github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-05-19 14:23:22 +00:00
Code Issues Projects Releases Wiki Activity

genpolicy: refactor EnvVar::get_value

Browse Source 
Split EnvVar::get_value into 3 smaller and easier to read/understand
functions.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This commit is contained in:
Dan Mihai
2026-05-04 21:31:29 +00:00
parent 27c3dfbb8c
commit 3c28b18810
1 changed files with 76 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
src/tools/genpolicy/src/pod.rs
View File

@@ -771,57 +771,96 @@ impl EnvVar {
service_account_name: &str,
) -> String {
if let Some(value) = &self.value {
return value.clone();
value.clone()
} else if let Some(value) = self.get_value_from(
config_maps,
secrets,
namespace,
annotations,
service_account_name,
) {
value.clone()
} else {
panic!("No value or valueFrom for env var: {}", &self.name);
}
}
fn get_value_from(
&self,
config_maps: &Vec<config_map::ConfigMap>,
secrets: &Vec<secret::Secret>,
namespace: &str,
annotations: &Option<BTreeMap<String, String>>,
service_account_name: &str,
) -> Option<String> {
if let Some(value_from) = &self.valueFrom {
if let Some(value) = config_map::get_value(value_from, config_maps) {
return value.clone();
return Some(value);
}
if let Some(value) = secret::get_value(value_from, secrets) {
return value.clone();
return Some(value);
}
if let Some(field_ref) = &value_from.fieldRef {
let path: &str = &field_ref.fieldPath;
match path {
"metadata.name" => return "$(sandbox-name)".to_string(),
"metadata.namespace" => {
return if namespace.is_empty() {
"$(sandbox-namespace)".to_string()
} else {
namespace.to_string()
};
}
"metadata.uid" => return "$(pod-uid)".to_string(),
"status.hostIP" => return "$(host-ip)".to_string(),
"status.podIP" => return "$(pod-ip)".to_string(),
"spec.nodeName" => return "$(node-name)".to_string(),
"spec.serviceAccountName" => return service_account_name.to_string(),
_ => {
if let Some(value) = self.get_annotation_value(path, annotations) {
return value;
} else {
panic!(
"Env var: unsupported field reference: {}",
&field_ref.fieldPath
)
}
}
}
if let Some(value) = self.get_value_from_field_ref(
value_from,
namespace,
annotations,
service_account_name,
) {
return Some(value);
}
if value_from.resourceFieldRef.is_some() {
// TODO: should resource fields such as "limits.cpu" or "limits.memory"
// be handled in a different way?
return "$(resource-field)".to_string();
return Some("$(resource-field)".to_string());
}
} else {
panic!("Environment variable without value or valueFrom!");
panic!("Couldn't get the value of env var: {}", &self.name);
}
panic!("Couldn't get the value of env var: {}", &self.name);
None
}
fn get_value_from_field_ref(
&self,
value_from: &EnvVarSource,
namespace: &str,
annotations: &Option<BTreeMap<String, String>>,
service_account_name: &str,
) -> Option<String> {
if let Some(field_ref) = &value_from.fieldRef {
let path: &str = &field_ref.fieldPath;
let v = match path {
"metadata.name" => "$(sandbox-name)",
"metadata.namespace" => {
if namespace.is_empty() {
"$(sandbox-namespace)"
} else {
namespace
}
}
"metadata.uid" => "$(pod-uid)",
"status.hostIP" => "$(host-ip)",
"status.podIP" => "$(pod-ip)",
"spec.nodeName" => "$(node-name)",
"spec.serviceAccountName" => service_account_name,
_ => {
if let Some(value) = self.get_annotation_value(path, annotations) {
&value.to_string()
} else {
panic!(
"Env var: unsupported field reference: {}",
&field_ref.fieldPath
)
}
}
};
Some(v.to_string())
} else {
None
}
}
fn get_annotation_value(
@@ -1018,7 +1057,9 @@ impl Container {
let new_gid = match self.registry.get_gid_from_passwd_uid(new_uid) {
Ok(gid) => gid,
Err(e) => {
debug!("get_process_fields: no GID for UID = {new_uid} in container image, error {e}");
debug!(
"get_process_fields: no GID for UID = {new_uid} in container image, error {e}"
);
process.User.GID
}
};