mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 19:05:27 +00:00
Code Activity

Fix regression in wildcard matches in In/AnyIn operators ()

Browse source 
Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
This commit is contained in:
Sambhav Kothari 2022-04-26 19:03:05 +01:00 committed by GitHub
parent 8c930134ef
commit 25badfe4fb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 2 deletions
pkg/engine/variables/operator
anyin.goin.go
test/cli/test/context-entries
kyverno-test.yamlpolicies.yaml

2
pkg/engine/variables/operator/anyin.go
View file

@ -63,7 +63,7 @@ func anyKeyExistsInArray(key string, value interface{}, log logr.Logger) (invali
case []interface{}:
for _, val := range valuesAvailable {
if wildcard.Match(fmt.Sprint(val), key) {
if wildcard.Match(fmt.Sprint(val), key) || wildcard.Match(key, fmt.Sprint(val)) {
return false, true
}
}

2
pkg/engine/variables/operator/in.go
View file

@ -63,7 +63,7 @@ func keyExistsInArray(key string, value interface{}, log logr.Logger) (invalidTy
case []interface{}:
for _, val := range valuesAvailable {
if wildcard.Match(fmt.Sprint(val), key) {
if wildcard.Match(fmt.Sprint(val), key) || wildcard.Match(key, fmt.Sprint(val)) {
return false, true
}
}

5
test/cli/test/context-entries/kyverno-test.yaml
View file

@ -44,3 +44,8 @@ results:
resource: example
kind: Pod
result: pass
- policy: example
rule: wildcard-match
resource: example
kind: Pod
result: pass

17
test/cli/test/context-entries/policies.yaml
View file

@ -146,3 +146,20 @@ spec:
- key: "{{ to_string(obj.notName) }}"
operator: NotEquals
value: 'null'
- name: wildcard-match
context:
- name: obj
variable:
value:
- A=ATest
- B=BTest
match:
resources:
kinds:
- Pod
validate:
deny:
conditions:
- key: "A=*"
operator: AnyNotIn
value: "{{ obj }}"