refactor: add IsNamespaced() method to API policy types (#3450)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2025-03-31 03:45:17 +00:00 · 2022-03-23 08:33:15 +01:00 · 2022-03-23 08:33:15 +01:00 · 06fc472f52
commit 06fc472f52
parent f263cbedca
5 changed files with 49 additions and 6 deletions
--- a/api/kyverno/v1/clusterpolicy_test.go
+++ b/api/kyverno/v1/clusterpolicy_test.go
@ -11,13 +11,30 @@ import (
 func Test_ClusterPolicy_Name(t *testing.T) {
 	subject := ClusterPolicy{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: "this-is-a-way-too-long-policy-name-that-should-trigger-an-error-when-calling-the-policy-validation-method",
+			Name:      "this-is-a-way-too-long-policy-name-that-should-trigger-an-error-when-calling-the-policy-validation-method",
+			Namespace: "abcd",
 		},
 	}
-	errs := subject.Validate(false, nil)
+	errs := subject.Validate(nil)
 	assert.Assert(t, len(errs) == 1)
 	assert.Equal(t, errs[0].Field, "name")
 	assert.Equal(t, errs[0].Type, field.ErrorTypeTooLong)
 	assert.Equal(t, errs[0].Detail, "must have at most 63 bytes")
 	assert.Equal(t, errs[0].Error(), "name: Too long: must have at most 63 bytes")
 }
+
+func Test_ClusterPolicy_IsNamespaced(t *testing.T) {
+	namespaced := ClusterPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "this-is-a-way-too-long-policy-name-that-should-trigger-an-error-when-calling-the-policy-validation-method",
+			Namespace: "abcd",
+		},
+	}
+	notNamespaced := ClusterPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "this-is-a-way-too-long-policy-name-that-should-trigger-an-error-when-calling-the-policy-validation-method",
+		},
+	}
+	assert.Equal(t, namespaced.IsNamespaced(), true)
+	assert.Equal(t, notNamespaced.IsNamespaced(), false)
+}
--- a/api/kyverno/v1/clusterpolicy_types.go
+++ b/api/kyverno/v1/clusterpolicy_types.go
@ -81,6 +81,11 @@ func (p *ClusterPolicy) BackgroundProcessingEnabled() bool {
 	return p.Spec.BackgroundProcessingEnabled()
 }

+// IsNamespaced indicates if the policy is namespace scoped
+func (p *ClusterPolicy) IsNamespaced() bool {
+	return p.GetNamespace() != ""
+}
+
 // IsReady indicates if the policy is ready to serve the admission request
 func (p *ClusterPolicy) IsReady() bool {
 	return p.Status.IsReady()
@ -89,10 +94,10 @@ func (p *ClusterPolicy) IsReady() bool {
 // Validate implements programmatic validation
 // namespaced means that the policy is bound to a namespace and therefore
 // should not filter/generate cluster wide resources.
-func (p *ClusterPolicy) Validate(namespaced bool, clusterResources sets.String) field.ErrorList {
+func (p *ClusterPolicy) Validate(clusterResources sets.String) field.ErrorList {
 	var errs field.ErrorList
 	errs = append(errs, ValidatePolicyName(field.NewPath("name"), p.Name)...)
-	errs = append(errs, p.Spec.Validate(field.NewPath("spec"), namespaced, clusterResources)...)
+	errs = append(errs, p.Spec.Validate(field.NewPath("spec"), p.IsNamespaced(), clusterResources)...)
 	return errs
 }

--- a/api/kyverno/v1/policy_test.go
+++ b/api/kyverno/v1/policy_test.go
@ -21,3 +21,19 @@ func Test_Policy_Name(t *testing.T) {
 	assert.Equal(t, errs[0].Detail, "must have at most 63 bytes")
 	assert.Equal(t, errs[0].Error(), "name: Too long: must have at most 63 bytes")
 }
+
+func Test_Policy_IsNamespaced(t *testing.T) {
+	namespaced := Policy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "this-is-a-way-too-long-policy-name-that-should-trigger-an-error-when-calling-the-policy-validation-method",
+			Namespace: "abcd",
+		},
+	}
+	notNamespaced := Policy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "this-is-a-way-too-long-policy-name-that-should-trigger-an-error-when-calling-the-policy-validation-method",
+		},
+	}
+	assert.Equal(t, namespaced.IsNamespaced(), false)
+	assert.Equal(t, notNamespaced.IsNamespaced(), false)
+}
--- a/api/kyverno/v1/policy_types.go
+++ b/api/kyverno/v1/policy_types.go
@ -82,6 +82,11 @@ func (p *Policy) BackgroundProcessingEnabled() bool {
 	return p.Spec.BackgroundProcessingEnabled()
 }

+// IsNamespaced indicates if the policy is namespace scoped
+func (p *Policy) IsNamespaced() bool {
+	return false
+}
+
 // IsReady indicates if the policy is ready to serve the admission request
 func (p *Policy) IsReady() bool {
 	return p.Status.IsReady()
--- a/pkg/policy/validate.go
+++ b/pkg/policy/validate.go
@ -80,7 +80,7 @@ func validateJSONPatchPathForForwardSlash(patch string) error {

 // Validate checks the policy and rules declarations for required configurations
 func Validate(policy *kyverno.ClusterPolicy, client *dclient.Client, mock bool, openAPIController *openapi.Controller) (*v1beta1.AdmissionResponse, error) {
-	namespaced := policy.GetNamespace() != ""
+	namespaced := policy.IsNamespaced()
 	background := policy.Spec.Background == nil || *policy.Spec.Background

 	var errs field.ErrorList
@ -108,7 +108,7 @@ func Validate(policy *kyverno.ClusterPolicy, client *dclient.Client, mock bool,
 		}
 	}

-	if errs := policy.Validate(namespaced, clusterResources); len(errs) != 0 {
+	if errs := policy.Validate(clusterResources); len(errs) != 0 {
 		return nil, errs.ToAggregate()
 	}