Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api server lookups #1514

Merged
merged 9 commits into from Feb 1, 2021
Merged

api server lookups #1514

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
85ed1ee
initial commit for api server lookups
JimBugwadia Jan 29, 2021
ac9860b
initial commit for API server lookups
JimBugwadia Jan 31, 2021
21d4a76
Enhancing dockerfiles (multi-stage) of kyverno components and adding …
imrajdas Jan 29, 2021
0d4b524
revert cli image name (#1507)
imrajdas Jan 29, 2021
a30416c
Refactor resourceCache; Reduce throttling requests (background contro…
realshuting Jan 30, 2021
9b87790
fix merge
JimBugwadia Feb 1, 2021
73c24df
fix merge issues
JimBugwadia Feb 1, 2021
1156008
fix unit test
JimBugwadia Feb 1, 2021
38be244
add nil check for API client
JimBugwadia Feb 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
42 changes: 38 additions & 4 deletions charts/kyverno/crds/crds.yaml
View file
Open in desktop
Expand Up @@ -50,17 +50,34 @@ spec:
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
properties:
apiCall:
description: APICall is an API server request to retrieve data
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response from the API server.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMapReference refers to a ConfigMap
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
Expand Down Expand Up @@ -1152,17 +1169,34 @@ spec:
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
properties:
apiCall:
description: APICall is an API server request to retrieve data
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response from the API server.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMapReference refers to a ConfigMap
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
Expand Down
1 change: 1 addition & 0 deletions cmd/kyverno/main.go
View file
Open in desktop
Expand Up @@ -277,6 +277,7 @@ func main() {
log.Log.WithName("ValidateAuditHandler"),
configData,
rCache,
client,
)

// Configure certificates
Expand Down
26 changes: 24 additions & 2 deletions definitions/crds/kyverno.io_clusterpolicies.yaml
View file
Open in desktop
Expand Up @@ -67,17 +67,39 @@ spec:
can be used during rule execution.
items:
description: ContextEntry adds variables and data sources
to a rule Context
to a rule Context. Either a ConfigMap reference or a APILookup
must be provided.
properties:
apiCall:
description: APICall is an API server request to retrieve
data
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression
that can be used to transform the JSON response
from the API server.
type: string
urlPath:
description: URLPath is the URL path to be used in
the HTTP GET request
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMapReference refers to a ConfigMap
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
Expand Down
26 changes: 24 additions & 2 deletions definitions/crds/kyverno.io_policies.yaml
View file
Open in desktop
Expand Up @@ -68,17 +68,39 @@ spec:
can be used during rule execution.
items:
description: ContextEntry adds variables and data sources
to a rule Context
to a rule Context. Either a ConfigMap reference or a APILookup
must be provided.
properties:
apiCall:
description: APICall is an API server request to retrieve
data
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression
that can be used to transform the JSON response
from the API server.
type: string
urlPath:
description: URLPath is the URL path to be used in
the HTTP GET request
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMapReference refers to a ConfigMap
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
Expand Down
42 changes: 38 additions & 4 deletions definitions/install.yaml
View file
Open in desktop
Expand Up @@ -55,17 +55,34 @@ spec:
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
properties:
apiCall:
description: APICall is an API server request to retrieve data
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response from the API server.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMapReference refers to a ConfigMap
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
Expand Down Expand Up @@ -1157,17 +1174,34 @@ spec:
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
properties:
apiCall:
description: APICall is an API server request to retrieve data
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response from the API server.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMapReference refers to a ConfigMap
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
Expand Down
42 changes: 38 additions & 4 deletions definitions/install_debug.yaml
View file
Open in desktop
Expand Up @@ -55,17 +55,34 @@ spec:
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
properties:
apiCall:
description: APICall is an API server request to retrieve data
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response from the API server.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMapReference refers to a ConfigMap
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
Expand Down Expand Up @@ -1157,17 +1174,34 @@ spec:
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
properties:
apiCall:
description: APICall is an API server request to retrieve data
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response from the API server.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMapReference refers to a ConfigMap
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
Expand Down
31 changes: 28 additions & 3 deletions pkg/api/kyverno/v1/policy_types.go
View file
Open in desktop
Expand Up @@ -98,18 +98,43 @@ type Rule struct {
Generation Generation `json:"generate,omitempty" yaml:"generate,omitempty"`
}

// ContextEntry adds variables and data sources to a rule Context
// ContextEntry adds variables and data sources to a rule Context. Either a
// ConfigMap reference or a APILookup must be provided.
type ContextEntry struct {
Name string `json:"name,omitempty" yaml:"name,omitempty"`

// Name is the variable name.
Name string `json:"name,omitempty" yaml:"name,omitempty"`

// ConfigMap is the ConfigMap reference.
ConfigMap *ConfigMapReference `json:"configMap,omitempty" yaml:"configMap,omitempty"`

// APICall is an API server request to retrieve data
APICall *APICall `json:"apiCall,omitempty" yaml:"apiCall,omitempty"`
}

// ConfigMapReference refers to a ConfigMap
type ConfigMapReference struct {
Name string `json:"name,omitempty" yaml:"name,omitempty"`

// Name is the ConfigMap name.
Name string `json:"name" yaml:"name"`

// Namespace is the ConfigMap namespace.
Namespace string `json:"namespace,omitempty" yaml:"namespace,omitempty"`
}

// APICall contains an API server URL path used to perform an HTTP GET request
// and an optional JMESPath to transform the retrieved data.
type APICall struct {

// URLPath is the URL path to be used in the HTTP GET request
URLPath string `json:"urlPath" yaml:"urlPath"`

// JMESPath is an optional JSON Match Expression that can be used to
// transform the JSON response from the API server.
// +optional
JMESPath string `json:"jmesPath,omitempty" yaml:"jmesPath,omitempty"`
}

// Condition defines variable-based conditional criteria for rule execution.
type Condition struct {
// Key is the context entry (using JMESPath) for conditional rule evaluation.
Expand Down