feat: cache namespaces in targethandler

[davis-haba]

Signed-off-by: davis-haba davishaba@google.com

What this PR does / why we need it:

This introduces functionality to cache namespaces in the TargetHandler, which now implements the handler.Cache interface from frameworks.

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):
Fixes #1849

Special notes for your reviewer:

[codecov-commenter]

Codecov Report

Merging #1908 (650b65a) into master (80d9993) will increase coverage by 0.11%.
The diff coverage is 94.00%.

@@            Coverage Diff             @@
##           master    #1908      +/-   ##
==========================================
+ Coverage   52.13%   52.24%   +0.11%     
==========================================
  Files         100      100              
  Lines        8958     8992      +34     
==========================================
+ Hits         4670     4698      +28     
- Misses       3912     3916       +4     
- Partials      376      378       +2     

Flag	Coverage Δ
unittests	52.24% <94.00%> (+0.11%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/target/target.go	73.03% <94.00%> (+2.45%)	⬆️
...onstrainttemplate/constrainttemplate_controller.go	57.21% <0.00%> (-1.45%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 80d9993...650b65a. Read the comment docs.

[davis-haba]

@willbeason PTAL

[maxsmythe]

LGTM with 1 nit and 1 clarifying question.

[maxsmythe]

@willbeason Will your follow-on PR make it so HandleReview() always returns a gkReview?

Side note... with these changes, we will also be able to drop that Unstable field when passing to Rego, since Rego no longer has need for an injected namespace

[willbeason]

On the first note: sure, I'll make sure of that. On the second, it's an optimization we can look at later.

[maxsmythe]

+1

[sozercan]

do we want to make this generic and replace

gatekeeper/pkg/audit/manager.go

Line 102 in a3d8a0d

type nsCache struct {

[maxsmythe]

What do you mean by "make this generic"? Indicate that we should be able to cache other objects?

If so, we could, but we probably don't want to do that currently since we'd be duplicating OPA's cache. It's something we may want to consider as possible future work if we needed wider access to the cache, though.

[willbeason]

I think Sertaç is talking about that we have a different nsCache in audit/manager.go. I had thought about that initially when looking at Davis's PR, but I think that deduplication would be better suited in a different PR. Audit's nsCache has slightly different uses, so changing that in this PR would make this change a bit larger (e.g. we'd have to figure out where to export the type so it's available from both locations). It's work that is easy to have as a follow-up

[willbeason]

*follow-up = after merging in the frameworks changes

[sozercan]

SGTM as a follow-up

[sozercan]

LGTM