Policy is the resource that contains the policy definition.
+ValidationPolicy is the resource that contains the policy definition.
| Field | Type | Required | Description | |---|---|---|---| | `apiVersion` | `string` | :white_check_mark: | `json.kyverno.io/v1alpha1` | -| `kind` | `string` | :white_check_mark: | `Policy` | +| `kind` | `string` | :white_check_mark: | `ValidationPolicy` | | `metadata` | [`meta/v1.ObjectMeta`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#objectmeta-v1-meta) | |Standard object's metadata.
| | `spec` | [`PolicySpec`](#json-kyverno-io-v1alpha1-PolicySpec) | :white_check_mark: |Policy spec.
| -## `PolicyList` {#json-kyverno-io-v1alpha1-PolicyList} +## `ValidationPolicyList` {#json-kyverno-io-v1alpha1-ValidationPolicyList} -PolicyList is a list of Policy instances.
+ValidationPolicyList is a list of Policy instances.
| Field | Type | Required | Description | |---|---|---|---| | `apiVersion` | `string` | :white_check_mark: | `json.kyverno.io/v1alpha1` | -| `kind` | `string` | :white_check_mark: | `PolicyList` | +| `kind` | `string` | :white_check_mark: | `ValidationPolicyList` | | `metadata` | [`meta/v1.ListMeta`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#listmeta-v1-meta) | :white_check_mark: | *No description provided.* | -| `items` | [`[]Policy`](#json-kyverno-io-v1alpha1-Policy) | :white_check_mark: | *No description provided.* | +| `items` | [`[]ValidationPolicy`](#json-kyverno-io-v1alpha1-ValidationPolicy) | :white_check_mark: | *No description provided.* | ## `Any` {#json-kyverno-io-v1alpha1-Any} @@ -57,7 +57,7 @@ auto_generated: true **Appears in:** -- [Validation](#json-kyverno-io-v1alpha1-Validation) +- [ValidationRule](#json-kyverno-io-v1alpha1-ValidationRule) | Field | Type | Required | Description | |---|---|---|---| @@ -79,7 +79,7 @@ auto_generated: true **Appears in:** -- [Rule](#json-kyverno-io-v1alpha1-Rule) +- [ValidationRule](#json-kyverno-io-v1alpha1-ValidationRule)ContextEntry adds variables and data sources to a rule Context.
@@ -93,7 +93,7 @@ auto_generated: true **Appears in:** -- [Rule](#json-kyverno-io-v1alpha1-Rule) +- [ValidationRule](#json-kyverno-io-v1alpha1-ValidationRule) | Field | Type | Required | Description | |---|---|---|---| @@ -104,13 +104,13 @@ auto_generated: true **Appears in:** -- [Policy](#json-kyverno-io-v1alpha1-Policy) +- [ValidationPolicy](#json-kyverno-io-v1alpha1-ValidationPolicy) | Field | Type | Required | Description | |---|---|---|---| -| `rules` | [`[]Rule`](#json-kyverno-io-v1alpha1-Rule) | :white_check_mark: |Rules is a list of Rule instances. A Policy contains multiple rules and each rule can validate, mutate, or generate resources.
| +| `rules` | [`[]ValidationRule`](#json-kyverno-io-v1alpha1-ValidationRule) | :white_check_mark: |Rules is a list of Rule instances. A Policy contains multiple rules and each rule can validate, mutate, or generate resources.
| -## `Rule` {#json-kyverno-io-v1alpha1-Rule} +## `ValidationRule` {#json-kyverno-io-v1alpha1-ValidationRule} **Appears in:** @@ -122,19 +122,6 @@ auto_generated: true | `context` | [`[]ContextEntry`](#json-kyverno-io-v1alpha1-ContextEntry) | :white_check_mark: |Context defines variables and data sources that can be used during rule execution.
| | `match` | [`Match`](#json-kyverno-io-v1alpha1-Match) | :white_check_mark: |Match defines when this policy rule should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required.
| | `exclude` | [`Match`](#json-kyverno-io-v1alpha1-Match) | :white_check_mark: |Exclude defines when this policy rule should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role.
| -| `validate` | [`Validation`](#json-kyverno-io-v1alpha1-Validation) | :white_check_mark: |Validation is used to validate matching resources.
| - -## `Validation` {#json-kyverno-io-v1alpha1-Validation} - -**Appears in:** - -- [Rule](#json-kyverno-io-v1alpha1-Rule) - -Validation defines checks to be performed on matching resources.
- - -| Field | Type | Required | Description | -|---|---|---|---| -| `assert` | [`Assert`](#json-kyverno-io-v1alpha1-Assert) | :white_check_mark: |Assert specifies an overlay-style pattern used to check resources.
| +| `assert` | [`Assert`](#json-kyverno-io-v1alpha1-Assert) | :white_check_mark: |Assert is used to validate matching resources.
| \ No newline at end of file diff --git a/hack/docs/catalog/main.go b/hack/docs/catalog/main.go index 4fe327e0..ac249781 100644 --- a/hack/docs/catalog/main.go +++ b/hack/docs/catalog/main.go @@ -21,7 +21,7 @@ const ( type pol struct { Path string - Policy *v1alpha1.Policy + Policy *v1alpha1.ValidationPolicy } func (p pol) TargetPath() string { diff --git a/pkg/apis/v1alpha1/assertions.go b/pkg/apis/v1alpha1/assertions.go deleted file mode 100644 index 668d02ae..00000000 --- a/pkg/apis/v1alpha1/assertions.go +++ /dev/null @@ -1,3 +0,0 @@ -package v1alpha1 - -type Assertions []Assertion diff --git a/pkg/apis/v1alpha1/validation.go b/pkg/apis/v1alpha1/validation.go deleted file mode 100644 index 69217073..00000000 --- a/pkg/apis/v1alpha1/validation.go +++ /dev/null @@ -1,7 +0,0 @@ -package v1alpha1 - -// Validation defines checks to be performed on matching resources. -type Validation struct { - // Assert specifies an overlay-style pattern used to check resources. - Assert *Assert `json:"assert,omitempty"` -} diff --git a/pkg/apis/v1alpha1/policy.go b/pkg/apis/v1alpha1/validation_policy.go similarity index 70% rename from pkg/apis/v1alpha1/policy.go rename to pkg/apis/v1alpha1/validation_policy.go index e364ce0b..16852e4e 100644 --- a/pkg/apis/v1alpha1/policy.go +++ b/pkg/apis/v1alpha1/validation_policy.go @@ -10,8 +10,8 @@ import ( // +kubebuilder:object:root=true // +kubebuilder:resource:scope=Cluster -// Policy is the resource that contains the policy definition. -type Policy struct { +// ValidationPolicy is the resource that contains the policy definition. +type ValidationPolicy struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -24,9 +24,9 @@ type Policy struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// PolicyList is a list of Policy instances. -type PolicyList struct { +// ValidationPolicyList is a list of Policy instances. +type ValidationPolicyList struct { metav1.TypeMeta `json:",inline" yaml:",inline"` metav1.ListMeta `json:"metadata" yaml:"metadata"` - Items []Policy `json:"items" yaml:"items"` + Items []ValidationPolicy `json:"items" yaml:"items"` } diff --git a/pkg/apis/v1alpha1/policy_spec.go b/pkg/apis/v1alpha1/validation_policy_spec.go similarity index 78% rename from pkg/apis/v1alpha1/policy_spec.go rename to pkg/apis/v1alpha1/validation_policy_spec.go index 810ba0f3..2a2cb6cf 100644 --- a/pkg/apis/v1alpha1/policy_spec.go +++ b/pkg/apis/v1alpha1/validation_policy_spec.go @@ -2,5 +2,5 @@ package v1alpha1 type PolicySpec struct { // Rules is a list of Rule instances. A Policy contains multiple rules and each rule can validate, mutate, or generate resources. - Rules []Rule `json:"rules,omitempty"` + Rules []ValidationRule `json:"rules,omitempty"` } diff --git a/pkg/apis/v1alpha1/rule.go b/pkg/apis/v1alpha1/validation_rule.go similarity index 87% rename from pkg/apis/v1alpha1/rule.go rename to pkg/apis/v1alpha1/validation_rule.go index 1c6e2e1f..dc9bf237 100644 --- a/pkg/apis/v1alpha1/rule.go +++ b/pkg/apis/v1alpha1/validation_rule.go @@ -1,6 +1,6 @@ package v1alpha1 -type Rule struct { +type ValidationRule struct { // Name is a label to identify the rule, It must be unique within the policy. // +kubebuilder:validation:MaxLength=63 Name string `json:"name"` @@ -19,6 +19,6 @@ type Rule struct { // and admission review request information like the name or role. Exclude *Match `json:"exclude,omitempty"` - // Validation is used to validate matching resources. - Validation *Validation `json:"validate,omitempty"` + // Assert is used to validate matching resources. + Assert *Assert `json:"assert,omitempty"` } diff --git a/pkg/apis/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/v1alpha1/zz_generated.deepcopy.go index dcd62278..1f611ca0 100644 --- a/pkg/apis/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/v1alpha1/zz_generated.deepcopy.go @@ -72,28 +72,6 @@ func (in *Assertion) DeepCopy() *Assertion { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in Assertions) DeepCopyInto(out *Assertions) { - { - in := &in - *out = make(Assertions, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - return - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Assertions. -func (in Assertions) DeepCopy() Assertions { - if in == nil { - return nil - } - out := new(Assertions) - in.DeepCopyInto(out) - return *out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ContextEntry) DeepCopyInto(out *ContextEntry) { *out = *in @@ -142,7 +120,30 @@ func (in *Match) DeepCopy() *Match { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Policy) DeepCopyInto(out *Policy) { +func (in *PolicySpec) DeepCopyInto(out *PolicySpec) { + *out = *in + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]ValidationRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec. +func (in *PolicySpec) DeepCopy() *PolicySpec { + if in == nil { + return nil + } + out := new(PolicySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ValidationPolicy) DeepCopyInto(out *ValidationPolicy) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -150,18 +151,18 @@ func (in *Policy) DeepCopyInto(out *Policy) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. -func (in *Policy) DeepCopy() *Policy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidationPolicy. +func (in *ValidationPolicy) DeepCopy() *ValidationPolicy { if in == nil { return nil } - out := new(Policy) + out := new(ValidationPolicy) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Policy) DeepCopyObject() runtime.Object { +func (in *ValidationPolicy) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -169,13 +170,13 @@ func (in *Policy) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyList) DeepCopyInto(out *PolicyList) { +func (in *ValidationPolicyList) DeepCopyInto(out *ValidationPolicyList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]Policy, len(*in)) + *out = make([]ValidationPolicy, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -183,18 +184,18 @@ func (in *PolicyList) DeepCopyInto(out *PolicyList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList. -func (in *PolicyList) DeepCopy() *PolicyList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidationPolicyList. +func (in *ValidationPolicyList) DeepCopy() *ValidationPolicyList { if in == nil { return nil } - out := new(PolicyList) + out := new(ValidationPolicyList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PolicyList) DeepCopyObject() runtime.Object { +func (in *ValidationPolicyList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -202,30 +203,7 @@ func (in *PolicyList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicySpec) DeepCopyInto(out *PolicySpec) { - *out = *in - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]Rule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec. -func (in *PolicySpec) DeepCopy() *PolicySpec { - if in == nil { - return nil - } - out := new(PolicySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Rule) DeepCopyInto(out *Rule) { +func (in *ValidationRule) DeepCopyInto(out *ValidationRule) { *out = *in if in.Context != nil { in, out := &in.Context, &out.Context @@ -244,27 +222,6 @@ func (in *Rule) DeepCopyInto(out *Rule) { *out = new(Match) (*in).DeepCopyInto(*out) } - if in.Validation != nil { - in, out := &in.Validation, &out.Validation - *out = new(Validation) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule. -func (in *Rule) DeepCopy() *Rule { - if in == nil { - return nil - } - out := new(Rule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Validation) DeepCopyInto(out *Validation) { - *out = *in if in.Assert != nil { in, out := &in.Assert, &out.Assert *out = new(Assert) @@ -273,12 +230,12 @@ func (in *Validation) DeepCopyInto(out *Validation) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validation. -func (in *Validation) DeepCopy() *Validation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidationRule. +func (in *ValidationRule) DeepCopy() *ValidationRule { if in == nil { return nil } - out := new(Validation) + out := new(ValidationRule) in.DeepCopyInto(out) return out } diff --git a/pkg/apis/v1alpha1/zz_generated.register.go b/pkg/apis/v1alpha1/zz_generated.register.go index 822e506a..51ac54d9 100644 --- a/pkg/apis/v1alpha1/zz_generated.register.go +++ b/pkg/apis/v1alpha1/zz_generated.register.go @@ -58,8 +58,8 @@ func init() { // Adds the list of known types to Scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &Policy{}, - &PolicyList{}, + &ValidationPolicy{}, + &ValidationPolicyList{}, ) // AddToGroupVersion allows the serialization of client types like ListOptions. v1.AddToGroupVersion(scheme, SchemeGroupVersion) diff --git a/pkg/client/clientset/versioned/typed/apis/v1alpha1/apis_client.go b/pkg/client/clientset/versioned/typed/apis/v1alpha1/apis_client.go index f69e8bd4..0fcc68ad 100644 --- a/pkg/client/clientset/versioned/typed/apis/v1alpha1/apis_client.go +++ b/pkg/client/clientset/versioned/typed/apis/v1alpha1/apis_client.go @@ -28,7 +28,7 @@ import ( type JsonV1alpha1Interface interface { RESTClient() rest.Interface - PoliciesGetter + ValidationPoliciesGetter } // JsonV1alpha1Client is used to interact with features provided by the json.kyverno.io group. @@ -36,8 +36,8 @@ type JsonV1alpha1Client struct { restClient rest.Interface } -func (c *JsonV1alpha1Client) Policies() PolicyInterface { - return newPolicies(c) +func (c *JsonV1alpha1Client) ValidationPolicies() ValidationPolicyInterface { + return newValidationPolicies(c) } // NewForConfig creates a new JsonV1alpha1Client for the given config. diff --git a/pkg/client/clientset/versioned/typed/apis/v1alpha1/fake/fake_apis_client.go b/pkg/client/clientset/versioned/typed/apis/v1alpha1/fake/fake_apis_client.go index 6ff13c61..d8468f75 100644 --- a/pkg/client/clientset/versioned/typed/apis/v1alpha1/fake/fake_apis_client.go +++ b/pkg/client/clientset/versioned/typed/apis/v1alpha1/fake/fake_apis_client.go @@ -28,8 +28,8 @@ type FakeJsonV1alpha1 struct { *testing.Fake } -func (c *FakeJsonV1alpha1) Policies() v1alpha1.PolicyInterface { - return &FakePolicies{c} +func (c *FakeJsonV1alpha1) ValidationPolicies() v1alpha1.ValidationPolicyInterface { + return &FakeValidationPolicies{c} } // RESTClient returns a RESTClient that is used to communicate diff --git a/pkg/client/clientset/versioned/typed/apis/v1alpha1/fake/fake_policy.go b/pkg/client/clientset/versioned/typed/apis/v1alpha1/fake/fake_policy.go deleted file mode 100644 index ec844df1..00000000 --- a/pkg/client/clientset/versioned/typed/apis/v1alpha1/fake/fake_policy.go +++ /dev/null @@ -1,121 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1alpha1 "github.com/kyverno/kyverno-json/pkg/apis/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakePolicies implements PolicyInterface -type FakePolicies struct { - Fake *FakeJsonV1alpha1 -} - -var policiesResource = v1alpha1.SchemeGroupVersion.WithResource("policies") - -var policiesKind = v1alpha1.SchemeGroupVersion.WithKind("Policy") - -// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any. -func (c *FakePolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootGetAction(policiesResource, name), &v1alpha1.Policy{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.Policy), err -} - -// List takes label and field selectors, and returns the list of Policies that match those selectors. -func (c *FakePolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootListAction(policiesResource, policiesKind, opts), &v1alpha1.PolicyList{}) - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.PolicyList{ListMeta: obj.(*v1alpha1.PolicyList).ListMeta} - for _, item := range obj.(*v1alpha1.PolicyList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested policies. -func (c *FakePolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewRootWatchAction(policiesResource, opts)) -} - -// Create takes the representation of a policy and creates it. Returns the server's representation of the policy, and an error, if there is any. -func (c *FakePolicies) Create(ctx context.Context, policy *v1alpha1.Policy, opts v1.CreateOptions) (result *v1alpha1.Policy, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootCreateAction(policiesResource, policy), &v1alpha1.Policy{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.Policy), err -} - -// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any. -func (c *FakePolicies) Update(ctx context.Context, policy *v1alpha1.Policy, opts v1.UpdateOptions) (result *v1alpha1.Policy, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateAction(policiesResource, policy), &v1alpha1.Policy{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.Policy), err -} - -// Delete takes name of the policy and deletes it. Returns an error if one occurs. -func (c *FakePolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewRootDeleteActionWithOptions(policiesResource, name, opts), &v1alpha1.Policy{}) - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakePolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewRootDeleteCollectionAction(policiesResource, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.PolicyList{}) - return err -} - -// Patch applies the patch and returns the patched policy. -func (c *FakePolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Policy, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceAction(policiesResource, name, pt, data, subresources...), &v1alpha1.Policy{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.Policy), err -} diff --git a/pkg/client/clientset/versioned/typed/apis/v1alpha1/fake/fake_validationpolicy.go b/pkg/client/clientset/versioned/typed/apis/v1alpha1/fake/fake_validationpolicy.go new file mode 100644 index 00000000..90a5e0a9 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/apis/v1alpha1/fake/fake_validationpolicy.go @@ -0,0 +1,121 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/kyverno/kyverno-json/pkg/apis/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeValidationPolicies implements ValidationPolicyInterface +type FakeValidationPolicies struct { + Fake *FakeJsonV1alpha1 +} + +var validationpoliciesResource = v1alpha1.SchemeGroupVersion.WithResource("validationpolicies") + +var validationpoliciesKind = v1alpha1.SchemeGroupVersion.WithKind("ValidationPolicy") + +// Get takes name of the validationPolicy, and returns the corresponding validationPolicy object, and an error if there is any. +func (c *FakeValidationPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ValidationPolicy, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(validationpoliciesResource, name), &v1alpha1.ValidationPolicy{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.ValidationPolicy), err +} + +// List takes label and field selectors, and returns the list of ValidationPolicies that match those selectors. +func (c *FakeValidationPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ValidationPolicyList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(validationpoliciesResource, validationpoliciesKind, opts), &v1alpha1.ValidationPolicyList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.ValidationPolicyList{ListMeta: obj.(*v1alpha1.ValidationPolicyList).ListMeta} + for _, item := range obj.(*v1alpha1.ValidationPolicyList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested validationPolicies. +func (c *FakeValidationPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(validationpoliciesResource, opts)) +} + +// Create takes the representation of a validationPolicy and creates it. Returns the server's representation of the validationPolicy, and an error, if there is any. +func (c *FakeValidationPolicies) Create(ctx context.Context, validationPolicy *v1alpha1.ValidationPolicy, opts v1.CreateOptions) (result *v1alpha1.ValidationPolicy, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(validationpoliciesResource, validationPolicy), &v1alpha1.ValidationPolicy{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.ValidationPolicy), err +} + +// Update takes the representation of a validationPolicy and updates it. Returns the server's representation of the validationPolicy, and an error, if there is any. +func (c *FakeValidationPolicies) Update(ctx context.Context, validationPolicy *v1alpha1.ValidationPolicy, opts v1.UpdateOptions) (result *v1alpha1.ValidationPolicy, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(validationpoliciesResource, validationPolicy), &v1alpha1.ValidationPolicy{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.ValidationPolicy), err +} + +// Delete takes name of the validationPolicy and deletes it. Returns an error if one occurs. +func (c *FakeValidationPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(validationpoliciesResource, name, opts), &v1alpha1.ValidationPolicy{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeValidationPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(validationpoliciesResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.ValidationPolicyList{}) + return err +} + +// Patch applies the patch and returns the patched validationPolicy. +func (c *FakeValidationPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ValidationPolicy, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(validationpoliciesResource, name, pt, data, subresources...), &v1alpha1.ValidationPolicy{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.ValidationPolicy), err +} diff --git a/pkg/client/clientset/versioned/typed/apis/v1alpha1/generated_expansion.go b/pkg/client/clientset/versioned/typed/apis/v1alpha1/generated_expansion.go index c8b772dd..1ac8284e 100644 --- a/pkg/client/clientset/versioned/typed/apis/v1alpha1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/apis/v1alpha1/generated_expansion.go @@ -18,4 +18,4 @@ limitations under the License. package v1alpha1 -type PolicyExpansion interface{} +type ValidationPolicyExpansion interface{} diff --git a/pkg/client/clientset/versioned/typed/apis/v1alpha1/policy.go b/pkg/client/clientset/versioned/typed/apis/v1alpha1/policy.go deleted file mode 100644 index d643408c..00000000 --- a/pkg/client/clientset/versioned/typed/apis/v1alpha1/policy.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "github.com/kyverno/kyverno-json/pkg/apis/v1alpha1" - scheme "github.com/kyverno/kyverno-json/pkg/client/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// PoliciesGetter has a method to return a PolicyInterface. -// A group's client should implement this interface. -type PoliciesGetter interface { - Policies() PolicyInterface -} - -// PolicyInterface has methods to work with Policy resources. -type PolicyInterface interface { - Create(ctx context.Context, policy *v1alpha1.Policy, opts v1.CreateOptions) (*v1alpha1.Policy, error) - Update(ctx context.Context, policy *v1alpha1.Policy, opts v1.UpdateOptions) (*v1alpha1.Policy, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.Policy, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.PolicyList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Policy, err error) - PolicyExpansion -} - -// policies implements PolicyInterface -type policies struct { - client rest.Interface -} - -// newPolicies returns a Policies -func newPolicies(c *JsonV1alpha1Client) *policies { - return &policies{ - client: c.RESTClient(), - } -} - -// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any. -func (c *policies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) { - result = &v1alpha1.Policy{} - err = c.client.Get(). - Resource("policies"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Policies that match those selectors. -func (c *policies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.PolicyList{} - err = c.client.Get(). - Resource("policies"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested policies. -func (c *policies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("policies"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a policy and creates it. Returns the server's representation of the policy, and an error, if there is any. -func (c *policies) Create(ctx context.Context, policy *v1alpha1.Policy, opts v1.CreateOptions) (result *v1alpha1.Policy, err error) { - result = &v1alpha1.Policy{} - err = c.client.Post(). - Resource("policies"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(policy). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any. -func (c *policies) Update(ctx context.Context, policy *v1alpha1.Policy, opts v1.UpdateOptions) (result *v1alpha1.Policy, err error) { - result = &v1alpha1.Policy{} - err = c.client.Put(). - Resource("policies"). - Name(policy.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(policy). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the policy and deletes it. Returns an error if one occurs. -func (c *policies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("policies"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *policies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("policies"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched policy. -func (c *policies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Policy, err error) { - result = &v1alpha1.Policy{} - err = c.client.Patch(pt). - Resource("policies"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/clientset/versioned/typed/apis/v1alpha1/validationpolicy.go b/pkg/client/clientset/versioned/typed/apis/v1alpha1/validationpolicy.go new file mode 100644 index 00000000..81f23795 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/apis/v1alpha1/validationpolicy.go @@ -0,0 +1,168 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "github.com/kyverno/kyverno-json/pkg/apis/v1alpha1" + scheme "github.com/kyverno/kyverno-json/pkg/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ValidationPoliciesGetter has a method to return a ValidationPolicyInterface. +// A group's client should implement this interface. +type ValidationPoliciesGetter interface { + ValidationPolicies() ValidationPolicyInterface +} + +// ValidationPolicyInterface has methods to work with ValidationPolicy resources. +type ValidationPolicyInterface interface { + Create(ctx context.Context, validationPolicy *v1alpha1.ValidationPolicy, opts v1.CreateOptions) (*v1alpha1.ValidationPolicy, error) + Update(ctx context.Context, validationPolicy *v1alpha1.ValidationPolicy, opts v1.UpdateOptions) (*v1alpha1.ValidationPolicy, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ValidationPolicy, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ValidationPolicyList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ValidationPolicy, err error) + ValidationPolicyExpansion +} + +// validationPolicies implements ValidationPolicyInterface +type validationPolicies struct { + client rest.Interface +} + +// newValidationPolicies returns a ValidationPolicies +func newValidationPolicies(c *JsonV1alpha1Client) *validationPolicies { + return &validationPolicies{ + client: c.RESTClient(), + } +} + +// Get takes name of the validationPolicy, and returns the corresponding validationPolicy object, and an error if there is any. +func (c *validationPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ValidationPolicy, err error) { + result = &v1alpha1.ValidationPolicy{} + err = c.client.Get(). + Resource("validationpolicies"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ValidationPolicies that match those selectors. +func (c *validationPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ValidationPolicyList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.ValidationPolicyList{} + err = c.client.Get(). + Resource("validationpolicies"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested validationPolicies. +func (c *validationPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("validationpolicies"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a validationPolicy and creates it. Returns the server's representation of the validationPolicy, and an error, if there is any. +func (c *validationPolicies) Create(ctx context.Context, validationPolicy *v1alpha1.ValidationPolicy, opts v1.CreateOptions) (result *v1alpha1.ValidationPolicy, err error) { + result = &v1alpha1.ValidationPolicy{} + err = c.client.Post(). + Resource("validationpolicies"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(validationPolicy). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a validationPolicy and updates it. Returns the server's representation of the validationPolicy, and an error, if there is any. +func (c *validationPolicies) Update(ctx context.Context, validationPolicy *v1alpha1.ValidationPolicy, opts v1.UpdateOptions) (result *v1alpha1.ValidationPolicy, err error) { + result = &v1alpha1.ValidationPolicy{} + err = c.client.Put(). + Resource("validationpolicies"). + Name(validationPolicy.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(validationPolicy). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the validationPolicy and deletes it. Returns an error if one occurs. +func (c *validationPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("validationpolicies"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *validationPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("validationpolicies"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched validationPolicy. +func (c *validationPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ValidationPolicy, err error) { + result = &v1alpha1.ValidationPolicy{} + err = c.client.Patch(pt). + Resource("validationpolicies"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/informers/externalversions/apis/v1alpha1/interface.go b/pkg/client/informers/externalversions/apis/v1alpha1/interface.go index 7b9fc227..d07bf50c 100644 --- a/pkg/client/informers/externalversions/apis/v1alpha1/interface.go +++ b/pkg/client/informers/externalversions/apis/v1alpha1/interface.go @@ -24,8 +24,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // Policies returns a PolicyInformer. - Policies() PolicyInformer + // ValidationPolicies returns a ValidationPolicyInformer. + ValidationPolicies() ValidationPolicyInformer } type version struct { @@ -39,7 +39,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// Policies returns a PolicyInformer. -func (v *version) Policies() PolicyInformer { - return &policyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +// ValidationPolicies returns a ValidationPolicyInformer. +func (v *version) ValidationPolicies() ValidationPolicyInformer { + return &validationPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } diff --git a/pkg/client/informers/externalversions/apis/v1alpha1/policy.go b/pkg/client/informers/externalversions/apis/v1alpha1/validationpolicy.go similarity index 56% rename from pkg/client/informers/externalversions/apis/v1alpha1/policy.go rename to pkg/client/informers/externalversions/apis/v1alpha1/validationpolicy.go index 268ae510..3a7c6d22 100644 --- a/pkg/client/informers/externalversions/apis/v1alpha1/policy.go +++ b/pkg/client/informers/externalversions/apis/v1alpha1/validationpolicy.go @@ -32,58 +32,58 @@ import ( cache "k8s.io/client-go/tools/cache" ) -// PolicyInformer provides access to a shared informer and lister for -// Policies. -type PolicyInformer interface { +// ValidationPolicyInformer provides access to a shared informer and lister for +// ValidationPolicies. +type ValidationPolicyInformer interface { Informer() cache.SharedIndexInformer - Lister() v1alpha1.PolicyLister + Lister() v1alpha1.ValidationPolicyLister } -type policyInformer struct { +type validationPolicyInformer struct { factory internalinterfaces.SharedInformerFactory tweakListOptions internalinterfaces.TweakListOptionsFunc } -// NewPolicyInformer constructs a new informer for Policy type. +// NewValidationPolicyInformer constructs a new informer for ValidationPolicy type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPolicyInformer(client, resyncPeriod, indexers, nil) +func NewValidationPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredValidationPolicyInformer(client, resyncPeriod, indexers, nil) } -// NewFilteredPolicyInformer constructs a new informer for Policy type. +// NewFilteredValidationPolicyInformer constructs a new informer for ValidationPolicy type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewFilteredPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { +func NewFilteredValidationPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( &cache.ListWatch{ ListFunc: func(options v1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.JsonV1alpha1().Policies().List(context.TODO(), options) + return client.JsonV1alpha1().ValidationPolicies().List(context.TODO(), options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.JsonV1alpha1().Policies().Watch(context.TODO(), options) + return client.JsonV1alpha1().ValidationPolicies().Watch(context.TODO(), options) }, }, - &apisv1alpha1.Policy{}, + &apisv1alpha1.ValidationPolicy{}, resyncPeriod, indexers, ) } -func (f *policyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +func (f *validationPolicyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredValidationPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) } -func (f *policyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&apisv1alpha1.Policy{}, f.defaultInformer) +func (f *validationPolicyInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&apisv1alpha1.ValidationPolicy{}, f.defaultInformer) } -func (f *policyInformer) Lister() v1alpha1.PolicyLister { - return v1alpha1.NewPolicyLister(f.Informer().GetIndexer()) +func (f *validationPolicyInformer) Lister() v1alpha1.ValidationPolicyLister { + return v1alpha1.NewValidationPolicyLister(f.Informer().GetIndexer()) } diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index 2b5a0d0e..6d5aaa83 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -53,8 +53,8 @@ func (f *genericInformer) Lister() cache.GenericLister { func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { switch resource { // Group=json.kyverno.io, Version=v1alpha1 - case v1alpha1.SchemeGroupVersion.WithResource("policies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Json().V1alpha1().Policies().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("validationpolicies"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Json().V1alpha1().ValidationPolicies().Informer()}, nil } diff --git a/pkg/client/listers/apis/v1alpha1/expansion_generated.go b/pkg/client/listers/apis/v1alpha1/expansion_generated.go index 6837481c..05ab1494 100644 --- a/pkg/client/listers/apis/v1alpha1/expansion_generated.go +++ b/pkg/client/listers/apis/v1alpha1/expansion_generated.go @@ -18,6 +18,6 @@ limitations under the License. package v1alpha1 -// PolicyListerExpansion allows custom methods to be added to -// PolicyLister. -type PolicyListerExpansion interface{} +// ValidationPolicyListerExpansion allows custom methods to be added to +// ValidationPolicyLister. +type ValidationPolicyListerExpansion interface{} diff --git a/pkg/client/listers/apis/v1alpha1/policy.go b/pkg/client/listers/apis/v1alpha1/validationpolicy.go similarity index 50% rename from pkg/client/listers/apis/v1alpha1/policy.go rename to pkg/client/listers/apis/v1alpha1/validationpolicy.go index 8f164ba7..c30c432b 100644 --- a/pkg/client/listers/apis/v1alpha1/policy.go +++ b/pkg/client/listers/apis/v1alpha1/validationpolicy.go @@ -25,44 +25,44 @@ import ( "k8s.io/client-go/tools/cache" ) -// PolicyLister helps list Policies. +// ValidationPolicyLister helps list ValidationPolicies. // All objects returned here must be treated as read-only. -type PolicyLister interface { - // List lists all Policies in the indexer. +type ValidationPolicyLister interface { + // List lists all ValidationPolicies in the indexer. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.Policy, err error) - // Get retrieves the Policy from the index for a given name. + List(selector labels.Selector) (ret []*v1alpha1.ValidationPolicy, err error) + // Get retrieves the ValidationPolicy from the index for a given name. // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.Policy, error) - PolicyListerExpansion + Get(name string) (*v1alpha1.ValidationPolicy, error) + ValidationPolicyListerExpansion } -// policyLister implements the PolicyLister interface. -type policyLister struct { +// validationPolicyLister implements the ValidationPolicyLister interface. +type validationPolicyLister struct { indexer cache.Indexer } -// NewPolicyLister returns a new PolicyLister. -func NewPolicyLister(indexer cache.Indexer) PolicyLister { - return &policyLister{indexer: indexer} +// NewValidationPolicyLister returns a new ValidationPolicyLister. +func NewValidationPolicyLister(indexer cache.Indexer) ValidationPolicyLister { + return &validationPolicyLister{indexer: indexer} } -// List lists all Policies in the indexer. -func (s *policyLister) List(selector labels.Selector) (ret []*v1alpha1.Policy, err error) { +// List lists all ValidationPolicies in the indexer. +func (s *validationPolicyLister) List(selector labels.Selector) (ret []*v1alpha1.ValidationPolicy, err error) { err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.Policy)) + ret = append(ret, m.(*v1alpha1.ValidationPolicy)) }) return ret, err } -// Get retrieves the Policy from the index for a given name. -func (s *policyLister) Get(name string) (*v1alpha1.Policy, error) { +// Get retrieves the ValidationPolicy from the index for a given name. +func (s *validationPolicyLister) Get(name string) (*v1alpha1.ValidationPolicy, error) { obj, exists, err := s.indexer.GetByKey(name) if err != nil { return nil, err } if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("policy"), name) + return nil, errors.NewNotFound(v1alpha1.Resource("validationpolicy"), name) } - return obj.(*v1alpha1.Policy), nil + return obj.(*v1alpha1.ValidationPolicy), nil } diff --git a/pkg/commands/scan/options.go b/pkg/commands/scan/options.go index 01c5ed23..3ad7ae03 100644 --- a/pkg/commands/scan/options.go +++ b/pkg/commands/scan/options.go @@ -40,7 +40,7 @@ func (c *options) run(cmd *cobra.Command, _ []string) error { selector = parsed } { - var filteredPolicies []*v1alpha1.Policy + var filteredPolicies []*v1alpha1.ValidationPolicy for _, policy := range policies { if selector.Matches(labels.Set(policy.Labels)) { filteredPolicies = append(filteredPolicies, policy) diff --git a/pkg/commands/serve/provider.go b/pkg/commands/serve/provider.go index 9835dd22..b948e782 100644 --- a/pkg/commands/serve/provider.go +++ b/pkg/commands/serve/provider.go @@ -13,8 +13,8 @@ type provider struct { } // TODO: use an informer/lister -func (p *provider) Get() ([]v1alpha1.Policy, error) { - list, err := p.client.JsonV1alpha1().Policies().List(context.Background(), metav1.ListOptions{}) +func (p *provider) Get() ([]v1alpha1.ValidationPolicy, error) { + list, err := p.client.JsonV1alpha1().ValidationPolicies().List(context.Background(), metav1.ListOptions{}) if err != nil { return nil, err } diff --git a/pkg/data/crds/json.kyverno.io_policies.yaml b/pkg/data/crds/json.kyverno.io_validationpolicies.yaml similarity index 69% rename from pkg/data/crds/json.kyverno.io_policies.yaml rename to pkg/data/crds/json.kyverno.io_validationpolicies.yaml index e268a8b9..1076d522 100644 --- a/pkg/data/crds/json.kyverno.io_policies.yaml +++ b/pkg/data/crds/json.kyverno.io_validationpolicies.yaml @@ -4,20 +4,20 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.12.0 - name: policies.json.kyverno.io + name: validationpolicies.json.kyverno.io spec: group: json.kyverno.io names: - kind: Policy - listKind: PolicyList - plural: policies - singular: policy + kind: ValidationPolicy + listKind: ValidationPolicyList + plural: validationpolicies + singular: validationpolicy scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: - description: Policy is the resource that contains the policy definition. + description: ValidationPolicy is the resource that contains the policy definition. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -39,6 +39,42 @@ spec: multiple rules and each rule can validate, mutate, or generate resources. items: properties: + assert: + description: Assert is used to validate matching resources. + properties: + all: + description: All allows specifying resources which will + be ANDed. + items: + properties: + check: + description: Check is the assertion check definition. + type: object + x-kubernetes-preserve-unknown-fields: true + message: + description: Message is the variable associated message. + type: string + required: + - check + type: object + type: array + any: + description: Any allows specifying resources which will + be ORed. + items: + properties: + check: + description: Check is the assertion check definition. + type: object + x-kubernetes-preserve-unknown-fields: true + message: + description: Message is the variable associated message. + type: string + required: + - check + type: object + type: array + type: object context: description: Context defines variables and data sources that can be used during rule execution. @@ -105,49 +141,6 @@ spec: unique within the policy. maxLength: 63 type: string - validate: - description: Validation is used to validate matching resources. - properties: - assert: - description: Assert specifies an overlay-style pattern used - to check resources. - properties: - all: - description: All allows specifying resources which will - be ANDed. - items: - properties: - check: - description: Check is the assertion check definition. - type: object - x-kubernetes-preserve-unknown-fields: true - message: - description: Message is the variable associated - message. - type: string - required: - - check - type: object - type: array - any: - description: Any allows specifying resources which will - be ORed. - items: - properties: - check: - description: Check is the assertion check definition. - type: object - x-kubernetes-preserve-unknown-fields: true - message: - description: Message is the variable associated - message. - type: string - required: - - check - type: object - type: array - type: object - type: object required: - name type: object diff --git a/pkg/json-engine/engine.go b/pkg/json-engine/engine.go index 4e6c4980..f5b5ef2a 100644 --- a/pkg/json-engine/engine.go +++ b/pkg/json-engine/engine.go @@ -15,12 +15,12 @@ import ( type JsonEngineRequest struct { Resources []interface{} - Policies []*v1alpha1.Policy + Policies []*v1alpha1.ValidationPolicy } type JsonEngineResponse struct { - Policy *v1alpha1.Policy - Rule v1alpha1.Rule + Policy *v1alpha1.ValidationPolicy + Rule v1alpha1.ValidationRule Resource interface{} Failure error Error error @@ -28,8 +28,8 @@ type JsonEngineResponse struct { func New() engine.Engine[JsonEngineRequest, JsonEngineResponse] { type request struct { - policy *v1alpha1.Policy - rule v1alpha1.Rule + policy *v1alpha1.ValidationPolicy + rule v1alpha1.ValidationRule value interface{} bindings binding.Bindings } @@ -61,7 +61,7 @@ func New() engine.Engine[JsonEngineRequest, JsonEngineResponse] { Rule: r.rule, Resource: r.value, } - errs, err := assert.MatchAssert(ctx, nil, r.rule.Validation.Assert, r.value, r.bindings) + errs, err := assert.MatchAssert(ctx, nil, r.rule.Assert, r.value, r.bindings) if err != nil { response.Failure = err } else if err := multierr.Combine(errs...); err != nil { diff --git a/pkg/policy/load.go b/pkg/policy/load.go index 52d5cd82..bfe74178 100644 --- a/pkg/policy/load.go +++ b/pkg/policy/load.go @@ -17,12 +17,12 @@ import ( ) var ( - gv_v1alpha1 = schema.GroupVersion{Group: "json.kyverno.io", Version: "v1alpha1"} - policy_v1alpha1 = gv_v1alpha1.WithKind("Policy") + gv_v1alpha1 = schema.GroupVersion{Group: "json.kyverno.io", Version: "v1alpha1"} + validationPolicy_v1alpha1 = gv_v1alpha1.WithKind("ValidationPolicy") ) -func Load(path ...string) ([]*v1alpha1.Policy, error) { - var policies []*v1alpha1.Policy +func Load(path ...string) ([]*v1alpha1.ValidationPolicy, error) { + var policies []*v1alpha1.ValidationPolicy for _, path := range path { p, err := load(path) if err != nil { @@ -33,7 +33,7 @@ func Load(path ...string) ([]*v1alpha1.Policy, error) { return policies, nil } -func load(path string) ([]*v1alpha1.Policy, error) { +func load(path string) ([]*v1alpha1.ValidationPolicy, error) { var files []string err := filepath.Walk(path, func(file string, info fs.FileInfo, err error) error { if err != nil { @@ -47,7 +47,7 @@ func load(path string) ([]*v1alpha1.Policy, error) { if err != nil { return nil, err } - var policies []*v1alpha1.Policy + var policies []*v1alpha1.ValidationPolicy for _, path := range files { content, err := os.ReadFile(filepath.Clean(path)) if err != nil { @@ -62,12 +62,12 @@ func load(path string) ([]*v1alpha1.Policy, error) { return policies, nil } -func Parse(content []byte) ([]*v1alpha1.Policy, error) { +func Parse(content []byte) ([]*v1alpha1.ValidationPolicy, error) { documents, err := yamlutils.SplitDocuments(content) if err != nil { return nil, err } - var policies []*v1alpha1.Policy + var policies []*v1alpha1.ValidationPolicy // TODO: no need to allocate a validator every time loader, err := loader.New(openapiclient.NewLocalCRDFiles(data.Crds(), data.CrdsFolder)) if err != nil { @@ -79,8 +79,8 @@ func Parse(content []byte) ([]*v1alpha1.Policy, error) { return nil, err } switch gvk { - case policy_v1alpha1: - policy, err := convert.To[v1alpha1.Policy](untyped) + case validationPolicy_v1alpha1: + policy, err := convert.To[v1alpha1.ValidationPolicy](untyped) if err != nil { return nil, err } diff --git a/pkg/server/api/scan/config.go b/pkg/server/api/scan/config.go index 03312eb4..32c40bfa 100644 --- a/pkg/server/api/scan/config.go +++ b/pkg/server/api/scan/config.go @@ -5,5 +5,5 @@ import ( ) type PolicyProvider interface { - Get() ([]v1alpha1.Policy, error) + Get() ([]v1alpha1.ValidationPolicy, error) } diff --git a/pkg/server/api/scan/handler.go b/pkg/server/api/scan/handler.go index b0ef730a..2a0fe6f4 100644 --- a/pkg/server/api/scan/handler.go +++ b/pkg/server/api/scan/handler.go @@ -46,7 +46,7 @@ func newHandler(policyProvider PolicyProvider) (gin.HandlerFunc, error) { if err != nil { return nil, fmt.Errorf("failed to get policies (%w)", err) } - var pols []*v1alpha1.Policy + var pols []*v1alpha1.ValidationPolicy for i := range policies { pols = append(pols, &policies[i]) } diff --git a/pkg/server/api/scan/response.go b/pkg/server/api/scan/response.go index 2e625fea..0e9cde0d 100644 --- a/pkg/server/api/scan/response.go +++ b/pkg/server/api/scan/response.go @@ -10,11 +10,11 @@ type Response struct { } type Result struct { - Policy *v1alpha1.Policy `json:"policy"` - Rule v1alpha1.Rule `json:"rule"` - Resource interface{} `json:"resource"` - Failure error `json:"failure"` - Error error `json:"error"` + Policy *v1alpha1.ValidationPolicy `json:"policy"` + Rule v1alpha1.ValidationRule `json:"rule"` + Resource interface{} `json:"resource"` + Failure error `json:"failure"` + Error error `json:"error"` } func makeResponse(responses ...jsonengine.JsonEngineResponse) *Response { diff --git a/pkg/server/playground/scan/handler.go b/pkg/server/playground/scan/handler.go index 454b5d04..9eee219c 100644 --- a/pkg/server/playground/scan/handler.go +++ b/pkg/server/playground/scan/handler.go @@ -50,7 +50,7 @@ func newHandler() (gin.HandlerFunc, error) { resources = append(resources, payload) } // load policy - var policy v1alpha1.Policy + var policy v1alpha1.ValidationPolicy if err := yaml.Unmarshal([]byte(in.Policy), &policy); err != nil { return nil, fmt.Errorf("failed to parse policies (%w)", err) } @@ -58,7 +58,7 @@ func newHandler() (gin.HandlerFunc, error) { e := jsonengine.New() results := e.Run(context.Background(), jsonengine.JsonEngineRequest{ Resources: resources, - Policies: []*v1alpha1.Policy{&policy}, + Policies: []*v1alpha1.ValidationPolicy{&policy}, }) return makeResponse(results...), nil }, http.StatusOK), nil diff --git a/pkg/server/playground/scan/response.go b/pkg/server/playground/scan/response.go index 2e625fea..0e9cde0d 100644 --- a/pkg/server/playground/scan/response.go +++ b/pkg/server/playground/scan/response.go @@ -10,11 +10,11 @@ type Response struct { } type Result struct { - Policy *v1alpha1.Policy `json:"policy"` - Rule v1alpha1.Rule `json:"rule"` - Resource interface{} `json:"resource"` - Failure error `json:"failure"` - Error error `json:"error"` + Policy *v1alpha1.ValidationPolicy `json:"policy"` + Rule v1alpha1.ValidationRule `json:"rule"` + Resource interface{} `json:"resource"` + Failure error `json:"failure"` + Error error `json:"error"` } func makeResponse(responses ...jsonengine.JsonEngineResponse) *Response {