Update Dependencies

Signed-off-by: Frank Jogeleit <[email protected]>
kyverno · Oct 19, 2023 · 48d0e73 · 48d0e73
1 parent 5d51460
commit 48d0e73
Show file tree

Hide file tree

Showing 9 changed files with 388 additions and 341 deletions.
diff --git a/backend/go.mod b/backend/go.mod
diff --git a/backend/go.sum b/backend/go.sum
diff --git a/backend/pkg/cluster/cluster.go b/backend/pkg/cluster/cluster.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	"github.com/kyverno/kyverno/api/kyverno/v2beta1"
 	"github.com/kyverno/kyverno/pkg/auth/checker"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
@@ -36,7 +36,7 @@ type Cluster interface {
 	Search(context.Context, string, string, string, map[string]string) ([]SearchResult, error)
 	Get(context.Context, string, string, string, string) (*unstructured.Unstructured, error)
 	DClient(...unstructured.Unstructured) (dclient.Interface, error)
-	PolicyExceptionSelector(namespace string, exceptions ...*v2alpha1.PolicyException) engineapi.PolicyExceptionSelector
+	PolicyExceptionSelector(namespace string, exceptions ...*v2beta1.PolicyException) engineapi.PolicyExceptionSelector
 	IsFake() bool
 }
 
@@ -139,7 +139,7 @@ func (c cluster) Get(ctx context.Context, apiVersion string, kind string, namesp
 	return c.dClient.GetResource(ctx, apiVersion, kind, namespace, name)
 }
 
-func (c cluster) PolicyExceptionSelector(namespace string, exceptions ...*v2alpha1.PolicyException) engineapi.PolicyExceptionSelector {
+func (c cluster) PolicyExceptionSelector(namespace string, exceptions ...*v2beta1.PolicyException) engineapi.PolicyExceptionSelector {
 	return NewPolicyExceptionSelector(namespace, c.kyvernoClient, exceptions...)
 }
 

diff --git a/backend/pkg/cluster/fake.go b/backend/pkg/cluster/fake.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"errors"
 
-	"github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	"github.com/kyverno/kyverno/api/kyverno/v2beta1"
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -32,7 +32,7 @@ func (c fakeCluster) Get(ctx context.Context, apiVersion string, kind string, na
 	return nil, errors.New("getting resource not supported in fake cluster")
 }
 
-func (c fakeCluster) PolicyExceptionSelector(namespace string, exceptions ...*v2alpha1.PolicyException) engineapi.PolicyExceptionSelector {
+func (c fakeCluster) PolicyExceptionSelector(namespace string, exceptions ...*v2beta1.PolicyException) engineapi.PolicyExceptionSelector {
 	return NewPolicyExceptionSelector(namespace, nil, exceptions...)
 }
 

diff --git a/backend/pkg/cluster/policy_exception.go b/backend/pkg/cluster/policy_exception.go
@@ -3,7 +3,7 @@ package cluster
 import (
 	"context"
 
-	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	"github.com/kyverno/kyverno/api/kyverno/v2beta1"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
@@ -12,20 +12,20 @@ import (
 )
 
 type policyExceptionSelector struct {
-	additional    []*kyvernov2alpha1.PolicyException
+	additional    []*v2beta1.PolicyException
 	kyvernoClient versioned.Interface
 	namespace     string
 }
 
-func (c policyExceptionSelector) List(selector labels.Selector) ([]*kyvernov2alpha1.PolicyException, error) {
-	var exceptions []*kyvernov2alpha1.PolicyException
+func (c policyExceptionSelector) List(selector labels.Selector) ([]*v2beta1.PolicyException, error) {
+	var exceptions []*v2beta1.PolicyException
 	if c.kyvernoClient != nil {
 		list, err := c.kyvernoClient.KyvernoV2alpha1().PolicyExceptions(c.namespace).List(context.TODO(), metav1.ListOptions{
 			LabelSelector: selector.String(),
 		})
 		if err == nil {
 			for i := range list.Items {
-				pe := kyvernov2alpha1.PolicyException(list.Items[i])
+				pe := v2beta1.PolicyException(list.Items[i])
 				exceptions = append(exceptions, &pe)
 			}
 		} else if !kerrors.IsNotFound(err) {
@@ -40,7 +40,7 @@ func (c policyExceptionSelector) List(selector labels.Selector) ([]*kyvernov2alp
 	return exceptions, nil
 }
 
-func NewPolicyExceptionSelector(namespace string, client versioned.Interface, exceptions ...*kyvernov2alpha1.PolicyException) engineapi.PolicyExceptionSelector {
+func NewPolicyExceptionSelector(namespace string, client versioned.Interface, exceptions ...*v2beta1.PolicyException) engineapi.PolicyExceptionSelector {
 	return policyExceptionSelector{
 		additional:    exceptions,
 		kyvernoClient: client,

diff --git a/backend/pkg/engine/models/ruleresponse.go b/backend/pkg/engine/models/ruleresponse.go
@@ -1,7 +1,7 @@
 package models
 
 import (
-	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	"github.com/kyverno/kyverno/api/kyverno/v2beta1"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -27,5 +27,5 @@ type RuleResponse struct {
 	// podSecurityChecks contains pod security checks (only if this is a pod security rule)
 	PodSecurityChecks *engineapi.PodSecurityChecks `json:"podSecurityChecks"`
 	// exception is the exception applied (if any)
-	Exception *kyvernov2alpha1.PolicyException `json:"exception"`
+	Exception *v2beta1.PolicyException `json:"exception"`
 }
diff --git a/backend/pkg/exception/exception.go b/backend/pkg/exception/exception.go
@@ -0,0 +1,45 @@
+package exception
+
+import (
+	"fmt"
+
+	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/data"
+	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource/convert"
+	resourceloader "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource/loader"
+	yamlutils "github.com/kyverno/kyverno/pkg/utils/yaml"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/kubectl-validate/pkg/openapiclient"
+)
+
+var (
+	factory, _  = resourceloader.New(openapiclient.NewComposite(openapiclient.NewLocalCRDFiles(data.Crds(), data.CrdsFolder)))
+	exceptionV1 = schema.GroupVersion(kyvernov2alpha1.GroupVersion).WithKind("PolicyException")
+	exceptionV2 = schema.GroupVersion(kyvernov2beta1.GroupVersion).WithKind("PolicyException")
+)
+
+func Load(content []byte) ([]*kyvernov2beta1.PolicyException, error) {
+	documents, err := yamlutils.SplitDocuments(content)
+	if err != nil {
+		return nil, err
+	}
+	var exceptions []*kyvernov2beta1.PolicyException
+	for _, document := range documents {
+		gvk, untyped, err := factory.Load(document)
+		if err != nil {
+			return nil, err
+		}
+		switch gvk {
+		case exceptionV1, exceptionV2:
+			exception, err := convert.To[kyvernov2beta1.PolicyException](untyped)
+			if err != nil {
+				return nil, err
+			}
+			exceptions = append(exceptions, exception)
+		default:
+			return nil, fmt.Errorf("policy exception type not supported %s", gvk)
+		}
+	}
+	return exceptions, nil
+}
diff --git a/backend/pkg/server/api/engine/handler.go b/backend/pkg/server/api/engine/handler.go
@@ -58,7 +58,7 @@ func newEngineHandler(cl cluster.Cluster, config APIConfiguration) (gin.HandlerF
 		if err != nil {
 			return nil, fmt.Errorf("unable to load config resources: %w", err)
 		}
-		exceptions, err := in.LoadPolicyExceptions(policyLoader)
+		exceptions, err := in.LoadPolicyExceptions()
 		if err != nil {
 			return nil, fmt.Errorf("unable to load policy exceptions: %w", err)
 		}

diff --git a/backend/pkg/server/api/engine/request.go b/backend/pkg/server/api/engine/request.go
@@ -4,8 +4,7 @@ import (
 	"testing/fstest"
 
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
-	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
-	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/exception"
+	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
 	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource/loader"
 	"k8s.io/api/admissionregistration/v1alpha1"
 	corev1 "k8s.io/api/core/v1"
@@ -17,6 +16,7 @@ import (
 	"github.com/kyverno/playground/backend/data"
 	"github.com/kyverno/playground/backend/pkg/cluster"
 	"github.com/kyverno/playground/backend/pkg/engine/models"
+	"github.com/kyverno/playground/backend/pkg/exception"
 	"github.com/kyverno/playground/backend/pkg/policy"
 	"github.com/kyverno/playground/backend/pkg/resource"
 )
@@ -57,7 +57,7 @@ func (r *EngineRequest) LoadOldResources(resourceLoader loader.Loader) ([]unstru
 	return resource.LoadResources(resourceLoader, []byte(r.OldResources))
 }
 
-func (r *EngineRequest) LoadPolicyExceptions(resourceLoader loader.Loader) ([]*kyvernov2alpha1.PolicyException, error) {
+func (r *EngineRequest) LoadPolicyExceptions() ([]*kyvernov2beta1.PolicyException, error) {
 	return exception.Load([]byte(r.PolicyExceptions))
 }