mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity

feat: consider Warn validation action (#12081)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2025-02-04 15:35:52 +01:00 committed by GitHub
parent 88d3dc67d8
commit 4f63ef5bc1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
pkg/webhooks/resource/vpol/handler.go
View file

@ -35,7 +35,12 @@ func (h *handler) Validate(ctx context.Context, logger logr.Logger, request hand
if err != nil {
return admissionutils.Response(request.UID, err)
}
return admissionResponse(response, request)
}
func admissionResponse(response celengine.EngineResponse, request handlers.AdmissionRequest) handlers.AdmissionResponse {
var errs []error
var warnings []string
for _, policy := range response.Policies {
if policy.Actions.Has(admissionregistrationv1.Deny) {
for _, rule := range policy.Rules {
@ -47,7 +52,16 @@ func (h *handler) Validate(ctx context.Context, logger logr.Logger, request hand
}
}
}
if policy.Actions.Has(admissionregistrationv1.Warn) {
for _, rule := range policy.Rules {
switch rule.Status() {
case engineapi.RuleStatusFail:
warnings = append(warnings, fmt.Sprintf("Policy %s rule %s failed: %s", policy.Policy.GetName(), rule.Name(), rule.Message()))
case engineapi.RuleStatusError:
warnings = append(warnings, fmt.Sprintf("Policy %s rule %s error: %s", policy.Policy.GetName(), rule.Name(), rule.Message()))
}
}
}
}
// TODO: reporting
return admissionutils.Response(request.UID, multierr.Combine(errs...))
return admissionutils.Response(request.UID, multierr.Combine(errs...), warnings...)
}