mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
481798c836
* chore: remove v1beta1 updaterequest definitions Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update UR to map a policy instead a rule; adapt UR mapping changes for admission review Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update code-gen Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: remove unused function Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update ur in policy controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: adapt ur changes in the background controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: more linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: modify mapping relationship for deletion events Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: remedy missing target for policy application Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: fetching logic for triggers Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: clean up targets upon policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * merge main Signed-off-by: ShutingZhao <shuting@nirmata.com> * merge main Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: adds delay before assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: wrong yaml format Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update error handling logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable more debug info Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: makefile to update ur crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: generate existing Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: skip empty ur generation Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
77 lines
2.3 KiB
Go
77 lines
2.3 KiB
Go
package policy
|
|
|
|
import (
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
|
|
common "github.com/kyverno/kyverno/pkg/background/common"
|
|
"github.com/kyverno/kyverno/pkg/config"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
|
)
|
|
|
|
func newMutateUR(policy kyvernov1.PolicyInterface, trigger kyvernov1.ResourceSpec, ruleName string) *kyvernov2.UpdateRequest {
|
|
ur := newUrMeta()
|
|
ur.Labels = common.MutateLabelsSet(policyKey(policy), trigger)
|
|
ur.Spec = kyvernov2.UpdateRequestSpec{
|
|
Type: kyvernov2.Mutate,
|
|
Policy: policyKey(policy),
|
|
Rule: ruleName,
|
|
Resource: kyvernov1.ResourceSpec{
|
|
Kind: trigger.GetKind(),
|
|
Namespace: trigger.GetNamespace(),
|
|
Name: trigger.GetName(),
|
|
APIVersion: trigger.GetAPIVersion(),
|
|
UID: trigger.GetUID(),
|
|
},
|
|
}
|
|
return ur
|
|
}
|
|
|
|
func newGenerateUR(policy kyvernov1.PolicyInterface) *kyvernov2.UpdateRequest {
|
|
ur := newUrMeta()
|
|
ur.Labels = common.GenerateLabelsSet(policyKey(policy))
|
|
ur.Spec = kyvernov2.UpdateRequestSpec{
|
|
Type: kyvernov2.Generate,
|
|
Policy: policyKey(policy),
|
|
}
|
|
return ur
|
|
}
|
|
|
|
func newUrMeta() *kyvernov2.UpdateRequest {
|
|
return &kyvernov2.UpdateRequest{
|
|
TypeMeta: metav1.TypeMeta{
|
|
APIVersion: kyvernov2.SchemeGroupVersion.String(),
|
|
Kind: "UpdateRequest",
|
|
},
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
GenerateName: "ur-",
|
|
Namespace: config.KyvernoNamespace(),
|
|
},
|
|
}
|
|
}
|
|
|
|
func addGeneratedResources(ur *kyvernov2.UpdateRequest, downstream unstructured.Unstructured) {
|
|
ur.Status.GeneratedResources = append(ur.Status.GeneratedResources,
|
|
kyvernov1.ResourceSpec{
|
|
APIVersion: downstream.GetAPIVersion(),
|
|
Kind: downstream.GetKind(),
|
|
Namespace: downstream.GetNamespace(),
|
|
Name: downstream.GetName(),
|
|
UID: downstream.GetUID(),
|
|
},
|
|
)
|
|
}
|
|
|
|
func addRuleContext(ur *kyvernov2.UpdateRequest, ruleName string, trigger kyvernov1.ResourceSpec, deleteDownstream bool) {
|
|
ur.Spec.RuleContext = append(ur.Spec.RuleContext, kyvernov2.RuleContext{
|
|
Rule: ruleName,
|
|
Trigger: kyvernov1.ResourceSpec{
|
|
Kind: trigger.GetKind(),
|
|
Namespace: trigger.GetNamespace(),
|
|
Name: trigger.GetName(),
|
|
APIVersion: trigger.GetAPIVersion(),
|
|
UID: trigger.GetUID(),
|
|
},
|
|
DeleteDownstream: deleteDownstream,
|
|
})
|
|
}
|