Skip to content

Commit

Permalink
fix: generate existing
Browse files Browse the repository at this point in the history 
Signed-off-by: ShutingZhao <[email protected]>
  • Loading branch information
@realshuting
realshuting committed Aug 13, 2024
1 parent e67a111 commit c868596
Show file tree
Hide file tree
Showing 11 changed files with 224 additions and 17 deletions.
22 changes: 17 additions & 5 deletions pkg/background/generate/generate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ func (c *GenerateController) getTriggerForCreateOperation(spec kyvernov2.UpdateR

func (c *GenerateController) applyGenerate(trigger unstructured.Unstructured, ur kyvernov2.UpdateRequest, i int, namespaceLabels map[string]string) ([]kyvernov1.ResourceSpec, error) {
logger := c.log.WithValues("name", ur.GetName(), "policy", ur.Spec.GetPolicyKey())
logger.V(3).Info("applying generate policy rule")
logger.V(3).Info("applying generate policy")

policy, err := c.getPolicyObject(ur)
if err != nil && !apierrors.IsNotFound(err) {
Expand All @@ -210,7 +210,20 @@ func (c *GenerateController) applyGenerate(trigger unstructured.Unstructured, ur
return nil, err
}

policyContext, err := common.NewBackgroundContext(logger, c.client, ur.Spec.Context, policy, &trigger, c.configuration, c.jp, namespaceLabels)
var rule *kyvernov1.Rule
p := policy.CreateDeepCopy()
for j := range p.GetSpec().Rules {
if p.GetSpec().Rules[j].Name == ruleContext.Rule {
rule = &p.GetSpec().Rules[j]
break
}
}
if rule == nil {
logger.Info("skip rule application as the rule does not exist in the updaterequest", "rule", ruleContext.Rule)
return nil, nil
}
p.GetSpec().SetRules([]kyvernov1.Rule{*rule})
policyContext, err := common.NewBackgroundContext(logger, c.client, ur.Spec.Context, p, &trigger, c.configuration, c.jp, namespaceLabels)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -305,7 +318,6 @@ func (c *GenerateController) ApplyGeneratePolicy(log logr.Logger, policyContext
if !slices.Contains(applicableRules, rule.Name) {
continue
}

if rule.Generation.Synchronize {
ruleRaw, err := json.Marshal(rule.DeepCopy())
if err != nil {
Expand All @@ -327,7 +339,7 @@ func (c *GenerateController) ApplyGeneratePolicy(log logr.Logger, policyContext
if applyRules == kyvernov1.ApplyOne && applyCount > 0 {
break
}

logger := log.WithValues("rule", rule.Name)
// add configmap json data to context
if err := c.engine.ContextLoader(policyContext.Policy(), rule)(context.TODO(), rule.Context, policyContext.JSONContext()); err != nil {
log.Error(err, "cannot add configmaps to context")
Expand All @@ -339,7 +351,7 @@ func (c *GenerateController) ApplyGeneratePolicy(log logr.Logger, policyContext
return nil, err
}

genResource, err = applyRule(log, c.client, rule, resource, policy)
genResource, err = applyRule(logger, c.client, rule, resource, policy)
if err != nil {
log.Error(err, "failed to apply generate rule", "policy", policy.GetName(), "rule", rule.Name, "resource", resource.GetName())
return nil, err
Expand Down
17 changes: 17 additions & 0 deletions ...erpolicy/standard/existing/different-generate-existing-values-reorder/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
## Description

This test ensures that a generate policy works as expected in case the rules have a different value for the `generateExisting` field.

## Expected Behavior

1. Create two Namespaces named `red-ns` and `green-ns`.

2. Create a policy with two generate rules:
- The first rule named `generate-network-policy` matches Namespaces sets the `generateExisting` to `true`.
- The second rule named `generate-config-map` matches Namespaces sets the `generateExisting` to `false`.

3. It is expected that a NetworkPolicy will be generated for each Namespace whereas ConfigMaps will not be generated.

## Reference Issue(s)

N/A
27 changes: 27 additions & 0 deletions ...terpolicy/standard/existing/different-generate-existing-values-reorder/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
creationTimestamp: null
name: different-generate-existing-values
spec:
steps:
- name: step-01
try:
- apply:
file: existing-resources.yaml
- name: step-02
try:
- apply:
file: policy.yaml
- assert:
file: policy-ready.yaml
- name: step-03
try:
- sleep:
duration: 3s
- name: step-04
try:
- assert:
file: generated-resources.yaml
- error:
file: fail-generated-resources.yaml
13 changes: 13 additions & 0 deletions ...licy/standard/existing/different-generate-existing-values-reorder/existing-resources.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: v1
kind: Namespace
metadata:
name: red-ns
labels:
color: red
---
apiVersion: v1
kind: Namespace
metadata:
name: green-ns
labels:
color: green
34 changes: 34 additions & 0 deletions ...tandard/existing/different-generate-existing-values-reorder/fail-generated-resources.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
apiVersion: v1
data:
KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092
ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181
kind: ConfigMap
metadata:
labels:
somekey: somevalue
name: zk-kafka-address
namespace: red-ns
---
apiVersion: v1
data:
KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092
ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181
kind: ConfigMap
metadata:
labels:
somekey: somevalue
name: zk-kafka-address
namespace: green-ns
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
created-by: kyverno
name: default-deny
namespace: red-ns
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
25 changes: 25 additions & 0 deletions ...icy/standard/existing/different-generate-existing-values-reorder/generated-resources.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# apiVersion: networking.k8s.io/v1
# kind: NetworkPolicy
# metadata:
# labels:
# created-by: kyverno
# name: default-deny
# namespace: red-ns
# spec:
# podSelector: {}
# policyTypes:
# - Ingress
# - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
created-by: kyverno
name: default-deny
namespace: green-ns
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
9 changes: 9 additions & 0 deletions ...sterpolicy/standard/existing/different-generate-existing-values-reorder/policy-ready.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: different-generate-existing-values-reorder
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready
53 changes: 53 additions & 0 deletions ...te/clusterpolicy/standard/existing/different-generate-existing-values-reorder/policy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: different-generate-existing-values-reorder
spec:
rules:
- name: generate-config-map
match:
any:
- resources:
kinds:
- Namespace
names:
- red-ns
generate:
generateExisting: false
synchronize: true
apiVersion: v1
kind: ConfigMap
name: zk-kafka-address
namespace: "{{request.object.metadata.name}}"
data:
kind: ConfigMap
metadata:
labels:
somekey: somevalue
data:
ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181"
KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092"
- name: generate-network-policy
match:
any:
- resources:
kinds:
- Namespace
names:
- green-ns
generate:
generateExisting: true
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
name: default-deny
namespace: "{{request.object.metadata.name}}"
synchronize: true
data:
metadata:
labels:
created-by: kyverno
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
13 changes: 13 additions & 0 deletions ...policy/standard/existing/different-generate-existing-values/fail-generated-resources.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,16 @@ metadata:
somekey: somevalue
name: zk-kafka-address
namespace: green-ns
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
created-by: kyverno
name: default-deny
namespace: red-ns
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
24 changes: 12 additions & 12 deletions ...usterpolicy/standard/existing/different-generate-existing-values/generated-resources.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
created-by: kyverno
name: default-deny
namespace: red-ns
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
# apiVersion: networking.k8s.io/v1
# kind: NetworkPolicy
# metadata:
# labels:
# created-by: kyverno
# name: default-deny
# namespace: red-ns
# spec:
# podSelector: {}
# policyTypes:
# - Ingress
# - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
Expand Down
4 changes: 4 additions & 0 deletions ...w/generate/clusterpolicy/standard/existing/different-generate-existing-values/policy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ spec:
- resources:
kinds:
- Namespace
names:
- green-ns
generate:
generateExisting: true
kind: NetworkPolicy
Expand All @@ -32,6 +34,8 @@ spec:
- resources:
kinds:
- Namespace
names:
- red-ns
generate:
generateExisting: false
synchronize: true
Expand Down

0 comments on commit c868596

Please sign in to comment.