diff --git a/pkg/api/kyverno/v1alpha1/validate.go b/pkg/api/kyverno/v1alpha1/validate.go index 3e1c5e8ce1..78624341f5 100644 --- a/pkg/api/kyverno/v1alpha1/validate.go +++ b/pkg/api/kyverno/v1alpha1/validate.go @@ -63,11 +63,11 @@ func (r Rule) validate() []error { } // validate resource description block - if err := r.MatchResources.ResourceDescription.validate(true); err != nil { + if err := validateMatchedResourceDescription(r.MatchResources.ResourceDescription); err != nil { errs = append(errs, fmt.Errorf("error in match block, %v", err)) } - if err := r.ExcludeResources.ResourceDescription.validate(false); err != nil { + if err := validateResourceDescription(r.ExcludeResources.ResourceDescription); err != nil { errs = append(errs, fmt.Errorf("error in exclude block, %v", err)) } @@ -109,20 +109,26 @@ func (r Rule) validateRuleType() error { return nil } -// Validate checks if all necesarry fields are present and have values. Also checks a Selector. +// validateResourceDescription checks if all necesarry fields are present and have values. Also checks a Selector. // field type is checked through openapi // Returns error if // - kinds is empty array in matched resource block, i.e. kinds: [] // - selector is invalid -func (rd ResourceDescription) validate(matchedResource bool) error { +func validateMatchedResourceDescription(rd ResourceDescription) error { if reflect.DeepEqual(rd, ResourceDescription{}) { return nil } - if matchedResource && len(rd.Kinds) == 0 { + if len(rd.Kinds) == 0 { return errors.New("field Kind is not specified") } + return validateResourceDescription(rd) +} + +// validateResourceDescription returns error if selector is invalid +// field type is checked through openapi +func validateResourceDescription(rd ResourceDescription) error { if rd.Selector != nil { selector, err := metav1.LabelSelectorAsSelector(rd.Selector) if err != nil { @@ -133,7 +139,6 @@ func (rd ResourceDescription) validate(matchedResource bool) error { return errors.New("the requirements are not specified in selector") } } - return nil } diff --git a/pkg/api/kyverno/v1alpha1/validate_test.go b/pkg/api/kyverno/v1alpha1/validate_test.go index 9e776be755..f07485eb28 100644 --- a/pkg/api/kyverno/v1alpha1/validate_test.go +++ b/pkg/api/kyverno/v1alpha1/validate_test.go @@ -218,11 +218,11 @@ func Test_Validate_RuleType_SingleRule(t *testing.T) { func Test_Validate_ResourceDescription_Empty(t *testing.T) { rawResourcedescirption := []byte(`{}`) - var rd *ResourceDescription + var rd ResourceDescription err := json.Unmarshal(rawResourcedescirption, &rd) assert.NilError(t, err) - err = rd.validate(true) + err = validateMatchedResourceDescription(rd) assert.NilError(t, err) } @@ -236,11 +236,11 @@ func Test_Validate_ResourceDescription_MissingKindsOnMatched(t *testing.T) { } }`) - var rd *ResourceDescription + var rd ResourceDescription err := json.Unmarshal(matchedResourcedescirption, &rd) assert.NilError(t, err) - err = rd.validate(true) + err = validateMatchedResourceDescription(rd) assert.Assert(t, err != nil) } @@ -254,11 +254,11 @@ func Test_Validate_ResourceDescription_MissingKindsOnExclude(t *testing.T) { } }`) - var rd *ResourceDescription + var rd ResourceDescription err := json.Unmarshal(matchedResourcedescirption, &rd) assert.NilError(t, err) - err = rd.validate(false) + err = validateResourceDescription(rd) assert.NilError(t, err) } @@ -273,11 +273,11 @@ func Test_Validate_ResourceDescription_InvalidSelector(t *testing.T) { } }`) - var rd *ResourceDescription + var rd ResourceDescription err := json.Unmarshal(rawResourcedescirption, &rd) assert.NilError(t, err) - err = rd.validate(true) + err = validateMatchedResourceDescription(rd) assert.Assert(t, err != nil) } @@ -294,11 +294,11 @@ func Test_Validate_ResourceDescription_Valid(t *testing.T) { } }`) - var rd *ResourceDescription + var rd ResourceDescription err := json.Unmarshal(rawResourcedescirption, &rd) assert.NilError(t, err) - err = rd.validate(true) + err = validateMatchedResourceDescription(rd) assert.NilError(t, err) }