mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
fb40aa5f38
* enhancement: split validation logic for enforce and audit policies to return admission response earlier Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add missing file Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issues Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: get latest policy object before updating status Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: remove debug code Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: compare before updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: initial reconcile Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat(audit): use a worker pool for Audit policies Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix: unit test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): spin up go routine Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add flags maxAuditWorkers, maxAuditCapacity Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: enable debug log on failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: wait group panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * load-tests: add stess tests configurations Signed-off-by: ShutingZhao <shuting@nirmata.com> * load-tests: disable admissionreports Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: build policy contexts syncronously Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: only run generate and mutate existing go routines when policies are present Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: mutate and verify tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: return early if no audit policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: run handlegenerate and mutate existing in all cases Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: only test bgapplies in generate test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: defer wait in tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * enhancement: process validate enforce in a go routine Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
69 lines
2.6 KiB
Go
69 lines
2.6 KiB
Go
package resource
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/alitto/pond"
|
|
fakekyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/fake"
|
|
kyvernoinformers "github.com/kyverno/kyverno/pkg/client/informers/externalversions"
|
|
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
|
"github.com/kyverno/kyverno/pkg/config"
|
|
"github.com/kyverno/kyverno/pkg/engine"
|
|
"github.com/kyverno/kyverno/pkg/engine/adapters"
|
|
"github.com/kyverno/kyverno/pkg/engine/context/resolvers"
|
|
"github.com/kyverno/kyverno/pkg/engine/factories"
|
|
"github.com/kyverno/kyverno/pkg/engine/jmespath"
|
|
"github.com/kyverno/kyverno/pkg/event"
|
|
"github.com/kyverno/kyverno/pkg/exceptions"
|
|
"github.com/kyverno/kyverno/pkg/imageverifycache"
|
|
"github.com/kyverno/kyverno/pkg/metrics"
|
|
"github.com/kyverno/kyverno/pkg/policycache"
|
|
"github.com/kyverno/kyverno/pkg/registryclient"
|
|
"github.com/kyverno/kyverno/pkg/webhooks/updaterequest"
|
|
webhookutils "github.com/kyverno/kyverno/pkg/webhooks/utils"
|
|
kubeinformers "k8s.io/client-go/informers"
|
|
"k8s.io/client-go/kubernetes/fake"
|
|
)
|
|
|
|
func NewFakeHandlers(ctx context.Context, policyCache policycache.Cache) *resourceHandlers {
|
|
client := fake.NewSimpleClientset()
|
|
metricsConfig := metrics.NewFakeMetricsConfig()
|
|
|
|
informers := kubeinformers.NewSharedInformerFactory(client, 0)
|
|
informers.Start(ctx.Done())
|
|
|
|
kyvernoclient := fakekyvernov1.NewSimpleClientset()
|
|
kyvernoInformers := kyvernoinformers.NewSharedInformerFactory(kyvernoclient, 0)
|
|
configMapResolver, _ := resolvers.NewClientBasedResolver(client)
|
|
kyvernoInformers.Start(ctx.Done())
|
|
|
|
dclient := dclient.NewEmptyFakeClient()
|
|
configuration := config.NewDefaultConfiguration(false)
|
|
urLister := kyvernoInformers.Kyverno().V1beta1().UpdateRequests().Lister().UpdateRequests(config.KyvernoNamespace())
|
|
peLister := kyvernoInformers.Kyverno().V2beta1().PolicyExceptions().Lister()
|
|
jp := jmespath.New(configuration)
|
|
rclient := registryclient.NewOrDie()
|
|
|
|
return &resourceHandlers{
|
|
client: dclient,
|
|
configuration: configuration,
|
|
metricsConfig: metricsConfig,
|
|
pCache: policyCache,
|
|
nsLister: informers.Core().V1().Namespaces().Lister(),
|
|
urLister: urLister,
|
|
urGenerator: updaterequest.NewFake(),
|
|
eventGen: event.NewFake(),
|
|
pcBuilder: webhookutils.NewPolicyContextBuilder(configuration, jp),
|
|
auditPool: pond.New(8, 1000),
|
|
engine: engine.NewEngine(
|
|
configuration,
|
|
config.NewDefaultMetricsConfiguration(),
|
|
jp,
|
|
adapters.Client(dclient),
|
|
factories.DefaultRegistryClientFactory(adapters.RegistryClient(rclient), nil),
|
|
imageverifycache.DisabledImageVerifyCache(),
|
|
factories.DefaultContextLoaderFactory(configMapResolver),
|
|
exceptions.New(peLister),
|
|
),
|
|
}
|
|
}
|