From 51b07b7bf3782d21256de018b5071be83ea09281 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
<charled.breteche@gmail.com>
Date: Wed, 5 Oct 2022 20:09:21 +0200
Subject: [PATCH] fix: validationFailureAction default value (#4822)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
api/kyverno/v1/spec_types.go | 1 +
api/kyverno/v2beta1/spec_types.go | 1 +
charts/kyverno/templates/crds.yaml | 4 ++++
config/crds/kyverno.io_clusterpolicies.yaml | 2 ++
config/crds/kyverno.io_policies.yaml | 2 ++
config/install.yaml | 4 ++++
config/install_debug.yaml | 4 ++++
7 files changed, 18 insertions(+)
diff --git a/api/kyverno/v1/spec_types.go b/api/kyverno/v1/spec_types.go
index 2133106871..6b114e3c6c 100644
--- a/api/kyverno/v1/spec_types.go
+++ b/api/kyverno/v1/spec_types.go
@@ -49,6 +49,7 @@ type Spec struct {
// Allowed values are audit or enforce. The default value is "audit".
// +optional
// +kubebuilder:validation:Enum=audit;enforce
+ // +kubebuilder:default=audit
ValidationFailureAction ValidationFailureAction `json:"validationFailureAction,omitempty" yaml:"validationFailureAction,omitempty"`
// ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction
diff --git a/api/kyverno/v2beta1/spec_types.go b/api/kyverno/v2beta1/spec_types.go
index 75e04abb2d..10e6538be3 100644
--- a/api/kyverno/v2beta1/spec_types.go
+++ b/api/kyverno/v2beta1/spec_types.go
@@ -33,6 +33,7 @@ type Spec struct {
// Allowed values are audit or enforce. The default value is "audit".
// +optional
// +kubebuilder:validation:Enum=audit;enforce
+ // +kubebuilder:default=audit
ValidationFailureAction kyvernov1.ValidationFailureAction `json:"validationFailureAction,omitempty" yaml:"validationFailureAction,omitempty"`
// ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction
diff --git a/charts/kyverno/templates/crds.yaml b/charts/kyverno/templates/crds.yaml
index b84225f78b..6d54587bf6 100644
--- a/charts/kyverno/templates/crds.yaml
+++ b/charts/kyverno/templates/crds.yaml
@@ -2737,6 +2737,7 @@ spec:
description: SchemaValidation skips policy validation checks. Optional. The default value is set to "true", it must be set to "false" to disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy rule violation should block the admission review request (enforce), or allow (audit) the admission review request and report an error in a policy report. Optional. Allowed values are audit or enforce. The default value is "audit".
enum:
- audit
@@ -6136,6 +6137,7 @@ spec:
description: SchemaValidation skips policy validation checks. Optional. The default value is set to "true", it must be set to "false" to disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy rule violation should block the admission review request (enforce), or allow (audit) the admission review request and report an error in a policy report. Optional. Allowed values are audit or enforce. The default value is "audit".
enum:
- audit
@@ -10156,6 +10158,7 @@ spec:
description: SchemaValidation skips policy validation checks. Optional. The default value is set to "true", it must be set to "false" to disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy rule violation should block the admission review request (enforce), or allow (audit) the admission review request and report an error in a policy report. Optional. Allowed values are audit or enforce. The default value is "audit".
enum:
- audit
@@ -13555,6 +13558,7 @@ spec:
description: SchemaValidation skips policy validation checks. Optional. The default value is set to "true", it must be set to "false" to disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy rule violation should block the admission review request (enforce), or allow (audit) the admission review request and report an error in a policy report. Optional. Allowed values are audit or enforce. The default value is "audit".
enum:
- audit
diff --git a/config/crds/kyverno.io_clusterpolicies.yaml b/config/crds/kyverno.io_clusterpolicies.yaml
index d569296548..5a3c9703cb 100644
--- a/config/crds/kyverno.io_clusterpolicies.yaml
+++ b/config/crds/kyverno.io_clusterpolicies.yaml
@@ -2807,6 +2807,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error
@@ -8276,6 +8277,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error
diff --git a/config/crds/kyverno.io_policies.yaml b/config/crds/kyverno.io_policies.yaml
index 213e3a58d6..975414e045 100644
--- a/config/crds/kyverno.io_policies.yaml
+++ b/config/crds/kyverno.io_policies.yaml
@@ -2808,6 +2808,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error
@@ -8279,6 +8280,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error
diff --git a/config/install.yaml b/config/install.yaml
index 94206ce707..d038d55f9b 100644
--- a/config/install.yaml
+++ b/config/install.yaml
@@ -4093,6 +4093,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error
@@ -9562,6 +9563,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error
@@ -15884,6 +15886,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error
@@ -21355,6 +21358,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error
diff --git a/config/install_debug.yaml b/config/install_debug.yaml
index f2688ad348..01b0c6e624 100644
--- a/config/install_debug.yaml
+++ b/config/install_debug.yaml
@@ -4087,6 +4087,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error
@@ -9556,6 +9557,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error
@@ -15875,6 +15877,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error
@@ -21346,6 +21349,7 @@ spec:
disable the validation checks.
type: boolean
validationFailureAction:
+ default: audit
description: ValidationFailureAction defines if a validation policy
rule violation should block the admission review request (enforce),
or allow (audit) the admission review request and report an error