add back context check

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2021-10-26 11:00:14 -07:00 · 2021-10-26 11:00:14 -07:00 · 219a4d9950
commit 219a4d9950
parent 836d88191d
1 changed files with 1 additions and 1 deletions
--- a/pkg/kyverno/common/common.go
+++ b/pkg/kyverno/common/common.go
@ -254,7 +254,7 @@ func PolicyHasNonAllowedVariables(policy v1.ClusterPolicy) error {

 		matchesAll := RegexVariables.FindAllStringSubmatch(string(ruleJSON), -1)
 		matchesAllowed := AllowedVariables.FindAllStringSubmatch(string(ruleJSON), -1)
-		if len(matchesAll) > len(matchesAllowed) {
+		if len(matchesAll) > len(matchesAllowed) && len(rule.Context) == 0 {
 			allowed := "{{request.*}}, {{serviceAccountName}}, {{serviceAccountNamespace}}, {{@}}, and context variables"
 			return fmt.Errorf("rule \"%s\" has forbidden variables. Allowed variables are: %s", rule.Name, allowed)
 		}