fix: remove kyverno namespace and add default users

vishal-chdhry · vishal-chdhry · commit 838db96c3e38 · 2024-03-11T11:07:44.000+05:30
Signed-off-by: Vishal Choudhary &lt;vishal.choudhary@nirmata.com&gt;
diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/kyverno/kyverno v1.10.2
 	github.com/kyverno/pkg/certmanager v0.0.10
 	github.com/kyverno/pkg/tls v0.0.9
-	github.com/nirmata/kyverno-notation-verifier v1.0.2-0.20240226100808-71a312da903f
+	github.com/nirmata/kyverno-notation-verifier v1.0.2-0.20240311051614-69198b37f3d9
 	github.com/notaryproject/notation-core-go v1.0.2
 	github.com/pkg/errors v0.9.1
 	go.uber.org/zap v1.26.0
diff --git a/go.sum b/go.sum
@@ -1027,6 +1027,8 @@ github.com/nirmata/kyverno-notation-verifier v1.0.2-0.20240223153407-a302a950a93
 github.com/nirmata/kyverno-notation-verifier v1.0.2-0.20240223153407-a302a950a939/go.mod h1:LfI5AAZGleWLm5/fInN+bdv5/NukgxTPJSFCvob7Vhg=
 github.com/nirmata/kyverno-notation-verifier v1.0.2-0.20240226100808-71a312da903f h1:OL1hg1pzV/NK64MPZKfrasaWGg4OJzhG+/DGj94XevM=
 github.com/nirmata/kyverno-notation-verifier v1.0.2-0.20240226100808-71a312da903f/go.mod h1:LfI5AAZGleWLm5/fInN+bdv5/NukgxTPJSFCvob7Vhg=
+github.com/nirmata/kyverno-notation-verifier v1.0.2-0.20240311051614-69198b37f3d9 h1:olr9SDKzTAWUY4YcU9rCF7Z4Lpbsbo3cA4I+msW8tgM=
+github.com/nirmata/kyverno-notation-verifier v1.0.2-0.20240311051614-69198b37f3d9/go.mod h1:LfI5AAZGleWLm5/fInN+bdv5/NukgxTPJSFCvob7Vhg=
 github.com/nishanths/exhaustive v0.1.0/go.mod h1:S1j9110vxV1ECdCudXRkeMnFQ/DQk9ajLT0Uf2MYZQQ=
 github.com/nishanths/predeclared v0.0.0-20190419143655-18a43bb90ffc/go.mod h1:62PewwiQTlm/7Rj+cxVYqZvDIUc+JjZq6GHAC1fsObQ=
 github.com/nishanths/predeclared v0.2.1/go.mod h1:HvkGJcA3naj4lOwnFXFDkFxVtSqQMB9sbB1usJ+xjQE=
diff --git a/main.go b/main.go
@@ -59,7 +59,6 @@ func main() {
 		cacheEnabled                bool
 		cacheMaxSize                int64
 		cacheTTLDuration            int64
-		kyvernoNamespace            string
 		allowedUsers                string
 		reviewKyvernoToken          bool
 	)
@@ -80,8 +79,7 @@ func main() {
 	flag.Int64Var(&cacheMaxSize, "cacheMaxSize", 1000, "Max size limit for the TTL cache, default is 1000.")
 	flag.Int64Var(&cacheTTLDuration, "cacheTTLDurationSeconds", int64(1*time.Hour), "Max TTL value for a cache in seconds, default is 1 hour.")
 	flag.BoolVar(&reviewKyvernoToken, "reviewKyvernoToken", true, "Checks if the Auth token in the request is a token from kyverno controllers or other allowed users, default is true.")
-	flag.StringVar(&kyvernoNamespace, "kyvernoNamespace", "kyverno", "Namespace where kyverno is installed, default is kyverno.")
-	flag.StringVar(&allowedUsers, "allowedUsers", "", "Comma-seperated list of all the allowed users and service accounts.")
+	flag.StringVar(&allowedUsers, "allowedUsers", "system:serviceaccount:kyverno:kyverno-admission-controller,system:serviceaccount:kyverno:kyverno-reports-controller", "Comma-seperated list of all the allowed users and service accounts.")
 
 	flag.Parse()
 	zc := zap.NewDevelopmentConfig()
@@ -202,7 +200,6 @@ func main() {
 		knvVerifier.WithCacheEnabled(cacheEnabled),
 		knvVerifier.WithMaxCacheSize(cacheMaxSize),
 		knvVerifier.WithMaxCacheTTL(time.Duration(cacheTTLDuration*int64(time.Second))),
-		knvVerifier.WithKyvernoNamespace(kyvernoNamespace),
 		knvVerifier.WithAllowedUsers(strings.Split(allowedUsers, ",")))
 
 	mux := http.NewServeMux()
