mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

522 minor changes from tests

Browse source
This commit is contained in:
shravan 2020-01-24 09:51:40 +05:30
parent a90999417e
commit fa7c522b5c
7 changed files with 19 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
go.mod
View file

@ -8,7 +8,7 @@ require (
github.com/gogo/protobuf v1.3.1 // indirect github.com/gogo/protobuf v1.3.1 // indirect
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 // indirect github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 // indirect
github.com/googleapis/gnostic v0.3.1 // indirect github.com/googleapis/gnostic v0.3.1
github.com/hashicorp/golang-lru v0.5.3 // indirect github.com/hashicorp/golang-lru v0.5.3 // indirect
github.com/imdario/mergo v0.3.8 // indirect github.com/imdario/mergo v0.3.8 // indirect
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af
@ -30,7 +30,7 @@ require (
k8s.io/apimachinery v0.0.0-20190404173353-6a84e37a896d k8s.io/apimachinery v0.0.0-20190404173353-6a84e37a896d
k8s.io/client-go v11.0.1-0.20190516230509-ae8359b20417+incompatible k8s.io/client-go v11.0.1-0.20190516230509-ae8359b20417+incompatible
k8s.io/klog v1.0.0 // indirect k8s.io/klog v1.0.0 // indirect
k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a // indirect k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
k8s.io/utils v0.0.0-20200109141947-94aeca20bf09 // indirect k8s.io/utils v0.0.0-20200109141947-94aeca20bf09 // indirect
) )

10
pkg/engine/mutate/overlay.go
View file

@ -10,8 +10,6 @@ import (
"strings" "strings"
"time" "time"
"github.com/nirmata/kyverno/pkg/policy"
"github.com/golang/glog" "github.com/golang/glog"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -113,14 +111,6 @@ func ProcessOverlay(ctx context.EvalInterface, rule kyverno.Rule, resource unstr
return resp, resource return resp, resource
} }
err = policy.ValidateResource(patchedResource.UnstructuredContent(), patchedResource.GetKind())
if err != nil {
glog.V(4).Infoln(err)
resp.Success = false
resp.Message = fmt.Sprintf("failed to validate patchedResource: %v", err)
return resp, resource
}
// rule application succesfuly // rule application succesfuly
resp.Success = true resp.Success = true
resp.Message = fmt.Sprintf("successfully processed overlay") resp.Message = fmt.Sprintf("successfully processed overlay")

10
pkg/engine/mutate/patches.go
View file

@ -6,8 +6,6 @@ import (
"strings" "strings"
"time" "time"
"github.com/nirmata/kyverno/pkg/policy"
"github.com/golang/glog" "github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1" kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine/response" "github.com/nirmata/kyverno/pkg/engine/response"
@ -84,14 +82,6 @@ func ProcessPatches(rule kyverno.Rule, resource unstructured.Unstructured) (resp
return resp, resource return resp, resource
} }
err = policy.ValidateResource(patchedResource.UnstructuredContent(), patchedResource.GetKind())
if err != nil {
glog.V(4).Infoln(err)
resp.Success = false
resp.Message = fmt.Sprintf("failed to validate patchedResource: %v", err)
return resp, resource
}
// JSON patches processed succesfully // JSON patches processed succesfully
resp.Success = true resp.Success = true
resp.Message = fmt.Sprintf("succesfully process JSON patches") resp.Message = fmt.Sprintf("succesfully process JSON patches")

8
pkg/engine/policy/validate.go
View file

@ -8,8 +8,6 @@ import (
"strconv" "strconv"
"strings" "strings"
"github.com/nirmata/kyverno/pkg/policy"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1" kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine/anchor" "github.com/nirmata/kyverno/pkg/engine/anchor"
rbacv1 "k8s.io/api/rbac/v1" rbacv1 "k8s.io/api/rbac/v1"
@ -72,12 +70,6 @@ func Validate(p kyverno.ClusterPolicy) error {
} }
} }
} }
err := policy.ValidatePolicyMutation(p)
if err != nil {
return fmt.Errorf("Policy has invalid mutations : %v", err)
}
return nil return nil
} }

1
pkg/policy/validation.go
View file

@ -49,6 +49,7 @@ func ValidatePolicyMutation(policy v1.ClusterPolicy) error {
for kind := range allPossibleKinds { for kind := range allPossibleKinds {
resource, _ := generateEmptyResource(validationGlobalState.definitions["io.k8s.api.core.v1."+kind]).(map[string]interface{}) resource, _ := generateEmptyResource(validationGlobalState.definitions["io.k8s.api.core.v1."+kind]).(map[string]interface{})
newResource := unstructured.Unstructured{Object: resource} newResource := unstructured.Unstructured{Object: resource}
newResource.SetKind(kind)
policyContext := engine.PolicyContext{ policyContext := engine.PolicyContext{
Policy: policy, Policy: policy,
NewResource: newResource, NewResource: newResource,

5
pkg/webhooks/mutation.go
View file

@ -90,6 +90,11 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, resou
glog.V(4).Infof("Failed to apply policy %s on resource %s/%s\n", policy.Name, resource.GetNamespace(), resource.GetName()) glog.V(4).Infof("Failed to apply policy %s on resource %s/%s\n", policy.Name, resource.GetNamespace(), resource.GetName())
continue continue
} }
err := policyctr.ValidateResource(engineResponse.PatchedResource.UnstructuredContent(), engineResponse.PatchedResource.GetKind())
if err != nil {
glog.V(4).Infoln(err)
continue
}
// gather patches // gather patches
patches = append(patches, engineResponse.GetPatches()...) patches = append(patches, engineResponse.GetPatches()...)
glog.V(4).Infof("Mutation from policy %s has applied succesfully to %s %s/%s", policy.Name, request.Kind.Kind, resource.GetNamespace(), resource.GetName()) glog.V(4).Infof("Mutation from policy %s has applied succesfully to %s %s/%s", policy.Name, request.Kind.Kind, resource.GetNamespace(), resource.GetName())

11
pkg/webhooks/policyvalidation.go
View file

@ -4,6 +4,8 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
policy2 "github.com/nirmata/kyverno/pkg/policy"
"github.com/golang/glog" "github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1" kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
policyvalidate "github.com/nirmata/kyverno/pkg/engine/policy" policyvalidate "github.com/nirmata/kyverno/pkg/engine/policy"
@ -36,6 +38,15 @@ func (ws *WebhookServer) handlePolicyValidation(request *v1beta1.AdmissionReques
} }
} }
if err := policy2.ValidatePolicyMutation(*policy); err != nil {
admissionResp = &v1beta1.AdmissionResponse{
Allowed: false,
Result: &metav1.Status{
Message: err.Error(),
},
}
}
if admissionResp.Allowed { if admissionResp.Allowed {
// if the policy contains mutating & validation rules and it config does not exist we create one // if the policy contains mutating & validation rules and it config does not exist we create one
// queue the request // queue the request