mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
kyverno/pkg/policystore/policystore.go
shivkumar dudhani b0d7cdba6f policy store test
2019-08-13 13:15:32 -07:00

63 lines
1.4 KiB
Go
Raw Blame History

package policystore
import (
"sync"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type Interface interface {
Register(policy *kyverno.Policy) error
UnRegister(policy *kyverno.Policy) error // check if the controller can see the policy spec for details?
LookUp(kind, namespace, name string, ls *metav1.LabelSelector) // returns a list of policies and rules that apply
}
type Store struct {
data map[string]string
mux sync.RWMutex
}
func NewStore() *Store {
s := Store{
data: make(map[string]string), //key: kind, value is the name of the policy
}
return &s
}
var empty struct{}
func (s *Store) Register(policy *kyverno.Policy) error {
// check if this policy is already registered for this resource kind
kinds := map[string]string{}
// get kinds from the rules
for _, r := range policy.Spec.Rules {
rkinds := map[string]string{}
// matching resources
for _, k := range r.MatchResources.Kinds {
rkinds[k] = policy.Name
}
for _, k := range r.ExcludeResources.Kinds {
delete(rkinds, k)
}
// merge the result
mergeMap(kinds, rkinds)
}
// have all the kinds that the policy has rule on
s.mux.Lock()
defer s.mux.Unlock()
// merge kinds
mergeMap(s.data, kinds)
return nil
}
// merge m2 into m2
func mergeMap(m1, m2 map[string]string) {
for k, v := range m2 {
m1[k] = v
}
}
View git blame Copy permalink