyViolation
plural: clusterpolicyviolations
singular: clusterpolicyviolation
subresources:
status: {}
validation:

2
definitions/policy-example.yaml
View file

@ -1,5 +1,5 @@
apiVersion : policy.nirmata.io/v1alpha1
kind : Policy
kind : clusterPolicy
metadata :
name : examples
spec :

4
documentation/writing-policies-generate.md
View file

@ -8,7 +8,7 @@
````yaml
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: basic-policy
spec:
@ -55,7 +55,7 @@ In this example, when this policy is applied, any new namespace that satisfies t
## Example 2
````yaml
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: "default"
spec:

12
documentation/writing-policies-mutate.md
View file

@ -12,7 +12,7 @@ This patch adds an init container to all deployments.
````yaml
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-v1
spec :
@ -41,7 +41,7 @@ With Kyverno, the add and replace have the same behavior i.e. both operations wi
Here is the example of a patch that removes a label from the secret:
````yaml
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-remove-label
spec :
@ -67,7 +67,7 @@ The following mutation overlay will add (or replace) the memory request and limi
````yaml
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-change-memory-limit
spec :
@ -100,7 +100,7 @@ Applying overlays to a list type is fairly straightforward: new items will be ad
````yaml
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-endpoints
spec:
@ -126,7 +126,7 @@ An **anchor** field, marked by parentheses, allows conditional processing of con
````yaml
apiVersion: kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-set-port
spec :
@ -157,7 +157,7 @@ A variation of an anchor, is to add a field value if it is not already defined.
````yaml
apiVersion: kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-set-port
spec :

6
documentation/writing-policies-validate.md
View file

@ -38,7 +38,7 @@ The next rule prevents the creation of Deployment, StatefuleSet and DaemonSet re
````yaml
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : validation-example
spec :
@ -74,7 +74,7 @@ For example, this pattern will check the existance of "name" field in the list:
````yaml
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : validation-example2
spec :
@ -109,7 +109,7 @@ In some cases one content can be defined at a different level. For example, a se
````yaml
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: check-container-security-context
spec:

2
documentation/writing-policies.md
View file

@ -6,7 +6,7 @@ A Kyverno policy contains a set of rules. Each rule matches resources by kind, n
````yaml
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy
spec :

2
examples/cli/policy_deployment.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-deployment
spec :

2
examples/policy_generate_networkPolicy.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: defaultgeneratenetworkpolicy
spec:

2
examples/policy_mutate_endpoint.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-endpoints
spec :

2
examples/policy_mutate_imagePullPolicy.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: image-pull-policy
spec:

2
examples/policy_mutate_validate_qos.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-qos
spec:

2
examples/policy_validate_containerSecurityContext.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: container-security-context
spec:

2
examples/policy_validate_healthChecks.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name: check-probe-exists
spec:

2
examples/policy_validate_imageRegistries.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: check-registries
spec:

2
examples/policy_validate_nonRootUser.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: check-container-security-context
spec:

2
examples/validate/check_cpu_memory.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: check-cpu-memory
spec:

2
examples/validate/check_hostpath.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: check-host-path
spec:

2
examples/validate/check_image_version.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: image-pull-policy
spec:

2
examples/validate/check_memory_requests_same_yaml.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : validation-example2
spec :

2
examples/validate/check_memory_requests_same_yaml_relative.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : validation-example2
spec :

2
examples/validate/check_nodeport.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: check-node-port
spec:

2
examples/validate/check_not_root.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : check-non-root
spec :

2
examples/validate/check_probe_exists.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name: check-probe-exists
spec:

2
examples/validate/check_probe_intervals.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name: check-probe-intervals
spec:

2
examples/validate/check_registries.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: check-registries
spec:

10
main.go
View file

@ -92,14 +92,14 @@ func main() {
// EVENT GENERATOR
// - generate event with retry mechanism
egen := event.NewEventGenerator(client, pInformer.Kyverno().V1alpha1().Policies())
egen := event.NewEventGenerator(client, pInformer.Kyverno().V1alpha1().ClusterPolicies())
// POLICY CONTROLLER
// - reconciliation policy and policy violation
// - process policy on existing resources
// - status aggregator: recieves stats when a policy is applied
// & updates the policy status
pc, err := policy.NewPolicyController(pclient, client, pInformer.Kyverno().V1alpha1().Policies(), pInformer.Kyverno().V1alpha1().PolicyViolations(), egen, kubeInformer.Admissionregistration().V1beta1().MutatingWebhookConfigurations(), webhookRegistrationClient)
pc, err := policy.NewPolicyController(pclient, client, pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations(), egen, kubeInformer.Admissionregistration().V1beta1().MutatingWebhookConfigurations(), webhookRegistrationClient)
if err != nil {
glog.Fatalf("error creating policy controller: %v\n", err)
}
@ -107,14 +107,14 @@ func main() {
// POLICY VIOLATION CONTROLLER
// policy violation cleanup if the corresponding resource is deleted
// status: lastUpdatTime
pvc, err := policyviolation.NewPolicyViolationController(client, pclient, pInformer.Kyverno().V1alpha1().Policies(), pInformer.Kyverno().V1alpha1().PolicyViolations())
pvc, err := policyviolation.NewPolicyViolationController(client, pclient, pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations())
if err != nil {
glog.Fatalf("error creating policy violation controller: %v\n", err)
}
// GENERATE CONTROLLER
// - watches for Namespace resource and generates resource based on the policy generate rule
nsc := namespace.NewNamespaceController(pclient, client, kubeInformer.Core().V1().Namespaces(), pInformer.Kyverno().V1alpha1().Policies(), pInformer.Kyverno().V1alpha1().PolicyViolations(), pc.GetPolicyStatusAggregator(), egen)
nsc := namespace.NewNamespaceController(pclient, client, kubeInformer.Core().V1().Namespaces(), pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations(), pc.GetPolicyStatusAggregator(), egen)
// CONFIGURE CERTIFICATES
tlsPair, err := initTLSPemPair(clientConfig, client)
@ -137,7 +137,7 @@ func main() {
// -- annotations on resources with update details on mutation JSON patches
// -- generate policy violation resource
// -- generate events on policy and resource
server, err := webhooks.NewWebhookServer(pclient, client, tlsPair, pInformer.Kyverno().V1alpha1().Policies(), pInformer.Kyverno().V1alpha1().PolicyViolations(), egen, webhookRegistrationClient, pc.GetPolicyStatusAggregator(), filterK8Resources, cleanUp)
server, err := webhooks.NewWebhookServer(pclient, client, tlsPair, pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations(), egen, webhookRegistrationClient, pc.GetPolicyStatusAggregator(), filterK8Resources, cleanUp)
if err != nil {
glog.Fatalf("Unable to create webhook server: %v\n", err)
}

12
pkg/api/kyverno/v1alpha1/register.go
View file

@ -29,10 +29,14 @@ var (
// Adds the list of known types to Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&Policy{},
&PolicyList{},
&PolicyViolation{},
&PolicyViolationList{},
// &Policy{},
// &PolicyList{},
// &PolicyViolation{},
// &PolicyViolationList{},
&ClusterPolicy{},
&ClusterPolicyList{},
&ClusterPolicyViolation{},
&ClusterPolicyViolationList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil

48
pkg/api/kyverno/v1alpha1/types.go
View file

@ -8,6 +8,34 @@ import (
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterPolicy ...
type ClusterPolicy Policy
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterPolicyList ...
type ClusterPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ClusterPolicy `json:"items"`
}
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterPolicyViolation ...
type ClusterPolicyViolation PolicyViolation
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterPolicyViolationList ...
type ClusterPolicyViolationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ClusterPolicyViolation `json:"items"`
}
// Policy contains rules to be applied to created resources
type Policy struct {
metav1.TypeMeta `json:",inline"`
@ -103,18 +131,7 @@ type PolicyStatus struct {
AvgExecutionTimeGeneration string `json:"averageGenerationRulesExecutionTime"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PolicyList is a list of Policy resources
type PolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Policy `json:"items"`
}
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PolicyViolation stores the information regarinding the resources for which a policy failed to apply
type PolicyViolation struct {
@ -152,12 +169,3 @@ type PolicyViolationStatus struct {
LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"`
//TODO: having user information regarding the owner of resource can be helpful
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PolicyViolationList is a list of Policy Violation
type PolicyViolationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []PolicyViolation `json:"items"`
}

204
pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go
View file

@ -41,6 +41,128 @@ func (in *CloneFrom) DeepCopy() *CloneFrom {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterPolicy) DeepCopyInto(out *ClusterPolicy) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicy.
func (in *ClusterPolicy) DeepCopy() *ClusterPolicy {
if in == nil {
return nil
}
out := new(ClusterPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterPolicy) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterPolicyList) DeepCopyInto(out *ClusterPolicyList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]ClusterPolicy, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyList.
func (in *ClusterPolicyList) DeepCopy() *ClusterPolicyList {
if in == nil {
return nil
}
out := new(ClusterPolicyList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterPolicyList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterPolicyViolation) DeepCopyInto(out *ClusterPolicyViolation) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyViolation.
func (in *ClusterPolicyViolation) DeepCopy() *ClusterPolicyViolation {
if in == nil {
return nil
}
out := new(ClusterPolicyViolation)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterPolicyViolation) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterPolicyViolationList) DeepCopyInto(out *ClusterPolicyViolationList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]ClusterPolicyViolation, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyViolationList.
func (in *ClusterPolicyViolationList) DeepCopy() *ClusterPolicyViolationList {
if in == nil {
return nil
}
out := new(ClusterPolicyViolationList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterPolicyViolationList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ExcludeResources) DeepCopyInto(out *ExcludeResources) {
*out = *in
@ -115,47 +237,6 @@ func (in *Policy) DeepCopy() *Policy {
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Policy) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyList) DeepCopyInto(out *PolicyList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Policy, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.
func (in *PolicyList) DeepCopy() *PolicyList {
if in == nil {
return nil
}
out := new(PolicyList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *PolicyList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus) {
*out = *in
@ -192,47 +273,6 @@ func (in *PolicyViolation) DeepCopy() *PolicyViolation {
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *PolicyViolation) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyViolationList) DeepCopyInto(out *PolicyViolationList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]PolicyViolation, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationList.
func (in *PolicyViolationList) DeepCopy() *PolicyViolationList {
if in == nil {
return nil
}
out := new(PolicyViolationList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *PolicyViolationList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyViolationSpec) DeepCopyInto(out *PolicyViolationSpec) {
*out = *in

180
pkg/client/clientset/versioned/typed/kyverno/v1alpha1/clusterpolicy.go Normal file
View file

@ -0,0 +1,180 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"time"
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
scheme "github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// ClusterPoliciesGetter has a method to return a ClusterPolicyInterface.
// A group's client should implement this interface.
type ClusterPoliciesGetter interface {
ClusterPolicies() ClusterPolicyInterface
}
// ClusterPolicyInterface has methods to work with ClusterPolicy resources.
type ClusterPolicyInterface interface {
Create(*v1alpha1.ClusterPolicy) (*v1alpha1.ClusterPolicy, error)
Update(*v1alpha1.ClusterPolicy) (*v1alpha1.ClusterPolicy, error)
UpdateStatus(*v1alpha1.ClusterPolicy) (*v1alpha1.ClusterPolicy, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*v1alpha1.ClusterPolicy, error)
List(opts v1.ListOptions) (*v1alpha1.ClusterPolicyList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.ClusterPolicy, err error)
ClusterPolicyExpansion
}
// clusterPolicies implements ClusterPolicyInterface
type clusterPolicies struct {
client rest.Interface
}
// newClusterPolicies returns a ClusterPolicies
func newClusterPolicies(c *KyvernoV1alpha1Client) *clusterPolicies {
return &clusterPolicies{
client: c.RESTClient(),
}
}
// Get takes name of the clusterPolicy, and returns the corresponding clusterPolicy object, and an error if there is any.
func (c *clusterPolicies) Get(name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicy, err error) {
result = &v1alpha1.ClusterPolicy{}
err = c.client.Get().
Resource("clusterpolicies").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of ClusterPolicies that match those selectors.
func (c *clusterPolicies) List(opts v1.ListOptions) (result *v1alpha1.ClusterPolicyList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.ClusterPolicyList{}
err = c.client.Get().
Resource("clusterpolicies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested clusterPolicies.
func (c *clusterPolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Resource("clusterpolicies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch()
}
// Create takes the representation of a clusterPolicy and creates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
func (c *clusterPolicies) Create(clusterPolicy *v1alpha1.ClusterPolicy) (result *v1alpha1.ClusterPolicy, err error) {
result = &v1alpha1.ClusterPolicy{}
err = c.client.Post().
Resource("clusterpolicies").
Body(clusterPolicy).
Do().
Into(result)
return
}
// Update takes the representation of a clusterPolicy and updates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
func (c *clusterPolicies) Update(clusterPolicy *v1alpha1.ClusterPolicy) (result *v1alpha1.ClusterPolicy, err error) {
result = &v1alpha1.ClusterPolicy{}
err = c.client.Put().
Resource("clusterpolicies").
Name(clusterPolicy.Name).
Body(clusterPolicy).
Do().
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *clusterPolicies) UpdateStatus(clusterPolicy *v1alpha1.ClusterPolicy) (result *v1alpha1.ClusterPolicy, err error) {
result = &v1alpha1.ClusterPolicy{}
err = c.client.Put().
Resource("clusterpolicies").
Name(clusterPolicy.Name).
SubResource("status").
Body(clusterPolicy).
Do().
Into(result)
return
}
// Delete takes name of the clusterPolicy and deletes it. Returns an error if one occurs.
func (c *clusterPolicies) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Resource("clusterpolicies").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *clusterPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
var timeout time.Duration
if listOptions.TimeoutSeconds != nil {
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("clusterpolicies").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched clusterPolicy.
func (c *clusterPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.ClusterPolicy, err error) {
result = &v1alpha1.ClusterPolicy{}
err = c.client.Patch(pt).
Resource("clusterpolicies").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

180
pkg/client/clientset/versioned/typed/kyverno/v1alpha1/clusterpolicyviolation.go Normal file
View file

@ -0,0 +1,180 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"time"
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
scheme "github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// ClusterPolicyViolationsGetter has a method to return a ClusterPolicyViolationInterface.
// A group's client should implement this interface.
type ClusterPolicyViolationsGetter interface {
ClusterPolicyViolations() ClusterPolicyViolationInterface
}
// ClusterPolicyViolationInterface has methods to work with ClusterPolicyViolation resources.
type ClusterPolicyViolationInterface interface {
Create(*v1alpha1.ClusterPolicyViolation) (*v1alpha1.ClusterPolicyViolation, error)
Update(*v1alpha1.ClusterPolicyViolation) (*v1alpha1.ClusterPolicyViolation, error)
UpdateStatus(*v1alpha1.ClusterPolicyViolation) (*v1alpha1.ClusterPolicyViolation, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*v1alpha1.ClusterPolicyViolation, error)
List(opts v1.ListOptions) (*v1alpha1.ClusterPolicyViolationList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.ClusterPolicyViolation, err error)
ClusterPolicyViolationExpansion
}
// clusterPolicyViolations implements ClusterPolicyViolationInterface
type clusterPolicyViolations struct {
client rest.Interface
}
// newClusterPolicyViolations returns a ClusterPolicyViolations
func newClusterPolicyViolations(c *KyvernoV1alpha1Client) *clusterPolicyViolations {
return &clusterPolicyViolations{
client: c.RESTClient(),
}
}
// Get takes name of the clusterPolicyViolation, and returns the corresponding clusterPolicyViolation object, and an error if there is any.
func (c *clusterPolicyViolations) Get(name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicyViolation, err error) {
result = &v1alpha1.ClusterPolicyViolation{}
err = c.client.Get().
Resource("clusterpolicyviolations").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of ClusterPolicyViolations that match those selectors.
func (c *clusterPolicyViolations) List(opts v1.ListOptions) (result *v1alpha1.ClusterPolicyViolationList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.ClusterPolicyViolationList{}
err = c.client.Get().
Resource("clusterpolicyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested clusterPolicyViolations.
func (c *clusterPolicyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Resource("clusterpolicyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch()
}
// Create takes the representation of a clusterPolicyViolation and creates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *clusterPolicyViolations) Create(clusterPolicyViolation *v1alpha1.ClusterPolicyViolation) (result *v1alpha1.ClusterPolicyViolation, err error) {
result = &v1alpha1.ClusterPolicyViolation{}
err = c.client.Post().
Resource("clusterpolicyviolations").
Body(clusterPolicyViolation).
Do().
Into(result)
return
}
// Update takes the representation of a clusterPolicyViolation and updates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *clusterPolicyViolations) Update(clusterPolicyViolation *v1alpha1.ClusterPolicyViolation) (result *v1alpha1.ClusterPolicyViolation, err error) {
result = &v1alpha1.ClusterPolicyViolation{}
err = c.client.Put().
Resource("clusterpolicyviolations").
Name(clusterPolicyViolation.Name).
Body(clusterPolicyViolation).
Do().
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *clusterPolicyViolations) UpdateStatus(clusterPolicyViolation *v1alpha1.ClusterPolicyViolation) (result *v1alpha1.ClusterPolicyViolation, err error) {
result = &v1alpha1.ClusterPolicyViolation{}
err = c.client.Put().
Resource("clusterpolicyviolations").
Name(clusterPolicyViolation.Name).
SubResource("status").
Body(clusterPolicyViolation).
Do().
Into(result)
return
}
// Delete takes name of the clusterPolicyViolation and deletes it. Returns an error if one occurs.
func (c *clusterPolicyViolations) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Resource("clusterpolicyviolations").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *clusterPolicyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
var timeout time.Duration
if listOptions.TimeoutSeconds != nil {
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("clusterpolicyviolations").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched clusterPolicyViolation.
func (c *clusterPolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.ClusterPolicyViolation, err error) {
result = &v1alpha1.ClusterPolicyViolation{}
err = c.client.Patch(pt).
Resource("clusterpolicyviolations").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

131
pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_clusterpolicy.go Normal file
View file

@ -0,0 +1,131 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeClusterPolicies implements ClusterPolicyInterface
type FakeClusterPolicies struct {
Fake *FakeKyvernoV1alpha1
}
var clusterpoliciesResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "clusterpolicies"}
var clusterpoliciesKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "ClusterPolicy"}
// Get takes name of the clusterPolicy, and returns the corresponding clusterPolicy object, and an error if there is any.
func (c *FakeClusterPolicies) Get(name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(clusterpoliciesResource, name), &v1alpha1.ClusterPolicy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.ClusterPolicy), err
}
// List takes label and field selectors, and returns the list of ClusterPolicies that match those selectors.
func (c *FakeClusterPolicies) List(opts v1.ListOptions) (result *v1alpha1.ClusterPolicyList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(clusterpoliciesResource, clusterpoliciesKind, opts), &v1alpha1.ClusterPolicyList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.ClusterPolicyList{ListMeta: obj.(*v1alpha1.ClusterPolicyList).ListMeta}
for _, item := range obj.(*v1alpha1.ClusterPolicyList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested clusterPolicies.
func (c *FakeClusterPolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(clusterpoliciesResource, opts))
}
// Create takes the representation of a clusterPolicy and creates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
func (c *FakeClusterPolicies) Create(clusterPolicy *v1alpha1.ClusterPolicy) (result *v1alpha1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(clusterpoliciesResource, clusterPolicy), &v1alpha1.ClusterPolicy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.ClusterPolicy), err
}
// Update takes the representation of a clusterPolicy and updates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
func (c *FakeClusterPolicies) Update(clusterPolicy *v1alpha1.ClusterPolicy) (result *v1alpha1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(clusterpoliciesResource, clusterPolicy), &v1alpha1.ClusterPolicy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.ClusterPolicy), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeClusterPolicies) UpdateStatus(clusterPolicy *v1alpha1.ClusterPolicy) (*v1alpha1.ClusterPolicy, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(clusterpoliciesResource, "status", clusterPolicy), &v1alpha1.ClusterPolicy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.ClusterPolicy), err
}
// Delete takes name of the clusterPolicy and deletes it. Returns an error if one occurs.
func (c *FakeClusterPolicies) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(clusterpoliciesResource, name), &v1alpha1.ClusterPolicy{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeClusterPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(clusterpoliciesResource, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.ClusterPolicyList{})
return err
}
// Patch applies the patch and returns the patched clusterPolicy.
func (c *FakeClusterPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(clusterpoliciesResource, name, pt, data, subresources...), &v1alpha1.ClusterPolicy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.ClusterPolicy), err
}

131
pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_clusterpolicyviolation.go Normal file
View file

@ -0,0 +1,131 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeClusterPolicyViolations implements ClusterPolicyViolationInterface
type FakeClusterPolicyViolations struct {
Fake *FakeKyvernoV1alpha1
}
var clusterpolicyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "clusterpolicyviolations"}
var clusterpolicyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "ClusterPolicyViolation"}
// Get takes name of the clusterPolicyViolation, and returns the corresponding clusterPolicyViolation object, and an error if there is any.
func (c *FakeClusterPolicyViolations) Get(name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(clusterpolicyviolationsResource, name), &v1alpha1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.ClusterPolicyViolation), err
}
// List takes label and field selectors, and returns the list of ClusterPolicyViolations that match those selectors.
func (c *FakeClusterPolicyViolations) List(opts v1.ListOptions) (result *v1alpha1.ClusterPolicyViolationList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(clusterpolicyviolationsResource, clusterpolicyviolationsKind, opts), &v1alpha1.ClusterPolicyViolationList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.ClusterPolicyViolationList{ListMeta: obj.(*v1alpha1.ClusterPolicyViolationList).ListMeta}
for _, item := range obj.(*v1alpha1.ClusterPolicyViolationList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested clusterPolicyViolations.
func (c *FakeClusterPolicyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(clusterpolicyviolationsResource, opts))
}
// Create takes the representation of a clusterPolicyViolation and creates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *FakeClusterPolicyViolations) Create(clusterPolicyViolation *v1alpha1.ClusterPolicyViolation) (result *v1alpha1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(clusterpolicyviolationsResource, clusterPolicyViolation), &v1alpha1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.ClusterPolicyViolation), err
}
// Update takes the representation of a clusterPolicyViolation and updates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
func (c *FakeClusterPolicyViolations) Update(clusterPolicyViolation *v1alpha1.ClusterPolicyViolation) (result *v1alpha1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(clusterpolicyviolationsResource, clusterPolicyViolation), &v1alpha1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.ClusterPolicyViolation), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeClusterPolicyViolations) UpdateStatus(clusterPolicyViolation *v1alpha1.ClusterPolicyViolation) (*v1alpha1.ClusterPolicyViolation, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(clusterpolicyviolationsResource, "status", clusterPolicyViolation), &v1alpha1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.ClusterPolicyViolation), err
}
// Delete takes name of the clusterPolicyViolation and deletes it. Returns an error if one occurs.
func (c *FakeClusterPolicyViolations) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(clusterpolicyviolationsResource, name), &v1alpha1.ClusterPolicyViolation{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeClusterPolicyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(clusterpolicyviolationsResource, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.ClusterPolicyViolationList{})
return err
}
// Patch applies the patch and returns the patched clusterPolicyViolation.
func (c *FakeClusterPolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyviolationsResource, name, pt, data, subresources...), &v1alpha1.ClusterPolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.ClusterPolicyViolation), err
}

8
pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_kyverno_client.go
View file

@ -28,12 +28,12 @@ type FakeKyvernoV1alpha1 struct {
*testing.Fake
}
func (c *FakeKyvernoV1alpha1) Policies() v1alpha1.PolicyInterface {
return &FakePolicies{c}
func (c *FakeKyvernoV1alpha1) ClusterPolicies() v1alpha1.ClusterPolicyInterface {
return &FakeClusterPolicies{c}
}
func (c *FakeKyvernoV1alpha1) PolicyViolations() v1alpha1.PolicyViolationInterface {
return &FakePolicyViolations{c}
func (c *FakeKyvernoV1alpha1) ClusterPolicyViolations() v1alpha1.ClusterPolicyViolationInterface {
return &FakeClusterPolicyViolations{c}
}
// RESTClient returns a RESTClient that is used to communicate

131
pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_policy.go
View file

@ -1,131 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakePolicies implements PolicyInterface
type FakePolicies struct {
Fake *FakeKyvernoV1alpha1
}
var policiesResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "policies"}
var policiesKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "Policy"}
// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
func (c *FakePolicies) Get(name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(policiesResource, name), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}
// List takes label and field selectors, and returns the list of Policies that match those selectors.
func (c *FakePolicies) List(opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(policiesResource, policiesKind, opts), &v1alpha1.PolicyList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.PolicyList{ListMeta: obj.(*v1alpha1.PolicyList).ListMeta}
for _, item := range obj.(*v1alpha1.PolicyList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested policies.
func (c *FakePolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(policiesResource, opts))
}
// Create takes the representation of a policy and creates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *FakePolicies) Create(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(policiesResource, policy), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}
// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *FakePolicies) Update(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(policiesResource, policy), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakePolicies) UpdateStatus(policy *v1alpha1.Policy) (*v1alpha1.Policy, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(policiesResource, "status", policy), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}
// Delete takes name of the policy and deletes it. Returns an error if one occurs.
func (c *FakePolicies) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(policiesResource, name), &v1alpha1.Policy{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakePolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(policiesResource, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.PolicyList{})
return err
}
// Patch applies the patch and returns the patched policy.
func (c *FakePolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(policiesResource, name, pt, data, subresources...), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}

131
pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_policyviolation.go
View file

@ -1,131 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakePolicyViolations implements PolicyViolationInterface
type FakePolicyViolations struct {
Fake *FakeKyvernoV1alpha1
}
var policyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "policyviolations"}
var policyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "PolicyViolation"}
// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
func (c *FakePolicyViolations) Get(name string, options v1.GetOptions) (result *v1alpha1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(policyviolationsResource, name), &v1alpha1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.PolicyViolation), err
}
// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
func (c *FakePolicyViolations) List(opts v1.ListOptions) (result *v1alpha1.PolicyViolationList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(policyviolationsResource, policyviolationsKind, opts), &v1alpha1.PolicyViolationList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.PolicyViolationList{ListMeta: obj.(*v1alpha1.PolicyViolationList).ListMeta}
for _, item := range obj.(*v1alpha1.PolicyViolationList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested policyViolations.
func (c *FakePolicyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(policyviolationsResource, opts))
}
// Create takes the representation of a policyViolation and creates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *FakePolicyViolations) Create(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(policyviolationsResource, policyViolation), &v1alpha1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.PolicyViolation), err
}
// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *FakePolicyViolations) Update(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(policyviolationsResource, policyViolation), &v1alpha1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.PolicyViolation), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakePolicyViolations) UpdateStatus(policyViolation *v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(policyviolationsResource, "status", policyViolation), &v1alpha1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.PolicyViolation), err
}
// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
func (c *FakePolicyViolations) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(policyviolationsResource, name), &v1alpha1.PolicyViolation{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakePolicyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(policyviolationsResource, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.PolicyViolationList{})
return err
}
// Patch applies the patch and returns the patched policyViolation.
func (c *FakePolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(policyviolationsResource, name, pt, data, subresources...), &v1alpha1.PolicyViolation{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.PolicyViolation), err
}

4
pkg/client/clientset/versioned/typed/kyverno/v1alpha1/generated_expansion.go
View file

@ -18,6 +18,6 @@ limitations under the License.
package v1alpha1
type PolicyExpansion interface{}
type ClusterPolicyExpansion interface{}
type PolicyViolationExpansion interface{}
type ClusterPolicyViolationExpansion interface{}

12
pkg/client/clientset/versioned/typed/kyverno/v1alpha1/kyverno_client.go
View file

@ -27,8 +27,8 @@ import (
type KyvernoV1alpha1Interface interface {
RESTClient() rest.Interface
PoliciesGetter
PolicyViolationsGetter
ClusterPoliciesGetter
ClusterPolicyViolationsGetter
}
// KyvernoV1alpha1Client is used to interact with features provided by the kyverno.io group.
@ -36,12 +36,12 @@ type KyvernoV1alpha1Client struct {
restClient rest.Interface
}
func (c *KyvernoV1alpha1Client) Policies() PolicyInterface {
return newPolicies(c)
func (c *KyvernoV1alpha1Client) ClusterPolicies() ClusterPolicyInterface {
return newClusterPolicies(c)
}
func (c *KyvernoV1alpha1Client) PolicyViolations() PolicyViolationInterface {
return newPolicyViolations(c)
func (c *KyvernoV1alpha1Client) ClusterPolicyViolations() ClusterPolicyViolationInterface {
return newClusterPolicyViolations(c)
}
// NewForConfig creates a new KyvernoV1alpha1Client for the given config.

180
pkg/client/clientset/versioned/typed/kyverno/v1alpha1/policy.go
View file

@ -1,180 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"time"
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
scheme "github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// PoliciesGetter has a method to return a PolicyInterface.
// A group's client should implement this interface.
type PoliciesGetter interface {
Policies() PolicyInterface
}
// PolicyInterface has methods to work with Policy resources.
type PolicyInterface interface {
Create(*v1alpha1.Policy) (*v1alpha1.Policy, error)
Update(*v1alpha1.Policy) (*v1alpha1.Policy, error)
UpdateStatus(*v1alpha1.Policy) (*v1alpha1.Policy, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*v1alpha1.Policy, error)
List(opts v1.ListOptions) (*v1alpha1.PolicyList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error)
PolicyExpansion
}
// policies implements PolicyInterface
type policies struct {
client rest.Interface
}
// newPolicies returns a Policies
func newPolicies(c *KyvernoV1alpha1Client) *policies {
return &policies{
client: c.RESTClient(),
}
}
// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
func (c *policies) Get(name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Get().
Resource("policies").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of Policies that match those selectors.
func (c *policies) List(opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.PolicyList{}
err = c.client.Get().
Resource("policies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested policies.
func (c *policies) Watch(opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Resource("policies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch()
}
// Create takes the representation of a policy and creates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *policies) Create(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Post().
Resource("policies").
Body(policy).
Do().
Into(result)
return
}
// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *policies) Update(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Put().
Resource("policies").
Name(policy.Name).
Body(policy).
Do().
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *policies) UpdateStatus(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Put().
Resource("policies").
Name(policy.Name).
SubResource("status").
Body(policy).
Do().
Into(result)
return
}
// Delete takes name of the policy and deletes it. Returns an error if one occurs.
func (c *policies) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Resource("policies").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *policies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
var timeout time.Duration
if listOptions.TimeoutSeconds != nil {
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("policies").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched policy.
func (c *policies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Patch(pt).
Resource("policies").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

180
pkg/client/clientset/versioned/typed/kyverno/v1alpha1/policyviolation.go
View file

@ -1,180 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"time"
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
scheme "github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// PolicyViolationsGetter has a method to return a PolicyViolationInterface.
// A group's client should implement this interface.
type PolicyViolationsGetter interface {
PolicyViolations() PolicyViolationInterface
}
// PolicyViolationInterface has methods to work with PolicyViolation resources.
type PolicyViolationInterface interface {
Create(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
Update(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
UpdateStatus(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*v1alpha1.PolicyViolation, error)
List(opts v1.ListOptions) (*v1alpha1.PolicyViolationList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error)
PolicyViolationExpansion
}
// policyViolations implements PolicyViolationInterface
type policyViolations struct {
client rest.Interface
}
// newPolicyViolations returns a PolicyViolations
func newPolicyViolations(c *KyvernoV1alpha1Client) *policyViolations {
return &policyViolations{
client: c.RESTClient(),
}
}
// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
func (c *policyViolations) Get(name string, options v1.GetOptions) (result *v1alpha1.PolicyViolation, err error) {
result = &v1alpha1.PolicyViolation{}
err = c.client.Get().
Resource("policyviolations").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
func (c *policyViolations) List(opts v1.ListOptions) (result *v1alpha1.PolicyViolationList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.PolicyViolationList{}
err = c.client.Get().
Resource("policyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested policyViolations.
func (c *policyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Resource("policyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch()
}
// Create takes the representation of a policyViolation and creates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *policyViolations) Create(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
result = &v1alpha1.PolicyViolation{}
err = c.client.Post().
Resource("policyviolations").
Body(policyViolation).
Do().
Into(result)
return
}
// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
func (c *policyViolations) Update(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
result = &v1alpha1.PolicyViolation{}
err = c.client.Put().
Resource("policyviolations").
Name(policyViolation.Name).
Body(policyViolation).
Do().
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *policyViolations) UpdateStatus(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
result = &v1alpha1.PolicyViolation{}
err = c.client.Put().
Resource("policyviolations").
Name(policyViolation.Name).
SubResource("status").
Body(policyViolation).
Do().
Into(result)
return
}
// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
func (c *policyViolations) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Resource("policyviolations").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *policyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
var timeout time.Duration
if listOptions.TimeoutSeconds != nil {
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("policyviolations").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched policyViolation.
func (c *policyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error) {
result = &v1alpha1.PolicyViolation{}
err = c.client.Patch(pt).
Resource("policyviolations").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

8
pkg/client/informers/externalversions/generic.go
View file

@ -53,10 +53,10 @@ func (f *genericInformer) Lister() cache.GenericLister {
func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) {
switch resource {
// Group=kyverno.io, Version=v1alpha1
case v1alpha1.SchemeGroupVersion.WithResource("policies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha1().Policies().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("policyviolations"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha1().PolicyViolations().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("clusterpolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha1().ClusterPolicies().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("clusterpolicyviolations"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha1().ClusterPolicyViolations().Informer()}, nil
}

38
pkg/client/informers/externalversions/kyverno/v1alpha1/policy.go → pkg/client/informers/externalversions/kyverno/v1alpha1/clusterpolicy.go
View file

@ -31,58 +31,58 @@ import (
cache "k8s.io/client-go/tools/cache"
)
// PolicyInformer provides access to a shared informer and lister for
// Policies.
type PolicyInformer interface {
// ClusterPolicyInformer provides access to a shared informer and lister for
// ClusterPolicies.
type ClusterPolicyInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha1.PolicyLister
Lister() v1alpha1.ClusterPolicyLister
}
type policyInformer struct {
type clusterPolicyInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// NewPolicyInformer constructs a new informer for Policy type.
// NewClusterPolicyInformer constructs a new informer for ClusterPolicy type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredPolicyInformer(client, resyncPeriod, indexers, nil)
func NewClusterPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredClusterPolicyInformer(client, resyncPeriod, indexers, nil)
}
// NewFilteredPolicyInformer constructs a new informer for Policy type.
// NewFilteredClusterPolicyInformer constructs a new informer for ClusterPolicy type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
func NewFilteredClusterPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().Policies().List(options)
return client.KyvernoV1alpha1().ClusterPolicies().List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().Policies().Watch(options)
return client.KyvernoV1alpha1().ClusterPolicies().Watch(options)
},
},
&kyvernov1alpha1.Policy{},
&kyvernov1alpha1.ClusterPolicy{},
resyncPeriod,
indexers,
)
}
func (f *policyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
func (f *clusterPolicyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredClusterPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *policyInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1alpha1.Policy{}, f.defaultInformer)
func (f *clusterPolicyInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1alpha1.ClusterPolicy{}, f.defaultInformer)
}
func (f *policyInformer) Lister() v1alpha1.PolicyLister {
return v1alpha1.NewPolicyLister(f.Informer().GetIndexer())
func (f *clusterPolicyInformer) Lister() v1alpha1.ClusterPolicyLister {
return v1alpha1.NewClusterPolicyLister(f.Informer().GetIndexer())
}

38
pkg/client/informers/externalversions/kyverno/v1alpha1/policyviolation.go → pkg/client/informers/externalversions/kyverno/v1alpha1/clusterpolicyviolation.go
View file

@ -31,58 +31,58 @@ import (
cache "k8s.io/client-go/tools/cache"
)
// PolicyViolationInformer provides access to a shared informer and lister for
// PolicyViolations.
type PolicyViolationInformer interface {
// ClusterPolicyViolationInformer provides access to a shared informer and lister for
// ClusterPolicyViolations.
type ClusterPolicyViolationInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha1.PolicyViolationLister
Lister() v1alpha1.ClusterPolicyViolationLister
}
type policyViolationInformer struct {
type clusterPolicyViolationInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// NewPolicyViolationInformer constructs a new informer for PolicyViolation type.
// NewClusterPolicyViolationInformer constructs a new informer for ClusterPolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredPolicyViolationInformer(client, resyncPeriod, indexers, nil)
func NewClusterPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredClusterPolicyViolationInformer(client, resyncPeriod, indexers, nil)
}
// NewFilteredPolicyViolationInformer constructs a new informer for PolicyViolation type.
// NewFilteredClusterPolicyViolationInformer constructs a new informer for ClusterPolicyViolation type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
func NewFilteredClusterPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().PolicyViolations().List(options)
return client.KyvernoV1alpha1().ClusterPolicyViolations().List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KyvernoV1alpha1().PolicyViolations().Watch(options)
return client.KyvernoV1alpha1().ClusterPolicyViolations().Watch(options)
},
},
&kyvernov1alpha1.PolicyViolation{},
&kyvernov1alpha1.ClusterPolicyViolation{},
resyncPeriod,
indexers,
)
}
func (f *policyViolationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredPolicyViolationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
func (f *clusterPolicyViolationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredClusterPolicyViolationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *policyViolationInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1alpha1.PolicyViolation{}, f.defaultInformer)
func (f *clusterPolicyViolationInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kyvernov1alpha1.ClusterPolicyViolation{}, f.defaultInformer)
}
func (f *policyViolationInformer) Lister() v1alpha1.PolicyViolationLister {
return v1alpha1.NewPolicyViolationLister(f.Informer().GetIndexer())
func (f *clusterPolicyViolationInformer) Lister() v1alpha1.ClusterPolicyViolationLister {
return v1alpha1.NewClusterPolicyViolationLister(f.Informer().GetIndexer())
}

20
pkg/client/informers/externalversions/kyverno/v1alpha1/interface.go
View file

@ -24,10 +24,10 @@ import (
// Interface provides access to all the informers in this group version.
type Interface interface {
// Policies returns a PolicyInformer.
Policies() PolicyInformer
// PolicyViolations returns a PolicyViolationInformer.
PolicyViolations() PolicyViolationInformer
// ClusterPolicies returns a ClusterPolicyInformer.
ClusterPolicies() ClusterPolicyInformer
// ClusterPolicyViolations returns a ClusterPolicyViolationInformer.
ClusterPolicyViolations() ClusterPolicyViolationInformer
}
type version struct {
@ -41,12 +41,12 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// Policies returns a PolicyInformer.
func (v *version) Policies() PolicyInformer {
return &policyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
// ClusterPolicies returns a ClusterPolicyInformer.
func (v *version) ClusterPolicies() ClusterPolicyInformer {
return &clusterPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
// PolicyViolations returns a PolicyViolationInformer.
func (v *version) PolicyViolations() PolicyViolationInformer {
return &policyViolationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
// ClusterPolicyViolations returns a ClusterPolicyViolationInformer.
func (v *version) ClusterPolicyViolations() ClusterPolicyViolationInformer {
return &clusterPolicyViolationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}

65
pkg/client/listers/kyverno/v1alpha1/clusterpolicy.go Normal file
View file

@ -0,0 +1,65 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// ClusterPolicyLister helps list ClusterPolicies.
type ClusterPolicyLister interface {
// List lists all ClusterPolicies in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicy, err error)
// Get retrieves the ClusterPolicy from the index for a given name.
Get(name string) (*v1alpha1.ClusterPolicy, error)
ClusterPolicyListerExpansion
}
// clusterPolicyLister implements the ClusterPolicyLister interface.
type clusterPolicyLister struct {
indexer cache.Indexer
}
// NewClusterPolicyLister returns a new ClusterPolicyLister.
func NewClusterPolicyLister(indexer cache.Indexer) ClusterPolicyLister {
return &clusterPolicyLister{indexer: indexer}
}
// List lists all ClusterPolicies in the indexer.
func (s *clusterPolicyLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicy, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.ClusterPolicy))
})
return ret, err
}
// Get retrieves the ClusterPolicy from the index for a given name.
func (s *clusterPolicyLister) Get(name string) (*v1alpha1.ClusterPolicy, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha1.Resource("clusterpolicy"), name)
}
return obj.(*v1alpha1.ClusterPolicy), nil
}

65
pkg/client/listers/kyverno/v1alpha1/clusterpolicyviolation.go Normal file
View file

@ -0,0 +1,65 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// ClusterPolicyViolationLister helps list ClusterPolicyViolations.
type ClusterPolicyViolationLister interface {
// List lists all ClusterPolicyViolations in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyViolation, err error)
// Get retrieves the ClusterPolicyViolation from the index for a given name.
Get(name string) (*v1alpha1.ClusterPolicyViolation, error)
ClusterPolicyViolationListerExpansion
}
// clusterPolicyViolationLister implements the ClusterPolicyViolationLister interface.
type clusterPolicyViolationLister struct {
indexer cache.Indexer
}
// NewClusterPolicyViolationLister returns a new ClusterPolicyViolationLister.
func NewClusterPolicyViolationLister(indexer cache.Indexer) ClusterPolicyViolationLister {
return &clusterPolicyViolationLister{indexer: indexer}
}
// List lists all ClusterPolicyViolations in the indexer.
func (s *clusterPolicyViolationLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyViolation, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.ClusterPolicyViolation))
})
return ret, err
}
// Get retrieves the ClusterPolicyViolation from the index for a given name.
func (s *clusterPolicyViolationLister) Get(name string) (*v1alpha1.ClusterPolicyViolation, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha1.Resource("clusterpolicyviolation"), name)
}
return obj.(*v1alpha1.ClusterPolicyViolation), nil
}

30
pkg/client/listers/kyverno/v1alpha1/expansion_generated.go
View file

@ -29,40 +29,48 @@ import (
// PolicyListerExpansion allows custom methods to be added to
// PolicyLister.
type PolicyListerExpansion interface {
GetPolicyForPolicyViolation(pv *kyverno.PolicyViolation) ([]*kyverno.Policy, error)
ListResources(selector labels.Selector) (ret []*v1alpha1.Policy, err error)
type PolicyListerExpansion interface{}
// PolicyViolationListerExpansion allows custom methods to be added to
// PolicyViolationLister.
type PolicyViolationListerExpansion interface{}
// PolicyListerExpansion allows custom methods to be added to
// PolicyLister.
type ClusterPolicyListerExpansion interface {
GetPolicyForPolicyViolation(pv *kyverno.ClusterPolicyViolation) ([]*kyverno.ClusterPolicy, error)
ListResources(selector labels.Selector) (ret []*v1alpha1.ClusterPolicy, err error)
}
// PolicyViolationListerExpansion allows custom methods to be added to
// PolicyViolationLister.
type PolicyViolationListerExpansion interface {
type ClusterPolicyViolationListerExpansion interface {
// List lists all PolicyViolations in the indexer with GVK.
// List lists all PolicyViolations in the indexer with GVK.
ListResources(selector labels.Selector) (ret []*v1alpha1.PolicyViolation, err error)
ListResources(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyViolation, err error)
}
//ListResources is a wrapper to List and adds the resource kind information
// as the lister is specific to a gvk we can harcode the values here
func (pvl *policyViolationLister) ListResources(selector labels.Selector) (ret []*v1alpha1.PolicyViolation, err error) {
func (pvl *clusterPolicyViolationLister) ListResources(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyViolation, err error) {
policyviolations, err := pvl.List(selector)
for index := range policyviolations {
policyviolations[index].SetGroupVersionKind(kyverno.SchemeGroupVersion.WithKind("PolicyViolation"))
policyviolations[index].SetGroupVersionKind(kyverno.SchemeGroupVersion.WithKind("ClusterPolicyViolation"))
}
return policyviolations, nil
}
//ListResources is a wrapper to List and adds the resource kind information
// as the lister is specific to a gvk we can harcode the values here
func (pl *policyLister) ListResources(selector labels.Selector) (ret []*v1alpha1.Policy, err error) {
func (pl *clusterPolicyLister) ListResources(selector labels.Selector) (ret []*v1alpha1.ClusterPolicy, err error) {
policies, err := pl.List(selector)
for index := range policies {
policies[index].SetGroupVersionKind(kyverno.SchemeGroupVersion.WithKind("Policy"))
policies[index].SetGroupVersionKind(kyverno.SchemeGroupVersion.WithKind("ClusterPolicy"))
}
return policies, err
}
func (pl *policyLister) GetPolicyForPolicyViolation(pv *kyverno.PolicyViolation) ([]*kyverno.Policy, error) {
func (pl *clusterPolicyLister) GetPolicyForPolicyViolation(pv *kyverno.ClusterPolicyViolation) ([]*kyverno.ClusterPolicy, error) {
if len(pv.Labels) == 0 {
return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name)
}
@ -72,7 +80,7 @@ func (pl *policyLister) GetPolicyForPolicyViolation(pv *kyverno.PolicyViolation)
return nil, err
}
var policies []*kyverno.Policy
var policies []*kyverno.ClusterPolicy
for _, p := range pList {
policyLabelmap := map[string]string{"policy": p.Name}

65
pkg/client/listers/kyverno/v1alpha1/policy.go
View file

@ -1,65 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// PolicyLister helps list Policies.
type PolicyLister interface {
// List lists all Policies in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.Policy, err error)
// Get retrieves the Policy from the index for a given name.
Get(name string) (*v1alpha1.Policy, error)
PolicyListerExpansion
}
// policyLister implements the PolicyLister interface.
type policyLister struct {
indexer cache.Indexer
}
// NewPolicyLister returns a new PolicyLister.
func NewPolicyLister(indexer cache.Indexer) PolicyLister {
return &policyLister{indexer: indexer}
}
// List lists all Policies in the indexer.
func (s *policyLister) List(selector labels.Selector) (ret []*v1alpha1.Policy, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.Policy))
})
return ret, err
}
// Get retrieves the Policy from the index for a given name.
func (s *policyLister) Get(name string) (*v1alpha1.Policy, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha1.Resource("policy"), name)
}
return obj.(*v1alpha1.Policy), nil
}

65
pkg/client/listers/kyverno/v1alpha1/policyviolation.go
View file

@ -1,65 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// PolicyViolationLister helps list PolicyViolations.
type PolicyViolationLister interface {
// List lists all PolicyViolations in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.PolicyViolation, err error)
// Get retrieves the PolicyViolation from the index for a given name.
Get(name string) (*v1alpha1.PolicyViolation, error)
PolicyViolationListerExpansion
}
// policyViolationLister implements the PolicyViolationLister interface.
type policyViolationLister struct {
indexer cache.Indexer
}
// NewPolicyViolationLister returns a new PolicyViolationLister.
func NewPolicyViolationLister(indexer cache.Indexer) PolicyViolationLister {
return &policyViolationLister{indexer: indexer}
}
// List lists all PolicyViolations in the indexer.
func (s *policyViolationLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyViolation, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.PolicyViolation))
})
return ret, err
}
// Get retrieves the PolicyViolation from the index for a given name.
func (s *policyViolationLister) Get(name string) (*v1alpha1.PolicyViolation, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha1.Resource("policyviolation"), name)
}
return obj.(*v1alpha1.PolicyViolation), nil
}

2
pkg/config/config.go
View file

@ -13,7 +13,7 @@ const (
ValidatingWebhookConfigurationName = "kyverno-validating-webhook-cfg"
ValidatingWebhookConfigurationDebug = "kyverno-validating-webhook-cfg-debug"
ValidatingWebhookName = "nirmata.kyverno.validating-webhook"
ValidatingWebhookName = "nirmata.kyverno.policy-validating-webhook"
PolicyValidatingWebhookConfigurationName = "kyverno-policy-validating-webhook-cfg"
PolicyValidatingWebhookConfigurationDebugName = "kyverno-policy-validating-webhook-cfg-debug"

8
pkg/dclient/client_test.go
View file

@ -3,7 +3,7 @@ package client
import (
"testing"
policytypes "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -128,9 +128,9 @@ func TestGenerateResource(t *testing.T) {
if err != nil {
t.Errorf("CreateResource not working: %s", err)
}
gen := policytypes.Generation{Kind: "TheKind",
gen := kyverno.Generation{Kind: "TheKind",
Name: "gen-kind",
Clone: policytypes.CloneFrom{Namespace: "ns-foo", Name: "name-foo"}}
Clone: kyverno.CloneFrom{Namespace: "ns-foo", Name: "name-foo"}}
err = f.client.GenerateResource(gen, ns.GetName(), false)
if err != nil {
t.Errorf("GenerateResource not working: %s", err)
@ -140,7 +140,7 @@ func TestGenerateResource(t *testing.T) {
t.Errorf("GetResource not working: %s", err)
}
// GenerateResource -> data
gen = policytypes.Generation{Kind: "TheKind",
gen = kyverno.Generation{Kind: "TheKind",
Name: "name2-baz-new",
Data: newUnstructured("group2/version", "TheKind", "ns1", "name2-baz-new")}
err = f.client.GenerateResource(gen, ns.GetName(), false)

4
pkg/dclient/violation.go
View file

@ -1,11 +1,11 @@
package client
import (
kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
kyvernov "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
)
//CreatePolicyViolation create a Policy Violation resource
func (c *Client) CreatePolicyViolation(pv kyvernov1alpha1.PolicyViolation) error {
func (c *Client) CreatePolicyViolation(pv kyvernov.ClusterPolicyViolation) error {
_, err := c.CreateResource("PolicyViolation", ",", pv, false)
return err
}

2
pkg/engine/generation.go
View file

@ -16,7 +16,7 @@ import (
)
//Generate apply generation rules on a resource
func Generate(client *client.Client, policy kyverno.Policy, ns unstructured.Unstructured) (response EngineResponseNew) {
func Generate(client *client.Client, policy kyverno.ClusterPolicy, ns unstructured.Unstructured) (response EngineResponseNew) {
startTime := time.Now()
// policy information
func() {

2
pkg/engine/mutation.go
View file

@ -125,7 +125,7 @@ import (
// }
//MutateNew ...
func MutateNew(policy kyverno.Policy, resource unstructured.Unstructured) (response EngineResponseNew) {
func MutateNew(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (response EngineResponseNew) {
startTime := time.Now()
// policy information
func() {

2
pkg/engine/validation.go
View file

@ -342,7 +342,7 @@ func validateArrayOfMaps(resourceMapArray []interface{}, patternMap map[string]i
}
//ValidateNew ...
func ValidateNew(policy kyverno.Policy, resource unstructured.Unstructured) (response EngineResponseNew) {
func ValidateNew(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (response EngineResponseNew) {
startTime := time.Now()
// policy information
func() {

4
pkg/event/controller.go
View file

@ -21,7 +21,7 @@ import (
//Generator generate events
type Generator struct {
client *client.Client
pLister kyvernolister.PolicyLister
pLister kyvernolister.ClusterPolicyLister
queue workqueue.RateLimitingInterface
recorder record.EventRecorder
}
@ -33,7 +33,7 @@ type Interface interface {
//NewEventGenerator to generate a new event controller
func NewEventGenerator(client *client.Client,
pInformer kyvernoinformer.PolicyInformer) *Generator {
pInformer kyvernoinformer.ClusterPolicyInformer) *Generator {
gen := Generator{
client: client,

10
pkg/kyverno/apply/apply.go
View file

@ -50,7 +50,7 @@ func NewCmdApply(in io.Reader, out, errout io.Writer) *cobra.Command {
return cmd
}
func complete(kubeconfig string, args []string) (*kyverno.Policy, []*resourceInfo) {
func complete(kubeconfig string, args []string) (*kyverno.ClusterPolicy, []*resourceInfo) {
policyDir, resourceDir, err := validateDir(args)
if err != nil {
glog.Errorf("Failed to parse file path, err: %v\n", err)
@ -74,7 +74,7 @@ func complete(kubeconfig string, args []string) (*kyverno.Policy, []*resourceInf
return policy, resources
}
func applyPolicy(policy *kyverno.Policy, resources []*resourceInfo) (output string) {
func applyPolicy(policy *kyverno.ClusterPolicy, resources []*resourceInfo) (output string) {
for _, resource := range resources {
patchedDocument, err := applyPolicyOnRaw(policy, resource.rawResource, resource.gvk)
if err != nil {
@ -93,7 +93,7 @@ func applyPolicy(policy *kyverno.Policy, resources []*resourceInfo) (output stri
return
}
func applyPolicyOnRaw(policy *kyverno.Policy, rawResource []byte, gvk *metav1.GroupVersionKind) ([]byte, error) {
func applyPolicyOnRaw(policy *kyverno.ClusterPolicy, rawResource []byte, gvk *metav1.GroupVersionKind) ([]byte, error) {
patchedResource := rawResource
var err error
@ -130,8 +130,8 @@ func applyPolicyOnRaw(policy *kyverno.Policy, rawResource []byte, gvk *metav1.Gr
return patchedResource, nil
}
func extractPolicy(fileDir string) (*kyverno.Policy, error) {
policy := &kyverno.Policy{}
func extractPolicy(fileDir string) (*kyverno.ClusterPolicy, error) {
policy := &kyverno.ClusterPolicy{}
file, err := loadFile(fileDir)
if err != nil {

8
pkg/namespace/controller.go
View file

@ -40,11 +40,11 @@ type NamespaceController struct {
// nsListerSynced returns true if the Namespace store has been synced at least once
nsListerSynced cache.InformerSynced
// pvLister can list/get policy violation from the shared informer's store
pLister kyvernolister.PolicyLister
pLister kyvernolister.ClusterPolicyLister
// pvListerSynced retrns true if the Policy store has been synced at least once
pvListerSynced cache.InformerSynced
// pvLister can list/get policy violation from the shared informer's store
pvLister kyvernolister.PolicyViolationLister
pvLister kyvernolister.ClusterPolicyViolationLister
// API to send policy stats for aggregation
policyStatus policy.PolicyStatusInterface
// eventGen provides interface to generate evenets
@ -59,8 +59,8 @@ type NamespaceController struct {
func NewNamespaceController(kyvernoClient *kyvernoclient.Clientset,
client *client.Client,
nsInformer v1Informer.NamespaceInformer,
pInformer kyvernoinformer.PolicyInformer,
pvInformer kyvernoinformer.PolicyViolationInformer,
pInformer kyvernoinformer.ClusterPolicyInformer,
pvInformer kyvernoinformer.ClusterPolicyViolationInformer,
policyStatus policy.PolicyStatusInterface,
eventGen event.Interface) *NamespaceController {
//TODO: do we need to event recorder for this controller?

6
pkg/namespace/generation.go
View file

@ -115,8 +115,8 @@ func (nsc *NamespaceController) processNamespace(namespace corev1.Namespace) []e
return engineResponses
}
func listpolicies(ns unstructured.Unstructured, pLister kyvernolister.PolicyLister) []*kyverno.Policy {
var filteredpolicies []*kyverno.Policy
func listpolicies(ns unstructured.Unstructured, pLister kyvernolister.ClusterPolicyLister) []*kyverno.ClusterPolicy {
var filteredpolicies []*kyverno.ClusterPolicy
glog.V(4).Infof("listing policies for namespace %s", ns.GetName())
policies, err := pLister.List(labels.NewSelector())
if err != nil {
@ -140,7 +140,7 @@ func listpolicies(ns unstructured.Unstructured, pLister kyvernolister.PolicyList
return filteredpolicies
}
func applyPolicy(client *client.Client, resource unstructured.Unstructured, p kyverno.Policy, policyStatus policyctr.PolicyStatusInterface) engine.EngineResponseNew {
func applyPolicy(client *client.Client, resource unstructured.Unstructured, p kyverno.ClusterPolicy, policyStatus policyctr.PolicyStatusInterface) engine.EngineResponseNew {
var policyStats []policyctr.PolicyStat
// gather stats from the engine response
gatherStat := func(policyName string, policyResponse engine.PolicyResponse) {

4
pkg/policy/apply.go
View file

@ -15,7 +15,7 @@ import (
// applyPolicy applies policy on a resource
//TODO: generation rules
func applyPolicy(policy kyverno.Policy, resource unstructured.Unstructured, policyStatus PolicyStatusInterface) (responses []engine.EngineResponseNew) {
func applyPolicy(policy kyverno.ClusterPolicy, resource unstructured.Unstructured, policyStatus PolicyStatusInterface) (responses []engine.EngineResponseNew) {
startTime := time.Now()
var policyStats []PolicyStat
glog.V(4).Infof("Started apply policy %s on resource %s/%s/%s (%v)", policy.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName(), startTime)
@ -64,7 +64,7 @@ func applyPolicy(policy kyverno.Policy, resource unstructured.Unstructured, poli
//TODO: GENERATION
return engineResponses
}
func mutation(policy kyverno.Policy, resource unstructured.Unstructured, policyStatus PolicyStatusInterface) (engine.EngineResponseNew, error) {
func mutation(policy kyverno.ClusterPolicy, resource unstructured.Unstructured, policyStatus PolicyStatusInterface) (engine.EngineResponseNew, error) {
engineResponse := engine.MutateNew(policy, resource)
if !engineResponse.IsSuccesful() {
glog.V(4).Infof("mutation had errors reporting them")

70
pkg/policy/controller.go
View file

@ -44,7 +44,7 @@ const (
maxRetries = 15
)
var controllerKind = kyverno.SchemeGroupVersion.WithKind("Policy")
var controllerKind = kyverno.SchemeGroupVersion.WithKind("ClusterPolicy")
// PolicyController is responsible for synchronizing Policy objects stored
// in the system with the corresponding policy violations
@ -54,16 +54,16 @@ type PolicyController struct {
eventGen event.Interface
eventRecorder record.EventRecorder
syncHandler func(pKey string) error
enqueuePolicy func(policy *kyverno.Policy)
enqueuePolicy func(policy *kyverno.ClusterPolicy)
//pvControl is used for adoptin/releasing policy violation
pvControl PVControlInterface
// Policys that need to be synced
queue workqueue.RateLimitingInterface
// pLister can list/get policy from the shared informer's store
pLister kyvernolister.PolicyLister
pLister kyvernolister.ClusterPolicyLister
// pvLister can list/get policy violation from the shared informer's store
pvLister kyvernolister.PolicyViolationLister
pvLister kyvernolister.ClusterPolicyViolationLister
// pListerSynced returns true if the Policy store has been synced at least once
pListerSynced cache.InformerSynced
// pvListerSynced returns true if the Policy store has been synced at least once
@ -81,7 +81,7 @@ type PolicyController struct {
}
// NewPolicyController create a new PolicyController
func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.Client, pInformer kyvernoinformer.PolicyInformer, pvInformer kyvernoinformer.PolicyViolationInformer,
func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.Client, pInformer kyvernoinformer.ClusterPolicyInformer, pvInformer kyvernoinformer.ClusterPolicyViolationInformer,
eventGen event.Interface, webhookInformer webhookinformer.MutatingWebhookConfigurationInformer, webhookRegistrationClient *webhookconfig.WebhookRegistrationClient) (*PolicyController, error) {
// Event broad caster
eventBroadcaster := record.NewBroadcaster()
@ -138,27 +138,27 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.
}
func (pc *PolicyController) addPolicy(obj interface{}) {
p := obj.(*kyverno.Policy)
p := obj.(*kyverno.ClusterPolicy)
glog.V(4).Infof("Adding Policy %s", p.Name)
pc.enqueuePolicy(p)
}
func (pc *PolicyController) updatePolicy(old, cur interface{}) {
oldP := old.(*kyverno.Policy)
curP := cur.(*kyverno.Policy)
oldP := old.(*kyverno.ClusterPolicy)
curP := cur.(*kyverno.ClusterPolicy)
glog.V(4).Infof("Updating Policy %s", oldP.Name)
pc.enqueuePolicy(curP)
}
func (pc *PolicyController) deletePolicy(obj interface{}) {
p, ok := obj.(*kyverno.Policy)
p, ok := obj.(*kyverno.ClusterPolicy)
if !ok {
tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
if !ok {
glog.Info(fmt.Errorf("Couldn't get object from tombstone %#v", obj))
return
}
p, ok = tombstone.Obj.(*kyverno.Policy)
p, ok = tombstone.Obj.(*kyverno.ClusterPolicy)
if !ok {
glog.Info(fmt.Errorf("Tombstone contained object that is not a Policy %#v", obj))
return
@ -169,7 +169,7 @@ func (pc *PolicyController) deletePolicy(obj interface{}) {
}
func (pc *PolicyController) addPolicyViolation(obj interface{}) {
pv := obj.(*kyverno.PolicyViolation)
pv := obj.(*kyverno.ClusterPolicyViolation)
if pv.DeletionTimestamp != nil {
// On a restart of the controller manager, it's possible for an object to
@ -207,8 +207,8 @@ func (pc *PolicyController) addPolicyViolation(obj interface{}) {
}
func (pc *PolicyController) updatePolicyViolation(old, cur interface{}) {
curPV := cur.(*kyverno.PolicyViolation)
oldPV := old.(*kyverno.PolicyViolation)
curPV := cur.(*kyverno.ClusterPolicyViolation)
oldPV := old.(*kyverno.ClusterPolicyViolation)
if curPV.ResourceVersion == oldPV.ResourceVersion {
// Periodic resync will send update events for all known Policy Violation.
// Two different versions of the same replica set will always have different RVs.
@ -256,11 +256,11 @@ func (pc *PolicyController) updatePolicyViolation(old, cur interface{}) {
}
// deletePolicyViolation enqueues the Policy that manages a PolicyViolation when
// the PolicyViolation is deleted. obj could be an *kyverno.PolicyViolation, or
// the PolicyViolation is deleted. obj could be an *kyverno.CusterPolicyViolation, or
// a DeletionFinalStateUnknown marker item.
func (pc *PolicyController) deletePolicyViolation(obj interface{}) {
pv, ok := obj.(*kyverno.PolicyViolation)
pv, ok := obj.(*kyverno.ClusterPolicyViolation)
// When a delete is dropped, the relist will notice a PolicyViolation in the store not
// in the list, leading to the insertion of a tombstone object which contains
// the deleted key/value. Note that this value might be stale. If the PolicyViolation
@ -271,7 +271,7 @@ func (pc *PolicyController) deletePolicyViolation(obj interface{}) {
glog.Info(fmt.Errorf("Couldn't get object from tombstone %#v", obj))
return
}
pv, ok = tombstone.Obj.(*kyverno.PolicyViolation)
pv, ok = tombstone.Obj.(*kyverno.ClusterPolicyViolation)
if !ok {
glog.Info(fmt.Errorf("Couldn't get object from tombstone %#v", obj))
return
@ -293,7 +293,7 @@ func (pc *PolicyController) deletePolicyViolation(obj interface{}) {
// resolveControllerRef returns the controller referenced by a ControllerRef,
// or nil if the ControllerRef could not be resolved to a matching controller
// of the correct Kind.
func (pc *PolicyController) resolveControllerRef(controllerRef *metav1.OwnerReference) *kyverno.Policy {
func (pc *PolicyController) resolveControllerRef(controllerRef *metav1.OwnerReference) *kyverno.ClusterPolicy {
// We can't look up by UID, so look up by Name and then verify UID.
// Don't even try to look up by Name if it's the wrong Kind.
if controllerRef.Kind != controllerRef.Kind {
@ -311,7 +311,7 @@ func (pc *PolicyController) resolveControllerRef(controllerRef *metav1.OwnerRefe
return p
}
func (pc *PolicyController) getPolicyForPolicyViolation(pv *kyverno.PolicyViolation) []*kyverno.Policy {
func (pc *PolicyController) getPolicyForPolicyViolation(pv *kyverno.ClusterPolicyViolation) []*kyverno.ClusterPolicy {
policies, err := pc.pLister.GetPolicyForPolicyViolation(pv)
if err != nil || len(policies) == 0 {
return nil
@ -329,7 +329,7 @@ func (pc *PolicyController) getPolicyForPolicyViolation(pv *kyverno.PolicyViolat
return policies
}
func (pc *PolicyController) enqueue(policy *kyverno.Policy) {
func (pc *PolicyController) enqueue(policy *kyverno.ClusterPolicy) {
key, err := cache.MetaNamespaceKeyFunc(policy)
if err != nil {
glog.Error(err)
@ -443,7 +443,7 @@ func (pc *PolicyController) syncPolicy(key string) error {
// TODO: here checks mutatingwebhook only
// as 'kubectl scale' is not funtional with validatingwebhook
// refer to https://github.com/nirmata/kyverno/issues/250
func (pc *PolicyController) handleWebhookRegistration(delete bool, policy *kyverno.Policy) error {
func (pc *PolicyController) handleWebhookRegistration(delete bool, policy *kyverno.ClusterPolicy) error {
policies, _ := pc.pLister.List(labels.NewSelector())
selector := &metav1.LabelSelector{MatchLabels: config.KubePolicyAppLabels}
webhookSelector, err := metav1.LabelSelectorAsSelector(selector)
@ -484,7 +484,7 @@ func (pc *PolicyController) handleWebhookRegistration(delete bool, policy *kyver
//syncStatusOnly updates the policy status subresource
// status:
// - violations : (count of the resources that violate this policy )
func (pc *PolicyController) syncStatusOnly(p *kyverno.Policy, pvList []*kyverno.PolicyViolation) error {
func (pc *PolicyController) syncStatusOnly(p *kyverno.ClusterPolicy, pvList []*kyverno.ClusterPolicyViolation) error {
newStatus := pc.calculateStatus(p.Name, pvList)
if reflect.DeepEqual(newStatus, p.Status) {
// no update to status
@ -493,11 +493,11 @@ func (pc *PolicyController) syncStatusOnly(p *kyverno.Policy, pvList []*kyverno.
// update status
newPolicy := p
newPolicy.Status = newStatus
_, err := pc.kyvernoClient.KyvernoV1alpha1().Policies().UpdateStatus(newPolicy)
_, err := pc.kyvernoClient.KyvernoV1alpha1().ClusterPolicies().UpdateStatus(newPolicy)
return err
}
func (pc *PolicyController) calculateStatus(policyName string, pvList []*kyverno.PolicyViolation) kyverno.PolicyStatus {
func (pc *PolicyController) calculateStatus(policyName string, pvList []*kyverno.ClusterPolicyViolation) kyverno.PolicyStatus {
violationCount := len(pvList)
status := kyverno.PolicyStatus{
ViolationCount: violationCount,
@ -513,7 +513,7 @@ func (pc *PolicyController) calculateStatus(policyName string, pvList []*kyverno
}
return status
}
func (pc *PolicyController) getPolicyViolationsForPolicy(p *kyverno.Policy) ([]*kyverno.PolicyViolation, error) {
func (pc *PolicyController) getPolicyViolationsForPolicy(p *kyverno.ClusterPolicy) ([]*kyverno.ClusterPolicyViolation, error) {
// List all PolicyViolation to find those we own but that no longer match our
// selector. They will be orphaned by ClaimPolicyViolation().
pvList, err := pc.pvLister.List(labels.Everything())
@ -537,7 +537,7 @@ func (pc *PolicyController) getPolicyViolationsForPolicy(p *kyverno.Policy) ([]*
}
canAdoptFunc := RecheckDeletionTimestamp(func() (metav1.Object, error) {
fresh, err := pc.kyvernoClient.KyvernoV1alpha1().Policies().Get(p.Name, metav1.GetOptions{})
fresh, err := pc.kyvernoClient.KyvernoV1alpha1().ClusterPolicies().Get(p.Name, metav1.GetOptions{})
if err != nil {
return nil, err
}
@ -552,18 +552,18 @@ func (pc *PolicyController) getPolicyViolationsForPolicy(p *kyverno.Policy) ([]*
return cm.claimPolicyViolations(pvList)
}
func (m *PolicyViolationControllerRefManager) claimPolicyViolations(sets []*kyverno.PolicyViolation) ([]*kyverno.PolicyViolation, error) {
var claimed []*kyverno.PolicyViolation
func (m *PolicyViolationControllerRefManager) claimPolicyViolations(sets []*kyverno.ClusterPolicyViolation) ([]*kyverno.ClusterPolicyViolation, error) {
var claimed []*kyverno.ClusterPolicyViolation
var errlist []error
match := func(obj metav1.Object) bool {
return m.Selector.Matches(labels.Set(obj.GetLabels()))
}
adopt := func(obj metav1.Object) error {
return m.adoptPolicyViolation(obj.(*kyverno.PolicyViolation))
return m.adoptPolicyViolation(obj.(*kyverno.ClusterPolicyViolation))
}
release := func(obj metav1.Object) error {
return m.releasePolicyViolation(obj.(*kyverno.PolicyViolation))
return m.releasePolicyViolation(obj.(*kyverno.ClusterPolicyViolation))
}
for _, pv := range sets {
@ -579,7 +579,7 @@ func (m *PolicyViolationControllerRefManager) claimPolicyViolations(sets []*kyve
return claimed, utilerrors.NewAggregate(errlist)
}
func (m *PolicyViolationControllerRefManager) adoptPolicyViolation(pv *kyverno.PolicyViolation) error {
func (m *PolicyViolationControllerRefManager) adoptPolicyViolation(pv *kyverno.ClusterPolicyViolation) error {
if err := m.CanAdopt(); err != nil {
return fmt.Errorf("can't adopt PolicyViolation %v (%v): %v", pv.Name, pv.UID, err)
}
@ -629,7 +629,7 @@ func removeOwnerReferencePatch(ownerRef metav1.OwnerReference) ([]byte, error) {
return json.Marshal(payload)
}
func (m *PolicyViolationControllerRefManager) releasePolicyViolation(pv *kyverno.PolicyViolation) error {
func (m *PolicyViolationControllerRefManager) releasePolicyViolation(pv *kyverno.ClusterPolicyViolation) error {
glog.V(2).Infof("patching PolicyViolation %s to remove its controllerRef to %s/%s:%s",
pv.Name, m.controllerKind.GroupVersion(), m.controllerKind.Kind, m.Controller.GetName())
//TODO JSON patch for owner reference for resources
@ -785,7 +785,7 @@ type RealPVControl struct {
//PatchPolicyViolation patches the policy violation with the provided JSON Patch
func (r RealPVControl) PatchPolicyViolation(name string, data []byte) error {
_, err := r.Client.KyvernoV1alpha1().PolicyViolations().Patch(name, types.JSONPatchType, data)
_, err := r.Client.KyvernoV1alpha1().ClusterPolicyViolations().Patch(name, types.JSONPatchType, data)
return err
}
@ -847,7 +847,7 @@ func createLabelMapPatch(policy string, resource string) ([]byte, error) {
//updatePolicyLabelIfNotDefined adds the label 'policy' to the PolicyViolation
// label is used here to lookup policyViolation and corresponding Policy
func updatePolicyLabelIfNotDefined(pvControl PVControlInterface, pv *kyverno.PolicyViolation) bool {
func updatePolicyLabelIfNotDefined(pvControl PVControlInterface, pv *kyverno.ClusterPolicyViolation) bool {
updateLabel := func() bool {
glog.V(4).Infof("adding label 'policy:%s' to PolicyViolation %s", pv.Spec.Policy, pv.Name)
glog.V(4).Infof("adding label 'resource:%s' to PolicyViolation %s", pv.Spec.ResourceSpec.ToKey(), pv.Name)
@ -931,7 +931,7 @@ func joinPatches(patches ...[]byte) []byte {
return result
}
func HasMutateOrValidatePolicies(policies []*kyverno.Policy) bool {
func HasMutateOrValidatePolicies(policies []*kyverno.ClusterPolicy) bool {
for _, policy := range policies {
if HasMutateOrValidate(*policy) {
return true
@ -940,7 +940,7 @@ func HasMutateOrValidatePolicies(policies []*kyverno.Policy) bool {
return false
}
func HasMutateOrValidate(policy kyverno.Policy) bool {
func HasMutateOrValidate(policy kyverno.ClusterPolicy) bool {
for _, rule := range policy.Spec.Rules {
if !reflect.DeepEqual(rule.Mutation, kyverno.Mutation{}) || !reflect.DeepEqual(rule.Validation, kyverno.Validation{}) {
glog.Infoln(rule.Name)

4
pkg/policy/existing.go
View file

@ -14,7 +14,7 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
func (pc *PolicyController) processExistingResources(policy kyverno.Policy) []engine.EngineResponseNew {
func (pc *PolicyController) processExistingResources(policy kyverno.ClusterPolicy) []engine.EngineResponseNew {
// Parse through all the resources
// drops the cache after configured rebuild time
pc.rm.Drop()
@ -38,7 +38,7 @@ func (pc *PolicyController) processExistingResources(policy kyverno.Policy) []en
return engineResponses
}
func listResources(client *client.Client, policy kyverno.Policy, filterK8Resources []utils.K8Resource) map[string]unstructured.Unstructured {
func listResources(client *client.Client, policy kyverno.ClusterPolicy, filterK8Resources []utils.K8Resource) map[string]unstructured.Unstructured {
// key uid
resourceMap := map[string]unstructured.Unstructured{}

6
pkg/policy/status.go
View file

@ -24,10 +24,7 @@ type PolicyStatusAggregator struct {
}
//NewPolicyStatAggregator returns a new policy status
func NewPolicyStatAggregator(client *kyvernoclient.Clientset,
// pInformer kyvernoinformer.PolicyInformer
) *PolicyStatusAggregator {
func NewPolicyStatAggregator(client *kyvernoclient.Clientset) *PolicyStatusAggregator {
psa := PolicyStatusAggregator{
startTime: time.Now(),
ch: make(chan PolicyStat),
@ -46,6 +43,7 @@ func (psa *PolicyStatusAggregator) Run(workers int, stopCh <-chan struct{}) {
for i := 0; i < workers; i++ {
go wait.Until(psa.process, time.Second, stopCh)
}
<-stopCh
}
func (psa *PolicyStatusAggregator) process() {

2
pkg/policy/utils.go
View file

@ -8,7 +8,7 @@ import kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
// - Rule resource description changes
// - Rule operation changes
// - Rule name changed
func reEvaulatePolicy(curP, oldP *kyverno.Policy) bool {
func reEvaulatePolicy(curP, oldP *kyverno.ClusterPolicy) bool {
// count of rules changed
if len(curP.Spec.Rules) != len(curP.Spec.Rules) {

38
pkg/policyviolation/controller.go
View file

@ -33,7 +33,7 @@ const (
maxRetries = 15
)
var controllerKind = kyverno.SchemeGroupVersion.WithKind("PolicyViolation")
var controllerKind = kyverno.SchemeGroupVersion.WithKind("ClusterPolicyViolation")
// PolicyViolationController manages the policy violation resource
// - sync the lastupdate time
@ -43,13 +43,13 @@ type PolicyViolationController struct {
kyvernoClient *kyvernoclient.Clientset
eventRecorder record.EventRecorder
syncHandler func(pKey string) error
enqueuePolicyViolation func(policy *kyverno.PolicyViolation)
enqueuePolicyViolation func(policy *kyverno.ClusterPolicyViolation)
// Policys that need to be synced
queue workqueue.RateLimitingInterface
// pvLister can list/get policy violation from the shared informer's store
pvLister kyvernolister.PolicyViolationLister
pvLister kyvernolister.ClusterPolicyViolationLister
// pLister can list/get policy from the shared informer's store
pLister kyvernolister.PolicyLister
pLister kyvernolister.ClusterPolicyLister
// pListerSynced returns true if the Policy store has been synced at least once
pListerSynced cache.InformerSynced
// pvListerSynced retrns true if the Policy store has been synced at least once
@ -59,7 +59,7 @@ type PolicyViolationController struct {
}
//NewPolicyViolationController creates a new NewPolicyViolationController
func NewPolicyViolationController(client *client.Client, kyvernoClient *kyvernoclient.Clientset, pInformer kyvernoinformer.PolicyInformer, pvInformer kyvernoinformer.PolicyViolationInformer) (*PolicyViolationController, error) {
func NewPolicyViolationController(client *client.Client, kyvernoClient *kyvernoclient.Clientset, pInformer kyvernoinformer.ClusterPolicyInformer, pvInformer kyvernoinformer.ClusterPolicyViolationInformer) (*PolicyViolationController, error) {
// Event broad caster
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(glog.Infof)
@ -94,14 +94,14 @@ func NewPolicyViolationController(client *client.Client, kyvernoClient *kyvernoc
}
func (pvc *PolicyViolationController) addPolicyViolation(obj interface{}) {
pv := obj.(*kyverno.PolicyViolation)
pv := obj.(*kyverno.ClusterPolicyViolation)
glog.V(4).Infof("Adding PolicyViolation %s", pv.Name)
pvc.enqueuePolicyViolation(pv)
}
func (pvc *PolicyViolationController) updatePolicyViolation(old, cur interface{}) {
oldPv := old.(*kyverno.PolicyViolation)
curPv := cur.(*kyverno.PolicyViolation)
oldPv := old.(*kyverno.ClusterPolicyViolation)
curPv := cur.(*kyverno.ClusterPolicyViolation)
glog.V(4).Infof("Updating Policy Violation %s", oldPv.Name)
if err := pvc.syncLastUpdateTimeStatus(curPv, oldPv); err != nil {
glog.Errorf("Failed to update lastUpdateTime in PolicyViolation %s status: %v", curPv.Name, err)
@ -110,14 +110,14 @@ func (pvc *PolicyViolationController) updatePolicyViolation(old, cur interface{}
}
func (pvc *PolicyViolationController) deletePolicyViolation(obj interface{}) {
pv, ok := obj.(*kyverno.PolicyViolation)
pv, ok := obj.(*kyverno.ClusterPolicyViolation)
if !ok {
tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
if !ok {
glog.Info(fmt.Errorf("Couldn't get object from tombstone %#v", obj))
return
}
pv, ok = tombstone.Obj.(*kyverno.PolicyViolation)
pv, ok = tombstone.Obj.(*kyverno.ClusterPolicyViolation)
if !ok {
glog.Info(fmt.Errorf("Tombstone contained object that is not a PolicyViolation %#v", obj))
return
@ -127,7 +127,7 @@ func (pvc *PolicyViolationController) deletePolicyViolation(obj interface{}) {
pvc.enqueuePolicyViolation(pv)
}
func (pvc *PolicyViolationController) enqueue(policyViolation *kyverno.PolicyViolation) {
func (pvc *PolicyViolationController) enqueue(policyViolation *kyverno.ClusterPolicyViolation) {
key, err := cache.MetaNamespaceKeyFunc(policyViolation)
if err != nil {
glog.Error(err)
@ -223,7 +223,7 @@ func (pvc *PolicyViolationController) syncPolicyViolation(key string) error {
return pvc.syncStatusOnly(pv)
}
func (pvc *PolicyViolationController) syncActiveResource(curPv *kyverno.PolicyViolation) error {
func (pvc *PolicyViolationController) syncActiveResource(curPv *kyverno.ClusterPolicyViolation) error {
// check if the resource is active or not ?
rspec := curPv.Spec.ResourceSpec
// get resource
@ -250,7 +250,7 @@ func (pvc *PolicyViolationController) syncActiveResource(curPv *kyverno.PolicyVi
//syncStatusOnly updates the policyviolation status subresource
// status:
func (pvc *PolicyViolationController) syncStatusOnly(curPv *kyverno.PolicyViolation) error {
func (pvc *PolicyViolationController) syncStatusOnly(curPv *kyverno.ClusterPolicyViolation) error {
// newStatus := calculateStatus(pv)
return nil
}
@ -258,7 +258,7 @@ func (pvc *PolicyViolationController) syncStatusOnly(curPv *kyverno.PolicyViolat
//TODO: think this through again
//syncLastUpdateTimeStatus updates the policyviolation lastUpdateTime if anything in ViolationSpec changed
// - lastUpdateTime : (time stamp when the policy violation changed)
func (pvc *PolicyViolationController) syncLastUpdateTimeStatus(curPv *kyverno.PolicyViolation, oldPv *kyverno.PolicyViolation) error {
func (pvc *PolicyViolationController) syncLastUpdateTimeStatus(curPv *kyverno.ClusterPolicyViolation, oldPv *kyverno.ClusterPolicyViolation) error {
// check if there is any change in policy violation information
if !updated(curPv, oldPv) {
return nil
@ -270,13 +270,13 @@ func (pvc *PolicyViolationController) syncLastUpdateTimeStatus(curPv *kyverno.Po
return pvc.pvControl.UpdateStatusPolicyViolation(newPolicyViolation)
}
func updated(curPv *kyverno.PolicyViolation, oldPv *kyverno.PolicyViolation) bool {
func updated(curPv *kyverno.ClusterPolicyViolation, oldPv *kyverno.ClusterPolicyViolation) bool {
return !reflect.DeepEqual(curPv.Spec, oldPv.Spec)
//TODO check if owner reference changed, then should we update the lastUpdateTime as well ?
}
type PVControlInterface interface {
UpdateStatusPolicyViolation(newPv *kyverno.PolicyViolation) error
UpdateStatusPolicyViolation(newPv *kyverno.ClusterPolicyViolation) error
RemovePolicyViolation(name string) error
}
@ -287,12 +287,12 @@ type RealPVControl struct {
}
//UpdateStatusPolicyViolation updates the status for policy violation
func (r RealPVControl) UpdateStatusPolicyViolation(newPv *kyverno.PolicyViolation) error {
_, err := r.Client.KyvernoV1alpha1().PolicyViolations().UpdateStatus(newPv)
func (r RealPVControl) UpdateStatusPolicyViolation(newPv *kyverno.ClusterPolicyViolation) error {
_, err := r.Client.KyvernoV1alpha1().ClusterPolicyViolations().UpdateStatus(newPv)
return err
}
//RemovePolicyViolation removes the policy violation
func (r RealPVControl) RemovePolicyViolation(name string) error {
return r.Client.KyvernoV1alpha1().PolicyViolations().Delete(name, &metav1.DeleteOptions{})
return r.Client.KyvernoV1alpha1().ClusterPolicyViolations().Delete(name, &metav1.DeleteOptions{})
}

18
pkg/policyviolation/helpers.go
View file

@ -14,8 +14,8 @@ import (
)
//BuildPolicyViolation returns an value of type PolicyViolation
func BuildPolicyViolation(policy string, resource kyverno.ResourceSpec, fRules []kyverno.ViolatedRule) kyverno.PolicyViolation {
pv := kyverno.PolicyViolation{
func BuildPolicyViolation(policy string, resource kyverno.ResourceSpec, fRules []kyverno.ViolatedRule) kyverno.ClusterPolicyViolation {
pv := kyverno.ClusterPolicyViolation{
Spec: kyverno.PolicyViolationSpec{
Policy: policy,
ResourceSpec: resource,
@ -52,7 +52,7 @@ func BuildPolicyViolation(policy string, resource kyverno.ResourceSpec, fRules [
// return pv
// }
func buildPVForPolicy(er engine.EngineResponseNew) kyverno.PolicyViolation {
func buildPVForPolicy(er engine.EngineResponseNew) kyverno.ClusterPolicyViolation {
var violatedRules []kyverno.ViolatedRule
glog.V(4).Infof("building policy violation for engine response %v", er)
for _, r := range er.PolicyResponse.Rules {
@ -78,11 +78,11 @@ func buildPVForPolicy(er engine.EngineResponseNew) kyverno.PolicyViolation {
}
//CreatePV creates policy violation resource based on the engine responses
func CreatePV(pvLister kyvernolister.PolicyViolationLister, client *kyvernoclient.Clientset, engineResponses []engine.EngineResponseNew) {
var pvs []kyverno.PolicyViolation
func CreatePV(pvLister kyvernolister.ClusterPolicyViolationLister, client *kyvernoclient.Clientset, engineResponses []engine.EngineResponseNew) {
var pvs []kyverno.ClusterPolicyViolation
for _, er := range engineResponses {
if !er.IsSuccesful() {
if pv := buildPVForPolicy(er); !reflect.DeepEqual(pv, kyverno.PolicyViolation{}) {
if pv := buildPVForPolicy(er); !reflect.DeepEqual(pv, kyverno.ClusterPolicyViolation{}) {
pvs = append(pvs, pv)
}
}
@ -101,7 +101,7 @@ func CreatePV(pvLister kyvernolister.PolicyViolationLister, client *kyvernoclien
if curPv == nil {
glog.V(4).Infof("creating new policy violation for policy %s & resource %s/%s/%s", newPv.Spec.Policy, newPv.Spec.ResourceSpec.Kind, newPv.Spec.ResourceSpec.Namespace, newPv.Spec.ResourceSpec.Name)
// no existing policy violation, create a new one
_, err := client.KyvernoV1alpha1().PolicyViolations().Create(&newPv)
_, err := client.KyvernoV1alpha1().ClusterPolicyViolations().Create(&newPv)
if err != nil {
glog.Error(err)
}
@ -117,7 +117,7 @@ func CreatePV(pvLister kyvernolister.PolicyViolationLister, client *kyvernoclien
glog.V(4).Infof("creating new policy violation for policy %s & resource %s/%s/%s", curPv.Spec.Policy, curPv.Spec.ResourceSpec.Kind, curPv.Spec.ResourceSpec.Namespace, curPv.Spec.ResourceSpec.Name)
//TODO: using a generic name, but would it be helpful to have naming convention for policy violations
// as we can only have one policy violation for each (policy + resource) combination
_, err = client.KyvernoV1alpha1().PolicyViolations().Update(&newPv)
_, err = client.KyvernoV1alpha1().ClusterPolicyViolations().Update(&newPv)
if err != nil {
glog.Error(err)
continue
@ -173,7 +173,7 @@ func CreatePV(pvLister kyvernolister.PolicyViolationLister, client *kyvernoclien
// }
//TODO: change the name
func getExistingPolicyViolationIfAny(pvListerSynced cache.InformerSynced, pvLister kyvernolister.PolicyViolationLister, newPv kyverno.PolicyViolation) (*kyverno.PolicyViolation, error) {
func getExistingPolicyViolationIfAny(pvListerSynced cache.InformerSynced, pvLister kyvernolister.ClusterPolicyViolationLister, newPv kyverno.ClusterPolicyViolation) (*kyverno.ClusterPolicyViolation, error) {
// TODO: check for existing ov using label selectors on resource and policy
// TODO: there can be duplicates, as the labels have not been assigned to the policy violation yet
labelMap := map[string]string{"policy": newPv.Spec.Policy, "resource": newPv.Spec.ResourceSpec.ToKey()}

8
pkg/testrunner/scenario.go
View file

@ -182,7 +182,7 @@ func createNamespace(client *client.Client, ns *unstructured.Unstructured) error
_, err := client.CreateResource("Namespace", "", ns, false)
return err
}
func validateGeneratedResources(t *testing.T, client *client.Client, policy kyverno.Policy, expected []kyverno.ResourceSpec) {
func validateGeneratedResources(t *testing.T, client *client.Client, policy kyverno.ClusterPolicy, expected []kyverno.ResourceSpec) {
t.Log("--validate if resources are generated---")
// list of expected generated resources
for _, resource := range expected {
@ -400,16 +400,16 @@ func loadObjects(t *testing.T, path string) []runtime.Object {
}
func loadPolicy(t *testing.T, path string) *kyverno.Policy {
func loadPolicy(t *testing.T, path string) *kyverno.ClusterPolicy {
t.Logf("loading policy from %s", path)
data, err := loadFile(t, path)
if err != nil {
return nil
}
var policies []*kyverno.Policy
var policies []*kyverno.ClusterPolicy
pBytes := bytes.Split(data, []byte("---"))
for _, p := range pBytes {
policy := kyverno.Policy{}
policy := kyverno.ClusterPolicy{}
pBytes, err := apiyaml.ToJSON(p)
if err != nil {
glog.Error(err)

2
pkg/utils/util.go
View file

@ -111,7 +111,7 @@ func CRDInstalled(discovery client.IDiscovery) bool {
glog.Infof("CRD %s found ", kind)
return true
}
if !check("Policy") || !check("PolicyViolation") {
if !check("ClusterPolicy") || !check("ClusterPolicyViolation") {
return false
}
return true

8
pkg/webhookconfig/policy.go
View file

@ -26,7 +26,7 @@ func (wrc *WebhookRegistrationClient) contructPolicyValidatingWebhookConfig(caDa
caData,
true,
wrc.timeoutSeconds,
"policies/*",
"clusterpolicies/*",
"kyverno.io",
"v1alpha1",
[]admregapi.OperationType{admregapi.Create, admregapi.Update},
@ -51,7 +51,7 @@ func (wrc *WebhookRegistrationClient) contructDebugPolicyValidatingWebhookConfig
caData,
true,
wrc.timeoutSeconds,
"policies/*",
"clusterpolicies/*",
"kyverno.io",
"v1alpha1",
[]admregapi.OperationType{admregapi.Create, admregapi.Update},
@ -76,7 +76,7 @@ func (wrc *WebhookRegistrationClient) contructPolicyMutatingWebhookConfig(caData
caData,
true,
wrc.timeoutSeconds,
"policies/*",
"clusterpolicies/*",
"kyverno.io",
"v1alpha1",
[]admregapi.OperationType{admregapi.Create, admregapi.Update},
@ -100,7 +100,7 @@ func (wrc *WebhookRegistrationClient) contructDebugPolicyMutatingWebhookConfig(c
caData,
true,
wrc.timeoutSeconds,
"policies/*",
"clusterpolicies/*",
"kyverno.io",
"v1alpha1",
[]admregapi.OperationType{admregapi.Create, admregapi.Update},

6
pkg/webhooks/policymutation.go
View file

@ -13,7 +13,7 @@ import (
)
func (ws *WebhookServer) handlePolicyMutation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
var policy *kyverno.Policy
var policy *kyverno.ClusterPolicy
raw := request.Object.Raw
//TODO: can this happen? wont this be picked by OpenAPI spec schema ?
@ -46,7 +46,7 @@ func (ws *WebhookServer) handlePolicyMutation(request *v1beta1.AdmissionRequest)
}
}
func generateJSONPatchesForDefaults(policy *kyverno.Policy) ([]byte, []string) {
func generateJSONPatchesForDefaults(policy *kyverno.ClusterPolicy) ([]byte, []string) {
var patches [][]byte
var updateMsgs []string
@ -59,7 +59,7 @@ func generateJSONPatchesForDefaults(policy *kyverno.Policy) ([]byte, []string) {
return utils.JoinPatches(patches), updateMsgs
}
func defaultvalidationFailureAction(policy *kyverno.Policy) ([]byte, string) {
func defaultvalidationFailureAction(policy *kyverno.ClusterPolicy) ([]byte, string) {
// default ValidationFailureAction to "enforce" if not specified
if policy.Spec.ValidationFailureAction == "" {
glog.V(4).Infof("defaulting policy %s 'ValidationFailureAction' to '%s'", policy.Name, BlockChanges)

8
pkg/webhooks/policyvalidation.go
View file

@ -14,7 +14,7 @@ import (
//HandlePolicyValidation performs the validation check on policy resource
func (ws *WebhookServer) handlePolicyValidation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
var policy *kyverno.Policy
var policy *kyverno.ClusterPolicy
admissionResp := &v1beta1.AdmissionResponse{
Allowed: true,
}
@ -38,7 +38,7 @@ func (ws *WebhookServer) handlePolicyValidation(request *v1beta1.AdmissionReques
return admissionResp
}
func (ws *WebhookServer) validatePolicy(policy *kyverno.Policy) *v1beta1.AdmissionResponse {
func (ws *WebhookServer) validatePolicy(policy *kyverno.ClusterPolicy) *v1beta1.AdmissionResponse {
admissionResp := ws.validateUniqueRuleName(policy)
if !admissionResp.Allowed {
return admissionResp
@ -47,7 +47,7 @@ func (ws *WebhookServer) validatePolicy(policy *kyverno.Policy) *v1beta1.Admissi
return ws.validateOverlayPattern(policy)
}
func (ws *WebhookServer) validateOverlayPattern(policy *kyverno.Policy) *v1beta1.AdmissionResponse {
func (ws *WebhookServer) validateOverlayPattern(policy *kyverno.ClusterPolicy) *v1beta1.AdmissionResponse {
for _, rule := range policy.Spec.Rules {
if reflect.DeepEqual(rule.Validation, kyverno.Validation{}) {
continue
@ -76,7 +76,7 @@ func (ws *WebhookServer) validateOverlayPattern(policy *kyverno.Policy) *v1beta1
}
// Verify if the Rule names are unique within a policy
func (ws *WebhookServer) validateUniqueRuleName(policy *kyverno.Policy) *v1beta1.AdmissionResponse {
func (ws *WebhookServer) validateUniqueRuleName(policy *kyverno.ClusterPolicy) *v1beta1.AdmissionResponse {
var ruleNames []string
for _, rule := range policy.Spec.Rules {

8
pkg/webhooks/server.go
View file

@ -32,8 +32,8 @@ type WebhookServer struct {
server http.Server
client *client.Client
kyvernoClient *kyvernoclient.Clientset
pLister kyvernolister.PolicyLister
pvLister kyvernolister.PolicyViolationLister
pLister kyvernolister.ClusterPolicyLister
pvLister kyvernolister.ClusterPolicyViolationLister
pListerSynced cache.InformerSynced
pvListerSynced cache.InformerSynced
eventGen event.Interface
@ -50,8 +50,8 @@ func NewWebhookServer(
kyvernoClient *kyvernoclient.Clientset,
client *client.Client,
tlsPair *tlsutils.TlsPemPair,
pInformer kyvernoinformer.PolicyInformer,
pvInformer kyvernoinformer.PolicyViolationInformer,
pInformer kyvernoinformer.ClusterPolicyInformer,
pvInformer kyvernoinformer.ClusterPolicyViolationInformer,
eventGen event.Interface,
webhookRegistrationClient *webhookconfig.WebhookRegistrationClient,
policyStatus policy.PolicyStatusInterface,

2
pkg/webhooks/utils.go
View file

@ -81,7 +81,7 @@ func (i *ArrayFlags) Set(value string) error {
}
// extract the kinds that the policy rules apply to
func getApplicableKindsForPolicy(p *kyverno.Policy) []string {
func getApplicableKindsForPolicy(p *kyverno.ClusterPolicy) []string {
kindsMap := map[string]interface{}{}
kinds := []string{}
// iterate over the rules an identify all kinds

10
pkg/webhooks/webhookManager.go
View file

@ -18,7 +18,7 @@ const (
all
)
func (ws *WebhookServer) manageWebhookConfigurations(policy kyverno.Policy, op v1beta1.Operation) {
func (ws *WebhookServer) manageWebhookConfigurations(policy kyverno.ClusterPolicy, op v1beta1.Operation) {
switch op {
case v1beta1.Create:
ws.registerWebhookConfigurations(policy)
@ -27,7 +27,7 @@ func (ws *WebhookServer) manageWebhookConfigurations(policy kyverno.Policy, op v
}
}
func (ws *WebhookServer) registerWebhookConfigurations(policy kyverno.Policy) error {
func (ws *WebhookServer) registerWebhookConfigurations(policy kyverno.ClusterPolicy) error {
if !HasMutateOrValidate(policy) {
return nil
}
@ -42,7 +42,7 @@ func (ws *WebhookServer) registerWebhookConfigurations(policy kyverno.Policy) er
return nil
}
func (ws *WebhookServer) deregisterWebhookConfigurations(policy kyverno.Policy) error {
func (ws *WebhookServer) deregisterWebhookConfigurations(policy kyverno.ClusterPolicy) error {
policies, _ := ws.pLister.List(labels.NewSelector())
// deregister webhook if no mutate/validate policy found in cluster
@ -54,7 +54,7 @@ func (ws *WebhookServer) deregisterWebhookConfigurations(policy kyverno.Policy)
return nil
}
func HasMutateOrValidatePolicies(policies []*kyverno.Policy) bool {
func HasMutateOrValidatePolicies(policies []*kyverno.ClusterPolicy) bool {
for _, policy := range policies {
if HasMutateOrValidate(*policy) {
return true
@ -63,7 +63,7 @@ func HasMutateOrValidatePolicies(policies []*kyverno.Policy) bool {
return false
}
func HasMutateOrValidate(policy kyverno.Policy) bool {
func HasMutateOrValidate(policy kyverno.ClusterPolicy) bool {
for _, rule := range policy.Spec.Rules {
if !reflect.DeepEqual(rule.Mutation, kyverno.Mutation{}) || !reflect.DeepEqual(rule.Validation, kyverno.Validation{}) {
glog.Infoln(rule.Name)

2
test/ConfigMap/policy-CM.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-cm
spec :

2
test/ConfigMapGenerator-SecretGenerator/policy-cm-test.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata :
name: "policy-configmapgenerator-test"
spec:

2
test/ConfigMapGenerator-SecretGenerator/policy-namespace-patch-cmgCG-sgCG.yaml
View file

@ -4,7 +4,7 @@
# and then create a namespace
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : "policy-ns-patch-cmg-sg"
spec :

2
test/CronJob/policy-cronjob-wldcrd.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-cronjob
spec:

2
test/DaemonSet/policy-daemonset.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-daemonset
spec:

2
test/Deployment/policy-deployment-any.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-deployment
spec :

2
test/Endpoint/policy-endpoints.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-endpoints
spec :

2
test/HorizontalPodAutoscaler/policy-hpa.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-hpa
spec :

2
test/Ingress/policy-ingress.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata :
name : policy-ingress
spec :

2
test/Job/policy-job.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-job-perl-bigint
spec :

2
test/LimitRange/policy-limitrange.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-limitrange
spec :

2
test/Namespace/policy-namespace.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata :
name : policy-namespace

2
test/NetworkPolicy/policy-network-policy.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-network-policy
spec:

2
test/PersistentVolumeClaim/policy-PVC.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-pvc
spec:

2
test/PodDisruptionBudget/policy-pdb.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-pdb
spec:

2
test/PodTemplate/policy-PodTemplate.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: test-podtemplate
spec:

2
test/ResourceQuota/policy-quota-validation.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-quota-low-test-validation
spec :

2
test/ResourceQuota/policy-quota.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-quota-low-test
spec :

2
test/Secret/policy-secret.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-secrets
spec:

2
test/SecurityContext/policy.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-security-context
spec:

2
test/Service/policy-service.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : policy-service
spec :

2
test/StatefulSet/policy-StatefulSet.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kyverno.io/v1alpha1
kind: Policy
kind: ClusterPolicy
metadata:
name: policy-statefulset
spec:

2
test/generate-resource/main.go
View file

@ -21,7 +21,7 @@ func main() {
}
func generatePolicies() error {
var policy *kyverno.Policy
var policy *kyverno.ClusterPolicy
file, err := ioutil.ReadFile(policyPath)
if err != nil {

2
test/generate/policy_basic.yaml
View file

@ -1,5 +1,5 @@
apiVersion : kyverno.io/v1alpha1
kind : Policy
kind : ClusterPolicy
metadata :
name : basic-policy
spec :

Some files were not shown because too many files have changed in this diff Show more