mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-30 19:35:06 +00:00
Code Activity

fix validation checks for foreach and nested foreach (#5875)

Browse source 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
This commit is contained in:
Jim Bugwadia 2023-01-04 21:22:43 -08:00 committed by GitHub
parent e8034ee326
commit 40836ff6fc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
pkg/policy/validate/validate.go
View file

@ -2,7 +2,6 @@ package validate
import (
"fmt"
"strings"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
commonAnchors "github.com/kyverno/kyverno/pkg/engine/anchor"
@ -110,17 +109,13 @@ func (v *Validate) validateForEach(foreach kyvernov1.ForEachValidation) error {
return fmt.Errorf("foreach.list is required")
}
if !strings.HasPrefix(foreach.List, "request.object") && !strings.HasPrefix(foreach.List, "request.userInfo") {
return fmt.Errorf("foreach.list must start with either 'request.object' or 'request.userInfo', e.g. 'request.object.spec.containers', 'request.userInfo.groups'")
}
count := foreachElemCount(foreach)
if count == 0 {
return fmt.Errorf("one of pattern, anyPattern, deny must be specified")
return fmt.Errorf("one of pattern, anyPattern, deny, or a nested foreach must be specified")
}
if count > 1 {
return fmt.Errorf("only one of pattern, anyPattern, deny can be specified")
return fmt.Errorf("only one of pattern, anyPattern, deny, or a nested foreach can be specified")
}
return nil
@ -140,5 +135,9 @@ func foreachElemCount(foreach kyvernov1.ForEachValidation) int {
count++
}
if foreach.ForEachValidation != nil {
count++
}
return count
}