-
Notifications
You must be signed in to change notification settings - Fork 5
/
policy_exception.go
49 lines (44 loc) · 1.45 KB
/
policy_exception.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
package cluster
import (
"context"
"github.com/kyverno/kyverno/api/kyverno/v2beta1"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
kerrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
)
type policyExceptionSelector struct {
additional []*v2beta1.PolicyException
kyvernoClient versioned.Interface
namespace string
}
func (c policyExceptionSelector) List(selector labels.Selector) ([]*v2beta1.PolicyException, error) {
var exceptions []*v2beta1.PolicyException
if c.kyvernoClient != nil {
list, err := c.kyvernoClient.KyvernoV2alpha1().PolicyExceptions(c.namespace).List(context.TODO(), metav1.ListOptions{
LabelSelector: selector.String(),
})
if err == nil {
for i := range list.Items {
pe := v2beta1.PolicyException(list.Items[i])
exceptions = append(exceptions, &pe)
}
} else if !kerrors.IsNotFound(err) {
return nil, err
}
}
for _, exception := range c.additional {
if c.namespace == "" || exception.GetNamespace() == c.namespace {
exceptions = append(exceptions, exception)
}
}
return exceptions, nil
}
func NewPolicyExceptionSelector(namespace string, client versioned.Interface, exceptions ...*v2beta1.PolicyException) engineapi.PolicyExceptionSelector {
return policyExceptionSelector{
additional: exceptions,
kyvernoClient: client,
namespace: namespace,
}
}