mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-09 01:16:55 +00:00
1f4181645b
* fix: allow changes to preexisting resource in violation of a policy in Enforce Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: missing error check Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * nit: cleanup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update old policy context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: preconditions always retured true internal.CheckPreconditions always returned true when v.anyAllConditions, it should be populated with rule.RawAnyAllConditions when newValidator() is used to create a validator Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: fix chainsaw test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: nit Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * debug Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: update test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add namespace Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add test for bad to good conversion Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add test step Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
31 lines
1 KiB
Go
31 lines
1 KiB
Go
package api
|
|
|
|
import (
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
|
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
)
|
|
|
|
// ExcludeFunc is a function used to determine if a resource is excluded
|
|
type ExcludeFunc = func(kind, namespace, name string) bool
|
|
|
|
type PolicyContext interface {
|
|
Policy() kyvernov1.PolicyInterface
|
|
NewResource() unstructured.Unstructured
|
|
OldResource() unstructured.Unstructured
|
|
AdmissionInfo() kyvernov1beta1.RequestInfo
|
|
Operation() kyvernov1.AdmissionOperation
|
|
NamespaceLabels() map[string]string
|
|
RequestResource() metav1.GroupVersionResource
|
|
ResourceKind() (schema.GroupVersionKind, string)
|
|
AdmissionOperation() bool
|
|
Element() unstructured.Unstructured
|
|
SetElement(element unstructured.Unstructured)
|
|
|
|
OldPolicyContext() (PolicyContext, error)
|
|
JSONContext() enginecontext.Interface
|
|
Copy() PolicyContext
|
|
}
|