Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix ProcessEvent arguments with strong typing #236

Merged
merged 1 commit into from
Aug 20, 2024
Merged

fix ProcessEvent arguments with strong typing #236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion admission/rules/rule_interface.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package rules

import (
apitypes "github.com/armosec/armoapi-go/armotypes"
"github.com/kubescape/operator/objectcache"
"k8s.io/apiserver/pkg/admission"
)

Expand All @@ -27,7 +28,7 @@ type RuleEvaluator interface {
// Rule Name
Name() string
// Rule processing
ProcessEvent(event admission.Attributes, access interface{}) RuleFailure
ProcessEvent(event admission.Attributes, access objectcache.KubernetesCache) RuleFailure
// Set rule parameters
SetParameters(parameters map[string]interface{})
// Get rule parameters
Expand Down
7 changes: 5 additions & 2 deletions admission/rules/rule_interface_mock.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
package rules

import "k8s.io/apiserver/pkg/admission"
import (
"github.com/kubescape/operator/objectcache"
"k8s.io/apiserver/pkg/admission"
)

var _ RuleCreator = (*RuleCreatorMock)(nil)

Expand Down Expand Up @@ -41,7 +44,7 @@ func (rule *RuleMock) ID() string {
func (rule *RuleMock) DeleteRule() {
}

func (rule *RuleMock) ProcessEvent(event admission.Attributes, access interface{}) RuleFailure {
func (rule *RuleMock) ProcessEvent(_ admission.Attributes, _ objectcache.KubernetesCache) RuleFailure {
return nil
}

Expand Down
4 changes: 2 additions & 2 deletions admission/rules/v1/r2000_exec_to_pod.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ func (rule *R2000ExecToPod) ID() string {
func (rule *R2000ExecToPod) DeleteRule() {
}

func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access interface{}) rules.RuleFailure {
func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access objectcache.KubernetesCache) rules.RuleFailure {
if event == nil {
return nil
}
Expand All @@ -69,7 +69,7 @@ func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access inte
options = event.GetOperationOptions().(*unstructured.Unstructured)
}

client := access.(objectcache.KubernetesCache).GetClientset()
client := access.GetClientset()

workloadKind, workloadName, workloadNamespace, nodeName, err := GetControllerDetails(event, client)
if err != nil {
Expand Down
4 changes: 2 additions & 2 deletions admission/rules/v1/r2001_portforward.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ func (rule *R2001PortForward) ID() string {
func (rule *R2001PortForward) DeleteRule() {
}

func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access interface{}) rules.RuleFailure {
func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access objectcache.KubernetesCache) rules.RuleFailure {
if event == nil {
return nil
}
Expand All @@ -69,7 +69,7 @@ func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access in
options = event.GetOperationOptions().(*unstructured.Unstructured)
}

client := access.(objectcache.KubernetesCache).GetClientset()
client := access.GetClientset()

workloadKind, workloadName, workloadNamespace, nodeName, err := GetControllerDetails(event, client)
if err != nil {
Expand Down
5 changes: 1 addition & 4 deletions admission/webhook/validator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ type AdmissionValidator struct {
ruleBindingCache rulebinding.RuleBindingCache
}


func NewAdmissionValidator(kubernetesClient *k8sinterface.KubernetesApi, objectCache objectcache.ObjectCache, exporter *exporters.HTTPExporter, ruleBindingCache rulebinding.RuleBindingCache) *AdmissionValidator {
return &AdmissionValidator{
kubernetesClient: kubernetesClient,
Expand All @@ -38,8 +37,6 @@ func (av *AdmissionValidator) GetClientset() kubernetes.Interface {
return av.objectCache.GetKubernetesCache().GetClientset()
}



// We are implementing the Validate method from the ValidationInterface interface.
func (av *AdmissionValidator) Validate(ctx context.Context, attrs admission.Attributes, o admission.ObjectInterfaces) (err error) {
if attrs.GetObject() != nil {
Expand All @@ -56,7 +53,7 @@ func (av *AdmissionValidator) Validate(ctx context.Context, attrs admission.Attr

rules := av.ruleBindingCache.ListRulesForObject(ctx, object)
for _, rule := range rules {
failure := rule.ProcessEvent(attrs, av.GetClientset())
failure := rule.ProcessEvent(attrs, av)
if failure != nil {
logger.L().Info("Rule failed", helpers.Interface("failure", failure))
av.exporter.SendAdmissionAlert(failure)
Expand Down
Loading