removing EP variables

Signed-off-by: Jaydip Gabani <[email protected]>
open-policy-agent · Apr 12, 2024 · 7a2ff49 · 7a2ff49
1 parent 46a172b
commit 7a2ff49
Showing 8 changed files with 59 additions and 57 deletions.
diff --git a/constraint/pkg/apis/constraints/apis.go b/constraint/pkg/apis/constraints/apis.go
@@ -29,15 +29,6 @@ const (
 	EnforcementActionDeny = "deny"
 
 	EnforcementActionScoped = "scoped"
-
-	// WebhookEnforcementPoint is the enforcement point for admission.
-	WebhookEnforcementPoint = "validation.k8s.io"
-
-	// AuditEnforcementPoint is the enforcement point for audit.
-	AuditEnforcementPoint = "audit.gatekeeper.sh"
-
-	// GatorEnforcementPoint is the enforcement point for gator cli.
-	GatorEnforcementPoint = "gator.gatekeeper.sh"
 )
 
 var (

diff --git a/constraint/pkg/apis/constraints/apis_test.go b/constraint/pkg/apis/constraints/apis_test.go
@@ -7,6 +7,17 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
+const (
+	// WebhookEnforcementPoint is the enforcement point for admission.
+	WebhookEnforcementPoint = "validation.k8s.io"
+
+	// AuditEnforcementPoint is the enforcement point for audit.
+	AuditEnforcementPoint = "audit.gatekeeper.sh"
+
+	// GatorEnforcementPoint is the enforcement point for gator cli.
+	GatorEnforcementPoint = "gator.gatekeeper.sh"
+)
+
 func TestGetEnforcementActionsForEP(t *testing.T) {
 	tests := []struct {
 		name       string

diff --git a/constraint/pkg/client/client_internal_test.go b/constraint/pkg/client/client_internal_test.go
@@ -8,7 +8,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-	constrts "github.com/open-policy-agent/frameworks/constraint/pkg/apis/constraints"
 	"github.com/open-policy-agent/frameworks/constraint/pkg/client/clienttest/cts"
 	"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/fake"
 	"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/fake/schema"
@@ -63,7 +62,7 @@ func TestMultiDriverAddTemplate(t *testing.T) {
 			Driver(driverA),
 			Driver(driverB),
 			Driver(driverC),
-			EnforcementPoints(constrts.AuditEnforcementPoint),
+			EnforcementPoints("test"),
 		)
 		if err != nil {
 			t.Fatal(err)
@@ -745,7 +744,7 @@ func TestMultiDriverAddTemplate(t *testing.T) {
 			Driver(driverC),
 			Driver(driverB),
 			Driver(driverA),
-			EnforcementPoints(constrts.AuditEnforcementPoint),
+			EnforcementPoints("test"),
 		)
 		if err != nil {
 			t.Fatal(err)

diff --git a/constraint/pkg/client/clienttest/client.go b/constraint/pkg/client/clienttest/client.go
@@ -3,7 +3,6 @@ package clienttest
 import (
 	"testing"
 
-	"github.com/open-policy-agent/frameworks/constraint/pkg/apis/constraints"
 	"github.com/open-policy-agent/frameworks/constraint/pkg/client"
 	"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego"
 	"github.com/open-policy-agent/frameworks/constraint/pkg/handler/handlertest"
@@ -18,7 +17,7 @@ func defaults() []client.Opt {
 	return []client.Opt{
 		client.Driver(d),
 		client.Targets(&handlertest.Handler{Cache: &handlertest.Cache{}}),
-		client.EnforcementPoints(constraints.AuditEnforcementPoint),
+		client.EnforcementPoints("audit"),
 	}
 }
 

diff --git a/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects.go b/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects.go
@@ -15,6 +15,8 @@ import (
 	"k8s.io/utils/ptr"
 )
 
+const VAPEnforcementPoint = "vap.k8s.io"
+
 func TemplateToPolicyDefinition(template *templates.ConstraintTemplate) (*admissionregistrationv1beta1.ValidatingAdmissionPolicy, error) {
 	source, err := schema.GetSourceFromTemplate(template)
 	if err != nil {
@@ -81,14 +83,14 @@ func ConstraintToBinding(constraint *unstructured.Unstructured) (*admissionregis
 
 	actions := []string{}
 	if apiconstraints.IsEnforcementActionScoped(enforcementActionStr) {
-		actionsForEP, err := apiconstraints.GetEnforcementActionsForEP(constraint, []string{apiconstraints.WebhookEnforcementPoint})
+		actionsForEP, err := apiconstraints.GetEnforcementActionsForEP(constraint, []string{VAPEnforcementPoint})
 		if err != nil {
 			return nil, err
 		}
-		if len(actionsForEP[apiconstraints.WebhookEnforcementPoint]) == 0 {
+		if len(actionsForEP[VAPEnforcementPoint]) == 0 {
 			return nil, fmt.Errorf("%w: unrecognized enforcement action, must be `warn` or `deny` for admission webhook, nil is not allowed", ErrBadEnforcementAction)
 		}
-		for action := range actionsForEP[apiconstraints.WebhookEnforcementPoint] {
+		for action := range actionsForEP[VAPEnforcementPoint] {
 			actions = append(actions, action)
 		}
 	}

diff --git a/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects_test.go b/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects_test.go
@@ -403,7 +403,7 @@ func TestConstraintToBinding(t *testing.T) {
 							map[string]interface{}{
 								"enforcementPoints": []interface{}{
 									map[string]interface{}{
-										"name": constraints.WebhookEnforcementPoint,
+										"name": VAPEnforcementPoint,
 									},
 								},
 								"action": "warn",
@@ -437,23 +437,23 @@ func TestConstraintToBinding(t *testing.T) {
 			expectedErr: nil,
 		},
 		{
-			name: "scoped enforcement action without webhook",
+			name: "scoped enforcement action without VAP enforcement point",
 			constraint: newTestConstraint("scoped", nil, nil, &unstructured.Unstructured{
 				Object: map[string]interface{}{
 					"spec": map[string]interface{}{
 						"scopedEnforcementActions": []interface{}{
 							map[string]interface{}{
 								"enforcementPoints": []interface{}{
 									map[string]string{
-										"name": constraints.GatorEnforcementPoint,
+										"name": "test",
 									},
 								},
 								"action": "warn",
 							},
 							map[string]interface{}{
 								"enforcementPoints": []interface{}{
 									map[string]string{
-										"name": constraints.AuditEnforcementPoint,
+										"name": "another-test",
 									},
 								},
 								"action": "deny",

diff --git a/constraint/pkg/client/drivers/rego/driver_unit_test.go b/constraint/pkg/client/drivers/rego/driver_unit_test.go
@@ -153,11 +153,11 @@ func TestDriver_Query(t *testing.T) {
 		t.Fatalf("got AddConstraint() error = %v, want %v", err, nil)
 	}
 
-	if err := d.AddConstraint(ctx, cts.MakeScopedEnforcementConstraint(t, "Fakes", "foo-2", []string{"deny", "warn"}, constraints.AuditEnforcementPoint, constraints.GatorEnforcementPoint)); err != nil {
+	if err := d.AddConstraint(ctx, cts.MakeScopedEnforcementConstraint(t, "Fakes", "foo-2", []string{"deny", "warn"}, "audit", "gator")); err != nil {
 		t.Fatalf("got AddConstraint() error = %v, want %v", err, nil)
 	}
 
-	if err := d.AddConstraint(ctx, cts.MakeScopedEnforcementConstraint(t, "Fakes", "foo-3", []string{"deny", "warn"}, "ep", constraints.GatorEnforcementPoint)); err != nil {
+	if err := d.AddConstraint(ctx, cts.MakeScopedEnforcementConstraint(t, "Fakes", "foo-3", []string{"deny", "warn"}, "ep", "gator")); err != nil {
 		t.Fatalf("got AddConstraint() error = %v, want %v", err, nil)
 	}
 
@@ -200,7 +200,7 @@ func TestDriver_Query(t *testing.T) {
 	qr, err = d.Query(
 		ctx,
 		cts.MockTargetHandler,
-		[]*unstructured.Unstructured{cts.MakeScopedEnforcementConstraint(t, "Fakes", "foo-2", []string{"deny", "warn"}, constraints.AuditEnforcementPoint, constraints.GatorEnforcementPoint)},
+		[]*unstructured.Unstructured{cts.MakeScopedEnforcementConstraint(t, "Fakes", "foo-2", []string{"deny", "warn"}, "audit", "gator")},
 		map[string]interface{}{"hi": "there"},
 	)
 	if err != nil {