kyverno/pkg/policy/mutate/validate.go

package mutate

import (
	"errors"
	"fmt"

	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
	commonAnchors "github.com/kyverno/kyverno/pkg/engine/anchor/common"
	"github.com/kyverno/kyverno/pkg/policy/common"
)

// Mutate provides implementation to validate 'mutate' rule
type Mutate struct {
	// rule to hold 'mutate' rule specifications
	rule kyverno.Mutation
}

//NewMutateFactory returns a new instance of Mutate validation checker
func NewMutateFactory(rule kyverno.Mutation) *Mutate {
	m := Mutate{
		rule: rule,
	}
	return &m
}

//Validate validates the 'mutate' rule
func (m *Mutate) Validate() (string, error) {
	rule := m.rule
	// JSON Patches
	if len(rule.Patches) != 0 {
		for i, patch := range rule.Patches {
			if err := validatePatch(patch); err != nil {
				return fmt.Sprintf("patch[%d]", i), err
			}
		}
	}
	// Overlay
	if rule.Overlay != nil {
		path, err := common.ValidatePattern(rule.Overlay, "/", []commonAnchors.IsAnchor{commonAnchors.IsConditionAnchor, commonAnchors.IsAddingAnchor})
		if err != nil {
			return path, err
		}
	}
	return "", nil
}

// Validate if all mandatory PolicyPatch fields are set
func validatePatch(pp kyverno.Patch) error {
	if pp.Path == "" {
		return errors.New("JSONPatch field 'path' is mandatory")
	}
	if pp.Operation == "add" || pp.Operation == "replace" {
		if pp.Value == nil {
			return fmt.Errorf("JSONPatch field 'value' is mandatory for operation '%s'", pp.Operation)
		}

		return nil
	} else if pp.Operation == "remove" {
		return nil
	}

	return fmt.Errorf("unsupported JSONPatch operation '%s'", pp.Operation)
}
refactor & validate operations for generate rules in PolicyValidation 2020-03-11 18:14:23 -07:00			`package mutate`

			`import (`
			`"errors"`
			`"fmt"`

Restructure project to follow standards (#2632) Signed-off-by: Jose Armesto <github@armesto.net> 2021-10-29 18:13:20 +02:00			`kyverno "github.com/kyverno/kyverno/api/kyverno/v1"`
update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00			`commonAnchors "github.com/kyverno/kyverno/pkg/engine/anchor/common"`
			`"github.com/kyverno/kyverno/pkg/policy/common"`
refactor & validate operations for generate rules in PolicyValidation 2020-03-11 18:14:23 -07:00			`)`

			`// Mutate provides implementation to validate 'mutate' rule`
			`type Mutate struct {`
			`// rule to hold 'mutate' rule specifications`
			`rule kyverno.Mutation`
			`}`

			`//NewMutateFactory returns a new instance of Mutate validation checker`
			`func NewMutateFactory(rule kyverno.Mutation) *Mutate {`
			`m := Mutate{`
			`rule: rule,`
			`}`
			`return &m`
			`}`

fix comments 2020-03-11 18:14:42 -07:00			`//Validate validates the 'mutate' rule`
refactor & validate operations for generate rules in PolicyValidation 2020-03-11 18:14:23 -07:00			`func (m *Mutate) Validate() (string, error) {`
			`rule := m.rule`
			`// JSON Patches`
			`if len(rule.Patches) != 0 {`
			`for i, patch := range rule.Patches {`
			`if err := validatePatch(patch); err != nil {`
			`return fmt.Sprintf("patch[%d]", i), err`
			`}`
			`}`
			`}`
			`// Overlay`
			`if rule.Overlay != nil {`
resolved conditional anchor issue and added validation to pattern labels (#1060) * resolved conditional anchor issue and added validation to pattern labels * restored IsConditionAnchor * added annotation and anypattern validation * added conditional anchor key checker * reverted docs * fixed tests * modified validation * modified validate condition check 2020-08-29 06:52:22 +05:30			`path, err := common.ValidatePattern(rule.Overlay, "/", []commonAnchors.IsAnchor{commonAnchors.IsConditionAnchor, commonAnchors.IsAddingAnchor})`
refactor & validate operations for generate rules in PolicyValidation 2020-03-11 18:14:23 -07:00			`if err != nil {`
			`return path, err`
			`}`
			`}`
			`return "", nil`
			`}`

			`// Validate if all mandatory PolicyPatch fields are set`
			`func validatePatch(pp kyverno.Patch) error {`
			`if pp.Path == "" {`
			`return errors.New("JSONPatch field 'path' is mandatory")`
			`}`
			`if pp.Operation == "add" \|\| pp.Operation == "replace" {`
			`if pp.Value == nil {`
			`return fmt.Errorf("JSONPatch field 'value' is mandatory for operation '%s'", pp.Operation)`
			`}`

			`return nil`
			`} else if pp.Operation == "remove" {`
			`return nil`
			`}`

Format error messages correctly (#2519) * Format error messages correctly Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * No punctuation at the end or errors Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Replace loop with simple if Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Fix more errors Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> 2021-10-12 23:29:20 +02:00			`return fmt.Errorf("unsupported JSONPatch operation '%s'", pp.Operation)`
refactor & validate operations for generate rules in PolicyValidation 2020-03-11 18:14:23 -07:00			`}`