Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding the option to use a new crd modules in policies #2

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Prev Previous commit
Next Next commit
Using ObjectStore trait across the project
  • Loading branch information
lieberlois committed Dec 30, 2022

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
commit 8832169d4d044abd6e3d6ec4e21202ae1d3652b8
4 changes: 2 additions & 2 deletions src/audit.rs
Original file line number Diff line number Diff line change
@@ -110,7 +110,7 @@ impl Auditor {
// While holding the lock only collect the policies or modules, directly auditing them would make the future of the method not implement Send which breaks the task spawn
{
let policy_store = self.policies.lock().expect("lock failed. Cannot continue");
for policy in policy_store.policies.values() {
for policy in policy_store.get_objects().values() {
if all || policy.policy.audit.unwrap_or(false) {
policies.push(policy.clone());
}
@@ -119,7 +119,7 @@ impl Auditor {

{
let module_store = self.modules.lock().expect("lock failed. Cannot continue");
modules.extend(module_store.modules.clone());
modules.extend(module_store.get_objects());
}

for policy in policies.iter() {
6 changes: 3 additions & 3 deletions src/evaluator.rs
Original file line number Diff line number Diff line change
@@ -120,7 +120,7 @@ impl PolicyEvaluator {
let mut matching_policies = Vec::new();

// Collect all matching policies
for value in policies.policies.values() {
for value in policies.get_objects().values() {
if value.is_match(&gvk, &namespace) {
MATCHED_POLICIES
.with_label_values(&[value.name.as_str()])
@@ -154,7 +154,7 @@ impl PolicyEvaluator {

if let Some(used_modules) = &value.policy.modules {
for module_name in used_modules.iter() {
match modules.modules.get(module_name) {
match modules.get_objects().get(module_name) {
Some(module_info) => {
module_code.push_str(&module_info.module.python);
module_code.push_str("\n");
@@ -229,7 +229,7 @@ impl PolicyEvaluator {
pub fn get_available_modules(&self) -> HashMap<String, ModuleInfo> {
let module_store = self.modules.lock().expect("lock failed. Cannot continue");

module_store.modules.clone()
return module_store.get_objects();
}
}

1 change: 0 additions & 1 deletion src/manager.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
use crate::events::{EventType};
use crate::util::error::{kube_err, Result};
use crate::util::traits::ObjectStore;
use crate::{
crd::Policy,
crd::Module,
8 changes: 6 additions & 2 deletions src/module.rs
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@ pub struct ModuleStore {
pub modules: HashMap<String, ModuleInfo>,
}

pub type ModuleStoreRef = Arc<Mutex<ModuleStore>>;
pub type ModuleStoreRef = Arc<Mutex<dyn ObjectStore<Module, HashMap<String, ModuleInfo>> + Send>>;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no need to use the trait here.


#[derive(Debug, Clone, PartialEq, Eq, Hash)]
pub struct ModuleInfo {
@@ -54,7 +54,7 @@ impl ModuleInfo {
}
}

impl ObjectStore<Module> for ModuleStore {
impl ObjectStore<Module, HashMap<String, ModuleInfo>> for ModuleStore {
fn add_object(&mut self, module: Module) -> Option<ObjectReference> {
let ref_info = create_object_reference(&module);
let name = module.metadata.name.expect("name is always set");
@@ -82,4 +82,8 @@ impl ObjectStore<Module> for ModuleStore {
self.modules.remove(&name);
ACTIVE_MODULES.dec();
}

fn get_objects(&self) -> HashMap<String, ModuleInfo> {
return self.modules.clone();
}
}
8 changes: 6 additions & 2 deletions src/policy.rs
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@ pub struct PolicyStore {
pub policies: HashMap<String, PolicyInfo>,
}

pub type PolicyStoreRef = Arc<Mutex<PolicyStore>>;
pub type PolicyStoreRef = Arc<Mutex<dyn ObjectStore<Policy, HashMap<String, PolicyInfo>> + Send>>;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no need to use the trait here.
Arc<Mutex<PolicyStore>> works as well and is faster because there is no dynamic dispatch.


#[derive(Debug, Clone, PartialEq, Eq, Hash)]
pub struct PolicyInfo {
@@ -94,7 +94,7 @@ impl PolicyInfo {
}
}

impl ObjectStore<Policy> for PolicyStore {
impl ObjectStore<Policy, HashMap<String, PolicyInfo>> for PolicyStore {
fn add_object(&mut self, policy: Policy) -> Option<ObjectReference> {
let ref_info = create_object_reference(&policy);
let name = policy.metadata.name.expect("name is always set");
@@ -122,6 +122,10 @@ impl ObjectStore<Policy> for PolicyStore {
self.policies.remove(&name);
ACTIVE_POLICIES.dec();
}

fn get_objects(&self) -> HashMap<String, PolicyInfo> {
return self.policies.clone();
}
}

pub fn load_policies_from_file(policies: PolicyStoreRef, filename: &str) -> Result<usize> {
3 changes: 2 additions & 1 deletion src/util/traits.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
use crate::util::types::ObjectReference;

pub trait ObjectStore<T> {
pub trait ObjectStore<T, V> {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if using a trait is actually beneficial. At the moment all code that uses either policies or modules is specific for that so we cannot really take advantage of the trait.

fn add_object(&mut self, object: T) -> Option<ObjectReference>;
fn remove_object(&mut self, object: T);
fn get_objects(&self) -> V;
}