mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-04-08 10:04:25 +00:00
Code Activity

skip var substitution in attestations

Browse source 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
This commit is contained in:
Jim Bugwadia 2021-10-26 13:22:00 -07:00
parent 219a4d9950
commit 85c346c0a6
1 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
pkg/engine/imageVerify.go
View file

@ -91,12 +91,25 @@ func appendError(resp *response.EngineResponse, rule *v1.Rule, msg string, statu
}
func substituteVariables(rule *v1.Rule, ctx context.EvalInterface, logger logr.Logger) (*v1.Rule, error) {
ruleCopy, err := variables.SubstituteAllInRule(logger, ctx, *rule.DeepCopy())
// remove attestations as variables are not substituted in them
ruleCopy := rule.DeepCopy()
for _, iv := range ruleCopy.VerifyImages {
iv.Attestations = nil
}
var err error
*ruleCopy, err = variables.SubstituteAllInRule(logger, ctx, *ruleCopy)
if err != nil {
return nil, err
}
return &ruleCopy, nil
// replace attestations
for i, _ := range rule.VerifyImages {
ruleCopy.VerifyImages[i].Attestations = rule.VerifyImages[i].Attestations
}
return ruleCopy, nil
}
type imageVerifier struct {