mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
744 added all request values to context
This commit is contained in:
shravan
parent
11580e8ba5
commit
83ecd95945
5 changed files with 42 additions and 26 deletions
|
|
@ -209,18 +209,13 @@ spec:
|
|||
anyPattern:
|
||||
AnyValue: {}
|
||||
deny:
|
||||
type: object
|
||||
properties:
|
||||
message:
|
||||
type: string
|
||||
conditions:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- key # can be of any type
|
||||
- operator # typed
|
||||
- value # can be of any type
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- key # can be of any type
|
||||
- operator # typed
|
||||
- value # can be of any type
|
||||
generate:
|
||||
type: object
|
||||
required:
|
||||
|
|
|
|||
|
|
@ -209,18 +209,13 @@ spec:
|
|||
anyPattern:
|
||||
AnyValue: {}
|
||||
deny:
|
||||
type: object
|
||||
properties:
|
||||
message:
|
||||
type: string
|
||||
conditions:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- key # can be of any type
|
||||
- operator # typed
|
||||
- value # can be of any type
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- key # can be of any type
|
||||
- operator # typed
|
||||
- value # can be of any type
|
||||
generate:
|
||||
type: object
|
||||
required:
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ import (
|
|||
"strings"
|
||||
"sync"
|
||||
|
||||
"k8s.io/api/admission/v1beta1"
|
||||
|
||||
jsonpatch "github.com/evanphx/json-patch"
|
||||
"github.com/go-logr/logr"
|
||||
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
|
||||
|
|
@ -63,6 +65,22 @@ func (ctx *Context) AddJSON(dataRaw []byte) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
//AddResource data at path: request.object
|
||||
func (ctx *Context) AddRequest(request *v1beta1.AdmissionRequest) error {
|
||||
modifiedResource := struct {
|
||||
Request interface{} `json:"request"`
|
||||
}{
|
||||
Request: request,
|
||||
}
|
||||
|
||||
objRaw, err := json.Marshal(modifiedResource)
|
||||
if err != nil {
|
||||
ctx.log.Error(err, "failed to marshal the UserInfo")
|
||||
return err
|
||||
}
|
||||
return ctx.AddJSON(objRaw)
|
||||
}
|
||||
|
||||
//AddResource data at path: request.object
|
||||
func (ctx *Context) AddResource(dataRaw []byte) error {
|
||||
|
||||
|
|
|
|||
|
|
@ -49,8 +49,8 @@ func (v *Validate) Validate() (string, error) {
|
|||
// validateOverlayPattern checks one of pattern/anyPattern must exist
|
||||
func (v *Validate) validateOverlayPattern() error {
|
||||
rule := v.rule
|
||||
if rule.Pattern == nil && len(rule.AnyPattern) == 0 {
|
||||
return fmt.Errorf("a pattern or anyPattern must be specified")
|
||||
if rule.Pattern == nil && len(rule.AnyPattern) == 0 && len(rule.Deny) == 0 {
|
||||
return fmt.Errorf("a pattern or anyPattern or deny must be specified")
|
||||
}
|
||||
|
||||
if rule.Pattern != nil && len(rule.AnyPattern) != 0 {
|
||||
|
|
|
|||
|
|
@ -242,6 +242,10 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1
|
|||
|
||||
// build context
|
||||
ctx := context2.NewContext()
|
||||
err = ctx.AddRequest(request)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to load incoming request in context")
|
||||
}
|
||||
// load incoming resource into the context
|
||||
err = ctx.AddResource(request.Object.Raw)
|
||||
if err != nil {
|
||||
|
|
@ -336,6 +340,10 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
|
|||
|
||||
// build context
|
||||
ctx := context2.NewContext()
|
||||
err = ctx.AddRequest(request)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to load incoming request in context")
|
||||
}
|
||||
// load incoming resource into the context
|
||||
err = ctx.AddResource(request.Object.Raw)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Reference in a new issue