mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-26 01:24:26 +00:00
43 lines
1.1 KiB
Go
43 lines
1.1 KiB
Go
package engine
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/kyverno/kyverno/api/policies.kyverno.io/v1alpha1"
|
|
"github.com/kyverno/kyverno/pkg/cel/autogen"
|
|
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
|
|
"k8s.io/apimachinery/pkg/util/sets"
|
|
)
|
|
|
|
func NewIVPOLProvider(policies []v1alpha1.ImageVerificationPolicy) (ImageVerifyPolProviderFunc, error) {
|
|
compiled := make([]CompiledImageVerificationPolicy, 0, len(policies))
|
|
for _, policy := range policies {
|
|
p := policy
|
|
actions := sets.New(policy.Spec.ValidationAction...)
|
|
if len(actions) == 0 {
|
|
actions.Insert(admissionregistrationv1.Deny)
|
|
}
|
|
compiled = append(compiled, CompiledImageVerificationPolicy{
|
|
Actions: actions,
|
|
Policy: &p,
|
|
})
|
|
|
|
autogeneratedIvPols, err := autogen.GetAutogenRulesImageVerify(&p)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
for _, ap := range autogeneratedIvPols {
|
|
compiled = append(compiled, CompiledImageVerificationPolicy{
|
|
Actions: actions,
|
|
Policy: &v1alpha1.ImageVerificationPolicy{
|
|
Spec: ap.Spec,
|
|
},
|
|
})
|
|
}
|
|
}
|
|
provider := func(context.Context) ([]CompiledImageVerificationPolicy, error) {
|
|
return compiled, nil
|
|
}
|
|
return provider, nil
|
|
}
|