mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

Fix foreach validations precondition issue (#3228)

Browse source 
* fix foreach validations precondition issue

* added test-cases
This commit is contained in:
Vyankatesh Kudtarkar 2022-02-18 14:41:41 +05:30 committed by GitHub
parent a30493e550
commit 0a5aad39cf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 81 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkg/engine/variables/operator/notequal.go
View file

@ -79,6 +79,11 @@ func (neh NotEqualHandler) validateValueWithStringPattern(key string, value inte
if err == nil { if err == nil {
switch typedValue := value.(type) { switch typedValue := value.(type) {
case string: case string:
if typedValue == "" {
if val, ok := value.(string); ok {
return !wildcard.Match(val, key)
}
}
resourceValue, err := resource.ParseQuantity(typedValue) resourceValue, err := resource.ParseQuantity(typedValue)
if err != nil { if err != nil {
neh.log.Error(fmt.Errorf("parse error: "), "Failed to parse value type doesn't match key type") neh.log.Error(fmt.Errorf("parse error: "), "Failed to parse value type doesn't match key type")

16
test/cli/test/foreach-preconditions/kyverno-test.yaml Normal file
View file

@ -0,0 +1,16 @@
name: test-foreach-precondition
policies:
- policies.yaml
resources:
- resources.yaml
results:
- policy: enforce-limits-fraction
rule: check-memory-requests-limits
resource: frontend1
kind: Pod
status: fail
- policy: enforce-limits-fraction
rule: check-memory-requests-limits
resource: frontend2
kind: Pod
status: pass

31
test/cli/test/foreach-preconditions/policies.yaml Normal file
View file

@ -0,0 +1,31 @@
apiVersion : kyverno.io/v1
kind: ClusterPolicy
metadata:
name: enforce-limits-fraction
spec:
validationFailureAction: enforce
rules:
- name: check-memory-requests-limits
match:
any:
- resources:
kinds:
- Pod
validate:
message: Limits may not exceed 2.5x the requests.
foreach:
- list: "request.object.spec.containers"
preconditions:
all:
- key: "{{ element.resources.limits.memory || '' }}"
operator: NotEquals
value: ""
- key: "{{ element.resources.requests.memory || '' }}"
operator: NotEquals
value: ""
deny:
conditions:
any:
- key: "{{ divide('{{ element.resources.limits.memory }}', '{{ element.resources.requests.memory }}') }}"
operator: GreaterThan
value: 2.5

29
test/cli/test/foreach-preconditions/resources.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: v1
kind: Pod
metadata:
name: frontend1
spec:
containers:
- name: app
image: images.my-company.example/app:v4
resources:
requests:
memory: 100Mi
limits:
memory: 300Mi
---
apiVersion: v1
kind: Pod
metadata:
name: frontend2
spec:
containers:
- name: app
image: images.my-company.example/app:v4
resources:
requests:
memory: 100Mi
limits:
memory: 200Mi