diff --git a/cli/cmd/policies.go b/cli/cmd/policies.go index be88ae8659..b8dd413bd1 100644 --- a/cli/cmd/policies.go +++ b/cli/cmd/policies.go @@ -13,6 +13,10 @@ import ( "github.com/edgelesssys/contrast/internal/manifest" ) +type k8sObject interface { + GetName() string +} + func policiesFromKubeResources(yamlPaths []string) ([]deployment, error) { var kubeObjs []any for _, path := range yamlPaths { @@ -29,30 +33,30 @@ func policiesFromKubeResources(yamlPaths []string) ([]deployment, error) { var deployments []deployment for _, objAny := range kubeObjs { - var name, annotation, role string + meta, ok := objAny.(k8sObject) + if !ok { + continue + } + name := meta.GetName() + + var annotation, role string switch obj := objAny.(type) { - case kubeapi.Pod: - name = obj.Name + case *kubeapi.Pod: annotation = obj.Annotations[kataPolicyAnnotationKey] role = obj.Annotations[contrastRoleAnnotationKey] - case kubeapi.Deployment: - name = obj.Name + case *kubeapi.Deployment: annotation = obj.Spec.Template.Annotations[kataPolicyAnnotationKey] role = obj.Spec.Template.Annotations[contrastRoleAnnotationKey] - case kubeapi.ReplicaSet: - name = obj.Name + case *kubeapi.ReplicaSet: annotation = obj.Spec.Template.Annotations[kataPolicyAnnotationKey] role = obj.Spec.Template.Annotations[contrastRoleAnnotationKey] - case kubeapi.StatefulSet: - name = obj.Name + case *kubeapi.StatefulSet: annotation = obj.Spec.Template.Annotations[kataPolicyAnnotationKey] role = obj.Spec.Template.Annotations[contrastRoleAnnotationKey] - case kubeapi.DaemonSet: - name = obj.Name + case *kubeapi.DaemonSet: annotation = obj.Spec.Template.Annotations[kataPolicyAnnotationKey] role = obj.Spec.Template.Annotations[contrastRoleAnnotationKey] - case kubeapi.Job: - name = obj.Name + case *kubeapi.Job: annotation = obj.Spec.Template.Annotations[kataPolicyAnnotationKey] role = obj.Spec.Template.Annotations[contrastRoleAnnotationKey] case kubeapi.CronJob: diff --git a/internal/kubeapi/kubeapi.go b/internal/kubeapi/kubeapi.go index 1586cf3130..c1c33953fb 100644 --- a/internal/kubeapi/kubeapi.go +++ b/internal/kubeapi/kubeapi.go @@ -51,49 +51,49 @@ func UnmarshalK8SResources(data []byte) ([]any, error) { if err != nil { return nil, err } - result = append(result, pod) + result = append(result, &pod) case "Deployment": var deployment appsv1.Deployment err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &deployment) if err != nil { return nil, err } - result = append(result, deployment) + result = append(result, &deployment) case "StatefulSet": var statefulSet appsv1.StatefulSet err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &statefulSet) if err != nil { return nil, err } - result = append(result, statefulSet) + result = append(result, &statefulSet) case "ReplicaSet": var replicaSet appsv1.ReplicaSet err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &replicaSet) if err != nil { return nil, err } - result = append(result, replicaSet) + result = append(result, &replicaSet) case "DaemonSet": var daemonSet appsv1.DaemonSet err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &daemonSet) if err != nil { return nil, err } - result = append(result, daemonSet) + result = append(result, &daemonSet) case "Job": var job batchv1.Job err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &job) if err != nil { return nil, err } - result = append(result, job) + result = append(result, &job) case "CronJob": var cronJob batchv1.CronJob err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &cronJob) if err != nil { return nil, err } - result = append(result, cronJob) + result = append(result, &cronJob) } } return result, nil diff --git a/internal/kubeapi/kubeapi_test.go b/internal/kubeapi/kubeapi_test.go index 92096f9492..81a129f1e3 100644 --- a/internal/kubeapi/kubeapi_test.go +++ b/internal/kubeapi/kubeapi_test.go @@ -26,7 +26,7 @@ metadata: `, }, "pod": { - wantTypes: []any{Pod{}}, + wantTypes: []any{&Pod{}}, resources: ` apiVersion: v1 kind: Pod @@ -35,7 +35,7 @@ metadata: `, }, "deployment, ignored service, daemonset": { - wantTypes: []any{Deployment{}, DaemonSet{}}, + wantTypes: []any{&Deployment{}, &DaemonSet{}}, resources: ` apiVersion: apps/v1 kind: Deployment @@ -54,7 +54,7 @@ metadata: `, }, "statefulset, replicaset": { - wantTypes: []any{StatefulSet{}, ReplicaSet{}}, + wantTypes: []any{&StatefulSet{}, &ReplicaSet{}}, resources: ` apiVersion: apps/v1 kind: StatefulSet @@ -68,7 +68,7 @@ metadata: `, }, "job": { - wantTypes: []any{Job{}}, + wantTypes: []any{&Job{}}, resources: ` apiVersion: batch/v1 kind: Job @@ -77,7 +77,7 @@ metadata: `, }, "cronjob": { - wantTypes: []any{CronJob{}}, + wantTypes: []any{&CronJob{}}, resources: ` apiVersion: batch/v1 kind: CronJob