mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-30 19:35:06 +00:00
Code Activity

fix: permission validation message (#7362)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-05-31 21:14:32 +02:00 committed by GitHub
parent 2521c63b86
commit 194bfacc71
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkg/policy/mutate/validate.go
View file

@ -16,6 +16,7 @@ import (
// Mutate provides implementation to validate 'mutate' rule
type Mutate struct {
mutation kyvernov1.Mutation
user string
authChecker AuthChecker
}
@ -23,6 +24,7 @@ type Mutate struct {
func NewMutateFactory(m kyvernov1.Mutation, client dclient.Interface, user string) *Mutate {
return &Mutate{
mutation: m,
user: user,
authChecker: newAuthChecker(client, user),
}
}
@ -43,7 +45,7 @@ func (m *Mutate) Validate(ctx context.Context) (string, error) {
if m.mutation.Targets != nil {
if err := m.validateAuth(ctx, m.mutation.Targets); err != nil {
return "targets", fmt.Errorf("auth check fails, require additional privileges, update the ClusterRole 'kyverno:background-controller:additional':%v", err)
return "targets", fmt.Errorf("auth check fails, additional privileges are required for the service account '%s': %v", m.user, err)
}
}
return "", nil