mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-26 01:24:26 +00:00
b00b2c96c8
* chore: add dryrun as label Signed-off-by: Javier Solana <javier.solana@cabify.com> * check request.Dryrun to avoif SIGSEGV Signed-off-by: Javier Solana <javier.solana@cabify.com> * chore: add dryrun Signed-off-by: Javier Solana <javier.solana@cabify.com> * chore: add dryrun Signed-off-by: Javier Solana <javier.solana@cabify.com> * chore: update doc to add DryRun Signed-off-by: Javier Solana <javier.solana@cabify.com> * chore: update to add DryRun Signed-off-by: Javier Solana <javier.solana@cabify.com> * chore: update crds Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Javier Solana <javier.solana@cabify.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Javier Solana <javier.solana@cabify.com> Co-authored-by: shuting <shuting@nirmata.com>
42 lines
1.2 KiB
Go
42 lines
1.2 KiB
Go
package utils
|
|
|
|
import (
|
|
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
|
|
"github.com/kyverno/kyverno/pkg/config"
|
|
"github.com/kyverno/kyverno/pkg/engine"
|
|
"github.com/kyverno/kyverno/pkg/engine/jmespath"
|
|
admissionv1 "k8s.io/api/admission/v1"
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
)
|
|
|
|
type PolicyContextBuilder interface {
|
|
Build(admissionv1.AdmissionRequest, []string, []string, schema.GroupVersionKind) (*engine.PolicyContext, error)
|
|
}
|
|
|
|
type policyContextBuilder struct {
|
|
configuration config.Configuration
|
|
jp jmespath.Interface
|
|
}
|
|
|
|
func NewPolicyContextBuilder(
|
|
configuration config.Configuration,
|
|
jp jmespath.Interface,
|
|
) PolicyContextBuilder {
|
|
return &policyContextBuilder{
|
|
configuration: configuration,
|
|
jp: jp,
|
|
}
|
|
}
|
|
|
|
func (b *policyContextBuilder) Build(request admissionv1.AdmissionRequest, roles, clusterRoles []string, gvk schema.GroupVersionKind) (*engine.PolicyContext, error) {
|
|
userRequestInfo := kyvernov2.RequestInfo{
|
|
AdmissionUserInfo: *request.UserInfo.DeepCopy(),
|
|
Roles: roles,
|
|
ClusterRoles: clusterRoles,
|
|
}
|
|
|
|
if request.DryRun != nil {
|
|
userRequestInfo.DryRun = *request.DryRun
|
|
}
|
|
return engine.NewPolicyContextFromAdmissionRequest(b.jp, request, userRequestInfo, gvk, b.configuration)
|
|
}
|