Merge pull request #596 from flavio/reduce-memory-usage

refactor: reduce memory usage
kubewarden · Dec 14, 2023 · fee9dd7 · fee9dd7
2 parents c37672f + ad951ab
commit fee9dd7
Show file tree

Hide file tree

Showing 13 changed files with 1,369 additions and 933 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -28,11 +28,13 @@ opentelemetry = { version = "0.21", default-features = false, features = [
 ] }
 opentelemetry_sdk = { version = "0.21", features = ["rt-tokio"] }
 procfs = "0.16"
-policy-evaluator = { git = "https://github.com/kubewarden/policy-evaluator", tag = "v0.12.2" }
+policy-evaluator = { git = "https://github.com/kubewarden/policy-evaluator", tag = "v0.13.0" }
 rayon = "1.8"
 serde_json = "1.0"
 serde = { version = "1.0", features = ["derive"] }
 serde_yaml = "0.9.27"
+sha2 = "0.10"
+thiserror = "1.0"
 tokio = { version = "^1", features = ["full"] }
 tracing = "0.1"
 tracing-futures = "0.2"
@@ -43,8 +45,10 @@ warp = { version = "0.3.6", default_features = false, features = [
   "tls",
 ] }
 semver = { version = "1.0.20", features = ["serde"] }
+mockall_double = "0.3"
 
 [dev-dependencies]
+mockall = "0.12"
 rstest = "0.18"
 tempfile = "3.8.1"
 reqwest = { version = "0.11", default_features = false, features = [

diff --git a/e2e-tests/test_data/policies.yaml b/e2e-tests/test_data/policies.yaml
@@ -77,3 +77,26 @@ raw-mutation-wasi:
       - "banana"
       - "carrot"
     defaultResource: "hay"
+
+apparmor:
+  url: ghcr.io/kubewarden/tests/apparmor-psp:v0.1.13
+  allowedToMutate: false
+  settings:
+    allowed_profiles:
+      - runtime/default
+
+psp-user-group:
+  url: ghcr.io/kubewarden/tests/user-group-psp:v0.4.9
+  allowedToMutate: true
+  settings:
+    run_as_user:
+      rule: MustRunAs
+      ranges:
+        - min: 1000
+          max: 2000
+    run_as_group:
+      rule: RunAsAny
+      overwrite: false
+    supplemental_groups:
+      rule: RunAsAny
+      overwrite: false
diff --git a/src/config.rs b/src/config.rs
@@ -2,6 +2,7 @@ use anyhow::{anyhow, Result};
 
 use clap::ArgMatches;
 use lazy_static::lazy_static;
+use policy_evaluator::policy_evaluator::PolicySettings;
 use policy_evaluator::policy_fetcher::sources::{read_sources_file, Sources};
 use policy_evaluator::policy_fetcher::verify::config::{
     read_verification_file, LatestVerificationConfig, VerificationConfigV1,
@@ -231,7 +232,7 @@ pub struct Policy {
 }
 
 impl Policy {
-    pub fn settings_to_json(&self) -> Result<Option<serde_json::Map<String, serde_json::Value>>> {
+    pub fn settings_to_json(&self) -> Result<Option<PolicySettings>> {
         match self.settings.as_ref() {
             None => Ok(None),
             Some(settings) => {

diff --git a/src/lib.rs b/src/lib.rs
@@ -3,8 +3,7 @@ mod communication;
 mod metrics;
 mod policy_downloader;
 mod server;
-mod worker;
-mod worker_pool;
+mod workers;
 
 pub mod admission_review;
 pub mod config;
@@ -26,7 +25,7 @@ use tracing_subscriber::{fmt, EnvFilter};
 use communication::{EvalRequest, WorkerPoolBootRequest};
 use config::Config;
 use policy_downloader::Downloader;
-use worker_pool::WorkerPool;
+use workers::pool::WorkerPool;
 
 lazy_static! {
     static ref TRACE_SYSTEM_INITIALIZED: RwLock<bool> = RwLock::new(false);