Merge branch 'main' into add_dockerfile_sample

kyverno · Oct 10, 2023 · 13a2e6f · 13a2e6f
2 parents 8da04c1 + 84ae07a
commit 13a2e6f
Show file tree

Hide file tree

Showing 13 changed files with 426 additions and 92 deletions.
diff --git a/Makefile b/Makefile
@@ -144,8 +144,13 @@ codegen-jp-docs: ## Generate JP docs
 	@rm -rf docs/user/jp && mkdir -p docs/user/jp
 	@go run ./hack/docs/jp/main.go > docs/user/jp/functions.md
 
+.PHONY: codegen-catalog
+codegen-catalog: ## Generate policy catalog
+	@echo Generate policy catalog... >&2
+	@go run ./hack/docs/catalog/main.go
+
 .PHONY: codegen-docs
-codegen-docs: codegen-api-docs-md codegen-cli-docs codegen-jp-docs ## Generate docs
+codegen-docs: codegen-api-docs-md codegen-cli-docs codegen-jp-docs codegen-catalog ## Generate docs
 
 .PHONY: codegen-mkdocs
 codegen-mkdocs: codegen-docs ## Generate mkdocs website

diff --git a/catalog/aws/policy-1.yaml b/catalog/aws/policy-1.yaml
@@ -0,0 +1,17 @@
+apiVersion: json.kyverno.io/v1alpha1
+kind: Policy
+metadata:
+  name: test
+  labels:
+    s3.aws.tags.kyverno.io: ''
+  annotations:
+    title.catalog.kyverno.io: Policy 1
+    description.catalog.kyverno.io: Policy 1
+spec:
+  rules:
+    - name: foo-bar
+      validate:
+        assert:
+          all:
+          - foo:
+              /(bar)/: 10
diff --git a/catalog/ecs/policy-1.yaml b/catalog/ecs/policy-1.yaml
@@ -0,0 +1,12 @@
+apiVersion: json.kyverno.io/v1alpha1
+kind: Policy
+metadata:
+  name: test
+spec:
+  rules:
+    - name: foo-bar
+      validate:
+        assert:
+          all:
+          - foo:
+              /(bar)/: 10
diff --git a/hack/docs/catalog/main.go b/hack/docs/catalog/main.go
@@ -0,0 +1,154 @@
+package main
+
+import (
+	"io/fs"
+	"os"
+	"path/filepath"
+	"slices"
+	"strings"
+	"text/template"
+
+	"github.com/kyverno/kyverno-json/pkg/apis/v1alpha1"
+	"github.com/kyverno/kyverno-json/pkg/catalog"
+	"github.com/kyverno/kyverno-json/pkg/policy"
+	fileinfo "github.com/kyverno/kyverno-json/pkg/utils/file-info"
+	"sigs.k8s.io/yaml"
+)
+
+const (
+	path = "./catalog"
+)
+
+type pol struct {
+	Path   string
+	Policy *v1alpha1.Policy
+}
+
+func (p pol) TargetPath() string {
+	base, err := filepath.Rel(path, p.Path)
+	if err != nil {
+		panic(err)
+	}
+	target := filepath.Join("website/docs/catalog/policies/", base)
+	target = strings.TrimSuffix(target, filepath.Ext(target)) + ".md"
+	return target
+}
+
+func (p pol) NavPath() string {
+	base, err := filepath.Rel("website/docs", p.TargetPath())
+	if err != nil {
+		panic(err)
+	}
+	return base
+}
+
+func (p pol) Generate() error {
+	if err := os.MkdirAll(filepath.Dir(p.TargetPath()), os.ModePerm); err != nil {
+		return err
+	}
+	template, err := template.ParseFiles("./website/policy.gotmpl")
+	if err != nil {
+		return err
+	}
+	policy, err := os.Create(p.TargetPath())
+	if err != nil {
+		return err
+	}
+	defer policy.Close()
+	if err := template.Execute(policy, p); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (p pol) Title() string {
+	title := p.Policy.Annotations[catalog.AnnotationPolicyTitle]
+	if title != "" {
+		return title
+	}
+	base := filepath.Base(p.Path)
+	return strings.TrimSuffix(base, filepath.Ext(base))
+}
+
+func (p pol) Description() string {
+	description := p.Policy.Annotations[catalog.AnnotationPolicyDescription]
+	if description != "" {
+		return description
+	}
+	return "None"
+}
+
+func (p pol) Manifest() string {
+	bytes, err := yaml.Marshal(p.Policy)
+	if err != nil {
+		return err.Error()
+	}
+	return strings.TrimSpace(string(bytes))
+}
+
+func (p pol) Tags() []string {
+	var tags []string
+	for k := range p.Policy.Labels {
+		if strings.HasSuffix(k, catalog.TagsLabelSuffix) {
+			tag := strings.TrimSuffix(k, catalog.TagsLabelSuffix)
+			parts := strings.Split(tag, ".")
+			slices.Reverse(parts)
+			for i := 1; i <= len(parts); i++ {
+				tags = append(tags, strings.Join(parts[:i], "/"))
+			}
+		}
+	}
+	return tags
+}
+
+func main() {
+	var files []string
+	err := filepath.Walk(path, func(file string, info fs.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if fileinfo.IsYaml(info) {
+			files = append(files, file)
+		}
+		return nil
+	})
+	if err != nil {
+		panic(err)
+	}
+	var pols []pol
+	for _, file := range files {
+		policies, err := policy.Load(file)
+		if err != nil {
+			panic(err)
+		}
+		for _, policy := range policies {
+			pols = append(pols, pol{
+				Path:   file,
+				Policy: policy,
+			})
+		}
+		if err := os.RemoveAll("website/docs/catalog/policies"); err != nil {
+			panic(err)
+		}
+		for _, pol := range pols {
+			err := pol.Generate()
+			if err != nil {
+				panic(err)
+			}
+		}
+		template, err := template.ParseFiles("./website/nav.gotmpl")
+		if err != nil {
+			panic(err)
+		}
+		mkdocs, err := os.Create("./website/mkdocs.yaml")
+		if err != nil {
+			panic(err)
+		}
+		defer mkdocs.Close()
+		if err := template.Execute(mkdocs, map[string]interface{}{
+			"Policies": pols,
+		}); err != nil {
+			panic(err)
+		}
+	}
+}
diff --git a/pkg/catalog/metadata.go b/pkg/catalog/metadata.go
@@ -0,0 +1,7 @@
+package catalog
+
+const (
+	TagsLabelSuffix             = ".tags.kyverno.io"
+	AnnotationPolicyDescription = "description.policy.kyverno.io"
+	AnnotationPolicyTitle       = "title.policy.kyverno.io"
+)
diff --git a/website/docs/catalog/policies/aws/policy-1.md b/website/docs/catalog/policies/aws/policy-1.md
@@ -0,0 +1,35 @@
+---
+tags:
+- aws
+- aws/s3
+---
+# policy-1
+
+## Description
+
+None
+
+## Manifest
+
+[Original policy](https://github.com/kyverno/kyverno-json/catalog/aws/policy-1.yaml)
+
+```yaml
+apiVersion: json.kyverno.io/v1alpha1
+kind: Policy
+metadata:
+  annotations:
+    description.catalog.kyverno.io: Policy 1
+    title.catalog.kyverno.io: Policy 1
+  creationTimestamp: null
+  labels:
+    s3.aws.tags.kyverno.io: ""
+  name: test
+spec:
+  rules:
+  - name: foo-bar
+    validate:
+      assert:
+        all:
+        - foo:
+            /(bar)/: 10
+```
diff --git a/website/docs/catalog/policies/ecs/policy-1.md b/website/docs/catalog/policies/ecs/policy-1.md
@@ -0,0 +1,26 @@
+
+# policy-1
+
+## Description
+
+None
+
+## Manifest
+
+[Original policy](https://github.com/kyverno/kyverno-json/catalog/ecs/policy-1.yaml)
+
+```yaml
+apiVersion: json.kyverno.io/v1alpha1
+kind: Policy
+metadata:
+  creationTimestamp: null
+  name: test
+spec:
+  rules:
+  - name: foo-bar
+    validate:
+      assert:
+        all:
+        - foo:
+            /(bar)/: 10
+```
diff --git a/website/docs/overrides/home.html b/website/docs/overrides/home.html
@@ -3,7 +3,7 @@
 {{ super() }}
 <style>
 	:root {
-		--goreleaser-primary-color: #3b5672;
+		--kyverno-primary-color: #72533b;
 	}
 	.md-header {
 		position: initial
@@ -16,11 +16,11 @@
 	}
 	[data-md-color-scheme=slate] .tx-container {
 		padding-top: 1rem;
-		background: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 1123 258'><path d='M1124,2c0,0 0,256 0,256l-1125,0l0,-48c0,0 16,5 55,5c116,0 197,-92 325,-92c121,0 114,46 254,46c140,0 214,-167 572,-166Z' style='fill: hsla(232, 15%, 21%, 1)'/></svg>") no-repeat bottom, linear-gradient(to bottom, var(--md-primary-fg-color), var(--goreleaser-primary-color) 99%, #fff 99%)
+		background: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 1123 258'><path d='M1124,2c0,0 0,256 0,256l-1125,0l0,-48c0,0 16,5 55,5c116,0 197,-92 325,-92c121,0 114,46 254,46c140,0 214,-167 572,-166Z' style='fill: hsla(232, 15%, 21%, 1)'/></svg>") no-repeat bottom, linear-gradient(to bottom, var(--md-primary-fg-color), var(--kyverno-primary-color) 99%, #fff 99%)
 	}
 	.tx-container {
 		padding-top: 1rem;
-		background: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 1123 258'><path d='M1124,2c0,0 0,256 0,256l-1125,0l0,-48c0,0 16,5 55,5c116,0 197,-92 325,-92c121,0 114,46 254,46c140,0 214,-167 572,-166Z' style='fill: white' /></svg>") no-repeat bottom, linear-gradient(to bottom, var(--md-primary-fg-color), var(--goreleaser-primary-color) 99%, #fff 99%)
+		background: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 1123 258'><path d='M1124,2c0,0 0,256 0,256l-1125,0l0,-48c0,0 16,5 55,5c116,0 197,-92 325,-92c121,0 114,46 254,46c140,0 214,-167 572,-166Z' style='fill: white' /></svg>") no-repeat bottom, linear-gradient(to bottom, var(--md-primary-fg-color), var(--kyverno-primary-color) 99%, #fff 99%)
 	}
 	.tx-hero {
 		margin: 0 .8rem;
@@ -44,7 +44,7 @@
 	}
 	.tx-hero .md-button--primary {
 		background-color: var(--md-primary-bg-color);
-		color: var(--goreleaser-primary-color);
+		color: var(--kyverno-primary-color);
 		border-color: var(--md-primary-bg-color)
 	}
 	.tx-hero .md-button:focus,
@@ -128,7 +128,6 @@ <h2>This is like <a href="https://kyverno.io">Kyverno</a>, for anything JSON com
 		</div>
 	</div>
 </section>
-<a style="display: none;" rel="me" href="https://fosstodon.org/@goreleaser"></a>
 {% endblock %}
 {% block content %}{% endblock %}
 {% block footer %}{% endblock %}
diff --git a/website/docs/tags.md b/website/docs/tags.md
@@ -0,0 +1,5 @@
+# Policies by tags
+
+Following is the list of policies tags grouped by policy tags:
+
+[TAGS]