diff --git a/pkg/engine/validation.go b/pkg/engine/validation.go index 73a7332636..92657ae4cb 100644 --- a/pkg/engine/validation.go +++ b/pkg/engine/validation.go @@ -96,7 +96,7 @@ func startResultResponse(resp *response.EngineResponse, policy kyverno.ClusterPo func endResultResponse(log logr.Logger, resp *response.EngineResponse, startTime time.Time) { resp.PolicyResponse.ProcessingTime = time.Since(startTime) - log.V(4).Info("finshed processing", "processingTime", resp.PolicyResponse.ProcessingTime.String(), "validationRulesApplied", resp.PolicyResponse.RulesAppliedCount) + log.V(4).Info("finished processing", "processingTime", resp.PolicyResponse.ProcessingTime.String(), "validationRulesApplied", resp.PolicyResponse.RulesAppliedCount) } func incrementAppliedCount(resp *response.EngineResponse) { diff --git a/pkg/engine/variables/common.go b/pkg/engine/variables/common.go deleted file mode 100644 index febc1ccb6a..0000000000 --- a/pkg/engine/variables/common.go +++ /dev/null @@ -1,12 +0,0 @@ -package variables - -import ( - "regexp" -) - -//IsVariable returns true if the element contains a 'valid' variable {{}} -func IsVariable(element string) bool { - validRegex := regexp.MustCompile(variableRegex) - groups := validRegex.FindAllStringSubmatch(element, -1) - return len(groups) != 0 -} diff --git a/pkg/engine/variables/vars.go b/pkg/engine/variables/vars.go index b6faf7312c..709314642e 100644 --- a/pkg/engine/variables/vars.go +++ b/pkg/engine/variables/vars.go @@ -10,9 +10,13 @@ import ( "github.com/kyverno/kyverno/pkg/engine/context" ) -const ( - variableRegex = `\{\{([^{}]*)\}\}` -) +var regexVariables = regexp.MustCompile(`\{\{[^{}]*\}\}`) + +//IsVariable returns true if the element contains a 'valid' variable {{}} +func IsVariable(element string) bool { + groups := regexVariables.FindAllStringSubmatch(element, -1) + return len(groups) != 0 +} //SubstituteVars replaces the variables with the values defined in the context // - if any variable is invalid or has nil value, it is considered as a failed variable substitution @@ -31,15 +35,16 @@ func subVars(log logr.Logger, ctx context.EvalInterface, pattern interface{}, pa for k, v := range typedPattern { mapCopy[k] = v } - return subMap(log, ctx, mapCopy, path) + case []interface{}: sliceCopy := make([]interface{}, len(typedPattern)) copy(sliceCopy, typedPattern) - return subArray(log, ctx, sliceCopy, path) + case string: - return subValR(ctx, typedPattern, path) + return subValR(log, ctx, typedPattern, path) + default: return pattern, nil } @@ -81,39 +86,36 @@ func (n NotFoundVariableErr) Error() string { } // subValR resolves the variables if defined -func subValR(ctx context.EvalInterface, valuePattern string, path string) (interface{}, error) { +func subValR(log logr.Logger, ctx context.EvalInterface, valuePattern string, path string) (interface{}, error) { originalPattern := valuePattern + vars := regexVariables.FindAllString(valuePattern, -1) + for _, v := range vars { + variable := strings.ReplaceAll(v, "{{", "") + variable = strings.ReplaceAll(variable, "}}", "") + variable = strings.TrimSpace(variable) + substitutedVar, err := ctx.Query(variable) + if err != nil { + return nil, fmt.Errorf("failed to resolve %v at path %s", variable, path) + } - regex := regexp.MustCompile(`\{\{([^{}]*)\}\}`) - for { - if vars := regex.FindAllString(valuePattern, -1); len(vars) > 0 { - for _, v := range vars { - variable := v - variable = strings.ReplaceAll(variable, "{{", "") - variable = strings.ReplaceAll(variable, "}}", "") - variable = strings.TrimSpace(variable) + log.V(3).Info("variable substituted", "variable", v, "value", substitutedVar, "path", path) - substitutedVar, err := ctx.Query(variable) - if err != nil { - return nil, fmt.Errorf("failed to resolve %v at path %s", variable, path) - } - if val, ok := substitutedVar.(string); ok { - valuePattern = strings.Replace(valuePattern, variable, val, -1) - } else { - if substitutedVar != nil { - if originalPattern == variable { - return substitutedVar, nil - } - return nil, fmt.Errorf("failed to resolve %v at path %s", variable, path) - } - return nil, NotFoundVariableErr{ - variable: variable, - path: path, - } - } + if val, ok := substitutedVar.(string); ok { + valuePattern = strings.Replace(valuePattern, v, val, -1) + continue + } + + if substitutedVar != nil { + if originalPattern == variable { + return substitutedVar, nil } - } else { - break + + return nil, fmt.Errorf("failed to resolve %v at path %s", variable, path) + } + + return nil, NotFoundVariableErr{ + variable: variable, + path: path, } } diff --git a/pkg/policy/validate/validate.go b/pkg/policy/validate/validate.go index 9d599cb097..8cb40ba81c 100644 --- a/pkg/policy/validate/validate.go +++ b/pkg/policy/validate/validate.go @@ -37,8 +37,6 @@ func (v *Validate) Validate() (string, error) { } if rule.AnyPattern != nil { - // validation := &kyverno.Validation{} - // rule.DeepCopyInto(validation) anyPattern, err := rule.DeserializeAnyPattern() if err != nil { return "anyPattern", fmt.Errorf("failed to deserialze anyPattern, expect array: %v", err) diff --git a/pkg/webhooks/common.go b/pkg/webhooks/common.go index 2e973cfc22..1beccb564a 100644 --- a/pkg/webhooks/common.go +++ b/pkg/webhooks/common.go @@ -34,7 +34,7 @@ func toBlockResource(engineReponses []response.EngineResponse, log logr.Logger) return true } } - log.V(4).Info("sepc.ValidationFailureAction set to audit for all applicable policies, won't block resource operation") + log.V(4).Info("spec.ValidationFailureAction set to audit for all applicable policies, won't block resource operation") return false }