mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-12 10:56:54 +00:00
* feat: add interface for image verify cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add basic client for cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add ttl to client Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add flags and flag setup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: added a default image verify cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add propogation of cache to image verifier Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add useCache to image verification types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: add ivcache to image verifier Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add logger to cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * typo: DisabledImageVerfiyCache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * typo: DisabledImageVerfiyCache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Update cmd/internal/flag.go Signed-off-by: shuting <shutting06@gmail.com> * feat: add use cache to v2beta1 crd Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: change public attribute TTL to private Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: replace nil in test with disabled cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: convert ttl time to time.Duration Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update opts to use time.Duration Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat:add policy version and remove delete functions by adding policy version, old entries will automatically become outdated and we will not have to remove them manually Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove clear and update get and set to take interface as input Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * style: fix lint issue Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
93 lines
2.1 KiB
Go
93 lines
2.1 KiB
Go
package imageverifycache
|
|
|
|
import (
|
|
"context"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/go-logr/logr"
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
)
|
|
|
|
type cache struct {
|
|
logger logr.Logger
|
|
isCacheEnabled bool
|
|
maxSize int64
|
|
ttl time.Duration
|
|
lock sync.Mutex
|
|
}
|
|
|
|
type Option = func(*cache) error
|
|
|
|
func New(options ...Option) (Client, error) {
|
|
cache := &cache{}
|
|
for _, opt := range options {
|
|
if err := opt(cache); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return cache, nil
|
|
}
|
|
|
|
func DisabledImageVerifyCache() Client {
|
|
return &cache{
|
|
logger: logr.Discard(),
|
|
isCacheEnabled: false,
|
|
maxSize: 0,
|
|
ttl: 0,
|
|
}
|
|
}
|
|
|
|
func WithLogger(l logr.Logger) Option {
|
|
return func(c *cache) error {
|
|
c.logger = l
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func WithCacheEnableFlag(b bool) Option {
|
|
return func(c *cache) error {
|
|
c.isCacheEnabled = b
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func WithMaxSize(s int64) Option {
|
|
return func(c *cache) error {
|
|
c.maxSize = s
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func WithTTLDuration(t time.Duration) Option {
|
|
return func(c *cache) error {
|
|
c.ttl = t
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func (c *cache) Set(ctx context.Context, policy kyvernov1.PolicyInterface, ruleName string, imageRef string) (bool, error) {
|
|
c.lock.Lock()
|
|
defer c.lock.Unlock()
|
|
|
|
c.logger.Info("Setting cache", "policy", policy.GetName(), "ruleName", ruleName, "imageRef", imageRef)
|
|
if !c.isCacheEnabled {
|
|
return false, nil
|
|
}
|
|
c.logger.Info("Successfully set cache", "policy", policy.GetName(), "ruleName", ruleName, "imageRef", imageRef)
|
|
return false, nil
|
|
}
|
|
|
|
func (c *cache) Get(ctx context.Context, policy kyvernov1.PolicyInterface, ruleName string, imageRef string) (bool, error) {
|
|
c.lock.Lock()
|
|
defer c.lock.Unlock()
|
|
|
|
c.logger.Info("Searching in cache", "policy", policy.GetName(), "ruleName", ruleName, "imageRef", imageRef)
|
|
if !c.isCacheEnabled {
|
|
return false, nil
|
|
}
|
|
c.logger.Info("Cache entry not found", "policy", policy.GetName(), "ruleName", ruleName, "imageRef", imageRef)
|
|
c.logger.Info("Cache entry found", "policy", policy.GetName(), "ruleName", ruleName, "imageRef", imageRef)
|
|
return false, nil
|
|
}
|