diff --git a/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/customizations.yaml b/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/customizations.yaml new file mode 100644 index 000000000..42faaedcc --- /dev/null +++ b/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/customizations.yaml @@ -0,0 +1,87 @@ +apiVersion: config.karmada.io/v1alpha1 +kind: ResourceInterpreterCustomization +metadata: + name: declarative-configuration-clusterpolicy +spec: + target: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + customizations: + healthInterpretation: + luaScript: > + function InterpretHealth(observedObj) + if observedObj.status ~= nil and observedObj.status.ready ~= nil then + return observedObj.status.ready + end + if observedObj.status ~= nil and observedObj.status.conditions ~= nil then + for conditionIndex = 1, #observedObj.status.conditions do + if observedObj.status.conditions[conditionIndex].type == 'Ready' and observedObj.status.conditions[conditionIndex].status == 'True' and observedObj.status.conditions[conditionIndex].reason == 'Succeeded' then + return true + end + end + end + return false + end + statusAggregation: + luaScript: > + function AggregateStatus(desiredObj, statusItems) + if statusItems == nil then + return desiredObj + end + desiredObj.status = {} + desiredObj.status.conditions = {} + rulecount = {} + rulecount.validate = 0 + rulecount.generate = 0 + rulecount.mutate = 0 + rulecount.verifyimages = 0 + conditions = {} + local conditionsIndex = 1 + for i = 1, #statusItems do + if statusItems[i].status ~= nil and statusItems[i].status.autogen ~= nil then + desiredObj.status.autogen = statusItems[i].status.autogen + end + if statusItems[i].status ~= nil and statusItems[i].status.ready ~= nil then + desiredObj.status.ready = statusItems[i].status.ready + end + if statusItems[i].status ~= nil and statusItems[i].status.rulecount ~= nil then + rulecount.validate = rulecount.validate + statusItems[i].status.rulecount.validate + rulecount.generate = rulecount.generate + statusItems[i].status.rulecount.generate + rulecount.mutate = rulecount.mutate + statusItems[i].status.rulecount.mutate + rulecount.verifyimages = rulecount.verifyimages + statusItems[i].status.rulecount.verifyimages + end + if statusItems[i].status ~= nil and statusItems[i].status.conditions ~= nil then + for conditionIndex = 1, #statusItems[i].status.conditions do + statusItems[i].status.conditions[conditionIndex].message = statusItems[i].clusterName..'='..statusItems[i].status.conditions[conditionIndex].message + hasCondition = false + for index = 1, #conditions do + if conditions[index].type == statusItems[i].status.conditions[conditionIndex].type and conditions[index].status == statusItems[i].status.conditions[conditionIndex].status and conditions[index].reason == statusItems[i].status.conditions[conditionIndex].reason then + conditions[index].message = conditions[index].message..', '..statusItems[i].status.conditions[conditionIndex].message + hasCondition = true + break + end + end + if not hasCondition then + conditions[conditionsIndex] = statusItems[i].status.conditions[conditionIndex] + conditionsIndex = conditionsIndex + 1 + end + end + end + end + desiredObj.status.rulecount = rulecount + desiredObj.status.conditions = conditions + return desiredObj + end + statusReflection: + luaScript: > + function ReflectStatus (observedObj) + status = {} + if observedObj == nil or observedObj.status == nil then + return status + end + status.ready = observedObj.status.ready + status.conditions = observedObj.status.conditions + status.autogen = observedObj.status.autogen + status.rulecount = observedObj.status.rulecount + return status + end diff --git a/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/customizations_tests.yaml b/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/customizations_tests.yaml new file mode 100644 index 000000000..12a55d57f --- /dev/null +++ b/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/customizations_tests.yaml @@ -0,0 +1,8 @@ +tests: + - desiredInputPath: testdata/desired-clusterpolicy.yaml + statusInputPath: testdata/status-file.yaml + operation: AggregateStatus + - observedInputPath: testdata/observed-clusterpolicy.yaml + operation: InterpretHealth + - observedInputPath: testdata/observed-clusterpolicy.yaml + operation: InterpretStatus diff --git a/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/testdata/desired-clusterpolicy.yaml b/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/testdata/desired-clusterpolicy.yaml new file mode 100644 index 000000000..97565ed5c --- /dev/null +++ b/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/testdata/desired-clusterpolicy.yaml @@ -0,0 +1,19 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: sample +spec: + validationFailureAction: Enforce + rules: + - name: require-ns-purpose-label + match: + any: + - resources: + kinds: + - Namespace + validate: + message: "You must have label `purpose` with value `production` set on all new namespaces." + pattern: + metadata: + labels: + purpose: production diff --git a/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/testdata/observed-clusterpolicy.yaml b/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/testdata/observed-clusterpolicy.yaml new file mode 100644 index 000000000..1c0680fec --- /dev/null +++ b/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/testdata/observed-clusterpolicy.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: sample +spec: + background: true + rules: + - match: + any: + - resources: + kinds: + - Namespace + name: require-ns-purpose-label + validate: + message: You must have label `purpose` with value `production` set on all new + namespaces. + pattern: + metadata: + labels: + purpose: production + validationFailureAction: Enforce +status: + autogen: {} + conditions: + - lastTransitionTime: "2023-05-07T12:28:58Z" + message: "" + reason: Succeeded + status: "True" + type: Ready + ready: true + rulecount: + generate: 0 + mutate: 0 + validate: 1 + verifyimages: 0 diff --git a/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/testdata/status-file.yaml b/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/testdata/status-file.yaml new file mode 100644 index 000000000..92b0e9fe6 --- /dev/null +++ b/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/ClusterPolicy/testdata/status-file.yaml @@ -0,0 +1,33 @@ +applied: true +clusterName: member2 +health: Healthy +status: + conditions: + - lastTransitionTime: "2023-05-07T12:28:58Z" + message: "" + reason: Succeeded + status: "True" + type: Ready + ready: true + rulecount: + generate: 0 + mutate: 0 + validate: 1 + verifyimages: 0 +--- +applied: true +clusterName: member3 +health: Healthy +status: + conditions: + - lastTransitionTime: "2023-05-07T12:28:58Z" + message: "" + reason: Succeeded + status: "True" + type: Ready + ready: true + rulecount: + generate: 0 + mutate: 0 + validate: 1 + verifyimages: 0