diff --git a/src/tools/genpolicy/src/main.rs b/src/tools/genpolicy/src/main.rs index 97bdcc3d5..bc6a66a5b 100644 --- a/src/tools/genpolicy/src/main.rs +++ b/src/tools/genpolicy/src/main.rs @@ -22,6 +22,7 @@ mod pod_template; mod policy; mod registry; mod replica_set; +mod replication_controller; mod secret; mod settings; mod utils; diff --git a/src/tools/genpolicy/src/replication_controller.rs b/src/tools/genpolicy/src/replication_controller.rs new file mode 100644 index 000000000..a519c6362 --- /dev/null +++ b/src/tools/genpolicy/src/replication_controller.rs @@ -0,0 +1,104 @@ +// Copyright (c) 2023 Microsoft Corporation +// +// SPDX-License-Identifier: Apache-2.0 +// + +// Allow K8s YAML field names. +#![allow(non_snake_case)] + +use crate::obj_meta; +use crate::pod; +use crate::pod_template; +use crate::policy; +use crate::settings; +use crate::yaml; + +use async_trait::async_trait; +use protocols::agent; +use serde::{Deserialize, Serialize}; +use std::collections::BTreeMap; + +/// See ReplicationController in the Kubernetes API reference. +#[derive(Clone, Debug, Serialize, Deserialize)] +pub struct ReplicationController { + apiVersion: String, + kind: String, + metadata: obj_meta::ObjectMeta, + spec: ReplicationControllerSpec, + + #[serde(skip)] + doc_mapping: serde_yaml::Value, +} + +/// See ReplicationControllerSpec in the Kubernetes API reference. +#[derive(Clone, Debug, Serialize, Deserialize)] +struct ReplicationControllerSpec { + #[serde(skip_serializing_if = "Option::is_none")] + replicas: Option, + + #[serde(skip_serializing_if = "Option::is_none")] + selector: Option>, + + pub template: pod_template::PodTemplateSpec, + + #[serde(skip_serializing_if = "Option::is_none")] + minReadySeconds: Option, +} + +#[async_trait] +impl yaml::K8sResource for ReplicationController { + async fn init(&mut self, use_cache: bool, doc_mapping: &serde_yaml::Value, _silent: bool) { + yaml::k8s_resource_init(&mut self.spec.template.spec, use_cache).await; + self.doc_mapping = doc_mapping.clone(); + } + + fn get_sandbox_name(&self) -> Option { + None + } + + fn get_namespace(&self) -> String { + self.metadata.get_namespace() + } + + fn get_container_mounts_and_storages( + &self, + policy_mounts: &mut Vec, + storages: &mut Vec, + container: &pod::Container, + settings: &settings::Settings, + ) { + if let Some(volumes) = &self.spec.template.spec.volumes { + yaml::get_container_mounts_and_storages( + policy_mounts, + storages, + container, + settings, + volumes, + ); + } + } + + fn generate_policy(&self, agent_policy: &policy::AgentPolicy) -> String { + agent_policy.generate_policy(self) + } + + fn serialize(&mut self, policy: &str) -> String { + yaml::add_policy_annotation(&mut self.doc_mapping, "spec.template.metadata", policy); + serde_yaml::to_string(&self.doc_mapping).unwrap() + } + + fn get_containers(&self) -> &Vec { + &self.spec.template.spec.containers + } + + fn get_annotations(&self) -> &Option> { + &self.spec.template.metadata.annotations + } + + fn use_host_network(&self) -> bool { + if let Some(host_network) = self.spec.template.spec.hostNetwork { + return host_network; + } + false + } +} diff --git a/src/tools/genpolicy/src/yaml.rs b/src/tools/genpolicy/src/yaml.rs index b63cff7ec..f4579370a 100644 --- a/src/tools/genpolicy/src/yaml.rs +++ b/src/tools/genpolicy/src/yaml.rs @@ -16,6 +16,7 @@ use crate::no_policy; use crate::pod; use crate::policy; use crate::replica_set; +use crate::replication_controller; use crate::secret; use crate::settings; use crate::volume; @@ -152,6 +153,15 @@ pub fn new_k8s_resource( debug!("{:#?}", &set); Ok((boxed::Box::new(set), header.kind)) } + "ReplicationController" => { + let controller: replication_controller::ReplicationController = + serde_ignored::deserialize(d, |path| { + handle_unused_field(&path.to_string(), silent_unsupported_fields); + }) + .unwrap(); + debug!("{:#?}", &controller); + Ok((boxed::Box::new(controller), header.kind)) + } "Secret" => { let secret: secret::Secret = serde_ignored::deserialize(d, |path| { handle_unused_field(&path.to_string(), silent_unsupported_fields);