Merge pull request #788 from shravanshetty1/787_cli_panic

#787 - CLI panics for policies with variables
2025-03-30 03:15:05 +00:00 · 2020-04-02 09:05:15 -07:00 · 2020-04-02 09:05:15 -07:00 · 235adf5530
commit 235adf5530
parent ce5cd655f1 7ce0c8d68a
2 changed files with 12 additions and 0 deletions
--- a/pkg/kyverno/apply/command.go
+++ b/pkg/kyverno/apply/command.go
@ -6,6 +6,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"regexp"

 	"github.com/nirmata/kyverno/pkg/utils"

@ -81,6 +82,9 @@ func Command() *cobra.Command {
 				if err != nil {
 					return sanitizedError.New(fmt.Sprintf("Policy %v is not valid", policy.Name))
 				}
+				if policyHasVariables(*policy) {
+					return sanitizedError.New(fmt.Sprintf("Policy %v is not valid - 'apply' does not support policies with variables", policy.Name))
+				}
 			}

 			var dClient discovery.CachedDiscoveryInterface
@ -387,3 +391,9 @@ func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst

 	return nil
 }
+
+func policyHasVariables(policy v1.ClusterPolicy) bool {
+	policyRaw, _ := json.Marshal(policy)
+	regex := regexp.MustCompile(`\{\{([^{}]*)\}\}`)
+	return len(regex.FindAllStringSubmatch(string(policyRaw), -1)) > 0
+}
--- a/pkg/policy/generate/fake.go
+++ b/pkg/policy/generate/fake.go
@ -3,6 +3,7 @@ package generate
 import (
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	"github.com/nirmata/kyverno/pkg/policy/generate/fake"
+	"sigs.k8s.io/controller-runtime/pkg/log"
 )

 //FakeGenerate provides implementation for generate rule processing
@ -17,5 +18,6 @@ func NewFakeGenerate(rule kyverno.Generation) *FakeGenerate {
 	g := FakeGenerate{}
 	g.rule = rule
 	g.authCheck = fake.NewFakeAuth()
+	g.log = log.Log
 	return &g
 }