1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

[Bug] Fix message and formatting of podSecurity validation failure with restrictedField (#9658)

* fix format

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>

* fix test

Signed-off-by: GitHub <noreply@github.com>

---------

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Suruchi Kumari 2024-02-08 09:46:23 +05:30 committed by GitHub
parent 1c72599ff1
commit 704c6722ec
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 3 additions and 3 deletions

View file

@ -331,7 +331,7 @@ func GetRestrictedFields(check policy.Check) []pssutils.RestrictedField {
func FormatChecksPrint(checks []pssutils.PSSCheckResult) string {
var str string
for _, check := range checks {
str += fmt.Sprintf("\n(Forbidden reason: %s, field error list: [", check.CheckResult.ForbiddenReason)
str += fmt.Sprintf("(Forbidden reason: %s, field error list: [", check.CheckResult.ForbiddenReason)
for idx, err := range *check.CheckResult.ErrList {
badValueExist := true
switch err.BadValue.(type) {
@ -345,7 +345,7 @@ func FormatChecksPrint(checks []pssutils.PSSCheckResult) string {
switch err.Type {
case field.ErrorTypeForbidden:
if badValueExist {
str += fmt.Sprintf("%s is forbidden, don't set the BadValue: %+v", err.Field, err.BadValue)
str += fmt.Sprintf("%s is forbidden, forbidden values found: %+v", err.Field, err.BadValue)
} else {
str += err.Error()
}

View file

@ -14,7 +14,7 @@ scope:
results:
- category: Pod Security
message: "Validation rule 'restricted' failed. It violates PodSecurity \"restricted:latest\":
\n(Forbidden reason: unrestricted capabilities, field error list: [spec.containers[0].securityContext.capabilities.drop:
(Forbidden reason: unrestricted capabilities, field error list: [spec.containers[0].securityContext.capabilities.drop:
Required value])"
policy: podsecurity-subrule-restricted
properties: