From 6d5133f3ecd4ddb38a29dac69641fb56576491a2 Mon Sep 17 00:00:00 2001 From: Alexander Zielenski Date: Thu, 15 Feb 2024 16:33:41 -0800 Subject: [PATCH] add functions to policy accessors for getting match information and params --- .../pkg/admission/plugin/policy/generic/accessor.go | 5 +++++ .../plugin/policy/generic/policy_source_test.go | 13 +++++++++++++ .../admission/plugin/policy/validating/accessor.go | 12 ++++++++++++ 3 files changed, 30 insertions(+) diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/accessor.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/accessor.go index 11fd8c24f2d..fc8a7b77aeb 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/accessor.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/accessor.go @@ -17,6 +17,7 @@ limitations under the License. package generic import ( + "k8s.io/api/admissionregistration/v1beta1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" ) @@ -25,6 +26,7 @@ type PolicyAccessor interface { GetName() string GetNamespace() string GetParamKind() *schema.GroupVersionKind + GetMatchConstraints() *v1beta1.MatchResources } type BindingAccessor interface { @@ -35,4 +37,7 @@ type BindingAccessor interface { // which is cluster-scoped, so namespace is usually left blank. // But we leave the door open to add a namespaced vesion in the future GetPolicyName() types.NamespacedName + GetParamRef() *v1beta1.ParamRef + + GetMatchResources() *v1beta1.MatchResources } diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/policy_source_test.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/policy_source_test.go index be17f9c602b..bbc98c6a620 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/policy_source_test.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/policy_source_test.go @@ -20,6 +20,7 @@ import ( "testing" "github.com/stretchr/testify/require" + "k8s.io/api/admissionregistration/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" @@ -204,6 +205,10 @@ func (fp *FakePolicy) GetParamKind() *schema.GroupVersionKind { return fp.ParamKind } +func (fb *FakePolicy) GetMatchConstraints() *v1beta1.MatchResources { + return nil +} + func (fb *FakeBinding) GetName() string { return fb.Name } @@ -218,6 +223,14 @@ func (fb *FakeBinding) GetPolicyName() types.NamespacedName { } } +func (fb *FakeBinding) GetMatchResources() *v1beta1.MatchResources { + return nil +} + +func (fb *FakeBinding) GetParamRef() *v1beta1.ParamRef { + return nil +} + func (fp *FakePolicy) DeepCopyObject() runtime.Object { // totally fudged deepcopy newFP := &FakePolicy{} diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/accessor.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/accessor.go index 22bd6150ad6..2627e4d63c0 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/accessor.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/accessor.go @@ -75,6 +75,10 @@ func (v *validatingAdmissionPolicyAccessor) GetParamKind() *schema.GroupVersionK } } +func (v *validatingAdmissionPolicyAccessor) GetMatchConstraints() *v1beta1.MatchResources { + return v.Spec.MatchConstraints +} + type validatingAdmissionPolicyBindingAccessor struct { *v1beta1.ValidatingAdmissionPolicyBinding } @@ -93,3 +97,11 @@ func (v *validatingAdmissionPolicyBindingAccessor) GetPolicyName() types.Namespa Name: v.Spec.PolicyName, } } + +func (v *validatingAdmissionPolicyBindingAccessor) GetMatchResources() *v1beta1.MatchResources { + return v.Spec.MatchResources +} + +func (v *validatingAdmissionPolicyBindingAccessor) GetParamRef() *v1beta1.ParamRef { + return v.Spec.ParamRef +}