From 3b4029438c2fde4a066ace0fe5dabe4f3ebc14d1 Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Tue, 20 Aug 2024 10:57:37 +0200 Subject: [PATCH] fix ProcessEvent arguments with strong typing Signed-off-by: Matthias Bertschy --- admission/rules/rule_interface.go | 3 ++- admission/rules/rule_interface_mock.go | 7 +++++-- admission/rules/v1/r2000_exec_to_pod.go | 4 ++-- admission/rules/v1/r2001_portforward.go | 4 ++-- admission/webhook/validator.go | 5 +---- 5 files changed, 12 insertions(+), 11 deletions(-) diff --git a/admission/rules/rule_interface.go b/admission/rules/rule_interface.go index f5cfb02..f56eb81 100644 --- a/admission/rules/rule_interface.go +++ b/admission/rules/rule_interface.go @@ -2,6 +2,7 @@ package rules import ( apitypes "github.com/armosec/armoapi-go/armotypes" + "github.com/kubescape/operator/objectcache" "k8s.io/apiserver/pkg/admission" ) @@ -27,7 +28,7 @@ type RuleEvaluator interface { // Rule Name Name() string // Rule processing - ProcessEvent(event admission.Attributes, access interface{}) RuleFailure + ProcessEvent(event admission.Attributes, access objectcache.KubernetesCache) RuleFailure // Set rule parameters SetParameters(parameters map[string]interface{}) // Get rule parameters diff --git a/admission/rules/rule_interface_mock.go b/admission/rules/rule_interface_mock.go index a101804..9877878 100644 --- a/admission/rules/rule_interface_mock.go +++ b/admission/rules/rule_interface_mock.go @@ -1,6 +1,9 @@ package rules -import "k8s.io/apiserver/pkg/admission" +import ( + "github.com/kubescape/operator/objectcache" + "k8s.io/apiserver/pkg/admission" +) var _ RuleCreator = (*RuleCreatorMock)(nil) @@ -41,7 +44,7 @@ func (rule *RuleMock) ID() string { func (rule *RuleMock) DeleteRule() { } -func (rule *RuleMock) ProcessEvent(event admission.Attributes, access interface{}) RuleFailure { +func (rule *RuleMock) ProcessEvent(_ admission.Attributes, _ objectcache.KubernetesCache) RuleFailure { return nil } diff --git a/admission/rules/v1/r2000_exec_to_pod.go b/admission/rules/v1/r2000_exec_to_pod.go index 076a81d..1206d78 100644 --- a/admission/rules/v1/r2000_exec_to_pod.go +++ b/admission/rules/v1/r2000_exec_to_pod.go @@ -50,7 +50,7 @@ func (rule *R2000ExecToPod) ID() string { func (rule *R2000ExecToPod) DeleteRule() { } -func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access interface{}) rules.RuleFailure { +func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access objectcache.KubernetesCache) rules.RuleFailure { if event == nil { return nil } @@ -69,7 +69,7 @@ func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access inte options = event.GetOperationOptions().(*unstructured.Unstructured) } - client := access.(objectcache.KubernetesCache).GetClientset() + client := access.GetClientset() workloadKind, workloadName, workloadNamespace, nodeName, err := GetControllerDetails(event, client) if err != nil { diff --git a/admission/rules/v1/r2001_portforward.go b/admission/rules/v1/r2001_portforward.go index 7cfa648..f502363 100644 --- a/admission/rules/v1/r2001_portforward.go +++ b/admission/rules/v1/r2001_portforward.go @@ -50,7 +50,7 @@ func (rule *R2001PortForward) ID() string { func (rule *R2001PortForward) DeleteRule() { } -func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access interface{}) rules.RuleFailure { +func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access objectcache.KubernetesCache) rules.RuleFailure { if event == nil { return nil } @@ -69,7 +69,7 @@ func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access in options = event.GetOperationOptions().(*unstructured.Unstructured) } - client := access.(objectcache.KubernetesCache).GetClientset() + client := access.GetClientset() workloadKind, workloadName, workloadNamespace, nodeName, err := GetControllerDetails(event, client) if err != nil { diff --git a/admission/webhook/validator.go b/admission/webhook/validator.go index f3521a8..c42657a 100644 --- a/admission/webhook/validator.go +++ b/admission/webhook/validator.go @@ -24,7 +24,6 @@ type AdmissionValidator struct { ruleBindingCache rulebinding.RuleBindingCache } - func NewAdmissionValidator(kubernetesClient *k8sinterface.KubernetesApi, objectCache objectcache.ObjectCache, exporter *exporters.HTTPExporter, ruleBindingCache rulebinding.RuleBindingCache) *AdmissionValidator { return &AdmissionValidator{ kubernetesClient: kubernetesClient, @@ -38,8 +37,6 @@ func (av *AdmissionValidator) GetClientset() kubernetes.Interface { return av.objectCache.GetKubernetesCache().GetClientset() } - - // We are implementing the Validate method from the ValidationInterface interface. func (av *AdmissionValidator) Validate(ctx context.Context, attrs admission.Attributes, o admission.ObjectInterfaces) (err error) { if attrs.GetObject() != nil { @@ -56,7 +53,7 @@ func (av *AdmissionValidator) Validate(ctx context.Context, attrs admission.Attr rules := av.ruleBindingCache.ListRulesForObject(ctx, object) for _, rule := range rules { - failure := rule.ProcessEvent(attrs, av.GetClientset()) + failure := rule.ProcessEvent(attrs, av) if failure != nil { logger.L().Info("Rule failed", helpers.Interface("failure", failure)) av.exporter.SendAdmissionAlert(failure)