Fix default value for apiCall context (#11733)

* chore(deps): bump golang.org/x/crypto from 0.29.0 to 0.30.0 (#11712)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/crypto/compare/v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Johann Schley <johann.schley@swisscom.com>

* add test for apiCall default value

Signed-off-by: Johann Schley <johann.schley@swisscom.com>

* move fallback to default into fetch function

Signed-off-by: Johann Schley <johann.schley@swisscom.com>

* Update pkg/engine/apicall/apiCall.go

improved log message text

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Johann Schley <johann.schley@swisscom.com>

* Update pkg/engine/apicall/apiCall.go

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Johann Schley <johann.schley@swisscom.com>

* address comments

Signed-off-by: Johann Schley <johann.schley@swisscom.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Johann Schley <johann.schley@swisscom.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Johann Schley <johann.schley@swisscom.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

pkg/engine/apicall/apiCall.go

@@ -64,6 +64,11 @@ func (a *apiCall) Fetch(ctx context.Context) ([]byte, error) {
 	}
 	data, err := a.Execute(ctx, &call.APICall)
 	if err != nil {
+		if data == nil && a.entry.APICall.Default != nil {
+			data = a.entry.APICall.Default.Raw
+			a.logger.V(4).Info("failed to substitute variable data for APICall, using default value", "default", data, "name", a.entry.Name, "URLPath", a.entry.APICall.URLPath, "error", err)
+			return data, nil
+		}
 		return nil, err
 	}
 	return data, nil
@@ -82,17 +87,15 @@ func (a *apiCall) Execute(ctx context.Context, call *kyvernov1.APICall) ([]byte,
 }
 
 func (a *apiCall) transformAndStore(jsonData []byte) ([]byte, error) {
-	if jsonData == nil {
-		if a.entry.APICall.Default.Raw == nil {
+	if a.entry.APICall.Default != nil {
+		if string(jsonData) == string(a.entry.APICall.Default.Raw) {
+			err := a.jsonCtx.AddContextEntry(a.entry.Name, jsonData)
+			if err != nil {
+				return nil, fmt.Errorf("failed to add resource data to context entry %s: %w", a.entry.Name, err)
+			}
+
 			return jsonData, nil
 		}
-		jsonData = a.entry.APICall.Default.Raw
-		err := a.jsonCtx.AddContextEntry(a.entry.Name, jsonData)
-		if err != nil {
-			return nil, fmt.Errorf("failed to add resource data to context entry %s: %w", a.entry.Name, err)
-		}
-
-		return jsonData, nil
 	}
 	if a.entry.APICall.JMESPath == "" {
 		err := a.jsonCtx.AddContextEntry(a.entry.Name, jsonData)

pkg/engine/apicall/apiCall_test.go

@@ -214,6 +214,43 @@ func Test_servicePostRequest(t *testing.T) {
 	assert.Equal(t, string(expectedResults)+"\n", string(data))
 }
 
+func Test_fallbackToDefault(t *testing.T) {
+	serverResponse := []byte(`Error from server (NotFound): the server could not find the requested resource`)
+	defaultResponse := []byte(`{ "day": "Monday" }`)
+	s := buildTestServer(serverResponse, false)
+	defer s.Close()
+
+	entry := kyvernov1.ContextEntry{}
+	ctx := enginecontext.NewContext(jp)
+
+	entry.Name = "test"
+	entry.APICall = &kyvernov1.ContextAPICall{
+		APICall: kyvernov1.APICall{
+			Service: &kyvernov1.ServiceCall{
+				URL: s.URL,
+				Headers: []kyvernov1.HTTPHeader{
+					{Key: "Authorization", Value: "Bearer 1234567890"},
+					{Key: "Content-Type", Value: "application/json"},
+				},
+			},
+		},
+		Default: &apiextensionsv1.JSON{
+			Raw: defaultResponse,
+		},
+	}
+
+	entry.APICall.Method = "GET"
+	call, err := New(logr.Discard(), jp, entry, ctx, nil, apiConfig)
+	assert.NilError(t, err)
+
+	jsonData, err := call.Fetch(context.TODO())
+	assert.NilError(t, err)
+	data, err := call.Store(jsonData)
+
+	assert.NilError(t, err) // no error because it should fallback to default value
+	assert.Equal(t, string(defaultResponse), string(data))
+}
+
 func buildEchoHeaderTestServer() *httptest.Server {
 	mux := http.NewServeMux()
 	mux.HandleFunc("/resource", func(w http.ResponseWriter, r *http.Request) {

pkg/engine/context/loaders/apicall.go

@@ -54,12 +54,9 @@ func (a *apiLoader) LoadData() error {
 	}
 	if a.data == nil {
 		var err error
-		if a.data, err = executor.Fetch(a.ctx); err != nil && a.entry.APICall.Default == nil {
+		if a.data, err = executor.Fetch(a.ctx); err != nil {
 			return fmt.Errorf("failed to fetch data for APICall: %w", err)
 		}
-		if err == nil {
-			a.entry.APICall.Default = nil
-		}
 	}
 	if _, err := executor.Store(a.data); err != nil {
 		return fmt.Errorf("failed to store data for APICall: %w", err)