small fixes

2024-12-14 11:57:48 +00:00 · 2020-07-11 18:12:35 +05:30 · 2020-07-11 18:12:35 +05:30 · fed8d7f967
commit fed8d7f967
parent c26a414182
3 changed files with 6 additions and 99 deletions
--- a/pkg/policymutation/policymutation.go
+++ b/pkg/policymutation/policymutation.go
@ -51,9 +51,7 @@ func defaultBackgroundFlag(policy *kyverno.ClusterPolicy, log logr.Logger) ([]by
 	// set 'Background' flag to 'true' if not specified
 	defaultVal := true
 	if policy.Spec.Background == nil {
-		if log != nil {
-			log.V(4).Info("setting default value", "spec.background", true)
-		}
+		log.V(4).Info("setting default value", "spec.background", true)
 		jsonPatch := struct {
 			Path  string `json:"path"`
 			Op    string `json:"op"`
@ -66,17 +64,11 @@ func defaultBackgroundFlag(policy *kyverno.ClusterPolicy, log logr.Logger) ([]by

 		patchByte, err := json.Marshal(jsonPatch)
 		if err != nil {
-			if log != nil {
-				log.Error(err, "failed to set default value", "spec.background", true)
-			} else {
-				fmt.Println(err, "failed to set default value", "spec.background")
-			}
+			log.Error(err, "failed to set default value", "spec.background", true)
 			return nil, ""
 		}

-		if log != nil {
-			log.V(3).Info("generated JSON Patch to set default", "spec.background", true)
-		}
+		log.V(3).Info("generated JSON Patch to set default", "spec.background", true)
 		return patchByte, fmt.Sprintf("default 'Background' to '%s'", strconv.FormatBool(true))
 	}

@ -143,9 +135,7 @@ func GeneratePodControllerRule(policy kyverno.ClusterPolicy, log logr.Logger) (p
 		return nil, nil
 	}

-	if log != nil {
-		log.V(3).Info("auto generating rule for pod controllers", "controlers", controllers)
-	}
+	log.V(3).Info("auto generating rule for pod controllers", "controlers", controllers)

 	p, err := generateRulePatches(policy, controllers, log)
 	patches = append(patches, p...)
@ -294,9 +284,7 @@ func generateRuleForControllers(rule kyverno.Rule, controllers string, log logr.
 	if skipAutoGeneration {
 		if match.ResourceDescription.Name != "" || match.ResourceDescription.Selector != nil ||
 			exclude.ResourceDescription.Name != "" || exclude.ResourceDescription.Selector != nil {
-			if log != nil {
-				log.Info("skip generating rule on pod controllers: Name / Selector in resource decription may not be applicable.", "rule", rule.Name)
-			}
+			log.Info("skip generating rule on pod controllers: Name / Selector in resource decription may not be applicable.", "rule", rule.Name)
 			return kyvernoRule{}
 		}
 		if controllers == "all" {
--- a/pkg/webhooks/common.go
+++ b/pkg/webhooks/common.go
@ -97,12 +97,6 @@ func (i *ArrayFlags) Set(value string) error {
 	return nil
 }

-// // Policy Reporting Modes
-// const (
-// 	Enforce = "enforce" // blocks the request on failure
-// 	Audit   = "audit"   // dont block the request on failure, but report failiures as policy violations
-// )
-
 func processResourceWithPatches(patch []byte, resource []byte, log logr.Logger) []byte {
 	if patch == nil {
 		return resource
--- a/samples/best_practices/disallow_latest_tag.yaml
+++ b/samples/best_practices/disallow_latest_tag.yaml
@ -30,79 +30,4 @@ spec:
      pattern:
        spec:
          containers:
-          - image: "!*:latest"
-
-
-# apiVersion: kyverno.io/v1
-# kind: ClusterPolicy
-# metadata:
-#   annotations:
-#     pod-policies.kyverno.io/autogen-controllers: DaemonSet,Deployment,Job,StatefulSet
-#     policies.kyverno.io/category: Workload Isolation
-#     policies.kyverno.io/description: The ':latest' tag is mutable and can lead to
-#       unexpected errors if the image changes. A best practice is to use an immutable
-#       tag that maps to a specific version of an application pod.
-#   creationTimestamp: "2020-07-08T05:38:37Z"
-#   generation: 1
-#   name: disallow-latest-tag
-#   resourceVersion: "553391"
-#   selfLink: /apis/kyverno.io/v1/clusterpolicies/disallow-latest-tag
-#   uid: 29f583d5-63f8-4494-98f8-0c06d55cdfe9
-# spec:
-#   background: true
-#   rules:
-#   - match:
-#       resources:
-#         kinds:
-#         - Pod
-#     name: require-image-tag
-#     validate:
-#       message: An image tag is required
-#       pattern:
-#         spec:
-#           containers:
-#           - image: '*:*'
-#   - match:
-#       resources:
-#         kinds:
-#         - Pod
-#     name: validate-image-tag
-#     validate:
-#       message: Using a mutable image tag e.g. 'latest' is not allowed
-#       pattern:
-#         spec:
-#           containers:
-#           - image: '!*:latest'
-#   - match:
-#       resources:
-#         kinds:
-#         - DaemonSet
-#         - Deployment
-#         - Job
-#         - StatefulSet
-#     name: autogen-require-image-tag
-#     validate:
-#       message: An image tag is required
-#       pattern:
-#         spec:
-#           template:
-#             spec:
-#               containers:
-#               - image: '*:*'
-#   - match:
-#       resources:
-#         kinds:
-#         - DaemonSet
-#         - Deployment
-#         - Job
-#         - StatefulSet
-#     name: autogen-validate-image-tag
-#     validate:
-#       message: Using a mutable image tag e.g. 'latest' is not allowed
-#       pattern:
-#         spec:
-#           template:
-#             spec:
-#               containers:
-#               - image: '!*:latest'
-#   validationFailureAction: audit
+          - image: "!*:latest"