mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity

feat: consider Warn validation action (#12081)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2025-02-04 15:35:52 +01:00 committed by GitHub
parent 88d3dc67d8
commit 4f63ef5bc1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
pkg/webhooks/resource/vpol/handler.go
View file

@ -35,7 +35,12 @@ func (h *handler) Validate(ctx context.Context, logger logr.Logger, request hand
if err != nil { if err != nil {
return admissionutils.Response(request.UID, err) return admissionutils.Response(request.UID, err)
} }
return admissionResponse(response, request)
}
func admissionResponse(response celengine.EngineResponse, request handlers.AdmissionRequest) handlers.AdmissionResponse {
var errs []error var errs []error
var warnings []string
for _, policy := range response.Policies { for _, policy := range response.Policies {
if policy.Actions.Has(admissionregistrationv1.Deny) { if policy.Actions.Has(admissionregistrationv1.Deny) {
for _, rule := range policy.Rules { for _, rule := range policy.Rules {
@ -47,7 +52,16 @@ func (h *handler) Validate(ctx context.Context, logger logr.Logger, request hand
} }
} }
} }
if policy.Actions.Has(admissionregistrationv1.Warn) {
for _, rule := range policy.Rules {
switch rule.Status() {
case engineapi.RuleStatusFail:
warnings = append(warnings, fmt.Sprintf("Policy %s rule %s failed: %s", policy.Policy.GetName(), rule.Name(), rule.Message()))
case engineapi.RuleStatusError:
warnings = append(warnings, fmt.Sprintf("Policy %s rule %s error: %s", policy.Policy.GetName(), rule.Name(), rule.Message()))
} }
// TODO: reporting }
return admissionutils.Response(request.UID, multierr.Combine(errs...)) }
}
return admissionutils.Response(request.UID, multierr.Combine(errs...), warnings...)
} }