mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
fix: allow root context configmap variable references (#6120)
Signed-off-by: Zadkiel Aharonian <hello@zadkiel.fr> Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Zadkiel Aharonian <hello@zadkiel.fr> Signed-off-by: GitHub <noreply@github.com>
This commit is contained in:
Zadkiel Aharonian
GitHub
parent
835f5551b7
commit
17b7bcb4ec
2 changed files with 51 additions and 3 deletions
|
|
@ -200,8 +200,8 @@ func TestNotAllowedVars_JSONPatchPath(t *testing.T) {
|
|||
assert.Error(t, err, "rule \"pCM1\" should not have variables in patchesJSON6902 path section")
|
||||
}
|
||||
|
||||
func TestNotAllowedVars_JSONPatchPath_ContextPositive(t *testing.T) {
|
||||
var policyWithVarInExclude = []byte(`{
|
||||
func TestNotAllowedVars_JSONPatchPath_ContextRootPositive(t *testing.T) {
|
||||
var policyManifest = []byte(`{
|
||||
"apiVersion": "kyverno.io/v1",
|
||||
"kind": "ClusterPolicy",
|
||||
"metadata": {
|
||||
|
|
@ -211,6 +211,51 @@ func TestNotAllowedVars_JSONPatchPath_ContextPositive(t *testing.T) {
|
|||
"rules": [
|
||||
{
|
||||
"name": "pCM1",
|
||||
"context": [
|
||||
{
|
||||
"name": "source",
|
||||
"configMap":{
|
||||
"name":"global-config",
|
||||
"namespace":"default"
|
||||
}
|
||||
}
|
||||
],
|
||||
"match": {
|
||||
"resources": {
|
||||
"name": "config-game",
|
||||
"kinds": [
|
||||
"ConfigMap"
|
||||
]
|
||||
}
|
||||
},
|
||||
"mutate": {
|
||||
"patchStrategicMerge": {
|
||||
"data": "{{ source.data }}"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}`)
|
||||
|
||||
policy, err := yamlutils.GetPolicy(policyManifest)
|
||||
assert.NilError(t, err)
|
||||
|
||||
err = hasInvalidVariables(policy[0], false)
|
||||
assert.NilError(t, err)
|
||||
}
|
||||
|
||||
func TestNotAllowedVars_JSONPatchPath_ContextSubPositive(t *testing.T) {
|
||||
var policyManifest = []byte(`{
|
||||
"apiVersion": "kyverno.io/v1",
|
||||
"kind": "ClusterPolicy",
|
||||
"metadata": {
|
||||
"name": "policy-patch-cm"
|
||||
},
|
||||
"spec": {
|
||||
"rules": [
|
||||
{
|
||||
"name": "pCM2",
|
||||
"context": [
|
||||
{
|
||||
"name": "source",
|
||||
|
|
@ -236,7 +281,7 @@ func TestNotAllowedVars_JSONPatchPath_ContextPositive(t *testing.T) {
|
|||
}
|
||||
}`)
|
||||
|
||||
policy, err := yamlutils.GetPolicy(policyWithVarInExclude)
|
||||
policy, err := yamlutils.GetPolicy(policyManifest)
|
||||
assert.NilError(t, err)
|
||||
|
||||
err = hasInvalidVariables(policy[0], false)
|
||||
|
|
|
|||
|
|
@ -640,7 +640,10 @@ func addContextVariables(entries []kyvernov1.ContextEntry, ctx *enginecontext.Mo
|
|||
}
|
||||
|
||||
if contextEntry.ConfigMap != nil {
|
||||
ctx.AddVariable(contextEntry.Name + ".data")
|
||||
ctx.AddVariable(contextEntry.Name + ".metadata")
|
||||
ctx.AddVariable(contextEntry.Name + ".data.*")
|
||||
ctx.AddVariable(contextEntry.Name + ".metadata.*")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue