mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

522 fixing bugs discovered from writing tests

Browse source
This commit is contained in:
shravan 2020-01-24 14:33:40 +05:30
parent fa7c522b5c
commit 56b54e6484
1 changed files with 25 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
pkg/policy/validation.go
View file

@ -37,25 +37,38 @@ func ValidatePolicyMutation(policy v1.ClusterPolicy) error {
} }
} }
var allPossibleKinds = make(map[string]bool) var kindToRules = make(map[string][]v1.Rule)
for _, rule := range policy.Spec.Rules { for _, rule := range policy.Spec.Rules {
rule.MatchResources.Selector = nil
if rule.HasMutate() { if rule.HasMutate() {
for _, kind := range rule.MatchResources.Kinds { for _, kind := range rule.MatchResources.Kinds {
allPossibleKinds[kind] = true kindToRules[kind] = append(kindToRules[kind], rule)
} }
} }
} }
for kind := range allPossibleKinds { for kind, rules := range kindToRules {
newPolicy := policy
newPolicy.Spec.Rules = rules
resource, _ := generateEmptyResource(validationGlobalState.definitions["io.k8s.api.core.v1."+kind]).(map[string]interface{}) resource, _ := generateEmptyResource(validationGlobalState.definitions["io.k8s.api.core.v1."+kind]).(map[string]interface{})
newResource := unstructured.Unstructured{Object: resource} newResource := unstructured.Unstructured{Object: resource}
newResource.SetKind(kind) newResource.SetKind(kind)
policyContext := engine.PolicyContext{ policyContext := engine.PolicyContext{
Policy: policy, Policy: newPolicy,
NewResource: newResource, NewResource: newResource,
Context: context.NewContext(), Context: context.NewContext(),
} }
resp := engine.Mutate(policyContext) resp := engine.Mutate(policyContext)
if len(resp.GetSuccessRules()) != len(rules) {
var errMessages []string
for _, rule := range resp.PolicyResponse.Rules {
if rule.Success == false {
errMessages = append(errMessages, fmt.Sprintf("Invalid rule : %v, %v", rule.Name, rule.Message))
}
}
return fmt.Errorf(strings.Join(errMessages, "\n"))
}
err := ValidateResource(resp.PatchedResource.UnstructuredContent(), kind) err := ValidateResource(resp.PatchedResource.UnstructuredContent(), kind)
if err != nil { if err != nil {
return err return err
@ -135,40 +148,23 @@ func getSchemaDocument(path string) (*openapi_v2.Document, error) {
func generateEmptyResource(kindSchema *openapi_v2.Schema) interface{} { func generateEmptyResource(kindSchema *openapi_v2.Schema) interface{} {
types := kindSchema.GetType().GetValue() types := kindSchema.GetType().GetValue()
if len(types) != 1 {
if kindSchema.GetXRef() != "" {
return generateEmptyResource(validationGlobalState.definitions[strings.TrimPrefix(kindSchema.GetXRef(), "#/definitions/")])
}
properties := kindSchema.GetProperties().GetAdditionalProperties()
if len(properties) == 0 {
return nil
}
var props = make(map[string]interface{}) if kindSchema.GetXRef() != "" {
var wg sync.WaitGroup return generateEmptyResource(validationGlobalState.definitions[strings.TrimPrefix(kindSchema.GetXRef(), "#/definitions/")])
var mutex sync.Mutex }
wg.Add(len(properties))
for _, property := range properties { if len(types) != 1 {
go func(property *openapi_v2.NamedSchema) { return nil
prop := generateEmptyResource(property.GetValue())
mutex.Lock()
props[property.GetName()] = prop
mutex.Unlock()
wg.Done()
}(property)
}
wg.Wait()
return props
} }
switch types[0] { switch types[0] {
case "object": case "object":
var props = make(map[string]interface{})
properties := kindSchema.GetProperties().GetAdditionalProperties() properties := kindSchema.GetProperties().GetAdditionalProperties()
if len(properties) == 0 { if len(properties) == 0 {
return nil return props
} }
var props = make(map[string]interface{})
var wg sync.WaitGroup var wg sync.WaitGroup
var mutex sync.Mutex var mutex sync.Mutex
wg.Add(len(properties)) wg.Add(len(properties))