mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-29 10:55:05 +00:00
Fix panic for provides a set to the key of a precondition and deny condition (#3162)
This commit is contained in:
Vyankatesh Kudtarkar
GitHub
parent
ed3811ea5a
commit
373f421b07
4 changed files with 72 additions and 0 deletions
|
|
@ -1004,6 +1004,16 @@ func validateConditionValues(c kyverno.Condition) (string, error) {
|
|||
if c.Key == nil || c.Value == nil || c.Operator == "" {
|
||||
return "", fmt.Errorf("entered value of `key`, `value` or `operator` is missing or misspelled")
|
||||
}
|
||||
switch reflect.TypeOf(c.Key).Kind() {
|
||||
case reflect.String:
|
||||
value, err := validateValuesKeyRequest(c)
|
||||
return value, err
|
||||
default:
|
||||
return "", nil
|
||||
}
|
||||
}
|
||||
|
||||
func validateValuesKeyRequest(c kyverno.Condition) (string, error) {
|
||||
switch strings.ReplaceAll(c.Key.(string), " ", "") {
|
||||
case "{{request.operation}}":
|
||||
return validateConditionValuesKeyRequestOperation(c)
|
||||
|
|
|
|||
17
test/cli/test/multiple_condition_keys/kyverno-test.yaml
Normal file
17
test/cli/test/multiple_condition_keys/kyverno-test.yaml
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
name: test-simple
|
||||
policies:
|
||||
- policy.yaml
|
||||
resources:
|
||||
- resources.yaml
|
||||
results:
|
||||
- policy: test-multiple-key
|
||||
rule: test-multiple-key
|
||||
resource: test-resource-pass
|
||||
kind: Pod
|
||||
status: pass
|
||||
- policy: test-multiple-key
|
||||
rule: test-multiple-key
|
||||
resource: test-resource-fail
|
||||
kind: Pod
|
||||
status: fail
|
||||
|
||||
23
test/cli/test/multiple_condition_keys/policy.yaml
Normal file
23
test/cli/test/multiple_condition_keys/policy.yaml
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: test-multiple-key
|
||||
spec:
|
||||
validationFailureAction: enforce
|
||||
background: false
|
||||
rules:
|
||||
- name: test-multiple-key
|
||||
match:
|
||||
resources:
|
||||
kinds:
|
||||
- Pod
|
||||
validate:
|
||||
deny:
|
||||
conditions:
|
||||
any:
|
||||
- key:
|
||||
- "{{request.object.metadata.labels.app}}"
|
||||
operator: NotIn
|
||||
value:
|
||||
- "busybox"
|
||||
- "busybox1"
|
||||
22
test/cli/test/multiple_condition_keys/resources.yaml
Normal file
22
test/cli/test/multiple_condition_keys/resources.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: test-resource-pass
|
||||
labels:
|
||||
app: busybox
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx
|
||||
image: nginx:latest
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: test-resource-fail
|
||||
labels:
|
||||
app: busybox-fail
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx
|
||||
image: nginx:latest
|
||||
Loading…
Add table
Reference in a new issue