mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity

[Bug] Fix message and formatting of podSecurity validation failure with restrictedField (#9658)

Browse source 
* fix format

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>

* fix test

Signed-off-by: GitHub <noreply@github.com>

---------

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Suruchi Kumari 2024-02-08 09:46:23 +05:30 committed by GitHub
parent 1c72599ff1
commit 704c6722ec
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkg/pss/evaluate.go
View file

@ -331,7 +331,7 @@ func GetRestrictedFields(check policy.Check) []pssutils.RestrictedField {
func FormatChecksPrint(checks []pssutils.PSSCheckResult) string { func FormatChecksPrint(checks []pssutils.PSSCheckResult) string {
var str string var str string
for _, check := range checks { for _, check := range checks {
str += fmt.Sprintf("\n(Forbidden reason: %s, field error list: [", check.CheckResult.ForbiddenReason) str += fmt.Sprintf("(Forbidden reason: %s, field error list: [", check.CheckResult.ForbiddenReason)
for idx, err := range *check.CheckResult.ErrList { for idx, err := range *check.CheckResult.ErrList {
badValueExist := true badValueExist := true
switch err.BadValue.(type) { switch err.BadValue.(type) {
@ -345,7 +345,7 @@ func FormatChecksPrint(checks []pssutils.PSSCheckResult) string {
switch err.Type { switch err.Type {
case field.ErrorTypeForbidden: case field.ErrorTypeForbidden:
if badValueExist { if badValueExist {
str += fmt.Sprintf("%s is forbidden, don't set the BadValue: %+v", err.Field, err.BadValue) str += fmt.Sprintf("%s is forbidden, forbidden values found: %+v", err.Field, err.BadValue)
} else { } else {
str += err.Error() str += err.Error()
} }

2
test/conformance/chainsaw/reports/background/test-report-background-mode/report-assert.yaml
View file

@ -14,7 +14,7 @@ scope:
results: results:
- category: Pod Security - category: Pod Security
message: "Validation rule 'restricted' failed. It violates PodSecurity \"restricted:latest\": message: "Validation rule 'restricted' failed. It violates PodSecurity \"restricted:latest\":
\n(Forbidden reason: unrestricted capabilities, field error list: [spec.containers[0].securityContext.capabilities.drop: (Forbidden reason: unrestricted capabilities, field error list: [spec.containers[0].securityContext.capabilities.drop:
Required value])" Required value])"
policy: podsecurity-subrule-restricted policy: podsecurity-subrule-restricted
properties: properties: