mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
0c91e87bbb
* remove policy handler for updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove policy update handler from the ur controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * rework cleanup downstream on policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix downstream deletion on data rule removal Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for clusterpolicy Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * add delays Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix name assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> * delete downstream when deletes the clone source Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-source Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-downstream Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-data-sync-modify-rule Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix labels Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy assertions Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix annotation missing names Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove dead code Signed-off-by: ShutingZhao <shuting@nirmata.com> * create unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * create more unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
58 lines
2.4 KiB
Go
58 lines
2.4 KiB
Go
package policy
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
|
backgroundcommon "github.com/kyverno/kyverno/pkg/background/common"
|
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
|
"k8s.io/apimachinery/pkg/labels"
|
|
)
|
|
|
|
func (pc *PolicyController) handleMutate(policyKey string, policy kyvernov1.PolicyInterface) error {
|
|
logger := pc.log.WithName("handleMutate").WithName(policyKey)
|
|
if !policy.GetSpec().MutateExistingOnPolicyUpdate {
|
|
logger.V(4).Info("skip policy application on policy event", "policyKey", policyKey, "mutateExiting", policy.GetSpec().MutateExistingOnPolicyUpdate)
|
|
return nil
|
|
}
|
|
|
|
logger.Info("update URs on policy event")
|
|
for _, rule := range policy.GetSpec().Rules {
|
|
var ruleType kyvernov1beta1.RequestType
|
|
if rule.IsMutateExisting() {
|
|
ruleType = kyvernov1beta1.Mutate
|
|
triggers := generateTriggers(pc.client, rule, pc.log)
|
|
for _, trigger := range triggers {
|
|
murs := pc.listMutateURs(policyKey, trigger)
|
|
if murs != nil {
|
|
logger.V(4).Info("UR was created", "rule", rule.Name, "rule type", ruleType, "trigger", trigger.GetNamespace()+trigger.GetName())
|
|
continue
|
|
}
|
|
|
|
logger.Info("creating new UR for mutate")
|
|
ur := newUR(policy, backgroundcommon.ResourceSpecFromUnstructured(*trigger), rule.Name, ruleType, false)
|
|
skip, err := pc.handleUpdateRequest(ur, trigger, rule, policy)
|
|
if err != nil {
|
|
pc.log.Error(err, "failed to create new UR on policy update", "policy", policy.GetName(), "rule", rule.Name, "rule type", ruleType,
|
|
"target", fmt.Sprintf("%s/%s/%s/%s", trigger.GetAPIVersion(), trigger.GetKind(), trigger.GetNamespace(), trigger.GetName()))
|
|
continue
|
|
}
|
|
if skip {
|
|
continue
|
|
}
|
|
pc.log.V(2).Info("successfully created UR on policy update", "policy", policy.GetName(), "rule", rule.Name, "rule type", ruleType,
|
|
"target", fmt.Sprintf("%s/%s/%s/%s", trigger.GetAPIVersion(), trigger.GetKind(), trigger.GetNamespace(), trigger.GetName()))
|
|
}
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (pc *PolicyController) listMutateURs(policyKey string, trigger *unstructured.Unstructured) []*kyvernov1beta1.UpdateRequest {
|
|
mutateURs, err := pc.urLister.List(labels.SelectorFromSet(backgroundcommon.MutateLabelsSet(policyKey, trigger)))
|
|
if err != nil {
|
|
pc.log.Error(err, "failed to list update request for mutate policy")
|
|
}
|
|
return mutateURs
|
|
}
|