Merge pull request kyverno#1342 from realshuting/fix_panic

Fix panic when building ConfigMap cache
realshuting · Dec 1, 2020 · c22d97a · c22d97a
2 parents 2344b2c + bf01287
commit c22d97a
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 26 deletions.
diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go
@@ -111,14 +111,12 @@ func main() {
 		os.Exit(1)
 	}
 
-	// ======================= resource cache ====================
 	rCache, err := resourcecache.NewResourceCache(log.Log, clientConfig, client, []string{"configmaps"}, []string{})
 	if err != nil {
-		setupLog.Error(err, "Failed to create resource cache")
-		os.Exit(1)
+		setupLog.Error(err, "ConfigMap lookup disabled: failed to create resource cache")
+	} else {
+		rCache.RunAllInformers(log.Log)
 	}
-	rCache.RunAllInformers(log.Log)
-	// ===========================================================
 
 	// CRD CHECK
 	// - verify if Kyverno CRDs are available

diff --git a/pkg/engine/variables/operator/in.go b/pkg/engine/variables/operator/in.go
@@ -65,34 +65,32 @@ func keyExistsInArray(key string, value interface{}, log logr.Logger) (invalidTy
 	switch valuesAvailable := value.(type) {
 
 	case []interface{}:
-		invalidType = false
 		for _, val := range valuesAvailable {
-			if v, ok := val.(string); ok {
-				if wildcard.Match(key, v) {
-					keyExists = true
-					return
-				}
+			v, ok := val.(string)
+			if !ok {
+				return true, false
+			}
+
+			if ok && wildcard.Match(key, v) {
+				return false, true
 			}
 		}
 
 	case string:
 
 		if wildcard.Match(valuesAvailable, key) {
-			keyExists = true
-			return
+			return false, true
 		}
 
 		var arr []string
 		if err := json.Unmarshal([]byte(valuesAvailable), &arr); err != nil {
 			log.Error(err, "failed to unmarshal value to JSON string array", "key", key, "value", value)
-			invalidType = true
-			return
+			return true, false
 		}
 
 		for _, val := range arr {
 			if key == val {
-				keyExists = true
-				return
+				return false, true
 			}
 		}
 
@@ -101,9 +99,7 @@ func keyExistsInArray(key string, value interface{}, log logr.Logger) (invalidTy
 		return
 	}
 
-	invalidType = true
-	keyExists = false
-	return
+	return false, false
 }
 
 func (in InHandler) validateValueWithBoolPattern(_ bool, _ interface{}) bool {

diff --git a/pkg/policy/apply.go b/pkg/policy/apply.go
@@ -54,6 +54,7 @@ func applyPolicy(policy kyverno.ClusterPolicy, resource unstructured.Unstructure
 	//TODO: GENERATION
 	return engineResponses
 }
+
 func mutation(policy kyverno.ClusterPolicy, resource unstructured.Unstructured, ctx context.EvalInterface, log logr.Logger, resCache resourcecache.ResourceCacheIface, jsonContext *context.Context) (response.EngineResponse, error) {
 
 	engineResponse := engine.Mutate(engine.PolicyContext{Policy: policy, NewResource: resource, Context: ctx, ResourceCache: resCache, JSONContext: jsonContext})

diff --git a/pkg/resourcecache/main.go b/pkg/resourcecache/main.go
@@ -1,8 +1,6 @@
 package resourcecache
 
 import (
-	// "fmt"
-	// "time"
 	"github.com/go-logr/logr"
 	dclient "github.com/kyverno/kyverno/pkg/dclient"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -47,19 +45,40 @@ func NewResourceCache(log logr.Logger, config *rest.Config, dclient *dclient.Cli
 
 	resCache := &ResourceCache{GVRCacheData: cacheData, dinformer: dInformer, match: match, exclude: exclude}
 
-	err := udateGVRCache(logger, resCache, discoveryIface)
-	if err != nil {
-		logger.Error(err, "error in udateGVRCache function")
-		return nil, err
+	if resCache.matchGVRKey("configmaps") {
+		_, ok := resCache.GVRCacheData["configmaps"]
+		if !ok {
+			updateGVRCacheForConfigMap(resCache)
+		}
+	} else {
+		err := udateGVRCache(logger, resCache, discoveryIface)
+		if err != nil {
+			logger.Error(err, "error in udateGVRCache function")
+			return nil, err
+		}
 	}
+
 	return resCache, nil
 }
 
+func updateGVRCacheForConfigMap(resc *ResourceCache) {
+	gvrc := &GVRCache{
+		GVR: schema.GroupVersionResource{
+			Version:  "v1",
+			Resource: "configmaps",
+		},
+		Namespaced: true,
+	}
+
+	resc.GVRCacheData["configmaps"] = gvrc
+}
+
 func udateGVRCache(log logr.Logger, resc *ResourceCache, discoveryIface discovery.CachedDiscoveryInterface) error {
 	serverResources, err := discoveryIface.ServerPreferredResources()
 	if err != nil {
 		return err
 	}
+
 	for _, serverResource := range serverResources {
 		groupVersion := serverResource.GroupVersion
 		for _, resource := range serverResource.APIResources {
@@ -82,5 +101,6 @@ func udateGVRCache(log logr.Logger, resc *ResourceCache, discoveryIface discover
 			}
 		}
 	}
+
 	return nil
 }