mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-10 01:46:55 +00:00
Code Activity
kyverno/pkg/policyviolation/builder.go
shivkumar dudhani 745727fd70 add missing files
2019-12-12 16:35:37 -08:00

79 lines
2.2 KiB
Go
Raw Blame History

package policyviolation
import (
"fmt"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
client "github.com/nirmata/kyverno/pkg/dclient"
)
// Builder builds Policy Violation struct
// this is base type of namespaced and cluster policy violation
type Builder interface {
generate(info Info) []kyverno.PolicyViolationTemplate
build(policy, kind, namespace, name string, rules []kyverno.ViolatedRule) *kyverno.PolicyViolationTemplate
}
type pvBuilder struct {
// dynamic client
dclient *client.Client
}
func newPvBuilder(dclient *client.Client) *pvBuilder {
pvb := pvBuilder{
dclient: dclient,
}
return &pvb
}
func (pvb *pvBuilder) generate(info Info) []kyverno.PolicyViolationTemplate {
var owners []kyverno.ResourceSpec
// get the owners if the resource is blocked or
// TODO: https://github.com/nirmata/kyverno/issues/535
if info.Blocked {
// get resource owners
owners = GetOwners(pvb.dclient, info.Resource)
}
pvs := pvb.buildPolicyViolations(owners, info)
return pvs
}
func (pvb *pvBuilder) buildPolicyViolations(owners []kyverno.ResourceSpec, info Info) []kyverno.PolicyViolationTemplate {
var pvs []kyverno.PolicyViolationTemplate
if len(owners) != 0 {
// there are resource owners
// generate PV on them
for _, resource := range owners {
pv := pvb.build(info.PolicyName, resource.Kind, resource.Namespace, resource.Name, info.Rules)
pvs = append(pvs, *pv)
}
} else {
// generate PV on resource
pv := pvb.build(info.PolicyName, info.Resource.GetKind(), info.Resource.GetNamespace(), info.Resource.GetName(), info.Rules)
pvs = append(pvs, *pv)
}
return pvs
}
func (pvb *pvBuilder) build(policy, kind, namespace, name string, rules []kyverno.ViolatedRule) *kyverno.PolicyViolationTemplate {
pv := &kyverno.PolicyViolationTemplate{
Spec: kyverno.PolicyViolationSpec{
Policy: policy,
ResourceSpec: kyverno.ResourceSpec{
Kind: kind,
Name: name,
Namespace: namespace,
},
ViolatedRules: rules,
},
}
labelMap := map[string]string{
"policy": pv.Spec.Policy,
"resource": pv.Spec.ToKey(),
}
pv.SetLabels(labelMap)
if namespace != "" {
pv.SetNamespace(namespace)
}
pv.SetGenerateName(fmt.Sprintf("%s-", policy))
return pv
}
View git blame Copy permalink