522 minor changes from tests

2025-03-29 10:55:05 +00:00 · 2020-01-24 09:51:40 +05:30 · 2020-01-24 09:51:40 +05:30 · fa7c522b5c
commit fa7c522b5c
parent a90999417e
7 changed files with 19 additions and 30 deletions
--- a/go.mod
+++ b/go.mod
@ -8,7 +8,7 @@ require (
 	github.com/gogo/protobuf v1.3.1 // indirect
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 // indirect
-	github.com/googleapis/gnostic v0.3.1 // indirect
+	github.com/googleapis/gnostic v0.3.1
 	github.com/hashicorp/golang-lru v0.5.3 // indirect
 	github.com/imdario/mergo v0.3.8 // indirect
 	github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af
@ -30,7 +30,7 @@ require (
 	k8s.io/apimachinery v0.0.0-20190404173353-6a84e37a896d
 	k8s.io/client-go v11.0.1-0.20190516230509-ae8359b20417+incompatible
 	k8s.io/klog v1.0.0 // indirect
-	k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a // indirect
+	k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
 	k8s.io/utils v0.0.0-20200109141947-94aeca20bf09 // indirect
 )

--- a/pkg/engine/mutate/overlay.go
+++ b/pkg/engine/mutate/overlay.go
@ -10,8 +10,6 @@ import (
 	"strings"
 	"time"

-	"github.com/nirmata/kyverno/pkg/policy"
-
 	"github.com/golang/glog"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"

@ -113,14 +111,6 @@ func ProcessOverlay(ctx context.EvalInterface, rule kyverno.Rule, resource unstr
 		return resp, resource
 	}

-	err = policy.ValidateResource(patchedResource.UnstructuredContent(), patchedResource.GetKind())
-	if err != nil {
-		glog.V(4).Infoln(err)
-		resp.Success = false
-		resp.Message = fmt.Sprintf("failed to validate patchedResource: %v", err)
-		return resp, resource
-	}
-
 	// rule application succesfuly
 	resp.Success = true
 	resp.Message = fmt.Sprintf("successfully processed overlay")
--- a/pkg/engine/mutate/patches.go
+++ b/pkg/engine/mutate/patches.go
@ -6,8 +6,6 @@ import (
 	"strings"
 	"time"

-	"github.com/nirmata/kyverno/pkg/policy"
-
 	"github.com/golang/glog"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	"github.com/nirmata/kyverno/pkg/engine/response"
@ -84,14 +82,6 @@ func ProcessPatches(rule kyverno.Rule, resource unstructured.Unstructured) (resp
 		return resp, resource
 	}

-	err = policy.ValidateResource(patchedResource.UnstructuredContent(), patchedResource.GetKind())
-	if err != nil {
-		glog.V(4).Infoln(err)
-		resp.Success = false
-		resp.Message = fmt.Sprintf("failed to validate patchedResource: %v", err)
-		return resp, resource
-	}
-
 	// JSON patches processed succesfully
 	resp.Success = true
 	resp.Message = fmt.Sprintf("succesfully process JSON patches")
--- a/pkg/engine/policy/validate.go
+++ b/pkg/engine/policy/validate.go
@ -8,8 +8,6 @@ import (
 	"strconv"
 	"strings"

-	"github.com/nirmata/kyverno/pkg/policy"
-
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	"github.com/nirmata/kyverno/pkg/engine/anchor"
 	rbacv1 "k8s.io/api/rbac/v1"
@ -72,12 +70,6 @@ func Validate(p kyverno.ClusterPolicy) error {
 			}
 		}
 	}
-
-	err := policy.ValidatePolicyMutation(p)
-	if err != nil {
-		return fmt.Errorf("Policy has invalid mutations : %v", err)
-	}
-
 	return nil
 }

--- a/pkg/policy/validation.go
+++ b/pkg/policy/validation.go
@ -49,6 +49,7 @@ func ValidatePolicyMutation(policy v1.ClusterPolicy) error {
 	for kind := range allPossibleKinds {
 		resource, _ := generateEmptyResource(validationGlobalState.definitions["io.k8s.api.core.v1."+kind]).(map[string]interface{})
 		newResource := unstructured.Unstructured{Object: resource}
+		newResource.SetKind(kind)
 		policyContext := engine.PolicyContext{
 			Policy:      policy,
 			NewResource: newResource,
--- a/pkg/webhooks/mutation.go
+++ b/pkg/webhooks/mutation.go
@ -90,6 +90,11 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, resou
 			glog.V(4).Infof("Failed to apply policy %s on resource %s/%s\n", policy.Name, resource.GetNamespace(), resource.GetName())
 			continue
 		}
+		err := policyctr.ValidateResource(engineResponse.PatchedResource.UnstructuredContent(), engineResponse.PatchedResource.GetKind())
+		if err != nil {
+			glog.V(4).Infoln(err)
+			continue
+		}
 		// gather patches
 		patches = append(patches, engineResponse.GetPatches()...)
 		glog.V(4).Infof("Mutation from policy %s has applied succesfully to %s %s/%s", policy.Name, request.Kind.Kind, resource.GetNamespace(), resource.GetName())
--- a/pkg/webhooks/policyvalidation.go
+++ b/pkg/webhooks/policyvalidation.go
@ -4,6 +4,8 @@ import (
 	"encoding/json"
 	"fmt"

+	policy2 "github.com/nirmata/kyverno/pkg/policy"
+
 	"github.com/golang/glog"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	policyvalidate "github.com/nirmata/kyverno/pkg/engine/policy"
@ -36,6 +38,15 @@ func (ws *WebhookServer) handlePolicyValidation(request *v1beta1.AdmissionReques
 		}
 	}

+	if err := policy2.ValidatePolicyMutation(*policy); err != nil {
+		admissionResp = &v1beta1.AdmissionResponse{
+			Allowed: false,
+			Result: &metav1.Status{
+				Message: err.Error(),
+			},
+		}
+	}
+
 	if admissionResp.Allowed {
 		// if the policy contains mutating & validation rules and it config does not exist we create one
 		// queue the request