mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
b385693509
* feat: add interface for image verify cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add basic client for cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add ttl to client Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add flags and flag setup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: added a default image verify cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add propogation of cache to image verifier Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add useCache to image verification types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: add ivcache to image verifier Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add logger to cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * typo: DisabledImageVerfiyCache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * typo: DisabledImageVerfiyCache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Update cmd/internal/flag.go Signed-off-by: shuting <shutting06@gmail.com> * feat: add use cache to v2beta1 crd Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: change public attribute TTL to private Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: replace nil in test with disabled cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: convert ttl time to time.Duration Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update opts to use time.Duration Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat:add policy version and remove delete functions by adding policy version, old entries will automatically become outdated and we will not have to remove them manually Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove clear and update get and set to take interface as input Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * style: fix lint issue Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
116 lines
3.6 KiB
Go
116 lines
3.6 KiB
Go
package factories
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/go-logr/logr"
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
|
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
|
|
"github.com/kyverno/kyverno/pkg/engine/context/loaders"
|
|
"github.com/kyverno/kyverno/pkg/engine/jmespath"
|
|
"github.com/kyverno/kyverno/pkg/imageverifycache"
|
|
"github.com/kyverno/kyverno/pkg/logging"
|
|
"github.com/kyverno/kyverno/pkg/toggle"
|
|
)
|
|
|
|
type ContextLoaderFactoryOptions func(*contextLoader)
|
|
|
|
func DefaultContextLoaderFactory(cmResolver engineapi.ConfigmapResolver, opts ...ContextLoaderFactoryOptions) engineapi.ContextLoaderFactory {
|
|
return func(_ kyvernov1.PolicyInterface, _ kyvernov1.Rule) engineapi.ContextLoader {
|
|
cl := &contextLoader{
|
|
logger: logging.WithName("DefaultContextLoaderFactory"),
|
|
cmResolver: cmResolver,
|
|
}
|
|
for _, o := range opts {
|
|
o(cl)
|
|
}
|
|
return cl
|
|
}
|
|
}
|
|
|
|
func WithInitializer(initializer engineapi.Initializer) ContextLoaderFactoryOptions {
|
|
return func(cl *contextLoader) {
|
|
cl.initializers = append(cl.initializers, initializer)
|
|
}
|
|
}
|
|
|
|
type contextLoader struct {
|
|
logger logr.Logger
|
|
cmResolver engineapi.ConfigmapResolver
|
|
initializers []engineapi.Initializer
|
|
}
|
|
|
|
func (l *contextLoader) Load(
|
|
ctx context.Context,
|
|
jp jmespath.Interface,
|
|
client engineapi.RawClient,
|
|
rclientFactory engineapi.RegistryClientFactory,
|
|
ivCache imageverifycache.Client,
|
|
contextEntries []kyvernov1.ContextEntry,
|
|
jsonContext enginecontext.Interface,
|
|
) error {
|
|
for _, init := range l.initializers {
|
|
if err := init(jsonContext); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
for _, entry := range contextEntries {
|
|
loader, err := l.newLoader(ctx, jp, client, rclientFactory, entry, jsonContext)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to create deferred loader for context entry %s", entry.Name)
|
|
}
|
|
if loader != nil {
|
|
if toggle.FromContext(ctx).EnableDeferredLoading() {
|
|
if err := jsonContext.AddDeferredLoader(loader); err != nil {
|
|
return err
|
|
}
|
|
} else {
|
|
if err := loader.LoadData(); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (l *contextLoader) newLoader(
|
|
ctx context.Context,
|
|
jp jmespath.Interface,
|
|
client engineapi.RawClient,
|
|
rclientFactory engineapi.RegistryClientFactory,
|
|
entry kyvernov1.ContextEntry,
|
|
jsonContext enginecontext.Interface,
|
|
) (enginecontext.DeferredLoader, error) {
|
|
if entry.ConfigMap != nil {
|
|
if l.cmResolver != nil {
|
|
ldr := loaders.NewConfigMapLoader(ctx, l.logger, entry, l.cmResolver, jsonContext)
|
|
return enginecontext.NewDeferredLoader(entry.Name, ldr, l.logger)
|
|
} else {
|
|
l.logger.Info("disabled loading of ConfigMap context entry %s", entry.Name)
|
|
return nil, nil
|
|
}
|
|
} else if entry.APICall != nil {
|
|
if client != nil {
|
|
ldr := loaders.NewAPILoader(ctx, l.logger, entry, jsonContext, jp, client)
|
|
return enginecontext.NewDeferredLoader(entry.Name, ldr, l.logger)
|
|
} else {
|
|
l.logger.Info("disabled loading of APICall context entry %s", entry.Name)
|
|
return nil, nil
|
|
}
|
|
} else if entry.ImageRegistry != nil {
|
|
if rclientFactory != nil {
|
|
ldr := loaders.NewImageDataLoader(ctx, l.logger, entry, jsonContext, jp, rclientFactory)
|
|
return enginecontext.NewDeferredLoader(entry.Name, ldr, l.logger)
|
|
} else {
|
|
l.logger.Info("disabled loading of ImageRegistry context entry %s", entry.Name)
|
|
return nil, nil
|
|
}
|
|
} else if entry.Variable != nil {
|
|
ldr := loaders.NewVariableLoader(l.logger, entry, jsonContext, jp)
|
|
return enginecontext.NewDeferredLoader(entry.Name, ldr, l.logger)
|
|
}
|
|
return nil, fmt.Errorf("missing ConfigMap|APICall|ImageRegistry|Variable in context entry %s", entry.Name)
|
|
}
|