refactor: exception selector interface

Signed-off-by: Anushka Mittal <[email protected]>
nirmata · Apr 16, 2024 · 7ba0740 · 7ba0740
1 parent 31b820c
commit 7ba0740
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 19 deletions.
diff --git a/cmd/internal/engine.go b/cmd/internal/engine.go
@@ -16,6 +16,8 @@ import (
 	"github.com/kyverno/kyverno/pkg/engine/context/resolvers"
 	"github.com/kyverno/kyverno/pkg/engine/factories"
 	"github.com/kyverno/kyverno/pkg/engine/jmespath"
+	"github.com/kyverno/kyverno/pkg/exceptions"
+
 	"github.com/kyverno/kyverno/pkg/registryclient"
 	"k8s.io/client-go/kubernetes"
 )
@@ -58,16 +60,17 @@ func NewExceptionSelector(
 	var exceptionsLister engineapi.PolicyExceptionSelector
 	if enablePolicyException {
 		factory := kyvernoinformer.NewSharedInformerFactory(kyvernoClient, resyncPeriod)
-		lister := factory.Kyverno().V2alpha1().PolicyExceptions().Lister()
+		var lister exceptions.Lister
 		if exceptionNamespace != "" {
-			exceptionsLister = lister.PolicyExceptions(exceptionNamespace)
+			lister = factory.Kyverno().V2alpha1().PolicyExceptions().Lister().PolicyExceptions(exceptionNamespace)
 		} else {
-			exceptionsLister = lister
+			lister = factory.Kyverno().V2alpha1().PolicyExceptions().Lister()
 		}
 		// start informers and wait for cache sync
 		if !StartInformersAndWaitForCacheSync(ctx, logger, factory) {
 			checkError(logger, errors.New("failed to wait for cache sync"), "failed to wait for cache sync")
 		}
+		exceptionsLister = exceptions.New(lister)
 	}
 	return exceptionsLister
 }

diff --git a/pkg/engine/api/selector.go b/pkg/engine/api/selector.go
@@ -2,16 +2,11 @@ package api
 
 import (
 	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
-	"k8s.io/apimachinery/pkg/labels"
 )
 
-// NamespacedResourceSelector is an abstract interface used to list namespaced resources given a label selector
-// Any implementation might exist, cache based, file based, client based etc...
-type NamespacedResourceSelector[T any] interface {
-	// List selects resources based on label selector.
+// PolicyExceptionSelector is an abstract interface used to resolve poliicy exceptions
+type PolicyExceptionSelector interface {
+	// Find returns policy exceptions matching a given policy name and rule name.
 	// Objects returned here must be treated as read-only.
-	List(selector labels.Selector) (ret []T, err error)
+	Find(string, string) ([]*kyvernov2alpha1.PolicyException, error)
 }
-
-// PolicyExceptionSelector is an abstract interface used to resolve poliicy exceptions
-type PolicyExceptionSelector = NamespacedResourceSelector[*kyvernov2alpha1.PolicyException]
diff --git a/pkg/engine/exceptions.go b/pkg/engine/exceptions.go
@@ -6,7 +6,6 @@ import (
 	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	matched "github.com/kyverno/kyverno/pkg/utils/match"
-	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/tools/cache"
 )
 
@@ -18,16 +17,15 @@ func findExceptions(
 	if selector == nil {
 		return nil, nil
 	}
-	polexs, err := selector.List(labels.Everything())
+	// polexs, err := selector.List(labels.Everything())
+	policyName := cache.MetaObjectToName(policy).String()
+	polexs, err := selector.Find(policyName, rule)
 	if err != nil {
 		return nil, err
 	}
 	var result []*kyvernov2alpha1.PolicyException
-	policyName := cache.MetaObjectToName(policy).String()
 	for _, polex := range polexs {
-		if polex.Contains(policyName, rule) {
-			result = append(result, polex)
-		}
+		result = append(result, polex)
 	}
 	return result, nil
 }

diff --git a/pkg/exceptions/selector.go b/pkg/exceptions/selector.go
@@ -0,0 +1,34 @@
+package exceptions
+
+import (
+	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	"k8s.io/apimachinery/pkg/labels"
+)
+
+type Lister interface {
+	List(labels.Selector) ([]*kyvernov2alpha1.PolicyException, error)
+}
+
+type selector struct {
+	lister Lister
+}
+
+func New(lister Lister) selector {
+	return selector{
+		lister: lister,
+	}
+}
+
+func (s selector) Find(policyName string, ruleName string) ([]*kyvernov2alpha1.PolicyException, error) {
+	polexs, err := s.lister.List(labels.Everything())
+	if err != nil {
+		return nil, err
+	}
+	var results []*kyvernov2alpha1.PolicyException
+	for _, polex := range polexs {
+		if polex.Contains(policyName, ruleName) {
+			results = append(results, polex)
+		}
+	}
+	return results, nil
+}
diff --git a/pkg/webhooks/resource/fake.go b/pkg/webhooks/resource/fake.go
@@ -12,6 +12,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/engine/factories"
 	"github.com/kyverno/kyverno/pkg/engine/jmespath"
 	"github.com/kyverno/kyverno/pkg/event"
+	"github.com/kyverno/kyverno/pkg/exceptions"
 	"github.com/kyverno/kyverno/pkg/metrics"
 	"github.com/kyverno/kyverno/pkg/openapi"
 	"github.com/kyverno/kyverno/pkg/policycache"
@@ -61,7 +62,7 @@ func NewFakeHandlers(ctx context.Context, policyCache policycache.Cache) webhook
 			dclient,
 			rclient,
 			factories.DefaultContextLoaderFactory(configMapResolver),
-			peLister,
+			exceptions.New(peLister),
 		),
 	}
 }