mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

fix: add warning when using deprecated validation failure action ()

Browse source 
* fix: add warning when using deprecated validation failure action

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-11-07 23:16:53 +01:00 committed by GitHub
parent 9f842fe626
commit 564c92d4bf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 3 deletions

14
pkg/policy/validate.go
View file

@ -109,6 +109,19 @@ func validateJSONPatch(patch string, ruleIdx int) error {
return nil
}
func checkValidationFailureAction(spec *kyvernov1.Spec) []string {
msg := "Validation failure actions enforce/audit are deprecated, use Enforce/Audit instead."
if spec.ValidationFailureAction == "enforce" || spec.ValidationFailureAction == "audit" {
return []string{msg}
}
for _, override := range spec.ValidationFailureActionOverrides {
if override.Action == "enforce" || override.Action == "audit" {
return []string{msg}
}
}
return nil
}
// Validate checks the policy and rules declarations for required configurations
func Validate(policy kyvernov1.PolicyInterface, client dclient.Interface, mock bool, openApiManager openapi.Manager) ([]string, error) {
var warnings []string
@ -120,6 +133,7 @@ func Validate(policy kyvernov1.PolicyInterface, client dclient.Interface, mock b
openapicontroller.NewController(client, openApiManager).CheckSync(context.TODO())
}
warnings = append(warnings, checkValidationFailureAction(spec)...)
var errs field.ErrorList
specPath := field.NewPath("spec")

6
pkg/policy/validate_test.go
View file

@ -1436,7 +1436,7 @@ func Test_PodControllerAutoGenExclusion_All_Controllers_Policy(t *testing.T) {
}
},
"spec": {
"validationFailureAction": "enforce",
"validationFailureAction": "Enforce",
"background": false,
"rules": [
{
@ -1493,7 +1493,7 @@ func Test_PodControllerAutoGenExclusion_Not_All_Controllers_Policy(t *testing.T)
}
},
"spec": {
"validationFailureAction": "enforce",
"validationFailureAction": "Enforce",
"background": false,
"rules": [
{
@ -1550,7 +1550,7 @@ func Test_PodControllerAutoGenExclusion_None_Policy(t *testing.T) {
}
},
"spec": {
"validationFailureAction": "enforce",
"validationFailureAction": "Enforce",
"background": false,
"rules": [
{