Merge pull request #2054 from DarthBenro008/fix/2031

add: http/https regex to kyverno CLI

pkg/kyverno/common/common.go

@@ -69,7 +69,7 @@ func GetPolicies(paths []string) (policies []*v1.ClusterPolicy, errors []error)
 			err      error
 		)
 
-		isHttpPath := strings.Contains(path, "http")
+		isHttpPath := IsHttpRegex.MatchString(path)
 
 		// path clean and retrieving file info can be possible if it's not an HTTP URL
 		if !isHttpPath {
@@ -312,7 +312,7 @@ func RemoveDuplicateVariables(matches [][]string) string {
 	return variableStr
 }
 
-func GetVariable(variablesString, valuesFile string, fs billy.Filesystem, isGit bool, policyresoucePath string) (map[string]string, map[string]map[string]Resource, map[string]map[string]string, error) {
+func GetVariable(variablesString, valuesFile string, fs billy.Filesystem, isGit bool, policyResourcePath string) (map[string]string, map[string]map[string]Resource, map[string]map[string]string, error) {
 	valuesMapResource := make(map[string]map[string]Resource)
 	valuesMapRule := make(map[string]map[string]Rule)
 	namespaceSelectorMap := make(map[string]map[string]string)
@@ -328,13 +328,13 @@ func GetVariable(variablesString, valuesFile string, fs billy.Filesystem, isGit
 	}
 	if valuesFile != "" {
 		if isGit {
-			filep, err := fs.Open(filepath.Join(policyresoucePath, valuesFile))
+			filep, err := fs.Open(filepath.Join(policyResourcePath, valuesFile))
 			if err != nil {
 				fmt.Printf("Unable to open variable file: %s. error: %s", valuesFile, err)
 			}
 			yamlFile, err = ioutil.ReadAll(filep)
 		} else {
-			yamlFile, err = ioutil.ReadFile(filepath.Join(policyresoucePath, valuesFile))
+			yamlFile, err = ioutil.ReadFile(filepath.Join(policyResourcePath, valuesFile))
 		}
 
 		if err != nil {
@@ -569,11 +569,11 @@ func PrintMutatedOutput(mutateLogPath string, mutateLogPathIsDir bool, yaml stri
 }
 
 // GetPoliciesFromPaths - get policies according to the resource path
-func GetPoliciesFromPaths(fs billy.Filesystem, dirPath []string, isGit bool, policyresoucePath string) (policies []*v1.ClusterPolicy, err error) {
+func GetPoliciesFromPaths(fs billy.Filesystem, dirPath []string, isGit bool, policyResourcePath string) (policies []*v1.ClusterPolicy, err error) {
 	var errors []error
 	if isGit {
 		for _, pp := range dirPath {
-			filep, err := fs.Open(filepath.Join(policyresoucePath, pp))
+			filep, err := fs.Open(filepath.Join(policyResourcePath, pp))
 			if err != nil {
 				fmt.Printf("Error: file not available with path %s: %v", filep.Name(), err.Error())
 				continue
@@ -632,9 +632,9 @@ func GetPoliciesFromPaths(fs billy.Filesystem, dirPath []string, isGit bool, pol
 
 // GetResourceAccordingToResourcePath - get resources according to the resource path
 func GetResourceAccordingToResourcePath(fs billy.Filesystem, resourcePaths []string,
-	cluster bool, policies []*v1.ClusterPolicy, dClient *client.Client, namespace string, policyReport bool, isGit bool, policyresoucePath string) (resources []*unstructured.Unstructured, err error) {
+	cluster bool, policies []*v1.ClusterPolicy, dClient *client.Client, namespace string, policyReport bool, isGit bool, policyResourcePath string) (resources []*unstructured.Unstructured, err error) {
 	if isGit {
-		resources, err = GetResourcesWithTest(fs, policies, resourcePaths, isGit, policyresoucePath)
+		resources, err = GetResourcesWithTest(fs, policies, resourcePaths, isGit, policyResourcePath)
 		if err != nil {
 			return nil, sanitizederror.NewWithError("failed to extract the resources", err)
 		}

pkg/kyverno/common/common_test.go

@@ -7,7 +7,7 @@ import (
 	"gotest.tools/assert"
 )
 
-var policyNamespaceSeelector = []byte(`{
+var policyNamespaceSelector = []byte(`{
 	"apiVersion": "kyverno.io/v1",
 	"kind": "ClusterPolicy",
 	"metadata": {
@@ -56,36 +56,36 @@ func Test_NamespaceSelector(t *testing.T) {
 		policy               []byte
 		resource             []byte
 		namespaceSelectorMap map[string]map[string]string
-		sucess               bool
+		success              bool
 	}
 
 	testcases := []TestCase{
 		{
-			policy:   policyNamespaceSeelector,
+			policy:   policyNamespaceSelector,
 			resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"nginx","namespace":"test1"},"spec":{"containers":[{"image":"nginx:latest","name":"test-fail"}]}}`),
 			namespaceSelectorMap: map[string]map[string]string{
 				"test1": {
 					"foo.com/managed-state": "managed",
 				},
 			},
-			sucess: false,
+			success: false,
 		},
 		{
-			policy:   policyNamespaceSeelector,
+			policy:   policyNamespaceSelector,
 			resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"test-nginx","namespace":"test1"},"spec":{"containers":[{"image":"nginx:latest","name":"test-pass"}]}}`),
 			namespaceSelectorMap: map[string]map[string]string{
 				"test1": {
 					"foo.com/managed-state": "managed",
 				},
 			},
-			sucess: true,
+			success: true,
 		},
 	}
 
 	for _, tc := range testcases {
 		policyArray, _ := ut.GetPolicy(tc.policy)
 		resourceArray, _ := GetResource(tc.resource)
 		_, validateErs, _, _, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false)
-		assert.Assert(t, tc.sucess == validateErs.IsSuccessful())
+		assert.Assert(t, tc.success == validateErs.IsSuccessful())
 	}
 }

pkg/kyverno/common/fetch.go

@@ -114,7 +114,7 @@ func whenClusterIsFalse(resourcePaths []string, policyReport bool) ([]*unstructu
 }
 
 // GetResourcesWithTest with gets matched resources by the given policies
-func GetResourcesWithTest(fs billy.Filesystem, policies []*v1.ClusterPolicy, resourcePaths []string, isGit bool, policyresoucePath string) ([]*unstructured.Unstructured, error) {
+func GetResourcesWithTest(fs billy.Filesystem, policies []*v1.ClusterPolicy, resourcePaths []string, isGit bool, policyResourcePath string) ([]*unstructured.Unstructured, error) {
 	resources := make([]*unstructured.Unstructured, 0)
 	var resourceTypesMap = make(map[string]bool)
 	var resourceTypes []string
@@ -133,7 +133,7 @@ func GetResourcesWithTest(fs billy.Filesystem, policies []*v1.ClusterPolicy, res
 			var resourceBytes []byte
 			var err error
 			if isGit {
-				filep, err := fs.Open(filepath.Join(policyresoucePath, resourcePath))
+				filep, err := fs.Open(filepath.Join(policyResourcePath, resourcePath))
 				if err != nil {
 					fmt.Printf("Unable to open resource file: %s. error: %s", resourcePath, err)
 					continue
@@ -219,7 +219,7 @@ func getFileBytes(path string) ([]byte, error) {
 		err  error
 	)
 
-	if strings.Contains(path, "http") {
+	if IsHttpRegex.MatchString(path) {
 		resp, err := http.Get(path)
 		if err != nil {
 			return nil, err

pkg/kyverno/common/regex.go

@@ -9,3 +9,6 @@ var RegexVariables = regexp.MustCompile(`\{\{[^{}]*\}\}`)
 
 // AllowedVariables represents regex for {{request.}}, {{serviceAccountName}}, {{serviceAccountNamespace}} and {{@}}
 var AllowedVariables = regexp.MustCompile(`\{\{\s*[request\.|serviceAccountName|serviceAccountNamespace|@][^{}]*\}\}`)
+
+// IsHttpRegex represents regex for starts with http:// or https://
+var IsHttpRegex = regexp.MustCompile("^(http|https)://")

pkg/kyverno/test/command.go

@@ -273,18 +273,18 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu
 	return results
 }
 
-func getPolicyResouceFullPath(path []string, policyresoucePath string, isGit bool) []string {
+func getPolicyResourceFullPath(path []string, policyResourcePath string, isGit bool) []string {
 	var pol []string
 	if !isGit {
 		for _, p := range path {
-			pol = append(pol, filepath.Join(policyresoucePath, p))
+			pol = append(pol, filepath.Join(policyResourcePath, p))
 		}
 		return pol
 	}
 	return path
 }
 
-func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile string, isGit bool, policyresoucePath string, rc *resultCounts) (err error) {
+func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile string, isGit bool, policyResourcePath string, rc *resultCounts) (err error) {
 	openAPIController, err := openapi.NewOpenAPIController()
 	engineResponses := make([]*response.EngineResponse, 0)
 	validateEngineResponses := make([]*response.EngineResponse, 0)
@@ -300,18 +300,18 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s
 
 	fmt.Printf("\nExecuting %s...", values.Name)
 
-	_, valuesMap, namespaceSelectorMap, err := common.GetVariable(variablesString, values.Variables, fs, isGit, policyresoucePath)
+	_, valuesMap, namespaceSelectorMap, err := common.GetVariable(variablesString, values.Variables, fs, isGit, policyResourcePath)
 	if err != nil {
 		if !sanitizederror.IsErrorSanitized(err) {
 			return sanitizederror.NewWithError("failed to decode yaml", err)
 		}
 		return err
 	}
 
-	fullPolicyPath := getPolicyResouceFullPath(values.Policies, policyresoucePath, isGit)
-	fullResourcePath := getPolicyResouceFullPath(values.Resources, policyresoucePath, isGit)
+	fullPolicyPath := getPolicyResourceFullPath(values.Policies, policyResourcePath, isGit)
+	fullResourcePath := getPolicyResourceFullPath(values.Resources, policyResourcePath, isGit)
 
-	policies, err := common.GetPoliciesFromPaths(fs, fullPolicyPath, isGit, policyresoucePath)
+	policies, err := common.GetPoliciesFromPaths(fs, fullPolicyPath, isGit, policyResourcePath)
 	if err != nil {
 		fmt.Printf("Error: failed to load policies\nCause: %s\n", err)
 		os.Exit(1)
@@ -322,7 +322,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s
 			return sanitizederror.NewWithError("failed to mutate policy", err)
 		}
 	}
-	resources, err := common.GetResourceAccordingToResourcePath(fs, fullResourcePath, false, mutatedPolicies, dClient, "", false, isGit, policyresoucePath)
+	resources, err := common.GetResourceAccordingToResourcePath(fs, fullResourcePath, false, mutatedPolicies, dClient, "", false, isGit, policyResourcePath)
 	if err != nil {
 		fmt.Printf("Error: failed to load resources\nCause: %s\n", err)
 		os.Exit(1)