mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
a9fef256c7
* updates for foreach and mutate Signed-off-by: Jim Bugwadia <jim@nirmata.com> * allow tests to pass on Windows Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add elementIndex variable Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix jsonResult usage Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add mutate validation and fix error in validate.foreach Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * do not skip validation for all array entries when one is skipped Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add foreach tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix format errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused declarations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert namespaceWithLabelYaml Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix mutate of element list Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update CRDs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update api/kyverno/v1/policy_types.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/custom-functions/policy.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/foreach/policies.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * accept review comments and format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add comments to strategicMergePatch buffer Signed-off-by: Jim Bugwadia <jim@nirmata.com> * load context and evaluate preconditions foreach element Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test for foreach mutate context and precondition * precondition testcase * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Steven E. Harris <seh@panix.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
145 lines
4.9 KiB
Go
145 lines
4.9 KiB
Go
package backwardcompatibility
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
|
|
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
|
|
"github.com/kyverno/kyverno/pkg/config"
|
|
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/labels"
|
|
"sigs.k8s.io/controller-runtime/pkg/log"
|
|
)
|
|
|
|
// AddLabels - adds labels to all the existing generate requests
|
|
func AddLabels(client *kyvernoclient.Clientset, grInformer kyvernoinformer.GenerateRequestInformer) {
|
|
// Get all the GR's that are existing
|
|
// Extract and Update all of them with the with the labels
|
|
grList, err := grInformer.Lister().List(labels.NewSelector())
|
|
if err != nil {
|
|
log.Log.Error(err, "failed to get generate request list")
|
|
return
|
|
}
|
|
|
|
for _, gr := range grList {
|
|
|
|
grLabels := gr.Labels
|
|
if len(grLabels) == 0 {
|
|
grLabels = make(map[string]string)
|
|
}
|
|
grLabels["generate.kyverno.io/policy-name"] = gr.Spec.Policy
|
|
grLabels["generate.kyverno.io/resource-name"] = gr.Spec.Resource.Name
|
|
grLabels["generate.kyverno.io/resource-kind"] = gr.Spec.Resource.Kind
|
|
grLabels["generate.kyverno.io/resource-namespace"] = gr.Spec.Resource.Namespace
|
|
|
|
gr.SetLabels(grLabels)
|
|
|
|
_, err = client.KyvernoV1().GenerateRequests(config.KyvernoNamespace).Update(context.TODO(), gr, metav1.UpdateOptions{})
|
|
if err != nil {
|
|
log.Log.V(4).Info(fmt.Sprintf("failed to update the GR %v. error: %v", gr.Name, err))
|
|
for n := 0; n <= 3; n++ {
|
|
log.Log.V(4).Info(fmt.Sprintf("retrying to get GR %v", gr.Name))
|
|
time.Sleep(100 * time.Millisecond)
|
|
errInGettingGR := addLabelForGR(gr.Name, gr.Namespace, client, grInformer)
|
|
if errInGettingGR != nil {
|
|
continue
|
|
} else {
|
|
break
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func addLabelForGR(name string, namespace string, client *kyvernoclient.Clientset, grInformer kyvernoinformer.GenerateRequestInformer) error {
|
|
gr, err := grInformer.Lister().GenerateRequests(namespace).Get(name)
|
|
if err != nil {
|
|
log.Log.Error(err, fmt.Sprintf("failed to update the GR %v", name))
|
|
return err
|
|
}
|
|
|
|
grLabels := gr.Labels
|
|
if len(grLabels) == 0 {
|
|
grLabels = make(map[string]string)
|
|
}
|
|
grLabels["generate.kyverno.io/policy-name"] = gr.Spec.Policy
|
|
grLabels["generate.kyverno.io/resource-name"] = gr.Spec.Resource.Name
|
|
grLabels["generate.kyverno.io/resource-kind"] = gr.Spec.Resource.Kind
|
|
grLabels["generate.kyverno.io/resource-namespace"] = gr.Spec.Resource.Namespace
|
|
|
|
gr.SetLabels(grLabels)
|
|
|
|
_, err = client.KyvernoV1().GenerateRequests(config.KyvernoNamespace).Update(context.TODO(), gr, metav1.UpdateOptions{})
|
|
if err != nil {
|
|
log.Log.Error(err, fmt.Sprintf("failed to update the GR %v", gr.Name))
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// AddCloneLabel - add label to the source resource about the new clone
|
|
func AddCloneLabel(client *dclient.Client, pInformer kyvernoinformer.ClusterPolicyInformer) {
|
|
// Get all the Generate Policies which has clone
|
|
// Get the resource with Kind, NameSpace, Name
|
|
// Add Policy name if label not found
|
|
policies, err := pInformer.Lister().List(labels.NewSelector())
|
|
if err != nil {
|
|
log.Log.Error(err, "failed to get policies")
|
|
return
|
|
}
|
|
|
|
for _, policy := range policies {
|
|
for _, rule := range policy.Spec.Rules {
|
|
if rule.HasGenerate() {
|
|
clone := rule.Generation.Clone
|
|
if clone.Name != "" {
|
|
namespace := clone.Namespace
|
|
name := clone.Name
|
|
kind := rule.Generation.Kind
|
|
|
|
obj, err := client.GetResource("", kind, namespace, name)
|
|
if err != nil {
|
|
log.Log.Error(err, fmt.Sprintf("source not found name:%v namespace:%v kind:%v", name, namespace, kind))
|
|
continue
|
|
}
|
|
updateSource := true
|
|
|
|
// add label
|
|
label := obj.GetLabels()
|
|
if len(label) == 0 {
|
|
label = make(map[string]string)
|
|
label["generate.kyverno.io/clone-policy-name"] = policy.GetName()
|
|
} else {
|
|
if label["generate.kyverno.io/clone-policy-name"] != "" {
|
|
policyNames := label["generate.kyverno.io/clone-policy-name"]
|
|
if !strings.Contains(policyNames, policy.GetName()) {
|
|
policyNames = policyNames + "," + policy.GetName()
|
|
label["generate.kyverno.io/clone-policy-name"] = policyNames
|
|
} else {
|
|
updateSource = false
|
|
}
|
|
} else {
|
|
label["generate.kyverno.io/clone-policy-name"] = policy.GetName()
|
|
}
|
|
}
|
|
|
|
if updateSource {
|
|
log.Log.V(4).Info("updating existing clone source")
|
|
obj.SetLabels(label)
|
|
_, err = client.UpdateResource(obj.GetAPIVersion(), kind, namespace, obj, false)
|
|
if err != nil {
|
|
log.Log.Error(err, fmt.Sprintf("failed to update source name:%v namespace:%v kind:%v\n", obj.GetName(), obj.GetNamespace(), obj.GetKind()))
|
|
return
|
|
}
|
|
log.Log.V(4).Info(fmt.Sprintf("updated source name:%v namespace:%v kind:%v\n", obj.GetName(), obj.GetNamespace(), obj.GetKind()))
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|