packages adde

kyverno · Sep 12, 2020 · 5a69b48 · 5a69b48
1 parent 32619c4
commit 5a69b48
Show file tree

Hide file tree

Showing 15 changed files with 54 additions and 52 deletions.
diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go
@@ -344,7 +344,6 @@ func main() {
 
 	go policyCtrl.Run(3, stopCh)
 
-
 	go eventGenerator.Run(3, stopCh)
 	go grc.Run(1, stopCh)
 	go grcc.Run(1, stopCh)

diff --git a/pkg/common/common.go b/pkg/common/common.go
@@ -9,5 +9,5 @@ const (
 // Policy Reporting Types
 const (
 	PolicyViolation = "POLICYVIOLATION"
-	PolicyReport = "POLICYREPORT"
-)
+	PolicyReport    = "POLICYREPORT"
+)
diff --git a/pkg/engine/response/response.go b/pkg/engine/response/response.go
@@ -27,7 +27,6 @@ type PolicyResponse struct {
 	Rules []RuleResponse `json:"rules"`
 	// ValidationFailureAction: audit(default if not set),enforce
 	ValidationFailureAction string
-
 }
 
 //ResourceSpec resource action applied on

diff --git a/pkg/generate/generate.go b/pkg/generate/generate.go
@@ -379,7 +379,7 @@ func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resou
 				return noGenResource, err
 			}
 			logger.V(4).Info("updated new resource")
-		}else{
+		} else {
 			resource := &unstructured.Unstructured{}
 			resource.SetUnstructuredContent(rdata)
 			resource.SetLabels(label)

diff --git a/pkg/jobs/controller.go b/pkg/jobs/controller.go
@@ -101,9 +101,9 @@ func NewJobsJob(dclient *dclient.Client,
 			gen.log.V(2).Info("Background Sync sync at ", "time", k.String())
 			var wg sync.WaitGroup
 			wg.Add(3)
-			go gen.syncKyverno(&wg, "Helm", "SYNC","")
-			go gen.syncKyverno(&wg, "Namespace", "SYNC","")
-			go gen.syncKyverno(&wg, "Cluster", "SYNC","")
+			go gen.syncKyverno(&wg, "Helm", "SYNC", "")
+			go gen.syncKyverno(&wg, "Namespace", "SYNC", "")
+			go gen.syncKyverno(&wg, "Cluster", "SYNC", "")
 			wg.Wait()
 		}
 	}(configHandler)
@@ -210,22 +210,22 @@ func (j *Job) syncHandler(info JobInfo) error {
 	var wg sync.WaitGroup
 	if info.JobType == "POLICYSYNC" {
 		wg.Add(3)
-		go j.syncKyverno(&wg, "Helm", "SYNC",info.JobData)
-		go j.syncKyverno(&wg, "Namespace", "SYNC",info.JobData)
-		go j.syncKyverno(&wg, "Cluster", "SYNC",info.JobData)
-	}else if info.JobType == "CONFIGMAP" {
+		go j.syncKyverno(&wg, "Helm", "SYNC", info.JobData)
+		go j.syncKyverno(&wg, "Namespace", "SYNC", info.JobData)
+		go j.syncKyverno(&wg, "Cluster", "SYNC", info.JobData)
+	} else if info.JobType == "CONFIGMAP" {
 		if info.JobData != "" {
-			str := strings.Split(info.JobData,",")
+			str := strings.Split(info.JobData, ",")
 			wg.Add(len(str))
-			for _,scope := range str {
-				go j.syncKyverno(&wg, scope, "CONFIGMAP","")
+			for _, scope := range str {
+				go j.syncKyverno(&wg, scope, "CONFIGMAP", "")
 			}
 		}
 	}
 	return nil
 }
 
-func (j *Job) syncKyverno(wg *sync.WaitGroup, jobType, scope,data string) {
+func (j *Job) syncKyverno(wg *sync.WaitGroup, jobType, scope, data string) {
 	var args []string
 	var mode string
 	if scope == "SYNC" || scope == "POLICYSYNC" {
@@ -259,7 +259,7 @@ func (j *Job) syncKyverno(wg *sync.WaitGroup, jobType, scope,data string) {
 	}
 
 	if scope == "POLICYSYNC" && data != "" {
-		args = append(args,fmt.Sprintf("-p=%s", data))
+		args = append(args, fmt.Sprintf("-p=%s", data))
 	}
 	go j.CreateJob(args, jobType, scope, wg)
 	wg.Wait()
@@ -270,9 +270,9 @@ func (j *Job) CreateJob(args []string, jobType, scope string, wg *sync.WaitGroup
 	job := &v1.Job{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: config.KubePolicyNamespace,
-			Labels : map[string]string{
-				"scope" : scope,
-				"type" : jobType,
+			Labels: map[string]string{
+				"scope": scope,
+				"type":  jobType,
 			},
 		},
 		Spec: v1.JobSpec{
@@ -298,28 +298,28 @@ func (j *Job) CreateJob(args []string, jobType, scope string, wg *sync.WaitGroup
 		return
 	}
 	if err := runtime.DefaultUnstructuredConverter.FromUnstructured(resource.UnstructuredContent(), &job); err != nil {
-		j.log.Error(err,"Error in converting job Default Unstructured Converter","job_name",job.GetName())
+		j.log.Error(err, "Error in converting job Default Unstructured Converter", "job_name", job.GetName())
 		return
 	}
 	deadline := time.Now().Add(100 * time.Second)
 	for {
-		time.Sleep(20*time.Second)
+		time.Sleep(20 * time.Second)
 		resource, err := j.dclient.GetResource("", "Job", config.KubePolicyNamespace, job.GetName())
 		if err != nil {
 			if apierrors.IsNotFound(err) {
-				j.log.Error(err,"job is already deleted","job_name",job.GetName())
+				j.log.Error(err, "job is already deleted", "job_name", job.GetName())
 				break
 			}
 			continue
 		}
 		job := v1.Job{}
 		if err := runtime.DefaultUnstructuredConverter.FromUnstructured(resource.UnstructuredContent(), &job); err != nil {
-			j.log.Error(err,"Error in converting job Default Unstructured Converter","job_name",job.GetName())
+			j.log.Error(err, "Error in converting job Default Unstructured Converter", "job_name", job.GetName())
 			continue
 		}
 		if time.Now().After(deadline) {
 			if err := j.dclient.DeleteResource("", "Job", config.KubePolicyNamespace, job.GetName(), false); err != nil {
-				j.log.Error(err,"Error in deleting jobs","job_name",job.GetName())
+				j.log.Error(err, "Error in deleting jobs", "job_name", job.GetName())
 				continue
 			}
 			break

diff --git a/pkg/kyverno/report/cluster.go b/pkg/kyverno/report/cluster.go
@@ -2,6 +2,7 @@ package report
 
 import (
 	"fmt"
+	"github.com/nirmata/kyverno/pkg/common"
 	"github.com/spf13/cobra"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 	"os"

diff --git a/pkg/kyverno/report/helm.go b/pkg/kyverno/report/helm.go
@@ -6,6 +6,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/nirmata/kyverno/pkg/common"
 	"github.com/nirmata/kyverno/pkg/utils"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/labels"

diff --git a/pkg/kyverno/report/namespace.go b/pkg/kyverno/report/namespace.go
@@ -2,6 +2,7 @@ package report
 
 import (
 	"fmt"
+	"github.com/nirmata/kyverno/pkg/common"
 	"github.com/nirmata/kyverno/pkg/utils"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/labels"

diff --git a/pkg/policy/cleanup.go b/pkg/policy/cleanup.go
@@ -12,16 +12,16 @@ import (
 )
 
 func (pc *PolicyController) cleanUp(ers []response.EngineResponse) {
-		for _, er := range ers {
-			if !er.IsSuccessful() {
-				continue
-			}
-			if len(er.PolicyResponse.Rules) == 0 {
-				continue
-			}
-			// clean up after the policy has been corrected
-			pc.cleanUpPolicyViolation(er.PolicyResponse)
+	for _, er := range ers {
+		if !er.IsSuccessful() {
+			continue
 		}
+		if len(er.PolicyResponse.Rules) == 0 {
+			continue
+		}
+		// clean up after the policy has been corrected
+		pc.cleanUpPolicyViolation(er.PolicyResponse)
+	}
 
 }
 

diff --git a/pkg/policy/controller.go b/pkg/policy/controller.go
@@ -1,12 +1,13 @@
 package policy
 
 import (
-	"os"
-	"strings"
-	"sync"
 	"fmt"
+	"github.com/nirmata/kyverno/pkg/common"
 	"k8s.io/apimachinery/pkg/labels"
 	"math/rand"
+	"os"
+	"strings"
+	"sync"
 	"time"
 
 	"github.com/go-logr/logr"
@@ -102,7 +103,6 @@ type PolicyController struct {
 	// policy violation generator
 	pvGenerator policyviolation.GeneratorInterface
 
-
 	// resourceWebhookWatcher queues the webhook creation request, creates the webhook
 	resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister
 
@@ -442,7 +442,7 @@ func (pc *PolicyController) syncPolicy(key string) error {
 	if errors.IsNotFound(err) {
 		for _, v := range grList {
 			if key == v.Spec.Policy {
-				err := pc.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(v.GetName(),&metav1.DeleteOptions{})
+				err := pc.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(v.GetName(), &metav1.DeleteOptions{})
 				if err != nil {
 					logger.Error(err, "failed to delete gr")
 				}
@@ -464,9 +464,9 @@ func (pc *PolicyController) syncPolicy(key string) error {
 	for _, v := range grList {
 		if policy.Name == v.Spec.Policy {
 			v.SetLabels(map[string]string{
-				"policy-update" :fmt.Sprintf("revision-count-%d",rand.Intn(100000)),
+				"policy-update": fmt.Sprintf("revision-count-%d", rand.Intn(100000)),
 			})
-			_,err := pc.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Update(v)
+			_, err := pc.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Update(v)
 			if err != nil {
 				logger.Error(err, "failed to update gr")
 				return err

diff --git a/pkg/policyreport/builder.go b/pkg/policyreport/builder.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/go-logr/logr"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
+	"github.com/nirmata/kyverno/pkg/common"
 	"github.com/nirmata/kyverno/pkg/engine/response"
 )
 

diff --git a/pkg/policyreport/generator.go b/pkg/policyreport/generator.go
@@ -187,17 +187,17 @@ func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
 			err := gen.createConfigmap()
 			scops := []string{}
 			if len(gen.inMemoryConfigMap.Namespace) > 0 {
-				scops = append(scops,"Namespace")
+				scops = append(scops, "Namespace")
 			}
 			if len(gen.inMemoryConfigMap.Helm) > 0 {
-				scops = append(scops,"Helm")
+				scops = append(scops, "Helm")
 			}
 			if len(gen.inMemoryConfigMap.Cluster["cluster"]) > 0 {
-				scops = append(scops,"Cluster")
+				scops = append(scops, "Cluster")
 			}
 			gen.job.Add(jobs.JobInfo{
 				JobType: "CONFIGMAP",
-				JobData: strings.Join(scops,","),
+				JobData: strings.Join(scops, ","),
 			})
 			if err != nil {
 				gen.log.Error(err, "configmap error")

diff --git a/pkg/policyviolation/builder.go b/pkg/policyviolation/builder.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"github.com/go-logr/logr"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
+	"github.com/nirmata/kyverno/pkg/common"
 	"github.com/nirmata/kyverno/pkg/engine/response"
 	"os"
 )

diff --git a/pkg/policyviolation/generator.go b/pkg/policyviolation/generator.go
@@ -8,17 +8,17 @@ import (
 	"strings"
 	"sync"
 
-	policyreportinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/policyreport/v1alpha1"
-	"github.com/nirmata/kyverno/pkg/jobs"
-	"github.com/nirmata/kyverno/pkg/policyreport"
-
 	"github.com/go-logr/logr"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
 	kyvernov1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
+	policyreportinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/policyreport/v1alpha1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
+	"github.com/nirmata/kyverno/pkg/common"
 	"github.com/nirmata/kyverno/pkg/constant"
+	"github.com/nirmata/kyverno/pkg/jobs"
+	"github.com/nirmata/kyverno/pkg/policyreport"
 	"github.com/nirmata/kyverno/pkg/policystatus"
 
 	dclient "github.com/nirmata/kyverno/pkg/dclient"

diff --git a/pkg/webhooks/generation.go b/pkg/webhooks/generation.go
@@ -65,12 +65,11 @@ func (ws *WebhookServer) HandleGenerate(request *v1beta1.AdmissionRequest, polic
 						}
 					}
 				}
-			}else{
-				rules = append(rules,rule)
+			} else {
+				rules = append(rules, rule)
 			}
 		}
 
-
 		if len(rules) > 0 {
 			engineResponse.PolicyResponse.Rules = rules
 			// some generate rules do apply to the resource