in pkg/gcv/configs/config.go [361:454]
func (c *Configuration) loadUnstructured(u *unstructured.Unstructured) error {
switch u.GroupVersionKind().Group {
case constraintGroup:
if u.GroupVersionKind().Version == "v1alpha1" {
glog.Warning(
"v1alpha1 constraints are deprecated and will be removed in a future release. " +
"Please upgrade: https://github.com/GoogleCloudPlatform/policy-library/blob/main/docs/constraint_template_authoring.md#updating-from-v1alpha1-templates",
)
}
c.allConstraints = append(c.allConstraints, u)
case templateGroup:
if u.GroupVersionKind().Kind != "ConstraintTemplate" {
return errors.Errorf("unexpected data type %s in group %s", u.GroupVersionKind(), templateGroup)
}
switch u.GroupVersionKind().Version {
case "v1alpha1":
glog.Warning(
"v1alpha1 constraint templates are deprecated and will be removed in a future release. " +
"Please upgrade: https://github.com/GoogleCloudPlatform/policy-library/blob/main/docs/constraint_template_authoring.md#updating-from-v1alpha1-templates",
)
openAPIResult := configValidatorV1Alpha1SchemaValidator.Validate(u.Object)
if openAPIResult.HasErrorsOrWarnings() {
return errors.Wrapf(openAPIResult.AsError(), "v1alpha1 validation failure")
}
if err := convertLegacyConstraintTemplate(u, c.regoLib); err != nil {
return errors.Wrapf(err, "failed to convert legacy forseti ConstraintTemplate "+
"to ConstraintFramework format, this is likely due to an issue in the spec.crd.spec.validation field")
}
case "v1beta1":
openAPIResult := configValidatorV1Beta1SchemaValidator.Validate(u.Object)
if openAPIResult.HasErrorsOrWarnings() {
return errors.Wrapf(openAPIResult.AsError(), "v1beta1 validation failure")
}
default:
return errors.Errorf("unrecognized ConstraintTemplate version %s", u.GroupVersionKind().Version)
}
groupVersioner := runtime.GroupVersioner(schema.GroupVersions(scheme.Scheme.PrioritizedVersionsAllGroups()))
obj, err := scheme.Scheme.ConvertToVersion(u, groupVersioner)
if err != nil {
return errors.Wrapf(err, "failed to convert unstructured ConstraintTemplate to versioned")
}
var ct cftemplates.ConstraintTemplate
if err := scheme.Scheme.Convert(obj, &ct, nil); err != nil {
return errors.Wrapf(err, "failed to convert to versioned constraint template internal struct")
}
if ct.Spec.CRD.Spec.Validation.OpenAPIV3Schema.Type == "" {
glog.Warning(
"spec.crd.spec.validation.openAPIV3Schema is missing the type: declaration. " +
"Please upgrade: https://open-policy-agent.github.io/gatekeeper/website/docs/constrainttemplates#v1-constraint-template",
)
ct.Spec.CRD.Spec.Validation.OpenAPIV3Schema.Type = "object"
}
if dup, found := c.templateNames[ct.Name]; found {
return errors.Errorf(
"ConstraintTemplate %q declared at path %q has duplicate name conflict with template declared at path %q",
ct.Name, ct.GetAnnotations()[yamlPath], dup.GetAnnotations()[yamlPath])
}
c.templateNames[ct.Name] = &ct
if dup, found := c.templateKinds[ct.Name]; found {
return errors.Errorf(
"ConstraintTemplate %q crd kind %q declared at path %q has duplicate kind conflict with template declared at path %q",
ct.Name, ct.Spec.CRD.Spec.Names.Kind, ct.GetAnnotations()[yamlPath], dup.GetAnnotations()[yamlPath])
}
c.templateKinds[ct.Name] = &ct
for _, target := range ct.Spec.Targets {
switch target.Target {
case GCPTargetName:
c.GCPTemplates = append(c.GCPTemplates, &ct)
case TFTargetName:
if u.GroupVersionKind().Version == "v1alpha1" {
return errors.Errorf("v1alpha1 templates are not supported for terraform templates. Please upgrade.")
}
c.TFTemplates = append(c.TFTemplates, &ct)
case K8STargetName:
c.K8STemplates = append(c.K8STemplates, &ct)
default:
return errors.Errorf("")
}
}
default:
glog.V(1).Infof("Ignoring %s %s", u.GroupVersionKind(), u.GetName())
}
return nil
}