mirror of
https://github.com/kyverno/kyverno.git
synced 2025-01-20 18:52:16 +00:00
fix: skip rules without operation in resource webhook creation (#10146)
* fix: skip rules without operation in resource webhook creation Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com> * test: add unit test for buildRulesWithOperations Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com> * fix liniting issues Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com> --------- Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
parent
e66a550560
commit
5d50022f43
2 changed files with 66 additions and 1 deletions
|
@ -80,6 +80,12 @@ func (wh *webhook) buildRulesWithOperations(final map[string][]admissionregistra
|
|||
if (gv.Group == "" || gv.Group == "*") && (gv.Version == "v1" || gv.Version == "*") && (resources.Has("pods") || resources.Has("*")) {
|
||||
resources.Insert("pods/ephemeralcontainers")
|
||||
}
|
||||
|
||||
operations := findKeyContainingSubstring(final, firstResource, defaultOpn)
|
||||
if len(operations) == 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
rules = append(rules, admissionregistrationv1.RuleWithOperations{
|
||||
Rule: admissionregistrationv1.Rule{
|
||||
APIGroups: []string{gv.Group},
|
||||
|
@ -87,7 +93,7 @@ func (wh *webhook) buildRulesWithOperations(final map[string][]admissionregistra
|
|||
Resources: sets.List(resources),
|
||||
Scope: ptr.To(gv.scopeType),
|
||||
},
|
||||
Operations: findKeyContainingSubstring(final, firstResource, defaultOpn),
|
||||
Operations: operations,
|
||||
})
|
||||
}
|
||||
less := func(a []string, b []string) (int, bool) {
|
||||
|
|
|
@ -10,7 +10,10 @@ import (
|
|||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"gotest.tools/assert"
|
||||
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/utils/ptr"
|
||||
)
|
||||
|
||||
func Test_webhook_isEmpty(t *testing.T) {
|
||||
|
@ -361,3 +364,59 @@ func TestComputeOperationsForValidatingWebhookConf(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestBuildRulesWithOperations(t *testing.T) {
|
||||
testCases := []struct {
|
||||
name string
|
||||
rules map[groupVersionScope]sets.Set[string]
|
||||
mapResourceToOpnType map[string][]admissionregistrationv1.OperationType
|
||||
expectedResult []admissionregistrationv1.RuleWithOperations
|
||||
}{
|
||||
{
|
||||
name: "Test Case 1",
|
||||
rules: map[groupVersionScope]sets.Set[string]{
|
||||
groupVersionScope{
|
||||
GroupVersion: corev1.SchemeGroupVersion,
|
||||
scopeType: admissionregistrationv1.AllScopes,
|
||||
}: {
|
||||
"namespaces": sets.Empty{},
|
||||
},
|
||||
groupVersionScope{
|
||||
GroupVersion: corev1.SchemeGroupVersion,
|
||||
scopeType: admissionregistrationv1.NamespacedScope,
|
||||
}: {
|
||||
"pods": sets.Empty{},
|
||||
"configmaps": sets.Empty{},
|
||||
},
|
||||
},
|
||||
mapResourceToOpnType: map[string][]admissionregistrationv1.OperationType{
|
||||
"Namespace": {},
|
||||
"Pod": {webhookCreate, webhookUpdate},
|
||||
},
|
||||
expectedResult: []admissionregistrationv1.RuleWithOperations{
|
||||
{
|
||||
Operations: []admissionregistrationv1.OperationType{webhookCreate, webhookUpdate},
|
||||
Rule: admissionregistrationv1.Rule{
|
||||
APIGroups: []string{""},
|
||||
APIVersions: []string{"v1"},
|
||||
Resources: []string{"configmaps", "pods", "pods/ephemeralcontainers"},
|
||||
Scope: ptr.To(admissionregistrationv1.NamespacedScope),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, testCase := range testCases {
|
||||
t.Run(testCase.name, func(t *testing.T) {
|
||||
wh := &webhook{
|
||||
rules: testCase.rules,
|
||||
}
|
||||
|
||||
result := wh.buildRulesWithOperations(testCase.mapResourceToOpnType, []admissionregistrationv1.OperationType{webhookCreate, webhookUpdate})
|
||||
if !reflect.DeepEqual(result, testCase.expectedResult) {
|
||||
t.Errorf("Expected %v, but got %v", testCase.expectedResult, result)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue