mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 07:57:07 +00:00
0c91e87bbb
* remove policy handler for updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove policy update handler from the ur controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * rework cleanup downstream on policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix downstream deletion on data rule removal Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for clusterpolicy Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * add delays Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix name assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> * delete downstream when deletes the clone source Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-source Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-downstream Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-data-sync-modify-rule Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix labels Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy assertions Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix annotation missing names Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove dead code Signed-off-by: ShutingZhao <shuting@nirmata.com> * create unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * create more unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
84 lines
2.9 KiB
Go
84 lines
2.9 KiB
Go
package common
|
|
|
|
import (
|
|
"context"
|
|
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
|
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
|
|
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
|
|
"github.com/kyverno/kyverno/pkg/config"
|
|
"github.com/kyverno/kyverno/pkg/logging"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
|
"k8s.io/client-go/util/retry"
|
|
)
|
|
|
|
func Update(client versioned.Interface, urLister kyvernov1beta1listers.UpdateRequestNamespaceLister, name string, mutator func(*kyvernov1beta1.UpdateRequest)) (*kyvernov1beta1.UpdateRequest, error) {
|
|
var ur *kyvernov1beta1.UpdateRequest
|
|
err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
|
|
ur, err := urLister.Get(name)
|
|
if err != nil {
|
|
logging.Error(err, "[ATTEMPT] failed to fetch update request", "name", name)
|
|
return err
|
|
}
|
|
ur = ur.DeepCopy()
|
|
mutator(ur)
|
|
_, err = client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Update(context.TODO(), ur, metav1.UpdateOptions{})
|
|
if err != nil {
|
|
logging.Error(err, "[ATTEMPT] failed to update update request", "name", name)
|
|
}
|
|
return err
|
|
})
|
|
if err != nil {
|
|
logging.Error(err, "failed to update update request", "name", name)
|
|
} else {
|
|
logging.V(3).Info("updated update request", "name", name)
|
|
}
|
|
return ur, err
|
|
}
|
|
|
|
func UpdateStatus(client versioned.Interface, urLister kyvernov1beta1listers.UpdateRequestNamespaceLister, name string, state kyvernov1beta1.UpdateRequestState, message string, genResources []kyvernov1.ResourceSpec) (*kyvernov1beta1.UpdateRequest, error) {
|
|
var ur *kyvernov1beta1.UpdateRequest
|
|
err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
|
|
ur, err := urLister.Get(name)
|
|
if err != nil {
|
|
logging.Error(err, "[ATTEMPT] failed to fetch update request", "name", name)
|
|
return err
|
|
}
|
|
ur = ur.DeepCopy()
|
|
ur.Status.State = state
|
|
ur.Status.Message = message
|
|
if genResources != nil {
|
|
ur.Status.GeneratedResources = genResources
|
|
}
|
|
_, err = client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), ur, metav1.UpdateOptions{})
|
|
if err != nil {
|
|
logging.Error(err, "[ATTEMPT] failed to update update request status", "name", name)
|
|
return err
|
|
}
|
|
return err
|
|
})
|
|
if err != nil {
|
|
logging.Error(err, "failed to update update request status", "name", name)
|
|
} else {
|
|
logging.V(3).Info("updated update request status", "name", name, "status", string(state))
|
|
}
|
|
return ur, err
|
|
}
|
|
|
|
func PolicyKey(namespace, name string) string {
|
|
if namespace != "" {
|
|
return namespace + "/" + name
|
|
}
|
|
return name
|
|
}
|
|
|
|
func ResourceSpecFromUnstructured(obj unstructured.Unstructured) kyvernov1.ResourceSpec {
|
|
return kyvernov1.ResourceSpec{
|
|
APIVersion: obj.GetAPIVersion(),
|
|
Kind: obj.GetKind(),
|
|
Namespace: obj.GetNamespace(),
|
|
Name: obj.GetName(),
|
|
}
|
|
}
|