mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
e00596a551
* fix: match wildcard names for generateExisting policies Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: add unit tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
62 lines
1.4 KiB
Go
62 lines
1.4 KiB
Go
package policy
|
|
|
|
import (
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
"github.com/kyverno/kyverno/ext/wildcard"
|
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
|
)
|
|
|
|
func resourceMatches(match kyvernov1.ResourceDescription, res unstructured.Unstructured, isNamespacedPolicy bool) bool {
|
|
if match.Name != "" && !wildcard.Match(match.Name, res.GetName()) {
|
|
return false
|
|
}
|
|
|
|
if len(match.Names) > 0 {
|
|
isMatch := false
|
|
for _, name := range match.Names {
|
|
if wildcard.Match(name, res.GetName()) {
|
|
isMatch = true
|
|
break
|
|
}
|
|
}
|
|
if !isMatch {
|
|
return false
|
|
}
|
|
}
|
|
|
|
if !isNamespacedPolicy && len(match.Namespaces) > 0 && !contains(match.Namespaces, res.GetNamespace()) {
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
func contains(slice []string, item string) bool {
|
|
for _, s := range slice {
|
|
if s == item {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func castPolicy(p interface{}) kyvernov1.PolicyInterface {
|
|
var policy kyvernov1.PolicyInterface
|
|
switch obj := p.(type) {
|
|
case *kyvernov1.ClusterPolicy:
|
|
policy = obj
|
|
case *kyvernov1.Policy:
|
|
policy = obj
|
|
}
|
|
return policy
|
|
}
|
|
|
|
func policyKey(policy kyvernov1.PolicyInterface) string {
|
|
var policyNameNamespaceKey string
|
|
|
|
if policy.IsNamespaced() {
|
|
policyNameNamespaceKey = policy.GetNamespace() + "/" + policy.GetName()
|
|
} else {
|
|
policyNameNamespaceKey = policy.GetName()
|
|
}
|
|
return policyNameNamespaceKey
|
|
}
|