mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

634 fixes

Browse source
This commit is contained in:
shravan 2020-02-18 00:01:03 +05:30
parent 20bd2ec56d
commit 0af0c469a3
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkg/policy/validate.go
View file

@ -32,7 +32,9 @@ func Validate(p kyverno.ClusterPolicy) error {
// policy.spec.background -> "true"
// - cannot use variables with request.userInfo
// - cannot define userInfo(roles, cluserRoles, subjects) for filtering (match & exclude)
return fmt.Errorf("userInfo not allowed in background policy mode. Failure path %s", err)
return fmt.Errorf("failed at %v. User info related conditions are not allowed in background mode. "+
"If you would like to use user info related conditions kindly disable background mode for this policy by "+
"setting spec/background to false", err)
}
}

2
pkg/webhooks/common.go
View file

@ -114,7 +114,7 @@ func processResourceWithPatches(patch []byte, resource []byte) []byte {
func containRBACinfo(policies []kyverno.ClusterPolicy) bool {
for _, policy := range policies {
for _, rule := range policy.Spec.Rules {
if len(rule.MatchResources.Roles) > 0 || len(rule.MatchResources.ClusterRoles) > 0 {
if len(rule.MatchResources.Roles) > 0 || len(rule.MatchResources.ClusterRoles) > 0 || len(rule.ExcludeResources.Roles) > 0 || len(rule.ExcludeResources.ClusterRoles) > 0 {
return true
}
}