MCPcopy
hub / github.com/open-policy-agent/gatekeeper / installPolicy

Function installPolicy

pkg/gator/policy/client/install.go:146–205  ·  view source on GitHub ↗
(ctx context.Context, k8sClient Client, fetcher catalog.Fetcher, policy *catalog.Policy, bundleName string, opts *InstallOptions, result *InstallResult)

Source from the content-addressed store, hash-verified

144}
145
146func installPolicy(ctx context.Context, k8sClient Client, fetcher catalog.Fetcher, policy *catalog.Policy, bundleName string, opts *InstallOptions, result *InstallResult) (skipped bool, err error) {
147 // Fetch template YAML
148 templateData, err := fetcher.FetchContent(ctx, policy.TemplatePath)
149 if err != nil {
150 return false, fmt.Errorf("fetching template: %w", err)
151 }
152
153 // Parse template
154 template := &unstructured.Unstructured{}
155 if err := yaml.Unmarshal(templateData, &template.Object); err != nil {
156 return false, fmt.Errorf("parsing template YAML: %w", err)
157 }
158
159 // Check for existing template
160 templateAlreadyInstalled := false
161 if !opts.DryRun {
162 existing, err := k8sClient.GetTemplate(ctx, template.GetName())
163 if err == nil {
164 // Template exists - check if managed by gator
165 if !labels.IsManagedByGator(existing) {
166 return false, &ConflictError{
167 ResourceKind: "ConstraintTemplate",
168 ResourceName: template.GetName(),
169 }
170 }
171 // Check if same version
172 existingVersion := labels.GetPolicyVersion(existing)
173 if existingVersion == policy.Version {
174 templateAlreadyInstalled = true
175 }
176 } else if !apierrors.IsNotFound(err) {
177 return false, fmt.Errorf("checking existing template: %w", err)
178 }
179 }
180
181 // Add labels and annotations
182 labels.AddManagedLabels(template, policy.Version, bundleName, catalog.DefaultRepository)
183
184 // Install or update template if not already at same version
185 if !opts.DryRun && !templateAlreadyInstalled {
186 if err := k8sClient.InstallTemplate(ctx, template); err != nil {
187 return false, fmt.Errorf("installing template: %w", err)
188 }
189 }
190
191 // Install constraint if bundle has a constraint path defined
192 constraintPath := policy.BundleConstraints[bundleName]
193 if bundleName != "" && constraintPath != "" {
194 if err := installConstraint(ctx, k8sClient, fetcher, policy, constraintPath, bundleName, opts, result, template); err != nil {
195 return false, err
196 }
197 }
198
199 // Return whether this policy was skipped (already at same version)
200 if templateAlreadyInstalled && (bundleName == "" || constraintPath == "") {
201 return true, nil
202 }
203

Callers 1

InstallFunction · 0.85

Calls 8

IsManagedByGatorFunction · 0.92
GetPolicyVersionFunction · 0.92
AddManagedLabelsFunction · 0.92
installConstraintFunction · 0.85
FetchContentMethod · 0.65
GetTemplateMethod · 0.65
GetNameMethod · 0.65
InstallTemplateMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…