mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

fix: check permissions for validate.cel subrules only ()

Browse source 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
This commit is contained in:
Mariam Fahmy 2024-08-13 12:25:29 +03:00 committed by GitHub
parent b8a69a7eac
commit 3a69702b49
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions

2
pkg/validation/policy/actions.go
View file

@ -55,7 +55,7 @@ func validateActions(idx int, rule *kyvernov1.Rule, client dclient.Interface, mo
}
// In case generateValidatingAdmissionPolicy flag is set to true, check the required permissions.
if toggle.FromContext(context.TODO()).GenerateValidatingAdmissionPolicy() {
if rule.HasValidateCEL() && toggle.FromContext(context.TODO()).GenerateValidatingAdmissionPolicy() {
authCheck := authChecker.NewSelfChecker(client.GetKubeClient().AuthorizationV1().SelfSubjectAccessReviews())
// check if the controller has the required permissions to generate validating admission policies.
if !validatingadmissionpolicy.HasValidatingAdmissionPolicyPermission(authCheck) {