mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
744 only user requests will be denied
This commit is contained in:
shravan
parent
5ec300a12d
commit
6f01bb4d59
2 changed files with 11 additions and 8 deletions
|
|
@ -52,12 +52,15 @@ func Validate(policyContext PolicyContext) (resp response.EngineResponse) {
|
|||
endResultResponse(logger, &resp, startTime)
|
||||
}()
|
||||
|
||||
// If request is delete, newR will be empty
|
||||
if reflect.DeepEqual(newR, unstructured.Unstructured{}) {
|
||||
return *isRequestDenied(logger, ctx, policy, oldR, admissionInfo)
|
||||
} else {
|
||||
if denyResp := isRequestDenied(logger, ctx, policy, newR, admissionInfo); !denyResp.IsSuccesful() {
|
||||
return *denyResp
|
||||
// deny logic will only be applied to requests from user - system related requests are ignored.
|
||||
if admissionInfo.AdmissionUserInfo.Username == "kubernetes-admin" {
|
||||
// If request is delete, newR will be empty
|
||||
if reflect.DeepEqual(newR, unstructured.Unstructured{}) {
|
||||
return *isRequestDenied(logger, ctx, policy, oldR, admissionInfo)
|
||||
} else {
|
||||
if denyResp := isRequestDenied(logger, ctx, policy, newR, admissionInfo); !denyResp.IsSuccesful() {
|
||||
return *denyResp
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
Loading…
Add table
Reference in a new issue