Skip to content

Commit

Permalink
kyverno#6055 Add JMESPath support to imageExtractors (kyverno#6183)
Browse files Browse the repository at this point in the history 
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com>
Co-authored-by: bdunnigan <bdunnigan@clarityinnovates.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
  • Loading branch information
@bdun1013 @eddycharly @vishal-chdhry
3 people authored and vishal-chdhry committed Feb 9, 2023
1 parent bf56348 commit 23db155
Show file tree
Hide file tree
Showing 15 changed files with 487 additions and 16 deletions.
6 changes: 6 additions & 0 deletions api/kyverno/v1/rule_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,12 @@ type ImageExtractorConfig struct {
// Note - this field MUST be unique.
// +optional
Key string `json:"key,omitempty" yaml:"key,omitempty"`
// JMESPath is an optional JMESPath expression to apply to the image value.
// This is useful when the extracted image begins with a prefix like 'docker://'.
// The 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://').
// Note - Image digest mutation may not be used when applying a JMESPAth to an image.
// +optional
JMESPath string `json:"jmesPath,omitempty" yaml:"jmesPath,omitempty"`
}

// Rule defines a validation, mutation, or generation control for matching resources.
Expand Down
72 changes: 72 additions & 0 deletions charts/kyverno/templates/crds/crds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4402,6 +4402,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when the
extracted image begins with a prefix like ''docker://''.
The ''trim_prefix'' function may be used to trim the
prefix: trim_prefix(@, ''docker://''). Note - Image
digest mutation may not be used when applying a JMESPAth
to an image.'
type: string
key:
description: Key is an optional name of the field within
'path' that will be used to uniquely identify an image.
Expand Down Expand Up @@ -7663,6 +7672,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when
the extracted image begins with a prefix like
''docker://''. The ''trim_prefix'' function may
be used to trim the prefix: trim_prefix(@, ''docker://'').
Note - Image digest mutation may not be used when
applying a JMESPAth to an image.'
type: string
key:
description: Key is an optional name of the field
within 'path' that will be used to uniquely identify
Expand Down Expand Up @@ -10885,6 +10903,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when the
extracted image begins with a prefix like ''docker://''.
The ''trim_prefix'' function may be used to trim the
prefix: trim_prefix(@, ''docker://''). Note - Image
digest mutation may not be used when applying a JMESPAth
to an image.'
type: string
key:
description: Key is an optional name of the field within
'path' that will be used to uniquely identify an image.
Expand Down Expand Up @@ -14076,6 +14103,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when
the extracted image begins with a prefix like
''docker://''. The ''trim_prefix'' function may
be used to trim the prefix: trim_prefix(@, ''docker://'').
Note - Image digest mutation may not be used when
applying a JMESPAth to an image.'
type: string
key:
description: Key is an optional name of the field
within 'path' that will be used to uniquely identify
Expand Down Expand Up @@ -17523,6 +17559,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when the
extracted image begins with a prefix like ''docker://''.
The ''trim_prefix'' function may be used to trim the
prefix: trim_prefix(@, ''docker://''). Note - Image
digest mutation may not be used when applying a JMESPAth
to an image.'
type: string
key:
description: Key is an optional name of the field within
'path' that will be used to uniquely identify an image.
Expand Down Expand Up @@ -20785,6 +20830,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when
the extracted image begins with a prefix like
''docker://''. The ''trim_prefix'' function may
be used to trim the prefix: trim_prefix(@, ''docker://'').
Note - Image digest mutation may not be used when
applying a JMESPAth to an image.'
type: string
key:
description: Key is an optional name of the field
within 'path' that will be used to uniquely identify
Expand Down Expand Up @@ -24008,6 +24062,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when the
extracted image begins with a prefix like ''docker://''.
The ''trim_prefix'' function may be used to trim the
prefix: trim_prefix(@, ''docker://''). Note - Image
digest mutation may not be used when applying a JMESPAth
to an image.'
type: string
key:
description: Key is an optional name of the field within
'path' that will be used to uniquely identify an image.
Expand Down Expand Up @@ -27199,6 +27262,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when
the extracted image begins with a prefix like
''docker://''. The ''trim_prefix'' function may
be used to trim the prefix: trim_prefix(@, ''docker://'').
Note - Image digest mutation may not be used when
applying a JMESPAth to an image.'
type: string
key:
description: Key is an optional name of the field
within 'path' that will be used to uniquely identify
Expand Down
36 changes: 36 additions & 0 deletions config/crds/kyverno.io_clusterpolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -995,6 +995,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when the
extracted image begins with a prefix like ''docker://''.
The ''trim_prefix'' function may be used to trim the
prefix: trim_prefix(@, ''docker://''). Note - Image
digest mutation may not be used when applying a JMESPAth
to an image.'
type: string
key:
description: Key is an optional name of the field within
'path' that will be used to uniquely identify an image.
Expand Down Expand Up @@ -4256,6 +4265,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when
the extracted image begins with a prefix like
''docker://''. The ''trim_prefix'' function may
be used to trim the prefix: trim_prefix(@, ''docker://'').
Note - Image digest mutation may not be used when
applying a JMESPAth to an image.'
type: string
key:
description: Key is an optional name of the field
within 'path' that will be used to uniquely identify
Expand Down Expand Up @@ -7473,6 +7491,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when the
extracted image begins with a prefix like ''docker://''.
The ''trim_prefix'' function may be used to trim the
prefix: trim_prefix(@, ''docker://''). Note - Image
digest mutation may not be used when applying a JMESPAth
to an image.'
type: string
key:
description: Key is an optional name of the field within
'path' that will be used to uniquely identify an image.
Expand Down Expand Up @@ -10664,6 +10691,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when
the extracted image begins with a prefix like
''docker://''. The ''trim_prefix'' function may
be used to trim the prefix: trim_prefix(@, ''docker://'').
Note - Image digest mutation may not be used when
applying a JMESPAth to an image.'
type: string
key:
description: Key is an optional name of the field
within 'path' that will be used to uniquely identify
Expand Down
36 changes: 36 additions & 0 deletions config/crds/kyverno.io_policies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -996,6 +996,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when the
extracted image begins with a prefix like ''docker://''.
The ''trim_prefix'' function may be used to trim the
prefix: trim_prefix(@, ''docker://''). Note - Image
digest mutation may not be used when applying a JMESPAth
to an image.'
type: string
key:
description: Key is an optional name of the field within
'path' that will be used to uniquely identify an image.
Expand Down Expand Up @@ -4258,6 +4267,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when
the extracted image begins with a prefix like
''docker://''. The ''trim_prefix'' function may
be used to trim the prefix: trim_prefix(@, ''docker://'').
Note - Image digest mutation may not be used when
applying a JMESPAth to an image.'
type: string
key:
description: Key is an optional name of the field
within 'path' that will be used to uniquely identify
Expand Down Expand Up @@ -7476,6 +7494,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when the
extracted image begins with a prefix like ''docker://''.
The ''trim_prefix'' function may be used to trim the
prefix: trim_prefix(@, ''docker://''). Note - Image
digest mutation may not be used when applying a JMESPAth
to an image.'
type: string
key:
description: Key is an optional name of the field within
'path' that will be used to uniquely identify an image.
Expand Down Expand Up @@ -10667,6 +10694,15 @@ spec:
additionalProperties:
items:
properties:
jmesPath:
description: 'JMESPath is an optional JMESPath expression
to apply to the image value. This is useful when
the extracted image begins with a prefix like
''docker://''. The ''trim_prefix'' function may
be used to trim the prefix: trim_prefix(@, ''docker://'').
Note - Image digest mutation may not be used when
applying a JMESPAth to an image.'
type: string
key:
description: Key is an optional name of the field
within 'path' that will be used to uniquely identify
Expand Down
15 changes: 15 additions & 0 deletions docs/user/crd/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1717,6 +1717,21 @@ <h3 id="kyverno.io/v1.ImageExtractorConfig">ImageExtractorConfig
Note - this field MUST be unique.</p>
</td>
</tr>
<tr>
<td>
<code>jmesPath</code><br/>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>JMESPath is an optional JMESPath expression to apply to the image value.
This is useful when the extracted image begins with a prefix like &lsquo;docker://&rsquo;.
The &lsquo;trim_prefix&rsquo; function may be used to trim the prefix: trim_prefix(@, &lsquo;docker://&rsquo;).
Note - Image digest mutation may not be used when applying a JMESPAth to an image.</p>
</td>
</tr>
</tbody>
</table>
<hr />
Expand Down
27 changes: 27 additions & 0 deletions pkg/engine/jmespath/functions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ var (
toUpper = "to_upper"
toLower = "to_lower"
trim = "trim"
trimPrefix = "trim_prefix"
split = "split"
regexReplaceAll = "regex_replace_all"
regexReplaceAllLiteral = "regex_replace_all_literal"
Expand Down Expand Up @@ -145,6 +146,17 @@ func GetFunctions() []FunctionEntry {
},
ReturnType: []jpType{jpString},
Note: "trims both ends of the source string by characters appearing in the second string",
}, {
FunctionEntry: gojmespath.FunctionEntry{
Name: trimPrefix,
Arguments: []argSpec{
{Types: []jpType{jpString}},
{Types: []jpType{jpString}},
},
Handler: jpfTrimPrefix,
},
ReturnType: []jpType{jpString},
Note: "trims the second string prefix from the first string if the first string starts with the prefix",
}, {
FunctionEntry: gojmespath.FunctionEntry{
Name: split,
Expand Down Expand Up @@ -588,6 +600,21 @@ func jpfTrim(arguments []interface{}) (interface{}, error) {
return strings.Trim(str.String(), cutset.String()), nil
}

func jpfTrimPrefix(arguments []interface{}) (interface{}, error) {
var err error
str, err := validateArg(trimPrefix, arguments, 0, reflect.String)
if err != nil {
return nil, err
}

prefix, err := validateArg(trimPrefix, arguments, 1, reflect.String)
if err != nil {
return nil, err
}

return strings.TrimPrefix(str.String(), prefix.String()), nil
}

func jpfSplit(arguments []interface{}) (interface{}, error) {
var err error
str, err := validateArg(split, arguments, 0, reflect.String)
Expand Down

0 comments on commit 23db155

Please sign in to comment.